From c046fffa16cd55c972f71c49051b8ce6b83eed7f Mon Sep 17 00:00:00 2001 From: =?utf8?q?Lutz=20J=C3=A4nicke?= Date: Tue, 30 Jul 2002 13:04:04 +0000 Subject: [PATCH] OpenSSL Security Advisory [30 July 2002] Changes marked "(CHATS)" were sponsored by the Defense Advanced Research Projects Agency (DARPA) and Air Force Research Laboratory, Air Force Materiel Command, USAF, under agreement number F30602-01-2-0537. --- CHANGES | 42 ++++- crypto/asn1/asn1_lib.c | 10 +- crypto/conf/Makefile.ssl | 12 +- crypto/conf/conf_def.c | 3 +- crypto/conf/conf_mod.c | 2 +- crypto/cryptlib.c | 8 + crypto/cryptlib.h | 8 + crypto/engine/hw_cswift.c | 16 +- crypto/objects/obj_dat.c | 2 +- ssl/Makefile.ssl | 378 +++++++++++++++++++------------------- ssl/s2_clnt.c | 8 + ssl/s2_lib.c | 6 + ssl/s2_srvr.c | 14 ++ ssl/s3_clnt.c | 11 ++ ssl/s3_srvr.c | 16 +- ssl/ssl.h | 2 + ssl/ssl_asn1.c | 2 + ssl/ssl_err.c | 4 +- ssl/ssl_sess.c | 2 + 19 files changed, 333 insertions(+), 213 deletions(-) diff --git a/CHANGES b/CHANGES index 5ea0e7b916..3881e9166e 100644 --- a/CHANGES +++ b/CHANGES @@ -1764,7 +1764,13 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) Clean old EAY MD5 hack from e_os.h. [Richard Levitte] - Changes between 0.9.6d and 0.9.6e [XX xxx XXXX] + Changes between 0.9.6d and 0.9.6e [30 Jul 2002] + + *) Add various sanity checks to asn1_get_length() to reject + the ASN1 length bytes if they exceed sizeof(long), will appear + negative or the content length exceeds the length of the + supplied buffer. + [Steve Henson, Adi Stav , James Yonan ] *) Fix cipher selection routines: ciphers without encryption had no flags for the cipher strength set and where therefore not handled correctly @@ -1787,6 +1793,40 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k applications. [Bodo Moeller] + *) Changes in security patch: + + Changes marked "(CHATS)" were sponsored by the Defense Advanced + Research Projects Agency (DARPA) and Air Force Research Laboratory, + Air Force Materiel Command, USAF, under agreement number + F30602-01-2-0537. + + *) Add various sanity checks to asn1_get_length() to reject + the ASN1 length bytes if they exceed sizeof(long), will appear + negative or the content length exceeds the length of the + supplied buffer. (CAN-2002-0659) + [Steve Henson, Adi Stav , James Yonan ] + + *) Assertions for various potential buffer overflows, not known to + happen in practice. + [Ben Laurie (CHATS)] + + *) Various temporary buffers to hold ASCII versions of integers were + too small for 64 bit platforms. (CAN-2002-0655) + [Matthew Byng-Maddick and Ben Laurie (CHATS)> + + *) Remote buffer overflow in SSL3 protocol - an attacker could + supply an oversized master key in Kerberos-enabled versions. + (CAN-2002-0657) + [Ben Laurie (CHATS)] + + *) Remote buffer overflow in SSL3 protocol - an attacker could + supply an oversized session ID to a client. (CAN-2002-0656) + [Ben Laurie (CHATS)] + + *) Remote buffer overflow in SSL2 protocol - an attacker could + supply an oversized client master key. (CAN-2002-0656) + [Ben Laurie (CHATS)] + Changes between 0.9.6c and 0.9.6d [9 May 2002] *) Fix crypto/asn1/a_sign.c so that 'parameters' is omitted (not diff --git a/crypto/asn1/asn1_lib.c b/crypto/asn1/asn1_lib.c index 77447a5240..422685a3b4 100644 --- a/crypto/asn1/asn1_lib.c +++ b/crypto/asn1/asn1_lib.c @@ -124,15 +124,13 @@ int ASN1_get_object(unsigned char **pp, long *plength, int *ptag, int *pclass, (int)(omax+ *pp)); #endif -#if 0 - if ((p+ *plength) > (omax+ *pp)) + if (*plength > (omax - (*pp - p))) { ASN1err(ASN1_F_ASN1_GET_OBJECT,ASN1_R_TOO_LONG); /* Set this so that even if things are not long enough * the values are set correctly */ ret|=0x80; } -#endif *pp=p; return(ret|inf); err: @@ -159,6 +157,8 @@ static int asn1_get_length(unsigned char **pp, int *inf, long *rl, int max) i= *p&0x7f; if (*(p++) & 0x80) { + if (i > sizeof(long)) + return 0; if (max-- == 0) return(0); while (i-- > 0) { @@ -170,6 +170,8 @@ static int asn1_get_length(unsigned char **pp, int *inf, long *rl, int max) else ret=i; } + if (ret < 0) + return 0; *pp=p; *rl=ret; return(1); @@ -407,7 +409,7 @@ int ASN1_STRING_cmp(ASN1_STRING *a, ASN1_STRING *b) void asn1_add_error(unsigned char *address, int offset) { - char buf1[16],buf2[16]; + char buf1[DECIMAL_SIZE(address)+1],buf2[DECIMAL_SIZE(offset)+1]; sprintf(buf1,"%lu",(unsigned long)address); sprintf(buf2,"%d",offset); diff --git a/crypto/conf/Makefile.ssl b/crypto/conf/Makefile.ssl index 0d62be821d..c0cf9f987a 100644 --- a/crypto/conf/Makefile.ssl +++ b/crypto/conf/Makefile.ssl @@ -89,14 +89,14 @@ conf_api.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h conf_api.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h conf_api.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h conf_api.o: conf_api.c -conf_def.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h -conf_def.o: ../../include/openssl/conf.h ../../include/openssl/conf_api.h -conf_def.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -conf_def.o: ../../include/openssl/err.h ../../include/openssl/lhash.h -conf_def.o: ../../include/openssl/opensslconf.h +conf_def.o: ../../e_os.h ../../include/openssl/bio.h +conf_def.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h +conf_def.o: ../../include/openssl/conf_api.h ../../include/openssl/crypto.h +conf_def.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h +conf_def.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h conf_def.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h conf_def.