This patch fixes the PKCS#1 padding attack To apply, cd into the SSLeay 0.6.6 directory and run patch -p1 -l < SSLeay-066-066b.patch diff -c -b -B -r -P SSLeay-0.6.6.old/Makefile.ssl SSLeay-0.6.6/Makefile.ssl *** SSLeay-0.6.6.old/Makefile.ssl Fri Jun 26 17:10:55 1998 --- SSLeay-0.6.6/Makefile.ssl Fri Jun 26 17:10:41 1998 *************** *** 1,6 **** # # Makefile for all the SSL related library routines and utilities ! VERSION = 0.6.6 # # make install will install: # libraries into $INSTALLTOP/lib --- 1,6 ---- # # Makefile for all the SSL related library routines and utilities ! VERSION = 0.6.6b # # make install will install: # libraries into $INSTALLTOP/lib diff -c -b -B -r -P SSLeay-0.6.6.old/README SSLeay-0.6.6/README *** SSLeay-0.6.6.old/README Tue Jan 14 01:03:17 1997 --- SSLeay-0.6.6/README Wed Jun 24 11:15:50 1998 *************** *** 1,4 **** ! SSLeay 0.6.6 14-Jan-1997 Copyright (c) 1997, Eric Young All rights reserved. --- 1,4 ---- ! SSLeay 0.6.6b 29-Jun-1998 Copyright (c) 1997, Eric Young All rights reserved. diff -c -b -B -r -P SSLeay-0.6.6.old/crypto/asn1/asn1_lib.c SSLeay-0.6.6/crypto/asn1/asn1_lib.c *** SSLeay-0.6.6.old/crypto/asn1/asn1_lib.c Tue Jan 14 01:03:16 1997 --- SSLeay-0.6.6/crypto/asn1/asn1_lib.c Wed Jun 24 11:15:50 1998 *************** *** 68,74 **** static void asn1_put_length(); #endif ! char *ASN1_version="ASN1 part of SSLeay 0.6.6 14-Jan-1997"; int ASN1_check_infinite_end(p,len) unsigned char **p; --- 68,74 ---- static void asn1_put_length(); #endif ! char *ASN1_version="ASN1 part of SSLeay 0.6.6b 29-Jun-1998"; int ASN1_check_infinite_end(p,len) unsigned char **p; diff -c -b -B -r -P SSLeay-0.6.6.old/crypto/bf/bf_ecb.c SSLeay-0.6.6/crypto/bf/bf_ecb.c *** SSLeay-0.6.6.old/crypto/bf/bf_ecb.c Tue Jan 14 01:03:16 1997 --- SSLeay-0.6.6/crypto/bf/bf_ecb.c Wed Jun 24 11:15:49 1998 *************** *** 64,70 **** * CAMBRIDGE SECURITY WORKSHOP, CAMBRIDGE, U.K., DECEMBER 9-11, 1993) */ ! char *BF_version="BlowFish part of SSLeay 0.6.6 14-Jan-1997"; char *BF_options() { --- 64,70 ---- * CAMBRIDGE SECURITY WORKSHOP, CAMBRIDGE, U.K., DECEMBER 9-11, 1993) */ ! char *BF_version="BlowFish part of SSLeay 0.6.6b 29-Jun-1998"; char *BF_options() { diff -c -b -B -r -P SSLeay-0.6.6.old/crypto/bn/bn_lib.c SSLeay-0.6.6/crypto/bn/bn_lib.c *** SSLeay-0.6.6.old/crypto/bn/bn_lib.c Tue Jan 14 01:03:16 1997 --- SSLeay-0.6.6/crypto/bn/bn_lib.c Wed Jun 24 11:15:49 1998 *************** *** 60,66 **** #include "cryptlib.h" #include "bn.h" ! char *BN_version="Big Number part of SSLeay 0.6.6 14-Jan-1997"; static BN_ULONG data_one=1L; static BIGNUM const_one={&data_one,1,1,0}; --- 60,66 ---- #include "cryptlib.h" #include "bn.h" ! char *BN_version="Big Number part of SSLeay 0.6.6b 29-Jun-1998"; static BN_ULONG data_one=1L; static BIGNUM const_one={&data_one,1,1,0}; diff -c -b -B -r -P SSLeay-0.6.6.old/crypto/conf/conf.c SSLeay-0.6.6/crypto/conf/conf.c *** SSLeay-0.6.6.old/crypto/conf/conf.c Tue Jan 14 01:03:16 1997 --- SSLeay-0.6.6/crypto/conf/conf.c Wed Jun 24 11:15:49 1998 *************** *** 95,101 **** #define scan_esc(p) ((*(++p) == '\0')?(p):(++p)) ! char *CONF_version="CONF part of SSLeay 0.6.6 14-Jan-1997"; LHASH *CONF_load(h,file,line) LHASH *h; --- 95,101 ---- #define scan_esc(p) ((*(++p) == '\0')?(p):(++p)) ! char *CONF_version="CONF part of SSLeay 0.6.6b 29-Jun-1998"; LHASH *CONF_load(h,file,line) LHASH *h; diff -c -b -B -r -P SSLeay-0.6.6.old/crypto/cryptlib.c SSLeay-0.6.6/crypto/cryptlib.c *** SSLeay-0.6.6.old/crypto/cryptlib.c Tue Jan 14 01:03:17 1997 --- SSLeay-0.6.6/crypto/cryptlib.c Wed Jun 24 11:15:50 1998 *************** *** 107,113 **** int t; { if (t == SSLEAY_VERSION) ! return("SSLeay 0.6.6 14-Jan-1997"); if (t == SSLEAY_OPTIONS) { static char buf[100]; --- 107,113 ---- int t; { if (t == SSLEAY_VERSION) ! return("SSLeay 0.6.6b 29-Jun-1998"); if (t == SSLEAY_OPTIONS) { static char buf[100]; diff -c -b -B -r -P SSLeay-0.6.6.old/crypto/des/ecb_enc.c SSLeay-0.6.6/crypto/des/ecb_enc.c *** SSLeay-0.6.6.old/crypto/des/ecb_enc.c Tue Jan 14 03:12:02 1997 --- SSLeay-0.6.6/crypto/des/ecb_enc.c Wed Jun 24 11:15:48 1998 *************** *** 60,66 **** #include "spr.h" char *libdes_version="libdes v 4.01 - 14-Jan-1997 - eay"; ! char *DES_version="DES part of SSLeay 0.6.6 14-Jan-1997"; char *des_options() { --- 60,66 ---- #include "spr.h" char *libdes_version="libdes v 4.01 - 14-Jan-1997 - eay"; ! char *DES_version="DES part of SSLeay 0.6.6b 29-Jun-1998"; char *des_options() { diff -c -b -B -r -P SSLeay-0.6.6.old/crypto/dh/dh_lib.c SSLeay-0.6.6/crypto/dh/dh_lib.c *** SSLeay-0.6.6.old/crypto/dh/dh_lib.c Tue Jan 14 01:03:16 1997 --- SSLeay-0.6.6/crypto/dh/dh_lib.c Wed Jun 24 11:15:49 1998 *************** *** 61,67 **** #include "bn.h" #include "dh.h" ! char *DH_version="Diffie-Hellman part of SSLeay 0.6.6 14-Jan-1997"; DH *DH_new() { --- 61,67 ---- #include "bn.h" #include "dh.h" ! char *DH_version="Diffie-Hellman part of SSLeay 0.6.6b 29-Jun-1998"; DH *DH_new() { diff -c -b -B -r -P SSLeay-0.6.6.old/crypto/dsa/dsa_lib.c SSLeay-0.6.6/crypto/dsa/dsa_lib.c *** SSLeay-0.6.6.old/crypto/dsa/dsa_lib.c Tue Jan 14 01:03:16 1997 --- SSLeay-0.6.6/crypto/dsa/dsa_lib.c Wed Jun 24 11:15:49 1998 *************** *** 64,70 **** #include "dsa.h" #include "asn1.h" ! char *DSA_version="\0DSA part of SSLeay 0.6.6 