aboutsummaryrefslogtreecommitdiffstats
path: root/crypto
diff options
context:
space:
mode:
authorJacques Vidrine <nectar@FreeBSD.org>2002-08-10 01:46:10 +0000
committerJacques Vidrine <nectar@FreeBSD.org>2002-08-10 01:46:10 +0000
commit484549566e495cb042684cec327d66f24e6fec1d (patch)
tree3c9559c80a7fe01c85e2dfbadcb9f84770a7e8e6 /crypto
parent9e6c5d1742cb27b1af95f09cda6cf8b330590e03 (diff)
downloadsrc-484549566e495cb042684cec327d66f24e6fec1d.tar.gz
src-484549566e495cb042684cec327d66f24e6fec1d.zip
Import of OpenSSL 0.9.6f.
Notes
Notes: svn path=/vendor-crypto/openssl/dist/; revision=101615
Diffstat (limited to 'crypto')
-rw-r--r--crypto/openssl/ssl/s2_clnt.c41
-rw-r--r--crypto/openssl/ssl/s2_enc.c3
-rw-r--r--crypto/openssl/ssl/s2_lib.c32
-rw-r--r--crypto/openssl/ssl/s2_srvr.c58
-rw-r--r--crypto/openssl/ssl/s3_clnt.c6
-rw-r--r--crypto/openssl/ssl/s3_srvr.c6
-rw-r--r--crypto/openssl/ssl/ssl.h6
-rw-r--r--crypto/openssl/ssl/ssl_asn1.c5
-rw-r--r--crypto/openssl/ssl/ssl_err.c6
-rw-r--r--crypto/openssl/ssl/ssl_locl.h2
-rw-r--r--crypto/openssl/ssl/ssl_sess.c7
-rw-r--r--crypto/openssl/tools/c_rehash2
-rw-r--r--crypto/openssl/util/mkerr.pl2
13 files changed, 134 insertions, 42 deletions
diff --git a/crypto/openssl/ssl/s2_clnt.c b/crypto/openssl/ssl/s2_clnt.c
index 2a6837dcd5bd..236b394db7ee 100644
--- a/crypto/openssl/ssl/s2_clnt.c
+++ b/crypto/openssl/ssl/s2_clnt.c
@@ -518,7 +518,12 @@ static int get_server_hello(SSL *s)
}
s->s2->conn_id_length=s->s2->tmp.conn_id_length;
- die(s->s2->conn_id_length <= sizeof s->s2->conn_id);
+ if (s->s2->conn_id_length > sizeof s->s2->conn_id)
+ {
+ ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
+ SSLerr(SSL_F_GET_SERVER_HELLO, SSL_R_SSL2_CONNECTION_ID_TOO_LONG);
+ return -1;
+ }
memcpy(s->s2->conn_id,p,s->s2->tmp.conn_id_length);
return(1);
}
@@ -620,7 +625,12 @@ static int client_master_key(SSL *s)
/* make key_arg data */
i=EVP_CIPHER_iv_length(c);
sess->key_arg_length=i;
- die(i <= SSL_MAX_KEY_ARG_LENGTH);
+ if (i > SSL_MAX_KEY_ARG_LENGTH)
+ {
+ ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
+ SSLerr(SSL_F_CLIENT_MASTER_KEY, SSL_R_INTERNAL_ERROR);
+ return -1;
+ }
if (i > 0) RAND_pseudo_bytes(sess->key_arg,i);
/* make a master key */
@@ -628,7 +638,12 @@ static int client_master_key(SSL *s)
sess->master_key_length=i;
if (i > 0)
{
- die(i <= sizeof sess->master_key);
+ if (i > sizeof sess->master_key)
+ {
+ ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
+ SSLerr(SSL_F_CLIENT_MASTER_KEY, SSL_R_INTERNAL_ERROR);
+ return -1;
+ }
if (RAND_bytes(sess->master_key,i) <= 0)
{
ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
@@ -672,7 +687,12 @@ static int client_master_key(SSL *s)
d+=enc;
karg=sess->key_arg_length;
s2n(karg,p); /* key arg size */