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -conf_def.o: conf_def.c conf_def.h +conf_def.o: ../cryptlib.h conf_def.c conf_def.h conf_err.o: ../../include/openssl/bio.h ../../include/openssl/conf.h conf_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h conf_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h diff --git a/crypto/conf/conf_def.c b/crypto/conf/conf_def.c index 31f2766246..5e194de60e 100644 --- a/crypto/conf/conf_def.c +++ b/crypto/conf/conf_def.c @@ -67,6 +67,7 @@ #include "conf_def.h" #include #include +#include "cryptlib.h" static char *eat_ws(CONF *conf, char *p); static char *eat_alpha_numeric(CONF *conf, char *p); @@ -208,12 +209,12 @@ static int def_load(CONF *conf, const char *name, long *line) static int def_load_bio(CONF *conf, BIO *in, long *line) { #define BUFSIZE 512 - char btmp[16]; int bufnum=0,i,ii; BUF_MEM *buff=NULL; char *s,*p,*end; int again,n; long eline=0; + char btmp[DECIMAL_SIZE(eline)+1]; CONF_VALUE *v=NULL,*tv; CONF_VALUE *sv=NULL; char *section=NULL,*buf; diff --git a/crypto/conf/conf_mod.c b/crypto/conf/conf_mod.c index f92babc2e2..edcc08921c 100644 --- a/crypto/conf/conf_mod.c +++ b/crypto/conf/conf_mod.c @@ -230,7 +230,7 @@ static int module_run(const CONF *cnf, char *name, char *value, { if (!(flags & CONF_MFLAGS_SILENT)) { - char rcode[10]; + char rcode[DECIMAL_SIZE(ret)+1]; CONFerr(CONF_F_CONF_MODULES_LOAD, CONF_R_MODULE_INITIALIZATION_ERROR); sprintf(rcode, "%-8d", ret); ERR_add_error_data(6, "module=", name, ", value=", value, ", retcode=", rcode); diff --git a/crypto/cryptlib.c b/crypto/cryptlib.c index 9a7ed2cf75..3bceddfbbf 100644 --- a/crypto/cryptlib.c +++ b/crypto/cryptlib.c @@ -494,3 +494,11 @@ BOOL WINAPI DLLEntryPoint(HINSTANCE hinstDLL, DWORD fdwReason, #endif #endif + +void OpenSSLDie(const char *file,int line,const char *assertion) + { + fprintf(stderr,"%s(%d): OpenSSL internal error, assertion failed: %s\n", + file,line,assertion); + abort(); + } + diff --git a/crypto/cryptlib.h b/crypto/cryptlib.h index a0489e57fc..985a6d377c 100644 --- a/crypto/cryptlib.h +++ b/crypto/cryptlib.h @@ -89,6 +89,14 @@ extern "C" { #define X509_CERT_DIR_EVP "SSL_CERT_DIR" #define X509_CERT_FILE_EVP "SSL_CERT_FILE" +/* size of string represenations */ +#define DECIMAL_SIZE(type) ((sizeof(type)*8+2)/3+1) +#define HEX_SIZE(type) ((sizeof(type)*2) + +/* die if we have to */ +void OpenSSLDie(const char *file,int line,const char *assertion); +#define die(e) ((e) ? (void)0 : OpenSSLDie(__FILE__, __LINE__, #e)) + #ifdef __cplusplus } #endif diff --git a/crypto/engine/hw_cswift.c b/crypto/engine/hw_cswift.c index 31a79a9d16..f5c897bdbb 100644 --- a/crypto/engine/hw_cswift.c +++ b/crypto/engine/hw_cswift.c @@ -501,7 +501,7 @@ static int cswift_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, goto err; default: { - char tmpbuf[20]; + char tmpbuf[DECIMAL_SIZE(sw_status)+1]; CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP,CSWIFT_R_REQUEST_FAILED); sprintf(tmpbuf, "%ld", sw_status); ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf); @@ -518,7 +518,7 @@ static int cswift_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, if((sw_status = p_CSwift_SimpleRequest(hac, SW_CMD_MODEXP, &arg, 1, &res, 1)) != SW_OK) { - char tmpbuf[20]; + char tmpbuf[DECIMAL_SIZE(sw_status)+1]; CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP,CSWIFT_R_REQUEST_FAILED); sprintf(tmpbuf, "%ld", sw_status); ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf); @@ -608,7 +608,7 @@ static int cswift_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, goto err; default: { - char tmpbuf[20]; + char tmpbuf[DECIMAL_SIZE(sw_status)+1]; CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_REQUEST_FAILED); sprintf(tmpbuf, "%ld", sw_status); ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf); @@ -625,7 +625,7 @@ static int cswift_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, if((sw_status = p_CSwift_SimpleRequest(hac, SW_CMD_MODEXP_CRT, &arg, 1, &res, 1)) != SW_OK) { - char tmpbuf[20]; + char tmpbuf[DECIMAL_SIZE(sw_status)+1]; CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_REQUEST_FAILED); sprintf(tmpbuf, "%ld", sw_status); ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf); @@ -740,7 +740,7 @@ static DSA_SIG *cswift_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa) goto err; default: { - char tmpbuf[20]; + char tmpbuf[DECIMAL_SIZE(sw_status)+1]; CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN,CSWIFT_R_REQUEST_FAILED); sprintf(tmpbuf, "%ld", sw_status); ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf); @@ -758,7 +758,7 @@ static DSA_SIG *cswift_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa) &res, 1); if(sw_status != SW_OK) { - char tmpbuf[20]; + char tmpbuf[DECIMAL_SIZE(sw_status)+1]; CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN,CSWIFT_R_REQUEST_FAILED); sprintf(tmpbuf, "%ld", sw_status); ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf); @@ -852,7 +852,7 @@ static int cswift_dsa_verify(const unsigned char *dgst, int dgst_len, goto err; default: { - char tmpbuf[20]; + char tmpbuf[DECIMAL_SIZE(sw_status)+1]; CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY,CSWIFT_R_REQUEST_FAILED); sprintf(tmpbuf, "%ld", sw_status); ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf); @@ -874,7 +874,7 @@ static int cswift_dsa_verify(const unsigned char *dgst, int dgst_len, &res, 1); if(sw_status != SW_OK) { - char tmpbuf[20]; + char tmpbuf[DECIMAL_SIZE(sw_status)+1]; CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY,CSWIFT_R_REQUEST_FAILED); sprintf(tmpbuf, "%ld", sw_status); ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf); diff --git a/crypto/objects/obj_dat.c b/crypto/objects/obj_dat.c index 3ff64bb8d1..02c3719f04 100644 --- a/crypto/objects/obj_dat.c +++ b/crypto/objects/obj_dat.c @@ -436,7 +436,7 @@ int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name) unsigned long l; unsigned char *p; const char *s; - char tbuf[32]; + char tbuf[DECIMAL_SIZE(i)+DECIMAL_SIZE(l)+2]; if (buf_len <= 0) return(0); diff --git a/ssl/Makefile.ssl b/ssl/Makefile.ssl index 70a37db44a..c75956fc21 100644 --- a/ssl/Makefile.ssl +++ b/ssl/Makefile.ssl @@ -288,33 +288,33 @@ s23_srvr.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h s23_srvr.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h s23_srvr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s23_srvr.c s23_srvr.o: ssl_locl.h -s2_clnt.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h -s2_clnt.o: ../include/openssl/bio.h ../include/openssl/blowfish.h -s2_clnt.o: ../include/openssl/bn.h ../include/openssl/buffer.h -s2_clnt.o: ../include/openssl/cast.h ../include/openssl/comp.h -s2_clnt.o: ../include/openssl/crypto.h ../include/openssl/des.h -s2_clnt.o: ../include/openssl/des_old.h ../include/openssl/dh.h -s2_clnt.