[prev in list] [next in list] [prev in thread] [next in thread]
List: openssl-cvs
Subject: cvs commit: openssl/ssl Makefile.ssl s2_clnt.c s2_lib.c s2_srvr.c s3_clnt.c s3_srvr.c ssl.h ssl_asn1
From: jaenicke () openssl ! org
Date: 2002-07-30 13:05:00
[Download RAW message or body]
jaenicke 30-Jul-2002 15:04:56
Modified: . CHANGES
crypto cryptlib.c cryptlib.h
crypto/asn1 asn1_lib.c
crypto/conf Makefile.ssl conf_def.c conf_mod.c
crypto/engine hw_cswift.c
crypto/objects obj_dat.c
ssl Makefile.ssl s2_clnt.c s2_lib.c s2_srvr.c s3_clnt.c
s3_srvr.c ssl.h ssl_asn1.c ssl_err.c ssl_sess.c
Log:
OpenSSL Security Advisory [30 July 2002]
Changes marked "(CHATS)" were sponsored by the Defense Advanced
Research Projects Agency (DARPA) and Air Force Research Laboratory,
Air Force Materiel Command, USAF, under agreement number
F30602-01-2-0537.
Revision Changes Path
1.1037 +41 -1 openssl/CHANGES
Index: CHANGES
===================================================================
RCS file: /e/openssl/cvs/openssl/CHANGES,v
retrieving revision 1.1036
retrieving revision 1.1037
diff -u -r1.1036 -r1.1037
--- CHANGES 2002/07/23 13:45:38 1.1036
+++ CHANGES 2002/07/30 13:01:39 1.1037
@@ -1764,8 +1764,14 @@
*) Clean old EAY MD5 hack from e_os.h.
[Richard Levitte]
- Changes between 0.9.6d and 0.9.6e [XX xxx XXXX]
+ Changes between 0.9.6d and 0.9.6e [30 Jul 2002]
+ *) Add various sanity checks to asn1_get_length() to reject
+ the ASN1 length bytes if they exceed sizeof(long), will appear
+ negative or the content length exceeds the length of the
+ supplied buffer.
+ [Steve Henson, Adi Stav <stav@mercury.co.il>, James Yonan <jim@ntlp.com>]
+
*) Fix cipher selection routines: ciphers without encryption had no flags
for the cipher strength set and where therefore not handled correctly
by the selection routines (PR #130).
@@ -1786,6 +1792,40 @@
's_server'), so the new option is automatically set in many
applications.
[Bodo Moeller]
+
+ *) Changes in security patch:
+
+ Changes marked "(CHATS)" were sponsored by the Defense Advanced
+ Research Projects Agency (DARPA) and Air Force Research Laboratory,
+ Air Force Materiel Command, USAF, under agreement number
+ F30602-01-2-0537.
+
+ *) Add various sanity checks to asn1_get_length() to reject
+ the ASN1 length bytes if they exceed sizeof(long), will appear
+ negative or the content length exceeds the length of the
+ supplied buffer. (CAN-2002-0659)
+ [Steve Henson, Adi Stav <stav@mercury.co.il>, James Yonan <jim@ntlp.com>]
+
+ *) Assertions for various potential buffer overflows, not known to
+ happen in practice.
+ [Ben Laurie (CHATS)]
+
+ *) Various temporary buffers to hold ASCII versions of integers were
+ too small for 64 bit platforms. (CAN-2002-0655)
+ [Matthew Byng-Maddick <mbm@aldigital.co.uk> and Ben Laurie (CHATS)>
+
+ *) Remote buffer overflow in SSL3 protocol - an attacker could
+ supply an oversized master key in Kerberos-enabled versions.
+ (CAN-2002-0657)
+ [Ben Laurie (CHATS)]
+
+ *) Remote buffer overflow in SSL3 protocol - an attacker could
+ supply an oversized session ID to a client. (CAN-2002-0656)
+ [Ben Laurie (CHATS)]
+
+ *) Remote buffer overflow in SSL2 protocol - an attacker could
+ supply an oversized client master key. (CAN-2002-0656)
+ [Ben Laurie (CHATS)]
Changes between 0.9.6c and 0.9.6d [9 May 2002]
1.34 +8 -0 openssl/crypto/cryptlib.c
1.11 +8 -0 openssl/crypto/cryptlib.h
Index: cryptlib.c
===================================================================
RCS file: /e/openssl/cvs/openssl/crypto/cryptlib.c,v
retrieving revision 1.33
retrieving revision 1.34
diff -u -r1.33 -r1.34
--- cryptlib.c 2002/02/13 17:25:27 1.33
+++ cryptlib.c 2002/07/30 13:02:52 1.34
@@ -494,3 +494,11 @@
#endif
#endif
+
+void OpenSSLDie(const char *file,int line,const char *assertion)
+ {
+ fprintf(stderr,"%s(%d): OpenSSL internal error, assertion failed: %s\n",
+ file,line,assertion);
+ abort();
+ }
+
Index: cryptlib.h
===================================================================
RCS file: /e/openssl/cvs/openssl/crypto/cryptlib.h,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -r1.10 -r1.11
--- cryptlib.h 2001/02/22 14:44:54 1.10
+++ cryptlib.h 2002/07/30 13:02:52 1.11
@@ -89,6 +89,14 @@
#define X509_CERT_DIR_EVP "SSL_CERT_DIR"
#define X509_CERT_FILE_EVP "SSL_CERT_FILE"
+/* size of string represenations */
+#define DECIMAL_SIZE(type) ((sizeof(type)*8+2)/3+1)
+#define HEX_SIZE(type) ((sizeof(type)*2)
+
+/* die if we have to */
+void OpenSSLDie(const char *file,int line,const char *assertion);
+#define die(e) ((e) ? (void)0 : OpenSSLDie(__FILE__, __LINE__, #e))
+
#ifdef __cplusplus
}
#endif
1.22 +6 -4 openssl/crypto/asn1/asn1_lib.c
Index: asn1_lib.c
===================================================================
RCS file: /e/openssl/cvs/openssl/crypto/asn1/asn1_lib.c,v
retrieving revision 1.21
retrieving revision 1.22
diff -u -r1.21 -r1.22
--- asn1_lib.c 2002/06/13 17:40:18 1.21
+++ asn1_lib.c 2002/07/30 13:03:01 1.22
@@ -124,15 +124,13 @@
(int)(omax+ *pp));
#endif
-#if 0
- if ((p+ *plength) > (omax+ *pp))
+ if (*plength > (omax - (*pp - p)))
{
ASN1err(ASN1_F_ASN1_GET_OBJECT,ASN1_R_TOO_LONG);
/* Set this so that even if things are not long enough
* the values are set correctly */
ret|=0x80;
}
-#endif
*pp=p;
return(ret|inf);
err:
@@ -159,6 +157,8 @@
i= *p&0x7f;
if (*(p++) & 0x80)
{
+ if (i > sizeof(long))
+ return 0;
if (max-- == 0) return(0);
while (i-- > 0)
{
@@ -170,6 +170,8 @@
else
ret=i;
}
+ if (ret < 0)
+ return 0;
*pp=p;
*rl=ret;
return(1);
@@ -407,7 +409,7 @@
void asn1_add_error(unsigned char *address, int offset)
{
- char buf1[16],buf2[16];
+ char buf1[DECIMAL_SIZE(address)+1],buf2[DECIMAL_SIZE(offset)+1];
sprintf(buf1,"%lu",(unsigned long)address);
sprintf(buf2,"%d",offset);
1.45 +6 -6 openssl/crypto/conf/Makefile.ssl
1.13 +2 -1 openssl/crypto/conf/conf_def.c
1.12 +1 -1 openssl/crypto/conf/conf_mod.c
Index: Makefile.ssl
===================================================================
RCS file: /e/openssl/cvs/openssl/crypto/conf/Makefile.ssl,v
retrieving revision 1.44
retrieving revision 1.45
diff -u -r1.44 -r1.45
--- Makefile.ssl 2002/07/30 12:43:19 1.44
+++ Makefile.ssl 2002/07/30 13:03:10 1.45
@@ -89,14 +89,14 @@
conf_api.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
conf_api.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