- die(karg <= sizeof sess->key_arg);
+ if (karg > sizeof sess->key_arg)
+ {
+ ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
+ SSLerr(SSL_F_CLIENT_MASTER_KEY, SSL_R_INTERNAL_ERROR);
+ return -1;
+ }
memcpy(d,sess->key_arg,(unsigned int)karg);
d+=karg;
@@ -693,7 +713,11 @@ static int client_finished(SSL *s)
{
p=(unsigned char *)s->init_buf->data;
*(p++)=SSL2_MT_CLIENT_FINISHED;
- die(s->s2->conn_id_length <= sizeof s->s2->conn_id);
+ if (s->s2->conn_id_length > sizeof s->s2->conn_id)
+ {
+ SSLerr(SSL_F_CLIENT_FINISHED, SSL_R_INTERNAL_ERROR);
+ return -1;
+ }
memcpy(p,s->s2->conn_id,(unsigned int)s->s2->conn_id_length);
s->state=SSL2_ST_SEND_CLIENT_FINISHED_B;
@@ -950,10 +974,9 @@ static int get_server_finished(SSL *s)
{
if (!(s->options & SSL_OP_MICROSOFT_SESS_ID_BUG))
{
- die(s->session->session_id_length
- <= sizeof s->session->session_id);
- if (memcmp(buf,s->session->session_id,
- (unsigned int)s->session->session_id_length) != 0)
+ if ((s->session->session_id_length > sizeof s->session->session_id)
+ || (0 != memcmp(buf, s->session->session_id,
+ (unsigned int)s->session->session_id_length)))
{
ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
SSLerr(SSL_F_GET_SERVER_FINISHED,SSL_R_SSL_SESSION_ID_IS_DIFFERENT);
diff --git a/crypto/openssl/ssl/s2_enc.c b/crypto/openssl/ssl/s2_enc.c
index fa2ab8dc4be7..8e5975cdc82f 100644
--- a/crypto/openssl/ssl/s2_enc.c
+++ b/crypto/openssl/ssl/s2_enc.c
@@ -96,7 +96,8 @@ int ssl2_enc_init(SSL *s, int client)
num=c->key_len;
s->s2->key_material_length=num*2;
- ssl2_generate_key_material(s);
+ if (ssl2_generate_key_material(s) <= 0)
+ return 0;
EVP_EncryptInit(ws,c,&(s->s2->key_material[(client)?num:0]),
s->session->key_arg);
diff --git a/crypto/openssl/ssl/s2_lib.c b/crypto/openssl/ssl/s2_lib.c
index 26a85c2f17a9..01d1e97d6008 100644
--- a/crypto/openssl/ssl/s2_lib.c
+++ b/crypto/openssl/ssl/s2_lib.c
@@ -415,7 +415,7 @@ int ssl2_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
return(3);
}
-void ssl2_generate_key_material(SSL *s)
+int ssl2_generate_key_material(SSL *s)
{
unsigned int i;
MD5_CTX ctx;
@@ -428,14 +428,24 @@ void ssl2_generate_key_material(SSL *s)
#endif
km=s->s2->key_material;
- die(s->s2->key_material_length <= sizeof s->s2->key_material);
+
+ if (s->session->master_key_length < 0 || s->session->master_key_length > sizeof s->session->master_key)
+ {
+ SSLerr(SSL_F_SSL2_GENERATE_KEY_MATERIAL, SSL_R_INTERNAL_ERROR);
+ return 0;
+ }
+
for (i=0; i<s->s2->key_material_length; i+=MD5_DIGEST_LENGTH)
{
+ if (((km - s->s2->key_material) + MD5_DIGEST_LENGTH) > sizeof s->s2->key_material)
+ {
+ /* MD5_Final() below would write beyond buffer */
+ SSLerr(SSL_F_SSL2_GENERATE_KEY_MATERIAL, SSL_R_INTERNAL_ERROR);
+ return 0;
+ }
+
MD5_Init(&ctx);
- die(s->session->master_key_length >= 0