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h -s2_clnt.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h -s2_clnt.o: ../include/openssl/err.h ../include/openssl/evp.h -s2_clnt.o: ../include/openssl/idea.h ../include/openssl/kssl.h -s2_clnt.o: ../include/openssl/lhash.h ../include/openssl/md2.h -s2_clnt.o: ../include/openssl/md4.h ../include/openssl/md5.h -s2_clnt.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h -s2_clnt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -s2_clnt.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -s2_clnt.o: ../include/openssl/pem.h ../include/openssl/pem2.h -s2_clnt.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h -s2_clnt.o: ../include/openssl/rc2.h ../include/openssl/rc4.h -s2_clnt.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h -s2_clnt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -s2_clnt.o: ../include/openssl/sha.h ../include/openssl/ssl.h -s2_clnt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -s2_clnt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -s2_clnt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -s2_clnt.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h -s2_clnt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s2_clnt.c -s2_clnt.o: ssl_locl.h +s2_clnt.o: ../crypto/cryptlib.h ../e_os.h ../include/openssl/aes.h +s2_clnt.o: ../include/openssl/asn1.h ../include/openssl/bio.h +s2_clnt.o: ../include/openssl/blowfish.h ../include/openssl/bn.h +s2_clnt.o: ../include/openssl/buffer.h ../include/openssl/cast.h +s2_clnt.o: ../include/openssl/comp.h ../include/openssl/crypto.h +s2_clnt.o: ../include/openssl/des.h ../include/openssl/des_old.h +s2_clnt.o: ../include/openssl/dh.h ../include/openssl/dsa.h +s2_clnt.o: ../include/openssl/e_os2.h ../include/openssl/ec.h +s2_clnt.o: ../include/openssl/ecdsa.h ../include/openssl/err.h +s2_clnt.o: ../include/openssl/evp.h ../include/openssl/idea.h +s2_clnt.o: ../include/openssl/kssl.h ../include/openssl/lhash.h +s2_clnt.o: ../include/openssl/md2.h ../include/openssl/md4.h +s2_clnt.o: ../include/openssl/md5.h ../include/openssl/mdc2.h +s2_clnt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +s2_clnt.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +s2_clnt.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +s2_clnt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +s2_clnt.o: ../include/openssl/rand.h ../include/openssl/rc2.h +s2_clnt.o: ../include/openssl/rc4.h ../include/openssl/rc5.h +s2_clnt.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h +s2_clnt.o: ../include/openssl/safestack.h ../include/openssl/sha.h +s2_clnt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +s2_clnt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +s2_clnt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +s2_clnt.o: ../include/openssl/tls1.h ../include/openssl/ui.h +s2_clnt.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h +s2_clnt.o: ../include/openssl/x509_vfy.h s2_clnt.c ssl_locl.h s2_enc.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h s2_enc.o: ../include/openssl/bio.h ../include/openssl/blowfish.h s2_enc.o: ../include/openssl/bn.h ../include/openssl/buffer.h @@ -341,32 +341,33 @@ s2_enc.o: ../include/openssl/stack.h ../include/openssl/symhacks.h s2_enc.o: ../include/openssl/tls1.h ../include/openssl/ui.h s2_enc.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h s2_enc.o: ../include/openssl/x509_vfy.h s2_enc.c ssl_locl.h -s2_lib.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h -s2_lib.o: ../include/openssl/bio.h ../include/openssl/blowfish.h -s2_lib.o: ../include/openssl/bn.h ../include/openssl/buffer.h -s2_lib.o: ../include/openssl/cast.h ../include/openssl/comp.h -s2_lib.o: ../include/openssl/crypto.h ../include/openssl/des.h -s2_lib.o: ../include/openssl/des_old.h ../include/openssl/dh.h -s2_lib.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h -s2_lib.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h -s2_lib.o: ../include/openssl/err.h ../include/openssl/evp.h -s2_lib.o: ../include/openssl/idea.h ../include/openssl/kssl.h -s2_lib.o: ../include/openssl/lhash.h ../include/openssl/md2.h -s2_lib.o: ../include/openssl/md4.h ../include/openssl/md5.h -s2_lib.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h -s2_lib.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -s2_lib.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -s2_lib.o: ../include/openssl/pem.h ../include/openssl/pem2.h -s2_lib.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h -s2_lib.o: ../include/openssl/rc4.h ../include/openssl/rc5.h -s2_lib.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h -s2_lib.o: ../include/openssl/safestack.h ../include/openssl/sha.h -s2_lib.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -s2_lib.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -s2_lib.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -s2_lib.o: ../include/openssl/tls1.h ../include/openssl/ui.h -s2_lib.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h -s2_lib.o: ../include/openssl/x509_vfy.h s2_lib.c ssl_locl.h +s2_lib.o: ../crypto/cryptlib.h ../e_os.h ../include/openssl/aes.h +s2_lib.o: ../include/openssl/asn1.h ../include/openssl/bio.h +s2_lib.o: ../include/openssl/blowfish.h ../include/openssl/bn.h +s2_lib.o: ../include/openssl/buffer.h ../include/openssl/cast.h +s2_lib.o: ../include/openssl/comp.h ../include/openssl/crypto.h +s2_lib.o: ../include/openssl/des.h ../include/openssl/des_old.h +s2_lib.o: ../include/openssl/dh.h ../include/openssl/dsa.h +s2_lib.o: ../include/openssl/e_os2.h ../include/openssl/ec.h +s2_lib.o: ../include/openssl/ecdsa.h ../include/openssl/err.h +s2_lib.o: ../include/openssl/evp.h ../include/openssl/idea.h +s2_lib.o: ../include/openssl/kssl.h ../include/openssl/lhash.h +s2_lib.o: ../include/openssl/md2.h ../include/openssl/md4.h +s2_lib.o: ../include/openssl/md5.h ../include/openssl/mdc2.h +s2_lib.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +s2_lib.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +s2_lib.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +s2_lib.