X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=ssl%2Fs3_srvr.c;h=3db3e78d5e1d50778adf8db21e40c72cc5eb452e;hb=18be6c411645232e84dbb906b71bd8bdff50fcd9;hp=d26790a017cb024bfb47a7a59acf68fe21099744;hpb=ea262260469e49149cb10b25a87dfd6ad3fbb4ba;p=oweals%2Fopenssl.git

diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index d26790a017..3db3e78d5e 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -117,19 +117,6 @@
  * The Contribution is licensed pursuant to the OpenSSL open source
  * license provided above.
  *
- * In addition, Sun covenants to all licensees who provide a reciprocal
- * covenant with respect to their own patents if any, not to sue under
- * current and future patent claims necessarily infringed by the making,
- * using, practicing, selling, offering for sale and/or otherwise
- * disposing of the Contribution as delivered hereunder 
- * (or portions thereof), provided that such covenant shall not apply:
- *  1) for code that a licensee deletes from the Contribution;
- *  2) separates from the Contribution; or
- *  3) for infringements caused by:
- *       i) the modification of the Contribution or
- *      ii) the combination of the  Contribution with other software or
- *          devices where such combination causes the infringement.
- *
  * ECC cipher suite support in OpenSSL originally written by
  * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
  *
@@ -181,11 +168,18 @@ SSL_METHOD *SSLv3_server_method(void)
 
 	if (init)
 		{
-		memcpy((char *)&SSLv3_server_data,(char *)sslv3_base_method(),
-			sizeof(SSL_METHOD));
-		SSLv3_server_data.ssl_accept=ssl3_accept;
-		SSLv3_server_data.get_ssl_method=ssl3_get_server_method;
-		init=0;
+		CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
+
+		if (init)
+			{
+			memcpy((char *)&SSLv3_server_data,(char *)sslv3_base_method(),
+				sizeof(SSL_METHOD));
+			SSLv3_server_data.ssl_accept=ssl3_accept;
+			SSLv3_server_data.get_ssl_method=ssl3_get_server_method;
+			init=0;
+			}
+			
+		CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
 		}
 	return(&SSLv3_server_data);
 	}
@@ -1355,7 +1349,7 @@ static int ssl3_send_server_key_exchange(SSL *s)
 			kn=0;
 			}
 
-		if (!BUF_MEM_grow(buf,n+4+kn))
+		if (!BUF_MEM_grow_clean(buf,n+4+kn))
 			{
 			SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_BUF);
 			goto err;
@@ -1446,7 +1440,7 @@ static int ssl3_send_server_key_exchange(SSL *s)
 			else
 #endif
 #if !defined(OPENSSL_NO_ECDSA)
-				if (pkey->type == EVP_PKEY_ECDSA)
+				if (pkey->type == EVP_PKEY_EC)
 				{
 				/* let's do ECDSA */
 				EVP_SignInit_ex(&md_ctx,EVP_ecdsa(), NULL);
@@ -1528,7 +1522,7 @@ static int ssl3_send_certificate_request(SSL *s)
 				{
 				name=sk_X509_NAME_value(sk,i);
 				j=i2d_X509_NAME(name,NULL);
-				if (!BUF_MEM_grow(buf,4+n+j+2))
+				if (!BUF_MEM_grow_clean(buf,4+n+j+2))
 					{
 					SSLerr(SSL_F_SSL3_SEND_CERTIFICATE_REQUEST,ERR_R_BUF_LIB);
 					goto err;
@@ -1723,7 +1717,7 @@ static int ssl3_get_client_key_exchange(SSL *s)
 			s->method->ssl3_enc->generate_master_secret(s,
 				s->session->master_key,
 				p,i);
-		memset(p,0,i);
+		OPENSSL_cleanse(p,i);
 		}
 	else
 #endif
@@ -1786,7 +1780,7 @@ static int ssl3_get_client_key_exchange(SSL *s)
 		s->session->master_key_length=
 			s->method->ssl3_enc->generate_master_secret(s,
 				s->session->master_key,p,i);
-		memset(p,0,i);
+		OPENSSL_cleanse(p,i);
 		}
 	else
 #endif
@@ -1889,7 +1883,7 @@ static int ssl3_get_client_key_exchange(SSL *s)
                 if (enc == NULL)
                     goto err;
 
-		memset(iv, 0, EVP_MAX_IV_LENGTH);	/* per RFC 1510 */
+		memset(iv, 0, sizeof iv);	/* per RFC 1510 */
 
 		if (!EVP_DecryptInit_ex(&ciph_ctx,enc,NULL,kssl_ctx->key,iv))
 			{
@@ -2001,7 +1995,7 @@ static int ssl3_get_client_key_exchange(SSL *s)
 				 }
                         if (((clnt_pub_pkey=X509_get_pubkey(s->session->peer))
 			    == NULL) || 
-			    (clnt_pub_pkey->type != EVP_PKEY_ECDSA))
+			    (clnt_pub_pkey->type != EVP_PKEY_EC))
                         	{
 				/* XXX: For now, we do not support client
 				 * authentication using ECDH certificates
@@ -2075,7 +2069,7 @@ static int ssl3_get_client_key_exchange(SSL *s)
                 s->session->master_key_length = s->method->ssl3_enc-> \
 		    generate_master_secret(s, s->session->master_key, p, i);
 		
-                memset(p, 0, i);
+                OPENSSL_cleanse(p, i);
                 return (ret);
 		}
 	else
@@ -2093,7 +2087,7 @@ f_err:
 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_ECDH)
 err:
 #endif
-#ifndef NO_OPENSSL_ECDH
+#ifndef OPENSSL_NO_ECDH
 	EVP_PKEY_free(clnt_pub_pkey);
 	EC_POINT_free(clnt_ecpoint);
 	if (srvr_ecdh != NULL) 
@@ -2120,7 +2114,7 @@ static int ssl3_get_cert_verify(SSL *s)
 		SSL3_ST_SR_CERT_VRFY_A,
 		SSL3_ST_SR_CERT_VRFY_B,
 		-1,
-		512, /* 512? */
+		514, /* 514? */
 		&ok);
 
 	if (!ok) return((int)n);
@@ -2228,7 +2222,7 @@ static int ssl3_get_cert_verify(SSL *s)
 	else
 #endif
 #ifndef OPENSSL_NO_ECDSA
-		if (pkey->type == EVP_PKEY_ECDSA)
+		if (pkey->type == EVP_PKEY_EC)
 		{
 		j=ECDSA_verify(pkey->save_type,
 			&(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]),