- && s->session->master_key_length
- < sizeof s->session->master_key);
MD5_Update(&ctx,s->session->master_key,s->session->master_key_length);
MD5_Update(&ctx,&c,1);
c++;
@@ -444,6 +454,8 @@ void ssl2_generate_key_material(SSL *s)
MD5_Final(km,&ctx);
km+=MD5_DIGEST_LENGTH;
}
+
+ return 1;
}
void ssl2_return_error(SSL *s, int err)
@@ -468,18 +480,20 @@ void ssl2_write_error(SSL *s)
buf[2]=(s->error_code)&0xff;
/* state=s->rwstate;*/
- error=s->error;
+
+ error=s->error; /* number of bytes left to write */
s->error=0;
- die(error >= 0 && error <= 3);
+ if (error < 0 || error > sizeof buf) /* can't happen */
+ return;
+
i=ssl2_write(s,&(buf[3-error]),error);
+
/* if (i == error) s->rwstate=state; */
if (i < 0)
s->error=error;
else if (i != s->error)
s->error=error-i;
- /* else
- s->error=0; */
}
int ssl2_shutdown(SSL *s)
diff --git a/crypto/openssl/ssl/s2_srvr.c b/crypto/openssl/ssl/s2_srvr.c
index 96149518ad87..d736f6807b2f 100644
--- a/crypto/openssl/ssl/s2_srvr.c
+++ b/crypto/openssl/ssl/s2_srvr.c
@@ -399,8 +399,7 @@ static int get_client_master_key(SSL *s)
SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_READ_WRONG_PACKET_TYPE);
}
else
- SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,
- SSL_R_PEER_ERROR);
+ SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_PEER_ERROR);
return(-1);
}
@@ -408,8 +407,7 @@ static int get_client_master_key(SSL *s)
if (cp == NULL)
{
ssl2_return_error(s,SSL2_PE_NO_CIPHER);
- SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,
- SSL_R_NO_CIPHER_MATCH);
+ SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_NO_CIPHER_MATCH);
return(-1);
}
s->session->cipher= cp;
@@ -420,8 +418,8 @@ static int get_client_master_key(SSL *s)
n2s(p,i); s->session->key_arg_length=i;
if(s->session->key_arg_length > SSL_MAX_KEY_ARG_LENGTH)
{
- SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,
- SSL_R_KEY_ARG_TOO_LONG);
+ ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
+ SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_KEY_ARG_TOO_LONG);
return -1;
}
s->state=SSL2_ST_GET_CLIENT_MASTER_KEY_B;
@@ -429,11 +427,17 @@ static int get_client_master_key(SSL *s)
/* SSL2_ST_GET_CLIENT_MASTER_KEY_B */
p=(unsigned char *)s->init_buf->data;
- die(s->init_buf->length >= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER);
+ if (s->init_buf->length < SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)
+ {
+ ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
+ SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_INTERNAL_ERROR);
+ return -1;
+ }
keya=s->session->key_arg_length;
len = 10 + (unsigned long)s->s2->tmp.clear + (unsigned long)s->s2->tmp.enc + (unsigned long)keya;
if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)
{
+ ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_MESSAGE_TOO_LONG);
return -1;
}
@@ -510,7 +514,13 @@ static int get_client_master_key(SSL *s)
#endif
if (is_export) i+=s->s2->tmp.clear;
- die(i <= SSL_MAX_MASTER_KEY_LENGTH);
+
+ if (i > SSL_MAX_MASTER_KEY_LENGTH)
+ {
+ ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
+ SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_INTERNAL_ERROR);
+ return -1;
+ }
s->session->master_key_length=i;
memcpy(s->session->master_key,p,(unsigned int)i);
return(1);
@@ -560,6 +570,7 @@ static int get_client_hello(SSL *s)
if ( (i < SSL2_MIN_CHALLENGE_LENGTH) ||
(i > SSL2_MAX_CHALLENGE_LENGTH))
{
+ ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
SSLerr(SSL_F_GET_CLIENT_HELLO,SSL_R_INVALID_CHALLENGE_LENGTH);
return(-1);
}
@@ -571,6 +582,7 @@ static int get_client_hello(SSL *s)
len = 9 + (unsigned long)s->s2->tmp.cipher_spec_length + (unsigned long)s->s2->challenge_length + (unsigned long)s->s2->tmp.session_id_length;
if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)
{
+ ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
SSLerr(SSL_F_GET_CLIENT_HELLO,SSL_R_MESSAGE_TOO_LONG);
return -1;
}
@@ -658,7 +670,12 @@ static int get_client_hello(SSL *s)
p+=s->s2->tmp.session_id_length;
/* challenge */
- die(s->s2->challenge_length <= sizeof s->s2->challenge);
+ if (s->s2->challenge_length > sizeof s->s2->challenge)
+ {
+ ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
+ SSLerr(SSL_F_GET_CLIENT_HELLO, SSL_R_INTERNAL_ERROR);
+ return -1;
+ }
memcpy(s->s2->challenge,p,(unsigned int)s->s2->challenge_length);
return(1);
mem_err:
@@ -810,7 +827,12 @@ static int get_client_finished(SSL *s)
}
/* SSL2_ST_GET_CLIENT_FINISHED_B */
- die(s->s2->conn_id_length <= sizeof s->s2->conn_id);
+ if (s->s2->conn_id_length > sizeof s->s2->conn_id)
+ {
+ ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
+ SSLerr(SSL_F_GET_CLIENT_FINISHED, SSL_R_INTERNAL_ERROR);
+ return -1;
+ }
len = 1 + (unsigned long)s->s2->conn_id_length;
n = (int)len - s->init_num;
i = ssl2_read(s,(char *)&(p[s->init_num]),n);
@@ -836,7 +858,11 @@ static int server_verify(SSL *s)
{
p=(unsigned char *)s->init_buf->data;
*(p++)=SSL2_MT_SERVER_VERIFY;
- die(s->s2->challenge_length <= sizeof s->s2->challenge);
+ if (s->s2->challenge_length > sizeof s->s2->challenge)
+ {
+ SSLerr(SSL_F_SERVER_VERIFY, SSL_R_INTERNAL_ERROR);
+ return -1;
+ }
memcpy(p,s->s2->challenge,(unsigned int)s->s2->challenge_length);
/* p+=s->s2->challenge_length; */
@@ -856,10 +882,12 @@ static int server_finish(SSL *s)
p=(unsigned char *)s->init_buf->data;
*(p++)=SSL2_MT_SERVER_FINISHED;
- die(s->session->session_id_length
- <= sizeof s->session->session_id);
- memcpy(p,s->session->session_id,
- (unsigned int)s->session->session_id_length);
