This patch fixes 3 problems with SSLeay 0.8.1 1) The PKCS#1 padding attack 2) SSLv3 server drops the connection when connected via TLSv1, instead of rolling down to SSLv3. 3) The problem of calling SSL_write() with a buffer > 16k To apply, cd into the SSLeay 0.8.1 directory and run patch -p1 -l < SSLeay-081-081b.patch diff -c -b -B -r -P SSLeay-0.8.1.old/Makefile.ssl SSLeay-0.8.1/Makefile.ssl *** SSLeay-0.8.1.old/Makefile.ssl Fri Jun 26 17:11:21 1998 --- SSLeay-0.8.1/Makefile.ssl Fri Jun 26 17:11:08 1998 *************** *** 1,6 **** # # Makefile for all the SSL related library routines and utilities ! VERSION = 0.8.1 # # make install will install: # libraries into $INSTALLTOP/lib --- 1,6 ---- # # Makefile for all the SSL related library routines and utilities ! VERSION = 0.8.1b # # make install will install: # libraries into $INSTALLTOP/lib diff -c -b -B -r -P SSLeay-0.8.1.old/README SSLeay-0.8.1/README *** SSLeay-0.8.1.old/README Sat Jul 19 04:15:56 1997 --- SSLeay-0.8.1/README Wed Jun 24 11:15:16 1998 *************** *** 1,4 **** ! SSLeay 0.8.1 19-Jul-1997 Copyright (c) 1997, Eric Young All rights reserved. --- 1,4 ---- ! SSLeay 0.8.1b 29-Jun-1998 Copyright (c) 1997, Eric Young All rights reserved. diff -c -b -B -r -P SSLeay-0.8.1.old/crypto/asn1/asn1_lib.c SSLeay-0.8.1/crypto/asn1/asn1_lib.c *** SSLeay-0.8.1.old/crypto/asn1/asn1_lib.c Sat Jul 19 04:15:59 1997 --- SSLeay-0.8.1/crypto/asn1/asn1_lib.c Wed Jun 24 11:15:16 1998 *************** *** 69,75 **** static void asn1_put_length(); #endif ! char *ASN1_version="ASN1 part of SSLeay 0.8.1 19-Jul-1997"; int ASN1_check_infinite_end(p,len) unsigned char **p; --- 69,75 ---- static void asn1_put_length(); #endif ! char *ASN1_version="ASN1 part of SSLeay 0.8.1b 29-Jun-1998"; int ASN1_check_infinite_end(p,len) unsigned char **p; diff -c -b -B -r -P SSLeay-0.8.1.old/crypto/bf/bf_ecb.c SSLeay-0.8.1/crypto/bf/bf_ecb.c *** SSLeay-0.8.1.old/crypto/bf/bf_ecb.c Sat Jul 19 04:16:00 1997 --- SSLeay-0.8.1/crypto/bf/bf_ecb.c Wed Jun 24 11:15:16 1998 *************** *** 64,70 **** * CAMBRIDGE SECURITY WORKSHOP, CAMBRIDGE, U.K., DECEMBER 9-11, 1993) */ ! char *BF_version="BlowFish part of SSLeay 0.8.1 19-Jul-1997"; char *BF_options() { --- 64,70 ---- * CAMBRIDGE SECURITY WORKSHOP, CAMBRIDGE, U.K., DECEMBER 9-11, 1993) */ ! char *BF_version="BlowFish part of SSLeay 0.8.1b 29-Jun-1998"; char *BF_options() { diff -c -b -B -r -P SSLeay-0.8.1.old/crypto/bn/bn_lib.c SSLeay-0.8.1/crypto/bn/bn_lib.c *** SSLeay-0.8.1.old/crypto/bn/bn_lib.c Sat Jul 19 04:16:00 1997 --- SSLeay-0.8.1/crypto/bn/bn_lib.c Wed Jun 24 11:15:15 1998 *************** *** 60,66 **** #include "cryptlib.h" #include "bn_lcl.h" ! char *BN_version="Big Number part of SSLeay 0.8.1 19-Jul-1997"; BIGNUM *BN_value_one() { --- 60,66 ---- #include "cryptlib.h" #include "bn_lcl.h" ! char *BN_version="Big Number part of SSLeay 0.8.1b 29-Jun-1998"; BIGNUM *BN_value_one() { diff -c -b -B -r -P SSLeay-0.8.1.old/crypto/conf/conf.c SSLeay-0.8.1/crypto/conf/conf.c *** SSLeay-0.8.1.old/crypto/conf/conf.c Sat Jul 19 04:16:00 1997 --- SSLeay-0.8.1/crypto/conf/conf.c Wed Jun 24 11:15:15 1998 *************** *** 95,101 **** #define scan_esc(p) ((*(++p) == '\0')?