From 9831d941ca3d46eab3e61e6983921220b9d5d09a Mon Sep 17 00:00:00 2001 From: Ben Laurie Date: Tue, 12 Nov 2002 13:23:40 +0000 Subject: [PATCH] Many security improvements (CHATS) and a warning fix. --- CHANGES | 85 +++++++++++++++++++++ apps/Makefile.ssl | 48 ++++++------ apps/apps.c | 41 ++++++++--- apps/apps.h | 1 + apps/ca.c | 56 +++++++++----- apps/ciphers.c | 2 +- apps/dgst.c | 2 +- apps/enc.c | 16 ++-- apps/ocsp.c | 2 +- apps/openssl.c | 18 ++--- apps/pkcs12.c | 6 +- apps/pkcs8.c | 4 +- apps/req.c | 36 ++++++--- apps/s_cb.c | 4 +- apps/s_client.c | 10 +-- apps/s_server.c | 6 +- apps/s_socket.c | 9 ++- apps/s_time.c | 7 ++ apps/speed.c | 2 +- apps/verify.c | 3 +- apps/winrand.c | 1 - apps/x509.c | 7 +- crypto/aes/aes_cbc.c | 30 ++++---- crypto/asn1/Makefile.ssl | 17 +++-- crypto/asn1/a_bitstr.c | 4 +- crypto/asn1/a_bytes.c | 2 +- crypto/asn1/a_d2i_fp.c | 4 +- crypto/asn1/a_object.c | 4 +- crypto/asn1/a_strex.c | 14 ++-- crypto/asn1/a_time.c | 2 +- crypto/asn1/asn1_par.c | 7 +- crypto/asn1/f_int.c | 3 +- crypto/asn1/t_crl.c | 7 +- crypto/asn1/t_pkey.c | 32 +++----- crypto/asn1/t_req.c | 18 ++--- crypto/asn1/t_x509.c | 9 ++- crypto/asn1/t_x509a.c | 4 +- crypto/asn1/tasn_dec.c | 4 +- crypto/asn1/tasn_prn.c | 2 +- crypto/bf/bftest.c | 6 +- crypto/bio/b_print.c | 12 +-- crypto/bio/b_sock.c | 4 + crypto/bio/bf_buff.c | 2 +- crypto/bio/bio.h | 3 +- crypto/bio/bio_lib.c | 12 +++ crypto/bio/bss_conn.c | 4 +- crypto/bio/bss_log.c | 2 +- crypto/bio/bss_mem.c | 8 +- crypto/buffer/buffer.c | 57 ++++++++++++++ crypto/buffer/buffer.h | 8 ++ crypto/conf/conf_def.c | 2 +- crypto/cryptlib.c | 8 ++ crypto/cryptlib.h | 10 ++- crypto/crypto.h | 5 +- crypto/dsa/dsa_lib.c | 1 + crypto/evp/bio_b64.c | 1 + crypto/evp/digest.c | 2 + crypto/evp/e_rc2.c | 1 + crypto/evp/e_rc4.c | 5 +- crypto/evp/encode.c | 2 + crypto/evp/evp_enc.c | 14 ++-- crypto/evp/evp_key.c | 2 + crypto/evp/evp_lib.c | 2 + crypto/evp/evp_pbe.c | 2 +- crypto/evp/p5_crpt.c | 2 + crypto/evp/p5_crpt2.c | 1 + crypto/hmac/Makefile.ssl | 34 +++++---- crypto/hmac/hmac.c | 3 + crypto/lhash/lh_stats.c | 86 ++++++++-------------- crypto/md2/md2_dgst.c | 6 +- crypto/md4/md4.c | 2 +- crypto/mem.c | 25 ++++++- crypto/mem_dbg.c | 6 +- crypto/objects/obj_dat.c | 7 +- crypto/ocsp/ocsp_ht.c | 2 +- crypto/pem/pem.h | 8 +- crypto/pem/pem_info.c | 1 + crypto/pem/pem_lib.c | 8 +- crypto/pkcs7/pk7_doit.c | 2 +- crypto/rand/rand_egd.c | 2 +- crypto/rand/randfile.c | 5 +- crypto/txt_db/txt_db.c | 4 +- crypto/ui/Makefile.ssl | 14 ++-- crypto/ui/ui_lib.c | 5 +- crypto/x509/x509.h | 2 + crypto/x509/x509_cmp.c | 10 ++- crypto/x509v3/v3_info.c | 2 +- demos/b64.c | 2 - demos/spkigen.c | 3 +- ssl/Makefile.ssl | 155 ++++++++++++++++++++------------------- ssl/kssl.c | 20 +---- ssl/kssl.h | 3 +- ssl/s23_clnt.c | 2 +- ssl/s23_srvr.c | 2 +- ssl/s2_clnt.c | 4 +- ssl/s2_enc.c | 3 + ssl/s2_lib.c | 7 +- ssl/s2_pkt.c | 2 + ssl/s2_srvr.c | 4 +- ssl/s3_both.c | 8 +- ssl/s3_clnt.c | 21 +++--- ssl/s3_enc.c | 2 +- ssl/s3_srvr.c | 6 +- ssl/ssl.h | 1 + ssl/ssl_asn1.c | 11 ++- ssl/ssl_err.c | 1 + ssl/ssl_lib.c | 8 +- ssl/ssl_sess.c | 6 +- ssl/ssl_task.c | 2 +- ssl/ssltest.c | 13 +++- ssl/t1_enc.c | 8 +- 111 files changed, 755 insertions(+), 480 deletions(-) diff --git a/CHANGES b/CHANGES index 9d181ea424..68c4d42218 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,91 @@ Changes between 0.9.6h and 0.9.7 [XX xxx 2002] + *) Introduce safe string copy and catenation functions + (BUF_strlcpy() and BUF_strlcat()). + [Ben Laurie (CHATS) and Richard Levitte] + + *) Avoid using fixed-size buffers for one-line DNs. + [Ben Laurie (CHATS)] + + *) Add BUF_MEM_grow_clean() to avoid information leakage when + resizing buffers containing secrets, and use where appropriate. + [Ben Laurie (CHATS)] + + *) Avoid using fixed size buffers for configuration file location. + [Ben Laurie (CHATS)] + + *) Avoid filename truncation for various CA files. + [Ben Laurie (CHATS)] + + *) Use sizeof in preference to magic numbers. + [Ben Laurie (CHATS)] + + *) Avoid filename truncation in cert requests. + [Ben Laurie (CHATS)] + + *) New OPENSSL_assert() macro (similar to assert(), but enabled + unconditionally). + [Ben Laurie (CHATS)] + + *) Add assertions to check for (supposedly impossible) buffer + overflows. + [Ben Laurie (CHATS)] + + *) Don't cache truncated DNS entries in the local cache (this could + potentially lead to a spoofing attack). + [Ben Laurie (CHATS)] + + *) Fix various buffers to be large enough for hex/decimal + representations in a platform independent manner. + [Ben Laurie (CHATS)] + + *) Add CRYPTO_realloc_clean() to avoid information leakage when + resizing buffers containing secrets, and use where appropriate. + [Ben Laurie (CHATS)] + + *) Add BIO_indent() to avoid much slightly worrying code to do + indents. + [Ben Laurie (CHATS)] + + *) Convert sprintf()/BIO_puts() to BIO_printf(). + [Ben Laurie (CHATS)] + + *) buffer_gets() could terminate with the buffer only half + full. Fixed. + [Ben Laurie (CHATS)] + + *) Add assertions to prevent crypto functions from overflowing + internal buffers by having large block sizes, etc. + [Ben Laurie (CHATS)] + + *) Eliminate unused copy of key in RC4. + [Ben Laurie (CHATS)] + + *) Eliminate unused and incorrectly sized buffers for IV in pem.h. + [Ben Laurie (CHATS)] + + *) Fix off-by-one error in EGD path. + [Ben Laurie (CHATS)] + + *) If RANDFILE path is too long, ignore instead of truncating. + [Ben Laurie (CHATS)] + + *) Eliminate unused and incorrectly sized X.509 structure + CBCParameter. + [Ben Laurie (CHATS)] + + *) Eliminate unused and dangerous function knumber(). + [Ben Laurie (CHATS)] + + *) Eliminate unused and dangerous structure, KSSL_ERR. + [Ben Laurie (CHATS)] + + *) Protect against overlong session ID context length in an encoded + session object. Since these are local, this does not appear to be + exploitable. + [Ben Laurie (CHATS)] + *) Change from security patch (see 0.9.6e below) that did not affect the 0.9.6 release series: diff --git a/apps/Makefile.ssl b/apps/Makefile.ssl index 8f98a6bdbd..eed77eea93 100644 --- a/apps/Makefile.ssl +++ b/apps/Makefile.ssl @@ -762,30 +762,30 @@ rand.o: ../include/openssl/sha.h ../include/openssl/stack.h rand.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h rand.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h rand.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h rand.c -req.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h -req.o: ../include/openssl/bio.h ../include/openssl/blowfish.h -req.o: ../include/openssl/bn.h ../include/openssl/buffer.h -req.o: ../include/openssl/cast.h ../include/openssl/conf.h -req.o: ../include/openssl/crypto.h ../include/openssl/des.h -req.o: ../include/openssl/des_old.h ../include/openssl/dh.h -req.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h -req.o: ../include/openssl/engine.h ../include/openssl/err.h -req.o: ../include/openssl/evp.h ../include/openssl/idea.h -req.o: ../include/openssl/lhash.h ../include/openssl/md2.h -req.o: ../include/openssl/md4.h ../include/openssl/md5.h -req.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h -req.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -req.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -req.o: ../include/openssl/pem.h ../include/openssl/pem2.h -req.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h -req.o: ../include/openssl/rc2.h ../include/openssl/rc4.h -req.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h -req.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -req.o: ../include/openssl/sha.h ../include/openssl/stack.h -req.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h -req.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h -req.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -req.o: ../include/openssl/x509v3.h apps.h req.c +req.o: ../crypto/cryptlib.h ../e_os.h ../include/openssl/aes.h +req.o: ../include/openssl/asn1.h ../include/openssl/bio.h +req.o: ../include/openssl/blowfish.h ../include/openssl/bn.h +req.o: ../include/openssl/buffer.h ../include/openssl/cast.h +req.o: ../include/openssl/conf.h ../include/openssl/crypto.h +req.o: ../include/openssl/des.h ../include/openssl/des_old.h +req.o: ../include/openssl/dh.h ../include/openssl/dsa.h +req.o: ../include/openssl/e_os2.h ../include/openssl/engine.h +req.o: ../include/openssl/err.h ../include/openssl/evp.h +req.o: ../include/openssl/idea.h ../include/openssl/lhash.h +req.o: ../include/openssl/md2.h ../include/openssl/md4.h +req.o: ../include/openssl/md5.h ../include/openssl/mdc2.h +req.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +req.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +req.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +req.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +req.o: ../include/openssl/rand.h ../include/openssl/rc2.h +req.o: ../include/openssl/rc4.h ../include/openssl/rc5.h +req.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h +req.o: ../include/openssl/safestack.h ../include/openssl/sha.h +req.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +req.o: ../include/openssl/txt_db.h ../include/openssl/ui.h +req.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h +req.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h req.c rsa.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h rsa.o: ../include/openssl/bio.h ../include/openssl/blowfish.h rsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h diff --git a/apps/apps.c b/apps/apps.c index be7a80acb8..305227d7ab 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -337,8 +337,7 @@ void program_name(char *in, char *out, int size) p++; else p=in; - strncpy(out,p,size-1); - out[size-1]='\0'; + BUF_strlcpy(out,p,size); } #endif #endif @@ -447,16 +446,20 @@ int app_init(long mesgwin) int dump_cert_text (BIO *out, X509 *x) { - char buf[256]; - X509_NAME_oneline(X509_get_subject_name(x),buf,256); - BIO_puts(out,"subject="); - BIO_puts(out,buf); + char *p; - X509_NAME_oneline(X509_get_issuer_name(x),buf,256); - BIO_puts(out,"\nissuer= "); - BIO_puts(out,buf); + p=X509_NAME_oneline(X509_get_subject_name(x),NULL,0); + BIO_puts(out,"subject="); + BIO_puts(out,p); + OPENSSL_free(p); + + p=X509_NAME_oneline(X509_get_issuer_name(x),NULL,0); + BIO_puts(out,"\nissuer="); + BIO_puts(out,p); BIO_puts(out,"\n"); - return 0; + OPENSSL_free(p); + + return 0; } static int ui_open(UI *ui) @@ -978,7 +981,7 @@ load_netscape_key(BIO *err, BIO *key, const char *file, goto error; for (;;) { - if (!BUF_MEM_grow(buf,size+1024*10)) + if (!BUF_MEM_grow_clean(buf,size+1024*10)) goto error; i = BIO_read(key, &(buf->data[size]), 1024*10); size += i; @@ -1253,6 +1256,7 @@ void print_name(BIO *out, char *title, X509_NAME *nm, unsigned long lflags) char *buf; char mline = 0; int indent = 0; + if(title) BIO_puts(out, title); if((lflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) { mline = 1; @@ -1374,3 +1378,18 @@ int load_config(BIO *err, CONF *cnf) } return 1; } + +char *make_config_name() + { + const char *t=X509_get_default_cert_area(); + char *p; + + p=OPENSSL_malloc(strlen(t)+strlen(OPENSSL_CONF)+2); + strcpy(p,t); +#ifndef OPENSSL_SYS_VMS + strcat(p,"/"); +#endif + strcat(p,OPENSSL_CONF); + + return p; + } diff --git a/apps/apps.h b/apps/apps.h index 31dd0dc9e1..7b1f8ded78 100644 --- a/apps/apps.h +++ b/apps/apps.h @@ -251,6 +251,7 @@ X509_STORE *setup_verify(BIO *bp, char *CAfile, char *CApath); ENGINE *setup_engine(BIO *err, const char *engine, int debug); int load_config(BIO *err, CONF *cnf); +char *make_config_name(void); /* Functions defined in ca.c and also used in ocsp.c */ int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold, diff --git a/apps/ca.c b/apps/ca.c index 5f23ecfcbb..b409575015 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -334,6 +334,7 @@ int MAIN(int argc, char **argv) MS_STATIC char buf[3][BSIZE]; char *randfile=NULL; char *engine = NULL; + char *tofree=NULL; #ifdef EFENCE EF_PROTECT_FREE=1; @@ -561,25 +562,26 @@ bad: ERR_load_crypto_strings(); - e = setup_engine(bio_err, engine, 0); + e = setup_engine(bio_err, engine, 0); /*****************************************************************/ + tofree=NULL; if (configfile == NULL) configfile = getenv("OPENSSL_CONF"); if (configfile == NULL) configfile = getenv("SSLEAY_CONF"); if (configfile == NULL) { - /* We will just use 'buf[0]' as a temporary buffer. */ + const char *s=X509_get_default_cert_area(); + #ifdef OPENSSL_SYS_VMS - strncpy(buf[0],X509_get_default_cert_area(), - sizeof(buf[0])-1-sizeof(CONFIG_FILE)); + tofree=OPENSSL_malloc(strlen(s)+sizeof(CONFIG_FILE)); + strcpy(tofree,s); #else - strncpy(buf[0],X509_get_default_cert_area(), - sizeof(buf[0])-2-sizeof(CONFIG_FILE)); - buf[0][sizeof(buf[0])-2-sizeof(CONFIG_FILE)]='\0'; - strcat(buf[0],"/"); + tofree=OPENSSL_malloc(strlen(s)+sizeof(CONFIG_FILE)+1); + strcpy(tofree,s); + strcat(tofree,"/"); #endif - strcat(buf[0],CONFIG_FILE); - configfile=buf[0]; + strcat(tofree,CONFIG_FILE); + configfile=tofree; } BIO_printf(bio_err,"Using