conf_api.o: conf_api.c
-conf_def.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
-conf_def.o: ../../include/openssl/conf.h ../../include/openssl/conf_api.h
-conf_def.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-conf_def.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-conf_def.o: ../../include/openssl/opensslconf.h
+conf_def.o: ../../e_os.h ../../include/openssl/bio.h
+conf_def.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
+conf_def.o: ../../include/openssl/conf_api.h ../../include/openssl/crypto.h
+conf_def.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+conf_def.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
conf_def.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
conf_def.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-conf_def.o: conf_def.c conf_def.h
+conf_def.o: ../cryptlib.h conf_def.c conf_def.h
conf_err.o: ../../include/openssl/bio.h ../../include/openssl/conf.h
conf_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
conf_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
Index: conf_def.c
===================================================================
RCS file: /e/openssl/cvs/openssl/crypto/conf/conf_def.c,v
retrieving revision 1.12
retrieving revision 1.13
diff -u -r1.12 -r1.13
--- conf_def.c 2002/01/24 16:15:17 1.12
+++ conf_def.c 2002/07/30 13:03:10 1.13
@@ -67,6 +67,7 @@
#include "conf_def.h"
#include <openssl/buffer.h>
#include <openssl/err.h>
+#include "cryptlib.h"
static char *eat_ws(CONF *conf, char *p);
static char *eat_alpha_numeric(CONF *conf, char *p);
@@ -208,12 +209,12 @@
static int def_load_bio(CONF *conf, BIO *in, long *line)
{
#define BUFSIZE 512
- char btmp[16];
int bufnum=0,i,ii;
BUF_MEM *buff=NULL;
char *s,*p,*end;
int again,n;
long eline=0;
+ char btmp[DECIMAL_SIZE(eline)+1];
CONF_VALUE *v=NULL,*tv;
CONF_VALUE *sv=NULL;
char *section=NULL,*buf;
Index: conf_mod.c
===================================================================
RCS file: /e/openssl/cvs/openssl/crypto/conf/conf_mod.c,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -r1.11 -r1.12
--- conf_mod.c 2002/03/18 13:10:19 1.11
+++ conf_mod.c 2002/07/30 13:03:11 1.12
@@ -230,7 +230,7 @@
{
if (!(flags & CONF_MFLAGS_SILENT))
{
- char rcode[10];
+ char rcode[DECIMAL_SIZE(ret)+1];
CONFerr(CONF_F_CONF_MODULES_LOAD, CONF_R_MODULE_INITIALIZATION_ERROR);
sprintf(rcode, "%-8d", ret);
ERR_add_error_data(6, "module=", name, ", value=", value, ", retcode=", rcode);
1.19 +8 -8 openssl/crypto/engine/hw_cswift.c
Index: hw_cswift.c
===================================================================
RCS file: /e/openssl/cvs/openssl/crypto/engine/hw_cswift.c,v
retrieving revision 1.18
retrieving revision 1.19
diff -u -r1.18 -r1.19
--- hw_cswift.c 2002/06/21 02:38:00 1.18
+++ hw_cswift.c 2002/07/30 13:03:25 1.19
@@ -501,7 +501,7 @@
goto err;
default:
{
- char tmpbuf[20];
+ char tmpbuf[DECIMAL_SIZE(sw_status)+1];
CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP,CSWIFT_R_REQUEST_FAILED);
sprintf(tmpbuf, "%ld", sw_status);
ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
@@ -518,7 +518,7 @@
if((sw_status = p_CSwift_SimpleRequest(hac, SW_CMD_MODEXP, &arg, 1,
&res, 1)) != SW_OK)
{
- char tmpbuf[20];
+ char tmpbuf[DECIMAL_SIZE(sw_status)+1];
CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP,CSWIFT_R_REQUEST_FAILED);
sprintf(tmpbuf, "%ld", sw_status);
ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
@@ -608,7 +608,7 @@
goto err;
default:
{
- char tmpbuf[20];
+ char tmpbuf[DECIMAL_SIZE(sw_status)+1];
CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_REQUEST_FAILED);
sprintf(tmpbuf, "%ld", sw_status);
ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
@@ -625,7 +625,7 @@
if((sw_status = p_CSwift_SimpleRequest(hac, SW_CMD_MODEXP_CRT, &arg, 1,
&res, 1)) != SW_OK)
{
- char tmpbuf[20];
+ char tmpbuf[DECIMAL_SIZE(sw_status)+1];
CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_REQUEST_FAILED);
sprintf(tmpbuf, "%ld", sw_status);
ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
@@ -740,7 +740,7 @@
goto err;
default:
{
- char tmpbuf[20];
+ char tmpbuf[DECIMAL_SIZE(sw_status)+1];
CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN,CSWIFT_R_REQUEST_FAILED);
sprintf(tmpbuf, "%ld", sw_status);
ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
@@ -758,7 +758,7 @@
&res, 1);
if(sw_status != SW_OK)
{
- char tmpbuf[20];
+ char tmpbuf[DECIMAL_SIZE(sw_status)+1];
CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN,CSWIFT_R_REQUEST_FAILED);
sprintf(tmpbuf, "%ld", sw_status);
ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
@@ -852,7 +852,7 @@
goto err;
default:
{
- char tmpbuf[20];
+ char tmpbuf[DECIMAL_SIZE(sw_status)+1];
CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY,CSWIFT_R_REQUEST_FAILED);
sprintf(tmpbuf, "%ld", sw_status);
ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
@@ -874,7 +874,7 @@
&res, 1);
if(sw_status != SW_OK)
{
- char tmpbuf[20];
+ char tmpbuf[DECIMAL_SIZE(sw_status)+1];
CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY,CSWIFT_R_REQUEST_FAILED);
sprintf(tmpbuf, "%ld", sw_status);
ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
1.27 +1 -1 openssl/crypto/objects/obj_dat.c
Index: obj_dat.c
===================================================================
RCS file: /e/openssl/cvs/openssl/crypto/objects/obj_dat.c,v
retrieving revision 1.26
retrieving revision 1.27
diff -u -r1.26 -r1.27
--- obj_dat.c 2002/05/30 16:47:30 1.26
+++ obj_dat.c 2002/07/30 13:03:35 1.27
@@ -436,7 +436,7 @@
unsigned long l;
unsigned char *p;
const char *s;
- char tbuf[32];
+ char tbuf[DECIMAL_SIZE(i)+DECIMAL_SIZE(l)+2];
if (buf_len <= 0) return(0);
1.58 +190 -188 openssl/ssl/Makefile.ssl
1.38 +8 -0 openssl/ssl/s2_clnt.c
1.41 +6 -0 openssl/ssl/s2_lib.c
1.37 +14 -0 openssl/ssl/s2_srvr.c
1.56 +11 -0 openssl/ssl/s3_clnt.c
1.91 +14 -2 openssl/ssl/s3_srvr.c
1.135 +2 -0 openssl/ssl/ssl.h
1.12 +2 -0 openssl/ssl/ssl_asn1.c
1.42 +3 -1 openssl/ssl/ssl_err.c
1.41 +2 -0 openssl/ssl/ssl_sess.c
Index: Makefile.ssl
===================================================================
RCS file: /e/openssl/cvs/openssl/ssl/Makefile.ssl,v
retrieving revision 1.57
retrieving revision 1.58
diff -u -r1.57 -r1.58
--- Makefile.ssl 2002/07/30 12:44:23 1.57
+++ Makefile.ssl 2002/07/30 13:03:43 1.58