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +s2_lib.o: ../include/openssl/rc2.h ../include/openssl/rc4.h +s2_lib.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h +s2_lib.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +s2_lib.o: ../include/openssl/sha.h ../include/openssl/ssl.h +s2_lib.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +s2_lib.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +s2_lib.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +s2_lib.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h +s2_lib.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s2_lib.c +s2_lib.o: ssl_locl.h s2_meth.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h s2_meth.o: ../include/openssl/bio.h ../include/openssl/blowfish.h s2_meth.o: ../include/openssl/bn.h ../include/openssl/buffer.h @@ -419,33 +420,33 @@ s2_pkt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h s2_pkt.o: ../include/openssl/tls1.h ../include/openssl/ui.h s2_pkt.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h s2_pkt.o: ../include/openssl/x509_vfy.h s2_pkt.c ssl_locl.h -s2_srvr.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h -s2_srvr.o: ../include/openssl/bio.h ../include/openssl/blowfish.h -s2_srvr.o: ../include/openssl/bn.h ../include/openssl/buffer.h -s2_srvr.o: ../include/openssl/cast.h ../include/openssl/comp.h -s2_srvr.o: ../include/openssl/crypto.h ../include/openssl/des.h -s2_srvr.o: ../include/openssl/des_old.h ../include/openssl/dh.h -s2_srvr.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h -s2_srvr.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h -s2_srvr.o: ../include/openssl/err.h ../include/openssl/evp.h -s2_srvr.o: ../include/openssl/idea.h ../include/openssl/kssl.h -s2_srvr.o: ../include/openssl/lhash.h ../include/openssl/md2.h -s2_srvr.o: ../include/openssl/md4.h ../include/openssl/md5.h -s2_srvr.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h -s2_srvr.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -s2_srvr.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -s2_srvr.o: ../include/openssl/pem.h ../include/openssl/pem2.h -s2_srvr.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h -s2_srvr.o: ../include/openssl/rc2.h ../include/openssl/rc4.h -s2_srvr.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h -s2_srvr.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -s2_srvr.o: ../include/openssl/sha.h ../include/openssl/ssl.h -s2_srvr.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -s2_srvr.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -s2_srvr.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -s2_srvr.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h -s2_srvr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s2_srvr.c -s2_srvr.o: ssl_locl.h +s2_srvr.o: ../crypto/cryptlib.h ../e_os.h ../include/openssl/aes.h +s2_srvr.o: ../include/openssl/asn1.h ../include/openssl/bio.h +s2_srvr.o: ../include/openssl/blowfish.h ../include/openssl/bn.h +s2_srvr.o: ../include/openssl/buffer.h ../include/openssl/cast.h +s2_srvr.o: ../include/openssl/comp.h ../include/openssl/crypto.h +s2_srvr.o: ../include/openssl/des.h ../include/openssl/des_old.h +s2_srvr.o: ../include/openssl/dh.h ../include/openssl/dsa.h +s2_srvr.o: ../include/openssl/e_os2.h ../include/openssl/ec.h +s2_srvr.o: ../include/openssl/ecdsa.h ../include/openssl/err.h +s2_srvr.o: ../include/openssl/evp.h ../include/openssl/idea.h +s2_srvr.o: ../include/openssl/kssl.h ../include/openssl/lhash.h +s2_srvr.o: ../include/openssl/md2.h ../include/openssl/md4.h +s2_srvr.o: ../include/openssl/md5.h ../include/openssl/mdc2.h +s2_srvr.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +s2_srvr.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +s2_srvr.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +s2_srvr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +s2_srvr.o: ../include/openssl/rand.h ../include/openssl/rc2.h +s2_srvr.o: ../include/openssl/rc4.h ../include/openssl/rc5.h +s2_srvr.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h +s2_srvr.o: ../include/openssl/safestack.h ../include/openssl/sha.h +s2_srvr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +s2_srvr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +s2_srvr.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +s2_srvr.o: ../include/openssl/tls1.h ../include/openssl/ui.h +s2_srvr.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h +s2_srvr.o: ../include/openssl/x509_vfy.h s2_srvr.c ssl_locl.h s3_both.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h s3_both.o: ../include/openssl/bio.h ../include/openssl/blowfish.h s3_both.o: ../include/openssl/bn.h ../include/openssl/buffer.h @@ -473,33 +474,33 @@ s3_both.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h s3_both.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h s3_both.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s3_both.c s3_both.o: ssl_locl.h -s3_clnt.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h -s3_clnt.o: ../include/openssl/bio.h ../include/openssl/blowfish.h -s3_clnt.o: ../include/openssl/bn.h ../include/openssl/buffer.h -s3_clnt.o: ../include/openssl/cast.h ../include/openssl/comp.h -s3_clnt.o: ../include/openssl/crypto.h ../include/openssl/des.h -s3_clnt.o: ../include/openssl/des_old.h ../include/openssl/dh.h -s3_clnt.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h -s3_clnt.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h -s3_clnt.o: ../include/openssl/err.h ../include/openssl/evp.h -s3_clnt.o: ../include/openssl/idea.h ../include/openssl/kssl.h -s3_clnt.o: ../include/openssl/lhash.h ../include/openssl/md2.h -s3_clnt.o: ../include/openssl/md4.h ../include/openssl/md5.h -s3_clnt.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h -s3_clnt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -s3_clnt.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -s3_clnt.o: ../include/openssl/pem.h ../include/openssl/pem2.h -s3_clnt.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h -s3_clnt.o: ../include/openssl/rc2.h ../include/openssl/rc4.h -s3_clnt.