Resolve conflicts.

svn path=/head/; revision=101621

crypto/openssl/ssl/s2_clnt.c

@@ -519,7 +519,12 @@ static int get_server_hello(SSL *s)
 		}
 		
 	s->s2->conn_id_length=s->s2->tmp.conn_id_length;
-	die(s->s2->conn_id_length <= sizeof s->s2->conn_id);
+	if (s->s2->conn_id_length > sizeof s->s2->conn_id)
+		{
+		ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
+		SSLerr(SSL_F_GET_SERVER_HELLO, SSL_R_SSL2_CONNECTION_ID_TOO_LONG);
+		return -1;
+		}
 	memcpy(s->s2->conn_id,p,s->s2->tmp.conn_id_length);
 	return(1);
 	}
@@ -621,7 +626,12 @@ static int client_master_key(SSL *s)
 		/* make key_arg data */
 		i=EVP_CIPHER_iv_length(c);
 		sess->key_arg_length=i;
-		die(i <= SSL_MAX_KEY_ARG_LENGTH);
+		if (i > SSL_MAX_KEY_ARG_LENGTH)
+			{
+			ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
+			SSLerr(SSL_F_CLIENT_MASTER_KEY, SSL_R_INTERNAL_ERROR);
+			return -1;
+			}
 		if (i > 0) RAND_pseudo_bytes(sess->key_arg,i);
 
 		/* make a master key */
@@ -629,7 +639,12 @@ static int client_master_key(SSL *s)
 		sess->master_key_length=i;
 		if (i > 0)
 			{
-			die(i <= sizeof sess->master_key);
+			if (i > sizeof sess->master_key)
+				{
+				ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
+				SSLerr(SSL_F_CLIENT_MASTER_KEY, SSL_R_INTERNAL_ERROR);
+				return -1;
+				}
 			if (RAND_bytes(sess->master_key,i) <= 0)
 				{
 				ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
@@ -673,7 +688,12 @@ static int client_master_key(SSL *s)
 		d+=enc;
 		karg=sess->key_arg_length;	
 		s2n(karg,p); /* key arg size */
-		die(karg <= sizeof sess->key_arg);
+		if (karg > sizeof sess->key_arg)
+			{
+			ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
+			SSLerr(SSL_F_CLIENT_MASTER_KEY, SSL_R_INTERNAL_ERROR);
+			return -1;
+			}
 		memcpy(d,sess->key_arg,(unsigned int)karg);
 		d+=karg;
 
@@ -694,7 +714,11 @@ static int client_finished(SSL *s)
 		{
 		p=(unsigned char *)s->init_buf->data;
 		*(p++)=SSL2_MT_CLIENT_FINISHED;
-		die(s->s2->conn_id_length <= sizeof s->s2->conn_id);
+		if (s->s2->conn_id_length > sizeof s->s2->conn_id)
+			{
+			SSLerr(SSL_F_CLIENT_FINISHED, SSL_R_INTERNAL_ERROR);
+			return -1;
+			}
 		memcpy(p,s->s2->conn_id,(unsigned int)s->s2->conn_id_length);
 
 		s->state=SSL2_ST_SEND_CLIENT_FINISHED_B;
@@ -951,10 +975,9 @@ static int get_server_finished(SSL *s)
 		{
 		if (!(s->options & SSL_OP_MICROSOFT_SESS_ID_BUG))
 			{
-			die(s->session->session_id_length
-			    <= sizeof s->session->session_id);
-			if (memcmp(buf,s->session->session_id,
-				(unsigned int)s->session->session_id_length) != 0)
+			if ((s->session->session_id_length > sizeof s->session->session_id)
+			    || (0 != memcmp(buf, s->session->session_id,
+			                    (unsigned int)s->session->session_id_length)))
 				{
 				ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
 				SSLerr(SSL_F_GET_SERVER_FINISHED,SSL_R_SSL_SESSION_ID_IS_DIFFERENT);

crypto/openssl/ssl/s2_enc.c

@@ -98,7 +98,8 @@ int ssl2_enc_init(SSL *s, int client)
 	num=c->key_len;
 	s->s2->key_material_length=num*2;
 
-	ssl2_generate_key_material(s);
+	if (ssl2_generate_key_material(s) <= 0)
+		return 0;
 
 	EVP_EncryptInit(ws,c,&(s->s2->key_material[(client)?num:0]),
 		s->session->key_arg);

crypto/openssl/ssl/s2_lib.c

@@ -417,7 +417,7 @@ int ssl2_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
 	return(3);
 	}
 
-void ssl2_generate_key_material(SSL *s)
+int ssl2_generate_key_material(SSL *s)
 	{
 	unsigned int i;
 	MD5_CTX ctx;
@@ -430,14 +430,24 @@ void ssl2_generate_key_material(SSL *s)
 #endif
 
 	km=s->s2->key_material;
- 	die(s->s2->key_material_length <= sizeof s->s2->key_material);
+
+	if (s->session->master_key_length < 0 || s->session->master_key_length > sizeof s->session->master_key)
+		{
+		SSLerr(SSL_F_SSL2_GENERATE_KEY_MATERIAL, SSL_R_INTERNAL_ERROR);
+		return 0;
+		}
+
 	for (i=0; i<s->s2->key_material_length; i+=MD5_DIGEST_LENGTH)
 		{
+		if (((km - s->s2->key_material) + MD5_DIGEST_LENGTH) > sizeof s->s2->key_material)
+			{
+			/* MD5_Final() below would write beyond buffer */
+			SSLerr(SSL_F_SSL2_GENERATE_KEY_MATERIAL, SSL_R_INTERNAL_ERROR);
+			return 0;
+			}
+
 		MD5_Init(&ctx);
 
- 		die(s->session->master_key_length >= 0
- 		    && s->session->master_key_length
- 		    < sizeof s->session->master_key);
 		MD5_Update(&ctx,s->session->master_key,s->session->master_key_length);
 		MD5_Update(&ctx,&c,1);
 		c++;
@@ -446,6 +456,8 @@ void ssl2_generate_key_material(SSL *s)
 		MD5_Final(km,&ctx);
 		km+=MD5_DIGEST_LENGTH;
 		}
+
+	return 1;
 	}
 
 void ssl2_return_error(SSL *s, int err)
@@ -470,18 +482,20 @@ void ssl2_write_error(SSL *s)
 	buf[2]=(s->error_code)&0xff;
 
 /*	state=s->rwstate;*/
-	error=s->error;
+
+	error=s->error; /* number of bytes left to write */
 	s->error=0;
-	die(error >= 0 && error <= 3);
+	if (error < 0 || error > sizeof buf) /* can't happen */
+		return;
+	
 	i=ssl2_write(s,&(buf[3-error]),error);
+
 /*	if (i == error) s->rwstate=state; */
 
 	if (i < 0)
 		s->error=error;
 	else if (i != s->error)
 		s->error=error-i;
-	/* else
-		s->error=0; */
 	}
 
 int ssl2_shutdown(SSL *s)

crypto/openssl/ssl/s2_srvr.c

@@ -400,8 +400,7 @@ static int get_client_master_key(SSL *s)
 				SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_READ_WRONG_PACKET_TYPE);
 				}
 			else
-				SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,
-					SSL_R_PEER_ERROR);
+				SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_PEER_ERROR);
 			return(-1);
 			}
 
@@ -409,8 +408,7 @@ static int get_client_master_key(SSL *s)
 		if (cp == NULL)
 			{
 			ssl2_return_error(s,SSL2_PE_NO_CIPHER);
-			SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,
-				SSL_R_NO_CIPHER_MATCH);
+			SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_NO_CIPHER_MATCH);
 			return(-1);
 			}
 		s->session->cipher= cp;
@@ -421,8 +419,8 @@ static int get_client_master_key(SSL *s)
 		n2s(p,i); s->session->key_arg_length=i;
 		if(s->session->key_arg_length > SSL_MAX_KEY_ARG_LENGTH)
 			{
-			SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,
-				   SSL_R_KEY_ARG_TOO_LONG);
+			ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
+			SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_KEY_ARG_TOO_LONG);
 			return -1;
 			}
 		s->state=SSL2_ST_GET_CLIENT_MASTER_KEY_B;
@@ -430,11 +428,17 @@ static int get_client_master_key(SSL *s)
 
 	/* SSL2_ST_GET_CLIENT_MASTER_KEY_B */
 	p=(unsigned char *)s->init_buf->data;
-	die(s->init_buf->length >= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER);
+	if (s->init_buf->length < SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)
+		{
+		ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
+		SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_INTERNAL_ERROR);
+		return -1;
+		}
 	keya=s->session->key_arg_length;
 	len = 10 + (unsigned long)s->s2->tmp.clear + (unsigned long)s->s2->tmp.enc + (unsigned long)keya;
 	if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)
 		{
+		ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
 		SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_MESSAGE_TOO_LONG);
 		return -1;
 		}
@@ -511,7 +515,13 @@ static int get_client_master_key(SSL *s)
 #endif
 
 	if (is_export) i+=s->s2->tmp.clear;
-	die(i <= SSL_MAX_MASTER_KEY_LENGTH);
+
+	if (i > SSL_MAX_MASTER_KEY_LENGTH)
+		{
+		ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
+		SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_INTERNAL_ERROR);
+		return -1;
+		}
 	s->session->master_key_length=i;
 	memcpy(s->session->master_key,p,(unsigned int)i);
 	return(1);
@@ -561,6 +571,7 @@ static int get_client_hello(SSL *s)
 		if (	(i < SSL2_MIN_CHALLENGE_LENGTH) ||
 			(i > SSL2_MAX_CHALLENGE_LENGTH))
 			{
+			ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
 			SSLerr(SSL_F_GET_CLIENT_HELLO,SSL_R_INVALID_CHALLENGE_LENGTH);
 			return(-1);
 			}
@@ -572,6 +583,7 @@ static int get_client_hello(SSL *s)
 	len = 9 + (unsigned long)s->s2->tmp.cipher_spec_length + (unsigned long)s->s2->challenge_length + (unsigned long)s->s2->tmp.session_id_length;
 	if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)
 		{
+		ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
 		SSLerr(SSL_F_GET_CLIENT_HELLO,SSL_R_MESSAGE_TOO_LONG);
 		return -1;
 		}
@@ -659,7 +671,12 @@ static int get_client_hello(SSL *s)
 	p+=s->s2->tmp.session_id_length;
 
 	/* challenge */
-	die(s->s2->challenge_length <= sizeof s->s2->challenge);
+	if (s->s2->challenge_length > sizeof s->s2->challenge)
+		{
+		ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
+		SSLerr(SSL_F_GET_CLIENT_HELLO, SSL_R_INTERNAL_ERROR);
+		return -1;
+		}
 	memcpy(s->s2->challenge,p,(unsigned int)s->s2->challenge_length);
 	return(1);
 mem_err:
@@ -811,7 +828,12 @@ static int get_client_finished(SSL *s)
 		}
 
 	/* SSL2_ST_GET_CLIENT_FINISHED_B */
-	die(s->s2->conn_id_length <= sizeof s->s2->conn_id);
+	if (s->s2->conn_id_length > sizeof s->s2->conn_id)
+		{
+		ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
+		SSLerr(SSL_F_GET_CLIENT_FINISHED, SSL_R_INTERNAL_ERROR);
+		return -1;
+		}
 	len = 1 + (unsigned long)s->s2->conn_id_length;
 	n = (int)len - s->init_num;
 	i = ssl2_read(s,(char *)&(p[s->init_num]),n);
@@ -837,7 +859,11 @@ static int server_verify(SSL *s)
 		{
 		p=(unsigned char *)s->init_buf->data;
 		*(p++)=SSL2_MT_SERVER_VERIFY;
-		die(s->s2->challenge_length <= sizeof s->s2->challenge);
+		if (s->s2->challenge_length > sizeof s->s2->challenge)
+			{
+			SSLerr(SSL_F_SERVER_VERIFY, SSL_R_INTERNAL_ERROR);
+			return -1;
+			}
 		memcpy(p,s->s2->challenge,(unsigned int)s->s2->challenge_length);
 		/* p+=s->s2->challenge_length; */
 
@@ -857,10 +883,12 @@ static int server_finish(SSL *s)
 		p=(unsigned char *)s->init_buf->data;
 		*(p++)=SSL2_MT_SERVER_FINISHED;
 
-		die(s->session->session_id_length
-		    <= sizeof s->session->session_id);
-		memcpy(p,s->session->session_id,
-			(unsigned int)s->session->session_id_length);
+		if (s->session->session_id_length > sizeof s->session->session_id)
+			{
+			SSLerr(SSL_F_SERVER_FINISH, SSL_R_INTERNAL_ERROR);
+			return -1;
+			}
+		memcpy(p,s->session->session_id, (unsigned int)s->session->session_id_length);
 		/* p+=s->session->session_id_length; */
 
 		s->state=SSL2_ST_SEND_SERVER_FINISHED_B;