@@ -288,33 +288,33 @@
s23_srvr.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
s23_srvr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s23_srvr.c
s23_srvr.o: ssl_locl.h
-s2_clnt.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
-s2_clnt.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
-s2_clnt.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-s2_clnt.o: ../include/openssl/cast.h ../include/openssl/comp.h
-s2_clnt.o: ../include/openssl/crypto.h ../include/openssl/des.h
-s2_clnt.o: ../include/openssl/des_old.h ../include/openssl/dh.h
-s2_clnt.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
-s2_clnt.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h
-s2_clnt.o: ../include/openssl/err.h ../include/openssl/evp.h
-s2_clnt.o: ../include/openssl/idea.h ../include/openssl/kssl.h
-s2_clnt.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-s2_clnt.o: ../include/openssl/md4.h ../include/openssl/md5.h
-s2_clnt.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-s2_clnt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-s2_clnt.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-s2_clnt.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-s2_clnt.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
-s2_clnt.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-s2_clnt.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
-s2_clnt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-s2_clnt.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-s2_clnt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-s2_clnt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-s2_clnt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-s2_clnt.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
-s2_clnt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s2_clnt.c
-s2_clnt.o: ssl_locl.h
+s2_clnt.o: ../crypto/cryptlib.h ../e_os.h ../include/openssl/aes.h
+s2_clnt.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+s2_clnt.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+s2_clnt.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+s2_clnt.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+s2_clnt.o: ../include/openssl/des.h ../include/openssl/des_old.h
+s2_clnt.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+s2_clnt.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+s2_clnt.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
+s2_clnt.o: ../include/openssl/evp.h ../include/openssl/idea.h
+s2_clnt.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+s2_clnt.o: ../include/openssl/md2.h ../include/openssl/md4.h
+s2_clnt.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+s2_clnt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+s2_clnt.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+s2_clnt.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+s2_clnt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+s2_clnt.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+s2_clnt.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+s2_clnt.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+s2_clnt.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+s2_clnt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+s2_clnt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+s2_clnt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+s2_clnt.o: ../include/openssl/tls1.h ../include/openssl/ui.h
+s2_clnt.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+s2_clnt.o: ../include/openssl/x509_vfy.h s2_clnt.c ssl_locl.h
s2_enc.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
s2_enc.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
s2_enc.o: ../include/openssl/bn.h ../include/openssl/buffer.h
@@ -341,32 +341,33 @@
s2_enc.o: ../include/openssl/tls1.h ../include/openssl/ui.h
s2_enc.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
s2_enc.o: ../include/openssl/x509_vfy.h s2_enc.c ssl_locl.h
-s2_lib.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
-s2_lib.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
-s2_lib.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-s2_lib.o: ../include/openssl/cast.h ../include/openssl/comp.h
-s2_lib.o: ../include/openssl/crypto.h ../include/openssl/des.h
-s2_lib.o: ../include/openssl/des_old.h ../include/openssl/dh.h
-s2_lib.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
-s2_lib.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h
-s2_lib.o: ../include/openssl/err.h ../include/openssl/evp.h
-s2_lib.o: ../include/openssl/idea.h ../include/openssl/kssl.h
-s2_lib.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-s2_lib.o: ../include/openssl/md4.h ../include/openssl/md5.h
-s2_lib.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-s2_lib.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-s2_lib.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-s2_lib.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-s2_lib.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
-s2_lib.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-s2_lib.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-s2_lib.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-s2_lib.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-s2_lib.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-s2_lib.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-s2_lib.o: ../include/openssl/tls1.h ../include/openssl/ui.h
-s2_lib.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
-s2_lib.o: ../include/openssl/x509_vfy.h s2_lib.c ssl_locl.h
+s2_lib.o: ../crypto/cryptlib.h ../e_os.h ../include/openssl/aes.h
+s2_lib.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+s2_lib.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+s2_lib.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+s2_lib.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+s2_lib.o: ../include/openssl/des.h ../include/openssl/des_old.h
+s2_lib.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+s2_lib.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+s2_lib.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
+s2_lib.o: ../include/openssl/evp.h ../include/openssl/idea.h
+s2_lib.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+s2_lib.o: ../include/openssl/md2.h ../include/openssl/md4.h
