(0b4c91c0) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

crypto/asn1/asn1.h

+2 −0

Original line number	Diff line number	Diff line
		@@ -440,6 +440,8 @@ typedef const ASN1_ITEM * ASN1_ITEM_EXP(void);
		DECLARE_STACK_OF(ASN1_INTEGER)
		DECLARE_ASN1_SET_OF(ASN1_INTEGER)

		DECLARE_STACK_OF(ASN1_GENERALSTRING)

		typedef struct asn1_type_st
		{
		int type;

crypto/stack/safestack.h

+20 −0

Original line number	Diff line number	Diff line
		@@ -224,6 +224,26 @@ STACK_OF(type) \
		#define sk_ACCESS_DESCRIPTION_pop(st) SKM_sk_pop(ACCESS_DESCRIPTION, (st))
		#define sk_ACCESS_DESCRIPTION_sort(st) SKM_sk_sort(ACCESS_DESCRIPTION, (st))

		#define sk_ASN1_GENERALSTRING_new(st) SKM_sk_new(ASN1_GENERALSTRING, (st))
		#define sk_ASN1_GENERALSTRING_new_null() SKM_sk_new_null(ASN1_GENERALSTRING)
		#define sk_ASN1_GENERALSTRING_free(st) SKM_sk_free(ASN1_GENERALSTRING, (st))
		#define sk_ASN1_GENERALSTRING_num(st) SKM_sk_num(ASN1_GENERALSTRING, (st))
		#define sk_ASN1_GENERALSTRING_value(st, i) SKM_sk_value(ASN1_GENERALSTRING, (st), (i))
		#define sk_ASN1_GENERALSTRING_set(st, i, val) SKM_sk_set(ASN1_GENERALSTRING, (st), (i), (val))
		#define sk_ASN1_GENERALSTRING_zero(st) SKM_sk_zero(ASN1_GENERALSTRING, (st))
		#define sk_ASN1_GENERALSTRING_push(st, val) SKM_sk_push(ASN1_GENERALSTRING, (st), (val))
		#define sk_ASN1_GENERALSTRING_unshift(st, val) SKM_sk_unshift(ASN1_GENERALSTRING, (st), (val))
		#define sk_ASN1_GENERALSTRING_find(st, val) SKM_sk_find(ASN1_GENERALSTRING, (st), (val))
		#define sk_ASN1_GENERALSTRING_delete(st, i) SKM_sk_delete(ASN1_GENERALSTRING, (st), (i))
		#define sk_ASN1_GENERALSTRING_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_GENERALSTRING, (st), (ptr))
		#define sk_ASN1_GENERALSTRING_insert(st, val, i) SKM_sk_insert(ASN1_GENERALSTRING, (st), (val), (i))
		#define sk_ASN1_GENERALSTRING_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_GENERALSTRING, (st), (cmp))
		#define sk_ASN1_GENERALSTRING_dup(st) SKM_sk_dup(ASN1_GENERALSTRING, st)
		#define sk_ASN1_GENERALSTRING_pop_free(st, free_func) SKM_sk_pop_free(ASN1_GENERALSTRING, (st), (free_func))
		#define sk_ASN1_GENERALSTRING_shift(st) SKM_sk_shift(ASN1_GENERALSTRING, (st))
		#define sk_ASN1_GENERALSTRING_pop(st) SKM_sk_pop(ASN1_GENERALSTRING, (st))
		#define sk_ASN1_GENERALSTRING_sort(st) SKM_sk_sort(ASN1_GENERALSTRING, (st))

		#define sk_ASN1_INTEGER_new(st) SKM_sk_new(ASN1_INTEGER, (st))
		#define sk_ASN1_INTEGER_new_null() SKM_sk_new_null(ASN1_INTEGER)
		#define sk_ASN1_INTEGER_free(st) SKM_sk_free(ASN1_INTEGER, (st))