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h -s3_clnt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -s3_clnt.o: ../include/openssl/sha.h ../include/openssl/ssl.h -s3_clnt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -s3_clnt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -s3_clnt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -s3_clnt.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h -s3_clnt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h kssl_lcl.h -s3_clnt.o: s3_clnt.c ssl_locl.h +s3_clnt.o: ../crypto/cryptlib.h ../e_os.h ../include/openssl/aes.h +s3_clnt.o: ../include/openssl/asn1.h ../include/openssl/bio.h +s3_clnt.o: ../include/openssl/blowfish.h ../include/openssl/bn.h +s3_clnt.o: ../include/openssl/buffer.h ../include/openssl/cast.h +s3_clnt.o: ../include/openssl/comp.h ../include/openssl/crypto.h +s3_clnt.o: ../include/openssl/des.h ../include/openssl/des_old.h +s3_clnt.o: ../include/openssl/dh.h ../include/openssl/dsa.h +s3_clnt.o: ../include/openssl/e_os2.h ../include/openssl/ec.h +s3_clnt.o: ../include/openssl/ecdsa.h ../include/openssl/err.h +s3_clnt.o: ../include/openssl/evp.h ../include/openssl/idea.h +s3_clnt.o: ../include/openssl/kssl.h ../include/openssl/lhash.h +s3_clnt.o: ../include/openssl/md2.h ../include/openssl/md4.h +s3_clnt.o: ../include/openssl/md5.h ../include/openssl/mdc2.h +s3_clnt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +s3_clnt.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +s3_clnt.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +s3_clnt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +s3_clnt.o: ../include/openssl/rand.h ../include/openssl/rc2.h +s3_clnt.o: ../include/openssl/rc4.h ../include/openssl/rc5.h +s3_clnt.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h +s3_clnt.o: ../include/openssl/safestack.h ../include/openssl/sha.h +s3_clnt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +s3_clnt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +s3_clnt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +s3_clnt.o: ../include/openssl/tls1.h ../include/openssl/ui.h +s3_clnt.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h +s3_clnt.o: ../include/openssl/x509_vfy.h kssl_lcl.h s3_clnt.c ssl_locl.h s3_enc.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h s3_enc.o: ../include/openssl/bio.h ../include/openssl/blowfish.h s3_enc.o: ../include/openssl/bn.h ../include/openssl/buffer.h @@ -604,33 +605,34 @@ s3_pkt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h s3_pkt.o: ../include/openssl/tls1.h ../include/openssl/ui.h s3_pkt.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h s3_pkt.o: ../include/openssl/x509_vfy.h s3_pkt.c ssl_locl.h -s3_srvr.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h -s3_srvr.o: ../include/openssl/bio.h ../include/openssl/blowfish.h -s3_srvr.o: ../include/openssl/bn.h ../include/openssl/buffer.h -s3_srvr.o: ../include/openssl/cast.h ../include/openssl/comp.h -s3_srvr.o: ../include/openssl/crypto.h ../include/openssl/des.h -s3_srvr.o: ../include/openssl/des_old.h ../include/openssl/dh.h -s3_srvr.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h -s3_srvr.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h -s3_srvr.o: ../include/openssl/err.h ../include/openssl/evp.h -s3_srvr.o: ../include/openssl/idea.h ../include/openssl/krb5_asn.h -s3_srvr.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -s3_srvr.o: ../include/openssl/md2.h ../include/openssl/md4.h -s3_srvr.o: ../include/openssl/md5.h ../include/openssl/mdc2.h -s3_srvr.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -s3_srvr.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -s3_srvr.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -s3_srvr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -s3_srvr.o: ../include/openssl/rand.h ../include/openssl/rc2.h -s3_srvr.o: ../include/openssl/rc4.h ../include/openssl/rc5.h -s3_srvr.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h -s3_srvr.o: ../include/openssl/safestack.h ../include/openssl/sha.h -s3_srvr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -s3_srvr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -s3_srvr.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -s3_srvr.o: ../include/openssl/tls1.h ../include/openssl/ui.h -s3_srvr.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h -s3_srvr.o: ../include/openssl/x509_vfy.h kssl_lcl.h s3_srvr.c ssl_locl.h +s3_srvr.o: ../crypto/cryptlib.h ../e_os.h ../include/openssl/aes.h +s3_srvr.o: ../include/openssl/asn1.h ../include/openssl/bio.h +s3_srvr.o: ../include/openssl/blowfish.h ../include/openssl/bn.h +s3_srvr.o: ../include/openssl/buffer.h ../include/openssl/cast.h +s3_srvr.o: ../include/openssl/comp.h ../include/openssl/crypto.h +s3_srvr.o: ../include/openssl/des.h ../include/openssl/des_old.h +s3_srvr.o: ../include/openssl/dh.h ../include/openssl/dsa.h +s3_srvr.o: ../include/openssl/e_os2.h ../include/openssl/ec.h +s3_srvr.o: ../include/openssl/ecdsa.h ../include/openssl/err.h +s3_srvr.o: ../include/openssl/evp.h ../include/openssl/idea.h +s3_srvr.o: ../include/openssl/krb5_asn.h ../include/openssl/kssl.h +s3_srvr.o: ../include/openssl/lhash.h ../include/openssl/md2.h +s3_srvr.o: ../include/openssl/md4.h ../include/openssl/md5.h +s3_srvr.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h +s3_srvr.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +s3_srvr.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +s3_srvr.o: ../include/openssl/pem.h ../include/openssl/pem2.h +s3_srvr.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h +s3_srvr.o: ../include/openssl/rc2.h ../include/openssl/rc4.h +s3_srvr.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h +s3_srvr.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +s3_srvr.o: ../include/openssl/sha.h ../include/openssl/ssl.h +s3_srvr.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +s3_srvr.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +s3_srvr.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +s3_srvr.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h +s3_srvr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h kssl_lcl.h +s3_srvr.o: s3_srvr.c ssl_locl.h ssl_algs.