+s2_lib.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+s2_lib.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+s2_lib.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+s2_lib.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+s2_lib.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+s2_lib.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+s2_lib.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+s2_lib.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+s2_lib.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+s2_lib.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+s2_lib.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+s2_lib.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+s2_lib.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+s2_lib.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s2_lib.c
+s2_lib.o: ssl_locl.h
s2_meth.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
s2_meth.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
s2_meth.o: ../include/openssl/bn.h ../include/openssl/buffer.h
@@ -419,33 +420,33 @@
s2_pkt.o: ../include/openssl/tls1.h ../include/openssl/ui.h
s2_pkt.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
s2_pkt.o: ../include/openssl/x509_vfy.h s2_pkt.c ssl_locl.h
-s2_srvr.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
-s2_srvr.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
-s2_srvr.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-s2_srvr.o: ../include/openssl/cast.h ../include/openssl/comp.h
-s2_srvr.o: ../include/openssl/crypto.h ../include/openssl/des.h
-s2_srvr.o: ../include/openssl/des_old.h ../include/openssl/dh.h
-s2_srvr.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
-s2_srvr.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h
-s2_srvr.o: ../include/openssl/err.h ../include/openssl/evp.h
-s2_srvr.o: ../include/openssl/idea.h ../include/openssl/kssl.h
-s2_srvr.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-s2_srvr.o: ../include/openssl/md4.h ../include/openssl/md5.h
-s2_srvr.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-s2_srvr.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-s2_srvr.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-s2_srvr.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-s2_srvr.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
-s2_srvr.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-s2_srvr.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
-s2_srvr.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-s2_srvr.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-s2_srvr.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-s2_srvr.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-s2_srvr.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-s2_srvr.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
-s2_srvr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s2_srvr.c
-s2_srvr.o: ssl_locl.h
+s2_srvr.o: ../crypto/cryptlib.h ../e_os.h ../include/openssl/aes.h
+s2_srvr.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+s2_srvr.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+s2_srvr.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+s2_srvr.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+s2_srvr.o: ../include/openssl/des.h ../include/openssl/des_old.h
+s2_srvr.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+s2_srvr.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+s2_srvr.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
+s2_srvr.o: ../include/openssl/evp.h ../include/openssl/idea.h
+s2_srvr.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+s2_srvr.o: ../include/openssl/md2.h ../include/openssl/md4.h
+s2_srvr.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+s2_srvr.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+s2_srvr.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+s2_srvr.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+s2_srvr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+s2_srvr.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+s2_srvr.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+s2_srvr.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+s2_srvr.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+s2_srvr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+s2_srvr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+s2_srvr.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+s2_srvr.o: ../include/openssl/tls1.h ../include/openssl/ui.h
+s2_srvr.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+s2_srvr.o: ../include/openssl/x509_vfy.h s2_srvr.c ssl_locl.h
s3_both.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
s3_both.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
s3_both.o: ../include/openssl/bn.h ../include/openssl/buffer.h
@@ -473,33 +474,33 @@
s3_both.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
s3_both.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s3_both.c
s3_both.o: ssl_locl.h
-s3_clnt.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
-s3_clnt.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
-s3_clnt.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-s3_clnt.o: ../include/openssl/cast.h ../include/openssl/comp.h
-s3_clnt.o: ../include/openssl/crypto.h ../include/openssl/des.h
-s3_clnt.o: ../include/openssl/des_old.h ../include/openssl/dh.h
-s3_clnt.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
-s3_clnt.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h
-s3_clnt.o: ../include/openssl/err.h ../include/openssl/evp.h
-s3_clnt.o: ../include/openssl/idea.h ../include/openssl/kssl.h
-s3_clnt.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-s3_clnt.o: ../include/openssl/md4.h ../include/openssl/md5.h
-s3_clnt.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-s3_clnt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-s3_clnt.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-s3_clnt.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-s3_clnt.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
-s3_clnt.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-s3_clnt.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