ssl/kssl.c

+11 −12

Original line number	Diff line number	Diff line
		@@ -793,7 +793,7 @@ char
		** Return NULL for unknown or problematic (krb5_dk_encrypt) enctypes.
		** Assume ENCTYPE_*_RAW (krb5_raw_encrypt) are OK.
		*/
		EVP_CIPHER *
		const EVP_CIPHER *
		kssl_map_enc(krb5_enctype enctype)
		{
		switch (enctype)
		@@ -803,14 +803,14 @@ kssl_map_enc(krb5_enctype enctype)
		case ENCTYPE_DES_CBC_MD4:
		case ENCTYPE_DES_CBC_MD5:
		case ENCTYPE_DES_CBC_RAW:
		return (EVP_CIPHER *) EVP_des_cbc();
		return EVP_des_cbc();
		break;
		case ENCTYPE_DES3_CBC_SHA1: /* EVP_des_ede3_cbc(); */
		case ENCTYPE_DES3_CBC_SHA:
		case ENCTYPE_DES3_CBC_RAW:
		return (EVP_CIPHER *) EVP_des_ede3_cbc();
		return EVP_des_ede3_cbc();
		break;
		default: return (EVP_CIPHER *) NULL;
		default: return NULL;
		break;
		}
		}
		@@ -1221,8 +1221,7 @@ kssl_TKT2tkt( /* IN */ krb5_context krb5context,

		if (asn1ticket == NULL \|\| asn1ticket->realm == NULL \|\|
		asn1ticket->sname == NULL \|\|
		asn1ticket->sname->namestring == NULL \|\|
		asn1ticket->sname->namestring->num < 2)
		sk_ASN1_GENERALSTRING_num(asn1ticket->sname->namestring) < 2)
		{
		BIO_snprintf(kssl_err->text, KSSL_ERR_MAX,
		"Null field in asn1ticket.\n");
		@@ -1238,14 +1237,14 @@ kssl_TKT2tkt( /* IN */ krb5_context krb5context,
		return ENOMEM; /* or KRB5KRB_ERR_GENERIC; */
		}

		gstr_svc = (ASN1_GENERALSTRING*)asn1ticket->sname->namestring->data[0];
		gstr_host = (ASN1_GENERALSTRING*)asn1ticket->sname->namestring->data[1];
		gstr_svc = sk_ASN1_GENERALSTRING_value(asn1ticket->sname->namestring, 0);
		gstr_host = sk_ASN1_GENERALSTRING_value(asn1ticket->sname->namestring, 1);

		if ((krb5rc = kssl_build_principal_2(krb5context,
		&new5ticket->server,
		asn1ticket->realm->length, asn1ticket->realm->data,
		gstr_svc->length, gstr_svc->data,
		gstr_host->length, gstr_host->data)) != 0)
		asn1ticket->realm->length, (char *)asn1ticket->realm->data,
		gstr_svc->length, (char *)gstr_svc->data,
		gstr_host->length, (char *)gstr_host->data)) != 0)
		{
		free(new5ticket);
		BIO_snprintf(kssl_err->text, KSSL_ERR_MAX,
		@@ -1965,7 +1964,7 @@ krb5_error_code kssl_check_authent(
		KRB5_AUTHENTBODY *auth = NULL;
		krb5_enctype enctype;
		EVP_CIPHER_CTX ciph_ctx;
		EVP_CIPHER *enc = NULL;
		const EVP_CIPHER *enc = NULL;
		unsigned char iv[EVP_MAX_IV_LENGTH];
		unsigned char p, unenc_authent;
		int padl, outl, unencbufsize;

ssl/s3_srvr.c

+4 −4

Original line number	Diff line number	Diff line
		@@ -1561,17 +1561,17 @@ static int ssl3_get_client_key_exchange(SSL *s)

		n2s(p,i);
		enc_ticket.length = i;
		enc_ticket.data = p;
		enc_ticket.data = (char *)p;
		p+=enc_ticket.length;

		n2s(p,i);
		authenticator.length = i;
		authenticator.data = p;
		authenticator.data = (char *)p;
		p+=authenticator.length;

		n2s(p,i);
		enc_pms.length = i;
		enc_pms.data = p;
		enc_pms.data = (char *)p;
		p+=enc_pms.length;

		if ((unsigned long)n != enc_ticket.length + authenticator.length +
		@@ -1636,7 +1636,7 @@ static int ssl3_get_client_key_exchange(SSL *s)
		goto err;
		}
		if (!EVP_DecryptUpdate(&ciph_ctx, pms,&outl,
		enc_pms.data, enc_pms.length))
		(unsigned char *)enc_pms.data, enc_pms.length))
		{
		SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
		SSL_R_DECRYPTION_FAILED);