OpenSSL Security Advisory [30 July 2002]

Changes marked "(CHATS)" were sponsored by the Defense Advanced
Research Projects Agency (DARPA) and Air Force Research Laboratory,
Air Force Materiel Command, USAF, under agreement number
F30602-01-2-0537.

diff --git a/CHANGES b/CHANGES
index 5ea0e7b91643fae844aa4ba46d16f92079f524d2..3881e9166ed481feb72f3d18e410b32fd69cd9ad 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1764,7 +1764,13 @@ des-cbc           3624.96k     5258.21k     5530.91k     5624.30k     5628.26k
   *) Clean old EAY MD5 hack from e_os.h.
      [Richard Levitte]
 
- Changes between 0.9.6d and 0.9.6e  [XX xxx XXXX]
+ Changes between 0.9.6d and 0.9.6e  [30 Jul 2002]
+
+  *) Add various sanity checks to asn1_get_length() to reject
+     the ASN1 length bytes if they exceed sizeof(long), will appear
+     negative or the content length exceeds the length of the
+     supplied buffer.
+     [Steve Henson, Adi Stav <stav@mercury.co.il>, James Yonan <jim@ntlp.com>]
 
   *) Fix cipher selection routines: ciphers without encryption had no flags
      for the cipher strength set and where therefore not handled correctly
@@ -1787,6 +1793,40 @@ des-cbc           3624.96k     5258.21k     5530.91k     5624.30k     5628.26k
      applications.
      [Bodo Moeller]
 
+  *) Changes in security patch:
+
+     Changes marked "(CHATS)" were sponsored by the Defense Advanced
+     Research Projects Agency (DARPA) and Air Force Research Laboratory,
+     Air Force Materiel Command, USAF, under agreement number
+     F30602-01-2-0537.
+
+  *) Add various sanity checks to asn1_get_length() to reject
+     the ASN1 length bytes if they exceed sizeof(long), will appear
+     negative or the content length exceeds the length of the
+     supplied buffer. (CAN-2002-0659)
+     [Steve Henson, Adi Stav <stav@mercury.co.il>, James Yonan <jim@ntlp.com>]
+
+  *) Assertions for various potential buffer overflows, not known to
+     happen in practice.
+     [Ben Laurie (CHATS)]
+
+  *) Various temporary buffers to hold ASCII versions of integers were
+     too small for 64 bit platforms. (CAN-2002-0655)
+     [Matthew Byng-Maddick <mbm@aldigital.co.uk> and Ben Laurie (CHATS)>
+
+  *) Remote buffer overflow in SSL3 protocol - an attacker could
+     supply an oversized master key in Kerberos-enabled versions.
+     (CAN-2002-0657)
+     [Ben Laurie (CHATS)]
+
+  *) Remote buffer overflow in SSL3 protocol - an attacker could
+     supply an oversized session ID to a client. (CAN-2002-0656)
+     [Ben Laurie (CHATS)]
+
+  *) Remote buffer overflow in SSL2 protocol - an attacker could
+     supply an oversized client master key. (CAN-2002-0656)
+     [Ben Laurie (CHATS)]
+
  Changes between 0.9.6c and 0.9.6d  [9 May 2002]
 
   *) Fix crypto/asn1/a_sign.c so that 'parameters' is omitted (not

diff --git a/crypto/asn1/asn1_lib.c b/crypto/asn1/asn1_lib.c
index 77447a5240959387c9a7dd634e5519a8b171798f..422685a3b452f284095a93042f05a136b3659c3e 100644 (file)
--- a/crypto/asn1/asn1_lib.c
+++ b/crypto/asn1/asn1_lib.c
@@ -124,15 +124,13 @@ int ASN1_get_object(unsigned char **pp, long *plength, int *ptag, int *pclass,
                (int)(omax+ *pp));
 
 #endif
-#if 0
-       if ((p+ *plength) > (omax+ *pp))
+       if (*plength > (omax - (*pp - p)))
                {
                ASN1err(ASN1_F_ASN1_GET_OBJECT,ASN1_R_TOO_LONG);
                /* Set this so that even if things are not long enough
                 * the values are set correctly */
                ret|=0x80;
                }
-#endif
        *pp=p;
        return(ret|inf);
 err:
@@ -159,6 +157,8 @@ static int asn1_get_length(unsigned char **pp, int *inf, long *rl, int max)
                i= *p&0x7f;
                if (*(p++) & 0x80)
                        {
+                       if (i > sizeof(long))
+                               return 0;
                        if (max-- == 0) return(0);
                        while (i-- > 0)
                                {
@@ -170,6 +170,8 @@ static int asn1_get_length(unsigned char **pp, int *inf, long *rl, int max)
                else
                        ret=i;
                }
+       if (ret < 0)
+               return 0;
        *pp=p;
        *rl=ret;
        return(1);
@@ -407,7 +409,7 @@ int ASN1_STRING_cmp(ASN1_STRING *a, ASN1_STRING *b)
 
 void asn1_add_error(unsigned char *address, int offset)
        {
-       char buf1[16],buf2[16];
+       char buf1[DECIMAL_SIZE(address)+1],buf2[DECIMAL_SIZE(offset)+1];
 
        sprintf(buf1,"%lu",(unsigned long)address);
        sprintf(buf2,"%d",offset);

diff --git a/crypto/conf/Makefile.ssl b/crypto/conf/Makefile.ssl
index 0d62be821d2f55108a8b6b26281639b43053f699..c0cf9f987abce4404485b180add49152e39ce3c8 100644 (file)
--- a/crypto/conf/Makefile.ssl
+++ b/crypto/conf/Makefile.ssl
@@ -89,14 +89,14 @@ conf_api.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
 conf_api.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
 conf_api.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 conf_api.o: conf_api.c
-conf_def.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
-conf_def.o: ../../include/openssl/conf.h ../../include/openssl/conf_api.h
-conf_def.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-conf_def.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-conf_def.o: ../../include/openssl/opensslconf.h
+conf_def.o: ../../e_os.h ../../include/openssl/bio.h
+conf_def.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
+conf_def.o: ../../include/openssl/conf_api.h ../../include/openssl/crypto.h
+conf_def.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+conf_def.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
 conf_def.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
 conf_def.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-conf_def.o: conf_def.c conf_def.h
+conf_def.o: ../cryptlib.h conf_def.c conf_def.h
 conf_err.o: ../../include/openssl/bio.h ../../include/openssl/conf.h
 conf_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 conf_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h