-s3_clnt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-s3_clnt.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-s3_clnt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-s3_clnt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-s3_clnt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-s3_clnt.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
-s3_clnt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h kssl_lcl.h
-s3_clnt.o: s3_clnt.c ssl_locl.h
+s3_clnt.o: ../crypto/cryptlib.h ../e_os.h ../include/openssl/aes.h
+s3_clnt.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+s3_clnt.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+s3_clnt.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+s3_clnt.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+s3_clnt.o: ../include/openssl/des.h ../include/openssl/des_old.h
+s3_clnt.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+s3_clnt.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+s3_clnt.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
+s3_clnt.o: ../include/openssl/evp.h ../include/openssl/idea.h
+s3_clnt.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+s3_clnt.o: ../include/openssl/md2.h ../include/openssl/md4.h
+s3_clnt.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+s3_clnt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+s3_clnt.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+s3_clnt.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+s3_clnt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+s3_clnt.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+s3_clnt.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+s3_clnt.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+s3_clnt.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+s3_clnt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+s3_clnt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+s3_clnt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+s3_clnt.o: ../include/openssl/tls1.h ../include/openssl/ui.h
+s3_clnt.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+s3_clnt.o: ../include/openssl/x509_vfy.h kssl_lcl.h s3_clnt.c ssl_locl.h
s3_enc.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
s3_enc.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
s3_enc.o: ../include/openssl/bn.h ../include/openssl/buffer.h
@@ -604,33 +605,34 @@
s3_pkt.o: ../include/openssl/tls1.h ../include/openssl/ui.h
s3_pkt.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
s3_pkt.o: ../include/openssl/x509_vfy.h s3_pkt.c ssl_locl.h
-s3_srvr.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
-s3_srvr.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
-s3_srvr.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-s3_srvr.o: ../include/openssl/cast.h ../include/openssl/comp.h
-s3_srvr.o: ../include/openssl/crypto.h ../include/openssl/des.h
-s3_srvr.o: ../include/openssl/des_old.h ../include/openssl/dh.h
-s3_srvr.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
-s3_srvr.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h
-s3_srvr.o: ../include/openssl/err.h ../include/openssl/evp.h
-s3_srvr.o: ../include/openssl/idea.h ../include/openssl/krb5_asn.h
-s3_srvr.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
-s3_srvr.o: ../include/openssl/md2.h ../include/openssl/md4.h
-s3_srvr.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-s3_srvr.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-s3_srvr.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-s3_srvr.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-s3_srvr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-s3_srvr.o: ../include/openssl/rand.h ../include/openssl/rc2.h
-s3_srvr.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-s3_srvr.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-s3_srvr.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-s3_srvr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-s3_srvr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-s3_srvr.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-s3_srvr.o: ../include/openssl/tls1.h ../include/openssl/ui.h
-s3_srvr.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
-s3_srvr.o: ../include/openssl/x509_vfy.h kssl_lcl.h s3_srvr.c ssl_locl.h
+s3_srvr.o: ../crypto/cryptlib.h ../e_os.h ../include/openssl/aes.h
+s3_srvr.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+s3_srvr.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+s3_srvr.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+s3_srvr.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+s3_srvr.o: ../include/openssl/des.h ../include/openssl/des_old.h
+s3_srvr.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+s3_srvr.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+s3_srvr.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
+s3_srvr.o: ../include/openssl/evp.h ../include/openssl/idea.h
+s3_srvr.o: ../include/openssl/krb5_asn.h ../include/openssl/kssl.h
+s3_srvr.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+s3_srvr.o: ../include/openssl/md4.h ../include/openssl/md5.h
+s3_srvr.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+s3_srvr.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+s3_srvr.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+s3_srvr.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+s3_srvr.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+s3_srvr.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+s3_srvr.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+s3_srvr.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+s3_srvr.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+s3_srvr.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+s3_srvr.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+s3_srvr.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+s3_srvr.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+s3_srvr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h kssl_lcl.h
+s3_srvr.o: s3_srvr.c ssl_locl.h
ssl_algs.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
ssl_algs.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
ssl_algs.o: ../include/openssl/bn.h ../include/openssl/buffer.h
@@ -657,33 +659,33 @@
ssl_algs.o: ../include/openssl/tls1.h ../include/openssl/ui.h
ssl_algs.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
ssl_algs.o: ../include/openssl/x509_vfy.h ssl_algs.c ssl_locl.h
-ssl_asn1.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