(p):(++p)) ! char *CONF_version="CONF part of SSLeay 0.8.1 19-Jul-1997"; LHASH *CONF_load(h,file,line) LHASH *h; --- 95,101 ---- #define scan_esc(p) ((*(++p) == '\0')?(p):(++p)) ! char *CONF_version="CONF part of SSLeay 0.8.1b 29-Jun-1998"; LHASH *CONF_load(h,file,line) LHASH *h; diff -c -b -B -r -P SSLeay-0.8.1.old/crypto/cversion.c SSLeay-0.8.1/crypto/cversion.c *** SSLeay-0.8.1.old/crypto/cversion.c Sat Jul 19 04:15:57 1997 --- SSLeay-0.8.1/crypto/cversion.c Wed Jun 24 11:15:16 1998 *************** *** 66,72 **** int t; { if (t == SSLEAY_VERSION) ! return("SSLeay 0.8.1 19-Jul-1997"); if (t == SSLEAY_BUILT_ON) { #ifdef DATE --- 66,72 ---- int t; { if (t == SSLEAY_VERSION) ! return("SSLeay 0.8.1b 29-Jun-1998"); if (t == SSLEAY_BUILT_ON) { #ifdef DATE diff -c -b -B -r -P SSLeay-0.8.1.old/crypto/des/ecb_enc.c SSLeay-0.8.1/crypto/des/ecb_enc.c *** SSLeay-0.8.1.old/crypto/des/ecb_enc.c Sat Jul 19 04:16:01 1997 --- SSLeay-0.8.1/crypto/des/ecb_enc.c Wed Jun 24 11:15:15 1998 *************** *** 60,66 **** #include "spr.h" char *libdes_version="libdes v 3.24 - 20-Apr-1996 - eay"; ! char *DES_version="DES part of SSLeay 0.8.1 19-Jul-1997"; char *des_options() { --- 60,66 ---- #include "spr.h" char *libdes_version="libdes v 3.24 - 20-Apr-1996 - eay"; ! char *DES_version="DES part of SSLeay 0.8.1b 29-Jun-1998"; char *des_options() { diff -c -b -B -r -P SSLeay-0.8.1.old/crypto/dh/dh_lib.c SSLeay-0.8.1/crypto/dh/dh_lib.c *** SSLeay-0.8.1.old/crypto/dh/dh_lib.c Sat Jul 19 04:16:01 1997 --- SSLeay-0.8.1/crypto/dh/dh_lib.c Wed Jun 24 11:15:15 1998 *************** *** 61,67 **** #include "bn.h" #include "dh.h" ! char *DH_version="Diffie-Hellman part of SSLeay 0.8.1 19-Jul-1997"; DH *DH_new() { --- 61,67 ---- #include "bn.h" #include "dh.h" ! char *DH_version="Diffie-Hellman part of SSLeay 0.8.1b 29-Jun-1998"; DH *DH_new() { diff -c -b -B -r -P SSLeay-0.8.1.old/crypto/dsa/dsa_lib.c SSLeay-0.8.1/crypto/dsa/dsa_lib.c *** SSLeay-0.8.1.old/crypto/dsa/dsa_lib.c Sat Jul 19 04:16:01 1997 --- SSLeay-0.8.1/crypto/dsa/dsa_lib.c Wed Jun 24 11:15:16 1998 *************** *** 64,70 **** #include "dsa.h" #include "asn1.h" ! char *DSA_version="\0DSA part of SSLeay 0.8.1 19-Jul-1997"; DSA *DSA_new() { --- 64,70 ---- #include "dsa.h" #include "asn1.h" ! char *DSA_version="\0DSA part of SSLeay 0.8.1b 29-Jun-1998"; DSA *DSA_new() { diff -c -b -B -r -P SSLeay-0.8.1.old/crypto/evp/evp_enc.c SSLeay-0.8.1/crypto/evp/evp_enc.c *** SSLeay-0.8.1.old/crypto/evp/evp_enc.c Sat Jul 19 04:16:02 1997 --- SSLeay-0.8.1/crypto/evp/evp_enc.c Wed Jun 24 11:15:16 1998 *************** *** 60,66 **** #include "cryptlib.h" #include "evp.h" ! char *EVP_version="EVP part of SSLeay 0.8.1 19-Jul-1997"; void EVP_CipherInit(ctx,data,key,iv,enc) EVP_CIPHER_CTX *ctx; --- 60,66 ---- #include "cryptlib.h" #include "evp.h" ! char *EVP_version="EVP part of SSLeay 0.8.1b 29-Jun-1998"; void EVP_CipherInit(ctx,data,key,iv,enc) EVP_CIPHER_CTX *ctx; diff -c -b -B -r -P SSLeay-0.8.1.old/crypto/idea/i_ecb.c SSLeay-0.8.1/crypto/idea/i_ecb.c *** SSLeay-0.8.1.old/crypto/idea/i_ecb.c Sat Jul 19 04:16:02 1997 --- SSLeay-0.8.1/crypto/idea/i_ecb.c Wed Jun 24 11:15:15 1998 *************** *** 59,65 **** #include "idea.h" #include "idea_lcl.h" ! char *IDEA_version="IDEA part of SSLeay 0.8.1 19-Jul-1997"; char *idea_options() { --- 59,65 ---- #include "idea.h" #include "idea_lcl.h" ! char *IDEA_version="IDEA part of SSLeay 0.8.1b 29-Jun-1998"; char *idea_options() { diff -c -b -B -r -P SSLeay-0.8.1.old/crypto/lhash/lhash.c SSLeay-0.8.1/crypto/lhash/lhash.c *** SSLeay-0.8.1.old/crypto/lhash/lhash.c Sat Jul 19 04:16:05 1997 --- SSLeay-0.8.1/crypto/lhash/lhash.c Wed Jun 24 11:15:15 1998 *************** *** 56,62 **** * [including the GNU Public Licence.] */ ! char *lh_version="lhash part of SSLeay 0.8.1 19-Jul-1997"; /* Code for dynamic hash table routines * Author - Eric Young v 2.0 --- 56,62 ---- * [including the GNU Public Licence.] */ ! char *lh_version="lhash part of SSLeay 0.8.1b 29-Jun-1998"; /* Code for dynamic hash table routines * Author - Eric Young v 2.0 diff -c -b -B -r -P SSLeay-0.8.1.old/crypto/md/md2_dgst.c SSLeay-0.8.1/crypto/md/md2_dgst.c *** SSLeay-0.8.1.old/crypto/md/md2_dgst.c Sat Jul 19 04:16:09 1997 --- SSLeay-0.8.1/crypto/md/md2_dgst.c Wed Jun 24 11:15:15 1998 *************** *** 61,67 **** #include #include "md2.h" ! char *MD2_version="MD2 part of SSLeay 0.8.1 19-Jul-1997"; /* Implemented from RFC1319 The MD2 Message-Digest Algorithm */ --- 61,67 ---- #include #include "md2.h" ! char *MD2_version="MD2 part of SSLeay 0.8.1b 29-Jun-1998"; /* Implemented from RFC1319 The MD2 Message-Digest Algorithm */ diff -c -b -B -r -P SSLeay-0.8.1.old/crypto/md/md5_dgst.c SSLeay-0.8.1/crypto/md/md5_dgst.c *** SSLeay-0.8.1.old/crypto/md/md5_dgst.c Sat Jul 19 04:16:09 1997 --- SSLeay-0.8.1/crypto/md/md5_dgst.c Wed Jun 24 11:15:15 1998 *************** *** 59,65 **** #include #include "md5_locl.h" ! char *MD5_version="MD5 part of SSLeay 0.8.1 19-Jul-1997"; /* Implemented from RFC1321 The MD5 Message-Digest Algorithm */ --- 59,65 ---- #include #include "md5_locl.h" ! char *MD5_version="MD5 part of SSLeay 0.8.1b 29-Jun-1998"; /* Implemented from RFC1321 The MD5 Message-Digest Algorithm */ diff -c -b -B -r -P SSLeay-0.8.1.old/crypto/pem/pem_lib.c SSLeay-0.8.1/crypto/pem/pem_lib.c *** SSLeay-0.8.1.old/crypto/pem/pem_lib.c Sat Jul 19 04:16:09 1997 --- SSLeay-0.8.1/crypto/pem/pem_lib.c Wed Jun 24 11:15:15 1998 *************** *** 68,74 **** #include "des.h" #endif ! char *PEM_version="PEM part of SSLeay 0.8.1 19-Jul-1997"; #define MIN_LENGTH 4 --- 68,74 ---- #include "des.h" #endif ! char *PEM_version="PEM part of SSLeay 0.8.1b 29-Jun-1998"; #define MIN_LENGTH 4 diff -c -b -B -r -P SSLeay-0.8.1.old/crypto/rand/md_rand.c SSLeay-0.8.1/crypto/rand/md_rand.c *** SSLeay-0.8.1.old/crypto/rand/md_rand.c Sat Jul 19 04:16:09 1997 --- SSLeay-0.8.1/crypto/rand/md_rand.c Wed Jun 24 11:15:16 1998 *************** *** 123,129 **** static unsigned char md[MD_DIGEST_LENGTH]; static int count=0; ! char *RAND_version="RAND part of SSLeay 0.8.1 19-Jul-1997"; void RAND_cleanup() { --- 123,129 ---- static unsigned char md[MD_DIGEST_LENGTH]; static int count=0; ! char *RAND_version="RAND part of SSLeay 0.8.1b 29-Jun-1998"; void RAND_cleanup() { diff -c -b -B -r -P SSLeay-0.8.1.old/crypto/rc2/rc2_ecb.c SSLeay-0.8.1/crypto/rc2/rc2_ecb.c *** SSLeay-0.8.1.old/crypto/rc2/rc2_ecb.c Sat Jul 19 04:16:09 1997 --- SSLeay-0.8.1/crypto/rc2/rc2_ecb.c Wed Jun 24 11:15:16 1998 *************** *** 59,65 **** #include "rc2.h" #include "rc2_locl.h" ! char *RC2_version="RC2 part of SSLeay 0.8.1 19-Jul-1997"; /* RC2 as implemented frm a