diff --git a/crypto/conf/conf_def.c b/crypto/conf/conf_def.c
index 31f2766246a19f33a7539c69e95d2ae1a932a55f..5e194de60e940b9a1d3cf5fe034f1cddb388a30d 100644 (file)
--- a/crypto/conf/conf_def.c
+++ b/crypto/conf/conf_def.c
@@ -67,6 +67,7 @@
 #include "conf_def.h"
 #include <openssl/buffer.h>
 #include <openssl/err.h>
+#include "cryptlib.h"
 
 static char *eat_ws(CONF *conf, char *p);
 static char *eat_alpha_numeric(CONF *conf, char *p);
@@ -208,12 +209,12 @@ static int def_load(CONF *conf, const char *name, long *line)
 static int def_load_bio(CONF *conf, BIO *in, long *line)
        {
 #define BUFSIZE        512
-       char btmp[16];
        int bufnum=0,i,ii;
        BUF_MEM *buff=NULL;
        char *s,*p,*end;
        int again,n;
        long eline=0;
+       char btmp[DECIMAL_SIZE(eline)+1];
        CONF_VALUE *v=NULL,*tv;
        CONF_VALUE *sv=NULL;
        char *section=NULL,*buf;

diff --git a/crypto/conf/conf_mod.c b/crypto/conf/conf_mod.c
index f92babc2e2977e9b08716ed24f53d7983db0ffaf..edcc08921c2fe2711ecacc990b4a4460630491cf 100644 (file)
--- a/crypto/conf/conf_mod.c
+++ b/crypto/conf/conf_mod.c
@@ -230,7 +230,7 @@ static int module_run(const CONF *cnf, char *name, char *value,
                {
                if (!(flags & CONF_MFLAGS_SILENT))
                        {
-                       char rcode[10];
+                       char rcode[DECIMAL_SIZE(ret)+1];
                        CONFerr(CONF_F_CONF_MODULES_LOAD, CONF_R_MODULE_INITIALIZATION_ERROR);
                        sprintf(rcode, "%-8d", ret);
                        ERR_add_error_data(6, "module=", name, ", value=", value, ", retcode=", rcode);

diff --git a/crypto/cryptlib.c b/crypto/cryptlib.c
index 9a7ed2cf754d994ab108f33e7544b1e72947b2f0..3bceddfbbf3860ebb872f1d3d9357302bfb18a17 100644 (file)
--- a/crypto/cryptlib.c
+++ b/crypto/cryptlib.c
@@ -494,3 +494,11 @@ BOOL WINAPI DLLEntryPoint(HINSTANCE hinstDLL, DWORD fdwReason,
 #endif
 
 #endif
+
+void OpenSSLDie(const char *file,int line,const char *assertion)
+    {
+    fprintf(stderr,"%s(%d): OpenSSL internal error, assertion failed: %s\n",
+           file,line,assertion);
+    abort();
+    }
+

diff --git a/crypto/cryptlib.h b/crypto/cryptlib.h
index a0489e57fc9d9334272f8bdf39bde1bfdf24a335..985a6d377c13b0101e6f64102fe9a4b958e8ebf7 100644 (file)
--- a/crypto/cryptlib.h
+++ b/crypto/cryptlib.h
@@ -89,6 +89,14 @@ extern "C" {
 #define X509_CERT_DIR_EVP        "SSL_CERT_DIR"
 #define X509_CERT_FILE_EVP       "SSL_CERT_FILE"
 
+/* size of string represenations */
+#define DECIMAL_SIZE(type)     ((sizeof(type)*8+2)/3+1)
+#define HEX_SIZE(type)         ((sizeof(type)*2)
+
+/* die if we have to */
+void OpenSSLDie(const char *file,int line,const char *assertion);
+#define die(e) ((e) ? (void)0 : OpenSSLDie(__FILE__, __LINE__, #e))
+
 #ifdef  __cplusplus
 }
 #endif

diff --git a/crypto/engine/hw_cswift.c b/crypto/engine/hw_cswift.c
index 31a79a9d160ffe080cdfa9821ed3f737ef253a1f..f5c897bdbbaf870d6206f6f8fb48744bbe0c92f5 100644 (file)
--- a/crypto/engine/hw_cswift.c
+++ b/crypto/engine/hw_cswift.c
@@ -501,7 +501,7 @@ static int cswift_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
                goto err;
        default:
                {
-               char tmpbuf[20];
+               char tmpbuf[DECIMAL_SIZE(sw_status)+1];
                CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP,CSWIFT_R_REQUEST_FAILED);
                sprintf(tmpbuf, "%ld", sw_status);
                ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
@@ -518,7 +518,7 @@ static int cswift_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
        if((sw_status = p_CSwift_SimpleRequest(hac, SW_CMD_MODEXP, &arg, 1,
                &res, 1)) != SW_OK)
                {
-               char tmpbuf[20];
+               char tmpbuf[DECIMAL_SIZE(sw_status)+1];
                CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP,CSWIFT_R_REQUEST_FAILED);
                sprintf(tmpbuf, "%ld", sw_status);
                ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
@@ -608,7 +608,7 @@ static int cswift_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
                goto err;
        default:
                {
-               char tmpbuf[20];
+               char tmpbuf[DECIMAL_SIZE(sw_status)+1];
                CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_REQUEST_FAILED);
                sprintf(tmpbuf, "%ld", sw_status);
                ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
@@ -625,7 +625,7 @@ static int cswift_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
        if((sw_status = p_CSwift_SimpleRequest(hac, SW_CMD_MODEXP_CRT, &arg, 1,
                &res, 1)) != SW_OK)
                {
-               char tmpbuf[20];
+               char tmpbuf[DECIMAL_SIZE(sw_status)+1];
                CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_REQUEST_FAILED);
                sprintf(tmpbuf, "%ld", sw_status);
                ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
@@ -740,7 +740,7 @@ static DSA_SIG *cswift_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa)
                goto err;
        default:
                {
-               char tmpbuf[20];
+               char tmpbuf[DECIMAL_SIZE(sw_status)+1];
                CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN,CSWIFT_R_REQUEST_FAILED);
                sprintf(tmpbuf, "%ld", sw_status);
                ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
@@ -758,7 +758,7 @@ static DSA_SIG *cswift_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa)
                &res, 1);
        if(sw_status != SW_OK)
                {
-               char tmpbuf[20];
+               char tmpbuf[DECIMAL_SIZE(sw_status)+1];
                CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN,CSWIFT_R_REQUEST_FAILED);
                sprintf(tmpbuf, "%ld", sw_status);
                ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
@@ -852,7 +852,7 @@ static int cswift_dsa_verify(const unsigned char *dgst, int dgst_len,
                goto err;
        default:
                {
-               char tmpbuf[20];
+               char tmpbuf[DECIMAL_SIZE(sw_status)+1];
                CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY,CSWIFT_R_REQUEST_FAILED);
                sprintf(tmpbuf, "%ld", sw_status);
                ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
@@ -874,7 +874,7 @@ static int cswift_dsa_verify(const unsigned char *dgst, int dgst_len,
                &res, 1);
        if(sw_status != SW_OK)
                {
-               char tmpbuf[20];
+               char tmpbuf[DECIMAL_SIZE(sw_status)+1];
                CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY,CSWIFT_R_REQUEST_FAILED);
                sprintf(tmpbuf, "%ld", sw_status);
                ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);

