Permalink
Browse files

get rid of OpenSSLDie

  • Loading branch information...
45264 committed Aug 2, 2002
1 parent 0e0ddc4 commit 517a0e7fa0f5453c860a3aec17b678bd55d5aad7
Showing with 137 additions and 54 deletions.
  1. +4 −1 CHANGES
  2. +0 −8 crypto/cryptlib.c
  3. +0 −4 crypto/cryptlib.h
  4. +32 −9 ssl/s2_clnt.c
  5. +2 −1 ssl/s2_enc.c
  6. +23 −9 ssl/s2_lib.c
  7. +43 −15 ssl/s2_srvr.c
  8. +5 −1 ssl/s3_clnt.c
  9. +5 −1 ssl/s3_srvr.c
  10. +6 −0 ssl/ssl.h
  11. +3 −2 ssl/ssl_asn1.c
  12. +6 −0 ssl/ssl_err.c
  13. +1 −1 ssl/ssl_locl.h
  14. +6 −1 ssl/ssl_sess.c
  15. +1 −1 util/mkerr.pl
View
@@ -4,7 +4,10 @@
Changes between 0.9.6e and 0.9.6f [XX xxx XXXX]
*)
*) Use proper error handling instead of 'assertions' in buffer
overflow checks added in 0.9.6e. This prevents DoS (the
assertions could call abort()).
[Arne Ansper <arne@ats.cyber.ee>, Bodo Moeller]
Changes between 0.9.6d and 0.9.6e [30 Jul 2002]
View
@@ -491,11 +491,3 @@ BOOL WINAPI DLLEntryPoint(HINSTANCE hinstDLL, DWORD fdwReason,
#endif
#endif
void OpenSSLDie(const char *file,int line,const char *assertion)
{
fprintf(stderr,"%s(%d): OpenSSL internal error, assertion failed: %s\n",
file,line,assertion);
abort();
}
View
@@ -93,10 +93,6 @@ extern "C" {
#define DECIMAL_SIZE(type) ((sizeof(type)*8+2)/3+1)
#define HEX_SIZE(type) ((sizeof(type)*2)
/* die if we have to */
void OpenSSLDie(const char *file,int line,const char *assertion);
#define die(e) ((e) ? (void)0 : OpenSSLDie(__FILE__, __LINE__, #e))
#ifdef __cplusplus
}
#endif
View
@@ -518,7 +518,12 @@ static int get_server_hello(SSL *s)
}
s->s2->conn_id_length=s->s2->tmp.conn_id_length;
die(s->s2->conn_id_length <= sizeof s->s2->conn_id);
if (s->s2->conn_id_length > sizeof s->s2->conn_id)
{
ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
SSLerr(SSL_F_GET_SERVER_HELLO, SSL_R_SSL2_CONNECTION_ID_TOO_LONG);
return -1;
}
memcpy(s->s2->conn_id,p,s->s2->tmp.conn_id_length);
return(1);
}
@@ -620,15 +625,25 @@ static int client_master_key(SSL *s)
/* make key_arg data */
i=EVP_CIPHER_iv_length(c);
sess->key_arg_length=i;
die(i <= SSL_MAX_KEY_ARG_LENGTH);
if (i > SSL_MAX_KEY_ARG_LENGTH)
{
ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
SSLerr(SSL_F_CLIENT_MASTER_KEY, SSL_R_INTERNAL_ERROR);
return -1;
}
if (i > 0) RAND_pseudo_bytes(sess->key_arg,i);
/* make a master key */
i=EVP_CIPHER_key_length(c);
sess->master_key_length=i;
if (i > 0)
{
die(i <= sizeof sess->master_key);
if (i > sizeof sess->master_key)
{
ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
SSLerr(SSL_F_CLIENT_MASTER_KEY, SSL_R_INTERNAL_ERROR);
return -1;
}
if (RAND_bytes(sess->master_key,i) <= 0)
{
ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
@@ -672,7 +687,12 @@ static int client_master_key(SSL *s)
d+=enc;
karg=sess->key_arg_length;
s2n(karg,p); /* key arg size */
die(karg <= sizeof sess->key_arg);
if (karg > sizeof sess->key_arg)
{
ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
SSLerr(SSL_F_CLIENT_MASTER_KEY, SSL_R_INTERNAL_ERROR);
return -1;
}
memcpy(d,sess->key_arg,(unsigned int)karg);
d+=karg;
@@ -693,7 +713,11 @@ static int client_finished(SSL *s)
{
p=(unsigned char *)s->init_buf->data;
*(p++)=SSL2_MT_CLIENT_FINISHED;
die(s->s2->conn_id_length <= sizeof s->s2->conn_id);
if (s->s2->conn_id_length > sizeof s->s2->conn_id)
{
SSLerr(SSL_F_CLIENT_FINISHED, SSL_R_INTERNAL_ERROR);
return -1;
}
memcpy(p,s->s2->conn_id,(unsigned int)s->s2->conn_id_length);
s->state=SSL2_ST_SEND_CLIENT_FINISHED_B;
@@ -950,10 +974,9 @@ static int get_server_finished(SSL *s)
{
if (!(s->options & SSL_OP_MICROSOFT_SESS_ID_BUG))
{
die(s->session->session_id_length
<= sizeof s->session->session_id);
if (memcmp(buf,s->session->session_id,
