sync with http://www.openssl.org/news/patch_20020730_0_9_7.txt

(adds fix for unused kerberos and engine code, and some more
assertions, as well as a 64bit integer string fix for conf_mod.c)

4 files changed, 24 insertions, 13 deletions

diff --git a/lib/libssl/src/crypto/conf/conf_mod.c b/lib/libssl/src/crypto/conf/conf_mod.c
index f92babc2e29..edcc08921c2 100644
--- a/lib/libssl/src/crypto/conf/conf_mod.c
+++ b/lib/libssl/src/crypto/conf/conf_mod.c
@@ -230,7 +230,7 @@ static int module_run(const CONF *cnf, char *name, char *value,
 		{
 		if (!(flags & CONF_MFLAGS_SILENT))
 			{
-			char rcode[10];
+			char rcode[DECIMAL_SIZE(ret)+1];
 			CONFerr(CONF_F_CONF_MODULES_LOAD, CONF_R_MODULE_INITIALIZATION_ERROR);
 			sprintf(rcode, "%-8d", ret);
 			ERR_add_error_data(6, "module=", name, ", value=", value, ", retcode=", rcode);
diff --git a/lib/libssl/src/crypto/engine/hw_cswift.c b/lib/libssl/src/crypto/engine/hw_cswift.c
index d8b380550f9..da732abce0a 100644
--- a/lib/libssl/src/crypto/engine/hw_cswift.c
+++ b/lib/libssl/src/crypto/engine/hw_cswift.c
@@ -484,7 +484,7 @@ static int cswift_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
 		goto err;
 	default:
 		{
-		char tmpbuf[20];
+		char tmpbuf[DECIMAL_SIZE(sw_status)+1];
 		CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP,CSWIFT_R_REQUEST_FAILED);
 		sprintf(tmpbuf, "%ld", sw_status);
 		ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
@@ -501,7 +501,7 @@ static int cswift_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
 	if((sw_status = p_CSwift_SimpleRequest(hac, SW_CMD_MODEXP, &arg, 1,
 		&res, 1)) != SW_OK)
 		{
-		char tmpbuf[20];
+		char tmpbuf[DECIMAL_SIZE(sw_status)+1];
 		CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP,CSWIFT_R_REQUEST_FAILED);
 		sprintf(tmpbuf, "%ld", sw_status);
 		ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
@@ -591,7 +591,7 @@ static int cswift_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
 		goto err;
 	default:
 		{
-		char tmpbuf[20];
+		char tmpbuf[DECIMAL_SIZE(sw_status)+1];
 		CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_REQUEST_FAILED);
 		sprintf(tmpbuf, "%ld", sw_status);
 		ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
@@ -608,7 +608,7 @@ static int cswift_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
 	if((sw_status = p_CSwift_SimpleRequest(hac, SW_CMD_MODEXP_CRT, &arg, 1,
 		&res, 1)) != SW_OK)
 		{
-		char tmpbuf[20];
+		char tmpbuf[DECIMAL_SIZE(sw_status)+1];
 		CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_REQUEST_FAILED);
 		sprintf(tmpbuf, "%ld", sw_status);
 		ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
@@ -723,7 +723,7 @@ static DSA_SIG *cswift_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa)
 		goto err;
 	default:
 		{
-		char tmpbuf[20];
+		char tmpbuf[DECIMAL_SIZE(sw_status)+1];
 		CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN,CSWIFT_R_REQUEST_FAILED);
 		sprintf(tmpbuf, "%ld", sw_status);
 		ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
@@ -741,7 +741,7 @@ static DSA_SIG *cswift_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa)
 		&res, 1);
 	if(sw_status != SW_OK)
 		{
-		char tmpbuf[20];
+		char tmpbuf[DECIMAL_SIZE(sw_status)+1];
 		CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN,CSWIFT_R_REQUEST_FAILED);
 		sprintf(tmpbuf, "%ld", sw_status);
 		ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
@@ -835,7 +835,7 @@ static int cswift_dsa_verify(const unsigned char *dgst, int dgst_len,
 		goto err;
 	default:
 		{
-		char tmpbuf[20];
+		char tmpbuf[DECIMAL_SIZE(sw_status)+1];
 		CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY,CSWIFT_R_REQUEST_FAILED);
 		sprintf(tmpbuf, "%ld", sw_status);
 		ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
@@ -857,7 +857,7 @@ static int cswift_dsa_verify(const unsigned char *dgst, int dgst_len,
 		&res, 1);
 	if(sw_status != SW_OK)
 		{
-		char tmpbuf[20];
+		char tmpbuf[DECIMAL_SIZE(sw_status)+1];
 		CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY,CSWIFT_R_REQUEST_FAILED);
 		sprintf(tmpbuf, "%ld", sw_status);
 		ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
diff --git a/lib/libssl/src/ssl/s3_clnt.c b/lib/libssl/src/ssl/s3_clnt.c
index b6be7489326..5d3efac2cd6 100644
--- a/lib/libssl/src/ssl/s3_clnt.c
+++ b/lib/libssl/src/ssl/s3_clnt.c
@@ -1597,6 +1597,7 @@ static int ssl3_send_client_key_exchange(SSL *s)
 				SSL_MAX_MASTER_KEY_LENGTH);
 			EVP_EncryptFinal_ex(&ciph_ctx,&(epms[outl]),&padl);
 			outl += padl;
+			die(outl <= sizeof epms);
 			EVP_CIPHER_CTX_cleanup(&ciph_ctx);
 
 			/*  KerberosWrapper.EncryptedPreMasterSecret	*/
diff --git a/lib/libssl/src/ssl/s3_srvr.c b/lib/libssl/src/ssl/s3_srvr.c
index 3748cd7c243..f03c290a3ec 100644
--- a/lib/libssl/src/ssl/s3_srvr.c
+++ b/lib/libssl/src/ssl/s3_srvr.c
@@ -114,14 +114,14 @@
 
 
 #include <stdio.h>
+#include "ssl_locl.h"
+#include "kssl_lcl.h"
 #include <openssl/buffer.h>
 #include <openssl/rand.h>
 #include <openssl/objects.h>
 #include <openssl/evp.h>
 #include <openssl/x509.h>
 #include <openssl/krb5_asn.h>
-#include "ssl_locl.h"
-#include "kssl_lcl.h"
 #include <openssl/md5.h>
 
 static SSL_METHOD *ssl3_get_server_method(int ver);
@@ -1560,8 +1560,8 @@ static int ssl3_get_client_key_exchange(SSL *s)
 		EVP_CIPHER		*enc = NULL;
 		unsigned char		iv[EVP_MAX_IV_LENGTH];
 		unsigned char		pms[SSL_MAX_MASTER_KEY_LENGTH
-						+ EVP_MAX_IV_LENGTH + 1];
-		int 			padl, outl = sizeof(pms);
+                                               + EVP_MAX_BLOCK_LENGTH];
+		int                     padl, outl;
 		krb5_timestamp		authtime = 0;
 		krb5_ticket_times	ttimes;
 
@@ -1584,6 +1584,16 @@ static int ssl3_get_client_key_exchange(SSL *s)
 		enc_pms.data = (char *)p;
 		p+=enc_pms.length;
 
+		/* Note that the length is checked again below,
+		** after decryption
+		*/
+		if(enc_pms.length > sizeof pms)
+			{
+			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+			       SSL_R_DATA_LENGTH_TOO_LONG);
+			goto err;
+			}
+
 		if (n != enc_ticket.length + authenticator.length +
 						enc_pms.length + 6)
 			{