diff --git a/crypto/objects/obj_dat.c b/crypto/objects/obj_dat.c
index 3ff64bb8d13ffda597929f1cea53c2fcea947220..02c3719f04e6009903e6628b298e6db9265e6d77 100644 (file)
--- a/crypto/objects/obj_dat.c
+++ b/crypto/objects/obj_dat.c
@@ -436,7 +436,7 @@ int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name)
        unsigned long l;
        unsigned char *p;
        const char *s;
-       char tbuf[32];
+       char tbuf[DECIMAL_SIZE(i)+DECIMAL_SIZE(l)+2];
 
        if (buf_len <= 0) return(0);
 

diff --git a/ssl/Makefile.ssl b/ssl/Makefile.ssl
index 70a37db44a76161bfe0b0f1a2501029fc02413fc..c75956fc21e253911c7eec0ad8d443e191af929c 100644 (file)
--- a/ssl/Makefile.ssl
+++ b/ssl/Makefile.ssl
@@ -288,33 +288,33 @@ s23_srvr.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
 s23_srvr.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
 s23_srvr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s23_srvr.c
 s23_srvr.o: ssl_locl.h
-s2_clnt.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
-s2_clnt.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
-s2_clnt.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-s2_clnt.o: ../include/openssl/cast.h ../include/openssl/comp.h
-s2_clnt.o: ../include/openssl/crypto.h ../include/openssl/des.h
-s2_clnt.o: ../include/openssl/des_old.h ../include/openssl/dh.h
-s2_clnt.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
-s2_clnt.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h
-s2_clnt.o: ../include/openssl/err.h ../include/openssl/evp.h
-s2_clnt.o: ../include/openssl/idea.h ../include/openssl/kssl.h
-s2_clnt.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-s2_clnt.o: ../include/openssl/md4.h ../include/openssl/md5.h
-s2_clnt.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-s2_clnt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-s2_clnt.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-s2_clnt.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-s2_clnt.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
-s2_clnt.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-s2_clnt.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
-s2_clnt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-s2_clnt.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-s2_clnt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-s2_clnt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-s2_clnt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-s2_clnt.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
-s2_clnt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s2_clnt.c
-s2_clnt.o: ssl_locl.h
+s2_clnt.o: ../crypto/cryptlib.h ../e_os.h ../include/openssl/aes.h
+s2_clnt.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+s2_clnt.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+s2_clnt.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+s2_clnt.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+s2_clnt.o: ../include/openssl/des.h ../include/openssl/des_old.h
+s2_clnt.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+s2_clnt.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+s2_clnt.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
+s2_clnt.o: ../include/openssl/evp.h ../include/openssl/idea.h
+s2_clnt.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+s2_clnt.o: ../include/openssl/md2.h ../include/openssl/md4.h
+s2_clnt.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+s2_clnt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+s2_clnt.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+s2_clnt.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+s2_clnt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+s2_clnt.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+s2_clnt.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+s2_clnt.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+s2_clnt.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+s2_clnt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+s2_clnt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+s2_clnt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+s2_clnt.o: ../include/openssl/tls1.h ../include/openssl/ui.h
+s2_clnt.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+s2_clnt.o: ../include/openssl/x509_vfy.h s2_clnt.c ssl_locl.h
 s2_enc.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
 s2_enc.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
 s2_enc.o: ../include/openssl/bn.h ../include/openssl/buffer.h
@@ -341,32 +341,33 @@ s2_enc.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
 s2_enc.o: ../include/openssl/tls1.h ../include/openssl/ui.h
 s2_enc.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
 s2_enc.o: ../include/openssl/x509_vfy.h s2_enc.c ssl_locl.h
-s2_lib.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
-s2_lib.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
-s2_lib.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-s2_lib.o: ../include/openssl/cast.h ../include/openssl/comp.h
-s2_lib.o: ../include/openssl/crypto.h ../include/openssl/des.h
-s2_lib.o: ../include/openssl/des_old.h ../include/openssl/dh.h
-s2_lib.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
-s2_lib.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h
-s2_lib.o: ../include/openssl/err.h ../include/openssl/evp.h
-s2_lib.o: ../include/openssl/idea.h ../include/openssl/kssl.h
-s2_lib.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-s2_lib.o: ../include/openssl/md4.h ../include/openssl/md5.h
-s2_lib.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-s2_lib.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-s2_lib.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-s2_lib.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-s2_lib.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
-s2_lib.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-s2_lib.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-s2_lib.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-s2_lib.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-s2_lib.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-s2_lib.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-s2_lib.o: ../include/openssl/tls1.h ../include/openssl/ui.h
-s2_lib.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
-s2_lib.o: ../include/openssl/x509_vfy.h s2_lib.c ssl_locl.h
+s2_lib.o: ../crypto/cryptlib.h ../e_os.h ../include/openssl/aes.h
+s2_lib.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+s2_lib.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+s2_lib.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+s2_lib.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+s2_lib.o: ../include/openssl/des.h ../include/openssl/des_old.h
+s2_lib.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+s2_lib.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+s2_lib.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
+s2_lib.o: ../include/openssl/evp.h ../include/openssl/idea.h
+s2_lib.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+s2_lib.o: ../include/openssl/md2.h ../include/openssl/md4.h
+s2_lib.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+s2_lib.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+s2_lib.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+s2_lib.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+s2_lib.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+s2_lib.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+s2_lib.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+s2_lib.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+s2_lib.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+s2_lib.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+s2_lib.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+s2_lib.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+s2_lib.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+s2_lib.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s2_lib.c
+s2_lib.o: ssl_locl.h
 s2_meth.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
 s2_meth.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
 s2_meth.o: ../include/openssl/bn.h ../include/openssl/buffer.h
@@ -419,33 +420,33 @@ s2_pkt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
 s2_pkt.o: ../include/openssl/tls1.h ../include/openssl/ui.h
 s2_pkt.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
 s2_pkt.o: ../include/openssl/x509_vfy.h s2_pkt.c ssl_locl.h
-s2_srvr.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
-s2_srvr.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
-s2_srvr.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-s2_srvr.o: ../include/openssl/cast.h ../include/openssl/comp.h
-s2_srvr.o: ../include/openssl/crypto.h ../include/openssl/des.h
-s2_srvr.o: ../include/openssl/des_old.h ../include/openssl/dh.h
-s2_srvr.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
-s2_srvr.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h
-s2_srvr.o: ../include/openssl/err.h ../include/openssl/evp.h
-s2_srvr.o: ../include/openssl/idea.h ../include/openssl/kssl.h
-s2_srvr.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-s2_srvr.o: ../include/openssl/md4.h ../include/openssl/md5.h
-s2_srvr.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-s2_srvr.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-s2_srvr.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-s2_srvr.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-s2_srvr.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
-s2_srvr.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-s2_srvr.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
-s2_srvr.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-s2_srvr.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-s2_srvr.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-s2_srvr.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-s2_srvr.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-s2_srvr.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
-s2_srvr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s2_srvr.c
-s2_srvr.o: ssl_locl.h
+s2_srvr.o: ../crypto/cryptlib.h ../e_os.h ../include/openssl/aes.h
+s2_srvr.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+s2_srvr.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+s2_srvr.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+s2_srvr.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+s2_srvr.o: ../include/openssl/des.h ../include/openssl/des_old.h
+s2_srvr.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+s2_srvr.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+s2_srvr.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
+s2_srvr.o: ../include/openssl/evp.h ../include/openssl/idea.h
+s2_srvr.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+s2_srvr.o: ../include/openssl/md2.h ../include/openssl/md4.h
+s2_srvr.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+s2_srvr.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+s2_srvr.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+s2_srvr.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+s2_srvr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+s2_srvr.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+s2_srvr.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+s2_srvr.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+s2_srvr.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+s2_srvr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+s2_srvr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+s2_srvr.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+s2_srvr.o: ../include/openssl/tls1.h ../include/openssl/ui.h
+s2_srvr.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+s2_srvr.o: ../include/openssl/x509_vfy.h s2_srvr.c ssl_locl.h
 s3_both.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
 s3_both.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
 s3_both.o: ../include/openssl/bn.h ../include/openssl/buffer.h
@@ -473,33 +474,33 @@ s3_both.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
 s3_both.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
 s3_both.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s3_both.c
 s3_both.o: ssl_locl.h
-s3_clnt.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
-s3_clnt.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
-s3_clnt.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-s3_clnt.o: ../include/openssl/cast.h ../include/openssl/comp.h
-s3_clnt.o: ../include/openssl/crypto.h ../include/openssl/des.h
-s3_clnt.o: ../include/openssl/des_old.h ../include/openssl/dh.h
-s3_clnt.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
-s3_clnt.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h
-s3_clnt.o: ../include/openssl/err.h ../include/openssl/evp.h
-s3_clnt.o: ../include/openssl/idea.h ../include/openssl/kssl.h
-s3_clnt.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-s3_clnt.o: ../include/openssl/md4.h ../include/openssl/md5.h
-s3_clnt.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-s3_clnt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-s3_clnt.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-s3_clnt.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-s3_clnt.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
-s3_clnt.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-s3_clnt.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
-s3_clnt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-s3_clnt.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-s3_clnt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-s3_clnt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-s3_clnt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-s3_clnt.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
-s3_clnt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h kssl_lcl.h
-s3_clnt.o: s3_clnt.c ssl_locl.h
+s3_clnt.o: ../crypto/cryptlib.h ../e_os.h ../include/openssl/aes.h
+s3_clnt.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+s3_clnt.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+s3_clnt.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+s3_clnt.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+s3_clnt.o: ../include/openssl/des.h ../include/openssl/des_old.h
+s3_clnt.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+s3_clnt.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+s3_clnt.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
+s3_clnt.o: ../include/openssl/evp.h ../include/openssl/idea.h
+s3_clnt.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+s3_clnt.o: ../include/openssl/md2.h ../include/openssl/md4.h
+s3_clnt.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+s3_clnt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+s3_clnt.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+s3_clnt.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+s3_clnt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+s3_clnt.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+s3_clnt.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+s3_clnt.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+s3_clnt.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+s3_clnt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+s3_clnt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+s3_clnt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+s3_clnt.o: ../include/openssl/tls1.h ../include/openssl/ui.h
+s3_clnt.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+s3_clnt.o: ../include/openssl/x509_vfy.h kssl_lcl.h s3_clnt.c ssl_locl.h
 s3_enc.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
 s3_enc.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
 s3_enc.o: ../include/openssl/bn.h ../include/openssl/buffer.h
@@ -604,33 +605,34 @@ s3_pkt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
 s3_pkt.o: ../include/openssl/tls1.h ../include/openssl/ui.h
 s3_pkt.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
 s3_pkt.o: ../include/openssl/x509_vfy.h s3_pkt.c ssl_locl.h
-s3_srvr.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
-s3_srvr.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
-s3_srvr.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-s3_srvr.o: ../include/openssl/cast.h ../include/openssl/comp.h
-s3_srvr.o: ../include/openssl/crypto.h ../include/openssl/des.h
-s3_srvr.o: ../include/openssl/des_old.h ../include/openssl/dh.h
-s3_srvr.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
-s3_srvr.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h
-s3_srvr.o: ../include/openssl/err.h ../include/openssl/evp.h
-s3_srvr.o: ../include/openssl/idea.h ../include/openssl/krb5_asn.h
-s3_srvr.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
-s3_srvr.o: ../include/openssl/md2.h ../include/openssl/md4.h
-s3_srvr.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-s3_srvr.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-s3_srvr.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-s3_srvr.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-s3_srvr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-s3_srvr.o: ../include/openssl/rand.h ../include/openssl/rc2.h
-s3_srvr.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-s3_srvr.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-s3_srvr.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-s3_srvr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-s3_srvr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-s3_srvr.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-s3_srvr.o: ../include/openssl/tls1.h ../include/openssl/ui.h
-s3_srvr.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
-s3_srvr.o: ../include/openssl/x509_vfy.h kssl_lcl.h s3_srvr.c ssl_locl.h
+s3_srvr.o: ../crypto/cryptlib.h ../e_os.h ../include/openssl/aes.h
+s3_srvr.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+s3_srvr.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+s3_srvr.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+s3_srvr.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+s3_srvr.o: ../include/openssl/des.h ../include/openssl/des_old.h
+s3_srvr.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+s3_srvr.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+s3_srvr.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