configuration from %s\n",configfile); @@ -594,6 +596,8 @@ bad: ,errorline,configfile); goto err; } + if(tofree) + OPENSSL_free(tofree); if (!load_config(bio_err, conf)) goto err; @@ -1286,8 +1290,13 @@ bad: BIO_printf(bio_err,"Write out database with %d new entries\n",sk_X509_num(cert_sk)); - strncpy(buf[0],serialfile,BSIZE-4); - buf[0][BSIZE-4]='\0'; + if(strlen(serialfile) > BSIZE-5 || strlen(dbfile) > BSIZE-5) + { + BIO_printf(bio_err,"file name too long\n"); + goto err; + } + + strcpy(buf[0],serialfile); #ifdef OPENSSL_SYS_VMS strcat(buf[0],"-new"); @@ -1297,8 +1306,7 @@ bad: if (!save_serial(buf[0],serial)) goto err; - strncpy(buf[1],dbfile,BSIZE-4); - buf[1][BSIZE-4]='\0'; + strcpy(buf[1],dbfile); #ifdef OPENSSL_SYS_VMS strcat(buf[1],"-new"); @@ -1328,8 +1336,13 @@ bad: j=x->cert_info->serialNumber->length; p=(char *)x->cert_info->serialNumber->data; - strncpy(buf[2],outdir,BSIZE-(j*2)-6); - buf[2][BSIZE-(j*2)-6]='\0'; + if(strlen(outdir) >= (j ? BSIZE-j*2-6 : BSIZE-8)) + { + BIO_printf(bio_err,"certificate file name too long\n"); + goto err; + } + + strcpy(buf[2],outdir); #ifndef OPENSSL_SYS_VMS strcat(buf[2],"/"); @@ -1563,8 +1576,13 @@ bad: if (j <= 0) goto err; X509_free(revcert); - strncpy(buf[0],dbfile,BSIZE-4); - buf[0][BSIZE-4]='\0'; + if(strlen(dbfile) > BSIZE-5) + { + BIO_printf(bio_err,"filename too long\n"); + goto err; + } + + strcpy(buf[0],dbfile); #ifndef OPENSSL_SYS_VMS strcat(buf[0],".new"); #else @@ -1608,6 +1626,8 @@ bad: /*****************************************************************/ ret=0; err: + if(tofree) + OPENSSL_free(tofree); BIO_free_all(Cout); BIO_free_all(Sout); BIO_free_all(out); diff --git a/apps/ciphers.c b/apps/ciphers.c index 2d6e104790..fe26ae8cd6 100644 --- a/apps/ciphers.c +++ b/apps/ciphers.c @@ -187,7 +187,7 @@ int MAIN(int argc, char **argv) { BIO_puts(STDout,SSL_CIPHER_description( sk_SSL_CIPHER_value(sk,i), - buf,512)); + buf,sizeof buf)); } } diff --git a/apps/dgst.c b/apps/dgst.c index 32e40c1f53..dd65a591f5 100644 --- a/apps/dgst.c +++ b/apps/dgst.c @@ -117,7 +117,7 @@ int MAIN(int argc, char **argv) goto end; /* first check the program name */ - program_name(argv[0],pname,PROG_NAME_SIZE); + program_name(argv[0],pname,sizeof pname); md=EVP_get_digestbyname(pname); diff --git a/apps/enc.c b/apps/enc.c index 1ba2ea2f68..eff5c5610e 100644 --- a/apps/enc.c +++ b/apps/enc.c @@ -102,7 +102,7 @@ int MAIN(int argc, char **argv) { ENGINE *e = NULL; static const char magic[]="Salted__"; - char mbuf[8]; /* should be 1 smaller than magic */ + char mbuf[sizeof magic-1]; char *strbuf=NULL; unsigned char *buff=NULL,*bufsize=NULL; int bsize=BSIZE,verbose=0; @@ -131,7 +131,7 @@ int MAIN(int argc, char **argv) goto end; /* first check the program name */ - program_name(argv[0],pname,PROG_NAME_SIZE); + program_name(argv[0],pname,sizeof pname); if (strcmp(pname,"base64") == 0) base64=1; @@ -216,7 +216,7 @@ int MAIN(int argc, char **argv) goto bad; } buf[0]='\0'; - fgets(buf,128,infile); + fgets(buf,sizeof buf,infile); fclose(infile); i=strlen(buf); if ((i > 0) && @@ -442,12 +442,12 @@ bad: else { if(enc) { if(hsalt) { - if(!set_hex(hsalt,salt,PKCS5_SALT_LEN)) { + if(!set_hex(hsalt,salt,sizeof salt)) { BIO_printf(bio_err, "invalid hex salt value\n"); goto end; } - } else if (RAND_pseudo_bytes(salt, PKCS5_SALT_LEN) < 0) + } else if (RAND_pseudo_bytes(salt, sizeof salt) < 0) goto end; /* If -P option then don't bother writing */ if((printkey != 2) @@ -455,14 +455,14 @@ bad: sizeof magic-1) != sizeof magic-1 || BIO_write(wbio, (char *)salt, - PKCS5_SALT_LEN) != PKCS5_SALT_LEN)) { + sizeof salt) != sizeof salt)) { BIO_printf(bio_err,"error writing output file\n"); goto end; } } else if(BIO_read(rbio,mbuf,sizeof mbuf) != sizeof mbuf || BIO_read(rbio, (unsigned char *)salt, - PKCS5_SALT_LEN) != PKCS5_SALT_LEN) { + sizeof salt) != sizeof salt) { BIO_printf(bio_err,"error reading input file\n"); goto end; } else if(memcmp(mbuf,magic,sizeof magic-1)) { @@ -524,7 +524,7 @@ bad: if (!nosalt) { printf("salt="); - for (i=0; i #include #include +#include "../crypto/cryptlib.h" #define SECTION "req" @@ -176,7 +177,7 @@ int MAIN(int argc, char **argv) const EVP_MD *md_alg=NULL,*digest=EVP_md5(); unsigned long chtype = MBSTRING_ASC; #ifndef MONOLITH - MS_STATIC char config_name[256]; + char *to_free; long errline; #endif @@ -470,14 +471,7 @@ bad: if (p == NULL) p=getenv("SSLEAY_CONF"); if (p == NULL) - { - strcpy(config_name,X509_get_default_cert_area()); -#ifndef OPENSSL_SYS_VMS - strcat(config_name,"/"); -#endif - strcat(config_name,OPENSSL_CONF); - p=config_name; - } + p=to_free=make_config_name(); default_config_file=p; config=NCONF_new(NULL); i=NCONF_load(config, p, &errline); @@ -1059,6 +1053,10 @@ loop: } ex=0; end: +#ifndef MONOLITH + if(to_free) + OPENSSL_free(to_free); +#endif if (ex) { ERR_print_errors(bio_err); @@ -1218,13 +1216,19 @@ start: for (;;) } /* If OBJ not recognised ignore it */ if ((nid=OBJ_txt2nid(type)) == NID_undef) goto start; + + if(strlen(v->name) > sizeof buf-9) + { + BIO_printf(bio_err,"Name '%s' too long\n",v->name); + return 0; + } + sprintf(buf,"%s_default",v->name); if ((def=NCONF_get_string(req_conf,dn_sect,buf)) == NULL) { ERR_clear_error(); def=""; } - sprintf(buf,"%s_value",v->name); if ((value=NCONF_get_string(req_conf,dn_sect,buf)) == NULL) { @@ -1271,6 +1275,12 @@ start2: for (;;) if ((nid=OBJ_txt2nid(type)) == NID_undef) goto start2; + if(strlen(v->name) > sizeof buf-9) + { + BIO_printf(bio_err,"Name '%s' too long\n",v->name); + return 0; + } + sprintf(buf,"%s_default",type); if ((def=NCONF_get_string(req_conf,attr_sect,buf)) == NULL) @@ -1374,6 +1384,7 @@ start: (void)BIO_flush(bio_err); if(value != NULL) { + OPENSSL_assert(strlen(value) < sizeof buf-2); strcpy(buf,value); strcat(buf,"\n"); BIO_printf(bio_err,"%s\n",value); @@ -1383,7 +1394,7 @@ start: buf[0]='\0'; if (!batch) { - fgets(buf,1024,stdin); + fgets(buf,sizeof buf,stdin); } else { @@ -1432,6 +1443,7 @@ start: (void)BIO_flush(bio_err); if (value != NULL) { + OPENSSL_assert(strlen(value) < sizeof buf-2); strcpy(buf,value); strcat(buf,"\n"); BIO_printf(bio_err,"%s\n",value); @@ -1441,7 +1453,7 @@ start: buf[0]='\0'; if (!batch) { - fgets(buf,1024,stdin); + fgets(buf,sizeof buf,stdin); } else { diff --git a/apps/s_cb.c b/apps/s_cb.c index ca5b24548c..675527df1f 100644 --- a/apps/s_cb.c +++ b/apps/s_cb.c @@ -134,7 +134,7 @@ int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx) err= X509_STORE_CTX_get_error(ctx); depth= X509_STORE_CTX_get_error_depth(ctx); - X509_NAME_oneline(X509_get_subject_name(err_cert),buf,256); + X509_NAME_oneline(X509_get_subject_name(err_cert),buf,sizeof buf); BIO_printf(bio_err,"depth=%d %s\n",depth,buf); if (!ok) { @@ -154,7 +154,7 @@ int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx) switch (ctx->error) { case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: - X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert),buf,256); + X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert),buf,sizeof buf); BIO_printf(bio_err,"issuer= %s\n",buf); break; case X509_V_ERR_CERT_NOT_YET_VALID: diff --git a/apps/s_client.c b/apps/s_client.c index 658a79d390..fa881e1305 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -930,10 +930,10 @@ static void print_stuff(BIO *bio, SSL *s, int full) for (i=0; i MYBUFSIZ-100) + { + BIO_printf(bio_err,"-www option too long\n"); + badop=1; + } } else if(strcmp(*argv,"-bugs") == 0) st_bugs=1; diff --git a/apps/speed.c b/apps/speed.c index b9ab4cfcb9..41fbaf36f7 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -1781,7 +1781,7 @@ static char *sstrsep(char **string, const char *delim) if (**string == 0) return NULL; - memset(isdelim, 0, 256); + memset(isdelim, 0, sizeof isdelim); isdelim[0] = 1; while (*delim) diff --git a/apps/verify.c b/apps/verify.c index 215ef84fc7..e4cbceaf8e 100644 --- a/apps/verify.c +++ b/apps/verify.c @@ -330,7 +330,8 @@ static int MS_CALLBACK cb(int ok, X509_STORE_CTX *ctx) if (!ok) { X509_NAME_oneline( - X509_get_subject_name(ctx->current_cert),buf,256); + X509_get_subject_name(ctx->current_cert),buf, + sizeof buf); printf("%s\n",buf); printf("error %d at %d depth lookup:%s\n",ctx->error, ctx->error_depth, diff --git a/apps/winrand.c b/apps/winrand.c index d042258b50..59bede3d70 100644 --- a/apps/winrand.c +++ b/apps/winrand.c @@ -118,7 +118,6 @@ LRESULT CALLBACK WndProc(HWND hwnd, UINT iMsg, WPARAM wParam, LPARAM lParam) HDC hdc; PAINTSTRUCT ps; RECT rect; - char buffer[200]; static int seeded = 0; switch (iMsg) diff --git a/apps/x509.c b/apps/x509.c index d5e4f9e63d..8c057be214 100644 --- a/apps/x509.c +++ b/apps/x509.c @@ -770,10 +770,11 @@ bad: int y,z; X509_NAME_oneline(X509_get_subject_name(x), - buf,256); + buf,sizeof buf); BIO_printf(STDout,"/* subject:%s */\n",buf); m=X509_NAME_oneline( - X509_get_issuer_name(x),buf,256); + X509_get_issuer_name(x),buf, + sizeof buf); BIO_printf(STDout,"/* issuer :%s */\n",buf); z=i2d_X509(x,NULL); @@ -1074,7 +1075,7 @@ static ASN1_INTEGER *load_serial(char *CAfile, char *serialfile, int create) } else { - if (!a2i_ASN1_INTEGER(io,bs,buf2,1024)) + if (!a2i_ASN1_INTEGER(io,bs,buf2,sizeof buf2)) { BIO_printf(bio_err,"unable to load serial number from %s\n",buf); ERR_print_errors(bio_err); diff --git a/crypto/aes/aes_cbc.c b/crypto/aes/aes_cbc.c index bf1a808cf0..d65701b5fd 100644 --- a/crypto/aes/aes_cbc.c +++ b/crypto/aes/aes_cbc.c @@ -59,20 +59,20 @@ void AES_cbc_encrypt(const unsigned char *in, unsigned char *out, int n; unsigned long len = length; - unsigned char tmp[16]; + unsigned char tmp[AES_BLOCK_SIZE]; assert(in && out && key && ivec); assert((AES_ENCRYPT == enc)||(AES_DECRYPT == enc)); if (AES_ENCRYPT == enc) { while (len >= AES_BLOCK_SIZE) { - for(n=0; n < 16; ++n) + for(n=0; n < sizeof tmp; ++n) tmp[n] = in[n] ^ ivec[n]; AES_encrypt(tmp, out, key); - memcpy(ivec, out, 16); - len -= 16; - in += 16; - out += 16; + memcpy(ivec, out, AES_BLOCK_SIZE); + len -= AES_BLOCK_SIZE; + in += AES_BLOCK_SIZE; + out += AES_BLOCK_SIZE; } if (len) { for(n=0; n < len; ++n) @@ -81,25 +81,25 @@ void AES_cbc_encrypt(const unsigned char *in, unsigned char *out, tmp[n] = ivec[n]; AES_encrypt(tmp, tmp, key); memcpy(out, tmp, len); - memcpy(ivec, tmp, 16); + memcpy(ivec, tmp, sizeof tmp); } } else { while (len >= AES_BLOCK_SIZE) { - memcpy(tmp, in, 16); + memcpy(tmp, in, sizeof tmp); AES_decrypt(in, out, key); - for(n=0; n < 16; ++n) + for(n=0; n < AES_BLOCK_SIZE; ++n) out[n] ^= ivec[n]; - memcpy(ivec, tmp, 16); - len -= 16; - in += 16; - out += 16; + memcpy(ivec, tmp, AES_BLOCK_SIZE); + len -= AES_BLOCK_SIZE; + in += AES_BLOCK_SIZE; + out += AES_BLOCK_SIZE; } if (len) { - memcpy(tmp, in, 16); + memcpy(tmp, in, sizeof tmp); AES_decrypt(tmp, tmp, key); for(n=0; n < len; ++n) out[n] ^= ivec[n]; - memcpy(ivec, tmp, 16); + memcpy(ivec, tmp, sizeof tmp); } } } diff --git a/crypto/asn1/Makefile.ssl b/crypto/asn1/Makefile.ssl index 35cd0507e6..944d8f164a 100644 --- a/crypto/asn1/Makefile.ssl +++ b/crypto/asn1/Makefile.ssl @@ -286,13 +286,14 @@ a_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h a_sign.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h a_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h a_sign.o: ../cryptlib.h a_sign.c -a_strex.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h -a_strex.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h -a_strex.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -a_strex.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h -a_strex.o: ../../include/openssl/des.h ../../include/openssl/des_old.h -a_strex.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -a_strex.o: ../../include/openssl/e_os2.h ../../include/openssl/evp.h +a_strex.o: ../../e_os.h ../../include/openssl/aes.h +a_strex.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +a_strex.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h +a_strex.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h +a_strex.o: ../../include/openssl/crypto.h ../../include/openssl/des.h +a_strex.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h +a_strex.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +a_strex.o: ../../include/openssl/err.h ../../include/openssl/evp.h a_strex.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h a_strex.o: ../../include/openssl/md2.h ../../include/openssl/md4.h a_strex.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h @@ -305,7 +306,7 @@ a_strex.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h a_strex.o: ../../include/openssl/sha.h ../../include/openssl/stack.h a_strex.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h a_strex.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h -a_strex.o: ../../include/openssl/x509_vfy.h a_strex.c charmap.h +a_strex.o: ../../include/openssl/x509_vfy.h ../cryptlib.h a_strex.c charmap.h a_strnid.o: ../../e_os.h ../../include/openssl/asn1.h a_strnid.o: ../../include/openssl/bio.h ../../include/openssl/bn.h a_strnid.