Merge in recent changes from 0.9.6-stable.

10 files changed, 55 insertions, 23 deletions

diff --git a/ssl/s23_clnt.c b/ssl/s23_clnt.c
index 2d0eb4a8ff..df9ed02ddd 100644
--- a/ssl/s23_clnt.c
+++ b/ssl/s23_clnt.c
@@ -87,11 +87,15 @@ SSL_METHOD *SSLv23_client_method(void)
 
 	if (init)
 		{
+		CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
+
 		memcpy((char *)&SSLv23_client_data,
 			(char *)sslv23_base_method(),sizeof(SSL_METHOD));
 		SSLv23_client_data.ssl_connect=ssl23_connect;
 		SSLv23_client_data.get_ssl_method=ssl23_get_client_method;
 		init=0;
+
+		CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
 		}
 	return(&SSLv23_client_data);
 	}
diff --git a/ssl/s23_srvr.c b/ssl/s23_srvr.c
index b40bb01ab7..94198750f9 100644
--- a/ssl/s23_srvr.c
+++ b/ssl/s23_srvr.c
@@ -139,11 +139,15 @@ SSL_METHOD *SSLv23_server_method(void)
 
 	if (init)
 		{
+		CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
+
 		memcpy((char *)&SSLv23_server_data,
 			(char *)sslv23_base_method(),sizeof(SSL_METHOD));
 		SSLv23_server_data.ssl_accept=ssl23_accept;
 		SSLv23_server_data.get_ssl_method=ssl23_get_server_method;
 		init=0;
+
+		CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
 		}
 	return(&SSLv23_server_data);
 	}
diff --git a/ssl/s2_clnt.c b/ssl/s2_clnt.c
index 236b394db7..c59fa6e429 100644
--- a/ssl/s2_clnt.c
+++ b/ssl/s2_clnt.c
@@ -145,11 +145,15 @@ SSL_METHOD *SSLv2_client_method(void)
 
 	if (init)
 		{
+		CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
+
 		memcpy((char *)&SSLv2_client_data,(char *)sslv2_base_method(),
 			sizeof(SSL_METHOD));
 		SSLv2_client_data.ssl_connect=ssl2_connect;
 		SSLv2_client_data.get_ssl_method=ssl2_get_client_method;
 		init=0;
+
+		CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
 		}
 	return(&SSLv2_client_data);
 	}
diff --git a/ssl/s2_srvr.c b/ssl/s2_srvr.c
index d736f6807b..48fff175d4 100644
--- a/ssl/s2_srvr.c
+++ b/ssl/s2_srvr.c
@@ -145,11 +145,15 @@ SSL_METHOD *SSLv2_server_method(void)
 
 	if (init)
 		{
+		CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
+
 		memcpy((char *)&SSLv2_server_data,(char *)sslv2_base_method(),
 			sizeof(SSL_METHOD));
 		SSLv2_server_data.ssl_accept=ssl2_accept;
 		SSLv2_server_data.get_ssl_method=ssl2_get_server_method;
 		init=0;
+
+		CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
 		}
 	return(&SSLv2_server_data);
 	}
@@ -1001,7 +1005,7 @@ static int request_certificate(SSL *s)
 	len = 6 + (unsigned long)s->s2->tmp.clen + (unsigned long)s->s2->tmp.rlen;
 	if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)
 		{
-		SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_MESSAGE_TOO_LONG);
+		SSLerr(SSL_F_REQUEST_CERTIFICATE,SSL_R_MESSAGE_TOO_LONG);
 		goto end;
 		}
 	j = (int)len - s->init_num;
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index 32b9cea1ca..a55acd1975 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -146,11 +146,15 @@ SSL_METHOD *SSLv3_client_method(void)
 
 	if (init)
 		{
-		init=0;
+		CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
+
 		memcpy((char *)&SSLv3_client_data,(char *)sslv3_base_method(),
 			sizeof(SSL_METHOD));
 		SSLv3_client_data.ssl_connect=ssl3_connect;
 		SSLv3_client_data.get_ssl_method=ssl3_get_client_method;
+		init=0;
+
+		CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
 		}
 	return(&SSLv3_client_data);
 	}
@@ -632,23 +636,11 @@ static int ssl3_get_server_hello(SSL *s)
 	/* get the session-id */
 	j= *(p++);
 
