Update the previous openssl fix. [12:01]
Fix a bug in crypt(3) ignoring characters of a passphrase. [12:02] Security: FreeBSD-SA-12:01.openssl (revised) Security: FreeBSD-SA-12:02.crypt Approved by: so (bz, simon)
This commit is contained in:
parent
a856ddc665
commit
071183ef48
|
@ -166,7 +166,7 @@ int BUF_MEM_grow_clean(BUF_MEM *str, int len)
|
||||||
/* This limit is sufficient to ensure (len+3)/3*4 < 2**31 */
|
/* This limit is sufficient to ensure (len+3)/3*4 < 2**31 */
|
||||||
if (len > LIMIT_BEFORE_EXPANSION)
|
if (len > LIMIT_BEFORE_EXPANSION)
|
||||||
{
|
{
|
||||||
BUFerr(BUF_F_BUF_MEM_GROW,ERR_R_MALLOC_FAILURE);
|
BUFerr(BUF_F_BUF_MEM_GROW_CLEAN,ERR_R_MALLOC_FAILURE);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
n=(len+3)/3*4;
|
n=(len+3)/3*4;
|
||||||
|
|
|
@ -698,14 +698,6 @@ int ssl3_check_client_hello(SSL *s)
|
||||||
int ok;
|
int ok;
|
||||||
long n;
|
long n;
|
||||||
|
|
||||||
/* We only allow the client to restart the handshake once per
|
|
||||||
* negotiation. */
|
|
||||||
if (s->s3->flags & SSL3_FLAGS_SGC_RESTART_DONE)
|
|
||||||
{
|
|
||||||
SSLerr(SSL_F_SSL3_CHECK_CLIENT_HELLO, SSL_R_MULTIPLE_SGC_RESTARTS);
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* this function is called when we really expect a Certificate message,
|
/* this function is called when we really expect a Certificate message,
|
||||||
* so permit appropriate message length */
|
* so permit appropriate message length */
|
||||||
n=s->method->ssl_get_message(s,
|
n=s->method->ssl_get_message(s,
|
||||||
|
@ -718,6 +710,13 @@ int ssl3_check_client_hello(SSL *s)
|
||||||
s->s3->tmp.reuse_message = 1;
|
s->s3->tmp.reuse_message = 1;
|
||||||
if (s->s3->tmp.message_type == SSL3_MT_CLIENT_HELLO)
|
if (s->s3->tmp.message_type == SSL3_MT_CLIENT_HELLO)
|
||||||
{
|
{
|
||||||
|
/* We only allow the client to restart the handshake once per
|
||||||
|
* negotiation. */
|
||||||
|
if (s->s3->flags & SSL3_FLAGS_SGC_RESTART_DONE)
|
||||||
|
{
|
||||||
|
SSLerr(SSL_F_SSL3_CHECK_CLIENT_HELLO, SSL_R_MULTIPLE_SGC_RESTARTS);
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
/* Throw away what we have done so far in the current handshake,
|
/* Throw away what we have done so far in the current handshake,
|
||||||
* which will now be aborted. (A full SSL_clear would be too much.) */
|
* which will now be aborted. (A full SSL_clear would be too much.) */
|
||||||
#ifndef OPENSSL_NO_DH
|
#ifndef OPENSSL_NO_DH
|
||||||
|
|
|
@ -606,7 +606,7 @@ crypt_des(const char *key, const char *setting)
|
||||||
q = (u_char *)keybuf;
|
q = (u_char *)keybuf;
|
||||||
while (q - (u_char *)keybuf - 8) {
|
while (q - (u_char *)keybuf - 8) {
|
||||||
*q++ = *key << 1;
|
*q++ = *key << 1;
|
||||||
if (*(q - 1))
|
if (*key != '\0')
|
||||||
key++;
|
key++;
|
||||||
}
|
}
|
||||||
if (des_setkey((char *)keybuf))
|
if (des_setkey((char *)keybuf))
|
||||||
|
|
Loading…
Reference in New Issue