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h ssl_algs.o: ../include/openssl/bio.h ../include/openssl/blowfish.h ssl_algs.o: ../include/openssl/bn.h ../include/openssl/buffer.h @@ -657,33 +659,33 @@ ssl_algs.o: ../include/openssl/stack.h ../include/openssl/symhacks.h ssl_algs.o: ../include/openssl/tls1.h ../include/openssl/ui.h ssl_algs.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h ssl_algs.o: ../include/openssl/x509_vfy.h ssl_algs.c ssl_locl.h -ssl_asn1.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h -ssl_asn1.o: ../include/openssl/asn1_mac.h ../include/openssl/bio.h -ssl_asn1.o: ../include/openssl/blowfish.h ../include/openssl/bn.h -ssl_asn1.o: ../include/openssl/buffer.h ../include/openssl/cast.h -ssl_asn1.o: ../include/openssl/comp.h ../include/openssl/crypto.h -ssl_asn1.o: ../include/openssl/des.h ../include/openssl/des_old.h -ssl_asn1.o: ../include/openssl/dh.h ../include/openssl/dsa.h -ssl_asn1.o: ../include/openssl/e_os2.h ../include/openssl/ec.h -ssl_asn1.o: ../include/openssl/ecdsa.h ../include/openssl/err.h -ssl_asn1.o: ../include/openssl/evp.h ../include/openssl/idea.h -ssl_asn1.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -ssl_asn1.o: ../include/openssl/md2.h ../include/openssl/md4.h -ssl_asn1.o: ../include/openssl/md5.h ../include/openssl/mdc2.h -ssl_asn1.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -ssl_asn1.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -ssl_asn1.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -ssl_asn1.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -ssl_asn1.o: ../include/openssl/rc2.h ../include/openssl/rc4.h -ssl_asn1.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h -ssl_asn1.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -ssl_asn1.o: ../include/openssl/sha.h ../include/openssl/ssl.h -ssl_asn1.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -ssl_asn1.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -ssl_asn1.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -ssl_asn1.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h -ssl_asn1.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_asn1.c -ssl_asn1.o: ssl_locl.h +ssl_asn1.o: ../crypto/cryptlib.h ../e_os.h ../include/openssl/aes.h +ssl_asn1.o: ../include/openssl/asn1.h ../include/openssl/asn1_mac.h +ssl_asn1.o: ../include/openssl/bio.h ../include/openssl/blowfish.h +ssl_asn1.o: ../include/openssl/bn.h ../include/openssl/buffer.h +ssl_asn1.o: ../include/openssl/cast.h ../include/openssl/comp.h +ssl_asn1.o: ../include/openssl/crypto.h ../include/openssl/des.h +ssl_asn1.o: ../include/openssl/des_old.h ../include/openssl/dh.h +ssl_asn1.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h +ssl_asn1.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h +ssl_asn1.o: ../include/openssl/err.h ../include/openssl/evp.h +ssl_asn1.o: ../include/openssl/idea.h ../include/openssl/kssl.h +ssl_asn1.o: ../include/openssl/lhash.h ../include/openssl/md2.h +ssl_asn1.o: ../include/openssl/md4.h ../include/openssl/md5.h +ssl_asn1.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h +ssl_asn1.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +ssl_asn1.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +ssl_asn1.o: ../include/openssl/pem.h ../include/openssl/pem2.h +ssl_asn1.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h +ssl_asn1.o: ../include/openssl/rc4.h ../include/openssl/rc5.h +ssl_asn1.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h +ssl_asn1.o: ../include/openssl/safestack.h ../include/openssl/sha.h +ssl_asn1.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +ssl_asn1.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +ssl_asn1.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +ssl_asn1.o: ../include/openssl/tls1.h ../include/openssl/ui.h +ssl_asn1.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h +ssl_asn1.o: ../include/openssl/x509_vfy.h ssl_asn1.c ssl_locl.h ssl_cert.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h ssl_cert.o: ../include/openssl/bio.h ../include/openssl/blowfish.h ssl_cert.o: ../include/openssl/bn.h ../include/openssl/buffer.h @@ -842,33 +844,33 @@ ssl_rsa.o: ../include/openssl/stack.h ../include/openssl/symhacks.h ssl_rsa.o: ../include/openssl/tls1.h ../include/openssl/ui.h ssl_rsa.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h ssl_rsa.o: ../include/openssl/x509_vfy.h ssl_locl.h ssl_rsa.c -ssl_sess.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h -ssl_sess.o: ../include/openssl/bio.h ../include/openssl/blowfish.h -ssl_sess.o: ../include/openssl/bn.h ../include/openssl/buffer.h -ssl_sess.o: ../include/openssl/cast.h ../include/openssl/comp.h -ssl_sess.o: ../include/openssl/crypto.h ../include/openssl/des.h -ssl_sess.o: ../include/openssl/des_old.h ../include/openssl/dh.h -ssl_sess.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h -ssl_sess.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h -ssl_sess.o: ../include/openssl/err.h ../include/openssl/evp.h -ssl_sess.o: ../include/openssl/idea.h ../include/openssl/kssl.h -ssl_sess.o: ../include/openssl/lhash.h ../include/openssl/md2.h -ssl_sess.o: ../include/openssl/md4.h ../include/openssl/md5.h -ssl_sess.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h -ssl_sess.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -ssl_sess.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -ssl_sess.o: ../include/openssl/pem.h ../include/openssl/pem2.h -ssl_sess.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h -ssl_sess.o: ../include/openssl/rc2.h ../include/openssl/rc4.h -ssl_sess.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h -ssl_sess.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -ssl_sess.o: ../include/openssl/sha.h ../include/openssl/ssl.h -ssl_sess.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -ssl_sess.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -ssl_sess.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -ssl_sess.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h -ssl_sess.