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h diff --git a/crypto/asn1/a_bitstr.c b/crypto/asn1/a_bitstr.c index e0265f69d2..f4ea96cd54 100644 --- a/crypto/asn1/a_bitstr.c +++ b/crypto/asn1/a_bitstr.c @@ -191,7 +191,9 @@ int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value) if (a->data == NULL) c=(unsigned char *)OPENSSL_malloc(w+1); else - c=(unsigned char *)OPENSSL_realloc(a->data,w+1); + c=(unsigned char *)OPENSSL_realloc_clean(a->data, + a->length, + w+1); if (c == NULL) return(0); if (w+1-a->length > 0) memset(c+a->length, 0, w+1-a->length); a->data=c; diff --git a/crypto/asn1/a_bytes.c b/crypto/asn1/a_bytes.c index bb88660f58..afd27b80e1 100644 --- a/crypto/asn1/a_bytes.c +++ b/crypto/asn1/a_bytes.c @@ -285,7 +285,7 @@ static int asn1_collate_primitive(ASN1_STRING *a, ASN1_CTX *c) goto err; } - if (!BUF_MEM_grow(&b,num+os->length)) + if (!BUF_MEM_grow_clean(&b,num+os->length)) { c->error=ERR_R_BUF_LIB; goto err; diff --git a/crypto/asn1/a_d2i_fp.c b/crypto/asn1/a_d2i_fp.c index a80fbe9ff7..71b4a28611 100644 --- a/crypto/asn1/a_d2i_fp.c +++ b/crypto/asn1/a_d2i_fp.c @@ -166,7 +166,7 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb) { want-=(len-off); - if (!BUF_MEM_grow(b,len+want)) + if (!BUF_MEM_grow_clean(b,len+want)) { ASN1err(ASN1_F_ASN1_D2I_BIO,ERR_R_MALLOC_FAILURE); goto err; @@ -221,7 +221,7 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb) if (want > (len-off)) { want-=(len-off); - if (!BUF_MEM_grow(b,len+want)) + if (!BUF_MEM_grow_clean(b,len+want)) { ASN1err(ASN1_F_ASN1_D2I_BIO,ERR_R_MALLOC_FAILURE); goto err; diff --git a/crypto/asn1/a_object.c b/crypto/asn1/a_object.c index 71ce7c3896..0a8e6c287c 100644 --- a/crypto/asn1/a_object.c +++ b/crypto/asn1/a_object.c @@ -183,8 +183,8 @@ int i2a_ASN1_OBJECT(BIO *bp, ASN1_OBJECT *a) if ((a == NULL) || (a->data == NULL)) return(BIO_write(bp,"NULL",4)); - i=i2t_ASN1_OBJECT(buf,80,a); - if (i > 80) i=80; + i=i2t_ASN1_OBJECT(buf,sizeof buf,a); + if (i > sizeof buf) i=sizeof buf; BIO_write(bp,buf,i); return(i); } diff --git a/crypto/asn1/a_strex.c b/crypto/asn1/a_strex.c index 7ddb7662f1..1def6c6549 100644 --- a/crypto/asn1/a_strex.c +++ b/crypto/asn1/a_strex.c @@ -63,6 +63,7 @@ #include #include "charmap.h" +#include "cryptlib.h" /* ASN1_STRING_print_ex() and X509_NAME_print_ex(). * Enhanced string and name printing routines handling @@ -114,14 +115,17 @@ typedef int char_io(void *arg, const void *buf, int len); static int do_esc_char(unsigned long c, unsigned char flags, char *do_quotes, char_io *io_ch, void *arg) { unsigned char chflgs, chtmp; - char tmphex[11]; + char tmphex[HEX_SIZE(long)+3]; + + if(c > 0xffffffffL) + return -1; if(c > 0xffff) { - BIO_snprintf(tmphex, 11, "\\W%08lX", c); + BIO_snprintf(tmphex, sizeof tmphex, "\\W%08lX", c); if(!io_ch(arg, tmphex, 10)) return -1; return 10; } if(c > 0xff) { - BIO_snprintf(tmphex, 11, "\\U%04lX", c); + BIO_snprintf(tmphex, sizeof tmphex, "\\U%04lX", c); if(!io_ch(arg, tmphex, 6)) return -1; return 6; } @@ -195,7 +199,7 @@ static int do_buf(unsigned char *buf, int buflen, if(type & BUF_TYPE_CONVUTF8) { unsigned char utfbuf[6]; int utflen; - utflen = UTF8_putc(utfbuf, 6, c); + utflen = UTF8_putc(utfbuf, sizeof utfbuf, c); for(i = 0; i < utflen; i++) { /* We don't need to worry about setting orflags correctly * because if utflen==1 its value will be correct anyway @@ -461,7 +465,7 @@ static int do_name_ex(char_io *io_ch, void *arg, X509_NAME *n, if(fn_opt != XN_FLAG_FN_NONE) { int objlen, fld_len; if((fn_opt == XN_FLAG_FN_OID) || (fn_nid==NID_undef) ) { - OBJ_obj2txt(objtmp, 80, fn, 1); + OBJ_obj2txt(objtmp, sizeof objtmp, fn, 1); fld_len = 0; /* XXX: what should this be? */ objbuf = objtmp; } else { diff --git a/crypto/asn1/a_time.c b/crypto/asn1/a_time.c index 27ddd30899..6e5e9d845d 100644 --- a/crypto/asn1/a_time.c +++ b/crypto/asn1/a_time.c @@ -152,7 +152,7 @@ ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZE if (t->data[0] >= '5') strcpy(str, "19"); else strcpy(str, "20"); - strcat(str, (char *)t->data); + BUF_strlcat(str, (char *)t->data, t->length+2); return ret; } diff --git a/crypto/asn1/asn1_par.c b/crypto/asn1/asn1_par.c index facfdd27fc..e48532a24d 100644 --- a/crypto/asn1/asn1_par.c +++ b/crypto/asn1/asn1_par.c @@ -79,12 +79,7 @@ static int asn1_print_info(BIO *bp, int tag, int xclass, int constructed, else p="prim: "; if (BIO_write(bp,p,6) < 6) goto err; - if (indent) - { - if (indent > 128) indent=128; - memset(str,' ',indent); - if (BIO_write(bp,str,indent) < indent) goto err; - } + BIO_indent(bp,indent,128); p=str; if ((xclass & V_ASN1_PRIVATE) == V_ASN1_PRIVATE) diff --git a/crypto/asn1/f_int.c b/crypto/asn1/f_int.c index 48cc3bfb90..9494e597ab 100644 --- a/crypto/asn1/f_int.c +++ b/crypto/asn1/f_int.c @@ -169,8 +169,7 @@ int a2i_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *bs, char *buf, int size) sp=(unsigned char *)OPENSSL_malloc( (unsigned int)num+i*2); else - sp=(unsigned char *)OPENSSL_realloc(s, - (unsigned int)num+i*2); + sp=OPENSSL_realloc_clean(s,slen,num+i*2); if (sp == NULL) { ASN1err(ASN1_F_A2I_ASN1_INTEGER,ERR_R_MALLOC_FAILURE); diff --git a/crypto/asn1/t_crl.c b/crypto/asn1/t_crl.c index 60db305756..757c148df8 100644 --- a/crypto/asn1/t_crl.c +++ b/crypto/asn1/t_crl.c @@ -84,11 +84,11 @@ int X509_CRL_print_fp(FILE *fp, X509_CRL *x) int X509_CRL_print(BIO *out, X509_CRL *x) { - char buf[256]; STACK_OF(X509_REVOKED) *rev; X509_REVOKED *r; long l; int i, n; + char *p; BIO_printf(out, "Certificate Revocation List (CRL):\n"); l = X509_CRL_get_version(x); @@ -96,8 +96,9 @@ int X509_CRL_print(BIO *out, X509_CRL *x) i = OBJ_obj2nid(x->sig_alg->algorithm); BIO_printf(out, "%8sSignature Algorithm: %s\n", "", (i == NID_undef) ? "NONE" : OBJ_nid2ln(i)); - X509_NAME_oneline(X509_CRL_get_issuer(x),buf,256); - BIO_printf(out,"%8sIssuer: %s\n","",buf); + p=X509_NAME_oneline(X509_CRL_get_issuer(x),NULL,0); + BIO_printf(out,"%8sIssuer: %s\n","",p); + OPENSSL_free(p); BIO_printf(out,"%8sLast Update: ",""); ASN1_TIME_print(out,X509_CRL_get_lastUpdate(x)); BIO_printf(out,"\n%8sNext Update: ",""); diff --git a/crypto/asn1/t_pkey.c b/crypto/asn1/t_pkey.c index 2d46914cb1..4e09c9e44e 100644 --- a/crypto/asn1/t_pkey.c +++ b/crypto/asn1/t_pkey.c @@ -130,14 +130,10 @@ int RSA_print(BIO *bp, const RSA *x, int off) goto err; } - if (off) - { - if (off > 128) off=128; - memset(str,' ',off); - } if (x->d != NULL) { - if (off && (BIO_write(bp,str,off) <= 0)) goto err; + if(!BIO_indent(bp,off,128)) + goto err; if (BIO_printf(bp,"Private-Key: (%d bit)\n",BN_num_bits(x->n)) <= 0) goto err; } @@ -183,7 +179,6 @@ int DSA_print_fp(FILE *fp, const DSA *x, int off) int DSA_print(BIO *bp, const DSA *x, int off) { - char str[128]; unsigned char *m=NULL; int ret=0; size_t buf_len=0,i; @@ -210,14 +205,10 @@ int DSA_print(BIO *bp, const DSA *x, int off) goto err; } - if (off) - { - if (off > 128) off=128; - memset(str,' ',off); - } if (x->priv_key != NULL) { - if (off && (BIO_write(bp,str,off) <= 0)) goto err; + if(!BIO_indent(bp,off,128)) + goto err; if (BIO_printf(bp,"Private-Key: (%d bit)\n",BN_num_bits(x->p)) <= 0) goto err; } @@ -240,17 +231,12 @@ static int print(BIO *bp, const char *number, BIGNUM *num, unsigned char *buf, int off) { int n,i; - char str[128]; const char *neg; if (num == NULL) return(1); neg=(num->neg)?"-":""; - if (off) - { - if (off > 128) off=128; - memset(str,' ',off); - if (BIO_write(bp,str,off) <= 0) return(0); - } + if(!BIO_indent(bp,off,128)) + return 0; if (BN_num_bytes(num) <= BN_BYTES) { @@ -274,9 +260,9 @@ static int print(BIO *bp, const char *number, BIGNUM *num, unsigned char *buf, { if ((i%15) == 0) { - str[0]='\n'; - memset(&(str[1]),' ',off+4); - if (BIO_write(bp,str,off+1+4) <= 0) return(0); + if(BIO_puts(bp,"\n") <= 0 + || !BIO_indent(bp,off+4,128)) + return 0; } if (BIO_printf(bp,"%02x%s",buf[i],((i+1) == n)?"":":") <= 0) return(0); diff --git a/crypto/asn1/t_req.c b/crypto/asn1/t_req.c index 739f272ecf..740cee80c0 100644 --- a/crypto/asn1/t_req.c +++ b/crypto/asn1/t_req.c @@ -91,7 +91,6 @@ int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags, unsigned long EVP_PKEY *pkey; STACK_OF(X509_ATTRIBUTE) *sk; STACK_OF(X509_EXTENSION) *exts; - char str[128]; char mlch = ' '; int nmindent = 0; @@ -116,8 +115,9 @@ int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags, unsigned long l=0; for (i=0; iversion->length; i++) { l<<=8; l+=ri->version->data[i]; } - sprintf(str,"%8sVersion: %s%lu (%s0x%lx)\n","",neg,l,neg,l); - if (BIO_puts(bp,str) <= 0) goto err; + if(BIO_printf(bp,"%8sVersion: %s%lu (%s0x%lx)\n","",neg,l,neg, + l) <= 0) + goto err; } if(!(cflag & X509_FLAG_NO_SUBJECT)) { @@ -168,14 +168,14 @@ int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags, unsigned long if(!(cflag & X509_FLAG_NO_ATTRIBUTES)) { /* may not be */ - sprintf(str,"%8sAttributes:\n",""); - if (BIO_puts(bp,str) <= 0) goto err; + if(BIO_printf(bp,"%8sAttributes:\n","") <= 0) + goto err; sk=x->req_info->attributes; if (sk_X509_ATTRIBUTE_num(sk) == 0) { - sprintf(str,"%12sa0:00\n",""); - if (BIO_puts(bp,str) <= 0) goto err; + if(BIO_printf(bp,"%12sa0:00\n","") <= 0) + goto err; } else { @@ -190,8 +190,8 @@ int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags, unsigned long a=sk_X509_ATTRIBUTE_value(sk,i); if(X509_REQ_extension_nid(OBJ_obj2nid(a->object))) continue; - sprintf(str,"%12s",""); - if (BIO_puts(bp,str) <= 0) goto err; + if(BIO_printf(bp,"%12s","") <= 0) + goto err; if ((j=i2a_ASN1_OBJECT(bp,a->object)) > 0) { if (a->single) diff --git a/crypto/asn1/t_x509.c b/crypto/asn1/t_x509.c index 5de4833ed0..d34acf4ad1 100644 --- a/crypto/asn1/t_x509.c +++ b/crypto/asn1/t_x509.c @@ -433,15 +433,17 @@ err: int X509_NAME_print(BIO *bp, X509_NAME *name, int obase) { - char *s,*c; + char *s,*c,*b; int ret=0,l,ll,i,first=1; - char buf[256]; ll=80-2-obase; - s=X509_NAME_oneline(name,buf,256); + b=s=X509_NAME_oneline(name,NULL,0); if (!*s) + { + free(b); return 1; + } s++; /* skip the first slash */ l=ll; @@ -497,6 +499,7 @@ int X509_NAME_print(BIO *bp, X509_NAME *name, int obase) err: X509err(X509_F_X509_NAME_PRINT,ERR_R_BUF_LIB); } + free(b); return(ret); } diff --git a/crypto/asn1/t_x509a.c b/crypto/asn1/t_x509a.c index 7d4a6e6084..ffbbfb51f4 100644 --- a/crypto/asn1/t_x509a.c +++ b/crypto/asn1/t_x509a.c @@ -77,7 +77,7 @@ int X509_CERT_AUX_print(BIO *out, X509_CERT_AUX *aux, int indent) for(i = 0; i < sk_ASN1_OBJECT_num(aux->trust); i++) { if(!first) BIO_puts(out, ", "); else first = 0; - OBJ_obj2txt(oidstr, 80, + OBJ_obj2txt(oidstr, sizeof oidstr, sk_ASN1_OBJECT_value(aux->trust, i), 0); BIO_puts(out, oidstr); } @@ -90,7 +90,7 @@ int X509_CERT_AUX_print(BIO *out, X509_CERT_AUX *aux, int indent) for(i = 0; i < sk_ASN1_OBJECT_num(aux->reject); i++) { if(!first) BIO_puts(out, ", "); else first = 0; - OBJ_obj2txt(oidstr, 80, + OBJ_obj2txt(oidstr, sizeof oidstr, sk_ASN1_OBJECT_value(aux->reject, i), 0); BIO_puts(out, oidstr); } diff --git a/crypto/asn1/tasn_dec.c b/crypto/asn1/tasn_dec.c index f87c08793a..76fc023230 100644 --- a/crypto/asn1/tasn_dec.c +++ b/crypto/asn1/tasn_dec.c @@ -664,7 +664,7 @@ static int asn1_d2i_ex_primitive(ASN1_VALUE **pval, unsigned char **in, long inl if(!asn1_collect(&buf, &p, plen, inf, -1, V_ASN1_UNIVERSAL)) goto err; len = buf.length; /* Append a final null to string */ - if(!BUF_MEM_grow(&buf, len + 1)) { + if(!BUF_MEM_grow_clean(&buf, len + 1)) { ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ERR_R_MALLOC_FAILURE); return 0; } @@ -857,7 +857,7 @@ static int collect_data(BUF_MEM *buf, unsigned char **p, long plen) int len; if(buf) { len = buf->length; - if(!BUF_MEM_grow(buf, len + plen)) { + if(!BUF_MEM_grow_clean(buf, len + plen)) { ASN1err(ASN1_F_COLLECT_DATA, ERR_R_MALLOC_FAILURE); return 0; } diff --git a/crypto/asn1/tasn_prn.c b/crypto/asn1/tasn_prn.c index fab67ae5ac..719639b511 100644 --- a/crypto/asn1/tasn_prn.c +++ b/crypto/asn1/tasn_prn.c @@ -186,7 +186,7 @@ if(*bool == -1) printf("BOOL MISSING\n"); char objbuf[80], *ln; ln = OBJ_nid2ln(OBJ_obj2nid(fld)); if(!ln) ln = ""; - OBJ_obj2txt(objbuf, 80, fld, 1); + OBJ_obj2txt(objbuf, sizeof objbuf, fld, 1); BIO_printf(out, "%*s%s:%s (%s)", indent, "", "OBJECT", ln, objbuf); } else { BIO_printf(out, "%*s%s:", indent, "", name); diff --git a/crypto/bf/bftest.c b/crypto/bf/bftest.c index 09895f2542..c85bc32533 100644 --- a/crypto/bf/bftest.c +++ b/crypto/bf/bftest.c @@ -454,9 +454,9 @@ static int test(void) len=strlen(cbc_data)+1; BF_set_key(&key,16,cbc_key); - memset(cbc_in,0,40); - memset(cbc_out,0,40); - memcpy(iv,cbc_iv,8); + memset(cbc_in,0,sizeof cbc_in); + memset(cbc_out,0,sizeof cbc_out); + memcpy(iv,cbc_iv,sizeof iv); BF_cbc_encrypt((unsigned char *)cbc_data,cbc_out,len, &key,iv,BF_ENCRYPT); if (memcmp(cbc_out,cbc_ok,32) != 0) diff --git a/crypto/bio/b_print.c b/crypto/bio/b_print.c index 80c9cb69db..3f5d6a74bf 100644 --- a/crypto/bio/b_print.c +++ b/crypto/bio/b_print.c @@ -483,7 +483,7 @@ fmtint( { int signvalue = 0; unsigned LLONG uvalue; - char convert[20]; + char convert[DECIMAL_SIZE(value)+1]; int place = 0; int spadlen = 0; int zpadlen = 0; @@ -508,8 +508,8 @@ fmtint( (caps ? "0123456789ABCDEF" : "0123456789abcdef") [uvalue % (unsigned) base]; uvalue = (uvalue / (unsigned) base); - } while (uvalue && (place < 20)); - if (place == 20) + } while (uvalue && (place < sizeof convert)); + if (place == sizeof convert) place--; convert[place] = 0; @@ -641,8 +641,8 @@ fmtfp( (caps ? "0123456789ABCDEF" : "0123456789abcdef")[intpart % 10]; intpart = (intpart / 10); - } while (intpart && (iplace < 20)); - if (iplace == 20) + } while (intpart && (iplace < sizeof iplace)); + if (iplace == sizeof iplace) iplace--; iconvert[iplace] = 0; @@ -653,7 +653,7 @@ fmtfp( : "0123456789abcdef")[fracpart % 10]; fracpart = (fracpart / 10); } while (fplace < max); - if (fplace == 20) + if (fplace == sizeof fplace) fplace--; fconvert[fplace] = 0; diff --git a/crypto/bio/b_sock.c b/crypto/bio/b_sock.c index 45bd7c47e8..3188bcc69c 100644 --- a/crypto/bio/b_sock.c +++ b/crypto/bio/b_sock.c @@ -83,6 +83,7 @@ static int wsa_init_done=0; #endif +#if 0 static unsigned long BIO_ghbn_hits=0L; static unsigned long BIO_ghbn_miss=0L; @@ -93,6 +94,7 @@ static struct ghbn_cache_st struct hostent *ent; unsigned long order; } ghbn_cache[GHBN_NUM]; +#endif static int get_ip(const char *str,unsigned char *ip); #if 0 @@ -230,6 +232,7 @@ int BIO_sock_error(int sock) return(j); } +#if 0 long BIO_ghbn_ctrl(int cmd, int iarg, char *parg) { int i; @@ -267,6 +270,7 @@ long BIO_ghbn_ctrl(int cmd, int iarg, char *parg) } return(1); } +#endif #if 0 static struct hostent *ghbn_dup(struct hostent *a) diff --git a/crypto/bio/bf_buff.c b/crypto/bio/bf_buff.c index 6ccda06596..1cecd70579 100644 --- a/crypto/bio/bf_buff.c +++ b/crypto/bio/bf_buff.c @@ -482,7 +482,7 @@ static int buffer_gets(BIO *b, char *buf, int size) size-=i; ctx->ibuf_len-=i; ctx->ibuf_off+=i; - if ((flag) || (i == size)) + if (flag || size == 0) { *buf='\0'; return(num); diff --git a/crypto/bio/bio.h b/crypto/bio/bio.h index c5caf253c9..ecd2899918 100644 --- a/crypto/bio/bio.h +++ b/crypto/bio/bio.h @@ -522,6 +522,7 @@ int BIO_read(BIO *b, void *data, int len); int BIO_gets(BIO *bp,char *buf, int size); int BIO_write(BIO *b, const void *data, int len); int BIO_puts(BIO *bp,const char *buf); +int BIO_indent(BIO *b,int indent,int max); long BIO_ctrl(BIO *bp,int cmd,long larg,void *parg); long BIO_callback_ctrl(BIO *b, int cmd, void (*fp)(struct bio_st *, int, const char *, int, long, long)); char * BIO_ptr_ctrl(BIO *bp,int cmd,long larg); @@ -608,7 +609,7 @@ int BIO_new_bio_pair(BIO **bio1, size_t writebuf1, void BIO_copy_next_retry(BIO *b); -long BIO_ghbn_ctrl(int cmd,int iarg,char *parg); +/*long BIO_ghbn_ctrl(int cmd,int iarg,char *parg);*/ int BIO_printf(BIO *bio, const char *format, ...); int BIO_vprintf(BIO *bio, const char *format, va_list args); diff --git a/crypto/bio/bio_lib.c b/crypto/bio/bio_lib.c index 50df2238fa..98ce395519 100644 --- a/crypto/bio/bio_lib.c +++ b/crypto/bio/bio_lib.c @@ -272,6 +272,18 @@ int BIO_gets(BIO *b, char *in, int inl) return(i); } +int BIO_indent(BIO *b,int indent,int max) + { + if(indent < 0) + indent=0; + if(indent > max) + indent=max; + while(indent--) + if(BIO_puts(b," ") != 1) + return 0; + return 1; + } + long BIO_int_ctrl(BIO *b, int cmd, long larg, int iarg) { int i; diff --git a/crypto/bio/bss_conn.c b/crypto/bio/bss_conn.c index f91ae4c8c6..743db6ff94 100644 --- a/crypto/bio/bss_conn.c +++ b/crypto/bio/bss_conn.c @@ -519,7 +519,7 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr) else if (num == 2) { char buf[16]; - char *p = ptr; + unsigned char *p = ptr; sprintf(buf,"%d.%d.%d.%d", p[0],p[1],p[2],p[3]); @@ -530,7 +530,7 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr) } else if (num == 3) { - char buf[16]; + char buf[DECIMAL_SIZE(int)+1]; sprintf(buf,"%d",*(int *)ptr); if (data->param_port != NULL) diff --git a/crypto/bio/bss_log.c b/crypto/bio/bss_log.c index a39d95297c..901b64f3ae 100644 --- a/crypto/bio/bss_log.c +++ b/crypto/bio/bss_log.c @@ -274,7 +274,7 @@ static void xsyslog(BIO *bp, int priority, const char *string) LPCSTR lpszStrings[2]; WORD evtype= EVENTLOG_ERROR_TYPE; int pid = _getpid(); - char pidbuf[20]; + char pidbuf[DECIMAL_SIZE(pid)+4]; switch (priority) { diff --git a/crypto/bio/bss_mem.c b/crypto/bio/bss_mem.c index 28ff7582bf..a4edb711ae 100644 --- a/crypto/bio/bss_mem.c +++ b/crypto/bio/bss_mem.c @@ -190,7 +190,7 @@ static int mem_write(BIO *b, const char *in, int inl) BIO_clear_retry_flags(b); blen=bm->length; - if (BUF_MEM_grow(bm,blen+inl) != (blen+inl)) + if (BUF_MEM_grow_clean(bm,blen+inl) != (blen+inl)) goto end; memcpy(&(bm->data[blen]),in,inl); ret=inl; @@ -284,7 +284,11 @@ static int mem_gets(BIO *bp, char *buf, int size) BIO_clear_retry_flags(bp); j=bm->length; - if (j <= 0) return(0); + if (j <= 0) + { + *buf='\0'; + return 0; + } p=bm->data; for (i=0; ilength >= len) + { + memset(&str->data[len],0,str->length-len); + str->length=len; + return(len); + } + if (str->max >= len) + { + memset(&str->data[str->length],0,len-str->length); + str->length=len; + return(len); + } + n=(len+3)/3*4; + if (str->data == NULL) + ret=OPENSSL_malloc(n); + else + ret=OPENSSL_realloc_clean(str->data,str->max,n); + if (ret == NULL) + { + BUFerr(BUF_F_BUF_MEM_GROW,ERR_R_MALLOC_FAILURE); + len=0; + } + else + { + str->data=ret; + str->max=n; + memset(&str->data[str->length],0,len-str->length); + str->length=len; + } + return(len); + } + char *BUF_strdup(const char *str) { char *ret; @@ -143,3 +180,23 @@ char *BUF_strdup(const char *str) return(ret); } +size_t BUF_strlcpy(char *dst, const char *src, size_t size) + { + size_t l = 0; + for(; size > 1 && *src; size--) + { + *dst++ = *src++; + l++; + } + if (size) + *dst = '\0'; + return l + strlen(src); + } + +size_t BUF_strlcat(char *dst, const char *src, size_t size) + { + size_t l = 0; + for(; size > 0 && *dst; size--, dst++) + l++; + return l + BUF_strlcpy(dst, src, size); + } diff --git a/crypto/buffer/buffer.h b/crypto/buffer/buffer.h index 11e2d0359a..b6307f52ec 100644 --- a/crypto/buffer/buffer.h +++ b/crypto/buffer/buffer.h @@ -63,6 +63,8 @@ extern "C" { #endif +#include + typedef struct buf_mem_st { int length; /* current number of bytes */ @@ -73,8 +75,14 @@ typedef struct buf_mem_st BUF_MEM *BUF_MEM_new(void); void BUF_MEM_free(BUF_MEM *a); int BUF_MEM_grow(BUF_MEM *str, int len); +int BUF_MEM_grow_clean(BUF_MEM *str, int len); char * BUF_strdup(const char *str); +/* safe string functions */ +size_t BUF_strlcpy(char *dst,const char *src,size_t siz); +size_t BUF_strlcat(char *dst,const char *src,size_t siz); + + /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes * made after this point may be overwritten when the script is next run. diff --git a/crypto/conf/conf_def.c b/crypto/conf/conf_def.c index 80ac97526d..806677dc10 100644 --- a/crypto/conf/conf_def.c +++ b/crypto/conf/conf_def.c @@ -628,7 +628,7 @@ static int str_copy(CONF *conf, char *section, char **pto, char *from) CONFerr(CONF_F_STR_COPY,CONF_R_VARIABLE_HAS_NO_VALUE); goto err; } - BUF_MEM_grow(buf,(strlen(p)+len-(e-from))); + BUF_MEM_grow_clean(buf,(strlen(p)+len-(e-from))); while (*p) buf->data[to++]= *(p++); from=e; diff --git a/crypto/cryptlib.c b/crypto/cryptlib.c index 0849245924..690cee5f4e 100644 --- a/crypto/cryptlib.c +++ b/crypto/cryptlib.c @@ -493,3 +493,11 @@ BOOL WINAPI DLLEntryPoint(HINSTANCE hinstDLL, DWORD fdwReason, #endif #endif + +void OpenSSLDie(const char *file,int line,const char *assertion) + { + fprintf(stderr, + "%s(%d): OpenSSL internal error, assertion failed: %s\n", + file,line,assertion); + abort(); + } diff --git a/crypto/cryptlib.h b/crypto/cryptlib.h index 88e4ae509f..b8727aa6e1 100644 --- a/crypto/cryptlib.h +++ b/crypto/cryptlib.h @@ -89,9 +89,13 @@ extern "C" { #define X509_CERT_DIR_EVP "SSL_CERT_DIR" #define X509_CERT_FILE_EVP "SSL_CERT_FILE" -/* size of string represenations */ -#define DECIMAL_SIZE(type) ((sizeof(type)*8+2)/3+1) -#define HEX_SIZE(type) ((sizeof(type)*2) +/* size of string representations */ +#define DECIMAL_SIZE(type) ((sizeof(type)*8+2)/3+1) +#define HEX_SIZE(type) (sizeof(type)*2) + +/* die if we have to */ +void OpenSSLDie(const char *file,int line,const char *assertion); +#define OPENSSL_assert(e) ((e) ? (void)0 : OpenSSLDie(__FILE__, __LINE__, #e)) #ifdef __cplusplus } diff --git a/crypto/crypto.h b/crypto/crypto.h index 5b43eff8f0..ba0c114bcb 100644 --- a/crypto/crypto.h +++ b/crypto/crypto.h @@ -279,6 +279,8 @@ int CRYPTO_is_mem_check_on(void); #define OPENSSL_malloc(num) CRYPTO_malloc((int)num,__FILE__,__LINE__) #define OPENSSL_realloc(addr,num) \ CRYPTO_realloc((char *)addr,(int)num,__FILE__,__LINE__) +#define OPENSSL_realloc_clean(addr,old_num,num) \ + CRYPTO_realloc_clean(addr,old_num,num,__FILE__,__LINE__) #define OPENSSL_remalloc(addr,num) \ CRYPTO_remalloc((char **)addr,(int)num,__FILE__,__LINE__) #define OPENSSL_freeFunc CRYPTO_free @@ -381,6 +383,8 @@ void CRYPTO_free_locked(void *); void *CRYPTO_malloc(int num, const char *file, int line); void CRYPTO_free(void *); void *CRYPTO_realloc(void *addr,int num, const char *file, int line); +void *CRYPTO_realloc_clean(void *addr,int old_num,int num,const char *file, + int line); void *CRYPTO_remalloc(void *addr,int num, const char *file, int line); void CRYPTO_set_mem_debug_options(long bits); @@ -423,7 +427,6 @@ void CRYPTO_mem_leaks(struct bio_st *bio); typedef void *CRYPTO_MEM_LEAK_CB(unsigned long, const char *, int, int, void *); void CRYPTO_mem_leaks_cb(CRYPTO_MEM_LEAK_CB *cb); - /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes * made after this point may be overwritten when the script is next run. diff --git a/crypto/dsa/dsa_lib.c b/crypto/dsa/dsa_lib.c index da2cdfa3d6..9fe002cb0a 100644 --- a/crypto/dsa/dsa_lib.c +++ b/crypto/dsa/dsa_lib.c @@ -228,6 +228,7 @@ int DSA_size(const DSA *r) i=BN_num_bits(r->q); bs.length=(i+7)/8; + OPENSSL_assert(bs.length <= sizeof buf); bs.data=buf; bs.type=V_ASN1_INTEGER; /* If the top bit is set the asn1 encoding is 1 larger. */ diff --git a/crypto/evp/bio_b64.c b/crypto/evp/bio_b64.c index f12eac1b55..6e550f6a43 100644 --- a/crypto/evp/bio_b64.c +++ b/crypto/evp/bio_b64.c @@ -165,6 +165,7 @@ static int b64_read(BIO *b, char *out, int outl) { i=ctx->buf_len-ctx->buf_off; if (i > outl) i=outl; + OPENSSL_assert(ctx->buf_off+i < sizeof ctx->buf); memcpy(out,&(ctx->buf[ctx->buf_off]),i); ret=i; out+=i; diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c index a969ac69ed..9d18728d30 100644 --- a/crypto/evp/digest.c +++ b/crypto/evp/digest.c @@ -219,6 +219,8 @@ int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size) int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size) { int ret; + + OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE); ret=ctx->digest->final(ctx,md); if (size != NULL) *size=ctx->digest->md_size; diff --git a/crypto/evp/e_rc2.c b/crypto/evp/e_rc2.c index 4685198e2e..d42cbfd17e 100644 --- a/crypto/evp/e_rc2.c +++ b/crypto/evp/e_rc2.c @@ -174,6 +174,7 @@ static int rc2_get_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) if (type != NULL) { l=EVP_CIPHER_CTX_iv_length(c); + OPENSSL_assert(l <= sizeof iv); i=ASN1_TYPE_get_int_octetstring(type,&num,iv,l); if (i != l) return(-1); diff --git a/crypto/evp/e_rc4.c b/crypto/evp/e_rc4.c index 4064cc5fa0..d58f507837 100644 --- a/crypto/evp/e_rc4.c +++ b/crypto/evp/e_rc4.c @@ -69,8 +69,6 @@ typedef struct { - /* FIXME: what is the key for? */ - unsigned char key[EVP_RC4_KEY_SIZE]; RC4_KEY ks; /* working key */ } EVP_RC4_KEY; @@ -121,9 +119,8 @@ const EVP_CIPHER *EVP_rc4_40(void) static int rc4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc) { - memcpy(&data(ctx)->key[0],key,EVP_CIPHER_CTX_key_length(ctx)); RC4_set_key(&data(ctx)->ks,EVP_CIPHER_CTX_key_length(ctx), - data(ctx)->key); + key); return 1; } diff --git a/crypto/evp/encode.c b/crypto/evp/encode.c index 12c6379df1..08209357ce 100644 --- a/crypto/evp/encode.c +++ b/crypto/evp/encode.c @@ -136,6 +136,7 @@ void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, *outl=0; if (inl == 0) return; + OPENSSL_assert(ctx->length <= sizeof ctx->enc_data); if ((ctx->num+inl) < ctx->length) { memcpy(&(ctx->enc_data[ctx->num]),in,inl); @@ -258,6 +259,7 @@ int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, /* only save the good data :-) */ if (!B64_NOT_BASE64(v)) { + OPENSSL_assert(n < sizeof ctx->enc_data); d[n++]=tmp; ln++; } diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c index 32a1c7a2e9..39a66f189f 100644 --- a/crypto/evp/evp_enc.c +++ b/crypto/evp/evp_enc.c @@ -63,8 +63,6 @@ #include #include "evp_locl.h" -#include - const char *EVP_version="EVP" OPENSSL_VERSION_PTEXT; void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx) @@ -163,9 +161,9 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp } skip_to_init: /* we assume block size is a power of 2 in *cryptUpdate */ - assert(ctx->cipher->block_size == 1 - || ctx->cipher->block_size == 8 - || ctx->cipher->block_size == 16); + OPENSSL_assert(ctx->cipher->block_size == 1 + || ctx->cipher->block_size == 8 + || ctx->cipher->block_size == 16); if(!(EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_CUSTOM_IV)) { switch(EVP_CIPHER_CTX_mode(ctx)) { @@ -181,6 +179,7 @@ skip_to_init: case EVP_CIPH_CBC_MODE: + OPENSSL_assert(EVP_CIPHER_CTX_iv_length(ctx) <= sizeof ctx->iv); if(iv) memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx)); memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx)); break; @@ -251,6 +250,7 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, { int i,j,bl; + OPENSSL_assert(inl > 0); if(ctx->buf_len == 0 && (inl&(ctx->block_mask)) == 0) { if(ctx->cipher->do_cipher(ctx,out,in,inl)) @@ -266,6 +266,7 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, } i=ctx->buf_len; bl=ctx->cipher->block_size; + OPENSSL_assert(bl <= sizeof ctx->buf); if (i != 0) { if (i+inl < bl) @@ -314,6 +315,7 @@ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) int i,n,b,bl,ret; b=ctx->cipher->block_size; + OPENSSL_assert(b <= sizeof ctx->buf); if (b == 1) { *outl=0; @@ -358,6 +360,7 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, return EVP_EncryptUpdate(ctx, out, outl, in, inl); b=ctx->cipher->block_size; + OPENSSL_assert(b <= sizeof ctx->final); if(ctx->final_used) { @@ -420,6 +423,7 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_WRONG_FINAL_BLOCK_LENGTH); return(0); } + OPENSSL_assert(b <= sizeof ctx->final); n=ctx->final[b-1]; if (n > b) { diff --git a/crypto/evp/evp_key.c b/crypto/evp/evp_key.c index 4271393069..dc103bd1d7 100644 --- a/crypto/evp/evp_key.c +++ b/crypto/evp/evp_key.c @@ -118,6 +118,8 @@ int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md, nkey=type->key_len; niv=type->iv_len; + OPENSSL_assert(nkey <= EVP_MAX_KEY_LENGTH); + OPENSSL_assert(niv <= EVP_MAX_IV_LENGTH); if (data == NULL) return(nkey); diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c index a431945ef5..52a3b287be 100644 --- a/crypto/evp/evp_lib.c +++ b/crypto/evp/evp_lib.c @@ -90,6 +90,7 @@ int EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) if (type != NULL) { l=EVP_CIPHER_CTX_iv_length(c); + OPENSSL_assert(l <= sizeof c->iv); i=ASN1_TYPE_get_octetstring(type,c->oiv,l); if (i != l) return(-1); @@ -106,6 +107,7 @@ int EVP_CIPHER_set_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) if (type != NULL) { j=EVP_CIPHER_CTX_iv_length(c); + OPENSSL_assert(j <= sizeof c->iv); i=ASN1_TYPE_set_octetstring(type,c->oiv,j); } return(i); diff --git a/crypto/evp/evp_pbe.c b/crypto/evp/evp_pbe.c index bcd4d29f85..0da88fdcff 100644 --- a/crypto/evp/evp_pbe.c +++ b/crypto/evp/evp_pbe.c @@ -88,7 +88,7 @@ int EVP_PBE_CipherInit (ASN1_OBJECT *pbe_obj, const char *pass, int passlen, char obj_tmp[80]; EVPerr(EVP_F_EVP_PBE_CIPHERINIT,EVP_R_UNKNOWN_PBE_ALGORITHM); if (!pbe_obj) strcpy (obj_tmp, "NULL"); - else i2t_ASN1_OBJECT(obj_tmp, 80, pbe_obj); + else i2t_ASN1_OBJECT(obj_tmp, sizeof obj_tmp, pbe_obj); ERR_add_error_data(2, "TYPE=", obj_tmp); return 0; } diff --git a/crypto/evp/p5_crpt.c b/crypto/evp/p5_crpt.c index 27a8286489..d15b799281 100644 --- a/crypto/evp/p5_crpt.c +++ b/crypto/evp/p5_crpt.c @@ -140,7 +140,9 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen, EVP_DigestFinal_ex (&ctx, md_tmp, NULL); } EVP_MD_CTX_cleanup(&ctx); + OPENSSL_assert(EVP_CIPHER_key_length(cipher) <= sizeof md_tmp); memcpy(key, md_tmp, EVP_CIPHER_key_length(cipher)); + OPENSSL_assert(EVP_CIPHER_iv_length(cipher) <= 16); memcpy(iv, md_tmp + (16 - EVP_CIPHER_iv_length(cipher)), EVP_CIPHER_iv_length(cipher)); EVP_CipherInit_ex(cctx, cipher, NULL, key, iv, en_de); diff --git a/crypto/evp/p5_crpt2.c b/crypto/evp/p5_crpt2.c index 7485d6a278..098ce8afa0 100644 --- a/crypto/evp/p5_crpt2.c +++ b/crypto/evp/p5_crpt2.c @@ -190,6 +190,7 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, goto err; } keylen = EVP_CIPHER_CTX_key_length(ctx); + OPENSSL_assert(keylen <= sizeof key); /* Now decode key derivation function */ diff --git a/crypto/hmac/Makefile.ssl b/crypto/hmac/Makefile.ssl index b91f204299..d48df0597e 100644 --- a/crypto/hmac/Makefile.ssl +++ b/crypto/hmac/Makefile.ssl @@ -79,21 +79,23 @@ clean: # DO NOT DELETE THIS LINE -- make depend depends on it. -hmac.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h +hmac.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h hmac.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h -hmac.o: ../../include/openssl/bn.h ../../include/openssl/cast.h -hmac.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -hmac.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h -hmac.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +hmac.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +hmac.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h +hmac.o: ../../include/openssl/des.h ../../include/openssl/des_old.h +hmac.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h +hmac.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h hmac.o: ../../include/openssl/evp.h ../../include/openssl/hmac.h -hmac.o: ../../include/openssl/idea.h ../../include/openssl/md2.h -hmac.o: ../../include/openssl/md4.h ../../include/openssl/md5.h -hmac.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h -hmac.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -hmac.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -hmac.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -hmac.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h -hmac.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -hmac.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -hmac.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -hmac.o: ../../include/openssl/ui_compat.h hmac.c +hmac.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h +hmac.o: ../../include/openssl/md2.h ../../include/openssl/md4.h +hmac.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h +hmac.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +hmac.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +hmac.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rc2.h +hmac.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h +hmac.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h +hmac.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +hmac.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +hmac.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h +hmac.o: ../cryptlib.h hmac.c diff --git a/crypto/hmac/hmac.c b/crypto/hmac/hmac.c index da363b7950..4c91f919d5 100644 --- a/crypto/hmac/hmac.c +++ b/crypto/hmac/hmac.c @@ -59,6 +59,7 @@ #include #include #include +#include "cryptlib.h" void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, const EVP_MD *md, ENGINE *impl) @@ -78,6 +79,7 @@ void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, { reset=1; j=EVP_MD_block_size(md); + OPENSSL_assert(j <= sizeof ctx->key); if (j < len) { EVP_DigestInit_ex(&ctx->md_ctx,md, impl); @@ -87,6 +89,7 @@ void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, } else { + OPENSSL_assert(len <= sizeof ctx->key); memcpy(ctx->key,key,len); ctx->key_length=len; } diff --git a/crypto/lhash/lh_stats.c b/crypto/lhash/lh_stats.c index 39ea2885f4..5aa7766aa6 100644 --- a/crypto/lhash/lh_stats.c +++ b/crypto/lhash/lh_stats.c @@ -179,49 +179,29 @@ end:; void lh_stats_bio(const LHASH *lh, BIO *out) { - char buf[128]; - - sprintf(buf,"num_items = %lu\n",lh->num_items); - BIO_puts(out,buf); - sprintf(buf,"num_nodes = %u\n",lh->num_nodes); - BIO_puts(out,buf); - sprintf(buf,"num_alloc_nodes = %u\n",lh->num_alloc_nodes); - BIO_puts(out,buf); - sprintf(buf,"num_expands = %lu\n",lh->num_expands); - BIO_puts(out,buf); - sprintf(buf,"num_expand_reallocs = %lu\n",lh->num_expand_reallocs); - BIO_puts(out,buf); - sprintf(buf,"num_contracts = %lu\n",lh->num_contracts); - BIO_puts(out,buf); - sprintf(buf,"num_contract_reallocs = %lu\n",lh->num_contract_reallocs); - BIO_puts(out,buf); - sprintf(buf,"num_hash_calls = %lu\n",lh->num_hash_calls); - BIO_puts(out,buf); - sprintf(buf,"num_comp_calls = %lu\n",lh->num_comp_calls); - BIO_puts(out,buf); - sprintf(buf,"num_insert = %lu\n",lh->num_insert); - BIO_puts(out,buf); - sprintf(buf,"num_replace = %lu\n",lh->num_replace); - BIO_puts(out,buf); - sprintf(buf,"num_delete = %lu\n",lh->num_delete); - BIO_puts(out,buf); - sprintf(buf,"num_no_delete = %lu\n",lh->num_no_delete); - BIO_puts(out,buf); - sprintf(buf,"num_retrieve = %lu\n",lh->num_retrieve); - BIO_puts(out,buf); - sprintf(buf,"num_retrieve_miss = %lu\n",lh->num_retrieve_miss); - BIO_puts(out,buf); - sprintf(buf,"num_hash_comps = %lu\n",lh->num_hash_comps); - BIO_puts(out,buf); + BIO_printf(out,"num_items = %lu\n",lh->num_items); + BIO_printf(out,"num_nodes = %u\n",lh->num_nodes); + BIO_printf(out,"num_alloc_nodes = %u\n",lh->num_alloc_nodes); + BIO_printf(out,"num_expands = %lu\n",lh->num_expands); + BIO_printf(out,"num_expand_reallocs = %lu\n", + lh->num_expand_reallocs); + BIO_printf(out,"num_contracts = %lu\n",lh->num_contracts); + BIO_printf(out,"num_contract_reallocs = %lu\n", + lh->num_contract_reallocs); + BIO_printf(out,"num_hash_calls = %lu\n",lh->num_hash_calls); + BIO_printf(out,"num_comp_calls = %lu\n",lh->num_comp_calls); + BIO_printf(out,"num_insert = %lu\n",lh->num_insert); + BIO_printf(out,"num_replace = %lu\n",lh->num_replace); + BIO_printf(out,"num_delete = %lu\n",lh->num_delete); + BIO_printf(out,"num_no_delete = %lu\n",lh->num_no_delete); + BIO_printf(out,"num_retrieve = %lu\n",lh->num_retrieve); + BIO_printf(out,"num_retrieve_miss = %lu\n",lh->num_retrieve_miss); + BIO_printf(out,"num_hash_comps = %lu\n",lh->num_hash_comps); #if 0 - sprintf(buf,"p = %u\n",lh->p); - BIO_puts(out,buf); - sprintf(buf,"pmax = %u\n",lh->pmax); - BIO_puts(out,buf); - sprintf(buf,"up_load = %lu\n",lh->up_load); - BIO_puts(out,buf); - sprintf(buf,"down_load = %lu\n",lh->down_load); - BIO_puts(out,buf); + BIO_printf(out,"p = %u\n",lh->p); + BIO_printf(out,"pmax = %u\n",lh->pmax); + BIO_printf(out,"up_load = %lu\n",lh->up_load); + BIO_printf(out,"down_load = %lu\n",lh->down_load); #endif } @@ -229,14 +209,12 @@ void lh_node_stats_bio(const LHASH *lh, BIO *out) { LHASH_NODE *n; unsigned int i,num; - char buf[128]; for (i=0; inum_nodes; i++) { for (n=lh->b[i],num=0; n != NULL; n=n->next) num++; - sprintf(buf,"node %6u -> %3u\n",i,num); - BIO_puts(out,buf); + BIO_printf(out,"node %6u -> %3u\n",i,num); } } @@ -246,7 +224,6 @@ void lh_node_usage_stats_bio(const LHASH *lh, BIO *out) unsigned long num; unsigned int i; unsigned long total=0,n_used=0; - char buf[128]; for (i=0; inum_nodes; i++) { @@ -258,17 +235,14 @@ void lh_node_usage_stats_bio(const LHASH *lh, BIO *out) total+=num; } } - sprintf(buf,"%lu nodes used out of %u\n",n_used,lh->num_nodes); - BIO_puts(out,buf); - sprintf(buf,"%lu items\n",total); - BIO_puts(out,buf); + BIO_printf(out,"%lu nodes used out of %u\n",n_used,lh->num_nodes); + BIO_printf(out,"%lu items\n",total); if (n_used == 0) return; - sprintf(buf,"load %d.%02d actual load %d.%02d\n", - (int)(total/lh->num_nodes), - (int)((total%lh->num_nodes)*100/lh->num_nodes), - (int)(total/n_used), - (int)((total%n_used)*100/n_used)); - BIO_puts(out,buf); + BIO_printf(out,"load %d.%02d actual load %d.%02d\n", + (int)(total/lh->num_nodes), + (int)((total%lh->num_nodes)*100/lh->num_nodes), + (int)(total/n_used), + (int)((total%n_used)*100/n_used)); } #endif diff --git a/crypto/md2/md2_dgst.c b/crypto/md2/md2_dgst.c index e25dd00e02..f98009acad 100644 --- a/crypto/md2/md2_dgst.c +++ b/crypto/md2/md2_dgst.c @@ -118,9 +118,9 @@ const char *MD2_options(void) int MD2_Init(MD2_CTX *c) { c->num=0; - memset(c->state,0,MD2_BLOCK*sizeof(MD2_INT)); - memset(c->cksm,0,MD2_BLOCK*sizeof(MD2_INT)); - memset(c->data,0,MD2_BLOCK); + memset(c->state,0,sizeof c->state); + memset(c->cksm,0,sizeof c->cksm); + memset(c->data,0,sizeof c->data); return 1; } diff --git a/crypto/md4/md4.c b/crypto/md4/md4.c index e4b0aac011..2ac2d914ff 100644 --- a/crypto/md4/md4.c +++ b/crypto/md4/md4.c @@ -108,7 +108,7 @@ void do_fp(FILE *f) MD4_Init(&c); for (;;) { - i=read(fd,buf,BUFSIZE); + i=read(fd,buf,sizeof buf); if (i <= 0) break; MD4_Update(&c,buf,(unsigned long)i); } diff --git a/crypto/mem.c b/crypto/mem.c index a7826908e6..03d2569bce 100644 --- a/crypto/mem.c +++ b/crypto/mem.c @@ -305,7 +305,6 @@ void *CRYPTO_realloc(void *str, int num, const char *file, int line) if (str == NULL) return CRYPTO_malloc(num, file, line); - if (realloc_debug_func != NULL) realloc_debug_func(str, NULL, num, file, line, 0); ret = realloc_ex_func(str,num,file,line); @@ -318,6 +317,29 @@ void *CRYPTO_realloc(void *str, int num, const char *file, int line) return ret; } +void *CRYPTO_realloc_clean(void *str, int old_len, int num, const char *file, + int line) + { + void *ret = NULL; + + if (str == NULL) + return CRYPTO_malloc(num, file, line); + if (realloc_debug_func != NULL) + realloc_debug_func(str, NULL, num, file, line, 0); + ret=malloc_ex_func(num,file,line); + if(ret) + memcpy(ret,str,old_len); + memset(str,'\0',old_len); + free_func(str); +#ifdef LEVITTE_DEBUG_MEM + fprintf(stderr, "LEVITTE_DEBUG_MEM: | 0x%p -> 0x%p (%d)\n", str, ret, num); +#endif + if (realloc_debug_func != NULL) + realloc_debug_func(str, ret, num, file, line, 1); + + return ret; + } + void CRYPTO_free(void *str) { if (free_debug_func != NULL) @@ -337,7 +359,6 @@ void *CRYPTO_remalloc(void *a, int num, const char *file, int line) return(a); } - void CRYPTO_set_mem_debug_options(long bits) { if (set_debug_options_func != NULL) diff --git a/crypto/mem_dbg.c b/crypto/mem_dbg.c index 1c4e04f51f..0c1855afb1 100644 --- a/crypto/mem_dbg.c +++ b/crypto/mem_dbg.c @@ -666,7 +666,6 @@ static IMPLEMENT_LHASH_DOALL_ARG_FN(print_leak, const MEM *, MEM_LEAK *) void CRYPTO_mem_leaks(BIO *b) { MEM_LEAK ml; - char buf[80]; if (mh == NULL && amih == NULL) return; @@ -681,9 +680,8 @@ void CRYPTO_mem_leaks(BIO *b) (char *)&ml); if (ml.chunks != 0) { - sprintf(buf,"%ld bytes leaked in %d chunks\n", - ml.bytes,ml.chunks); - BIO_puts(b,buf); + BIO_printf(b,"%ld bytes leaked in %d chunks\n", + ml.bytes,ml.chunks); } else { diff --git a/crypto/objects/obj_dat.c b/crypto/objects/obj_dat.c index ce779dc1b5..5d983e3ed4 100644 --- a/crypto/objects/obj_dat.c +++ b/crypto/objects/obj_dat.c @@ -464,7 +464,7 @@ int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name) sprintf(tbuf,"%d.%lu",i,l); i=strlen(tbuf); - strncpy(buf,tbuf,buf_len); + BUF_strlcpy(buf,tbuf,buf_len); buf_len-=i; buf+=i; n+=i; @@ -476,7 +476,7 @@ int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name) sprintf(tbuf,".%lu",l); i=strlen(tbuf); if (buf_len > 0) - strncpy(buf,tbuf,buf_len); + BUF_strlcpy(buf,tbuf,buf_len); buf_len-=i; buf+=i; n+=i; @@ -488,10 +488,9 @@ int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name) s=OBJ_nid2ln(nid); if (s == NULL) s=OBJ_nid2sn(nid); - strncpy(buf,s,buf_len); + BUF_strlcpy(buf,s,buf_len); n=strlen(s); } - buf[buf_len-1]='\0'; return(n); } diff --git a/crypto/ocsp/ocsp_ht.c b/crypto/ocsp/ocsp_ht.c index b78cd37092..3194fd90d0 100644 --- a/crypto/ocsp/ocsp_ht.c +++ b/crypto/ocsp/ocsp_ht.c @@ -94,7 +94,7 @@ Content-Length: %d\r\n\r\n"; } if(!(mem = BIO_new(BIO_s_mem()))) goto err; /* Copy response to a memory BIO: socket bios can't do gets! */ - while ((len = BIO_read(b, tmpbuf, 1024))) { + while ((len = BIO_read(b, tmpbuf, sizeof tmpbuf))) { if(len < 0) { OCSPerr(OCSP_F_OCSP_SENDREQ_BIO,OCSP_R_SERVER_READ_ERROR); goto err; diff --git a/crypto/pem/pem.h b/crypto/pem/pem.h index 3785fca77d..d330cbf9a3 100644 --- a/crypto/pem/pem.h +++ b/crypto/pem/pem.h @@ -149,7 +149,7 @@ typedef struct pem_recip_st int cipher; int key_enc; - char iv[8]; + /* char iv[8]; unused and wrong size */ } PEM_USER; typedef struct pem_ctx_st @@ -165,7 +165,8 @@ typedef struct pem_ctx_st struct { int cipher; - unsigned char iv[8]; + /* unused, and wrong size + unsigned char iv[8]; */ } DEK_info; PEM_USER *originator; @@ -187,7 +188,8 @@ typedef struct pem_ctx_st EVP_CIPHER *dec; /* date encryption cipher */ int key_len; /* key length */ unsigned char *key; /* key */ - unsigned char iv[8]; /* the iv */ + /* unused, and wrong size + unsigned char iv[8]; */ int data_enc; /* is the data encrypted */ diff --git a/crypto/pem/pem_info.c b/crypto/pem/pem_info.c index 9a6dffb45c..fa58562ad5 100644 --- a/crypto/pem/pem_info.c +++ b/crypto/pem/pem_info.c @@ -324,6 +324,7 @@ int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc, } /* create the right magic header stuff */ + OPENSSL_assert(strlen(objstr)+23+2*enc->iv_len+13 <= sizeof buf); buf[0]='\0'; PEM_proc_type(buf,PEM_TYPE_ENCRYPTED); PEM_dek_info(buf,objstr,enc->iv_len,(char *)iv); diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c index 296865a4dc..80be9aae81 100644 --- a/crypto/pem/pem_lib.c +++ b/crypto/pem/pem_lib.c @@ -138,7 +138,7 @@ void PEM_proc_type(char *buf, int type) void PEM_dek_info(char *buf, const char *type, int len, char *str) { - static unsigned char map[17]="0123456789ABCDEF"; + static const unsigned char map[17]="0123456789ABCDEF"; long i; int j; @@ -304,6 +304,7 @@ int PEM_ASN1_write_bio(int (*i2d)(), const char *name, BIO *bp, char *x, goto err; } /* dzise + 8 bytes are needed */ + // actually it needs the cipher block size extra... data=(unsigned char *)OPENSSL_malloc((unsigned int)dsize+20); if (data == NULL) { @@ -333,6 +334,7 @@ int PEM_ASN1_write_bio(int (*i2d)(), const char *name, BIO *bp, char *x, kstr=(unsigned char *)buf; } RAND_add(data,i,0);/* put in the RSA key. */ + OPENSSL_assert(enc->iv_len <= sizeof iv); if (RAND_pseudo_bytes(iv,enc->iv_len) < 0) /* Generate a salt */ goto err; /* The 'iv' is used as the iv and as a salt. It is @@ -341,6 +343,8 @@ int PEM_ASN1_write_bio(int (*i2d)(), const char *name, BIO *bp, char *x, if (kstr == (unsigned char *)buf) memset(buf,0,PEM_BUFSIZE); + OPENSSL_assert(strlen(objstr)+23+2*enc->iv_len+13 <= sizeof buf); + buf[0]='\0'; PEM_proc_type(buf,PEM_TYPE_ENCRYPTED); PEM_dek_info(buf,objstr,enc->iv_len,(char *)iv); @@ -691,7 +695,7 @@ int PEM_read_bio(BIO *bp, char **name, char **header, unsigned char **data, if (strncmp(buf,"-----END ",9) == 0) break; if (i > 65) break; - if (!BUF_MEM_grow(dataB,i+bl+9)) + if (!BUF_MEM_grow_clean(dataB,i+bl+9)) { PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE); goto err; diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c index 4a4ff340ce..7f9f49bcfa 100644 --- a/crypto/pkcs7/pk7_doit.c +++ b/crypto/pkcs7/pk7_doit.c @@ -578,7 +578,7 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) /* We now have the EVP_MD_CTX, lets do the * signing. */ EVP_MD_CTX_copy_ex(&ctx_tmp,mdc); - if (!BUF_MEM_grow(buf,EVP_PKEY_size(si->pkey))) + if (!BUF_MEM_grow_clean(buf,EVP_PKEY_size(si->pkey))) { PKCS7err(PKCS7_F_PKCS7_DATASIGN,ERR_R_BIO_LIB); goto err; diff --git a/crypto/rand/rand_egd.c b/crypto/rand/rand_egd.c index 53a726e1aa..1f168221e3 100644 --- a/crypto/rand/rand_egd.c +++ b/crypto/rand/rand_egd.c @@ -143,7 +143,7 @@ int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes) memset(&addr, 0, sizeof(addr)); addr.sun_family = AF_UNIX; - if (strlen(path) > sizeof(addr.sun_path)) + if (strlen(path) >= sizeof(addr.sun_path)) return (-1); strcpy(addr.sun_path,path); len = offsetof(struct sockaddr_un, sun_path) + strlen(path); diff --git a/crypto/rand/randfile.c b/crypto/rand/randfile.c index 982074c465..7c2673a61f 100644 --- a/crypto/rand/randfile.c +++ b/crypto/rand/randfile.c @@ -203,8 +203,9 @@ const char *RAND_file_name(char *buf, size_t size) s=getenv("RANDFILE"); if (s != NULL) { - strncpy(buf,s,size-1); - buf[size-1]='\0'; + if(strlen(s) >= size) + return NULL; + strcpy(buf,s); ret=buf; } else diff --git a/crypto/txt_db/txt_db.c b/crypto/txt_db/txt_db.c index 9b186f2da5..58b300b00b 100644 --- a/crypto/txt_db/txt_db.c +++ b/crypto/txt_db/txt_db.c @@ -108,7 +108,7 @@ TXT_DB *TXT_DB_read(BIO *in, int num) if (offset != 0) { size+=BUFSIZE; - if (!BUF_MEM_grow(buf,size)) goto err; + if (!BUF_MEM_grow_clean(buf,size)) goto err; } buf->data[offset]='\0'; BIO_gets(in,&(buf->data[offset]),size-offset); @@ -268,7 +268,7 @@ long TXT_DB_write(BIO *out, TXT_DB *db) if (pp[j] != NULL) l+=strlen(pp[j]); } - if (!BUF_MEM_grow(buf,(int)(l*2+nn))) goto err; + if (!BUF_MEM_grow_clean(buf,(int)(l*2+nn))) goto err; p=buf->data; for (j=0; j #include #include "ui_locl.h" +#include "cryptlib.h" IMPLEMENT_STACK_OF(UI_STRING_ST) @@ -831,8 +832,8 @@ int UI_set_result(UI *ui, UI_STRING *uis, const char *result) case UIT_PROMPT: case UIT_VERIFY: { - char number1[20]; - char number2[20]; + char number1[DECIMAL_SIZE(uis->_.string_data.result_minsize)+1]; + char number2[DECIMAL_SIZE(uis->_.string_data.result_maxsize)+1]; BIO_snprintf(number1, sizeof(number1), "%d", uis->_.string_data.result_minsize); diff --git a/crypto/x509/x509.h b/crypto/x509/x509.h index b4a6c46d48..eaad5685a8 100644 --- a/crypto/x509/x509.h +++ b/crypto/x509/x509.h @@ -486,10 +486,12 @@ typedef struct Netscape_certificate_sequence STACK_OF(X509) *certs; } NETSCAPE_CERT_SEQUENCE; +/* Unused (and iv length is wrong) typedef struct CBCParameter_st { unsigned char iv[8]; } CBC_PARAM; +*/ /* Password based encryption structure */ diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c index c14a97261e..f460102f49 100644 --- a/crypto/x509/x509_cmp.c +++ b/crypto/x509/x509_cmp.c @@ -57,6 +57,7 @@ */ #include +#include #include "cryptlib.h" #include #include @@ -81,13 +82,14 @@ unsigned long X509_issuer_and_serial_hash(X509 *a) unsigned long ret=0; EVP_MD_CTX ctx; unsigned char md[16]; - char str[256]; + char *f; EVP_MD_CTX_init(&ctx); - X509_NAME_oneline(a->cert_info->issuer,str,256); - ret=strlen(str); + f=X509_NAME_oneline(a->cert_info->issuer,NULL,0); + ret=strlen(f); EVP_DigestInit_ex(&ctx, EVP_md5(), NULL); - EVP_DigestUpdate(&ctx,(unsigned char *)str,ret); + EVP_DigestUpdate(&ctx,(unsigned char *)f,ret); + OPENSSL_free(f); EVP_DigestUpdate(&ctx,(unsigned char *)a->cert_info->serialNumber->data, (unsigned long)a->cert_info->serialNumber->length); EVP_DigestFinal_ex(&ctx,&(md[0]),NULL); diff --git a/crypto/x509v3/v3_info.c b/crypto/x509v3/v3_info.c index e1cf01a9b4..e269df1373 100644 --- a/crypto/x509v3/v3_info.c +++ b/crypto/x509v3/v3_info.c @@ -113,7 +113,7 @@ static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method ret = i2v_GENERAL_NAME(method, desc->location, ret); if(!ret) break; vtmp = sk_CONF_VALUE_value(ret, i); - i2t_ASN1_OBJECT(objtmp, 80, desc->method); + i2t_ASN1_OBJECT(objtmp, sizeof objtmp, desc->method); ntmp = OPENSSL_malloc(strlen(objtmp) + strlen(vtmp->name) + 5); if(!ntmp) { X509V3err(X509V3_F_I2V_AUTHORITY_INFO_ACCESS, diff --git a/demos/b64.c b/demos/b64.c index 113da89baf..efdd44457d 100644 --- a/demos/b64.c +++ b/demos/b64.c @@ -83,7 +83,6 @@ char **argv; unsigned char *buff=NULL,*bufsize=NULL; int bsize=BSIZE,verbose=0; int ret=1,inl; - unsigned char key[24],iv[MD5_DIGEST_LENGTH]; char *str=NULL; char *hkey=NULL,*hiv=NULL; int enc=1,printkey=0,i,base64=0; @@ -92,7 +91,6 @@ char **argv; char *inf=NULL,*outf=NULL; BIO *in=NULL,*out=NULL,*b64=NULL,*benc=NULL,*rbio=NULL,*wbio=NULL; #define PROG_NAME_SIZE 39 - char pname[PROG_NAME_SIZE+1]; apps_startup(); diff --git a/demos/spkigen.c b/demos/spkigen.c index d87881197c..2cd5dfea97 100644 --- a/demos/spkigen.c +++ b/demos/spkigen.c @@ -65,7 +65,8 @@ char *argv[]; fprintf(stderr,"please enter challenge string:"); fflush(stderr); - fgets(buf,120,stdin); + buf[0]='\0'; + fgets(buf,sizeof buf,stdin); i=strlen(buf); if (i > 0) buf[--i]='\0'; if (!ASN1_STRING_set((ASN1_STRING *)spki->spkac->challenge, diff --git a/ssl/Makefile.ssl b/ssl/Makefile.ssl index fd8cd8c219..db24293ac4 100644 --- a/ssl/Makefile.ssl +++ b/ssl/Makefile.ssl @@ -307,31 +307,32 @@ s2_clnt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h s2_clnt.o: ../include/openssl/tls1.h ../include/openssl/ui.h s2_clnt.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h s2_clnt.o: ../include/openssl/x509_vfy.h s2_clnt.c ssl_locl.h -s2_enc.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h -s2_enc.o: ../include/openssl/bio.h ../include/openssl/blowfish.h -s2_enc.o: ../include/openssl/bn.h ../include/openssl/buffer.h -s2_enc.o: ../include/openssl/cast.h ../include/openssl/comp.h -s2_enc.o: ../include/openssl/crypto.h ../include/openssl/des.h -s2_enc.o: ../include/openssl/des_old.h ../include/openssl/dh.h -s2_enc.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h -s2_enc.o: ../include/openssl/err.h ../include/openssl/evp.h -s2_enc.o: ../include/openssl/idea.h ../include/openssl/kssl.h -s2_enc.o: ../include/openssl/lhash.h ../include/openssl/md2.h -s2_enc.o: ../include/openssl/md4.h ../include/openssl/md5.h -s2_enc.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h -s2_enc.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -s2_enc.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -s2_enc.o: ../include/openssl/pem.h ../include/openssl/pem2.h -s2_enc.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h -s2_enc.o: ../include/openssl/rc4.h ../include/openssl/rc5.h -s2_enc.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h -s2_enc.o: ../include/openssl/safestack.h ../include/openssl/sha.h -s2_enc.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -s2_enc.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -s2_enc.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -s2_enc.o: ../include/openssl/tls1.h ../include/openssl/ui.h -s2_enc.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h -s2_enc.o: ../include/openssl/x509_vfy.h s2_enc.c ssl_locl.h +s2_enc.o: ../crypto/cryptlib.h ../e_os.h ../include/openssl/aes.h +s2_enc.o: ../include/openssl/asn1.h ../include/openssl/bio.h +s2_enc.o: ../include/openssl/blowfish.h ../include/openssl/bn.h +s2_enc.o: ../include/openssl/buffer.h ../include/openssl/cast.h +s2_enc.o: ../include/openssl/comp.h ../include/openssl/crypto.h +s2_enc.o: ../include/openssl/des.h ../include/openssl/des_old.h +s2_enc.o: ../include/openssl/dh.h ../include/openssl/dsa.h +s2_enc.o: ../include/openssl/e_os2.h ../include/openssl/err.h +s2_enc.o: ../include/openssl/evp.h ../include/openssl/idea.h +s2_enc.o: ../include/openssl/kssl.h ../include/openssl/lhash.h +s2_enc.o: ../include/openssl/md2.h ../include/openssl/md4.h +s2_enc.o: ../include/openssl/md5.h ../include/openssl/mdc2.h +s2_enc.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +s2_enc.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +s2_enc.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +s2_enc.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +s2_enc.o: ../include/openssl/rc2.h ../include/openssl/rc4.h +s2_enc.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h +s2_enc.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +s2_enc.o: ../include/openssl/sha.h ../include/openssl/ssl.h +s2_enc.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +s2_enc.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +s2_enc.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +s2_enc.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h +s2_enc.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s2_enc.c +s2_enc.o: ssl_locl.h s2_lib.o: ../crypto/cryptlib.h ../e_os.h ../include/openssl/aes.h s2_lib.o: ../include/openssl/asn1.h ../include/openssl/bio.h s2_lib.o: ../include/openssl/blowfish.h ../include/openssl/bn.h @@ -383,31 +384,32 @@ s2_meth.o: ../include/openssl/stack.h ../include/openssl/symhacks.h s2_meth.o: ../include/openssl/tls1.h ../include/openssl/ui.h s2_meth.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h s2_meth.o: ../include/openssl/x509_vfy.h s2_meth.c ssl_locl.h -s2_pkt.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h -s2_pkt.o: ../include/openssl/bio.h ../include/openssl/blowfish.h -s2_pkt.o: ../include/openssl/bn.h ../include/openssl/buffer.h -s2_pkt.o: ../include/openssl/cast.h ../include/openssl/comp.h -s2_pkt.o: ../include/openssl/crypto.h ../include/openssl/des.h -s2_pkt.o: ../include/openssl/des_old.h ../include/openssl/dh.h -s2_pkt.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h -s2_pkt.o: ../include/openssl/err.h ../include/openssl/evp.h -s2_pkt.o: ../include/openssl/idea.h ../include/openssl/kssl.h -s2_pkt.o: ../include/openssl/lhash.h ../include/openssl/md2.h -s2_pkt.o: ../include/openssl/md4.h ../include/openssl/md5.h -s2_pkt.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h -s2_pkt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -s2_pkt.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -s2_pkt.o: ../include/openssl/pem.h ../include/openssl/pem2.h -s2_pkt.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h -s2_pkt.o: ../include/openssl/rc4.h ../include/openssl/rc5.h -s2_pkt.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h -s2_pkt.o: ../include/openssl/safestack.h ../include/openssl/sha.h -s2_pkt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -s2_pkt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -s2_pkt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -s2_pkt.o: ../include/openssl/tls1.h ../include/openssl/ui.h -s2_pkt.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h -s2_pkt.o: ../include/openssl/x509_vfy.h s2_pkt.c ssl_locl.h +s2_pkt.o: ../crypto/cryptlib.h ../e_os.h ../include/openssl/aes.h +s2_pkt.o: ../include/openssl/asn1.h ../include/openssl/bio.h +s2_pkt.o: ../include/openssl/blowfish.h ../include/openssl/bn.h +s2_pkt.o: ../include/openssl/buffer.h ../include/openssl/cast.h +s2_pkt.o: ../include/openssl/comp.h ../include/openssl/crypto.h +s2_pkt.o: ../include/openssl/des.h ../include/openssl/des_old.h +s2_pkt.o: ../include/openssl/dh.h ../include/openssl/dsa.h +s2_pkt.o: ../include/openssl/e_os2.h ../include/openssl/err.h +s2_pkt.o: ../include/openssl/evp.h ../include/openssl/idea.h +s2_pkt.o: ../include/openssl/kssl.h ../include/openssl/lhash.h +s2_pkt.o: ../include/openssl/md2.h ../include/openssl/md4.h +s2_pkt.o: ../include/openssl/md5.h ../include/openssl/mdc2.h +s2_pkt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +s2_pkt.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +s2_pkt.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +s2_pkt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +s2_pkt.o: ../include/openssl/rc2.h ../include/openssl/rc4.h +s2_pkt.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h +s2_pkt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +s2_pkt.o: ../include/openssl/sha.h ../include/openssl/ssl.h +s2_pkt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +s2_pkt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +s2_pkt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +s2_pkt.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h +s2_pkt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s2_pkt.c +s2_pkt.o: ssl_locl.h s2_srvr.o: ../crypto/cryptlib.h ../e_os.h ../include/openssl/aes.h s2_srvr.o: ../include/openssl/asn1.h ../include/openssl/bio.h s2_srvr.o: ../include/openssl/blowfish.h ../include/openssl/bn.h @@ -765,32 +767,33 @@ ssl_err2.o: ../include/openssl/stack.h ../include/openssl/symhacks.h ssl_err2.o: ../include/openssl/tls1.h ../include/openssl/ui.h ssl_err2.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h ssl_err2.o: ../include/openssl/x509_vfy.h ssl_err2.c -ssl_lib.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h -ssl_lib.o: ../include/openssl/bio.h ../include/openssl/blowfish.h -ssl_lib.o: ../include/openssl/bn.h ../include/openssl/buffer.h -ssl_lib.o: ../include/openssl/cast.h ../include/openssl/comp.h -ssl_lib.o: ../include/openssl/conf.h ../include/openssl/crypto.h -ssl_lib.o: ../include/openssl/des.h ../include/openssl/des_old.h -ssl_lib.o: ../include/openssl/dh.h ../include/openssl/dsa.h -ssl_lib.o: ../include/openssl/e_os2.h ../include/openssl/err.h -ssl_lib.o: ../include/openssl/evp.h ../include/openssl/idea.h -ssl_lib.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -ssl_lib.o: ../include/openssl/md2.h ../include/openssl/md4.h -ssl_lib.o: ../include/openssl/md5.h ../include/openssl/mdc2.h -ssl_lib.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -ssl_lib.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -ssl_lib.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -ssl_lib.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -ssl_lib.o: ../include/openssl/rc2.h ../include/openssl/rc4.h -ssl_lib.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h -ssl_lib.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -ssl_lib.o: ../include/openssl/sha.h ../include/openssl/ssl.h -ssl_lib.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -ssl_lib.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -ssl_lib.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -ssl_lib.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h -ssl_lib.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -ssl_lib.o: ../include/openssl/x509v3.h kssl_lcl.h ssl_lib.c ssl_locl.h +ssl_lib.o: ../crypto/cryptlib.h ../e_os.h ../include/openssl/aes.h +ssl_lib.o: ../include/openssl/asn1.h ../include/openssl/bio.h +ssl_lib.o: ../include/openssl/blowfish.h ../include/openssl/bn.h +ssl_lib.o: ../include/openssl/buffer.h ../include/openssl/cast.h +ssl_lib.o: ../include/openssl/comp.h ../include/openssl/conf.h +ssl_lib.o: ../include/openssl/crypto.h ../include/openssl/des.h +ssl_lib.o: ../include/openssl/des_old.h ../include/openssl/dh.h +ssl_lib.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h +ssl_lib.o: ../include/openssl/err.h ../include/openssl/evp.h +ssl_lib.o: ../include/openssl/idea.h ../include/openssl/kssl.h +ssl_lib.o: ../include/openssl/lhash.h ../include/openssl/md2.h +ssl_lib.o: ../include/openssl/md4.h ../include/openssl/md5.h +ssl_lib.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h +ssl_lib.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +ssl_lib.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +ssl_lib.o: ../include/openssl/pem.h ../include/openssl/pem2.h +ssl_lib.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h +ssl_lib.o: ../include/openssl/rc4.h ../include/openssl/rc5.h +ssl_lib.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h +ssl_lib.o: ../include/openssl/safestack.h ../include/openssl/sha.h +ssl_lib.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +ssl_lib.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +ssl_lib.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +ssl_lib.o: ../include/openssl/tls1.h ../include/openssl/ui.h +ssl_lib.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h +ssl_lib.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h kssl_lcl.h +ssl_lib.o: ssl_lib.c ssl_locl.h ssl_rsa.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h ssl_rsa.o: ../include/openssl/bio.h ../include/openssl/blowfish.h ssl_rsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h diff --git a/ssl/kssl.c b/ssl/kssl.c index d3c7be7581..c294166b9d 100644 --- a/ssl/kssl.c +++ b/ssl/kssl.c @@ -783,24 +783,6 @@ char return ((string == NULL)? null: string); } -#define MAXKNUM 255 -char -*knumber(int len, krb5_octet *contents) - { - static char buf[MAXKNUM+1]; - int i; - - BIO_snprintf(buf, MAXKNUM, "[%d] ", len); - - for (i=0; i < len && MAXKNUM > strlen(buf)+3; i++) - { - BIO_snprintf(&buf[strlen(buf)], 3, "%02x", contents[i]); - } - - return (buf); - } - - /* Given KRB5 enctype (basically DES or 3DES), ** return closest match openssl EVP_ encryption algorithm. ** Return NULL for unknown or problematic (krb5_dk_encrypt) enctypes. @@ -2037,7 +2019,7 @@ krb5_error_code kssl_check_authent( } #endif enc = kssl_map_enc(enctype); - memset(iv, 0, EVP_MAX_IV_LENGTH); /* per RFC 1510 */ + memset(iv, 0, sizeof iv); /* per RFC 1510 */ if (enc == NULL) { diff --git a/ssl/kssl.h b/ssl/kssl.h index cf7ebdd168..0cfd219bf4 100644 --- a/ssl/kssl.h +++ b/ssl/kssl.h @@ -110,12 +110,13 @@ typedef unsigned char krb5_octet; #define KSSL_CLOCKSKEW 300; #endif +/* Unused #define KSSL_ERR_MAX 255 typedef struct kssl_err_st { int reason; char text[KSSL_ERR_MAX+1]; } KSSL_ERR; - +*/ /* Context for passing ** (1) Kerberos session key to SSL, and diff --git a/ssl/s23_clnt.c b/ssl/s23_clnt.c index 99230890a9..ffaf3baff3 100644 --- a/ssl/s23_clnt.c +++ b/ssl/s23_clnt.c @@ -370,7 +370,7 @@ static int ssl23_get_server_hello(SSL *s) if (s->s3 != NULL) ssl3_free(s); - if (!BUF_MEM_grow(s->init_buf, + if (!BUF_MEM_grow_clean(s->init_buf, SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)) { SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,ERR_R_BUF_LIB); diff --git a/ssl/s23_srvr.c b/ssl/s23_srvr.c index 442c95aa9b..c5404ca0bc 100644 --- a/ssl/s23_srvr.c +++ b/ssl/s23_srvr.c @@ -512,7 +512,7 @@ int ssl23_get_client_hello(SSL *s) if (s->s3 != NULL) ssl3_free(s); - if (!BUF_MEM_grow(s->init_buf, + if (!BUF_MEM_grow_clean(s->init_buf, SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)) { goto err; diff --git a/ssl/s2_clnt.c b/ssl/s2_clnt.c index be03e9c630..681bfad8f7 100644 --- a/ssl/s2_clnt.c +++ b/ssl/s2_clnt.c @@ -871,7 +871,7 @@ static int client_certificate(SSL *s) EVP_MD_CTX_init(&ctx); EVP_SignInit_ex(&ctx,s->ctx->rsa_md5, NULL); EVP_SignUpdate(&ctx,s->s2->key_material, - (unsigned int)s->s2->key_material_length); + s->s2->key_material_length); EVP_SignUpdate(&ctx,cert_ch,(unsigned int)cert_ch_len); n=i2d_X509(s->session->sess_cert->peer_key->x509,&p); EVP_SignUpdate(&ctx,buf,(unsigned int)n); @@ -945,7 +945,7 @@ static int get_server_verify(SSL *s) s->msg_callback(0, s->version, 0, p, len, s, s->msg_callback_arg); /* SERVER-VERIFY */ p += 1; - if (memcmp(p,s->s2->challenge,(unsigned int)s->s2->challenge_length) != 0) + if (memcmp(p,s->s2->challenge,s->s2->challenge_length) != 0) { ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); SSLerr(SSL_F_GET_SERVER_VERIFY,SSL_R_CHALLENGE_IS_DIFFERENT); diff --git a/ssl/s2_enc.c b/ssl/s2_enc.c index 690252e3d3..d3b144f1c5 100644 --- a/ssl/s2_enc.c +++ b/ssl/s2_enc.c @@ -59,6 +59,7 @@ #include "ssl_locl.h" #ifndef OPENSSL_NO_SSL2 #include +#include "cryptlib.h" int ssl2_enc_init(SSL *s, int client) { @@ -95,10 +96,12 @@ int ssl2_enc_init(SSL *s, int client) num=c->key_len; s->s2->key_material_length=num*2; + OPENSSL_assert(s->s2->key_material_length <= sizeof s->s2->key_material); if (ssl2_generate_key_material(s) <= 0) return 0; + OPENSSL_assert(c->iv_len <= sizeof s->session->key_arg); EVP_EncryptInit_ex(ws,c,NULL,&(s->s2->key_material[(client)?num:0]), s->session->key_arg); EVP_DecryptInit_ex(rs,c,NULL,&(s->s2->key_material[(client)?0:num]), diff --git a/ssl/s2_lib.c b/ssl/s2_lib.c index 0cbbb066fd..096e38d316 100644 --- a/ssl/s2_lib.c +++ b/ssl/s2_lib.c @@ -454,6 +454,9 @@ int ssl2_generate_key_material(SSL *s) EVP_DigestInit_ex(&ctx, md5, NULL); + OPENSSL_assert(s->session->master_key_length >= 0 + && s->session->master_key_length + < sizeof s->session->master_key); EVP_DigestUpdate(&ctx,s->session->master_key,s->session->master_key_length); EVP_DigestUpdate(&ctx,&c,1); c++; @@ -492,9 +495,7 @@ void ssl2_write_error(SSL *s) error=s->error; /* number of bytes left to write */ s->error=0; - if (error < 0 || error > sizeof buf) /* can't happen */ - return; - + OPENSSL_assert(error >= 0 && error <= sizeof buf); i=ssl2_write(s,&(buf[3-error]),error); /* if (i == error) s->rwstate=state; */ diff --git a/ssl/s2_pkt.c b/ssl/s2_pkt.c index cf0aee2bd6..d82f137613 100644 --- a/ssl/s2_pkt.c +++ b/ssl/s2_pkt.c @@ -113,6 +113,7 @@ #ifndef OPENSSL_NO_SSL2 #include #include +#include "cryptlib.h" #define USE_SOCKETS static int read_n(SSL *s,unsigned int n,unsigned int max,unsigned int extend); @@ -247,6 +248,7 @@ static int ssl2_read_internal(SSL *s, void *buf, int len, int peek) else { mac_size=EVP_MD_size(s->read_hash); + OPENSSL_assert(mac_size <= MAX_MAC_SIZE); s->s2->mac_data=p; s->s2->ract_data= &p[mac_size]; if (s->s2->padding + mac_size > s->s2->rlength) diff --git a/ssl/s2_srvr.c b/ssl/s2_srvr.c index 2efc14bc1a..62859a2d95 100644 --- a/ssl/s2_srvr.c +++ b/ssl/s2_srvr.c @@ -876,7 +876,7 @@ static int get_client_finished(SSL *s) if (s->msg_callback) s->msg_callback(0, s->version, 0, p, len, s, s->msg_callback_arg); /* CLIENT-FINISHED */ p += 1; - if (memcmp(p,s->s2->conn_id,(unsigned int)s->s2->conn_id_length) != 0) + if (memcmp(p,s->s2->conn_id,s->s2->conn_id_length) != 0) { ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); SSLerr(SSL_F_GET_CLIENT_FINISHED,SSL_R_CONNECTION_ID_IS_DIFFERENT); @@ -1076,7 +1076,7 @@ static int request_certificate(SSL *s) EVP_MD_CTX_init(&ctx); EVP_VerifyInit_ex(&ctx,s->ctx->rsa_md5, NULL); EVP_VerifyUpdate(&ctx,s->s2->key_material, - (unsigned int)s->s2->key_material_length); + s->s2->key_material_length); EVP_VerifyUpdate(&ctx,ccd,SSL2_MIN_CERT_CHALLENGE_LENGTH); i=i2d_X509(s->cert->pkeys[SSL_PKEY_RSA_ENC].x509,NULL); diff --git a/ssl/s3_both.c b/ssl/s3_both.c index 8864366f59..38a7152814 100644 --- a/ssl/s3_both.c +++ b/ssl/s3_both.c @@ -270,7 +270,7 @@ unsigned long ssl3_output_cert_chain(SSL *s, X509 *x) /* TLSv1 sends a chain with nothing in it, instead of an alert */ buf=s->init_buf; - if (!BUF_MEM_grow(buf,(int)(10))) + if (!BUF_MEM_grow_clean(buf,10)) { SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB); return(0); @@ -286,7 +286,7 @@ unsigned long ssl3_output_cert_chain(SSL *s, X509 *x) for (;;) { n=i2d_X509(x,NULL); - if (!BUF_MEM_grow(buf,(int)(n+l+3))) + if (!BUF_MEM_grow_clean(buf,(int)(n+l+3))) { SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB); return(0); @@ -316,7 +316,7 @@ unsigned long ssl3_output_cert_chain(SSL *s, X509 *x) { x=sk_X509_value(s->ctx->extra_certs,i); n=i2d_X509(x,NULL); - if (!BUF_MEM_grow(buf,(int)(n+l+3))) + if (!BUF_MEM_grow_clean(buf,(int)(n+l+3))) { SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB); return(0); @@ -439,7 +439,7 @@ long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok) SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_EXCESSIVE_MESSAGE_SIZE); goto f_err; } - if (l && !BUF_MEM_grow(s->init_buf,(int)l+4)) + if (l && !BUF_MEM_grow_clean(s->init_buf,(int)l+4)) { SSLerr(SSL_F_SSL3_GET_MESSAGE,ERR_R_BUF_LIB); goto err; diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index ab974eba1d..6507d5db71 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -645,6 +645,7 @@ static int ssl3_get_server_hello(SSL *s) SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_SSL3_SESSION_ID_TOO_LONG); goto f_err; } + if (j != 0 && j == s->session->session_id_length && memcmp(p,s->session->session_id,j) == 0) { @@ -1453,16 +1454,16 @@ static int ssl3_send_client_key_exchange(SSL *s) tmp_buf[0]=s->client_version>>8; tmp_buf[1]=s->client_version&0xff; - if (RAND_bytes(&(tmp_buf[2]),SSL_MAX_MASTER_KEY_LENGTH-2) <= 0) + if (RAND_bytes(&(tmp_buf[2]),sizeof tmp_buf-2) <= 0) goto err; - s->session->master_key_length=SSL_MAX_MASTER_KEY_LENGTH; + s->session->master_key_length=sizeof tmp_buf; q=p; /* Fix buf for TLS and beyond */ if (s->version > SSL3_VERSION) p+=2; - n=RSA_public_encrypt(SSL_MAX_MASTER_KEY_LENGTH, + n=RSA_public_encrypt(sizeof tmp_buf, tmp_buf,p,rsa,RSA_PKCS1_PADDING); #ifdef PKCS1_CHECK if (s->options & SSL_OP_PKCS1_CHECK_1) p[1]++; @@ -1484,8 +1485,8 @@ static int ssl3_send_client_key_exchange(SSL *s) s->session->master_key_length= s->method->ssl3_enc->generate_master_secret(s, s->session->master_key, - tmp_buf,SSL_MAX_MASTER_KEY_LENGTH); - memset(tmp_buf,0,SSL_MAX_MASTER_KEY_LENGTH); + tmp_buf,sizeof tmp_buf); + memset(tmp_buf,0,sizeof tmp_buf); } #endif #ifndef OPENSSL_NO_KRB5 @@ -1581,7 +1582,7 @@ static int ssl3_send_client_key_exchange(SSL *s) n+=2; } - if (RAND_bytes(tmp_buf,SSL_MAX_MASTER_KEY_LENGTH) <= 0) + if (RAND_bytes(tmp_buf,sizeof tmp_buf) <= 0) goto err; /* 20010420 VRS. Tried it this way; failed. @@ -1591,11 +1592,11 @@ static int ssl3_send_client_key_exchange(SSL *s) ** EVP_EncryptInit_ex(&ciph_ctx,NULL, key,iv); */ - memset(iv, 0, EVP_MAX_IV_LENGTH); /* per RFC 1510 */ + memset(iv, 0, sizeof iv); /* per RFC 1510 */ EVP_EncryptInit_ex(&ciph_ctx,enc, NULL, kssl_ctx->key,iv); EVP_EncryptUpdate(&ciph_ctx,epms,&outl,tmp_buf, - SSL_MAX_MASTER_KEY_LENGTH); + sizeof tmp_buf); EVP_EncryptFinal_ex(&ciph_ctx,&(epms[outl]),&padl); outl += padl; if (outl > sizeof epms) @@ -1614,9 +1615,9 @@ static int ssl3_send_client_key_exchange(SSL *s) s->session->master_key_length= s->method->ssl3_enc->generate_master_secret(s, s->session->master_key, - tmp_buf, SSL_MAX_MASTER_KEY_LENGTH); + tmp_buf, sizeof tmp_buf); - memset(tmp_buf, 0, SSL_MAX_MASTER_KEY_LENGTH); + memset(tmp_buf, 0, sizeof tmp_buf); memset(epms, 0, outl); } #endif diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c index 888a9a2868..cec8fcd376 100644 --- a/ssl/s3_enc.c +++ b/ssl/s3_enc.c @@ -192,7 +192,7 @@ int ssl3_change_cipher_state(SSL *s, int which) { unsigned char *p,*key_block,*mac_secret; unsigned char exp_key[EVP_MAX_KEY_LENGTH]; - unsigned char exp_iv[EVP_MAX_KEY_LENGTH]; + unsigned char exp_iv[EVP_MAX_IV_LENGTH]; unsigned char *ms,*key,*iv,*er1,*er2; EVP_CIPHER_CTX *dd; const EVP_CIPHER *c; diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index d60bf348af..af5cc6342d 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -1178,7 +1178,7 @@ static int ssl3_send_server_key_exchange(SSL *s) kn=0; } - if (!BUF_MEM_grow(buf,n+4+kn)) + if (!BUF_MEM_grow_clean(buf,n+4+kn)) { SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_BUF); goto err; @@ -1305,7 +1305,7 @@ static int ssl3_send_certificate_request(SSL *s) { name=sk_X509_NAME_value(sk,i); j=i2d_X509_NAME(name,NULL); - if (!BUF_MEM_grow(buf,4+n+j+2)) + if (!BUF_MEM_grow_clean(buf,4+n+j+2)) { SSLerr(SSL_F_SSL3_SEND_CERTIFICATE_REQUEST,ERR_R_BUF_LIB); goto err; @@ -1659,7 +1659,7 @@ static int ssl3_get_client_key_exchange(SSL *s) if (enc == NULL) goto err; - memset(iv, 0, EVP_MAX_IV_LENGTH); /* per RFC 1510 */ + memset(iv, 0, sizeof iv); /* per RFC 1510 */ if (!EVP_DecryptInit_ex(&ciph_ctx,enc,NULL,kssl_ctx->key,iv)) { diff --git a/ssl/ssl.h b/ssl/ssl.h index bb36902471..f8e400d2ef 100644 --- a/ssl/ssl.h +++ b/ssl/ssl.h @@ -1703,6 +1703,7 @@ void ERR_load_SSL_strings(void); #define SSL_R_LENGTH_TOO_SHORT 160 #define SSL_R_LIBRARY_BUG 274 #define SSL_R_LIBRARY_HAS_NO_CIPHERS 161 +#define SSL_R_MASTER_KEY_TOO_LONG 1112 #define SSL_R_MESSAGE_TOO_LONG 1111 #define SSL_R_MISSING_DH_DSA_CERT 162 #define SSL_R_MISSING_DH_KEY 163 diff --git a/ssl/ssl_asn1.c b/ssl/ssl_asn1.c index 3723fc2e37..16bc11b559 100644 --- a/ssl/ssl_asn1.c +++ b/ssl/ssl_asn1.c @@ -299,6 +299,7 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, unsigned char **pp, os.length = sizeof ret->session_id; ret->session_id_length=os.length; + OPENSSL_assert(os.length <= sizeof ret->session_id); memcpy(ret->session_id,os.data,os.length); M_ASN1_D2I_get(osp,d2i_ASN1_OCTET_STRING); @@ -370,9 +371,15 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, unsigned char **pp, if(os.data != NULL) { if (os.length > SSL_MAX_SID_CTX_LENGTH) + { + ret->sid_ctx_length=os.length; SSLerr(SSL_F_D2I_SSL_SESSION,SSL_R_BAD_LENGTH); - ret->sid_ctx_length=os.length; - memcpy(ret->sid_ctx,os.data,os.length); + } + else + { + ret->sid_ctx_length=os.length; + memcpy(ret->sid_ctx,os.data,os.length); + } OPENSSL_free(os.data); os.data=NULL; os.length=0; } else diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c index 7067a745f3..d2cb181503 100644 --- a/ssl/ssl_err.c +++ b/ssl/ssl_err.c @@ -296,6 +296,7 @@ static ERR_STRING_DATA SSL_str_reasons[]= {SSL_R_LENGTH_TOO_SHORT ,"length too short"}, {SSL_R_LIBRARY_BUG ,"library bug"}, {SSL_R_LIBRARY_HAS_NO_CIPHERS ,"library has no ciphers"}, +{SSL_R_MASTER_KEY_TOO_LONG ,"master key too long"}, {SSL_R_MESSAGE_TOO_LONG ,"message too long"}, {SSL_R_MISSING_DH_DSA_CERT ,"missing dh dsa cert"}, {SSL_R_MISSING_DH_KEY ,"missing dh key"}, diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 202171bb1d..091326f5d6 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -121,6 +121,7 @@ #include #include #include +#include "cryptlib.h" const char *SSL_version_str=OPENSSL_VERSION_TEXT; @@ -273,6 +274,7 @@ SSL *SSL_new(SSL_CTX *ctx) s->verify_mode=ctx->verify_mode; s->verify_depth=ctx->verify_depth; s->sid_ctx_length=ctx->sid_ctx_length; + OPENSSL_assert(s->sid_ctx_length <= sizeof s->sid_ctx); memcpy(&s->sid_ctx,&ctx->sid_ctx,sizeof(s->sid_ctx)); s->verify_callback=ctx->default_verify_callback; s->generate_session_id=ctx->generate_session_id; @@ -314,7 +316,7 @@ err: int SSL_CTX_set_session_id_context(SSL_CTX *ctx,const unsigned char *sid_ctx, unsigned int sid_ctx_len) { - if(sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) + if(sid_ctx_len > sizeof ctx->sid_ctx) { SSLerr(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT,SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG); return 0; @@ -364,6 +366,10 @@ int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id, * any new session built out of this id/id_len and the ssl_version in * use by this SSL. */ SSL_SESSION r, *p; + + if(id_len > sizeof r.session_id) + return 0; + r.ssl_version = ssl->version; r.session_id_length = id_len; memcpy(r.session_id, id, id_len); diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index 2a4a90897e..a969d8fdce 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -528,9 +528,9 @@ void SSL_SESSION_free(SSL_SESSION *ss) CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data); - memset(ss->key_arg,0,SSL_MAX_KEY_ARG_LENGTH); - memset(ss->master_key,0,SSL_MAX_MASTER_KEY_LENGTH); - memset(ss->session_id,0,SSL_MAX_SSL_SESSION_ID_LENGTH); + memset(ss->key_arg,0,sizeof ss->key_arg); + memset(ss->master_key,0,sizeof ss->master_key); + memset(ss->session_id,0,sizeof ss->session_id); if (ss->sess_cert != NULL) ssl_sess_cert_free(ss->sess_cert); if (ss->peer != NULL) X509_free(ss->peer); if (ss->ciphers != NULL) sk_SSL_CIPHER_free(ss->ciphers); diff --git a/ssl/ssl_task.c b/ssl/ssl_task.c index e36af0eb94..b5ce44b47c 100644 --- a/ssl/ssl_task.c +++ b/ssl/ssl_task.c @@ -258,7 +258,7 @@ int doit(io_channel chan, SSL_CTX *s_ctx ) { int status, length, link_state; struct rpc_msg msg; - static char cbuf[200],sbuf[200]; + SSL *s_ssl=NULL; BIO *c_to_s=NULL; BIO *s_to_c=NULL; diff --git a/ssl/ssltest.c b/ssl/ssltest.c index c5494890e1..d8c8579d6f 100644 --- a/ssl/ssltest.c +++ b/ssl/ssltest.c @@ -686,10 +686,16 @@ bad: #ifndef OPENSSL_NO_KRB5 if (c_ssl && c_ssl->kssl_ctx) { - char localhost[257]; + char localhost[MAXHOSTNAMELEN+2]; - if (gethostname(localhost, 256) == 0) + if (gethostname(localhost, sizeof localhost-1) == 0) { + localhost[sizeof localhost-1]='\0'; + if(strlen(localhost) == sizeof localhost-1) + { + BIO_printf(bio_err,"localhost name too long\n"); + got end; + } kssl_ctx_setstring(c_ssl->kssl_ctx, KSSL_SERVER, localhost); } @@ -1450,7 +1456,8 @@ static int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx) { char *s,buf[256]; - s=X509_NAME_oneline(X509_get_subject_name(ctx->current_cert),buf,256); + s=X509_NAME_oneline(X509_get_subject_name(ctx->current_cert),buf, + sizeof buf); if (s != NULL) { if (ok) diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index 5290bf6665..2c847ad790 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -124,7 +124,7 @@ static void tls1_P_hash(const EVP_MD *md, const unsigned char *sec, unsigned int j; HMAC_CTX ctx; HMAC_CTX ctx_tmp; - unsigned char A1[HMAC_MAX_MD_CBLOCK]; + unsigned char A1[EVP_MAX_MD_SIZE]; unsigned int A1_len; chunk=EVP_MD_size(md); @@ -683,10 +683,10 @@ int tls1_final_finish_mac(SSL *s, EVP_MD_CTX *in1_ctx, EVP_MD_CTX *in2_ctx, tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,(int)(q-buf), s->session->master_key,s->session->master_key_length, - out,buf2,12); + out,buf2,sizeof buf2); EVP_MD_CTX_cleanup(&ctx); - return((int)12); + return sizeof buf2; } int tls1_mac(SSL *ssl, unsigned char *md, int send) @@ -773,7 +773,7 @@ int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, s->s3->server_random,SSL3_RANDOM_SIZE); tls1_PRF(s->ctx->md5,s->ctx->sha1, buf,TLS_MD_MASTER_SECRET_CONST_SIZE+SSL3_RANDOM_SIZE*2,p,len, - s->session->master_key,buff,SSL3_MASTER_SECRET_SIZE); + s->session->master_key,buff,sizeof buff); #ifdef KSSL_DEBUG printf ("tls1_generate_master_secret() complete\n"); #endif /* KSSL_DEBUG */