+ if (s->session->session_id_length > sizeof s->session->session_id)
+ {
+ SSLerr(SSL_F_SERVER_FINISH, SSL_R_INTERNAL_ERROR);
+ return -1;
+ }
+ memcpy(p,s->session->session_id, (unsigned int)s->session->session_id_length);
/* p+=s->session->session_id_length; */
s->state=SSL2_ST_SEND_SERVER_FINISHED_B;
diff --git a/crypto/openssl/ssl/s3_clnt.c b/crypto/openssl/ssl/s3_clnt.c
index b921d9a43d0e..32b9cea1cabf 100644
--- a/crypto/openssl/ssl/s3_clnt.c
+++ b/crypto/openssl/ssl/s3_clnt.c
@@ -546,7 +546,11 @@ static int ssl3_client_hello(SSL *s)
*(p++)=i;
if (i != 0)
{
- die(i <= sizeof s->session->session_id);
+ if (i > sizeof s->session->session_id)
+ {
+ SSLerr(SSL_F_SSL3_CLIENT_HELLO, SSL_R_INTERNAL_ERROR);
+ goto err;
+ }
memcpy(p,s->session->session_id,i);
p+=i;
}
diff --git a/crypto/openssl/ssl/s3_srvr.c b/crypto/openssl/ssl/s3_srvr.c
index d211fd48cb40..fe1e6890142b 100644
--- a/crypto/openssl/ssl/s3_srvr.c
+++ b/crypto/openssl/ssl/s3_srvr.c
@@ -949,7 +949,11 @@ static int ssl3_send_server_hello(SSL *s)
s->session->session_id_length=0;
sl=s->session->session_id_length;
- die(sl <= sizeof s->session->session_id);
+ if (sl > sizeof s->session->session_id)
+ {
+ SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO, SSL_R_INTERNAL_ERROR);
+ return -1;
+ }
*(p++)=sl;
memcpy(p,s->session->session_id,sl);
p+=sl;
diff --git a/crypto/openssl/ssl/ssl.h b/crypto/openssl/ssl/ssl.h
index e0c0be727ae1..3eecead605c9 100644
--- a/crypto/openssl/ssl/ssl.h
+++ b/crypto/openssl/ssl/ssl.h
@@ -1285,6 +1285,7 @@ void ERR_load_SSL_strings(void);
/* Function codes. */
#define SSL_F_CLIENT_CERTIFICATE 100
+#define SSL_F_CLIENT_FINISHED 238
#define SSL_F_CLIENT_HELLO 101
#define SSL_F_CLIENT_MASTER_KEY 102
#define SSL_F_D2I_SSL_SESSION 103
@@ -1298,7 +1299,9 @@ void ERR_load_SSL_strings(void);
#define SSL_F_I2D_SSL_SESSION 111
#define SSL_F_READ_N 112
#define SSL_F_REQUEST_CERTIFICATE 113
+#define SSL_F_SERVER_FINISH 239
#define SSL_F_SERVER_HELLO 114
+#define SSL_F_SERVER_VERIFY 240
#define SSL_F_SSL23_ACCEPT 115
#define SSL_F_SSL23_CLIENT_HELLO 116
#define SSL_F_SSL23_CONNECT 117
@@ -1310,6 +1313,7 @@ void ERR_load_SSL_strings(void);
#define SSL_F_SSL2_ACCEPT 122
#define SSL_F_SSL2_CONNECT 123
#define SSL_F_SSL2_ENC_INIT 124
+#define SSL_F_SSL2_GENERATE_KEY_MATERIAL 241
#define SSL_F_SSL2_PEEK 234
#define SSL_F_SSL2_READ 125
#define SSL_F_SSL2_READ_INTERNAL 236
@@ -1345,6 +1349,7 @@ void ERR_load_SSL_strings(void);
#define SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE 152
#define SSL_F_SSL3_SEND_CLIENT_VERIFY 153
#define SSL_F_SSL3_SEND_SERVER_CERTIFICATE 154
+#define SSL_F_SSL3_SEND_SERVER_HELLO 242
#define SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE 155
#define SSL_F_SSL3_SETUP_BUFFERS 156
#define SSL_F_SSL3_SETUP_KEY_BLOCK 157