(unsigned int)s->session->session_id_length) != 0)
if ((s->session->session_id_length > sizeof s->session->session_id)
|| (0 != memcmp(buf, s->session->session_id,
(unsigned int)s->session->session_id_length)))
{
ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
SSLerr(SSL_F_GET_SERVER_FINISHED,SSL_R_SSL_SESSION_ID_IS_DIFFERENT);
View
@@ -96,7 +96,8 @@ int ssl2_enc_init(SSL *s, int client)
num=c->key_len;
s->s2->key_material_length=num*2;
ssl2_generate_key_material(s);
if (ssl2_generate_key_material(s) <= 0)
return 0;
EVP_EncryptInit(ws,c,&(s->s2->key_material[(client)?num:0]),
s->session->key_arg);
View
@@ -415,7 +415,7 @@ int ssl2_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
return(3);
}
void ssl2_generate_key_material(SSL *s)
int ssl2_generate_key_material(SSL *s)
{
unsigned int i;
MD5_CTX ctx;
@@ -428,14 +428,24 @@ void ssl2_generate_key_material(SSL *s)
#endif
km=s->s2->key_material;
die(s->s2->key_material_length <= sizeof s->s2->key_material);
if (s->session->master_key_length < 0 || s->session->master_key_length > sizeof s->session->master_key)
{
SSLerr(SSL_F_SSL2_GENERATE_KEY_MATERIAL, SSL_R_INTERNAL_ERROR);
return 0;
}
for (i=0; i<s->s2->key_material_length; i+=MD5_DIGEST_LENGTH)
{
if (((km - s->s2->key_material) + MD5_DIGEST_LENGTH) > sizeof s->s2->key_material)
{
/* MD5_Final() below would write beyond buffer */
SSLerr(SSL_F_SSL2_GENERATE_KEY_MATERIAL, SSL_R_INTERNAL_ERROR);
return 0;
}
MD5_Init(&ctx);
die(s->session->master_key_length >= 0
&& s->session->master_key_length
< sizeof s->session->master_key);
MD5_Update(&ctx,s->session->master_key,s->session->master_key_length);
MD5_Update(&ctx,&c,1);
c++;
@@ -444,6 +454,8 @@ void ssl2_generate_key_material(SSL *s)
MD5_Final(km,&ctx);
km+=MD5_DIGEST_LENGTH;
}
return 1;
}
void ssl2_return_error(SSL *s, int err)
@@ -468,18 +480,20 @@ void ssl2_write_error(SSL *s)
buf[2]=(s->error_code)&0xff;
/* state=s->rwstate;*/
error=s->error;
error=s->error; /* number of bytes left to write */
s->error=0;
die(error >= 0 && error <= 3);
if (error < 0 || error > sizeof buf) /* can't happen */
return;
i=ssl2_write(s,&(buf[3-error]),error);
/* if (i == error) s->rwstate=state; */
if (i < 0)
s->error=error;
else if (i != s->error)
s->error=error-i;
/* else
s->error=0; */
}
int ssl2_shutdown(SSL *s)
View
@@ -399,17 +399,15 @@ static int get_client_master_key(SSL *s)
SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_READ_WRONG_PACKET_TYPE);
}
else
SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,
SSL_R_PEER_ERROR);
SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_PEER_ERROR);
return(-1);
}
cp=ssl2_get_cipher_by_char(p);
if (cp == NULL)
{
ssl2_return_error(s,SSL2_PE_NO_CIPHER);
SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,
SSL_R_NO_CIPHER_MATCH);
SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_NO_CIPHER_MATCH);
return(-1);
}
s->session->cipher= cp;
@@ -420,20 +418,26 @@ static int get_client_master_key(SSL *s)
n2s(p,i); s->session->key_arg_length=i;
if(s->session->key_arg_length > SSL_MAX_KEY_ARG_LENGTH)
{
SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,
SSL_R_KEY_ARG_TOO_LONG);
ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_KEY_ARG_TOO_LONG);
return -1;
}
s->state=SSL2_ST_GET_CLIENT_MASTER_KEY_B;
}
/* SSL2_ST_GET_CLIENT_MASTER_KEY_B */
p=(unsigned char *)s->init_buf->data;
die(s->init_buf->length >= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER);
if (s->init_buf->length < SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)
{
ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_INTERNAL_ERROR);
return -1;
}
keya=s->session->key_arg_length;
len = 10 + (unsigned long)s->s2->tmp.clear + (unsigned long)s->s2->tmp.enc + (unsigned long)keya;