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h -ssl_sess.o: ssl_sess.c +ssl_sess.o: ../crypto/cryptlib.h ../e_os.h ../include/openssl/aes.h +ssl_sess.o: ../include/openssl/asn1.h ../include/openssl/bio.h +ssl_sess.o: ../include/openssl/blowfish.h ../include/openssl/bn.h +ssl_sess.o: ../include/openssl/buffer.h ../include/openssl/cast.h +ssl_sess.o: ../include/openssl/comp.h ../include/openssl/crypto.h +ssl_sess.o: ../include/openssl/des.h ../include/openssl/des_old.h +ssl_sess.o: ../include/openssl/dh.h ../include/openssl/dsa.h +ssl_sess.o: ../include/openssl/e_os2.h ../include/openssl/ec.h +ssl_sess.o: ../include/openssl/ecdsa.h ../include/openssl/err.h +ssl_sess.o: ../include/openssl/evp.h ../include/openssl/idea.h +ssl_sess.o: ../include/openssl/kssl.h ../include/openssl/lhash.h +ssl_sess.o: ../include/openssl/md2.h ../include/openssl/md4.h +ssl_sess.o: ../include/openssl/md5.h ../include/openssl/mdc2.h +ssl_sess.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +ssl_sess.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +ssl_sess.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +ssl_sess.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +ssl_sess.o: ../include/openssl/rand.h ../include/openssl/rc2.h +ssl_sess.o: ../include/openssl/rc4.h ../include/openssl/rc5.h +ssl_sess.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h +ssl_sess.o: ../include/openssl/safestack.h ../include/openssl/sha.h +ssl_sess.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +ssl_sess.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +ssl_sess.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +ssl_sess.o: ../include/openssl/tls1.h ../include/openssl/ui.h +ssl_sess.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h +ssl_sess.o: ../include/openssl/x509_vfy.h ssl_locl.h ssl_sess.c ssl_stat.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h ssl_stat.o: ../include/openssl/bio.h ../include/openssl/blowfish.h ssl_stat.o: ../include/openssl/bn.h ../include/openssl/buffer.h diff --git a/ssl/s2_clnt.c b/ssl/s2_clnt.c index 4cb1184161..26efe53856 100644 --- a/ssl/s2_clnt.c +++ b/ssl/s2_clnt.c @@ -116,6 +116,7 @@ #include #include #include +#include "cryptlib.h" static SSL_METHOD *ssl2_get_client_method(int ver); static int get_server_finished(SSL *s); @@ -535,6 +536,7 @@ static int get_server_hello(SSL *s) } s->s2->conn_id_length=s->s2->tmp.conn_id_length; + die(s->s2->conn_id_length <= sizeof s->s2->conn_id); memcpy(s->s2->conn_id,p,s->s2->tmp.conn_id_length); return(1); } @@ -636,6 +638,7 @@ static int client_master_key(SSL *s) /* make key_arg data */ i=EVP_CIPHER_iv_length(c); sess->key_arg_length=i; + die(i <= SSL_MAX_KEY_ARG_LENGTH); if (i > 0) RAND_pseudo_bytes(sess->key_arg,i); /* make a master key */ @@ -643,6 +646,7 @@ static int client_master_key(SSL *s) sess->master_key_length=i; if (i > 0) { + die(i <= sizeof sess->master_key); if (RAND_bytes(sess->master_key,i) <= 0) { ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); @@ -686,6 +690,7 @@ static int client_master_key(SSL *s) d+=enc; karg=sess->key_arg_length; s2n(karg,p); /* key arg size */ + die(karg <= sizeof sess->key_arg); memcpy(d,sess->key_arg,(unsigned int)karg); d+=karg; @@ -706,6 +711,7 @@ static int client_finished(SSL *s) { p=(unsigned char *)s->init_buf->data; *(p++)=SSL2_MT_CLIENT_FINISHED; + die(s->s2->conn_id_length <= sizeof s->s2->conn_id); memcpy(p,s->s2->conn_id,(unsigned int)s->s2->conn_id_length); s->state=SSL2_ST_SEND_CLIENT_FINISHED_B; @@ -978,6 +984,8 @@ static int get_server_finished(SSL *s) { if (!(s->options & SSL_OP_MICROSOFT_SESS_ID_BUG)) { + die(s->session->session_id_length + <= sizeof s->session->session_id); if (memcmp(buf,s->session->session_id, (unsigned int)s->session->session_id_length) != 0) { diff --git a/ssl/s2_lib.c b/ssl/s2_lib.c index 25823d46e5..9bf55268df 100644 --- a/ssl/s2_lib.c +++ b/ssl/s2_lib.c @@ -63,6 +63,7 @@ #include #include #include +#include "cryptlib.h" static long ssl2_default_timeout(void ); const char *ssl2_version_str="SSLv2" OPENSSL_VERSION_PTEXT; @@ -428,10 +429,14 @@ void ssl2_generate_key_material(SSL *s) #endif EVP_MD_CTX_init(&ctx); km=s->s2->key_material; + die(s->s2->key_material_length <= sizeof s->s2->key_material); for (i=0; is2->key_material_length; i+=MD5_DIGEST_LENGTH) { EVP_DigestInit_ex(&ctx,EVP_md5(), NULL); + die(s->session->master_key_length >= 0 + && s->session->master_key_length + < sizeof s->session->master_key); EVP_DigestUpdate(&ctx,s->session->master_key,s->session->master_key_length); EVP_DigestUpdate(&ctx,&c,1); c++; @@ -467,6 +472,7 @@ void ssl2_write_error(SSL *s) /* state=s->rwstate;*/ error=s->error; s->error=0; + die(error >= 0 && error <= 3); i=ssl2_write(s,&(buf[3-error]),error); /* if (i == error) s->rwstate=state; */ diff --git a/ssl/s2_srvr.c b/ssl/s2_srvr.c index 56da65195e..391287bfcd 100644 --- a/ssl/s2_srvr.c +++ b/ssl/s2_srvr.c @@ -116,6 +116,7 @@ #include #include #include +#include "cryptlib.h" static SSL_METHOD *ssl2_get_server_method(int ver); static int get_client_master_key(SSL *s); @@ -417,11 +418,18 @@ static int get_client_master_key(SSL *s) n2s(p,i); s->s2->tmp.clear=i; n2s(p,i); s->s2->tmp.enc=i; n2s(p,i); s->session->key_arg_length=i; + if(s->session->key_arg_length > SSL_MAX_KEY_ARG_LENGTH) + { + SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, + SSL_R_KEY_ARG_TOO_LONG); + return -1; + } s->state=SSL2_ST_GET_CLIENT_MASTER_KEY_B; } /* SSL2_ST_GET_CLIENT_MASTER_KEY_B */ p=(unsigned char *)s->init_buf->data; + die(s->init_buf->length >= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER); keya=s->session->key_arg_length; len = 10 + (unsigned long)s->s2->tmp.clear + (unsigned long)s->s2->tmp.enc + (unsigned long)keya; if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER) @@ -504,6 +512,7 @@ static int get_client_master_key(SSL *s) #endif if (is_export) i+=s->s2->tmp.clear; + die(i <= SSL_MAX_MASTER_KEY_LENGTH); s->session->master_key_length=i; memcpy(s->session->master_key,p,(unsigned int)i); return(1); @@ -670,6 +679,7 @@ static int get_client_hello(SSL *s) p+=s->s2->tmp.session_id_length; /* challenge */ + die(s->s2->challenge_length <= sizeof s->s2->challenge); memcpy(s->s2->challenge,p,(unsigned int)s->s2->challenge_length); return(1); mem_err: @@ -826,6 +836,7 @@ static int get_client_finished(SSL *s) } /* SSL2_ST_GET_CLIENT_FINISHED_B */ + die(s->s2->conn_id_length <= sizeof s->s2->conn_id); len = 1 + (unsigned long)s->s2->conn_id_length; n = (int)len - s->init_num; i = ssl2_read(s,(char *)&(p[s->init_num]),n); @@ -853,6 +864,7 @@ static int server_verify(SSL *s) { p=(unsigned char *)s->init_buf->data; *(p++)=SSL2_MT_SERVER_VERIFY; + die(s->s2->challenge_length <= sizeof s->s2->challenge); memcpy(p,s->s2->challenge,(unsigned int)s->s2->challenge_length); /* p+=s->s2->challenge_length; */ @@ -872,6 +884,8 @@ static int server_finish(SSL *s) p=(unsigned char *)s->init_buf->data; *(p++)=SSL2_MT_SERVER_FINISHED; + die(s->session->session_id_length + <= sizeof s->session->session_id); memcpy(p,s->session->session_id, (unsigned int)s->session->session_id_length); /* p+=s->session->session_id_length; */ diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index bd9ce5db55..2699b5863b 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -117,6 +117,7 @@ #include #include #include +#include "cryptlib.h" static SSL_METHOD *ssl3_get_client_method(int ver); static int ssl3_client_hello(SSL *s); @@ -545,6 +546,7 @@ static int ssl3_client_hello(SSL *s) *(p++)=i; if (i != 0) { + die(i <= sizeof s->session->session_id); memcpy(p,s->session->session_id,i); p+=i; } @@ -626,6 +628,14 @@ static int ssl3_get_server_hello(SSL *s) /* get the session-id */ j= *(p++); + if(j > sizeof s->session->session_id) + { + al=SSL_AD_ILLEGAL_PARAMETER; + SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, + SSL_R_SSL3_SESSION_ID_TOO_LONG); + goto f_err; + } + if ((j != 0) && (j != SSL3_SESSION_ID_SIZE)) { /* SSLref returns 16 :-( */ @@ -1588,6 +1598,7 @@ static int ssl3_send_client_key_exchange(SSL *s) SSL_MAX_MASTER_KEY_LENGTH); EVP_EncryptFinal_ex(&ciph_ctx,&(epms[outl]),&padl); outl += padl; + die(outl <= sizeof epms); EVP_CIPHER_CTX_cleanup(&ciph_ctx); /* KerberosWrapper.EncryptedPreMasterSecret */ diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 270afb8166..782b57f57a 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -123,6 +123,7 @@ #include #include #include +#include "cryptlib.h" static SSL_METHOD *ssl3_get_server_method(int ver); static int ssl3_get_client_hello(SSL *s); @@ -964,6 +965,7 @@ static int ssl3_send_server_hello(SSL *s) s->session->session_id_length=0; sl=s->session->session_id_length; + die(sl <= sizeof s->session->session_id); *(p++)=sl; memcpy(p,s->session->session_id,sl); p+=sl; @@ -1559,8 +1561,8 @@ static int ssl3_get_client_key_exchange(SSL *s) EVP_CIPHER *enc = NULL; unsigned char iv[EVP_MAX_IV_LENGTH]; unsigned char pms[SSL_MAX_MASTER_KEY_LENGTH - + EVP_MAX_IV_LENGTH + 1]; - int padl, outl = sizeof(pms); + + EVP_MAX_BLOCK_LENGTH]; + int padl, outl; krb5_timestamp authtime = 0; krb5_ticket_times ttimes; @@ -1583,6 +1585,16 @@ static int ssl3_get_client_key_exchange(SSL *s) enc_pms.data = (char *)p; p+=enc_pms.length; + /* Note that the length is checked again below, + ** after decryption + */ + if(enc.pms_length > sizeof pms) + { + SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, + SSL_R_DATA_LENGTH_TOO_LONG); + goto err; + } + if (n != enc_ticket.length + authenticator.length + enc_pms.length + 6) { diff --git a/ssl/ssl.h b/ssl/ssl.h index 7947a56c64..d9949e8eb2 100644 --- a/ssl/ssl.h +++ b/ssl/ssl.h @@ -1667,6 +1667,7 @@ void ERR_load_SSL_strings(void); #define SSL_R_INVALID_COMMAND 280 #define SSL_R_INVALID_PURPOSE 278 #define SSL_R_INVALID_TRUST 279 +#define SSL_R_KEY_ARG_TOO_LONG 1112 #define SSL_R_KRB5 1104 #define SSL_R_KRB5_C_CC_PRINC 1094 #define SSL_R_KRB5_C_GET_CRED 1095 @@ -1746,6 +1747,7 @@ void ERR_load_SSL_strings(void); #define SSL_R_SHORT_READ 219 #define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 220 #define SSL_R_SSL23_DOING_SESSION_ID_REUSE 221 +#define SSL_R_SSL3_SESSION_ID_TOO_LONG 1113 #define SSL_R_SSL3_SESSION_ID_TOO_SHORT 222 #define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042 #define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020 diff --git a/ssl/ssl_asn1.c b/ssl/ssl_asn1.c index b1c2d17153..1638c6b525 100644 --- a/ssl/ssl_asn1.c +++ b/ssl/ssl_asn1.c @@ -62,6 +62,7 @@ #include #include #include +#include "cryptlib.h" typedef struct ssl_session_asn1_st { @@ -296,6 +297,7 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, unsigned char **pp, os.length=i; ret->session_id_length=os.length; + die(os.length <= sizeof ret->session_id); memcpy(ret->session_id,os.data,os.length); M_ASN1_D2I_get(osp,d2i_ASN1_OCTET_STRING); diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c index c32c4ef6e9..0cad32c855 100644 --- a/ssl/ssl_err.c +++ b/ssl/ssl_err.c @@ -1,6 +1,6 @@ /* ssl/ssl_err.c */ /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -275,6 +275,7 @@ static ERR_STRING_DATA SSL_str_reasons[]= {SSL_R_INVALID_COMMAND ,"invalid command"}, {SSL_R_INVALID_PURPOSE ,"invalid purpose"}, {SSL_R_INVALID_TRUST ,"invalid trust"}, +{SSL_R_KEY_ARG_TOO_LONG ,"key arg too long"}, {SSL_R_KRB5 ,"krb5"}, {SSL_R_KRB5_C_CC_PRINC ,"krb5 client cc principal (no tkt?)"}, {SSL_R_KRB5_C_GET_CRED ,"krb5 client get cred"}, @@ -354,6 +355,7 @@ static ERR_STRING_DATA SSL_str_reasons[]= {SSL_R_SHORT_READ ,"short read"}, {SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE,"signature for non signing certificate"}, {SSL_R_SSL23_DOING_SESSION_ID_REUSE ,"ssl23 doing session id reuse"}, +{SSL_R_SSL3_SESSION_ID_TOO_LONG ,"ssl3 session id too long"}, {SSL_R_SSL3_SESSION_ID_TOO_SHORT ,"ssl3 session id too short"}, {SSL_R_SSLV3_ALERT_BAD_CERTIFICATE ,"sslv3 alert bad certificate"}, {SSL_R_SSLV3_ALERT_BAD_RECORD_MAC ,"sslv3 alert bad record mac"}, diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index 6424f775e2..8bfc382bb6 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -60,6 +60,7 @@ #include #include #include "ssl_locl.h" +#include "cryptlib.h" static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s); static void SSL_SESSION_list_add(SSL_CTX *ctx,SSL_SESSION *s); @@ -250,6 +251,7 @@ int ssl_get_new_session(SSL *s, int session) ss->session_id_length=0; } + die(s->sid_ctx_length <= sizeof ss->sid_ctx); memcpy(ss->sid_ctx,s->sid_ctx,s->sid_ctx_length); ss->sid_ctx_length=s->sid_ctx_length; s->session=ss; -- 2.34.1