@@ -1559,6 +1564,7 @@ void ERR_load_SSL_strings(void);
#define SSL_R_SHORT_READ 219
#define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 220
#define SSL_R_SSL23_DOING_SESSION_ID_REUSE 221
+#define SSL_R_SSL2_CONNECTION_ID_TOO_LONG 1114
#define SSL_R_SSL3_SESSION_ID_TOO_LONG 1113
#define SSL_R_SSL3_SESSION_ID_TOO_SHORT 222
#define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042
diff --git a/crypto/openssl/ssl/ssl_asn1.c b/crypto/openssl/ssl/ssl_asn1.c
index 3de1dbc42e79..00f9fda357ae 100644
--- a/crypto/openssl/ssl/ssl_asn1.c
+++ b/crypto/openssl/ssl/ssl_asn1.c
@@ -273,10 +273,11 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, unsigned char **pp,
i=SSL2_MAX_SSL_SESSION_ID_LENGTH;
if (os.length > i)
- os.length=i;
+ os.length = i;
+ if (os.length > sizeof ret->session_id) /* can't happen */
+ os.length = sizeof ret->session_id;
ret->session_id_length=os.length;
- die(os.length <= sizeof ret->session_id);
memcpy(ret->session_id,os.data,os.length);
M_ASN1_D2I_get(osp,d2i_ASN1_OCTET_STRING);
diff --git a/crypto/openssl/ssl/ssl_err.c b/crypto/openssl/ssl/ssl_err.c
index b1b7c22e6b86..b77b35feefd1 100644
--- a/crypto/openssl/ssl/ssl_err.c
+++ b/crypto/openssl/ssl/ssl_err.c
@@ -67,6 +67,7 @@
static ERR_STRING_DATA SSL_str_functs[]=
{
{ERR_PACK(0,SSL_F_CLIENT_CERTIFICATE,0), "CLIENT_CERTIFICATE"},
+{ERR_PACK(0,SSL_F_CLIENT_FINISHED,0), "CLIENT_FINISHED"},
{ERR_PACK(0,SSL_F_CLIENT_HELLO,0), "CLIENT_HELLO"},
{ERR_PACK(0,SSL_F_CLIENT_MASTER_KEY,0), "CLIENT_MASTER_KEY"},
{ERR_PACK(0,SSL_F_D2I_SSL_SESSION,0), "d2i_SSL_SESSION"},
@@ -80,7 +81,9 @@ static ERR_STRING_DATA SSL_str_functs[]=
{ERR_PACK(0,SSL_F_I2D_SSL_SESSION,0), "i2d_SSL_SESSION"},
{ERR_PACK(0,SSL_F_READ_N,0), "READ_N"},
{ERR_PACK(0,SSL_F_REQUEST_CERTIFICATE,0), "REQUEST_CERTIFICATE"},
+{ERR_PACK(0,SSL_F_SERVER_FINISH,0), "SERVER_FINISH"},
{ERR_PACK(0,SSL_F_SERVER_HELLO,0), "SERVER_HELLO"},
+{ERR_PACK(0,SSL_F_SERVER_VERIFY,0), "SERVER_VERIFY"},
{ERR_PACK(0,SSL_F_SSL23_ACCEPT,0), "SSL23_ACCEPT"},
{ERR_PACK(0,SSL_F_SSL23_CLIENT_HELLO,0), "SSL23_CLIENT_HELLO"},
{ERR_PACK(0,SSL_F_SSL23_CONNECT,0), "SSL23_CONNECT"},
@@ -92,6 +95,7 @@ static ERR_STRING_DATA SSL_str_functs[]=
{ERR_PACK(0,SSL_F_SSL2_ACCEPT,0), "SSL2_ACCEPT"},
{ERR_PACK(0,SSL_F_SSL2_CONNECT,0), "SSL2_CONNECT"},
{ERR_PACK(0,SSL_F_SSL2_ENC_INIT,0), "SSL2_ENC_INIT"},
+{ERR_PACK(0,SSL_F_SSL2_GENERATE_KEY_MATERIAL,0), "SSL2_GENERATE_KEY_MATERIAL"},
{ERR_PACK(0,SSL_F_SSL2_PEEK,0), "SSL2_PEEK"},
{ERR_PACK(0,SSL_F_SSL2_READ,0), "SSL2_READ"},
{ERR_PACK(0,SSL_F_SSL2_READ_INTERNAL,0), "SSL2_READ_INTERNAL"},
@@ -127,6 +131,7 @@ static ERR_STRING_DATA SSL_str_functs[]=
{ERR_PACK(0,SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,0), "SSL3_SEND_CLIENT_KEY_EXCHANGE"},