if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)
{
ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_MESSAGE_TOO_LONG);
return -1;
}
@@ -510,7 +514,13 @@ static int get_client_master_key(SSL *s)
#endif
if (is_export) i+=s->s2->tmp.clear;
die(i <= SSL_MAX_MASTER_KEY_LENGTH);
if (i > SSL_MAX_MASTER_KEY_LENGTH)
{
ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_INTERNAL_ERROR);
return -1;
}
s->session->master_key_length=i;
memcpy(s->session->master_key,p,(unsigned int)i);
return(1);
@@ -560,6 +570,7 @@ static int get_client_hello(SSL *s)
if ( (i < SSL2_MIN_CHALLENGE_LENGTH) ||
(i > SSL2_MAX_CHALLENGE_LENGTH))
{
ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
SSLerr(SSL_F_GET_CLIENT_HELLO,SSL_R_INVALID_CHALLENGE_LENGTH);
return(-1);
}
@@ -571,6 +582,7 @@ static int get_client_hello(SSL *s)
len = 9 + (unsigned long)s->s2->tmp.cipher_spec_length + (unsigned long)s->s2->challenge_length + (unsigned long)s->s2->tmp.session_id_length;
if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)
{
ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
SSLerr(SSL_F_GET_CLIENT_HELLO,SSL_R_MESSAGE_TOO_LONG);
return -1;
}
@@ -658,7 +670,12 @@ static int get_client_hello(SSL *s)
p+=s->s2->tmp.session_id_length;
/* challenge */
die(s->s2->challenge_length <= sizeof s->s2->challenge);
if (s->s2->challenge_length > sizeof s->s2->challenge)
{
ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
SSLerr(SSL_F_GET_CLIENT_HELLO, SSL_R_INTERNAL_ERROR);
return -1;
}
memcpy(s->s2->challenge,p,(unsigned int)s->s2->challenge_length);
return(1);
mem_err:
@@ -810,7 +827,12 @@ static int get_client_finished(SSL *s)
}
/* SSL2_ST_GET_CLIENT_FINISHED_B */
die(s->s2->conn_id_length <= sizeof s->s2->conn_id);
if (s->s2->conn_id_length > sizeof s->s2->conn_id)
{
ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
SSLerr(SSL_F_GET_CLIENT_FINISHED, SSL_R_INTERNAL_ERROR);
return -1;
}
len = 1 + (unsigned long)s->s2->conn_id_length;
n = (int)len - s->init_num;
i = ssl2_read(s,(char *)&(p[s->init_num]),n);
@@ -836,7 +858,11 @@ static int server_verify(SSL *s)
{
p=(unsigned char *)s->init_buf->data;
*(p++)=SSL2_MT_SERVER_VERIFY;
die(s->s2->challenge_length <= sizeof s->s2->challenge);
if (s->s2->challenge_length > sizeof s->s2->challenge)
{
SSLerr(SSL_F_SERVER_VERIFY, SSL_R_INTERNAL_ERROR);
return -1;
}
memcpy(p,s->s2->challenge,(unsigned int)s->s2->challenge_length);
/* p+=s->s2->challenge_length; */
@@ -856,10 +882,12 @@ static int server_finish(SSL *s)
p=(unsigned char *)s->init_buf->data;
*(p++)=SSL2_MT_SERVER_FINISHED;
die(s->session->session_id_length
<= sizeof s->session->session_id);
memcpy(p,s->session->session_id,
(unsigned int)s->session->session_id_length);
if (s->session->session_id_length > sizeof s->session->session_id)
{
SSLerr(SSL_F_SERVER_FINISH, SSL_R_INTERNAL_ERROR);
return -1;
}
memcpy(p,s->session->session_id, (unsigned int)s->session->session_id_length);
/* p+=s->session->session_id_length; */
s->state=SSL2_ST_SEND_SERVER_FINISHED_B;
View
@@ -546,7 +546,11 @@ static int ssl3_client_hello(SSL *s)
*(p++)=i;
if (i != 0)
{
die(i <= sizeof s->session->session_id);
if (i > sizeof s->session->session_id)
{
SSLerr(SSL_F_SSL3_CLIENT_HELLO, SSL_R_INTERNAL_ERROR);
goto err;
}
memcpy(p,s->session->session_id,i);
p+=i;
}
View
@@ -949,7 +949,11 @@ static int ssl3_send_server_hello(SSL *s)
s->session->session_id_length=0;
sl=s->session->session_id_length;
die(sl <= sizeof s->session->session_id);
if (sl > sizeof s->session->session_id)
{
SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO, SSL_R_INTERNAL_ERROR);
return -1;
}
*(p++)=sl;
memcpy(p,s->session->session_id,sl);
p+=sl;
Oops, something went wrong.

0 comments on commit 517a0e7

Please sign in to comment.