+s3_srvr.o: ../include/openssl/evp.h ../include/openssl/idea.h
+s3_srvr.o: ../include/openssl/krb5_asn.h ../include/openssl/kssl.h
+s3_srvr.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+s3_srvr.o: ../include/openssl/md4.h ../include/openssl/md5.h
+s3_srvr.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+s3_srvr.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+s3_srvr.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+s3_srvr.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+s3_srvr.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+s3_srvr.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+s3_srvr.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+s3_srvr.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+s3_srvr.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+s3_srvr.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+s3_srvr.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+s3_srvr.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+s3_srvr.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+s3_srvr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h kssl_lcl.h
+s3_srvr.o: s3_srvr.c ssl_locl.h
 ssl_algs.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
 ssl_algs.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
 ssl_algs.o: ../include/openssl/bn.h ../include/openssl/buffer.h
@@ -657,33 +659,33 @@ ssl_algs.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
 ssl_algs.o: ../include/openssl/tls1.h ../include/openssl/ui.h
 ssl_algs.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
 ssl_algs.o: ../include/openssl/x509_vfy.h ssl_algs.c ssl_locl.h
-ssl_asn1.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
-ssl_asn1.o: ../include/openssl/asn1_mac.h ../include/openssl/bio.h
-ssl_asn1.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-ssl_asn1.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-ssl_asn1.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-ssl_asn1.o: ../include/openssl/des.h ../include/openssl/des_old.h
-ssl_asn1.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-ssl_asn1.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
-ssl_asn1.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
-ssl_asn1.o: ../include/openssl/evp.h ../include/openssl/idea.h
-ssl_asn1.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
-ssl_asn1.o: ../include/openssl/md2.h ../include/openssl/md4.h
-ssl_asn1.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-ssl_asn1.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-ssl_asn1.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-ssl_asn1.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-ssl_asn1.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-ssl_asn1.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-ssl_asn1.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
-ssl_asn1.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-ssl_asn1.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-ssl_asn1.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-ssl_asn1.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-ssl_asn1.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-ssl_asn1.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
-ssl_asn1.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_asn1.c
-ssl_asn1.o: ssl_locl.h
+ssl_asn1.o: ../crypto/cryptlib.h ../e_os.h ../include/openssl/aes.h
+ssl_asn1.o: ../include/openssl/asn1.h ../include/openssl/asn1_mac.h
+ssl_asn1.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+ssl_asn1.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+ssl_asn1.o: ../include/openssl/cast.h ../include/openssl/comp.h
+ssl_asn1.o: ../include/openssl/crypto.h ../include/openssl/des.h
+ssl_asn1.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+ssl_asn1.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+ssl_asn1.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h
+ssl_asn1.o: ../include/openssl/err.h ../include/openssl/evp.h
+ssl_asn1.o: ../include/openssl/idea.h ../include/openssl/kssl.h
+ssl_asn1.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+ssl_asn1.o: ../include/openssl/md4.h ../include/openssl/md5.h
+ssl_asn1.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+ssl_asn1.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+ssl_asn1.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+ssl_asn1.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+ssl_asn1.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+ssl_asn1.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+ssl_asn1.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+ssl_asn1.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+ssl_asn1.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+ssl_asn1.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+ssl_asn1.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+ssl_asn1.o: ../include/openssl/tls1.h ../include/openssl/ui.h
+ssl_asn1.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+ssl_asn1.o: ../include/openssl/x509_vfy.h ssl_asn1.c ssl_locl.h
 ssl_cert.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
 ssl_cert.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
 ssl_cert.o: ../include/openssl/bn.h ../include/openssl/buffer.h
@@ -842,33 +844,33 @@ ssl_rsa.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
 ssl_rsa.o: ../include/openssl/tls1.h ../include/openssl/ui.h
 ssl_rsa.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
 ssl_rsa.o: ../include/openssl/x509_vfy.h ssl_locl.h ssl_rsa.c
-ssl_sess.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
-ssl_sess.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
-ssl_sess.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-ssl_sess.o: ../include/openssl/cast.h ../include/openssl/comp.h
-ssl_sess.o: ../include/openssl/crypto.h ../include/openssl/des.h
-ssl_sess.o: ../include/openssl/des_old.h ../include/openssl/dh.h
-ssl_sess.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
-ssl_sess.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h
-ssl_sess.o: ../include/openssl/err.h ../include/openssl/evp.h
-ssl_sess.o: ../include/openssl/idea.h ../include/openssl/kssl.h
-ssl_sess.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-ssl_sess.o: ../include/openssl/md4.h ../include/openssl/md5.h
-ssl_sess.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-ssl_sess.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-ssl_sess.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-ssl_sess.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-ssl_sess.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
-ssl_sess.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-ssl_sess.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
-ssl_sess.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-ssl_sess.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-ssl_sess.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-ssl_sess.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-ssl_sess.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-ssl_sess.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
-ssl_sess.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
-ssl_sess.o: ssl_sess.c
+ssl_sess.o: ../crypto/cryptlib.h ../e_os.h ../include/openssl/aes.h
+ssl_sess.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+ssl_sess.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+ssl_sess.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+ssl_sess.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+ssl_sess.o: ../include/openssl/des.h ../include/openssl/des_old.h
+ssl_sess.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+ssl_sess.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+ssl_sess.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
+ssl_sess.o: ../include/openssl/evp.h ../include/openssl/idea.h
+ssl_sess.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+ssl_sess.o: ../include/openssl/md2.h ../include/openssl/md4.h
+ssl_sess.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+ssl_sess.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+ssl_sess.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+ssl_sess.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+ssl_sess.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+ssl_sess.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+ssl_sess.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+ssl_sess.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+ssl_sess.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+ssl_sess.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+ssl_sess.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+ssl_sess.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+ssl_sess.o: ../include/openssl/tls1.h ../include/openssl/ui.h
+ssl_sess.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+ssl_sess.o: ../include/openssl/x509_vfy.h ssl_locl.h ssl_sess.c
 ssl_stat.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
 ssl_stat.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
 ssl_stat.o: ../include/openssl/bn.h ../include/openssl/buffer.h

diff --git a/ssl/s2_clnt.c b/ssl/s2_clnt.c
index 4cb11841613ccac69cf8d539bfacaa9c7578f16b..26efe53856448be3b232768267775ce3443b3f17 100644 (file)
--- a/ssl/s2_clnt.c
+++ b/ssl/s2_clnt.c
@@ -116,6 +116,7 @@
 #include <openssl/buffer.h>
 #include <openssl/objects.h>
 #include <openssl/evp.h>
+#include "cryptlib.h"
 
 static SSL_METHOD *ssl2_get_client_method(int ver);
 static int get_server_finished(SSL *s);
@@ -535,6 +536,7 @@ static int get_server_hello(SSL *s)
                }
                
        s->s2->conn_id_length=s->s2->tmp.conn_id_length;
+       die(s->s2->conn_id_length <= sizeof s->s2->conn_id);
        memcpy(s->s2->conn_id,p,s->s2->tmp.conn_id_length);
        return(1);
        }
@@ -636,6 +638,7 @@ static int client_master_key(SSL *s)
                /* make key_arg data */
                i=EVP_CIPHER_iv_length(c);
                sess->key_arg_length=i;
+               die(i <= SSL_MAX_KEY_ARG_LENGTH);
                if (i > 0) RAND_pseudo_bytes(sess->key_arg,i);
 
                /* make a master key */
@@ -643,6 +646,7 @@ static int client_master_key(SSL *s)
                sess->master_key_length=i;
                if (i > 0)
                        {
+                       die(i <= sizeof sess->master_key);
                        if (RAND_bytes(sess->master_key,i) <= 0)
                                {
                                ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
@@ -686,6 +690,7 @@ static int client_master_key(SSL *s)
                d+=enc;
                karg=sess->key_arg_length;      
                s2n(karg,p); /* key arg size */
+               die(karg <= sizeof sess->key_arg);
                memcpy(d,sess->key_arg,(unsigned int)karg);
                d+=karg;
 
@@ -706,6 +711,7 @@ static int client_finished(SSL *s)
                {
                p=(unsigned char *)s->init_buf->data;
                *(p++)=SSL2_MT_CLIENT_FINISHED;
+               die(s->s2->conn_id_length <= sizeof s->s2->conn_id);
                memcpy(p,s->s2->conn_id,(unsigned int)s->s2->conn_id_length);
 
                s->state=SSL2_ST_SEND_CLIENT_FINISHED_B;
@@ -978,6 +984,8 @@ static int get_server_finished(SSL *s)
                {
                if (!(s->options & SSL_OP_MICROSOFT_SESS_ID_BUG))
                        {
+                       die(s->session->session_id_length
+                           <= sizeof s->session->session_id);
                        if (memcmp(buf,s->session->session_id,
                                (unsigned int)s->session->session_id_length) != 0)
                                {

diff --git a/ssl/s2_lib.c b/ssl/s2_lib.c
index 25823d46e546e4b845a61e0db5e9535e75cc80d2..9bf55268df548fa65081bf22b4225b33e8c4b620 100644 (file)
--- a/ssl/s2_lib.c
+++ b/ssl/s2_lib.c
@@ -63,6 +63,7 @@
 #include <openssl/objects.h>
 #include <openssl/evp.h>
 #include <openssl/md5.h>
+#include "cryptlib.h"
 
 static long ssl2_default_timeout(void );
 const char *ssl2_version_str="SSLv2" OPENSSL_VERSION_PTEXT;
@@ -428,10 +429,14 @@ void ssl2_generate_key_material(SSL *s)
 #endif
        EVP_MD_CTX_init(&ctx);
        km=s->s2->key_material;
+       die(s->s2->key_material_length <= sizeof s->s2->key_material);
        for (i=0; i<s->s2->key_material_length; i+=MD5_DIGEST_LENGTH)
                {
                EVP_DigestInit_ex(&ctx,EVP_md5(), NULL);
 
+               die(s->session->master_key_length >= 0
+                   && s->session->master_key_length
+                   < sizeof s->session->master_key);
                EVP_DigestUpdate(&ctx,s->session->master_key,s->session->master_key_length);
                EVP_DigestUpdate(&ctx,&c,1);
                c++;
@@ -467,6 +472,7 @@ void ssl2_write_error(SSL *s)
 /*     state=s->rwstate;*/
        error=s->error;
        s->error=0;
+       die(error >= 0 && error <= 3);
        i=ssl2_write(s,&(buf[3-error]),error);
 /*     if (i == error) s->rwstate=state; */
 

diff --git a/ssl/s2_srvr.c b/ssl/s2_srvr.c
index 56da65195e7e72b84c10a9d47141c55dbeede9ff..391287bfcd2b05b76747c170e48a0ee4d74cb5d2 100644 (file)
--- a/ssl/s2_srvr.c
+++ b/ssl/s2_srvr.c
@@ -116,6 +116,7 @@
 #include <openssl/rand.h>
 #include <openssl/objects.h>
 #include <openssl/evp.h>
+#include "cryptlib.h"
 
 static SSL_METHOD *ssl2_get_server_method(int ver);
 static int get_client_master_key(SSL *s);
@@ -417,11 +418,18 @@ static int get_client_master_key(SSL *s)
                n2s(p,i); s->s2->tmp.clear=i;
                n2s(p,i); s->s2->tmp.enc=i;
                n2s(p,i); s->session->key_arg_length=i;
+               if(s->session->key_arg_length > SSL_MAX_KEY_ARG_LENGTH)
+                       {
+                       SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,
+                                  SSL_R_KEY_ARG_TOO_LONG);
+                       return -1;
+                       }
                s->state=SSL2_ST_GET_CLIENT_MASTER_KEY_B;
                }
 
        /* SSL2_ST_GET_CLIENT_MASTER_KEY_B */
        p=(unsigned char *)s->init_buf->data;
+       die(s->init_buf->length >= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER);
        keya=s->session->key_arg_length;
        len = 10 + (unsigned long)s->s2->tmp.clear + (unsigned long)s->s2->tmp.enc + (unsigned long)keya;
        if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)
@@ -504,6 +512,7 @@ static int get_client_master_key(SSL *s)
 #endif
 
        if (is_export) i+=s->s2->tmp.clear;
+       die(i <= SSL_MAX_MASTER_KEY_LENGTH);
        s->session->master_key_length=i;
        memcpy(s->session->master_key,p,(unsigned int)i);
        return(1);
@@ -670,6 +679,7 @@ static int get_client_hello(SSL *s)
        p+=s->s2->tmp.session_id_length;
 
        /* challenge */
+       die(s->s2->challenge_length <= sizeof s->s2->challenge);
        memcpy(s->s2->challenge,p,(unsigned int)s->s2->challenge_length);
        return(1);
 mem_err:
@@ -826,6 +836,7 @@ static int get_client_finished(SSL *s)
                }
 
        /* SSL2_ST_GET_CLIENT_FINISHED_B */
+       die(s->s2->conn_id_length <= sizeof s->s2->conn_id);
        len = 1 + (unsigned long)s->s2->conn_id_length;
        n = (int)len - s->init_num;
        i = ssl2_read(s,(char *)&(p[s->init_num]),n);
@@ -853,6 +864,7 @@ static int server_verify(SSL *s)
                {
                p=(unsigned char *)s->init_buf->data;
                *(p++)=SSL2_MT_SERVER_VERIFY;
+               die(s->s2->challenge_length <= sizeof s->s2->challenge);
                memcpy(p,s->s2->challenge,(unsigned int)s->s2->challenge_length);
                /* p+=s->s2->challenge_length; */
 
@@ -872,6 +884,8 @@ static int server_finish(SSL *s)
                p=(unsigned char *)s->init_buf->data;
                *(p++)=SSL2_MT_SERVER_FINISHED;
 
+               die(s->session->session_id_length
+                   <= sizeof s->session->session_id);
                memcpy(p,s->session->session_id,
                        (unsigned int)s->session->session_id_length);
                /* p+=s->session->session_id_length; */

diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index bd9ce5db55a3d8a310736e679d1d48fc3987638c..2699b5863b60149ba66106c0c742a22ec1c0c370 100644 (file)
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -117,6 +117,7 @@
 #include <openssl/objects.h>
 #include <openssl/evp.h>
 #include <openssl/md5.h>
+#include "cryptlib.h"
 
 static SSL_METHOD *ssl3_get_client_method(int ver);
 static int ssl3_client_hello(SSL *s);
@@ -545,6 +546,7 @@ static int ssl3_client_hello(SSL *s)
                *(p++)=i;
                if (i != 0)
                        {
+                       die(i <= sizeof s->session->session_id);
                        memcpy(p,s->session->session_id,i);
                        p+=i;
                        }
@@ -626,6 +628,14 @@ static int ssl3_get_server_hello(SSL *s)
        /* get the session-id */
        j= *(p++);
 
+       if(j > sizeof s->session->session_id)
+               {
+               al=SSL_AD_ILLEGAL_PARAMETER;
+               SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
+                      SSL_R_SSL3_SESSION_ID_TOO_LONG);
+               goto f_err;
+               }
+
        if ((j != 0) && (j != SSL3_SESSION_ID_SIZE))
                {
                /* SSLref returns 16 :-( */
@@ -1588,6 +1598,7 @@ static int ssl3_send_client_key_exchange(SSL *s)
                                SSL_MAX_MASTER_KEY_LENGTH);
                        EVP_EncryptFinal_ex(&ciph_ctx,&(epms[outl]),&padl);
                        outl += padl;
+                       die(outl <= sizeof epms);
                        EVP_CIPHER_CTX_cleanup(&ciph_ctx);
 
                        /*  KerberosWrapper.EncryptedPreMasterSecret    */

diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index 270afb8166657611aeffdac7461bec0e8c3f2dce..782b57f57aaea0f9b9449305a49b66717a42a25b 100644 (file)
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -123,6 +123,7 @@
 #include <openssl/x509.h>
 #include <openssl/krb5_asn.h>
 #include <openssl/md5.h>
+#include "cryptlib.h"
 
 static SSL_METHOD *ssl3_get_server_method(int ver);
 static int ssl3_get_client_hello(SSL *s);
@@ -964,6 +965,7 @@ static int ssl3_send_server_hello(SSL *s)
                        s->session->session_id_length=0;
 
                sl=s->session->session_id_length;
+               die(sl <= sizeof s->session->session_id);
                *(p++)=sl;
                memcpy(p,s->session->session_id,sl);
                p+=sl;
@@ -1559,8 +1561,8 @@ static int ssl3_get_client_key_exchange(SSL *s)
                EVP_CIPHER              *enc = NULL;
                unsigned char           iv[EVP_MAX_IV_LENGTH];
                unsigned char           pms[SSL_MAX_MASTER_KEY_LENGTH
-                                               + EVP_MAX_IV_LENGTH + 1];
-               int                     padl, outl = sizeof(pms);
+                                               + EVP_MAX_BLOCK_LENGTH];
+               int                     padl, outl;
                krb5_timestamp          authtime = 0;
                krb5_ticket_times       ttimes;
 
@@ -1583,6 +1585,16 @@ static int ssl3_get_client_key_exchange(SSL *s)
                enc_pms.data = (char *)p;
                p+=enc_pms.length;
 
+               /* Note that the length is checked again below,
+               ** after decryption
+               */
+               if(enc.pms_length > sizeof pms)
+                       {
+                       SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+                              SSL_R_DATA_LENGTH_TOO_LONG);
+                       goto err;
+                       }
+
                if (n != enc_ticket.length + authenticator.length +
                                                enc_pms.length + 6)
                        {

diff --git a/ssl/ssl.h b/ssl/ssl.h
index 7947a56c64b840544d40732b7c4e3565ee22f6fb..d9949e8eb2740de6de0b4a82b9c3180b1e14f304 100644 (file)
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -1667,6 +1667,7 @@ void ERR_load_SSL_strings(void);
 #define SSL_R_INVALID_COMMAND                           280
 #define SSL_R_INVALID_PURPOSE                           278
 #define SSL_R_INVALID_TRUST                             279
+#define SSL_R_KEY_ARG_TOO_LONG                          1112
 #define SSL_R_KRB5                                      1104
 #define SSL_R_KRB5_C_CC_PRINC                           1094
 #define SSL_R_KRB5_C_GET_CRED                           1095
@@ -1746,6 +1747,7 @@ void ERR_load_SSL_strings(void);
 #define SSL_R_SHORT_READ                                219
 #define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE     220
 #define SSL_R_SSL23_DOING_SESSION_ID_REUSE              221
+#define SSL_R_SSL3_SESSION_ID_TOO_LONG                  1113
 #define SSL_R_SSL3_SESSION_ID_TOO_SHORT                         222
 #define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE               1042
 #define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC                1020

diff --git a/ssl/ssl_asn1.c b/ssl/ssl_asn1.c
index b1c2d1715325c552ec4a480d6e98ee221deb9410..1638c6b525b35a8c5f816a8d5f9c31202f162d53 100644 (file)
--- a/ssl/ssl_asn1.c
+++ b/ssl/ssl_asn1.c
@@ -62,6 +62,7 @@
 #include <openssl/asn1_mac.h>
 #include <openssl/objects.h>
 #include <openssl/x509.h>
+#include "cryptlib.h"
 
 typedef struct ssl_session_asn1_st
        {
@@ -296,6 +297,7 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, unsigned char **pp,
                os.length=i;
 
        ret->session_id_length=os.length;
+       die(os.length <= sizeof ret->session_id);
        memcpy(ret->session_id,os.data,os.length);
 
        M_ASN1_D2I_get(osp,d2i_ASN1_OCTET_STRING);

diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c
index c32c4ef6e97ac2824538f6f0aa608cb285be8314..0cad32c855dc7ee5cf27ab818ea401e750aa4413 100644 (file)
--- a/ssl/ssl_err.c
+++ b/ssl/ssl_err.c
@@ -1,6 +1,6 @@
 /* ssl/ssl_err.c */
 /* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2002 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -275,6 +275,7 @@ static ERR_STRING_DATA SSL_str_reasons[]=
 {SSL_R_INVALID_COMMAND                   ,"invalid command"},
 {SSL_R_INVALID_PURPOSE                   ,"invalid purpose"},
 {SSL_R_INVALID_TRUST                     ,"invalid trust"},
+{SSL_R_KEY_ARG_TOO_LONG                  ,"key arg too long"},
 {SSL_R_KRB5                              ,"krb5"},
 {SSL_R_KRB5_C_CC_PRINC                   ,"krb5 client cc principal (no tkt?)"},
 {SSL_R_KRB5_C_GET_CRED                   ,"krb5 client get cred"},
@@ -354,6 +355,7 @@ static ERR_STRING_DATA SSL_str_reasons[]=
 {SSL_R_SHORT_READ                        ,"short read"},
 {SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE,"signature for non signing certificate"},
 {SSL_R_SSL23_DOING_SESSION_ID_REUSE      ,"ssl23 doing session id reuse"},
+{SSL_R_SSL3_SESSION_ID_TOO_LONG          ,"ssl3 session id too long"},
 {SSL_R_SSL3_SESSION_ID_TOO_SHORT         ,"ssl3 session id too short"},
 {SSL_R_SSLV3_ALERT_BAD_CERTIFICATE       ,"sslv3 alert bad certificate"},
 {SSL_R_SSLV3_ALERT_BAD_RECORD_MAC        ,"sslv3 alert bad record mac"},

diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
index 6424f775e21f785c1222e27fc57e04acebe4b4fa..8bfc382bb65cc293cdf94062ac4d9ba007c64486 100644 (file)
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@@ -60,6 +60,7 @@
 #include <openssl/lhash.h>
 #include <openssl/rand.h>
 #include "ssl_locl.h"
+#include "cryptlib.h"
 
 static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s);
 static void SSL_SESSION_list_add(SSL_CTX *ctx,SSL_SESSION *s);
@@ -250,6 +251,7 @@ int ssl_get_new_session(SSL *s, int session)
                ss->session_id_length=0;
                }
 
+       die(s->sid_ctx_length <= sizeof ss->sid_ctx);
        memcpy(ss->sid_ctx,s->sid_ctx,s->sid_ctx_length);
        ss->sid_ctx_length=s->sid_ctx_length;
        s->session=ss;