-ssl_asn1.o: ../include/openssl/asn1_mac.h ../include/openssl/bio.h
-ssl_asn1.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-ssl_asn1.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-ssl_asn1.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-ssl_asn1.o: ../include/openssl/des.h ../include/openssl/des_old.h
-ssl_asn1.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-ssl_asn1.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
-ssl_asn1.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
-ssl_asn1.o: ../include/openssl/evp.h ../include/openssl/idea.h
-ssl_asn1.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
-ssl_asn1.o: ../include/openssl/md2.h ../include/openssl/md4.h
-ssl_asn1.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-ssl_asn1.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-ssl_asn1.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-ssl_asn1.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-ssl_asn1.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-ssl_asn1.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-ssl_asn1.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
-ssl_asn1.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-ssl_asn1.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-ssl_asn1.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-ssl_asn1.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-ssl_asn1.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-ssl_asn1.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
-ssl_asn1.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_asn1.c
-ssl_asn1.o: ssl_locl.h
+ssl_asn1.o: ../crypto/cryptlib.h ../e_os.h ../include/openssl/aes.h
+ssl_asn1.o: ../include/openssl/asn1.h ../include/openssl/asn1_mac.h
+ssl_asn1.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+ssl_asn1.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+ssl_asn1.o: ../include/openssl/cast.h ../include/openssl/comp.h
+ssl_asn1.o: ../include/openssl/crypto.h ../include/openssl/des.h
+ssl_asn1.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+ssl_asn1.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+ssl_asn1.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h
+ssl_asn1.o: ../include/openssl/err.h ../include/openssl/evp.h
+ssl_asn1.o: ../include/openssl/idea.h ../include/openssl/kssl.h
+ssl_asn1.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+ssl_asn1.o: ../include/openssl/md4.h ../include/openssl/md5.h
+ssl_asn1.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+ssl_asn1.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+ssl_asn1.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+ssl_asn1.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+ssl_asn1.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+ssl_asn1.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+ssl_asn1.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+ssl_asn1.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+ssl_asn1.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+ssl_asn1.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+ssl_asn1.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+ssl_asn1.o: ../include/openssl/tls1.h ../include/openssl/ui.h
+ssl_asn1.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+ssl_asn1.o: ../include/openssl/x509_vfy.h ssl_asn1.c ssl_locl.h
ssl_cert.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
ssl_cert.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
ssl_cert.o: ../include/openssl/bn.h ../include/openssl/buffer.h
@@ -842,33 +844,33 @@
ssl_rsa.o: ../include/openssl/tls1.h ../include/openssl/ui.h
ssl_rsa.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
ssl_rsa.o: ../include/openssl/x509_vfy.h ssl_locl.h ssl_rsa.c
-ssl_sess.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
-ssl_sess.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
-ssl_sess.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-ssl_sess.o: ../include/openssl/cast.h ../include/openssl/comp.h
-ssl_sess.o: ../include/openssl/crypto.h ../include/openssl/des.h
-ssl_sess.o: ../include/openssl/des_old.h ../include/openssl/dh.h
-ssl_sess.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
-ssl_sess.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h
-ssl_sess.o: ../include/openssl/err.h ../include/openssl/evp.h
-ssl_sess.o: ../include/openssl/idea.h ../include/openssl/kssl.h
-ssl_sess.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-ssl_sess.o: ../include/openssl/md4.h ../include/openssl/md5.h
-ssl_sess.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-ssl_sess.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-ssl_sess.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-ssl_sess.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-ssl_sess.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
-ssl_sess.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-ssl_sess.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
-ssl_sess.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-ssl_sess.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-ssl_sess.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-ssl_sess.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-ssl_sess.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-ssl_sess.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
-ssl_sess.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
-ssl_sess.o: ssl_sess.c
+ssl_sess.o: ../crypto/cryptlib.h ../e_os.h ../include/openssl/aes.h
+ssl_sess.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+ssl_sess.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+ssl_sess.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+ssl_sess.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+ssl_sess.o: ../include/openssl/des.h ../include/openssl/des_old.h
+ssl_sess.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+ssl_sess.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+ssl_sess.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
+ssl_sess.o: ../include/openssl/evp.h ../include/openssl/idea.h
+ssl_sess.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+ssl_sess.o: ../include/openssl/md2.h ../include/openssl/md4.h
+ssl_sess.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+ssl_sess.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+ssl_sess.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+ssl_sess.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+ssl_sess.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+ssl_sess.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+ssl_sess.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+ssl_sess.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+ssl_sess.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+ssl_sess.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+ssl_sess.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+ssl_sess.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+ssl_sess.o: ../include/openssl/tls1.h ../include/openssl/ui.h
+ssl_sess.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+ssl_sess.o: ../include/openssl/x509_vfy.h ssl_locl.h ssl_sess.c
ssl_stat.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
ssl_stat.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
ssl_stat.o: ../include/openssl/bn.h ../include/openssl/buffer.h
Index: s2_clnt.c
===================================================================
RCS file: /e/openssl/cvs/openssl/ssl/s2_clnt.c,v
retrieving revision 1.37
retrieving revision 1.38
diff -u -r1.37 -r1.38
--- s2_clnt.c 2002/01/12 15:56:10 1.37
+++ s2_clnt.c 2002/07/30 13:03:52 1.38
@@ -116,6 +116,7 @@
#include <openssl/buffer.h>
#include <openssl/objects.h>
#include <openssl/evp.h>
+#include "cryptlib.h"
static SSL_METHOD *ssl2_get_client_method(int ver);
static int get_server_finished(SSL *s);
@@ -535,6 +536,7 @@
}
s->s2->conn_id_length=s->s2->tmp.conn_id_length;
+ die(s->s2->conn_id_length <= sizeof s->s2->conn_id);
memcpy(s->s2->conn_id,p,s->s2->tmp.conn_id_length);
return(1);
}
@@ -636,6 +638,7 @@
/* make key_arg data */
i=EVP_CIPHER_iv_length(c);
sess->key_arg_length=i;
+ die(i <= SSL_MAX_KEY_ARG_LENGTH);
if (i > 0) RAND_pseudo_bytes(sess->key_arg,i);
/* make a master key */
@@ -643,6 +646,7 @@
sess->master_key_length=i;
if (i > 0)
{
+ die(i <= sizeof sess->master_key);
if (RAND_bytes(sess->master_key,i) <= 0)
{
ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
@@ -686,6 +690,7 @@
d+=enc;
karg=sess->key_arg_length;
s2n(karg,p); /* key arg size */
+ die(karg <= sizeof sess->key_arg);
memcpy(d,sess->key_arg,(unsigned int)karg);
d+=karg;
@@ -706,6 +711,7 @@
{
p=(unsigned char *)s->init_buf->data;
*(p++)=SSL2_MT_CLIENT_FINISHED;
+ die(s->s2->conn_id_length <= sizeof s->s2->conn_id);
memcpy(p,s->s2->conn_id,(unsigned int)s->s2->conn_id_length);
s->state=SSL2_ST_SEND_CLIENT_FINISHED_B;
@@ -978,6 +984,8 @@
{
if (!(s->options & SSL_OP_MICROSOFT_SESS_ID_BUG))
{
+ die(s->session->session_id_length
+ <= sizeof s->session->session_id);
if (memcmp(buf,s->session->session_id,
(unsigned int)s->session->session_id_length) != 0)
{
Index: s2_lib.c
===================================================================
RCS file: /e/openssl/cvs/openssl/ssl/s2_lib.c,v
retrieving revision 1.40
retrieving revision 1.41
diff -u -r1.40 -r1.41
--- s2_lib.c 2002/07/10 06:41:54 1.40
+++ s2_lib.c 2002/07/30 13:03:53 1.41
@@ -63,6 +63,7 @@
#include <openssl/objects.h>
#include <openssl/evp.h>
#include <openssl/md5.h>
+#include "cryptlib.h"
static long ssl2_default_timeout(void );
const char *ssl2_version_str="SSLv2" OPENSSL_VERSION_PTEXT;
@@ -428,10 +429,14 @@
#endif
EVP_MD_CTX_init(&ctx);
km=s->s2->key_material;
+ die(s->s2->key_material_length <= sizeof s->s2->key_material);
for (i=0; i<s->s2->key_material_length; i+=MD5_DIGEST_LENGTH)
{
EVP_DigestInit_ex(&ctx,EVP_md5(), NULL);
+ die(s->session->master_key_length >= 0
+ && s->session->master_key_length
+ < sizeof s->session->master_key);
EVP_DigestUpdate(&ctx,s->session->master_key,s->session->master_key_length);
EVP_DigestUpdate(&ctx,&c,1);
c++;
@@ -467,6 +472,7 @@
/* state=s->rwstate;*/
error=s->error;
s->error=0;
+ die(error >= 0 && error <= 3);
i=ssl2_write(s,&(buf[3-error]),error);
/* if (i == error) s->rwstate=state; */
Index: s2_srvr.c
===================================================================
RCS file: /e/openssl/cvs/openssl/ssl/s2_srvr.c,v
retrieving revision 1.36
retrieving revision 1.37
diff -u -r1.36 -r1.37
--- s2_srvr.c 2002/01/12 15:56:11 1.36
+++ s2_srvr.c 2002/07/30 13:03:54 1.37
@@ -116,6 +116,7 @@
#include <openssl/rand.h>
#include <openssl/objects.h>
#include <openssl/evp.h>
+#include "cryptlib.h"
static SSL_METHOD *ssl2_get_server_method(int ver);
static int get_client_master_key(SSL *s);
@@ -417,11 +418,18 @@
n2s(p,i); s->s2->tmp.clear=i;
n2s(p,i); s->s2->tmp.enc=i;
n2s(p,i); s->session->key_arg_length=i;
+ if(s->session->key_arg_length > SSL_MAX_KEY_ARG_LENGTH)
+ {
+ SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,
+ SSL_R_KEY_ARG_TOO_LONG);
+ return -1;
+ }
s->state=SSL2_ST_GET_CLIENT_MASTER_KEY_B;
}
/* SSL2_ST_GET_CLIENT_MASTER_KEY_B */
p=(unsigned char *)s->init_buf->data;
+ die(s->init_buf->length >= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER);
keya=s->session->key_arg_length;
len = 10 + (unsigned long)s->s2->tmp.clear + (unsigned long)s->s2->tmp.enc + (unsigned long)keya;
if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)
@@ -504,6 +512,7 @@
#endif
if (is_export) i+=s->s2->tmp.clear;
+ die(i <= SSL_MAX_MASTER_KEY_LENGTH);
s->session->master_key_length=i;
memcpy(s->session->master_key,p,(unsigned int)i);
return(1);
@@ -670,6 +679,7 @@
p+=s->s2->tmp.session_id_length;
/* challenge */
+ die(s->s2->challenge_length <= sizeof s->s2->challenge);
memcpy(s->s2->challenge,p,(unsigned int)s->s2->challenge_length);
return(1);
mem_err:
@@ -826,6 +836,7 @@
}
/* SSL2_ST_GET_CLIENT_FINISHED_B */
+ die(s->s2->conn_id_length <= sizeof s->s2->conn_id);
len = 1 + (unsigned long)s->s2->conn_id_length;
n = (int)len - s->init_num;
i = ssl2_read(s,(char *)&(p[s->init_num]),n);
@@ -853,6 +864,7 @@
{
p=(unsigned char *)s->init_buf->data;
*(p++)=SSL2_MT_SERVER_VERIFY;
+ die(s->s2->challenge_length <= sizeof s->s2->challenge);
memcpy(p,s->s2->challenge,(unsigned int)s->s2->challenge_length);
/* p+=s->s2->challenge_length; */
@@ -872,6 +884,8 @@
p=(unsigned char *)s->init_buf->data;
*(p++)=SSL2_MT_SERVER_FINISHED;
+ die(s->session->session_id_length
+ <= sizeof s->session->session_id);
memcpy(p,s->session->session_id,
(unsigned int)s->session->session_id_length);
/* p+=s->session->session_id_length; */
Index: s3_clnt.c
===================================================================
RCS file: /e/openssl/cvs/openssl/ssl/s3_clnt.c,v
retrieving revision 1.55
retrieving revision 1.56
diff -u -r1.55 -r1.56
--- s3_clnt.c 2002/07/10 07:01:48 1.55
+++ s3_clnt.c 2002/07/30 13:03:55 1.56
@@ -117,6 +117,7 @@
#include <openssl/objects.h>
#include <openssl/evp.h>
#include <openssl/md5.h>
+#include "cryptlib.h"
static SSL_METHOD *ssl3_get_client_method(int ver);
static int ssl3_client_hello(SSL *s);
@@ -545,6 +546,7 @@
*(p++)=i;
if (i != 0)
{
+ die(i <= sizeof s->session->session_id);
memcpy(p,s->session->session_id,i);
p+=i;
}
@@ -626,6 +628,14 @@
/* get the session-id */
j= *(p++);
+ if(j > sizeof s->session->session_id)
+ {
+ al=SSL_AD_ILLEGAL_PARAMETER;
+ SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
+ SSL_R_SSL3_SESSION_ID_TOO_LONG);
+ goto f_err;
+ }
+
if ((j != 0) && (j != SSL3_SESSION_ID_SIZE))
{
/* SSLref returns 16 :-( */
@@ -1588,6 +1598,7 @@
SSL_MAX_MASTER_KEY_LENGTH);
EVP_EncryptFinal_ex(&ciph_ctx,&(epms[outl]),&padl);
outl += padl;
+ die(outl <= sizeof epms);
EVP_CIPHER_CTX_cleanup(&ciph_ctx);
/* KerberosWrapper.EncryptedPreMasterSecret */
Index: s3_srvr.c
===================================================================
RCS file: /e/openssl/cvs/openssl/ssl/s3_srvr.c,v
retrieving revision 1.90
retrieving revision 1.91
diff -u -r1.90 -r1.91
--- s3_srvr.c 2002/07/10 07:01:50 1.90
+++ s3_srvr.c 2002/07/30 13:03:58 1.91
@@ -123,6 +123,7 @@
#include <openssl/x509.h>
#include <openssl/krb5_asn.h>
#include <openssl/md5.h>
+#include "cryptlib.h"
static SSL_METHOD *ssl3_get_server_method(int ver);
static int ssl3_get_client_hello(SSL *s);
@@ -964,6 +965,7 @@
s->session->session_id_length=0;
sl=s->session->session_id_length;
+ die(sl <= sizeof s->session->session_id);
*(p++)=sl;
memcpy(p,s->session->session_id,sl);
p+=sl;
@@ -1559,8 +1561,8 @@
EVP_CIPHER *enc = NULL;
unsigned char iv[EVP_MAX_IV_LENGTH];
unsigned char pms[SSL_MAX_MASTER_KEY_LENGTH
- + EVP_MAX_IV_LENGTH + 1];
- int padl, outl = sizeof(pms);
+ + EVP_MAX_BLOCK_LENGTH];
+ int padl, outl;
krb5_timestamp authtime = 0;
krb5_ticket_times ttimes;
@@ -1582,6 +1584,16 @@
enc_pms.length = i;
enc_pms.data = (char *)p;
p+=enc_pms.length;
+
+ /* Note that the length is checked again below,
+ ** after decryption
+ */
+ if(enc.pms_length > sizeof pms)
+ {
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+ SSL_R_DATA_LENGTH_TOO_LONG);
+ goto err;
+ }
if (n != enc_ticket.length + authenticator.length +
enc_pms.length + 6)
Index: ssl.h
===================================================================
RCS file: /e/openssl/cvs/openssl/ssl/ssl.h,v
retrieving revision 1.134
retrieving revision 1.135
diff -u -r1.134 -r1.135
--- ssl.h 2002/07/19 19:55:34 1.134
+++ ssl.h 2002/07/30 13:03:59 1.135
@@ -1667,6 +1667,7 @@
#define SSL_R_INVALID_COMMAND 280
#define SSL_R_INVALID_PURPOSE 278
#define SSL_R_INVALID_TRUST 279
+#define SSL_R_KEY_ARG_TOO_LONG 1112
#define SSL_R_KRB5 1104
#define SSL_R_KRB5_C_CC_PRINC 1094
#define SSL_R_KRB5_C_GET_CRED 1095
@@ -1746,6 +1747,7 @@
#define SSL_R_SHORT_READ 219
#define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 220
#define SSL_R_SSL23_DOING_SESSION_ID_REUSE 221
+#define SSL_R_SSL3_SESSION_ID_TOO_LONG 1113
#define SSL_R_SSL3_SESSION_ID_TOO_SHORT 222
#define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042
#define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020
Index: ssl_asn1.c
===================================================================
RCS file: /e/openssl/cvs/openssl/ssl/ssl_asn1.c,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -r1.11 -r1.12
--- ssl_asn1.c 2002/07/10 07:01:51 1.11
+++ ssl_asn1.c 2002/07/30 13:04:02 1.12
@@ -62,6 +62,7 @@
#include <openssl/asn1_mac.h>
#include <openssl/objects.h>
#include <openssl/x509.h>
+#include "cryptlib.h"
typedef struct ssl_session_asn1_st
{
@@ -296,6 +297,7 @@
os.length=i;
ret->session_id_length=os.length;
+ die(os.length <= sizeof ret->session_id);
memcpy(ret->session_id,os.data,os.length);
M_ASN1_D2I_get(osp,d2i_ASN1_OCTET_STRING);
Index: ssl_err.c
===================================================================
RCS file: /e/openssl/cvs/openssl/ssl/ssl_err.c,v
retrieving revision 1.41
retrieving revision 1.42
diff -u -r1.41 -r1.42
--- ssl_err.c 2001/11/10 01:16:28 1.41
+++ ssl_err.c 2002/07/30 13:04:03 1.42
@@ -1,6 +1,6 @@
/* ssl/ssl_err.c */
/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -275,6 +275,7 @@
{SSL_R_INVALID_COMMAND ,"invalid command"},
{SSL_R_INVALID_PURPOSE ,"invalid purpose"},
{SSL_R_INVALID_TRUST ,"invalid trust"},
+{SSL_R_KEY_ARG_TOO_LONG ,"key arg too long"},
{SSL_R_KRB5 ,"krb5"},
{SSL_R_KRB5_C_CC_PRINC ,"krb5 client cc principal (no tkt?)"},
{SSL_R_KRB5_C_GET_CRED ,"krb5 client get cred"},
@@ -354,6 +355,7 @@
{SSL_R_SHORT_READ ,"short read"},
{SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE,"signature for non signing certificate"},
{SSL_R_SSL23_DOING_SESSION_ID_REUSE ,"ssl23 doing session id reuse"},
+{SSL_R_SSL3_SESSION_ID_TOO_LONG ,"ssl3 session id too long"},
{SSL_R_SSL3_SESSION_ID_TOO_SHORT ,"ssl3 session id too short"},
{SSL_R_SSLV3_ALERT_BAD_CERTIFICATE ,"sslv3 alert bad certificate"},
{SSL_R_SSLV3_ALERT_BAD_RECORD_MAC ,"sslv3 alert bad record mac"},
Index: ssl_sess.c
===================================================================
RCS file: /e/openssl/cvs/openssl/ssl/ssl_sess.c,v
retrieving revision 1.40
retrieving revision 1.41
diff -u -r1.40 -r1.41
--- ssl_sess.c 2002/02/10 12:46:41 1.40
+++ ssl_sess.c 2002/07/30 13:04:04 1.41
@@ -60,6 +60,7 @@
#include <openssl/lhash.h>
#include <openssl/rand.h>
#include "ssl_locl.h"
+#include "cryptlib.h"
static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s);
static void SSL_SESSION_list_add(SSL_CTX *ctx,SSL_SESSION *s);
@@ -250,6 +251,7 @@
ss->session_id_length=0;
}
+ die(s->sid_ctx_length <= sizeof ss->sid_ctx);
memcpy(ss->sid_ctx,s->sid_ctx,s->sid_ctx_length);
ss->sid_ctx_length=s->sid_ctx_length;
s->session=ss;
______________________________________________________________________
OpenSSL Project http://www.openssl.org
CVS Repository Commit List openssl-cvs@openssl.org
Automated List Manager majordomo@openssl.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic