aboutsummaryrefslogtreecommitdiff
path: root/openssl/bugs
diff options
context:
space:
mode:
Diffstat (limited to 'openssl/bugs')
-rw-r--r--openssl/bugs/MS7
-rw-r--r--openssl/bugs/SSLv349
-rw-r--r--openssl/bugs/alpha.c91
-rw-r--r--openssl/bugs/dggccbug.c45
-rw-r--r--openssl/bugs/sgiccbug.c57
-rw-r--r--openssl/bugs/sslref.dif26
-rw-r--r--openssl/bugs/stream.c131
-rw-r--r--openssl/bugs/ultrixcc.c45
8 files changed, 451 insertions, 0 deletions
diff --git a/openssl/bugs/MS b/openssl/bugs/MS
new file mode 100644
index 000000000..a1dcfb90d
--- /dev/null
+++ b/openssl/bugs/MS
@@ -0,0 +1,7 @@
+If you use the function that does an fopen inside the DLL, it's malloc
+will be used and when the function is then written inside, more
+hassles
+....
+
+
+think about it.
diff --git a/openssl/bugs/SSLv3 b/openssl/bugs/SSLv3
new file mode 100644
index 000000000..a75a1652d
--- /dev/null
+++ b/openssl/bugs/SSLv3
@@ -0,0 +1,49 @@
+So far...
+
+ssl3.netscape.com:443 does not support client side dynamic
+session-renegotiation.
+
+ssl3.netscape.com:444 (asks for client cert) sends out all the CA RDN
+in an invalid format (the outer sequence is removed).
+
+Netscape-Commerce/1.12, when talking SSLv2, accepts a 32 byte
+challenge but then appears to only use 16 bytes when generating the
+encryption keys. Using 16 bytes is ok but it should be ok to use 32.
+According to the SSLv3 spec, one should use 32 bytes for the challenge
+when opperating in SSLv2/v3 compatablity mode, but as mentioned above,
+this breaks this server so 16 bytes is the way to go.
+
+www.microsoft.com - when talking SSLv2, if session-id reuse is
+performed, the session-id passed back in the server-finished message
+is different from the one decided upon.
+
+ssl3.netscape.com:443, first a connection is established with RC4-MD5.
+If it is then resumed, we end up using DES-CBC3-SHA. It should be
+RC4-MD5 according to 7.6.1.3, 'cipher_suite'.
+Netscape-Enterprise/2.01 (https://merchant.netscape.com) has this bug.
+It only really shows up when connecting via SSLv2/v3 then reconnecting
+via SSLv3. The cipher list changes....
+NEW INFORMATION. Try connecting with a cipher list of just
+DES-CBC-SHA:RC4-MD5. For some weird reason, each new connection uses
+RC4-MD5, but a re-connect tries to use DES-CBC-SHA. So netscape, when
+doing a re-connect, always takes the first cipher in the cipher list.
+
+If we accept a netscape connection, demand a client cert, have a
+non-self-signed CA which does not have it's CA in netscape, and the
+browser has a cert, it will crash/hang. Works for 3.x and 4.xbeta
+
+Netscape browsers do not really notice the server sending a
+close notify message. I was sending one, and then some invalid data.
+netscape complained of an invalid mac. (a fork()ed child doing a
+SSL_shutdown() and still sharing the socket with its parent).
+
+Netscape, when using export ciphers, will accept a 1024 bit temporary
+RSA key. It is supposed to only accept 512.
+
+If Netscape connects to a server which requests a client certificate
+it will frequently hang after the user has selected one and never
+complete the connection. Hitting "Stop" and reload fixes this and
+all subsequent connections work fine. This appears to be because
+Netscape wont read any new records in when it is awaiting a server
+done message at this point. The fix is to send the certificate request
+and server done messages in one record.
diff --git a/openssl/bugs/alpha.c b/openssl/bugs/alpha.c
new file mode 100644
index 000000000..701d6a7c7
--- /dev/null
+++ b/openssl/bugs/alpha.c
@@ -0,0 +1,91 @@
+/* bugs/alpha.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay@cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* while not exactly a bug (ASN1 C leaves this undefined) it is
+ * something to watch out for. This was fine on linux/NT/Solaris but not
+ * Alpha */
+
+/* it is basically an example of
+ * func(*(a++),*(a++))
+ * which parameter is evaluated first? It is not defined in ASN1 C.
+ */
+
+#include <stdio.h>
+
+#define TYPE unsigned int
+
+void func(a,b)
+TYPE *a;
+TYPE b;
+ {
+ printf("%ld -1 == %ld\n",a[0],b);
+ }
+
+main()
+ {
+ TYPE data[5]={1L,2L,3L,4L,5L};
+ TYPE *p;
+ int i;
+
+ p=data;
+
+ for (i=0; i<4; i++)
+ {
+ func(p,*(p++));
+ }
+ }
diff --git a/openssl/bugs/dggccbug.c b/openssl/bugs/dggccbug.c
new file mode 100644
index 000000000..30e07a60e
--- /dev/null
+++ b/openssl/bugs/dggccbug.c
@@ -0,0 +1,45 @@
+/* NOCW */
+/* dggccbug.c */
+/* bug found by Eric Young (eay@cryptsoft.com) - May 1995 */
+
+#include <stdio.h>
+
+/* There is a bug in
+ * gcc version 2.5.8 (88open OCS/BCS, DG-2.5.8.3, Oct 14 1994)
+ * as shipped with DGUX 5.4R3.10 that can be bypassed by defining
+ * DG_GCC_BUG in my code.
+ * The bug manifests itself by the vaule of a pointer that is
+ * used only by reference, not having it's value change when it is used
+ * to check for exiting the loop. Probably caused by there being 2
+ * copies of the valiable, one in a register and one being an address
+ * that is passed. */
+
+/* compare the out put from
+ * gcc dggccbug.c; ./a.out
+ * and
+ * gcc -O dggccbug.c; ./a.out
+ * compile with -DFIXBUG to remove the bug when optimising.
+ */
+
+void inc(a)
+int *a;
+ {
+ (*a)++;
+ }
+
+main()
+ {
+ int p=0;
+#ifdef FIXBUG
+ int dummy;
+#endif
+
+ while (p<3)
+ {
+ fprintf(stderr,"%08X\n",p);
+ inc(&p);
+#ifdef FIXBUG
+ dummy+=p;
+#endif
+ }
+ }
diff --git a/openssl/bugs/sgiccbug.c b/openssl/bugs/sgiccbug.c
new file mode 100644
index 000000000..178239d49
--- /dev/null
+++ b/openssl/bugs/sgiccbug.c
@@ -0,0 +1,57 @@
+/* NOCW */
+/* sgibug.c */
+/* bug found by Eric Young (eay@mincom.oz.au) May 95 */
+
+#include <stdio.h>
+
+/* This compiler bug it present on IRIX 5.3, 5.1 and 4.0.5 (these are
+ * the only versions of IRIX I have access to.
+ * defining FIXBUG removes the bug.
+ * (bug is still present in IRIX 6.3 according to
+ * Gage <agage@forgetmenot.Mines.EDU>
+ */
+
+/* Compare the output from
+ * cc sgiccbug.c; ./a.out
+ * and
+ * cc -O sgiccbug.c; ./a.out
+ */
+
+static unsigned long a[4]={0x01234567,0x89ABCDEF,0xFEDCBA98,0x76543210};
+static unsigned long b[4]={0x89ABCDEF,0xFEDCBA98,0x76543210,0x01234567};
+static unsigned long c[4]={0x77777778,0x8ACF1357,0x88888888,0x7530ECA9};
+
+main()
+ {
+ unsigned long r[4];
+ sub(r,a,b);
+ fprintf(stderr,"input a= %08X %08X %08X %08X\n",a[3],a[2],a[1],a[0]);
+ fprintf(stderr,"input b= %08X %08X %08X %08X\n",b[3],b[2],b[1],b[0]);
+ fprintf(stderr,"output = %08X %08X %08X %08X\n",r[3],r[2],r[1],r[0]);
+ fprintf(stderr,"correct= %08X %08X %08X %08X\n",c[3],c[2],c[1],c[0]);
+ }
+
+int sub(r,a,b)
+unsigned long *r,*a,*b;
+ {
+ register unsigned long t1,t2,*ap,*bp,*rp;
+ int i,carry;
+#ifdef FIXBUG
+ unsigned long dummy;
+#endif
+
+ ap=a;
+ bp=b;
+ rp=r;
+ carry=0;
+ for (i=0; i<4; i++)
+ {
+ t1= *(ap++);
+ t2= *(bp++);
+ t1=(t1-t2);
+#ifdef FIXBUG
+ dummy=t1;
+#endif
+ *(rp++)=t1&0xffffffff;
+ }
+ }
diff --git a/openssl/bugs/sslref.dif b/openssl/bugs/sslref.dif
new file mode 100644
index 000000000..0aa92bfe6
--- /dev/null
+++ b/openssl/bugs/sslref.dif
@@ -0,0 +1,26 @@
+The February 9th, 1995 version of the SSL document differs from
+https://www.netscape.com in the following ways.
+=====
+The key material for generating a SSL_CK_DES_64_CBC_WITH_MD5 key is
+KEY-MATERIAL-0 = MD5[MASTER-KEY,"0",CHALLENGE,CONNECTION-ID]
+not
+KEY-MATERIAL-0 = MD5[MASTER-KEY,CHALLENGE,CONNECTION-ID]
+as specified in the documentation.
+=====
+From the section 2.6 Server Only Protocol Messages
+
+If the SESSION-ID-HIT flag is non-zero then the CERTIFICATE-TYPE,
+CERTIFICATE-LENGTH and CIPHER-SPECS-LENGTH fields will be zero.
+
+This is not true for https://www.netscape.com. The CERTIFICATE-TYPE
+is returned as 1.
+=====
+I have not tested the following but it is reported by holtzman@mit.edu.
+
+SSLref clients wait to recieve a server-verify before they send a
+client-finished. Besides this not being evident from the examples in
+2.2.1, it makes more sense to always send all packets you can before
+reading. SSLeay was waiting in the server to recieve a client-finish
+before sending the server-verify :-). I have changed SSLeay to send a
+server-verify before trying to read the client-finished.
+
diff --git a/openssl/bugs/stream.c b/openssl/bugs/stream.c
new file mode 100644
index 000000000..c3b5e867d
--- /dev/null
+++ b/openssl/bugs/stream.c
@@ -0,0 +1,131 @@
+/* bugs/stream.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay@cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <openssl/rc4.h>
+#ifdef OPENSSL_NO_DES
+#include <des.h>
+#else
+#include <openssl/des.h>
+#endif
+
+/* show how stream ciphers are not very good. The mac has no affect
+ * on RC4 while it does for cfb DES
+ */
+
+main()
+ {
+ fprintf(stderr,"rc4\n");
+ rc4();
+ fprintf(stderr,"cfb des\n");
+ des();
+ }
+
+int des()
+ {
+ des_key_schedule ks;
+ des_cblock iv,key;
+ int num;
+ static char *keystr="01234567";
+ static char *in1="0123456789ABCEDFdata 12345";
+ static char *in2="9876543210abcdefdata 12345";
+ unsigned char out[100];
+ int i;
+
+ des_set_key((des_cblock *)keystr,ks);
+
+ num=0;
+ memset(iv,0,8);
+ des_cfb64_encrypt(in1,out,26,ks,(des_cblock *)iv,&num,1);
+ for (i=0; i<26; i++)
+ fprintf(stderr,"%02X ",out[i]);
+ fprintf(stderr,"\n");
+
+ num=0;
+ memset(iv,0,8);
+ des_cfb64_encrypt(in2,out,26,ks,(des_cblock *)iv,&num,1);
+ for (i=0; i<26; i++)
+ fprintf(stderr,"%02X ",out[i]);
+ fprintf(stderr,"\n");
+ }
+
+int rc4()
+ {
+ static char *keystr="0123456789abcdef";
+ RC4_KEY key;
+ unsigned char in[100],out[100];
+ int i;
+
+ RC4_set_key(&key,16,keystr);
+ in[0]='\0';
+ strcpy(in,"0123456789ABCEDFdata 12345");
+ RC4(key,26,in,out);
+
+ for (i=0; i<26; i++)
+ fprintf(stderr,"%02X ",out[i]);
+ fprintf(stderr,"\n");
+
+ RC4_set_key(&key,16,keystr);
+ in[0]='\0';
+ strcpy(in,"9876543210abcdefdata 12345");
+ RC4(key,26,in,out);
+
+ for (i=0; i<26; i++)
+ fprintf(stderr,"%02X ",out[i]);
+ fprintf(stderr,"\n");
+ }
diff --git a/openssl/bugs/ultrixcc.c b/openssl/bugs/ultrixcc.c
new file mode 100644
index 000000000..7ba75b140
--- /dev/null
+++ b/openssl/bugs/ultrixcc.c
@@ -0,0 +1,45 @@
+#include <stdio.h>
+
+/* This is a cc optimiser bug for ultrix 4.3, mips CPU.
+ * What happens is that the compiler, due to the (a)&7,
+ * does
+ * i=a&7;
+ * i--;
+ * i*=4;
+ * Then uses i as the offset into a jump table.
+ * The problem is that a value of 0 generates an offset of
+ * 0xfffffffc.
+ */
+
+main()
+ {
+ f(5);
+ f(0);
+ }
+
+int f(a)
+int a;
+ {
+ switch(a&7)
+ {
+ case 7:
+ printf("7\n");
+ case 6:
+ printf("6\n");
+ case 5:
+ printf("5\n");
+ case 4:
+ printf("4\n");
+ case 3:
+ printf("3\n");
+ case 2:
+ printf("2\n");
+ case 1:
+ printf("1\n");
+#ifdef FIX_BUG
+ case 0:
+ ;
+#endif
+ }
+ }
+