-       if(j > sizeof s->session->session_id)
-               {
-               al=SSL_AD_ILLEGAL_PARAMETER;
-               SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
-                      SSL_R_SSL3_SESSION_ID_TOO_LONG);
-               goto f_err;
-               }
-
-	if ((j != 0) && (j != SSL3_SESSION_ID_SIZE))
+	if ((j > sizeof s->session->session_id) || (j > SSL3_SESSION_ID_SIZE))
 		{
-		/* SSLref returns 16 :-( */
-		if (j < SSL2_SSL_SESSION_ID_LENGTH)
-			{
-			al=SSL_AD_ILLEGAL_PARAMETER;
-			SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_SSL3_SESSION_ID_TOO_SHORT);
-			goto f_err;
-			}
+		al=SSL_AD_ILLEGAL_PARAMETER;
+		SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_SSL3_SESSION_ID_TOO_LONG);
+		goto f_err;
 		}
 	if (j != 0 && j == s->session->session_id_length
 	    && memcmp(p,s->session->session_id,j) == 0)
@@ -656,6 +648,7 @@ static int ssl3_get_server_hello(SSL *s)
 	    if(s->sid_ctx_length != s->session->sid_ctx_length
 	       || memcmp(s->session->sid_ctx,s->sid_ctx,s->sid_ctx_length))
 		{
+		/* actually a client application bug */
 		al=SSL_AD_ILLEGAL_PARAMETER;
 		SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT);
 		goto f_err;
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index fe1e689014..50913ae8e4 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -151,11 +151,15 @@ SSL_METHOD *SSLv3_server_method(void)
 
 	if (init)
 		{
+		CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
+
 		memcpy((char *)&SSLv3_server_data,(char *)sslv3_base_method(),
 			sizeof(SSL_METHOD));
 		SSLv3_server_data.ssl_accept=ssl3_accept;
 		SSLv3_server_data.get_ssl_method=ssl3_get_server_method;
 		init=0;
+
+		CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
 		}
 	return(&SSLv3_server_data);
 	}
diff --git a/ssl/ssl-lib.com b/ssl/ssl-lib.com
index 7d2836478d..44ea1bb979 100644
--- a/ssl/ssl-lib.com
+++ b/ssl/ssl-lib.com
@@ -1089,7 +1089,7 @@ $   ENDIF
 $!
 $!  Show user the result
 $!
-$   WRITE SYS$OUTPUT "Main Compiling Command: ",CC
+$   WRITE/SYMBOL SYS$OUTPUT "Main Compiling Command: ",CC
 $!
 $!  Else The User Entered An Invalid Arguement.
 $!
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 4f84a3476d..6b5a135ffe 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -1245,13 +1245,24 @@ void SSL_CTX_free(SSL_CTX *a)
 		abort(); /* ok */
 		}
 #endif
+  
+	/*
+	 * Free internal session cache. However: the remove_cb() may reference
+	 * the ex_data of SSL_CTX, thus the ex_data store can only be removed
+	 * after the sessions were flushed.
+	 * As the ex_data handling routines might also touch the session cache,
+	 * the most secure solution seems to be: empty (flush) the cache, then
+	 * free ex_data, then finally free the cache.
+	 * (See ticket [openssl.org #212].)
+	 */
+  	if (a->sessions != NULL)
+  		SSL_CTX_flush_sessions(a,0);
+
 	CRYPTO_free_ex_data(ssl_ctx_meth,(char *)a,&a->ex_data);
 
 	if (a->sessions != NULL)
-		{
-		SSL_CTX_flush_sessions(a,0);
-		lh_free(a->sessions);
-		}
+  		lh_free(a->sessions);
+
 	if (a->cert_store != NULL)
 		X509_STORE_free(a->cert_store);
 	if (a->cipher_list != NULL)
diff --git a/ssl/t1_clnt.c b/ssl/t1_clnt.c
index 9745630a00..df00a1215a 100644
--- a/ssl/t1_clnt.c
+++ b/ssl/t1_clnt.c
@@ -79,11 +79,15 @@ SSL_METHOD *TLSv1_client_method(void)
 
 	if (init)
 		{
+		CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
+
 		memcpy((char *)&TLSv1_client_data,(char *)tlsv1_base_method(),
 			sizeof(SSL_METHOD));
 		TLSv1_client_data.ssl_connect=ssl3_connect;
 		TLSv1_client_data.get_ssl_method=tls1_get_client_method;
 		init=0;
+
+		CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
 		}
 	return(&TLSv1_client_data);
 	}
diff --git a/ssl/t1_srvr.c b/ssl/t1_srvr.c
index 996b7ca8e2..e62275c6f8 100644
--- a/ssl/t1_srvr.c
+++ b/ssl/t1_srvr.c
@@ -80,11 +80,15 @@ SSL_METHOD *TLSv1_server_method(void)
 
 	if (init)
 		{
+		CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
+
 		memcpy((char *)&TLSv1_server_data,(char *)tlsv1_base_method(),
 			sizeof(SSL_METHOD));
 		TLSv1_server_data.ssl_accept=ssl3_accept;
 		TLSv1_server_data.get_ssl_method=tls1_get_server_method;
 		init=0;
+
+		CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
 		}
 	return(&TLSv1_server_data);
 	}