posting from * Newsgroups: sci.crypt --- 59,65 ---- #include "rc2.h" #include "rc2_locl.h" ! char *RC2_version="RC2 part of SSLeay 0.8.1b 29-Jun-1998"; /* RC2 as implemented frm a posting from * Newsgroups: sci.crypt diff -c -b -B -r -P SSLeay-0.8.1.old/crypto/rc4/rc4_enc.c SSLeay-0.8.1/crypto/rc4/rc4_enc.c *** SSLeay-0.8.1.old/crypto/rc4/rc4_enc.c Fri Jun 26 17:11:21 1998 --- SSLeay-0.8.1/crypto/rc4/rc4_enc.c Fri Jun 26 17:11:08 1998 *************** *** 69,75 **** * speedup on x86 */ #undef RC4_INDEX ! char *RC4_version="RC4 part of SSLeay 0.8.1 19-Jul-1997"; char *RC4_options() { --- 69,75 ---- * speedup on x86 */ #undef RC4_INDEX ! char *RC4_version="RC4 part of SSLeay 0.8.1b 29-Jun-1998"; char *RC4_options() { diff -c -b -B -r -P SSLeay-0.8.1.old/crypto/rc4/rc4_enc.org SSLeay-0.8.1/crypto/rc4/rc4_enc.org *** SSLeay-0.8.1.old/crypto/rc4/rc4_enc.org Sat Jul 19 04:16:10 1997 --- SSLeay-0.8.1/crypto/rc4/rc4_enc.org Wed Jun 24 11:15:16 1998 *************** *** 69,75 **** * speedup on x86 */ #define RC4_INDEX ! char *RC4_version="RC4 part of SSLeay 0.8.1 19-Jul-1997"; char *RC4_options() { --- 69,75 ---- * speedup on x86 */ #define RC4_INDEX ! char *RC4_version="RC4 part of SSLeay 0.8.1b 29-Jun-1998"; char *RC4_options() { diff -c -b -B -r -P SSLeay-0.8.1.old/crypto/rsa/rsa_lib.c SSLeay-0.8.1/crypto/rsa/rsa_lib.c *** SSLeay-0.8.1.old/crypto/rsa/rsa_lib.c Sat Jul 19 04:16:10 1997 --- SSLeay-0.8.1/crypto/rsa/rsa_lib.c Wed Jun 24 11:15:16 1998 *************** *** 61,67 **** #include "bn.h" #include "rsa.h" ! char *RSA_version="RSA part of SSLeay 0.8.1 19-Jul-1997"; static RSA_METHOD *default_RSA_meth=NULL; --- 61,67 ---- #include "bn.h" #include "rsa.h" ! char *RSA_version="RSA part of SSLeay 0.8.1b 29-Jun-1998"; static RSA_METHOD *default_RSA_meth=NULL; diff -c -b -B -r -P SSLeay-0.8.1.old/crypto/sha/sha1dgst.c SSLeay-0.8.1/crypto/sha/sha1dgst.c *** SSLeay-0.8.1.old/crypto/sha/sha1dgst.c Sat Jul 19 04:16:10 1997 --- SSLeay-0.8.1/crypto/sha/sha1dgst.c Wed Jun 24 11:15:16 1998 *************** *** 62,68 **** #include "sha.h" #include "sha_locl.h" ! char *SHA1_version="SHA1 part of SSLeay 0.8.1 19-Jul-1997"; /* Implemented from SHA-1 document - The Secure Hash Algorithm */ --- 62,68 ---- #include "sha.h" #include "sha_locl.h" ! char *SHA1_version="SHA1 part of SSLeay 0.8.1b 29-Jun-1998"; /* Implemented from SHA-1 document - The Secure Hash Algorithm */ diff -c -b -B -r -P SSLeay-0.8.1.old/crypto/sha/sha_dgst.c SSLeay-0.8.1/crypto/sha/sha_dgst.c *** SSLeay-0.8.1.old/crypto/sha/sha_dgst.c Sat Jul 19 04:16:10 1997 --- SSLeay-0.8.1/crypto/sha/sha_dgst.c Wed Jun 24 11:15:16 1998 *************** *** 62,68 **** #include "sha.h" #include "sha_locl.h" ! char *SHA_version="SHA part of SSLeay 0.8.1 19-Jul-1997"; /* Implemented from SHA document - The Secure Hash Algorithm */ --- 62,68 ---- #include "sha.h" #include "sha_locl.h" ! char *SHA_version="SHA part of SSLeay 0.8.1b 29-Jun-1998"; /* Implemented from SHA document - The Secure Hash Algorithm */ diff -c -b -B -r -P SSLeay-0.8.1.old/crypto/stack/stack.c SSLeay-0.8.1/crypto/stack/stack.c *** SSLeay-0.8.1.old/crypto/stack/stack.c Sat Jul 19 04:16:10 1997 --- SSLeay-0.8.1/crypto/stack/stack.c Wed Jun 24 11:15:16 1998 *************** *** 72,78 **** #undef MIN_NODES #define MIN_NODES 4 ! char *STACK_version="STACK part of SSLeay 0.8.1 19-Jul-1997"; #ifndef NOPROTO #define FP_ICC (int (*)(const void *,const void *)) --- 72,78 ---- #undef MIN_NODES #define MIN_NODES 4 ! char *STACK_version="STACK part of SSLeay 0.8.1b 29-Jun-1998"; #ifndef NOPROTO #define FP_ICC (int (*)(const void *,const void *)) diff -c -b -B -r -P SSLeay-0.8.1.old/crypto/txt_db/txt_db.c SSLeay-0.8.1/crypto/txt_db/txt_db.c *** SSLeay-0.8.1.old/crypto/txt_db/txt_db.c Sat Jul 19 04:16:10 1997 --- SSLeay-0.8.1/crypto/txt_db/txt_db.c Wed Jun 24 11:15:16 1998 *************** *** 66,72 **** #undef BUFSIZE #define BUFSIZE 512 ! char *TXT_DB_version="TXT_DB part of SSLeay 0.8.1 19-Jul-1997"; TXT_DB *TXT_DB_read(in,num) BIO *in; --- 66,72 ---- #undef BUFSIZE #define BUFSIZE 512 ! char *TXT_DB_version="TXT_DB part of SSLeay 0.8.1b 29-Jun-1998"; TXT_DB *TXT_DB_read(in,num) BIO *in; diff -c -b -B -r -P SSLeay-0.8.1.old/crypto/x509/x509_vfy.c SSLeay-0.8.1/crypto/x509/x509_vfy.c *** SSLeay-0.8.1.old/crypto/x509/x509_vfy.c Sat Jul 19 04:16:10 1997 --- SSLeay-0.8.1/crypto/x509/x509_vfy.c Wed Jun 24 11:15:16 1998 *************** *** 79,85 **** static int internal_verify(); #endif ! char *X509_version="X509 part of SSLeay 0.8.1 19-Jul-1997"; static int null_callback(ok,e) int ok; --- 79,85 ---- static int internal_verify(); #endif ! char *X509_version="X509 part of SSLeay 0.8.1b 29-Jun-1998"; static int null_callback(ok,e) int ok; diff -c -b -B -r -P SSLeay-0.8.1.old/ssl/s23_clnt.c SSLeay-0.8.1/ssl/s23_clnt.c *** SSLeay-0.8.1.old/ssl/s23_clnt.c Sat Jul 19 04:15:58 1997 --- SSLeay-0.8.1/ssl/s23_clnt.c Tue Jun 23 16:34:34 1998 *************** *** 436,441 **** --- 436,442 ---- if (!ssl_get_new_session(s,0)) goto err; + s->first_packet=1; return(SSL_connect(s)); err: return(-1); diff -c -b -B -r -P SSLeay-0.8.1.old/ssl/s23_srvr.c SSLeay-0.8.1/ssl/s23_srvr.c *** SSLeay-0.8.1.old/ssl/s23_srvr.c Sat Jul 19 04:15:58 1997 --- SSLeay-0.8.1/ssl/s23_srvr.c Tue Jun 23 16:53:41 1998 *************** *** 221,228 **** /* SSLv2 */ type=1; } ! else if ((p[3] == SSL3_VERSION_MAJOR) && ! (p[4] == SSL3_VERSION_MINOR)) { if (s->ctx->options & SSL_OP_NON_EXPORT_FIRST) { --- 221,227 ---- /* SSLv2 */ type=1; } ! else if (p[3] == SSL3_VERSION_MAJOR) { if (s->ctx->options & SSL_OP_NON_EXPORT_FIRST) { *************** *** 282,293 **** } else if ((p[0] == SSL3_RT_HANDSHAKE) && (p[1] == SSL3_VERSION_MAJOR) && - (p[2] == SSL3_VERSION_MINOR) && (p[5] == SSL3_MT_CLIENT_HELLO)) { /* true SSLv3 */ type=3; } } next_bit: --- 281,306 ---- } else if ((p[0] == SSL3_RT_HANDSHAKE) && (p[1] == SSL3_VERSION_MAJOR) && (p[5] == SSL3_MT_CLIENT_HELLO)) { /* true SSLv3 */ type=3; } + /* I will not introduce error codes since that will probably + * disrupt the error codes alread allocated and could play + * havoc with dynamic allocation. Upgrade to 0.9.x :-) + */ + else if ((strncmp("GET ", (char *)p,4) == 0) || + (strncmp("POST ",(char *)p,5) == 0) || + (strncmp("HEAD ",(char *)p,5) == 0) || + (strncmp("PUT ", (char *)p,4) == 0)) + { + goto err; + } + else if (strncmp("CONNECT",(char *)p,7) == 0) + { + goto err; + } } next_bit: *************** *** 452,457 **** --- 465,471 ---- s->init_num=0; if (buf != buf_space) Free(buf); + s->first_packet=1; return(SSL_accept(s)); err: if (buf != buf_space) Free(buf); diff -c -b -B -r -P SSLeay-0.8.1.old/ssl/s2_lib.c SSLeay-0.8.1/ssl/s2_lib.c *** SSLeay-0.8.1.old/ssl/s2_lib.c Sat Jul 19 04:15:58 1997 --- SSLeay-0.8.1/ssl/s2_lib.c Wed Jun 24 11:15:16 1998 *************** *** 69,75 **** static long ssl2_default_timeout(); #endif ! char *ssl2_version_str="SSLv2 part of SSLeay 0.8.1 19-Jul-1997"; #define SSL2_NUM_CIPHERS (sizeof(ssl2_ciphers)/sizeof(SSL_CIPHER)) --- 69,75 ---- static long ssl2_default_timeout(); #endif ! char *ssl2_version_str="SSLv2 part of SSLeay 0.8.1b 29-Jun-1998"; #define SSL2_NUM_CIPHERS (sizeof(ssl2_ciphers)/sizeof(SSL_CIPHER)) diff -c -b -B -r -P SSLeay-0.8.1.old/ssl/s2_pkt.c SSLeay-0.8.1/ssl/s2_pkt.c *** SSLeay-0.8.1.old/ssl/s2_pkt.c Sat Jul 19 04:15:58 1997 --- SSLeay-0.8.1/ssl/s2_pkt.c Tue Jun 23 16:46:57 1998 *************** *** 142,157 **** if (s->rstate == SSL_ST_READ_HEADER) { ! if (s->s2->first_packet) { n=read_n(s,5,SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+2,0); if (n <= 0) return(n); /* error or non-blocking */ ! s->s2->first_packet=0; p=s->packet; ! if (!((p[0] & 0x80) && (p[2] == SSL2_MT_CLIENT_HELLO) && ! (((p[3] == 0x00) && (p[4] == 0x02)) || ! ((p[3] == 0x03) && (p[4] == 0x00)))) ! ) { SSLerr(SSL_F_SSL2_READ,SSL_R_NON_SSLV2_INITIAL_PACKET); return(-1); --- 142,156 ---- if (s->rstate == SSL_ST_READ_HEADER) { ! if (s->first_packet) { n=read_n(s,5,SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+2,0); if (n <= 0) return(n); /* error or non-blocking */ ! s->first_packet=0; p=s->packet; ! if (!((p[0] & 0x80) && ( ! (p[2] == SSL2_MT_CLIENT_HELLO) || ! (p[2] == SSL2_MT_SERVER_HELLO)))) { SSLerr(SSL_F_SSL2_READ,SSL_R_NON_SSLV2_INITIAL_PACKET); return(-1); diff -c -b -B -r -P SSLeay-0.8.1.old/ssl/s2_srvr.c SSLeay-0.8.1/ssl/s2_srvr.c *** SSLeay-0.8.1.old/ssl/s2_srvr.c Sat Jul 19 04:15:58 1997 --- SSLeay-0.8.1/ssl/s2_srvr.c Fri Jun 26 11:51:57 1998 *************** *** 336,342 **** static int get_client_master_key(s) SSL *s; { ! int export,i,n,keya,error=0,ek; unsigned char *p; SSL_CIPHER *cp; EVP_CIPHER *c; --- 336,342 ---- static int get_client_master_key(s) SSL *s; { ! int export,i,n,keya,ek; unsigned char *p; SSL_CIPHER *cp; EVP_CIPHER *c; *************** *** 418,423 **** --- 418,438 ---- ek=5; /* bad decrypt */ + #if 1 + /* If a bad decrypt, continue with protocol but with a + * dud master secret */ + if ((i < 0) || + ((!export && (i != EVP_CIPHER_key_length(c))) + || ( export && ((i != ek) || (s->s2->tmp.clear+i != + EVP_CIPHER_key_length(c)))))) + { + if (export) + i=ek; + else + i=EVP_CIPHER_key_length(c); + RAND_bytes(p,i); + } + #else if (i < 0) { error=1; *************** *** 436,441 **** --- 451,457 ---- ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); return(-1); } + #endif if (export) i+=s->s2->tmp.clear; s->session->master_key_length=i; *************** *** 456,462 **** * type the first time round. */ if (s->state == SSL2_ST_GET_CLIENT_HELLO_A) { ! s->s2->first_packet=1; s->state=SSL2_ST_GET_CLIENT_HELLO_B; } --- 472,478 ---- * type the first time round. */ if (s->state == SSL2_ST_GET_CLIENT_HELLO_A) { ! s->first_packet=1; s->state=SSL2_ST_GET_CLIENT_HELLO_B; } diff -c -b -B -r -P SSLeay-0.8.1.old/ssl/s3_lib.c SSLeay-0.8.1/ssl/s3_lib.c *** SSLeay-0.8.1.old/ssl/s3_lib.c Sat Jul 19 04:15:58 1997 --- SSLeay-0.8.1/ssl/s3_lib.c Wed Jun 24 11:15:16 1998 *************** *** 60,66 **** #include "objects.h" #include "ssl_locl.h" ! char *ssl3_version_str="SSLv3 part of SSLeay 0.8.1 19-Jul-1997"; #define SSL3_NUM_CIPHERS (sizeof(ssl3_ciphers)/sizeof(SSL_CIPHER)) --- 60,66 ---- #include "objects.h" #include "ssl_locl.h" ! char *ssl3_version_str="SSLv3 part of SSLeay 0.8.1b 29-Jun-1998"; #define SSL3_NUM_CIPHERS (sizeof(ssl3_ciphers)/sizeof(SSL_CIPHER)) diff -c -b -B -r -P SSLeay-0.8.1.old/ssl/s3_pkt.c SSLeay-0.8.1/ssl/s3_pkt.c *** SSLeay-0.8.1.old/ssl/s3_pkt.c Sat Jul 19 04:15:58 1997 --- SSLeay-0.8.1/ssl/s3_pkt.c Wed Jun 24 11:14:12 1998 *************** *** 251,256 **** --- 251,262 ---- n2s(p,rr->length); /* Lets check version */ + if (s->first_packet) + { + s->first_packet=0; + } + else + { if ( (ssl_major != SSL3_VERSION_MAJOR) || (ssl_minor != SSL3_VERSION_MINOR)) { *************** *** 258,263 **** --- 264,270 ---- SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER); goto f_err; } + } if (s->version != SSL3_VERSION_MAJOR) { *************** *** 428,434 **** char *buf; int len; { ! unsigned int tot,n; int i; s->rwstate=SSL_NOTHING; --- 435,441 ---- char *buf; int len; { ! unsigned int tot,n,nw; int i; s->rwstate=SSL_NOTHING; *************** *** 449,455 **** n=(len-tot); for (;;) { ! i=do_ssl3_write(s,type,&(buf[tot]),n); if (i <= 0) { s->s3->wnum=tot; --- 456,467 ---- n=(len-tot); for (;;) { ! if (n > SSL3_RT_MAX_PLAIN_LENGTH) ! nw=SSL3_RT_MAX_PLAIN_LENGTH; ! else ! nw=n; ! ! i=do_ssl3_write(s,type,&(buf[tot]),nw); if (i <= 0) { s->s3->wnum=tot; diff -c -b -B -r -P SSLeay-0.8.1.old/ssl/s3_srvr.c SSLeay-0.8.1/ssl/s3_srvr.c *** SSLeay-0.8.1.old/ssl/s3_srvr.c Sat Jul 19 04:15:58 1997 --- SSLeay-0.8.1/ssl/s3_srvr.c Fri Jun 26 11:52:33 1998 *************** *** 273,278 **** --- 273,279 ---- case SSL3_ST_SR_CLNT_HELLO_A: case SSL3_ST_SR_CLNT_HELLO_B: + case SSL3_ST_SR_CLNT_HELLO_C: s->shutdown=0; ret=ssl3_get_client_hello(s); *************** *** 577,585 **** SSL_CIPHER *c; STACK *ciphers=NULL; n=ssl3_get_message(s, - SSL3_ST_SR_CLNT_HELLO_A, SSL3_ST_SR_CLNT_HELLO_B, SSL3_MT_CLIENT_HELLO, SSL3_RT_MAX_PLAIN_LENGTH, &ok); --- 578,591 ---- SSL_CIPHER *c; STACK *ciphers=NULL; + if (s->state == SSL3_ST_SR_CLNT_HELLO_A) + { + s->first_packet=1; + s->state=SSL3_ST_SR_CLNT_HELLO_B; + } n=ssl3_get_message(s, SSL3_ST_SR_CLNT_HELLO_B, + SSL3_ST_SR_CLNT_HELLO_C, SSL3_MT_CLIENT_HELLO, SSL3_RT_MAX_PLAIN_LENGTH, &ok); *************** *** 587,593 **** if (!ok) return((int)n); d=p=(unsigned char *)s->init_buf->data; ! if ((p[0] != SSL3_VERSION_MAJOR) && (p[1] != SSL3_VERSION_MINOR)) { SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_WRONG_SSL_VERSION); goto err; --- 593,599 ---- if (!ok) return((int)n); d=p=(unsigned char *)s->init_buf->data; ! if (p[0] != SSL3_VERSION_MAJOR) { SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_WRONG_SSL_VERSION); goto err; *************** *** 1228,1240 **** } i=RSA_private_decrypt((int)n,p,p,rsa,RSA_PKCS1_PADDING); ! ! if (i <= 0) { ! al=SSL3_AD_HANDSHAKE_FAILURE; SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_DECRYPT); goto f_err; } s->session->master_key_length= ssl3_generate_master_secret(s, --- 1234,1265 ---- } i=RSA_private_decrypt((int)n,p,p,rsa,RSA_PKCS1_PADDING); ! #if 1 ! /* If a bad decrypt, use a dud master key */ ! if ((i != SSL_MAX_MASTER_KEY_LENGTH) || ! (p[0] != 3) || ! (p[1] != 0)) ! { ! p[0]=3; ! p[1]=0; ! memset(&(p[2]),0x5c,SSL_MAX_MASTER_KEY_LENGTH-2); ! i=SSL_MAX_MASTER_KEY_LENGTH; ! } ! #else ! if (i != SSL_MAX_MASTER_KEY_LENGTH) { ! al=SSL_AD_DECODE_ERROR; SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_DECRYPT); goto f_err; } + + if ((p[0] != (s->version>>8)) || (p[1] != (s->version & 0xff))) + { + al=SSL_AD_DECODE_ERROR; + SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_PROTOCOL_VERSION_NUMBER); + goto f_err; + } + #endif s->session->master_key_length= ssl3_generate_master_secret(s, diff -c -b -B -r -P SSLeay-0.8.1.old/ssl/ssl.h SSLeay-0.8.1/ssl/ssl.h *** SSLeay-0.8.1.old/ssl/ssl.h Sat Jul 19 04:15:58 1997 --- SSLeay-0.8.1/ssl/ssl.h Tue Jun 23 16:33:35 1998 *************** *** 515,520 **** --- 515,522 ---- /* for server side, keep the list of CA_dn we can use */ STACK /* X509_NAME */ *client_CA; + + int first_packet; } SSL; #include "ssl2.h" diff -c -b -B -r -P SSLeay-0.8.1.old/ssl/ssl3.h SSLeay-0.8.1/ssl/ssl3.h *** SSLeay-0.8.1.old/ssl/ssl3.h Sat Jul 19 04:15:58 1997 --- SSLeay-0.8.1/ssl/ssl3.h Tue Jun 23 16:40:05 1998 *************** *** 355,360 **** --- 355,361 ---- /* read from client */ #define SSL3_ST_SR_CLNT_HELLO_A (0x110|SSL_ST_ACCEPT) #define SSL3_ST_SR_CLNT_HELLO_B (0x111|SSL_ST_ACCEPT) + #define SSL3_ST_SR_CLNT_HELLO_C (0x112|SSL_ST_ACCEPT) /* write to client */ #define SSL3_ST_SW_HELLO_REQ_A (0x120|SSL_ST_ACCEPT) #define SSL3_ST_SW_HELLO_REQ_B (0x121|SSL_ST_ACCEPT) diff -c -b -B -r -P SSLeay-0.8.1.old/ssl/ssl_lib.c SSLeay-0.8.1/ssl/ssl_lib.c *** SSLeay-0.8.1.old/ssl/ssl_lib.c Sat Jul 19 04:15:58 1997 --- SSLeay-0.8.1/ssl/ssl_lib.c Wed Jun 24 11:15:16 1998 *************** *** 67,73 **** static unsigned long conn_hash(); #endif ! char *SSL_version_str="SSLeay 0.8.1 19-Jul-1997"; void SSL_clear(s) SSL *s; --- 67,73 ---- static unsigned long conn_hash(); #endif ! char *SSL_version_str="SSLeay 0.8.1b 29-Jun-1998"; void SSL_clear(s) SSL *s; *************** *** 109,114 **** --- 109,115 ---- } s->shutdown=(SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); + s->first_packet=0; s->method->ssl_clear(s); } diff -c -b -B -r -P SSLeay-0.8.1.old/ssl/ssl_stat.c SSLeay-0.8.1/ssl/ssl_stat.c *** SSLeay-0.8.1.old/ssl/ssl_stat.c Sat Jul 19 04:15:58 1997 --- SSLeay-0.8.1/ssl/ssl_stat.c Tue Jun 23 16:40:21 1998 *************** *** 159,164 **** --- 159,165 ---- case SSL3_ST_SR_CLNT_HELLO_A: str="SSLv3 read client hello A"; break; case SSL3_ST_SR_CLNT_HELLO_B: str="SSLv3 read client hello B"; break; + case SSL3_ST_SR_CLNT_HELLO_C: str="SSLv3 read client hello C"; break; case SSL3_ST_SW_HELLO_REQ_A: str="SSLv3 write hello request A"; break; case SSL3_ST_SW_HELLO_REQ_B: str="SSLv3 write hello request B"; break; case SSL3_ST_SW_HELLO_REQ_C: str="SSLv3 write hello request C"; break; *************** *** 308,313 **** --- 309,315 ---- case SSL3_ST_SW_HELLO_REQ_C: str="3WHR_C"; break; case SSL3_ST_SR_CLNT_HELLO_A: str="3RCH_A"; break; case SSL3_ST_SR_CLNT_HELLO_B: str="3RCH_B"; break; + case SSL3_ST_SR_CLNT_HELLO_C: str="3RCH_C"; break; case SSL3_ST_SW_SRVR_HELLO_A: str="3WSH_A"; break; case SSL3_ST_SW_SRVR_HELLO_B: str="3WSH_B"; break; case SSL3_ST_SW_CERT_A: str="3WSC_A"; break;