14-Jan-1997"; DSA *DSA_new() { --- 64,70 ---- #include "dsa.h" #include "asn1.h" ! char *DSA_version="\0DSA part of SSLeay 0.6.6b 29-Jun-1998"; DSA *DSA_new() { diff -c -b -B -r -P SSLeay-0.6.6.old/crypto/evp/evp_enc.c SSLeay-0.6.6/crypto/evp/evp_enc.c *** SSLeay-0.6.6.old/crypto/evp/evp_enc.c Tue Jan 14 01:03:17 1997 --- SSLeay-0.6.6/crypto/evp/evp_enc.c Wed Jun 24 11:15:50 1998 *************** *** 60,66 **** #include "cryptlib.h" #include "envelope.h" ! char *EVP_version="EVP part of SSLeay 0.6.6 14-Jan-1997"; void EVP_CipherInit(ctx,data,key,iv,enc) EVP_CIPHER_CTX *ctx; --- 60,66 ---- #include "cryptlib.h" #include "envelope.h" ! char *EVP_version="EVP part of SSLeay 0.6.6b 29-Jun-1998"; void EVP_CipherInit(ctx,data,key,iv,enc) EVP_CIPHER_CTX *ctx; diff -c -b -B -r -P SSLeay-0.6.6.old/crypto/idea/i_ecb.c SSLeay-0.6.6/crypto/idea/i_ecb.c *** SSLeay-0.6.6.old/crypto/idea/i_ecb.c Tue Jan 14 01:03:15 1997 --- SSLeay-0.6.6/crypto/idea/i_ecb.c Wed Jun 24 11:15:49 1998 *************** *** 59,65 **** #include "idea.h" #include "idea_lcl.h" ! char *IDEA_version="IDEA part of SSLeay 0.6.6 14-Jan-1997"; char *idea_options() { --- 59,65 ---- #include "idea.h" #include "idea_lcl.h" ! char *IDEA_version="IDEA part of SSLeay 0.6.6b 29-Jun-1998"; char *idea_options() { diff -c -b -B -r -P SSLeay-0.6.6.old/crypto/lhash/lhash.c SSLeay-0.6.6/crypto/lhash/lhash.c *** SSLeay-0.6.6.old/crypto/lhash/lhash.c Tue Jan 14 01:03:16 1997 --- SSLeay-0.6.6/crypto/lhash/lhash.c Wed Jun 24 11:15:49 1998 *************** *** 56,62 **** * [including the GNU Public Licence.] */ ! char *lh_version="lhash part of SSLeay 0.6.6 14-Jan-1997"; /* Code for dynamic hash table routines * Author - Eric Young v 2.0 --- 56,62 ---- * [including the GNU Public Licence.] */ ! char *lh_version="lhash part of SSLeay 0.6.6b 29-Jun-1998"; /* Code for dynamic hash table routines * Author - Eric Young v 2.0 diff -c -b -B -r -P SSLeay-0.6.6.old/crypto/md/md2_dgst.c SSLeay-0.6.6/crypto/md/md2_dgst.c *** SSLeay-0.6.6.old/crypto/md/md2_dgst.c Tue Jan 14 01:03:16 1997 --- SSLeay-0.6.6/crypto/md/md2_dgst.c Wed Jun 24 11:15:49 1998 *************** *** 61,67 **** #include #include "md2.h" ! char *MD2_version="MD2 part of SSLeay 0.6.6 14-Jan-1997"; /* Implemented from RFC1319 The MD2 Message-Digest Algorithm */ --- 61,67 ---- #include #include "md2.h" ! char *MD2_version="MD2 part of SSLeay 0.6.6b 29-Jun-1998"; /* Implemented from RFC1319 The MD2 Message-Digest Algorithm */ diff -c -b -B -r -P SSLeay-0.6.6.old/crypto/md/md5_dgst.c SSLeay-0.6.6/crypto/md/md5_dgst.c *** SSLeay-0.6.6.old/crypto/md/md5_dgst.c Tue Jan 14 01:03:16 1997 --- SSLeay-0.6.6/crypto/md/md5_dgst.c Wed Jun 24 11:15:49 1998 *************** *** 59,65 **** #include #include "md5_locl.h" ! char *MD5_version="MD5 part of SSLeay 0.6.6 14-Jan-1997"; /* Implemented from RFC1321 The MD5 Message-Digest Algorithm */ --- 59,65 ---- #include #include "md5_locl.h" ! char *MD5_version="MD5 part of SSLeay 0.6.6b 29-Jun-1998"; /* Implemented from RFC1321 The MD5 Message-Digest Algorithm */ diff -c -b -B -r -P SSLeay-0.6.6.old/crypto/pem/pem_lib.c SSLeay-0.6.6/crypto/pem/pem_lib.c *** SSLeay-0.6.6.old/crypto/pem/pem_lib.c Tue Jan 14 01:03:16 1997 --- SSLeay-0.6.6/crypto/pem/pem_lib.c Wed Jun 24 11:15:49 1998 *************** *** 71,77 **** #include "des.h" #endif ! char *PEM_version="PEM part of SSLeay 0.6.6 14-Jan-1997"; #define MIN_LENGTH 4 --- 71,77 ---- #include "des.h" #endif ! char *PEM_version="PEM part of SSLeay 0.6.6b 29-Jun-1998"; #define MIN_LENGTH 4 diff -c -b -B -r -P SSLeay-0.6.6.old/crypto/rand/md5_rand.c SSLeay-0.6.6/crypto/rand/md5_rand.c *** SSLeay-0.6.6.old/crypto/rand/md5_rand.c Tue Jan 14 01:03:17 1997 --- SSLeay-0.6.6/crypto/rand/md5_rand.c Wed Jun 24 11:15:50 1998 *************** *** 82,88 **** static unsigned char md[MD5_DIGEST_LENGTH]; static int count=0; ! char *RAND_version="RAND part of SSLeay 0.6.6 14-Jan-1997"; void RAND_cleanup() { --- 82,88 ---- static unsigned char md[MD5_DIGEST_LENGTH]; static int count=0; ! char *RAND_version="RAND part of SSLeay 0.6.6b 29-Jun-1998"; void RAND_cleanup() { diff -c -b -B -r -P SSLeay-0.6.6.old/crypto/rc2/rc2_ecb.c SSLeay-0.6.6/crypto/rc2/rc2_ecb.c *** SSLeay-0.6.6.old/crypto/rc2/rc2_ecb.c Tue Jan 14 01:03:16 1997 --- SSLeay-0.6.6/crypto/rc2/rc2_ecb.c Wed Jun 24 11:15:49 1998 *************** *** 59,65 **** #include "rc2.h" #include "rc2_locl.h" ! char *RC2_version="RC2 part of SSLeay 0.6.6 14-Jan-1997"; /* RC2 as implemented frm a posting from * Newsgroups: sci.crypt --- 59,65 ---- #include "rc2.h" #include "rc2_locl.h" ! char *RC2_version="RC2 part of SSLeay 0.6.6b 29-Jun-1998"; /* RC2 as implemented frm a posting from * Newsgroups: sci.crypt diff -c -b -B -r -P SSLeay-0.6.6.old/crypto/rc4/rc4_enc.c SSLeay-0.6.6/crypto/rc4/rc4_enc.c *** SSLeay-0.6.6.old/crypto/rc4/rc4_enc.c Fri Jun 26 17:10:55 1998 --- SSLeay-0.6.6/crypto/rc4/rc4_enc.c Fri Jun 26 17:10:41 1998 *************** *** 58,64 **** * speedup on x86 */ #undef RC4_INDEX ! char *RC4_version="RC4 part of SSLeay 0.6.6 14-Jan-1997"; char *RC4_options() { --- 58,64 ---- * speedup on x86 */ #undef RC4_INDEX ! char *RC4_version="RC4 part of SSLeay 0.6.6b 29-Jun-1998"; char *RC4_options() { diff -c -b -B -r -P SSLeay-0.6.6.old/crypto/rc4/rc4_enc.org SSLeay-0.6.6/crypto/rc4/rc4_enc.org *** SSLeay-0.6.6.old/crypto/rc4/rc4_enc.org Tue Jan 14 01:03:16 1997 --- SSLeay-0.6.6/crypto/rc4/rc4_enc.org Wed Jun 24 11:15:49 1998 *************** *** 58,64 **** * speedup on x86 */ #undef RC4_INDEX ! char *RC4_version="RC4 part of SSLeay 0.6.6 14-Jan-1997"; char *RC4_options() { --- 58,64 ---- * speedup on x86 */ #undef RC4_INDEX ! char *RC4_version="RC4 part of SSLeay 0.6.6b 29-Jun-1998"; char *RC4_options() { diff -c -b -B -r -P SSLeay-0.6.6.old/crypto/rsa/rsa_lib.c SSLeay-0.6.6/crypto/rsa/rsa_lib.c *** SSLeay-0.6.6.old/crypto/rsa/rsa_lib.c Tue Jan 14 01:03:16 1997 --- SSLeay-0.6.6/crypto/rsa/rsa_lib.c Wed Jun 24 11:15:49 1998 *************** *** 61,67 **** #include "bn.h" #include "rsa.h" ! char *RSA_version="RSA part of SSLeay 0.6.6 14-Jan-1997"; RSA *RSA_new() { --- 61,67 ---- #include "bn.h" #include "rsa.h" ! char *RSA_version="RSA part of SSLeay 0.6.6b 29-Jun-1998"; RSA *RSA_new() { diff -c -b -B -r -P SSLeay-0.6.6.old/crypto/sha/sha1dgst.c SSLeay-0.6.6/crypto/sha/sha1dgst.c *** SSLeay-0.6.6.old/crypto/sha/sha1dgst.c Tue Jan 14 01:03:16 1997 --- SSLeay-0.6.6/crypto/sha/sha1dgst.c Wed Jun 24 11:15:49 1998 *************** *** 62,68 **** #include "sha.h" #include "sha_locl.h" ! char *SHA1_version="SHA1 part of SSLeay 0.6.6 14-Jan-1997"; /* Implemented from SHA-1 document - The Secure Hash Algorithm */ --- 62,68 ---- #include "sha.h" #include "sha_locl.h" ! char *SHA1_version="SHA1 part of SSLeay 0.6.6b 29-Jun-1998"; /* Implemented from SHA-1 document - The Secure Hash Algorithm */ diff -c -b -B -r -P SSLeay-0.6.6.old/crypto/sha/sha_dgst.c SSLeay-0.6.6/crypto/sha/sha_dgst.c *** SSLeay-0.6.6.old/crypto/sha/sha_dgst.c Tue Jan 14 01:03:16 1997 --- SSLeay-0.6.6/crypto/sha/sha_dgst.c Wed Jun 24 11:15:50 1998 *************** *** 62,68 **** #include "sha.h" #include "sha_locl.h" ! char *SHA_version="SHA part of SSLeay 0.6.6 14-Jan-1997"; /* Implemented from SHA document - The Secure Hash Algorithm */ --- 62,68 ---- #include "sha.h" #include "sha_locl.h" ! char *SHA_version="SHA part of SSLeay 0.6.6b 29-Jun-1998"; /* Implemented from SHA document - The Secure Hash Algorithm */ diff -c -b -B -r -P SSLeay-0.6.6.old/crypto/stack/stack.c SSLeay-0.6.6/crypto/stack/stack.c *** SSLeay-0.6.6.old/crypto/stack/stack.c Tue Jan 14 01:03:17 1997 --- SSLeay-0.6.6/crypto/stack/stack.c Wed Jun 24 11:15:50 1998 *************** *** 69,75 **** #undef MIN_NODES #define MIN_NODES 4 ! char *STACK_version="STACK part of SSLeay 0.6.6 14-Jan-1997"; #ifndef NOPROTO #define FP_ICC (int (*)(const void *,const void *)) --- 69,75 ---- #undef MIN_NODES #define MIN_NODES 4 ! char *STACK_version="STACK part of SSLeay 0.6.6b 29-Jun-1998"; #ifndef NOPROTO #define FP_ICC (int (*)(const void *,const void *)) diff -c -b -B -r -P SSLeay-0.6.6.old/crypto/txt_db/txt_db.c SSLeay-0.6.6/crypto/txt_db/txt_db.c *** SSLeay-0.6.6.old/crypto/txt_db/txt_db.c Tue Jan 14 01:03:17 1997 --- SSLeay-0.6.6/crypto/txt_db/txt_db.c Wed Jun 24 11:15:50 1998 *************** *** 66,72 **** #undef BUFSIZE #define BUFSIZE 512 ! char *TXT_DB_version="TXT_DB part of SSLeay 0.6.6 14-Jan-1997"; TXT_DB *TXT_DB_read(in,num) BIO *in; --- 66,72 ---- #undef BUFSIZE #define BUFSIZE 512 ! char *TXT_DB_version="TXT_DB part of SSLeay 0.6.6b 29-Jun-1998"; TXT_DB *TXT_DB_read(in,num) BIO *in; diff -c -b -B -r -P SSLeay-0.6.6.old/crypto/x509/x509_vrf.c SSLeay-0.6.6/crypto/x509/x509_vrf.c *** SSLeay-0.6.6.old/crypto/x509/x509_vrf.c Tue Jan 14 01:03:17 1997 --- SSLeay-0.6.6/crypto/x509/x509_vrf.c Wed Jun 24 11:15:50 1998 *************** *** 86,92 **** static int null_callback(); #endif ! char *X509_version="X509 part of SSLeay 0.6.6 14-Jan-1997"; int X509_add_cert_file(ctx,file, type) CERTIFICATE_CTX *ctx; --- 86,92 ---- static int null_callback(); #endif ! char *X509_version="X509 part of SSLeay 0.6.6b 29-Jun-1998"; int X509_add_cert_file(ctx,file, type) CERTIFICATE_CTX *ctx; diff -c -b -B -r -P SSLeay-0.6.6.old/ssl/s2_srvr.c SSLeay-0.6.6/ssl/s2_srvr.c *** SSLeay-0.6.6.old/ssl/s2_srvr.c Mon Jan 13 18:05:51 1997 --- SSLeay-0.6.6/ssl/s2_srvr.c Fri Jun 26 16:04:12 1998 *************** *** 407,415 **** --- 407,426 ---- SSL_TRACE(SSL_ERR,"RSA decrypt error - i=%d enc_bits=%d\n",i, s->session->cipher->enc_bits/8); #endif + /* If there is an rsa error, don't report it, + * the MAC will fail later - eay 23-Jun-98 + */ + if (j == 0) + i=s->session->cipher->key_size; + else + i=j; + /* Set the key to a dud value */ + RAND_bytes(p,i); + /* ssl_return_error(s,SSL_PE_UNDEFINED_ERROR); SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_BAD_RSA_DECRYPT); return(-1); + */ } i+=s->tmp.clear; s->session->master_key_length=i; diff -c -b -B -r -P SSLeay-0.6.6.old/ssl/ssl_lib.c SSLeay-0.6.6/ssl/ssl_lib.c *** SSLeay-0.6.6.old/ssl/ssl_lib.c Tue Jan 14 01:03:17 1997 --- SSLeay-0.6.6/ssl/ssl_lib.c Wed Jun 24 11:15:50 1998 *************** *** 62,68 **** #define MD5_MAC_SIZE 16 #define SHA_MAC_SIZE 20 ! char *SSL_version="SSLeay 0.6.6 14-Jan-1997"; /* THIS ARRAY MUST BE KEPT ORDERED BY c1, c2 and c3. * basically the second last 'value' which is a #define for these 3 --- 62,68 ---- #define MD5_MAC_SIZE 16 #define SHA_MAC_SIZE 20 ! char *SSL_version="SSLeay 0.6.6b 29-Jun-1998"; /* THIS ARRAY MUST BE KEPT ORDERED BY c1, c2 and c3. * basically the second last 'value' which is a #define for these 3