svn commit: r236304 - head/crypto/openssl/crypto/buffer head/crypto/openssl/ssl head/secure/lib/libcrypt releng/7.4 releng/7.4/crypto/openssl/crypto/buffer releng/7.4/crypto/openssl/ssl releng/7.4/...

Wed, 30 May 2012 05:06:19 -0700 

Author: bz
Date: Wed May 30 12:01:28 2012
New Revision: 236304
URL: http://svn.freebsd.org/changeset/base/236304

Log:
  Update the previous openssl fix. [12:01]
  
  Fix a bug in crypt(3) ignoring characters of a passphrase. [12:02]
  
  Security:     FreeBSD-SA-12:01.openssl (revised)
  Security:     FreeBSD-SA-12:02.crypt
  Approved by:  so (bz, simon)

Modified:
  stable/9/crypto/openssl/crypto/buffer/buffer.c
  stable/9/crypto/openssl/ssl/s3_srvr.c
  stable/9/secure/lib/libcrypt/crypt-des.c

Changes in other areas also in this revision:
Modified:
  head/crypto/openssl/crypto/buffer/buffer.c
  head/crypto/openssl/ssl/s3_srvr.c
  head/secure/lib/libcrypt/crypt-des.c
  releng/7.4/UPDATING
  releng/7.4/crypto/openssl/crypto/buffer/buffer.c
  releng/7.4/crypto/openssl/ssl/s3_srvr.c
  releng/7.4/secure/lib/libcrypt/crypt-des.c
  releng/7.4/sys/conf/newvers.sh
  releng/8.1/UPDATING
  releng/8.1/crypto/openssl/crypto/buffer/buffer.c
  releng/8.1/crypto/openssl/ssl/s3_srvr.c
  releng/8.1/secure/lib/libcrypt/crypt-des.c
  releng/8.1/sys/conf/newvers.sh
  releng/8.2/UPDATING
  releng/8.2/crypto/openssl/crypto/buffer/buffer.c
  releng/8.2/crypto/openssl/ssl/s3_srvr.c
  releng/8.2/secure/lib/libcrypt/crypt-des.c
  releng/8.2/sys/conf/newvers.sh
  releng/8.3/UPDATING
  releng/8.3/crypto/openssl/crypto/buffer/buffer.c
  releng/8.3/crypto/openssl/ssl/s3_srvr.c
  releng/8.3/secure/lib/libcrypt/crypt-des.c
  releng/8.3/sys/conf/newvers.sh
  releng/9.0/UPDATING
  releng/9.0/crypto/openssl/crypto/buffer/buffer.c
  releng/9.0/crypto/openssl/ssl/s3_srvr.c
  releng/9.0/secure/lib/libcrypt/crypt-des.c
  releng/9.0/sys/conf/newvers.sh
  stable/7/crypto/openssl/crypto/buffer/buffer.c
  stable/7/crypto/openssl/ssl/s3_srvr.c
  stable/7/secure/lib/libcrypt/crypt-des.c
  stable/8/crypto/openssl/crypto/buffer/buffer.c
  stable/8/crypto/openssl/ssl/s3_srvr.c
  stable/8/secure/lib/libcrypt/crypt-des.c

Modified: stable/9/crypto/openssl/crypto/buffer/buffer.c
==============================================================================
--- stable/9/crypto/openssl/crypto/buffer/buffer.c      Wed May 30 11:48:57 
2012        (r236303)
+++ stable/9/crypto/openssl/crypto/buffer/buffer.c      Wed May 30 12:01:28 
2012        (r236304)
@@ -166,7 +166,7 @@ int BUF_MEM_grow_clean(BUF_MEM *str, int
        /* This limit is sufficient to ensure (len+3)/3*4 < 2**31 */
        if (len > LIMIT_BEFORE_EXPANSION)
                {
-               BUFerr(BUF_F_BUF_MEM_GROW,ERR_R_MALLOC_FAILURE);
+               BUFerr(BUF_F_BUF_MEM_GROW_CLEAN,ERR_R_MALLOC_FAILURE);
                return 0;
                }
        n=(len+3)/3*4;

Modified: stable/9/crypto/openssl/ssl/s3_srvr.c
==============================================================================
--- stable/9/crypto/openssl/ssl/s3_srvr.c       Wed May 30 11:48:57 2012        
(r236303)
+++ stable/9/crypto/openssl/ssl/s3_srvr.c       Wed May 30 12:01:28 2012        
(r236304)
@@ -698,14 +698,6 @@ int ssl3_check_client_hello(SSL *s)
        int ok;
        long n;
 
-       /* We only allow the client to restart the handshake once per
-        * negotiation. */
-       if (s->s3->flags & SSL3_FLAGS_SGC_RESTART_DONE)
-               {
-               SSLerr(SSL_F_SSL3_CHECK_CLIENT_HELLO, 
SSL_R_MULTIPLE_SGC_RESTARTS);
-               return -1;
-               }
-
        /* this function is called when we really expect a Certificate message,
         * so permit appropriate message length */
        n=s->method->ssl_get_message(s,
@@ -718,6 +710,13 @@ int ssl3_check_client_hello(SSL *s)
        s->s3->tmp.reuse_message = 1;
        if (s->s3->tmp.message_type == SSL3_MT_CLIENT_HELLO)
                {
+               /* We only allow the client to restart the handshake once per
+                * negotiation. */
+               if (s->s3->flags & SSL3_FLAGS_SGC_RESTART_DONE)
+                       {
+                       SSLerr(SSL_F_SSL3_CHECK_CLIENT_HELLO, 
SSL_R_MULTIPLE_SGC_RESTARTS);
+                       return -1;
+                       }
                /* Throw away what we have done so far in the current handshake,
                 * which will now be aborted. (A full SSL_clear would be too 
much.) */
 #ifndef OPENSSL_NO_DH

Modified: stable/9/secure/lib/libcrypt/crypt-des.c
==============================================================================
--- stable/9/secure/lib/libcrypt/crypt-des.c    Wed May 30 11:48:57 2012        
(r236303)
+++ stable/9/secure/lib/libcrypt/crypt-des.c    Wed May 30 12:01:28 2012        
(r236304)
@@ -606,7 +606,7 @@ crypt_des(const char *key, const char *s
        q = (u_char *)keybuf;
        while (q - (u_char *)keybuf - 8) {
                *q++ = *key << 1;
-               if (*(q - 1))
+               if (*key != '\0')
                        key++;
        }
        if (des_setkey((char *)keybuf))
_______________________________________________
svn-src-stable-9@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-stable-9
To unsubscribe, send any mail to "svn-src-stable-9-unsubscr...@freebsd.org"

Reply via email to