{ERR_PACK(0,SSL_F_SSL3_SEND_CLIENT_VERIFY,0), "SSL3_SEND_CLIENT_VERIFY"},
{ERR_PACK(0,SSL_F_SSL3_SEND_SERVER_CERTIFICATE,0), "SSL3_SEND_SERVER_CERTIFICATE"},
+{ERR_PACK(0,SSL_F_SSL3_SEND_SERVER_HELLO,0), "SSL3_SEND_SERVER_HELLO"},
{ERR_PACK(0,SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,0), "SSL3_SEND_SERVER_KEY_EXCHANGE"},
{ERR_PACK(0,SSL_F_SSL3_SETUP_BUFFERS,0), "SSL3_SETUP_BUFFERS"},
{ERR_PACK(0,SSL_F_SSL3_SETUP_KEY_BLOCK,0), "SSL3_SETUP_KEY_BLOCK"},
@@ -344,6 +349,7 @@ static ERR_STRING_DATA SSL_str_reasons[]=
{SSL_R_SHORT_READ ,"short read"},
{SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE,"signature for non signing certificate"},
{SSL_R_SSL23_DOING_SESSION_ID_REUSE ,"ssl23 doing session id reuse"},
+{SSL_R_SSL2_CONNECTION_ID_TOO_LONG ,"ssl2 connection id too long"},
{SSL_R_SSL3_SESSION_ID_TOO_LONG ,"ssl3 session id too long"},
{SSL_R_SSL3_SESSION_ID_TOO_SHORT ,"ssl3 session id too short"},
{SSL_R_SSLV3_ALERT_BAD_CERTIFICATE ,"sslv3 alert bad certificate"},
diff --git a/crypto/openssl/ssl/ssl_locl.h b/crypto/openssl/ssl/ssl_locl.h
index 9297cd2dc34a..d15b33048eaf 100644
--- a/crypto/openssl/ssl/ssl_locl.h
+++ b/crypto/openssl/ssl/ssl_locl.h
@@ -500,7 +500,7 @@ STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s);
int ssl_verify_alarm_type(long type);
int ssl2_enc_init(SSL *s, int client);
-void ssl2_generate_key_material(SSL *s);
+int ssl2_generate_key_material(SSL *s);
void ssl2_enc(SSL *s,int send_data);
void ssl2_mac(SSL *s,unsigned char *mac,int send_data);
SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p);
diff --git a/crypto/openssl/ssl/ssl_sess.c b/crypto/openssl/ssl/ssl_sess.c
index 87cd8a9b86c0..2f2d5bc27f7c 100644
--- a/crypto/openssl/ssl/ssl_sess.c
+++ b/crypto/openssl/ssl/ssl_sess.c
@@ -200,7 +200,12 @@ int ssl_get_new_session(SSL *s, int session)
ss->session_id_length=0;
}
- die(s->sid_ctx_length <= sizeof ss->sid_ctx);
+ if (s->sid_ctx_length > sizeof ss->sid_ctx)
+ {
+ SSLerr(SSL_F_SSL_GET_NEW_SESSION, SSL_R_INTERNAL_ERROR);
+ SSL_SESSION_free(ss);
+ return 0;
+ }
memcpy(ss->sid_ctx,s->sid_ctx,s->sid_ctx_length);
ss->sid_ctx_length=s->sid_ctx_length;
s->session=ss;
diff --git a/crypto/openssl/tools/c_rehash b/crypto/openssl/tools/c_rehash
index 5f3bd4c7d98b..049bb3f1ae6b 100644
--- a/crypto/openssl/tools/c_rehash
+++ b/crypto/openssl/tools/c_rehash
@@ -1,4 +1,4 @@
-#!/usr/local/bin/perl5
+#!/usr/local/bin/perl
# Perl c_rehash script, scan all files in a directory
diff --git a/crypto/openssl/util/mkerr.pl b/crypto/openssl/util/mkerr.pl
index f833bfe87a1a..449aa57bbaf0 100644
--- a/crypto/openssl/util/mkerr.pl
+++ b/crypto/openssl/util/mkerr.pl
@@ -320,7 +320,7 @@ EOF
print OUT <<"EOF";
/* $cfile */
/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions