Import OpenSSL-1.0.0e.
authorPeter Avalos <pavalos@dragonflybsd.org>
Wed, 21 Sep 2011 00:22:53 +0000 (17:22 -0700)
committerPeter Avalos <pavalos@dragonflybsd.org>
Wed, 21 Sep 2011 00:22:53 +0000 (17:22 -0700)
      o Fix for CRL vulnerability issue CVE-2011-3207
      o Fix for ECDH crashes CVE-2011-3210
      o Protection against EC timing attacks.
      o Support ECDH ciphersuites for certificates using SHA2 algorithms.
      o Various DTLS fixes.

49 files changed:
crypto/openssl/CHANGES
crypto/openssl/FAQ
crypto/openssl/NEWS
crypto/openssl/README
crypto/openssl/README.DELETED
crypto/openssl/apps/apps.c
crypto/openssl/apps/asn1pars.c
crypto/openssl/apps/enc.c
crypto/openssl/apps/openssl.c
crypto/openssl/apps/pkcs12.c
crypto/openssl/apps/speed.c
crypto/openssl/crypto/asn1/a_object.c
crypto/openssl/crypto/asn1/bio_ndef.c
crypto/openssl/crypto/asn1/x_name.c
crypto/openssl/crypto/bio/b_sock.c
crypto/openssl/crypto/bio/bss_dgram.c
crypto/openssl/crypto/bio/bss_log.c
crypto/openssl/crypto/bn/bn.h
crypto/openssl/crypto/bn/bn_gf2m.c
crypto/openssl/crypto/bn/bn_mont.c
crypto/openssl/crypto/bn/bn_nist.c
crypto/openssl/crypto/conf/conf_api.c
crypto/openssl/crypto/cryptlib.c
crypto/openssl/crypto/dsa/dsa_pmeth.c
crypto/openssl/crypto/dso/dso_dlfcn.c
crypto/openssl/crypto/ecdsa/ecs_ossl.c
crypto/openssl/crypto/hmac/hm_pmeth.c
crypto/openssl/crypto/o_time.c
crypto/openssl/crypto/ocsp/ocsp_lib.c
crypto/openssl/crypto/opensslv.h
crypto/openssl/crypto/perlasm/cbc.pl
crypto/openssl/crypto/rand/randfile.c
crypto/openssl/crypto/rsa/rsa_oaep.c
crypto/openssl/crypto/stack/safestack.h
crypto/openssl/crypto/x509/x509_vfy.c
crypto/openssl/doc/ssl/ssl.pod
crypto/openssl/engines/ccgost/gost_crypt.c
crypto/openssl/engines/e_capi_err.h
crypto/openssl/ssl/bio_ssl.c
crypto/openssl/ssl/d1_both.c
crypto/openssl/ssl/d1_clnt.c
crypto/openssl/ssl/d1_lib.c
crypto/openssl/ssl/d1_pkt.c
crypto/openssl/ssl/d1_srvr.c
crypto/openssl/ssl/s3_clnt.c
crypto/openssl/ssl/s3_lib.c
crypto/openssl/ssl/s3_pkt.c
crypto/openssl/ssl/s3_srvr.c
crypto/openssl/ssl/ssl_lib.c

index 5cae85c..a0de5ab 100644 (file)
@@ -2,6 +2,31 @@
  OpenSSL CHANGES
  _______________
 
+ Changes between 1.0.0d and 1.0.0e [6 Sep 2011]
+
+  *) Fix bug where CRLs with nextUpdate in the past are sometimes accepted
+     by initialising X509_STORE_CTX properly. (CVE-2011-3207)
+     [Kaspar Brand <ossl@velox.ch>]
+
+  *) Fix SSL memory handling for (EC)DH ciphersuites, in particular
+     for multi-threaded use of ECDH. (CVE-2011-3210)
+     [Adam Langley (Google)]
+
+  *) Fix x509_name_ex_d2i memory leak on bad inputs.
+     [Bodo Moeller]
+
+  *) Remove hard coded ecdsaWithSHA1 signature tests in ssl code and check
+     signature public key algorithm by using OID xref utilities instead.
+     Before this you could only use some ECC ciphersuites with SHA1 only.
+     [Steve Henson]
+
+  *) Add protection against ECDSA timing attacks as mentioned in the paper
+     by Billy Bob Brumley and Nicola Tuveri, see:
+
+       http://eprint.iacr.org/2011/232.pdf
+
+     [Billy Bob Brumley and Nicola Tuveri]
+
  Changes between 1.0.0c and 1.0.0d [8 Feb 2011]
 
   *) Fix parsing of OCSP stapling ClientHello extension. CVE-2011-0014
   *) Change 'Configure' script to enable Camellia by default.
      [NTT]
   
+ Changes between 0.9.8r and 0.9.8s [xx XXX xxxx]
+
+  *) Fix SSL memory handling for (EC)DH ciphersuites, in particular
+     for multi-threaded use of ECDH.
+     [Adam Langley (Google)]
+
+  *) Fix x509_name_ex_d2i memory leak on bad inputs.
+     [Bodo Moeller]
+
+  *) Add protection against ECDSA timing attacks as mentioned in the paper
+     by Billy Bob Brumley and Nicola Tuveri, see:
+
+       http://eprint.iacr.org/2011/232.pdf
+
+     [Billy Bob Brumley and Nicola Tuveri]
+
  Changes between 0.9.8q and 0.9.8r [8 Feb 2011]
 
-  *) Fix parsing of OCSP stapling ClientHello extension.  CVE-2011-0014
+  *) Fix parsing of OCSP stapling ClientHello extension. CVE-2011-0014
      [Neel Mehta, Adam Langley, Bodo Moeller (Google)]
 
   *) Fix bug in string printing code: if *any* escaping is enabled we must
index 0e008cb..fe54856 100644 (file)
@@ -82,7 +82,7 @@ OpenSSL  -  Frequently Asked Questions
 * Which is the current version of OpenSSL?
 
 The current version is available from <URL: http://www.openssl.org>.
-OpenSSL 1.0.0d was released on Feb 8th, 2011.
+OpenSSL 1.0.0e was released on Sep 6th, 2011.
 
 In addition to the current stable release, you can also access daily
 snapshots of the OpenSSL development version at <URL:
index a9c9b78..672810d 100644 (file)
@@ -5,6 +5,14 @@
   This file gives a brief overview of the major changes between each OpenSSL
   release. For more details please read the CHANGES file.
 
+  Major changes between OpenSSL 1.0.0d and OpenSSL 1.0.0e:
+
+      o Fix for CRL vulnerability issue CVE-2011-3207
+      o Fix for ECDH crashes CVE-2011-3210
+      o Protection against EC timing attacks.
+      o Support ECDH ciphersuites for certificates using SHA2 algorithms.
+      o Various DTLS fixes.
+
   Major changes between OpenSSL 1.0.0c and OpenSSL 1.0.0d:
 
       o Fix for security issue CVE-2011-0014
index e3858ea..8984379 100644 (file)
@@ -1,5 +1,5 @@
 
- OpenSSL 1.0.0d
+ OpenSSL 1.0.0e 6 Sep 2011
 
  Copyright (c) 1998-2011 The OpenSSL Project
  Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
index 9ed6f5f..75a1ece 100644 (file)
@@ -12,6 +12,7 @@ INSTALL.W64
 INSTALL.WCE
 MacOS/
 Makefile
+Makefile.bak
 Makefile.org
 Makefile.shared
 Netware/
@@ -34,7 +35,7 @@ apps/dsa-pca.pem
 apps/dsa1024.pem
 apps/dsa512.pem
 apps/dsap.pem
-apps/install.com
+apps/install-apps.com
 apps/makeapps.com
 apps/md4.c
 apps/oid.cnf
@@ -56,6 +57,7 @@ apps/server2.pem
 apps/set/
 apps/testCA.pem
 apps/tsget
+apps/vms_decc_init.c
 apps/winrand.c
 bugs/
 certs/
@@ -198,7 +200,7 @@ crypto/ia64cpuid.S
 crypto/idea/Makefile
 crypto/idea/idea_spd.c
 crypto/idea/ideatest.c
-crypto/install.com
+crypto/install-crypto.com
 crypto/jpake/
 crypto/krb5/
 crypto/lhash/Makefile
@@ -320,6 +322,7 @@ crypto/threads/win32.bat
 crypto/ts/Makefile
 crypto/txt_db/Makefile
 crypto/ui/Makefile
+crypto/vms_rms.h
 crypto/whrlpool/Makefile
 crypto/whrlpool/wp_test.c
 crypto/x509/Makefile
@@ -370,7 +373,7 @@ os2/
 perl/
 shlib/
 ssl/Makefile
-ssl/install.com
+ssl/install-ssl.com
 ssl/ssl-lib.com
 ssl/ssl_task.c
 ssl/ssltest.c
index c279771..feb7ed4 100644 (file)
@@ -798,7 +798,9 @@ X509 *load_cert(BIO *err, const char *file, int format,
        if (file == NULL)
                {
 #ifdef _IONBF
+# ifndef OPENSSL_NO_SETVBUF_IONBF
                setvbuf(stdin, NULL, _IONBF, 0);
+# endif /* ndef OPENSSL_NO_SETVBUF_IONBF */
 #endif
                BIO_set_fp(cert,stdin,BIO_NOCLOSE);
                }
@@ -899,7 +901,9 @@ EVP_PKEY *load_key(BIO *err, const char *file, int format, int maybe_stdin,
        if (file == NULL && maybe_stdin)
                {
 #ifdef _IONBF
+# ifndef OPENSSL_NO_SETVBUF_IONBF
                setvbuf(stdin, NULL, _IONBF, 0);
+# endif /* ndef OPENSSL_NO_SETVBUF_IONBF */
 #endif
                BIO_set_fp(key,stdin,BIO_NOCLOSE);
                }
@@ -988,7 +992,9 @@ EVP_PKEY *load_pubkey(BIO *err, const char *file, int format, int maybe_stdin,
        if (file == NULL && maybe_stdin)
                {
 #ifdef _IONBF
+# ifndef OPENSSL_NO_SETVBUF_IONBF
                setvbuf(stdin, NULL, _IONBF, 0);
+# endif /* ndef OPENSSL_NO_SETVBUF_IONBF */
 #endif
                BIO_set_fp(key,stdin,BIO_NOCLOSE);
                }
index b5d65e7..0d66070 100644 (file)
@@ -408,6 +408,7 @@ static int do_generate(BIO *bio, char *genstr, char *genconf, BUF_MEM *buf)
 
        atyp = ASN1_generate_nconf(genstr, cnf);
        NCONF_free(cnf);
+       cnf = NULL;
 
        if (!atyp)
                return -1;
index c28d8b1..076225c 100644 (file)
@@ -393,8 +393,10 @@ bad:
 
        if (inf == NULL)
                {
+#ifndef OPENSSL_NO_SETVBUF_IONBF
                if (bufsize != NULL)
                        setvbuf(stdin, (char *)NULL, _IONBF, 0);
+#endif /* ndef OPENSSL_NO_SETVBUF_IONBF */
                BIO_set_fp(in,stdin,BIO_NOCLOSE);
                }
        else
@@ -447,8 +449,10 @@ bad:
        if (outf == NULL)
                {
                BIO_set_fp(out,stdout,BIO_NOCLOSE);
+#ifndef OPENSSL_NO_SETVBUF_IONBF
                if (bufsize != NULL)
                        setvbuf(stdout, (char *)NULL, _IONBF, 0);
+#endif /* ndef OPENSSL_NO_SETVBUF_IONBF */
 #ifdef OPENSSL_SYS_VMS
                {
                BIO *tmpbio = BIO_new(BIO_f_linebuffer());
index 851e639..dab057b 100644 (file)
@@ -212,8 +212,13 @@ static void lock_dbg_cb(int mode, int type, const char *file, int line)
                }
        }
 
+#if defined( OPENSSL_SYS_VMS) && (__INITIAL_POINTER_SIZE == 64)
+# define ARGV _Argv
+#else
+# define ARGV Argv
+#endif
 
-int main(int Argc, char *Argv[])
+int main(int Argc, char *ARGV[])
        {
        ARGS arg;
 #define PROG_NAME_SIZE 39
@@ -227,7 +232,55 @@ int main(int Argc, char *Argv[])
        char **argv,*p;
        LHASH_OF(FUNCTION) *prog=NULL;
        long errline;
+
+#if defined( OPENSSL_SYS_VMS) && (__INITIAL_POINTER_SIZE == 64)
+       /* 2011-03-22 SMS.
+        * If we have 32-bit pointers everywhere, then we're safe, and
+        * we bypass this mess, as on non-VMS systems.  (See ARGV,
+        * above.)
+        * Problem 1: Compaq/HP C before V7.3 always used 32-bit
+        * pointers for argv[].
+        * Fix 1: For a 32-bit argv[], when we're using 64-bit pointers
+        * everywhere else, we always allocate and use a 64-bit
+        * duplicate of argv[].
+        * Problem 2: Compaq/HP C V7.3 (Alpha, IA64) before ECO1 failed
+        * to NULL-terminate a 64-bit argv[].  (As this was written, the
+        * compiler ECO was available only on IA64.)
+        * Fix 2: Unless advised not to (VMS_TRUST_ARGV), we test a
+        * 64-bit argv[argc] for NULL, and, if necessary, use a
+        * (properly) NULL-terminated (64-bit) duplicate of argv[].
+        * The same code is used in either case to duplicate argv[].
+        * Some of these decisions could be handled in preprocessing,
+        * but the code tends to get even uglier, and the penalty for
+        * deciding at compile- or run-time is tiny.
+        */
+       char **Argv = NULL;
+       int free_Argv = 0;
+
+       if ((sizeof( _Argv) < 8)        /* 32-bit argv[]. */
+# if !defined( VMS_TRUST_ARGV)
+        || (_Argv[ Argc] != NULL)      /* Untrusted argv[argc] not NULL. */
+# endif
+               )
+               {
+               int i;
+               Argv = OPENSSL_malloc( (Argc+ 1)* sizeof( char *));
+               if (Argv == NULL)
+                       { ret = -1; goto end; }
+               for(i = 0; i < Argc; i++)
+                       Argv[i] = _Argv[i];
+               Argv[ Argc] = NULL;     /* Certain NULL termination. */
+               free_Argv = 1;
+               }
+       else
+               {
+               /* Use the known-good 32-bit argv[] (which needs the
+                * type cast to satisfy the compiler), or the trusted or
+                * tested-good 64-bit argv[] as-is. */
+               Argv = (char **)_Argv;
+               }
+#endif /* defined( OPENSSL_SYS_VMS) && (__INITIAL_POINTER_SIZE == 64) */
+
        arg.data=NULL;
        arg.count=0;
 
@@ -373,6 +426,13 @@ end:
                BIO_free(bio_err);
                bio_err=NULL;
                }
+#if defined( OPENSSL_SYS_VMS) && (__INITIAL_POINTER_SIZE == 64)
+       /* Free any duplicate Argv[] storage. */
+       if (free_Argv)
+               {
+               OPENSSL_free(Argv);
+               }
+#endif
        OPENSSL_EXIT(ret);
        }
 
index 514a02e..b54c6f8 100644 (file)
@@ -647,7 +647,7 @@ int MAIN(int argc, char **argv)
 
     if (!twopass) BUF_strlcpy(macpass, pass, sizeof macpass);
 
-    if (options & INFO) BIO_printf (bio_err, "MAC Iteration %ld\n", p12->mac->iter ? ASN1_INTEGER_get (p12->mac->iter) : 1);
+    if ((options & INFO) && p12->mac) BIO_printf (bio_err, "MAC Iteration %ld\n", p12->mac->iter ? ASN1_INTEGER_get (p12->mac->iter) : 1);
     if(macver) {
 #ifdef CRYPTO_MDEBUG
     CRYPTO_push_info("verify MAC");
index 0cb7f24..65f85fe 100644 (file)
@@ -2703,6 +2703,7 @@ static int do_multi(int multi)
                                else
                                        rsa_results[k][1]=d;
                                }
+#ifndef OPENSSL_NO_DSA
                        else if(!strncmp(buf,"+F3:",4))
                                {
                                int k;
@@ -2724,6 +2725,7 @@ static int do_multi(int multi)
                                else
                                        dsa_results[k][1]=d;
                                }
+#endif
 #ifndef OPENSSL_NO_ECDSA
                        else if(!strncmp(buf,"+F4:",4))
                                {
index e5fbe7c..3978c91 100644 (file)
@@ -139,7 +139,7 @@ int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num)
                                ASN1err(ASN1_F_A2D_ASN1_OBJECT,ASN1_R_INVALID_DIGIT);
                                goto err;
                                }
-                       if (!use_bn && l > (ULONG_MAX / 10L))
+                       if (!use_bn && l >= ((ULONG_MAX - 80) / 10L))
                                {
                                use_bn = 1;
                                if (!bl)
@@ -293,7 +293,7 @@ ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,
        /* Sanity check OID encoding: can't have leading 0x80 in
         * subidentifiers, see: X.690 8.19.2
         */
-       for (i = 0, p = *pp + 1; i < len - 1; i++, p++)
+       for (i = 0, p = *pp; i < len; i++, p++)
                {
                if (*p == 0x80 && (!i || !(p[-1] & 0x80)))
                        {
index 370389b..b91f97a 100644 (file)
@@ -57,9 +57,6 @@
 #include <openssl/bio.h>
 #include <openssl/err.h>
 
-#ifndef OPENSSL_SYSNAME_NETWARE
-#include <memory.h>
-#endif
 #include <stdio.h>
 
 /* Experimental NDEF ASN1 BIO support routines */
index caa4409..49be08b 100644 (file)
@@ -214,7 +214,9 @@ static int x509_name_ex_d2i(ASN1_VALUE **val,
        *val = nm.a;
        *in = p;
        return ret;
-       err:
+err:
+        if (nm.x != NULL)
+               X509_NAME_free(nm.x);
        ASN1err(ASN1_F_X509_NAME_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
        return 0;
 }
@@ -464,7 +466,8 @@ static int asn1_string_canon(ASN1_STRING *out, ASN1_STRING *in)
                        }
                else
                        {
-                       *to++ = tolower(*from++);
+                       *to++ = tolower(*from);
+                       from++;
                        i++;
                        }
                }
index 12b0a53..d47310d 100644 (file)
@@ -551,7 +551,30 @@ int BIO_socket_ioctl(int fd, long type, void *arg)
 #ifdef __DJGPP__
        i=ioctlsocket(fd,type,(char *)arg);
 #else
-       i=ioctlsocket(fd,type,arg);
+# if defined(OPENSSL_SYS_VMS)
+       /* 2011-02-18 SMS.
+        * VMS ioctl() can't tolerate a 64-bit "void *arg", but we
+        * observe that all the consumers pass in an "unsigned long *",
+        * so we arrange a local copy with a short pointer, and use
+        * that, instead.
+        */
+#  if __INITIAL_POINTER_SIZE == 64
+#   define ARG arg_32p
+#   pragma pointer_size save
+#   pragma pointer_size 32
+       unsigned long arg_32;
+       unsigned long *arg_32p;
+#   pragma pointer_size restore
+       arg_32p = &arg_32;
+       arg_32 = *((unsigned long *) arg);
+#  else /* __INITIAL_POINTER_SIZE == 64 */
+#   define ARG arg
+#  endif /* __INITIAL_POINTER_SIZE == 64 [else] */
+# else /* defined(OPENSSL_SYS_VMS) */
+#  define ARG arg
+# endif /* defined(OPENSSL_SYS_VMS) [else] */
+
+       i=ioctlsocket(fd,type,ARG);
 #endif /* __DJGPP__ */
        if (i < 0)
                SYSerr(SYS_F_IOCTLSOCKET,get_last_socket_error());
@@ -660,6 +683,7 @@ int BIO_get_accept_socket(char *host, int bind_mode)
         * note that commonly IPv6 wildchard socket can service
         * IPv4 connections just as well...  */
        memset(&hint,0,sizeof(hint));
+       hint.ai_flags = AI_PASSIVE;
        if (h)
                {
                if (strchr(h,':'))
@@ -672,7 +696,10 @@ int BIO_get_accept_socket(char *host, int bind_mode)
 #endif
                        }
                else if (h[0]=='*' && h[1]=='\0')
+                       {
+                       hint.ai_family = AF_INET;
                        h=NULL;
+                       }
                }
 
        if ((*p_getaddrinfo.f)(h,p,&hint,&res)) break;
index 07d012a..71ebe98 100644 (file)
@@ -57,7 +57,6 @@
  *
  */
 
-#ifndef OPENSSL_NO_DGRAM
 
 #include <stdio.h>
 #include <errno.h>
@@ -65,6 +64,7 @@
 #include "cryptlib.h"
 
 #include <openssl/bio.h>
+#ifndef OPENSSL_NO_DGRAM
 
 #if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS)
 #include <sys/timeb.h>
@@ -308,7 +308,6 @@ static int dgram_read(BIO *b, char *out, int outl)
                        OPENSSL_assert(sa.len.s<=sizeof(sa.peer));
                        sa.len.i = (int)sa.len.s;
                        }
-               dgram_reset_rcv_timeout(b);
 
                if ( ! data->connected  && ret >= 0)
                        BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, &sa.peer);
@@ -322,6 +321,8 @@ static int dgram_read(BIO *b, char *out, int outl)
                                data->_errno = get_last_socket_error();
                                }
                        }
+
+               dgram_reset_rcv_timeout(b);
                }
        return(ret);
        }
@@ -745,9 +746,13 @@ static int BIO_dgram_should_retry(int i)
                {
                err=get_last_socket_error();
 
-#if defined(OPENSSL_SYS_WINDOWS) && 0 /* more microsoft stupidity? perhaps not? Ben 4/1/99 */
-               if ((i == -1) && (err == 0))
-                       return(1);
+#if defined(OPENSSL_SYS_WINDOWS)
+       /* If the socket return value (i) is -1
+        * and err is unexpectedly 0 at this point,
+        * the error code was overwritten by
+        * another system call before this error
+        * handling is called.
+        */
 #endif
 
                return(BIO_dgram_non_fatal_error(err));
@@ -810,7 +815,6 @@ int BIO_dgram_non_fatal_error(int err)
                }
        return(0);
        }
-#endif
 
 static void get_current_time(struct timeval *t)
        {
@@ -828,3 +832,5 @@ static void get_current_time(struct timeval *t)
        gettimeofday(t, NULL);
 #endif
        }
+
+#endif
index 7ead044..b7dce5c 100644 (file)
 #  include <descrip.h>
 #  include <lib$routines.h>
 #  include <starlet.h>
+/* Some compiler options may mask the declaration of "_malloc32". */
+#  if __INITIAL_POINTER_SIZE && defined _ANSI_C_SOURCE
+#    if __INITIAL_POINTER_SIZE == 64
+#      pragma pointer_size save
+#      pragma pointer_size 32
+    void * _malloc32  (__size_t);
+#      pragma pointer_size restore
+#    endif /* __INITIAL_POINTER_SIZE == 64 */
+#  endif /* __INITIAL_POINTER_SIZE && defined _ANSI_C_SOURCE */
 #elif defined(__ultrix)
 #  include <sys/syslog.h>
 #elif defined(OPENSSL_SYS_NETWARE)
@@ -300,7 +309,24 @@ static void xopenlog(BIO* bp, char* name, int level)
 static void xsyslog(BIO *bp, int priority, const char *string)
 {
        struct dsc$descriptor_s opc_dsc;
+
+/* Arrange 32-bit pointer to opcdef buffer and malloc(), if needed. */
+#if __INITIAL_POINTER_SIZE == 64
+# pragma pointer_size save
+# pragma pointer_size 32
+# define OPCDEF_TYPE __char_ptr32
+# define OPCDEF_MALLOC _malloc32
+#else /* __INITIAL_POINTER_SIZE == 64 */
+# define OPCDEF_TYPE char *
+# define OPCDEF_MALLOC OPENSSL_malloc
+#endif /* __INITIAL_POINTER_SIZE == 64 [else] */
+
        struct opcdef *opcdef_p;
+
+#if __INITIAL_POINTER_SIZE == 64
+# pragma pointer_size restore
+#endif /* __INITIAL_POINTER_SIZE == 64 */
+
        char buf[10240];
        unsigned int len;
         struct dsc$descriptor_s buf_dsc;
@@ -326,8 +352,8 @@ static void xsyslog(BIO *bp, int priority, const char *string)
 
        lib$sys_fao(&fao_cmd, &len, &buf_dsc, priority_tag, string);
 
-       /* we know there's an 8 byte header.  That's documented */
-       opcdef_p = (struct opcdef *) OPENSSL_malloc(8 + len);
+       /* We know there's an 8-byte header.  That's documented. */
+       opcdef_p = OPCDEF_MALLOC( 8+ len);
        opcdef_p->opc$b_ms_type = OPC$_RQ_RQST;
        memcpy(opcdef_p->opc$z_ms_target_classes, &VMS_OPC_target, 3);
        opcdef_p->opc$l_ms_rqstid = 0;
@@ -335,7 +361,7 @@ static void xsyslog(BIO *bp, int priority, const char *string)
 
        opc_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
        opc_dsc.dsc$b_class = DSC$K_CLASS_S;
-       opc_dsc.dsc$a_pointer = (char *)opcdef_p;
+       opc_dsc.dsc$a_pointer = (OPCDEF_TYPE) opcdef_p;
        opc_dsc.dsc$w_length = len + 8;
 
        sys$sndopr(opc_dsc, 0);
index e484b7f..a0bc478 100644 (file)
@@ -253,6 +253,24 @@ extern "C" {
 #define BN_HEX_FMT2    "%08X"
 #endif
 
+/* 2011-02-22 SMS.
+ * In various places, a size_t variable or a type cast to size_t was
+ * used to perform integer-only operations on pointers.  This failed on
+ * VMS with 64-bit pointers (CC /POINTER_SIZE = 64) because size_t is
+ * still only 32 bits.  What's needed in these cases is an integer type
+ * with the same size as a pointer, which size_t is not certain to be. 
+ * The only fix here is VMS-specific.
+ */
+#if defined(OPENSSL_SYS_VMS)
+# if __INITIAL_POINTER_SIZE == 64
+#  define PTR_SIZE_INT long long
+# else /* __INITIAL_POINTER_SIZE == 64 */
+#  define PTR_SIZE_INT int
+# endif /* __INITIAL_POINTER_SIZE == 64 [else] */
+#else /* defined(OPENSSL_SYS_VMS) */
+# define PTR_SIZE_INT size_t
+#endif /* defined(OPENSSL_SYS_VMS) [else] */
+
 #define BN_DEFAULT_BITS        1280
 
 #define BN_FLG_MALLOCED                0x01
index 527b0fa..432a3aa 100644 (file)
@@ -545,6 +545,7 @@ int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
                {
                while (!BN_is_odd(u))
                        {
+                       if (BN_is_zero(u)) goto err;
                        if (!BN_rshift1(u, u)) goto err;
                        if (BN_is_odd(b))
                                {
index 7224637..1a86688 100644 (file)
@@ -277,7 +277,7 @@ static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont)
        m1|=m2;                 /* (al!=ri) */
        m1|=(0-(size_t)v);      /* (al!=ri || v) */
        m1&=~m2;                /* (al!=ri || v) && !al>ri */
-       nrp=(BN_ULONG *)(((size_t)rp&~m1)|((size_t)ap&m1));
+       nrp=(BN_ULONG *)(((PTR_SIZE_INT)rp&~m1)|((PTR_SIZE_INT)ap&m1));
        }
 
        /* 'i<ri' is chosen to eliminate dependency on input data, even
index 2ca5b01..c6de032 100644 (file)
@@ -354,7 +354,7 @@ int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
                 buf[BN_NIST_192_TOP],
                 c_d[BN_NIST_192_TOP],
                *res;
-       size_t   mask;
+       PTR_SIZE_INT mask;
        static const BIGNUM _bignum_nist_p_192_sqr = {
                (BN_ULONG *)_nist_p_192_sqr,
                sizeof(_nist_p_192_sqr)/sizeof(_nist_p_192_sqr[0]),
@@ -405,9 +405,10 @@ int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
         * 'tmp=result-modulus; if (!carry || !borrow) result=tmp;'
         * this is what happens below, but without explicit if:-) a.
         */
-       mask  = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_192[0],BN_NIST_192_TOP);
-       mask &= 0-(size_t)carry;
-       res   = (BN_ULONG *)(((size_t)c_d&~mask) | ((size_t)r_d&mask));
+       mask  = 0-(PTR_SIZE_INT)bn_sub_words(c_d,r_d,_nist_p_192[0],BN_NIST_192_TOP);
+       mask &= 0-(PTR_SIZE_INT)carry;
+       res   = (BN_ULONG *)
+        (((PTR_SIZE_INT)c_d&~mask) | ((PTR_SIZE_INT)r_d&mask));
        nist_cp_bn(r_d, res, BN_NIST_192_TOP);
        r->top = BN_NIST_192_TOP;
        bn_correct_top(r);
@@ -438,8 +439,8 @@ int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
                 buf[BN_NIST_224_TOP],
                 c_d[BN_NIST_224_TOP],
                *res;
-       size_t   mask;
-       union { bn_addsub_f f; size_t p; } u;
+       PTR_SIZE_INT mask;
+       union { bn_addsub_f f; PTR_SIZE_INT p; } u;
        static const BIGNUM _bignum_nist_p_224_sqr = {
                (BN_ULONG *)_nist_p_224_sqr,
                sizeof(_nist_p_224_sqr)/sizeof(_nist_p_224_sqr[0]),
@@ -510,16 +511,18 @@ int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
                 * to be compared to the modulus and conditionally
                 * adjusted by *subtracting* the latter. */
                carry = (int)bn_add_words(r_d,r_d,_nist_p_224[-carry-1],BN_NIST_224_TOP);
-               mask = 0-(size_t)carry;
-               u.p = ((size_t)bn_sub_words&mask) | ((size_t)bn_add_words&~mask);
+               mask = 0-(PTR_SIZE_INT)carry;
+               u.p = ((PTR_SIZE_INT)bn_sub_words&mask) |
+                ((PTR_SIZE_INT)bn_add_words&~mask);
                }
        else
                carry = 1;
 
        /* otherwise it's effectively same as in BN_nist_mod_192... */
-       mask  = 0-(size_t)(*u.f)(c_d,r_d,_nist_p_224[0],BN_NIST_224_TOP);
-       mask &= 0-(size_t)carry;
-       res   = (BN_ULONG *)(((size_t)c_d&~mask) | ((size_t)r_d&mask));
+       mask  = 0-(PTR_SIZE_INT)(*u.f)(c_d,r_d,_nist_p_224[0],BN_NIST_224_TOP);
+       mask &= 0-(PTR_SIZE_INT)carry;
+       res   = (BN_ULONG *)(((PTR_SIZE_INT)c_d&~mask) |
+        ((PTR_SIZE_INT)r_d&mask));
        nist_cp_bn(r_d, res, BN_NIST_224_TOP);
        r->top = BN_NIST_224_TOP;
        bn_correct_top(r);
@@ -549,8 +552,8 @@ int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
                 buf[BN_NIST_256_TOP],
                 c_d[BN_NIST_256_TOP],
                *res;
-       size_t   mask;
-       union { bn_addsub_f f; size_t p; } u;
+       PTR_SIZE_INT mask;
+       union { bn_addsub_f f; PTR_SIZE_INT p; } u;
        static const BIGNUM _bignum_nist_p_256_sqr = {
                (BN_ULONG *)_nist_p_256_sqr,
                sizeof(_nist_p_256_sqr)/sizeof(_nist_p_256_sqr[0]),
@@ -629,15 +632,17 @@ int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
        else if (carry < 0)
                {
                carry = (int)bn_add_words(r_d,r_d,_nist_p_256[-carry-1],BN_NIST_256_TOP);
-               mask = 0-(size_t)carry;
-               u.p = ((size_t)bn_sub_words&mask) | ((size_t)bn_add_words&~mask);
+               mask = 0-(PTR_SIZE_INT)carry;
+               u.p = ((PTR_SIZE_INT)bn_sub_words&mask) |
+                ((PTR_SIZE_INT)bn_add_words&~mask);
                }
        else
                carry = 1;
 
-       mask  = 0-(size_t)(*u.f)(c_d,r_d,_nist_p_256[0],BN_NIST_256_TOP);
-       mask &= 0-(size_t)carry;
-       res   = (BN_ULONG *)(((size_t)c_d&~mask) | ((size_t)r_d&mask));
+       mask  = 0-(PTR_SIZE_INT)(*u.f)(c_d,r_d,_nist_p_256[0],BN_NIST_256_TOP);
+       mask &= 0-(PTR_SIZE_INT)carry;
+       res   = (BN_ULONG *)(((PTR_SIZE_INT)c_d&~mask) |
+        ((PTR_SIZE_INT)r_d&mask));
        nist_cp_bn(r_d, res, BN_NIST_256_TOP);
        r->top = BN_NIST_256_TOP;
        bn_correct_top(r);
@@ -671,8 +676,8 @@ int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
                 buf[BN_NIST_384_TOP],
                 c_d[BN_NIST_384_TOP],
                *res;
-       size_t   mask;
-       union { bn_addsub_f f; size_t p; } u;
+       PTR_SIZE_INT mask;
+       union { bn_addsub_f f; PTR_SIZE_INT p; } u;
        static const BIGNUM _bignum_nist_p_384_sqr = {
                (BN_ULONG *)_nist_p_384_sqr,
                sizeof(_nist_p_384_sqr)/sizeof(_nist_p_384_sqr[0]),
@@ -754,15 +759,17 @@ int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
        else if (carry < 0)
                {
                carry = (int)bn_add_words(r_d,r_d,_nist_p_384[-carry-1],BN_NIST_384_TOP);
-               mask = 0-(size_t)carry;
-               u.p = ((size_t)bn_sub_words&mask) | ((size_t)bn_add_words&~mask);
+               mask = 0-(PTR_SIZE_INT)carry;
+               u.p = ((PTR_SIZE_INT)bn_sub_words&mask) |
+                ((PTR_SIZE_INT)bn_add_words&~mask);
                }
        else
                carry = 1;
 
-       mask  = 0-(size_t)(*u.f)(c_d,r_d,_nist_p_384[0],BN_NIST_384_TOP);
-       mask &= 0-(size_t)carry;
-       res   = (BN_ULONG *)(((size_t)c_d&~mask) | ((size_t)r_d&mask));
+       mask  = 0-(PTR_SIZE_INT)(*u.f)(c_d,r_d,_nist_p_384[0],BN_NIST_384_TOP);
+       mask &= 0-(PTR_SIZE_INT)carry;
+       res   = (BN_ULONG *)(((PTR_SIZE_INT)c_d&~mask) |
+        ((PTR_SIZE_INT)r_d&mask));
        nist_cp_bn(r_d, res, BN_NIST_384_TOP);
        r->top = BN_NIST_384_TOP;
        bn_correct_top(r);
@@ -781,7 +788,7 @@ int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
        BN_ULONG *r_d, *a_d = a->d,
                 t_d[BN_NIST_521_TOP],
                 val,tmp,*res;
-       size_t  mask;
+       PTR_SIZE_INT mask;
        static const BIGNUM _bignum_nist_p_521_sqr = {
                (BN_ULONG *)_nist_p_521_sqr,
                sizeof(_nist_p_521_sqr)/sizeof(_nist_p_521_sqr[0]),
@@ -826,8 +833,9 @@ int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
        r_d[i] &= BN_NIST_521_TOP_MASK;
 
        bn_add_words(r_d,r_d,t_d,BN_NIST_521_TOP);
-       mask = 0-(size_t)bn_sub_words(t_d,r_d,_nist_p_521,BN_NIST_521_TOP);
-       res  = (BN_ULONG *)(((size_t)t_d&~mask) | ((size_t)r_d&mask));
+       mask = 0-(PTR_SIZE_INT)bn_sub_words(t_d,r_d,_nist_p_521,BN_NIST_521_TOP);
+       res  = (BN_ULONG *)(((PTR_SIZE_INT)t_d&~mask) |
+        ((PTR_SIZE_INT)r_d&mask));
        nist_cp_bn(r_d,res,BN_NIST_521_TOP);
        r->top = BN_NIST_521_TOP;
        bn_correct_top(r);
index 0c1ee2b..f5fcbb9 100644 (file)
@@ -64,6 +64,7 @@
 #endif
 
 #include <assert.h>
+#include <stdlib.h>
 #include <string.h>
 #include <openssl/conf.h>
 #include <openssl/conf_api.h>
index 14bae0d..24fe123 100644 (file)
@@ -731,7 +731,6 @@ BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason,
        case DLL_THREAD_ATTACH:
                break;
        case DLL_THREAD_DETACH:
-               ERR_remove_state(0);
                break;
        case DLL_PROCESS_DETACH:
                break;
index 4ce91e2..e2df54f 100644 (file)
@@ -187,6 +187,7 @@ static int pkey_dsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
                case EVP_PKEY_CTRL_MD:
                if (EVP_MD_type((const EVP_MD *)p2) != NID_sha1   &&
                    EVP_MD_type((const EVP_MD *)p2) != NID_dsa    &&
+                   EVP_MD_type((const EVP_MD *)p2) != NID_dsaWithSHA    &&
                    EVP_MD_type((const EVP_MD *)p2) != NID_sha224 &&
                    EVP_MD_type((const EVP_MD *)p2) != NID_sha256)
                        {
index 14bd322..c2bc617 100644 (file)
@@ -85,6 +85,7 @@ DSO_METHOD *DSO_METHOD_dlfcn(void)
 # define HAVE_DLINFO 1
 # if defined(_AIX) || defined(__CYGWIN__) || \
      defined(__SCO_VERSION__) || defined(_SCO_ELF) || \
+     (defined(__osf__) && !defined(RTLD_NEXT))     || \
      (defined(__OpenBSD__) && !defined(RTLD_SELF))
 #  undef HAVE_DLINFO
 # endif
index 551cf50..1bbf328 100644 (file)
@@ -144,6 +144,14 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp,
                        }
                while (BN_is_zero(k));
 
+               /* We do not want timing information to leak the length of k,
+                * so we compute G*k using an equivalent scalar of fixed
+                * bit-length. */
+
+               if (!BN_add(k, k, order)) goto err;
+               if (BN_num_bits(k) <= BN_num_bits(order))
+                       if (!BN_add(k, k, order)) goto err;
+
                /* compute r the x-coordinate of generator * k */
                if (!EC_POINT_mul(group, tmp_point, k, NULL, NULL, ctx))
                {
index 985921c..71e8567 100644 (file)
@@ -147,6 +147,8 @@ static int int_update(EVP_MD_CTX *ctx,const void *data,size_t count)
 
 static int hmac_signctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx)
        {
+       HMAC_PKEY_CTX *hctx = ctx->data;
+       HMAC_CTX_set_flags(&hctx->ctx, mctx->flags & ~EVP_MD_CTX_FLAG_NO_INIT);
        EVP_MD_CTX_set_flags(mctx, EVP_MD_CTX_FLAG_NO_INIT);
        mctx->update = int_update;
        return 1;
index eecbdd1..9030fde 100644 (file)
 #include "o_time.h"
 
 #ifdef OPENSSL_SYS_VMS
-# include <libdtdef.h>
-# include <lib$routines.h>
-# include <lnmdef.h>
-# include <starlet.h>
-# include <descrip.h>
-# include <stdlib.h>
+# if __CRTL_VER >= 70000000 && \
+     (defined _POSIX_C_SOURCE || !defined _ANSI_C_SOURCE)
+#  define VMS_GMTIME_OK
+# endif
+# ifndef VMS_GMTIME_OK
+#  include <libdtdef.h>
+#  include <lib$routines.h>
+#  include <lnmdef.h>
+#  include <starlet.h>
+#  include <descrip.h>
+#  include <stdlib.h>
+# endif /* ndef VMS_GMTIME_OK */
 #endif
 
 struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result)
@@ -81,7 +87,7 @@ struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result)
           so we don't even look at the return value */
        gmtime_r(timer,result);
        ts = result;
-#elif !defined(OPENSSL_SYS_VMS)
+#elif !defined(OPENSSL_SYS_VMS) || defined(VMS_GMTIME_OK)
        ts = gmtime(timer);
        if (ts == NULL)
                return NULL;
@@ -89,7 +95,7 @@ struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result)
        memcpy(result, ts, sizeof(struct tm));
        ts = result;
 #endif
-#ifdef OPENSSL_SYS_VMS
+#if defined( OPENSSL_SYS_VMS) && !defined( VMS_GMTIME_OK)
        if (ts == NULL)
                {
                static $DESCRIPTOR(tabnam,"LNM$DCL_LOGICAL");
index 36905d7..e92b86c 100644 (file)
@@ -170,14 +170,14 @@ int OCSP_parse_url(char *url, char **phost, char **pport, char **ppath, int *pss
 
        char *host, *port;
 
-       /* dup the buffer since we are going to mess with it */
-       buf = BUF_strdup(url);
-       if (!buf) goto mem_err;
-
        *phost = NULL;
        *pport = NULL;
        *ppath = NULL;
 
+       /* dup the buffer since we are going to mess with it */
+       buf = BUF_strdup(url);
+       if (!buf) goto mem_err;
+
        /* Check for initial colon */
        p = strchr(buf, ':');
 
index e7fca83..310a338 100644 (file)
  * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
  *  major minor fix final patch/beta)
  */
-#define OPENSSL_VERSION_NUMBER 0x1000004fL
+#define OPENSSL_VERSION_NUMBER 0x1000005fL
 #ifdef OPENSSL_FIPS
-#define OPENSSL_VERSION_TEXT   "OpenSSL 1.0.0d-fips 8 Feb 2011"
+#define OPENSSL_VERSION_TEXT   "OpenSSL 1.0.0e-fips 6 Sep 2011"
 #else
-#define OPENSSL_VERSION_TEXT   "OpenSSL 1.0.0d 8 Feb 2011"
+#define OPENSSL_VERSION_TEXT   "OpenSSL 1.0.0e 6 Sep 2011"
 #endif
 #define OPENSSL_VERSION_PTEXT  " part of " OPENSSL_VERSION_TEXT
 
index e43dc9a..6fc2510 100644 (file)
@@ -158,7 +158,6 @@ sub cbc
        &jmp_ptr($count);
 
 &set_label("ej7");
-       &xor("edx",             "edx") if $ppro; # ppro friendly
        &movb(&HB("edx"),       &BP(6,$in,"",0));
        &shl("edx",8);
 &set_label("ej6");
@@ -170,7 +169,6 @@ sub cbc
        &jmp(&label("ejend"));
 &set_label("ej3");
        &movb(&HB("ecx"),       &BP(2,$in,"",0));
-       &xor("ecx",             "ecx") if $ppro; # ppro friendly
        &shl("ecx",8);
 &set_label("ej2");
        &movb(&HB("ecx"),       &BP(1,$in,"",0));
index f9b709e..bc7d9c5 100644 (file)
@@ -144,7 +144,9 @@ int RAND_load_file(const char *file, long bytes)
           * I/O because we will waste system entropy. 
           */
          bytes = (bytes == -1) ? 2048 : bytes; /* ok, is 2048 enough? */
+#ifndef OPENSSL_NO_SETVBUF_IONBF
          setvbuf(in, NULL, _IONBF, 0); /* don't do buffered reads */
+#endif /* ndef OPENSSL_NO_SETVBUF_IONBF */
        }
 #endif
        for (;;)
index e238d10..18d307e 100644 (file)
@@ -189,34 +189,40 @@ int PKCS1_MGF1(unsigned char *mask, long len,
        EVP_MD_CTX c;
        unsigned char md[EVP_MAX_MD_SIZE];
        int mdlen;
+       int rv = -1;
 
        EVP_MD_CTX_init(&c);
        mdlen = EVP_MD_size(dgst);
        if (mdlen < 0)
-               return -1;
+               goto err;
        for (i = 0; outlen < len; i++)
                {
                cnt[0] = (unsigned char)((i >> 24) & 255);
                cnt[1] = (unsigned char)((i >> 16) & 255);
                cnt[2] = (unsigned char)((i >> 8)) & 255;
                cnt[3] = (unsigned char)(i & 255);
-               EVP_DigestInit_ex(&c,dgst, NULL);
-               EVP_DigestUpdate(&c, seed, seedlen);
-               EVP_DigestUpdate(&c, cnt, 4);
+               if (!EVP_DigestInit_ex(&c,dgst, NULL)
+                       || !EVP_DigestUpdate(&c, seed, seedlen)
+                       || !EVP_DigestUpdate(&c, cnt, 4))
+                       goto err;
                if (outlen + mdlen <= len)
                        {
-                       EVP_DigestFinal_ex(&c, mask + outlen, NULL);
+                       if (!EVP_DigestFinal_ex(&c, mask + outlen, NULL))
+                               goto err;
                        outlen += mdlen;
                        }
                else
                        {
-                       EVP_DigestFinal_ex(&c, md, NULL);
+                       if (!EVP_DigestFinal_ex(&c, md, NULL))
+                               goto err;
                        memcpy(mask + outlen, md, len - outlen);
                        outlen = len;
                        }
                }
+       rv = 0;
+       err:
        EVP_MD_CTX_cleanup(&c);
-       return 0;
+       return rv;
        }
 
 static int MGF1(unsigned char *mask, long len, const unsigned char *seed,
index 39914bd..3e76aa5 100644 (file)
@@ -2056,31 +2056,6 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void)
 #define sk_OPENSSL_STRING_is_sorted(st) SKM_sk_is_sorted(OPENSSL_STRING, (st))
 
 
-#define sk_OPENSSL_BLOCK_new(cmp) ((STACK_OF(OPENSSL_BLOCK) *)sk_new(CHECKED_SK_CMP_FUNC(void, cmp)))
-#define sk_OPENSSL_BLOCK_new_null() ((STACK_OF(OPENSSL_BLOCK) *)sk_new_null())
-#define sk_OPENSSL_BLOCK_push(st, val) sk_push(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_PTR_OF(void, val))
-#define sk_OPENSSL_BLOCK_find(st, val) sk_find(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_PTR_OF(void, val))
-#define sk_OPENSSL_BLOCK_value(st, i) ((OPENSSL_BLOCK)sk_value(CHECKED_STACK_OF(OPENSSL_BLOCK, st), i))
-#define sk_OPENSSL_BLOCK_num(st) SKM_sk_num(OPENSSL_BLOCK, st)
-#define sk_OPENSSL_BLOCK_pop_free(st, free_func) sk_pop_free(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_SK_FREE_FUNC2(OPENSSL_BLOCK, free_func))
-#define sk_OPENSSL_BLOCK_insert(st, val, i) sk_insert(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_PTR_OF(void, val), i)
-#define sk_OPENSSL_BLOCK_free(st) SKM_sk_free(OPENSSL_BLOCK, st)
-#define sk_OPENSSL_BLOCK_set(st, i, val) sk_set(CHECKED_STACK_OF(OPENSSL_BLOCK, st), i, CHECKED_PTR_OF(void, val))
-#define sk_OPENSSL_BLOCK_zero(st) SKM_sk_zero(OPENSSL_BLOCK, (st))
-#define sk_OPENSSL_BLOCK_unshift(st, val) sk_unshift(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_PTR_OF(void, val))
-#define sk_OPENSSL_BLOCK_find_ex(st, val) sk_find_ex((_STACK *)CHECKED_CONST_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_CONST_PTR_OF(void, val))
-#define sk_OPENSSL_BLOCK_delete(st, i) SKM_sk_delete(OPENSSL_BLOCK, (st), (i))
-#define sk_OPENSSL_BLOCK_delete_ptr(st, ptr) (OPENSSL_BLOCK *)sk_delete_ptr(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_PTR_OF(void, ptr))
-#define sk_OPENSSL_BLOCK_set_cmp_func(st, cmp)  \
-       ((int (*)(const void * const *,const void * const *)) \
-       sk_set_cmp_func(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_SK_CMP_FUNC(void, cmp)))
-#define sk_OPENSSL_BLOCK_dup(st) SKM_sk_dup(OPENSSL_BLOCK, st)
-#define sk_OPENSSL_BLOCK_shift(st) SKM_sk_shift(OPENSSL_BLOCK, (st))
-#define sk_OPENSSL_BLOCK_pop(st) (void *)sk_pop(CHECKED_STACK_OF(OPENSSL_BLOCK, st))
-#define sk_OPENSSL_BLOCK_sort(st) SKM_sk_sort(OPENSSL_BLOCK, (st))
-#define sk_OPENSSL_BLOCK_is_sorted(st) SKM_sk_is_sorted(OPENSSL_BLOCK, (st))
-
-
 #define sk_OPENSSL_PSTRING_new(cmp) ((STACK_OF(OPENSSL_PSTRING) *)sk_new(CHECKED_SK_CMP_FUNC(OPENSSL_STRING, cmp)))
 #define sk_OPENSSL_PSTRING_new_null() ((STACK_OF(OPENSSL_PSTRING) *)sk_new_null())
 #define sk_OPENSSL_PSTRING_push(st, val) sk_push(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_PTR_OF(OPENSSL_STRING, val))
@@ -2106,6 +2081,31 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void)
 #define sk_OPENSSL_PSTRING_is_sorted(st) SKM_sk_is_sorted(OPENSSL_PSTRING, (st))
 
 
+#define sk_OPENSSL_BLOCK_new(cmp) ((STACK_OF(OPENSSL_BLOCK) *)sk_new(CHECKED_SK_CMP_FUNC(void, cmp)))
+#define sk_OPENSSL_BLOCK_new_null() ((STACK_OF(OPENSSL_BLOCK) *)sk_new_null())
+#define sk_OPENSSL_BLOCK_push(st, val) sk_push(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_PTR_OF(void, val))
+#define sk_OPENSSL_BLOCK_find(st, val) sk_find(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_PTR_OF(void, val))
+#define sk_OPENSSL_BLOCK_value(st, i) ((OPENSSL_BLOCK)sk_value(CHECKED_STACK_OF(OPENSSL_BLOCK, st), i))
+#define sk_OPENSSL_BLOCK_num(st) SKM_sk_num(OPENSSL_BLOCK, st)
+#define sk_OPENSSL_BLOCK_pop_free(st, free_func) sk_pop_free(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_SK_FREE_FUNC2(OPENSSL_BLOCK, free_func))
+#define sk_OPENSSL_BLOCK_insert(st, val, i) sk_insert(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_PTR_OF(void, val), i)
+#define sk_OPENSSL_BLOCK_free(st) SKM_sk_free(OPENSSL_BLOCK, st)
+#define sk_OPENSSL_BLOCK_set(st, i, val) sk_set(CHECKED_STACK_OF(OPENSSL_BLOCK, st), i, CHECKED_PTR_OF(void, val))
+#define sk_OPENSSL_BLOCK_zero(st) SKM_sk_zero(OPENSSL_BLOCK, (st))
+#define sk_OPENSSL_BLOCK_unshift(st, val) sk_unshift(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_PTR_OF(void, val))
+#define sk_OPENSSL_BLOCK_find_ex(st, val) sk_find_ex((_STACK *)CHECKED_CONST_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_CONST_PTR_OF(void, val))
+#define sk_OPENSSL_BLOCK_delete(st, i) SKM_sk_delete(OPENSSL_BLOCK, (st), (i))
+#define sk_OPENSSL_BLOCK_delete_ptr(st, ptr) (OPENSSL_BLOCK *)sk_delete_ptr(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_PTR_OF(void, ptr))
+#define sk_OPENSSL_BLOCK_set_cmp_func(st, cmp)  \
+       ((int (*)(const void * const *,const void * const *)) \
+       sk_set_cmp_func(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_SK_CMP_FUNC(void, cmp)))
+#define sk_OPENSSL_BLOCK_dup(st) SKM_sk_dup(OPENSSL_BLOCK, st)
+#define sk_OPENSSL_BLOCK_shift(st) SKM_sk_shift(OPENSSL_BLOCK, (st))
+#define sk_OPENSSL_BLOCK_pop(st) (void *)sk_pop(CHECKED_STACK_OF(OPENSSL_BLOCK, st))
+#define sk_OPENSSL_BLOCK_sort(st) SKM_sk_sort(OPENSSL_BLOCK, (st))
+#define sk_OPENSSL_BLOCK_is_sorted(st) SKM_sk_is_sorted(OPENSSL_BLOCK, (st))
+
+
 #define d2i_ASN1_SET_OF_ACCESS_DESCRIPTION(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
        SKM_ASN1_SET_OF_d2i(ACCESS_DESCRIPTION, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
 #define i2d_ASN1_SET_OF_ACCESS_DESCRIPTION(st, pp, i2d_func, ex_tag, ex_class, is_set) \
index bd6695d..5a0b024 100644 (file)
@@ -703,6 +703,7 @@ static int check_cert(X509_STORE_CTX *ctx)
        x = sk_X509_value(ctx->chain, cnum);
        ctx->current_cert = x;
        ctx->current_issuer = NULL;
+       ctx->current_crl_score = 0;
        ctx->current_reasons = 0;
        while (ctx->current_reasons != CRLDP_ALL_REASONS)
                {
@@ -2015,6 +2016,9 @@ int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509,
        ctx->error_depth=0;
        ctx->current_cert=NULL;
        ctx->current_issuer=NULL;
+       ctx->current_crl=NULL;
+       ctx->current_crl_score=0;
+       ctx->current_reasons=0;
        ctx->tree = NULL;
        ctx->parent = NULL;
 
index 2b6004e..6d3ee24 100644 (file)
@@ -158,7 +158,7 @@ Constructor for the SSLv3 SSL_METHOD structure for combined client and server.
 
 Constructor for the TLSv1 SSL_METHOD structure for a dedicated client.
 
-=item cosnt SSL_METHOD *B<TLSv1_server_method>(void);
+=item const SSL_METHOD *B<TLSv1_server_method>(void);
 
 Constructor for the TLSv1 SSL_METHOD structure for a dedicated server.
 
index 4977d1d..cde58c0 100644 (file)
@@ -495,7 +495,8 @@ int  gost89_get_asn1_parameters(EVP_CIPHER_CTX *ctx,ASN1_TYPE *params)
 int gost_imit_init_cpa(EVP_MD_CTX *ctx)
        {
        struct ossl_gost_imit_ctx *c = ctx->md_data;
-       memset(c->buffer,0,16);
+       memset(c->buffer,0,sizeof(c->buffer));
+       memset(c->partial_block,0,sizeof(c->partial_block));
        c->count = 0;
        c->bytes_left=0;
        c->key_meshing=1;
index 4c749ec..efa7001 100644 (file)
 #ifndef HEADER_CAPI_ERR_H
 #define HEADER_CAPI_ERR_H
 
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
  * made after this point may be overwritten when the script is next run.
index af319af..eedac8a 100644 (file)
@@ -348,7 +348,11 @@ static long ssl_ctrl(BIO *b, int cmd, long num, void *ptr)
                break;
        case BIO_C_SET_SSL:
                if (ssl != NULL)
+                       {
                        ssl_free(b);
+                       if (!ssl_new(b))
+                               return 0;
+                       }
                b->shutdown=(int)num;
                ssl=(SSL *)ptr;
                ((BIO_SSL *)b->ptr)->ssl=ssl;
index 4ce4064..2180c6d 100644 (file)
 #endif
 
 static unsigned char bitmask_start_values[] = {0xff, 0xfe, 0xfc, 0xf8, 0xf0, 0xe0, 0xc0, 0x80};
-static unsigned char bitmask_end_values[]   = {0x00, 0x01, 0x03, 0x07, 0x0f, 0x1f, 0x3f, 0x7f};
+static unsigned char bitmask_end_values[]   = {0xff, 0x01, 0x03, 0x07, 0x0f, 0x1f, 0x3f, 0x7f};
 
 /* XDTLS:  figure out the right values */
 static unsigned int g_probable_mtu[] = {1500 - 28, 512 - 28, 256 - 28};
@@ -464,20 +464,9 @@ again:
 
        memset(msg_hdr, 0x00, sizeof(struct hm_header_st));
 
-       s->d1->handshake_read_seq++;
-       /* we just read a handshake message from the other side:
-        * this means that we don't need to retransmit of the
-        * buffered messages.  
-        * XDTLS: may be able clear out this
-        * buffer a little sooner (i.e if an out-of-order
-        * handshake message/record is received at the record
-        * layer.  
-        * XDTLS: exception is that the server needs to
-        * know that change cipher spec and finished messages
-        * have been received by the client before clearing this
-        * buffer.  this can simply be done by waiting for the
-        * first data  segment, but is there a better way?  */
-       dtls1_clear_record_buffer(s);
+       /* Don't change sequence numbers while listening */
+       if (!s->d1->listen)
+               s->d1->handshake_read_seq++;
 
        s->init_msg = s->init_buf->data + DTLS1_HM_HEADER_LENGTH;
        return s->init_num;
@@ -813,9 +802,11 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
 
        /* 
         * if this is a future (or stale) message it gets buffered
-        * (or dropped)--no further processing at this time 
+        * (or dropped)--no further processing at this time
+        * While listening, we accept seq 1 (ClientHello with cookie)
+        * although we're still expecting seq 0 (ClientHello)
         */
-       if ( msg_hdr.seq != s->d1->handshake_read_seq)
+       if (msg_hdr.seq != s->d1->handshake_read_seq && !(s->d1->listen && msg_hdr.seq == 1))
                return dtls1_process_out_of_seq_message(s, &msg_hdr, ok);
 
        len = msg_hdr.msg_len;
@@ -1322,7 +1313,8 @@ unsigned char *
 dtls1_set_message_header(SSL *s, unsigned char *p, unsigned char mt,
                        unsigned long len, unsigned long frag_off, unsigned long frag_len)
        {
-       if ( frag_off == 0)
+       /* Don't change sequence numbers while listening */
+       if (frag_off == 0 && !s->d1->listen)
                {
                s->d1->handshake_write_seq = s->d1->next_handshake_write_seq;
                s->d1->next_handshake_write_seq++;
index 5bc9eb6..089fa4c 100644 (file)
@@ -407,7 +407,8 @@ int dtls1_connect(SSL *s)
 
                case SSL3_ST_CW_CHANGE_A:
                case SSL3_ST_CW_CHANGE_B:
-                       dtls1_start_timer(s);
+                       if (!s->hit)
+                               dtls1_start_timer(s);
                        ret=dtls1_send_change_cipher_spec(s,
                                SSL3_ST_CW_CHANGE_A,SSL3_ST_CW_CHANGE_B);
                        if (ret <= 0) goto end;
@@ -442,7 +443,8 @@ int dtls1_connect(SSL *s)
 
                case SSL3_ST_CW_FINISHED_A:
                case SSL3_ST_CW_FINISHED_B:
-                       dtls1_start_timer(s);
+                       if (!s->hit)
+                               dtls1_start_timer(s);
                        ret=dtls1_send_finished(s,
                                SSL3_ST_CW_FINISHED_A,SSL3_ST_CW_FINISHED_B,
                                s->method->ssl3_enc->client_finished_label,
index 96b220e..48e8b6f 100644 (file)
@@ -129,26 +129,33 @@ int dtls1_new(SSL *s)
        return(1);
        }
 
-void dtls1_free(SSL *s)
+static void dtls1_clear_queues(SSL *s)
        {
     pitem *item = NULL;
     hm_fragment *frag = NULL;
-
-       ssl3_free(s);
+       DTLS1_RECORD_DATA *rdata;
 
     while( (item = pqueue_pop(s->d1->unprocessed_rcds.q)) != NULL)
         {
+               rdata = (DTLS1_RECORD_DATA *) item->data;
+               if (rdata->rbuf.buf)
+                       {
+                       OPENSSL_free(rdata->rbuf.buf);
+                       }
         OPENSSL_free(item->data);
         pitem_free(item);
         }
-    pqueue_free(s->d1->unprocessed_rcds.q);
 
     while( (item = pqueue_pop(s->d1->processed_rcds.q)) != NULL)
         {
+               rdata = (DTLS1_RECORD_DATA *) item->data;
+               if (rdata->rbuf.buf)
+                       {
+                       OPENSSL_free(rdata->rbuf.buf);
+                       }
         OPENSSL_free(item->data);
         pitem_free(item);
         }
-    pqueue_free(s->d1->processed_rcds.q);
 
     while( (item = pqueue_pop(s->d1->buffered_messages)) != NULL)
         {
@@ -157,7 +164,6 @@ void dtls1_free(SSL *s)
         OPENSSL_free(frag);
         pitem_free(item);
         }
-    pqueue_free(s->d1->buffered_messages);
 
     while ( (item = pqueue_pop(s->d1->sent_messages)) != NULL)
         {
@@ -166,7 +172,6 @@ void dtls1_free(SSL *s)
         OPENSSL_free(frag);
         pitem_free(item);
         }
-       pqueue_free(s->d1->sent_messages);
 
        while ( (item = pqueue_pop(s->d1->buffered_app_data.q)) != NULL)
                {
@@ -175,6 +180,18 @@ void dtls1_free(SSL *s)
                OPENSSL_free(frag);
                pitem_free(item);
                }
+       }
+
+void dtls1_free(SSL *s)
+       {
+       ssl3_free(s);
+
+       dtls1_clear_queues(s);
+
+    pqueue_free(s->d1->unprocessed_rcds.q);
+    pqueue_free(s->d1->processed_rcds.q);
+    pqueue_free(s->d1->buffered_messages);
+       pqueue_free(s->d1->sent_messages);
        pqueue_free(s->d1->buffered_app_data.q);
 
        OPENSSL_free(s->d1);
@@ -182,6 +199,36 @@ void dtls1_free(SSL *s)
 
 void dtls1_clear(SSL *s)
        {
+    pqueue unprocessed_rcds;
+    pqueue processed_rcds;
+    pqueue buffered_messages;
+       pqueue sent_messages;
+       pqueue buffered_app_data;
+       
+       if (s->d1)
+               {
+               unprocessed_rcds = s->d1->unprocessed_rcds.q;
+               processed_rcds = s->d1->processed_rcds.q;
+               buffered_messages = s->d1->buffered_messages;
+               sent_messages = s->d1->sent_messages;
+               buffered_app_data = s->d1->buffered_app_data.q;
+
+               dtls1_clear_queues(s);
+
+               memset(s->d1, 0, sizeof(*(s->d1)));
+
+               if (s->server)
+                       {
+                       s->d1->cookie_len = sizeof(s->d1->cookie);
+                       }
+
+               s->d1->unprocessed_rcds.q = unprocessed_rcds;
+               s->d1->processed_rcds.q = processed_rcds;
+               s->d1->buffered_messages = buffered_messages;
+               s->d1->sent_messages = sent_messages;
+               s->d1->buffered_app_data.q = buffered_app_data;
+               }
+
        ssl3_clear(s);
        if (s->options & SSL_OP_CISCO_ANYCONNECT)
                s->version=DTLS1_BAD_VER;
@@ -330,6 +377,8 @@ void dtls1_stop_timer(SSL *s)
        memset(&(s->d1->next_timeout), 0, sizeof(struct timeval));
        s->d1->timeout_duration = 1;
        BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0, &(s->d1->next_timeout));
+       /* Clear retransmission buffer */
+       dtls1_clear_record_buffer(s);
        }
 
 int dtls1_handle_timeout(SSL *s)
@@ -349,7 +398,7 @@ int dtls1_handle_timeout(SSL *s)
                {
                /* fail the connection, enough alerts have been sent */
                SSLerr(SSL_F_DTLS1_HANDLE_TIMEOUT,SSL_R_READ_TIMEOUT_EXPIRED);
-               return 0;
+               return -1;
                }
 
        state->timeout.read_timeouts++;
index c105142..39aac73 100644 (file)
@@ -409,13 +409,13 @@ dtls1_process_record(SSL *s)
        enc_err = s->method->ssl3_enc->enc(s,0);
        if (enc_err <= 0)
                {
-               if (enc_err == 0)
-                       /* SSLerr() and ssl3_send_alert() have been called */
-                       goto err;
-
-               /* otherwise enc_err == -1 */
-               al=SSL_AD_BAD_RECORD_MAC;
-               goto f_err;
+               /* decryption failed, silently discard message */
+               if (enc_err < 0)
+                       {
+                       rr->length = 0;
+                       s->packet_length = 0;
+                       }
+               goto err;
                }
 
 #ifdef TLS_DEBUG
@@ -658,10 +658,12 @@ again:
 
        /* If this record is from the next epoch (either HM or ALERT),
         * and a handshake is currently in progress, buffer it since it
-        * cannot be processed at this time. */
+        * cannot be processed at this time. However, do not buffer
+        * anything while listening.
+        */
        if (is_next_epoch)
                {
-               if (SSL_in_init(s) || s->in_handshake)
+               if ((SSL_in_init(s) || s->in_handshake) && !s->d1->listen)
                        {
                        dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), rr->seq_num);
                        }
index 301ceda..a6a4c87 100644 (file)
@@ -150,6 +150,7 @@ int dtls1_accept(SSL *s)
        unsigned long alg_k;
        int ret= -1;
        int new_state,state,skip=0;
+       int listen;
 
        RAND_add(&Time,sizeof(Time),0);
        ERR_clear_error();
@@ -159,11 +160,15 @@ int dtls1_accept(SSL *s)
                cb=s->info_callback;
        else if (s->ctx->info_callback != NULL)
                cb=s->ctx->info_callback;
+       
+       listen = s->d1->listen;
 
        /* init things to blank */
        s->in_handshake++;
        if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
 
+       s->d1->listen = listen;
+
        if (s->cert == NULL)
                {
                SSLerr(SSL_F_DTLS1_ACCEPT,SSL_R_NO_CERTIFICATE_SET);
@@ -273,11 +278,23 @@ int dtls1_accept(SSL *s)
 
                        s->init_num=0;
 
+                       /* Reflect ClientHello sequence to remain stateless while listening */
+                       if (listen)
+                               {
+                               memcpy(s->s3->write_sequence, s->s3->read_sequence, sizeof(s->s3->write_sequence));
+                               }
+
                        /* If we're just listening, stop here */
-                       if (s->d1->listen && s->state == SSL3_ST_SW_SRVR_HELLO_A)
+                       if (listen && s->state == SSL3_ST_SW_SRVR_HELLO_A)
                                {
                                ret = 2;
                                s->d1->listen = 0;
+                               /* Set expected sequence numbers
+                                * to continue the handshake.
+                                */
+                               s->d1->handshake_read_seq = 2;
+                               s->d1->handshake_write_seq = 1;
+                               s->d1->next_handshake_write_seq = 1;
                                goto end;
                                }
                        
@@ -286,7 +303,6 @@ int dtls1_accept(SSL *s)
                case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A:
                case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B:
 
-                       dtls1_start_timer(s);
                        ret = dtls1_send_hello_verify_request(s);
                        if ( ret <= 0) goto end;
                        s->state=SSL3_ST_SW_FLUSH;
@@ -736,9 +752,6 @@ int dtls1_send_hello_verify_request(SSL *s)
                /* number of bytes to write */
                s->init_num=p-buf;
                s->init_off=0;
-
-               /* buffer the message to handle re-xmits */
-               dtls1_buffer_message(s, 0);
                }
 
        /* s->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B */
@@ -1017,12 +1030,11 @@ int dtls1_send_server_key_exchange(SSL *s)
                                SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
                                goto err;
                                }
-                       if (!EC_KEY_up_ref(ecdhp))
+                       if ((ecdh = EC_KEY_dup(ecdhp)) == NULL)
                                {
                                SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
                                goto err;
                                }
-                       ecdh = ecdhp;
 
                        s->s3->tmp.ecdh=ecdh;
                        if ((EC_KEY_get0_public_key(ecdh) == NULL) ||
index c22837d..50bd415 100644 (file)
@@ -2243,6 +2243,7 @@ int ssl3_send_client_key_exchange(SSL *s)
                        if (!DH_generate_key(dh_clnt))
                                {
                                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB);
+                               DH_free(dh_clnt);
                                goto err;
                                }
 
@@ -2254,6 +2255,7 @@ int ssl3_send_client_key_exchange(SSL *s)
                        if (n <= 0)
                                {
                                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB);
+                               DH_free(dh_clnt);
                                goto err;
                                }
 
index d6b047c..62c791c 100644 (file)
@@ -2198,11 +2198,17 @@ void ssl3_clear(SSL *s)
                }
 #ifndef OPENSSL_NO_DH
        if (s->s3->tmp.dh != NULL)
+               {
                DH_free(s->s3->tmp.dh);
+               s->s3->tmp.dh = NULL;
+               }
 #endif
 #ifndef OPENSSL_NO_ECDH
        if (s->s3->tmp.ecdh != NULL)
+               {
                EC_KEY_free(s->s3->tmp.ecdh);
+               s->s3->tmp.ecdh = NULL;
+               }
 #endif
 
        rp = s->s3->rbuf.buf;
index e3f6050..f9b3629 100644 (file)
@@ -246,7 +246,8 @@ int ssl3_read_n(SSL *s, int n, int max, int extend)
                if (i <= 0)
                        {
                        rb->left = left;
-                       if (s->mode & SSL_MODE_RELEASE_BUFFERS)
+                       if (s->mode & SSL_MODE_RELEASE_BUFFERS &&
+                           SSL_version(s) != DTLS1_VERSION && SSL_version(s) != DTLS1_BAD_VER)
                                if (len+left == 0)
                                        ssl3_release_read_buffer(s);
                        return(i);
@@ -846,7 +847,8 @@ int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
                        {
                        wb->left=0;
                        wb->offset+=i;
-                       if (s->mode & SSL_MODE_RELEASE_BUFFERS)
+                       if (s->mode & SSL_MODE_RELEASE_BUFFERS &&
+                           SSL_version(s) != DTLS1_VERSION && SSL_version(s) != DTLS1_BAD_VER)
                                ssl3_release_write_buffer(s);
                        s->rwstate=SSL_NOTHING;
                        return(s->s3->wpend_ret);
index 514f72c..c3b5ff3 100644 (file)
@@ -768,15 +768,20 @@ int ssl3_check_client_hello(SSL *s)
        if (s->s3->tmp.message_type == SSL3_MT_CLIENT_HELLO)
                {
                /* Throw away what we have done so far in the current handshake,
-                * which will now be aborted. (A full SSL_clear would be too much.)
-                * I hope that tmp.dh is the only thing that may need to be cleared
-                * when a handshake is not completed ... */
+                * which will now be aborted. (A full SSL_clear would be too much.) */
 #ifndef OPENSSL_NO_DH
                if (s->s3->tmp.dh != NULL)
                        {
                        DH_free(s->s3->tmp.dh);
                        s->s3->tmp.dh = NULL;
                        }
+#endif
+#ifndef OPENSSL_NO_ECDH
+               if (s->s3->tmp.ecdh != NULL)
+                       {
+                       EC_KEY_free(s->s3->tmp.ecdh);
+                       s->s3->tmp.ecdh = NULL;
+                       }
 #endif
                return 2;
                }
@@ -1491,7 +1496,6 @@ int ssl3_send_server_key_exchange(SSL *s)
 
                        if (s->s3->tmp.dh != NULL)
                                {
-                               DH_free(dh);
                                SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
                                goto err;
                                }
@@ -1552,7 +1556,6 @@ int ssl3_send_server_key_exchange(SSL *s)
 
                        if (s->s3->tmp.ecdh != NULL)
                                {
-                               EC_KEY_free(s->s3->tmp.ecdh); 
                                SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
                                goto err;
                                }
@@ -1563,12 +1566,11 @@ int ssl3_send_server_key_exchange(SSL *s)
                                SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
                                goto err;
                                }
-                       if (!EC_KEY_up_ref(ecdhp))
+                       if ((ecdh = EC_KEY_dup(ecdhp)) == NULL)
                                {
                                SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
                                goto err;
                                }
-                       ecdh = ecdhp;
 
                        s->s3->tmp.ecdh=ecdh;
                        if ((EC_KEY_get0_public_key(ecdh) == NULL) ||
@@ -1731,6 +1733,7 @@ int ssl3_send_server_key_exchange(SSL *s)
                            (unsigned char *)encodedPoint, 
                            encodedlen);
                        OPENSSL_free(encodedPoint);
+                       encodedPoint = NULL;
                        p += encodedlen;
                        }
 #endif
@@ -2440,6 +2443,12 @@ int ssl3_get_client_key_exchange(SSL *s)
                        /* Get encoded point length */
                        i = *p; 
                        p += 1;
+                       if (n != 1 + i)
+                               {
+                               SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+                                   ERR_R_EC_LIB);
+                               goto err;
+                               }
                        if (EC_POINT_oct2point(group, 
                            clnt_ecpoint, p, i, bn_ctx) == 0)
                                {
index 912592b..4673279 100644 (file)
@@ -1833,7 +1833,7 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
 #endif
        X509 *x = NULL;
        EVP_PKEY *ecc_pkey = NULL;
-       int signature_nid = 0;
+       int signature_nid = 0, pk_nid = 0, md_nid = 0;
 
        if (c == NULL) return;
 
@@ -1963,18 +1963,15 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
                    EVP_PKEY_bits(ecc_pkey) : 0;
                EVP_PKEY_free(ecc_pkey);
                if ((x->sig_alg) && (x->sig_alg->algorithm))
+                       {
                        signature_nid = OBJ_obj2nid(x->sig_alg->algorithm);
+                       OBJ_find_sigid_algs(signature_nid, &md_nid, &pk_nid);
+                       }
 #ifndef OPENSSL_NO_ECDH
                if (ecdh_ok)
                        {
-                       const char *sig = OBJ_nid2ln(signature_nid);
-                       if (sig == NULL)
-                               {
-                               ERR_clear_error();
-                               sig = "unknown";
-                               }
-                               
-                       if (strstr(sig, "WithRSA"))
+
+                       if (pk_nid == NID_rsaEncryption || pk_nid == NID_rsa)
                                {
                                mask_k|=SSL_kECDHr;
                                mask_a|=SSL_aECDH;
@@ -1985,7 +1982,7 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
                                        }
                                }
 
-                       if (signature_nid == NID_ecdsa_with_SHA1)
+                       if (pk_nid == NID_X9_62_id_ecPublicKey)
                                {
                                mask_k|=SSL_kECDHe;
                                mask_a|=SSL_aECDH;
@@ -2039,7 +2036,7 @@ int ssl_check_srvr_ecc_cert_and_alg(X509 *x, const SSL_CIPHER *cs)
        unsigned long alg_k, alg_a;
        EVP_PKEY *pkey = NULL;
        int keysize = 0;
-       int signature_nid = 0;
+       int signature_nid = 0, md_nid = 0, pk_nid = 0;
 
        alg_k = cs->algorithm_mkey;
        alg_a = cs->algorithm_auth;
@@ -2057,7 +2054,10 @@ int ssl_check_srvr_ecc_cert_and_alg(X509 *x, const SSL_CIPHER *cs)
        /* This call populates the ex_flags field correctly */
        X509_check_purpose(x, -1, 0);
        if ((x->sig_alg) && (x->sig_alg->algorithm))
+               {
                signature_nid = OBJ_obj2nid(x->sig_alg->algorithm);
+               OBJ_find_sigid_algs(signature_nid, &md_nid, &pk_nid);
+               }
        if (alg_k & SSL_kECDHe || alg_k & SSL_kECDHr)
                {
                /* key usage, if present, must allow key agreement */
@@ -2069,7 +2069,7 @@ int ssl_check_srvr_ecc_cert_and_alg(X509 *x, const SSL_CIPHER *cs)
                if (alg_k & SSL_kECDHe)
                        {
                        /* signature alg must be ECDSA */
-                       if (signature_nid != NID_ecdsa_with_SHA1)
+                       if (pk_nid != NID_X9_62_id_ecPublicKey)
                                {
                                SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE);
                                return 0;
@@ -2079,13 +2079,7 @@ int ssl_check_srvr_ecc_cert_and_alg(X509 *x, const SSL_CIPHER *cs)
                        {
                        /* signature alg must be RSA */
 
-                       const char *sig = OBJ_nid2ln(signature_nid);
-                       if (sig == NULL)
-                               {
-                               ERR_clear_error();
-                               sig = "unknown";
-                               }
-                       if (strstr(sig, "WithRSA") == NULL)
+                       if (pk_nid != NID_rsaEncryption && pk_nid != NID_rsa)
                                {
                                SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE);
                                return 0;