diff options
| author | marha <marha@users.sourceforge.net> | 2015-04-20 22:51:55 +0200 |
|---|---|---|
| committer | marha <marha@users.sourceforge.net> | 2015-04-20 22:53:07 +0200 |
| commit | 2a00e489122f6c4b525090dbdba2855a2ea2d519 (patch) | |
| tree | 815e5c842bccb2bc6eb4b2934ef618fe32b820ca /openssl/ssl | |
| parent | 4ba9be2882d9f1567809edb0a31fcdf11320d41f (diff) | |
| download | vcxsrv-2a00e489122f6c4b525090dbdba2855a2ea2d519.tar.gz vcxsrv-2a00e489122f6c4b525090dbdba2855a2ea2d519.tar.bz2 vcxsrv-2a00e489122f6c4b525090dbdba2855a2ea2d519.zip | |
Upgraded to openssl 1.0.2a
Diffstat (limited to 'openssl/ssl')
| -rw-r--r-- | openssl/ssl/d1_both.c | 4 | ||||
| -rw-r--r-- | openssl/ssl/d1_lib.c | 5 | ||||
| -rw-r--r-- | openssl/ssl/d1_pkt.c | 6 | ||||
| -rw-r--r-- | openssl/ssl/dtls1.h | 1 | ||||
| -rw-r--r-- | openssl/ssl/s2_lib.c | 2 | ||||
| -rw-r--r-- | openssl/ssl/s2_srvr.c | 60 | ||||
| -rw-r--r-- | openssl/ssl/s3_clnt.c | 5 | ||||
| -rw-r--r-- | openssl/ssl/s3_enc.c | 1 | ||||
| -rw-r--r-- | openssl/ssl/s3_pkt.c | 13 | ||||
| -rw-r--r-- | openssl/ssl/s3_srvr.c | 90 | ||||
| -rw-r--r-- | openssl/ssl/ssl.h | 2 | ||||
| -rw-r--r-- | openssl/ssl/ssl_asn1.c | 4 | ||||
| -rw-r--r-- | openssl/ssl/ssl_ciph.c | 10 | ||||
| -rwxr-xr-x | openssl/ssl/ssl_conf.c | 15 | ||||
| -rw-r--r-- | openssl/ssl/ssl_locl.h | 6 | ||||
| -rw-r--r-- | openssl/ssl/ssltest.c | 2 | ||||
| -rw-r--r-- | openssl/ssl/t1_enc.c | 37 | ||||
| -rw-r--r-- | openssl/ssl/t1_lib.c | 26 |
18 files changed, 206 insertions, 83 deletions
diff --git a/openssl/ssl/d1_both.c b/openssl/ssl/d1_both.c index 2553c3de6..21048003b 100644 --- a/openssl/ssl/d1_both.c +++ b/openssl/ssl/d1_both.c @@ -1108,8 +1108,10 @@ int dtls1_buffer_message(SSL *s, int is_ccs) memcpy(frag->fragment, s->init_buf->data, s->init_num); if (is_ccs) { + /* For DTLS1_BAD_VER the header length is non-standard */ OPENSSL_assert(s->d1->w_msg_hdr.msg_len + - DTLS1_CCS_HEADER_LENGTH == (unsigned int)s->init_num); + ((s->version==DTLS1_BAD_VER)?3:DTLS1_CCS_HEADER_LENGTH) + == (unsigned int)s->init_num); } else { OPENSSL_assert(s->d1->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH == (unsigned int)s->init_num); diff --git a/openssl/ssl/d1_lib.c b/openssl/ssl/d1_lib.c index 28457579b..ee78921ba 100644 --- a/openssl/ssl/d1_lib.c +++ b/openssl/ssl/d1_lib.c @@ -270,7 +270,7 @@ void dtls1_clear(SSL *s) ssl3_clear(s); if (s->options & SSL_OP_CISCO_ANYCONNECT) - s->version = DTLS1_BAD_VER; + s->client_version = s->version = DTLS1_BAD_VER; else if (s->method->version == DTLS_ANY_VERSION) s->version = DTLS1_2_VERSION; else @@ -543,6 +543,9 @@ int dtls1_listen(SSL *s, struct sockaddr *client) { int ret; + /* Ensure there is no state left over from a previous invocation */ + SSL_clear(s); + SSL_set_options(s, SSL_OP_COOKIE_EXCHANGE); s->d1->listen = 1; diff --git a/openssl/ssl/d1_pkt.c b/openssl/ssl/d1_pkt.c index c07be8fd3..940ca6927 100644 --- a/openssl/ssl/d1_pkt.c +++ b/openssl/ssl/d1_pkt.c @@ -236,7 +236,7 @@ dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority) pitem_free(item); SSLerr(SSL_F_DTLS1_BUFFER_RECORD, ERR_R_INTERNAL_ERROR); - return (0); + return -1; } rdata->packet = s->packet; @@ -1142,7 +1142,7 @@ int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) cb(s, SSL_CB_READ_ALERT, j); } - if (alert_level == 1) { /* warning */ + if (alert_level == SSL3_AL_WARNING) { s->s3->warn_alert = alert_descr; if (alert_descr == SSL_AD_CLOSE_NOTIFY) { #ifndef OPENSSL_NO_SCTP @@ -1191,7 +1191,7 @@ int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) } } #endif - } else if (alert_level == 2) { /* fatal */ + } else if (alert_level == SSL3_AL_FATAL) { char tmp[16]; s->rwstate = SSL_NOTHING; diff --git a/openssl/ssl/dtls1.h b/openssl/ssl/dtls1.h index 4af7e4a7f..30bbcf278 100644 --- a/openssl/ssl/dtls1.h +++ b/openssl/ssl/dtls1.h @@ -86,6 +86,7 @@ extern "C" { # define DTLS1_VERSION 0xFEFF # define DTLS1_2_VERSION 0xFEFD # define DTLS_MAX_VERSION DTLS1_2_VERSION +# define DTLS1_VERSION_MAJOR 0xFE # define DTLS1_BAD_VER 0x0100 diff --git a/openssl/ssl/s2_lib.c b/openssl/ssl/s2_lib.c index f8a943930..d55b93f76 100644 --- a/openssl/ssl/s2_lib.c +++ b/openssl/ssl/s2_lib.c @@ -493,7 +493,7 @@ int ssl2_generate_key_material(SSL *s) OPENSSL_assert(s->session->master_key_length >= 0 && s->session->master_key_length - < (int)sizeof(s->session->master_key)); + <= (int)sizeof(s->session->master_key)); EVP_DigestUpdate(&ctx, s->session->master_key, s->session->master_key_length); EVP_DigestUpdate(&ctx, &c, 1); diff --git a/openssl/ssl/s2_srvr.c b/openssl/ssl/s2_srvr.c index daba6dd7a..19bb48c9c 100644 --- a/openssl/ssl/s2_srvr.c +++ b/openssl/ssl/s2_srvr.c @@ -371,7 +371,8 @@ int ssl2_accept(SSL *s) static int get_client_master_key(SSL *s) { - int is_export, i, n, keya, ek; + int is_export, i, n, keya; + unsigned int ek; unsigned long len; unsigned char *p; const SSL_CIPHER *cp; @@ -454,11 +455,6 @@ static int get_client_master_key(SSL *s) SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_NO_PRIVATEKEY); return (-1); } - i = ssl_rsa_private_decrypt(s->cert, s->s2->tmp.enc, - &(p[s->s2->tmp.clear]), - &(p[s->s2->tmp.clear]), - (s->s2->ssl2_rollback) ? RSA_SSLV23_PADDING : - RSA_PKCS1_PADDING); is_export = SSL_C_IS_EXPORT(s->session->cipher); @@ -475,23 +471,61 @@ static int get_client_master_key(SSL *s) } else ek = 5; + /* + * The format of the CLIENT-MASTER-KEY message is + * 1 byte message type + * 3 bytes cipher + * 2-byte clear key length (stored in s->s2->tmp.clear) + * 2-byte encrypted key length (stored in s->s2->tmp.enc) + * 2-byte key args length (IV etc) + * clear key + * encrypted key + * key args + * + * If the cipher is an export cipher, then the encrypted key bytes + * are a fixed portion of the total key (5 or 8 bytes). The size of + * this portion is in |ek|. If the cipher is not an export cipher, + * then the entire key material is encrypted (i.e., clear key length + * must be zero). + */ + if ((!is_export && s->s2->tmp.clear != 0) || + (is_export && s->s2->tmp.clear + ek != (unsigned int)EVP_CIPHER_key_length(c))) { + ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR); + SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_BAD_LENGTH); + return -1; + } + /* + * The encrypted blob must decrypt to the encrypted portion of the key. + * Decryption can't be expanding, so if we don't have enough encrypted + * bytes to fit the key in the buffer, stop now. + */ + if ((is_export && s->s2->tmp.enc < ek) || + (!is_export && s->s2->tmp.enc < (unsigned int)EVP_CIPHER_key_length(c))) { + ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); + SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_LENGTH_TOO_SHORT); + return -1; + } + + i = ssl_rsa_private_decrypt(s->cert, s->s2->tmp.enc, + &(p[s->s2->tmp.clear]), + &(p[s->s2->tmp.clear]), + (s->s2->ssl2_rollback) ? RSA_SSLV23_PADDING : + RSA_PKCS1_PADDING); + /* bad decrypt */ # if 1 /* * If a bad decrypt, continue with protocol but with a random master * secret (Bleichenbacher attack) */ - if ((i < 0) || ((!is_export && (i != EVP_CIPHER_key_length(c))) - || (is_export && ((i != ek) - || (s->s2->tmp.clear + - (unsigned int)i != (unsigned int) - EVP_CIPHER_key_length(c)))))) { + if ((i < 0) || ((!is_export && i != EVP_CIPHER_key_length(c)) + || (is_export && i != (int)ek))) { ERR_clear_error(); if (is_export) i = ek; else i = EVP_CIPHER_key_length(c); - if (RAND_pseudo_bytes(p, i) <= 0) + if (RAND_pseudo_bytes(&p[s->s2->tmp.clear], i) <= 0) return 0; } # else @@ -513,7 +547,7 @@ static int get_client_master_key(SSL *s) # endif if (is_export) - i += s->s2->tmp.clear; + i = EVP_CIPHER_key_length(c); if (i > SSL_MAX_MASTER_KEY_LENGTH) { ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR); diff --git a/openssl/ssl/s3_clnt.c b/openssl/ssl/s3_clnt.c index f186c3cf9..91053d59e 100644 --- a/openssl/ssl/s3_clnt.c +++ b/openssl/ssl/s3_clnt.c @@ -717,8 +717,9 @@ int ssl3_client_hello(SSL *s) } else i = 1; - if (i) - ssl_fill_hello_random(s, 0, p, sizeof(s->s3->client_random)); + if (i && ssl_fill_hello_random(s, 0, p, + sizeof(s->s3->client_random)) <= 0) + goto err; /* Do the message type and length last */ d = p = ssl_handshake_start(s); diff --git a/openssl/ssl/s3_enc.c b/openssl/ssl/s3_enc.c index cdbf0f095..cda2d8c77 100644 --- a/openssl/ssl/s3_enc.c +++ b/openssl/ssl/s3_enc.c @@ -877,6 +877,7 @@ int ssl3_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, s, s->msg_callback_arg); } #endif + OPENSSL_cleanse(buf, sizeof buf); return (ret); } diff --git a/openssl/ssl/s3_pkt.c b/openssl/ssl/s3_pkt.c index ec56c5549..221ae039e 100644 --- a/openssl/ssl/s3_pkt.c +++ b/openssl/ssl/s3_pkt.c @@ -231,7 +231,8 @@ int ssl3_read_n(SSL *s, int n, int max, int extend) return -1; } - if (!s->read_ahead) + /* We always act like read_ahead is set for DTLS */ + if (!s->read_ahead && !SSL_IS_DTLS(s)) /* ignore max parameter */ max = n; else { @@ -707,6 +708,10 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) packlen *= 4; wb->buf = OPENSSL_malloc(packlen); + if(!wb->buf) { + SSLerr(SSL_F_SSL3_WRITE_BYTES, ERR_R_MALLOC_FAILURE); + return -1; + } wb->len = packlen; } else if (tot == len) { /* done? */ OPENSSL_free(wb->buf); /* free jumbo buffer */ @@ -780,7 +785,7 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) i = ssl3_write_pending(s, type, &buf[tot], nw); if (i <= 0) { - if (i < 0) { + if (i < 0 && (!s->wbio || !BIO_should_retry(s->wbio))) { OPENSSL_free(wb->buf); wb->buf = NULL; } @@ -1425,7 +1430,7 @@ int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) cb(s, SSL_CB_READ_ALERT, j); } - if (alert_level == 1) { /* warning */ + if (alert_level == SSL3_AL_WARNING) { s->s3->warn_alert = alert_descr; if (alert_descr == SSL_AD_CLOSE_NOTIFY) { s->shutdown |= SSL_RECEIVED_SHUTDOWN; @@ -1448,7 +1453,7 @@ int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) else if (alert_descr == SSL_AD_MISSING_SRP_USERNAME) return (0); #endif - } else if (alert_level == 2) { /* fatal */ + } else if (alert_level == SSL3_AL_FATAL) { char tmp[16]; s->rwstate = SSL_NOTHING; diff --git a/openssl/ssl/s3_srvr.c b/openssl/ssl/s3_srvr.c index 2c6fb282b..c016139b1 100644 --- a/openssl/ssl/s3_srvr.c +++ b/openssl/ssl/s3_srvr.c @@ -2251,10 +2251,17 @@ int ssl3_get_client_key_exchange(SSL *s) if (alg_k & (SSL_kEDH | SSL_kDHr | SSL_kDHd)) { int idx = -1; EVP_PKEY *skey = NULL; - if (n) + if (n > 1) { n2s(p, i); - else + } else { + if (alg_k & SSL_kDHE) { + al = SSL_AD_HANDSHAKE_FAILURE; + SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, + SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG); + goto f_err; + } i = 0; + } if (n && n != i + 2) { if (!(s->options & SSL_OP_SSLEAY_080_CLIENT_DH_BUG)) { SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, @@ -3260,14 +3267,16 @@ int ssl3_send_server_certificate(SSL *s) /* send a new session ticket (not necessarily for a new session) */ int ssl3_send_newsession_ticket(SSL *s) { + unsigned char *senc = NULL; + EVP_CIPHER_CTX ctx; + HMAC_CTX hctx; + if (s->state == SSL3_ST_SW_SESSION_TICKET_A) { - unsigned char *p, *senc, *macstart; + unsigned char *p, *macstart; const unsigned char *const_p; int len, slen_full, slen; SSL_SESSION *sess; unsigned int hlen; - EVP_CIPHER_CTX ctx; - HMAC_CTX hctx; SSL_CTX *tctx = s->initial_ctx; unsigned char iv[EVP_MAX_IV_LENGTH]; unsigned char key_name[16]; @@ -3278,32 +3287,38 @@ int ssl3_send_newsession_ticket(SSL *s) * Some length values are 16 bits, so forget it if session is too * long */ - if (slen_full > 0xFF00) + if (slen_full == 0 || slen_full > 0xFF00) return -1; senc = OPENSSL_malloc(slen_full); if (!senc) return -1; + + EVP_CIPHER_CTX_init(&ctx); + HMAC_CTX_init(&hctx); + p = senc; - i2d_SSL_SESSION(s->session, &p); + if (!i2d_SSL_SESSION(s->session, &p)) + goto err; /* * create a fresh copy (not shared with other threads) to clean up */ const_p = senc; sess = d2i_SSL_SESSION(NULL, &const_p, slen_full); - if (sess == NULL) { - OPENSSL_free(senc); - return -1; - } + if (sess == NULL) + goto err; sess->session_id_length = 0; /* ID is irrelevant for the ticket */ slen = i2d_SSL_SESSION(sess, NULL); - if (slen > slen_full) { /* shouldn't ever happen */ - OPENSSL_free(senc); - return -1; + if (slen == 0 || slen > slen_full) { /* shouldn't ever happen */ + SSL_SESSION_free(sess); + goto err; } p = senc; - i2d_SSL_SESSION(sess, &p); + if (!i2d_SSL_SESSION(sess, &p)) { + SSL_SESSION_free(sess); + goto err; + } SSL_SESSION_free(sess); /*- @@ -3317,26 +3332,26 @@ int ssl3_send_newsession_ticket(SSL *s) if (!BUF_MEM_grow(s->init_buf, SSL_HM_HEADER_LENGTH(s) + 22 + EVP_MAX_IV_LENGTH + EVP_MAX_BLOCK_LENGTH + EVP_MAX_MD_SIZE + slen)) - return -1; + goto err; + p = ssl_handshake_start(s); - EVP_CIPHER_CTX_init(&ctx); - HMAC_CTX_init(&hctx); /* * Initialize HMAC and cipher contexts. If callback present it does * all the work otherwise use generated values from parent ctx. */ if (tctx->tlsext_ticket_key_cb) { if (tctx->tlsext_ticket_key_cb(s, key_name, iv, &ctx, - &hctx, 1) < 0) { - OPENSSL_free(senc); - return -1; - } + &hctx, 1) < 0) + goto err; } else { - RAND_pseudo_bytes(iv, 16); - EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, - tctx->tlsext_tick_aes_key, iv); - HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16, - tlsext_tick_md(), NULL); + if (RAND_bytes(iv, 16) <= 0) + goto err; + if (!EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, + tctx->tlsext_tick_aes_key, iv)) + goto err; + if (!HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16, + tlsext_tick_md(), NULL)) + goto err; memcpy(key_name, tctx->tlsext_tick_key_name, 16); } @@ -3357,14 +3372,19 @@ int ssl3_send_newsession_ticket(SSL *s) memcpy(p, iv, EVP_CIPHER_CTX_iv_length(&ctx)); p += EVP_CIPHER_CTX_iv_length(&ctx); /* Encrypt session data */ - EVP_EncryptUpdate(&ctx, p, &len, senc, slen); + if (!EVP_EncryptUpdate(&ctx, p, &len, senc, slen)) + goto err; p += len; - EVP_EncryptFinal(&ctx, p, &len); + if (!EVP_EncryptFinal(&ctx, p, &len)) + goto err; p += len; - EVP_CIPHER_CTX_cleanup(&ctx); - HMAC_Update(&hctx, macstart, p - macstart); - HMAC_Final(&hctx, p, &hlen); + if (!HMAC_Update(&hctx, macstart, p - macstart)) + goto err; + if (!HMAC_Final(&hctx, p, &hlen)) + goto err; + + EVP_CIPHER_CTX_cleanup(&ctx); HMAC_CTX_cleanup(&hctx); p += hlen; @@ -3381,6 +3401,12 @@ int ssl3_send_newsession_ticket(SSL *s) /* SSL3_ST_SW_SESSION_TICKET_B */ return ssl_do_write(s); + err: + if (senc) + OPENSSL_free(senc); + EVP_CIPHER_CTX_cleanup(&ctx); + HMAC_CTX_cleanup(&hctx); + return -1; } int ssl3_send_cert_status(SSL *s) diff --git a/openssl/ssl/ssl.h b/openssl/ssl/ssl.h index 2b0f6628c..a6d845dc9 100644 --- a/openssl/ssl/ssl.h +++ b/openssl/ssl/ssl.h @@ -338,7 +338,7 @@ extern "C" { * The following cipher list is used by default. It also is substituted when * an application-defined cipher list string starts with 'DEFAULT'. */ -# define SSL_DEFAULT_CIPHER_LIST "ALL:!aNULL:!eNULL:!SSLv2" +# define SSL_DEFAULT_CIPHER_LIST "ALL:!EXPORT:!aNULL:!eNULL:!SSLv2" /* * As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always * starts with a reasonable order, and all we have to do for DEFAULT is diff --git a/openssl/ssl/ssl_asn1.c b/openssl/ssl/ssl_asn1.c index f8c265cdd..39d48eabf 100644 --- a/openssl/ssl/ssl_asn1.c +++ b/openssl/ssl/ssl_asn1.c @@ -421,7 +421,9 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, id = 0x02000000L | ((unsigned long)os.data[0] << 16L) | ((unsigned long)os.data[1] << 8L) | (unsigned long)os.data[2]; - } else if ((ssl_version >> 8) >= SSL3_VERSION_MAJOR) { + } else if ((ssl_version >> 8) == SSL3_VERSION_MAJOR + || (ssl_version >> 8) == DTLS1_VERSION_MAJOR + || ssl_version == DTLS1_BAD_VER) { if (os.length != 2) { c.error = SSL_R_CIPHER_CODE_WRONG_LENGTH; c.line = __LINE__; diff --git a/openssl/ssl/ssl_ciph.c b/openssl/ssl/ssl_ciph.c index b038c55ae..2cc9a4a21 100644 --- a/openssl/ssl/ssl_ciph.c +++ b/openssl/ssl/ssl_ciph.c @@ -235,8 +235,8 @@ static const SSL_CIPHER cipher_aliases[] = { * "COMPLEMENTOFDEFAULT" (does *not* include ciphersuites not found in * ALL!) */ - {0, SSL_TXT_CMPDEF, 0, SSL_kEDH | SSL_kEECDH, SSL_aNULL, ~SSL_eNULL, 0, 0, - 0, 0, 0, 0}, + {0, SSL_TXT_CMPDEF, 0, 0, SSL_aNULL, ~SSL_eNULL, 0, ~SSL_SSLV2, + SSL_EXP_MASK, 0, 0, 0}, /* * key exchange aliases (some of those using only a single bit here @@ -1027,6 +1027,10 @@ static void ssl_cipher_apply_rule(unsigned long cipher_id, if (cipher_id && cipher_id != cp->id) continue; #endif + if (algo_strength == SSL_EXP_MASK && SSL_C_IS_EXPORT(cp)) + goto ok; + if (alg_ssl == ~SSL_SSLV2 && cp->algorithm_ssl == SSL_SSLV2) + goto ok; if (alg_mkey && !(alg_mkey & cp->algorithm_mkey)) continue; if (alg_auth && !(alg_auth & cp->algorithm_auth)) @@ -1045,6 +1049,8 @@ static void ssl_cipher_apply_rule(unsigned long cipher_id, continue; } + ok: + #ifdef CIPHER_DEBUG fprintf(stderr, "Action = %d\n", rule); #endif diff --git a/openssl/ssl/ssl_conf.c b/openssl/ssl/ssl_conf.c index 0ee6e4642..5478840de 100755 --- a/openssl/ssl/ssl_conf.c +++ b/openssl/ssl/ssl_conf.c @@ -167,6 +167,8 @@ static int ssl_set_option_list(const char *elem, int len, void *usr) * len == -1 indicates not being called in list context, just for single * command line switches, so don't allow +, -. */ + if (elem == NULL) + return 0; if (len != -1) { if (*elem == '+') { elem++; @@ -384,6 +386,18 @@ static int cmd_PrivateKey(SSL_CONF_CTX *cctx, const char *value) return rv > 0; } +static int cmd_ServerInfoFile(SSL_CONF_CTX *cctx, const char *value) +{ + int rv = 1; + if (!(cctx->flags & SSL_CONF_FLAG_CERTIFICATE)) + return -2; + if (!(cctx->flags & SSL_CONF_FLAG_SERVER)) + return -2; + if (cctx->ctx) + rv = SSL_CTX_use_serverinfo_file(cctx->ctx, value); + return rv > 0; +} + #ifndef OPENSSL_NO_DH static int cmd_DHParameters(SSL_CONF_CTX *cctx, const char *value) { @@ -442,6 +456,7 @@ static const ssl_conf_cmd_tbl ssl_conf_cmds[] = { SSL_CONF_CMD_STRING(Options, NULL), SSL_CONF_CMD(Certificate, "cert", SSL_CONF_TYPE_FILE), SSL_CONF_CMD(PrivateKey, "key", SSL_CONF_TYPE_FILE), + SSL_CONF_CMD(ServerInfoFile, NULL, SSL_CONF_TYPE_FILE), #ifndef OPENSSL_NO_DH SSL_CONF_CMD(DHParameters, "dhparam", SSL_CONF_TYPE_FILE) #endif diff --git a/openssl/ssl/ssl_locl.h b/openssl/ssl/ssl_locl.h index 46ea18a07..79b85b9ed 100644 --- a/openssl/ssl/ssl_locl.h +++ b/openssl/ssl/ssl_locl.h @@ -370,10 +370,10 @@ # define SSL_AEAD 0x00000040L /* Bits for algorithm_ssl (protocol version) */ -# define SSL_SSLV2 0x00000001L -# define SSL_SSLV3 0x00000002L +# define SSL_SSLV2 0x00000001UL +# define SSL_SSLV3 0x00000002UL # define SSL_TLSV1 SSL_SSLV3/* for now */ -# define SSL_TLSV1_2 0x00000004L +# define SSL_TLSV1_2 0x00000004UL /* Bits for algorithm2 (handshake digests and other extra flags) */ diff --git a/openssl/ssl/ssltest.c b/openssl/ssl/ssltest.c index 0113b6526..9f5d58624 100644 --- a/openssl/ssl/ssltest.c +++ b/openssl/ssl/ssltest.c @@ -2073,7 +2073,7 @@ int doit(SSL *s_ssl, SSL *c_ssl, long count) if (!do_client && !do_server) { fprintf(stdout, "ERROR IN STARTUP\n"); ERR_print_errors(bio_err); - break; + goto err; } if (do_client && !(done & C_DONE)) { if (c_write) { diff --git a/openssl/ssl/t1_enc.c b/openssl/ssl/t1_enc.c index 0f5baa6e4..577885fe0 100644 --- a/openssl/ssl/t1_enc.c +++ b/openssl/ssl/t1_enc.c @@ -260,6 +260,11 @@ static int tls1_PRF(long digest_mask, if ((m << TLS1_PRF_DGST_SHIFT) & digest_mask) count++; } + if(!count) { + /* Should never happen */ + SSLerr(SSL_F_TLS1_PRF, ERR_R_INTERNAL_ERROR); + goto err; + } len = slen / count; if (count == 1) slen = 0; @@ -550,16 +555,24 @@ int tls1_change_cipher_state(SSL *s, int which) #endif /* KSSL_DEBUG */ if (EVP_CIPHER_mode(c) == EVP_CIPH_GCM_MODE) { - EVP_CipherInit_ex(dd, c, NULL, key, NULL, (which & SSL3_CC_WRITE)); - EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_GCM_SET_IV_FIXED, k, iv); - } else - EVP_CipherInit_ex(dd, c, NULL, key, iv, (which & SSL3_CC_WRITE)); - + if (!EVP_CipherInit_ex(dd, c, NULL, key, NULL, (which & SSL3_CC_WRITE)) + || !EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_GCM_SET_IV_FIXED, k, iv)) { + SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR); + goto err2; + } + } else { + if (!EVP_CipherInit_ex(dd, c, NULL, key, iv, (which & SSL3_CC_WRITE))) { + SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR); + goto err2; + } + } /* Needed for "composite" AEADs, such as RC4-HMAC-MD5 */ - if ((EVP_CIPHER_flags(c) & EVP_CIPH_FLAG_AEAD_CIPHER) && *mac_secret_size) - EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_AEAD_SET_MAC_KEY, - *mac_secret_size, mac_secret); - + if ((EVP_CIPHER_flags(c) & EVP_CIPH_FLAG_AEAD_CIPHER) && *mac_secret_size + && !EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_AEAD_SET_MAC_KEY, + *mac_secret_size, mac_secret)) { + SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR); + goto err2; + } #ifdef OPENSSL_SSL_TRACE_CRYPTO if (s->msg_callback) { int wh = which & SSL3_CC_WRITE ? TLS1_RT_CRYPTO_WRITE : 0; @@ -650,6 +663,7 @@ int tls1_setup_key_block(SSL *s) if ((p2 = (unsigned char *)OPENSSL_malloc(num)) == NULL) { SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK, ERR_R_MALLOC_FAILURE); + OPENSSL_free(p1); goto err; } #ifdef TLS_DEBUG @@ -967,6 +981,8 @@ int tls1_final_finish_mac(SSL *s, err = 1; EVP_MD_CTX_cleanup(&ctx); + OPENSSL_cleanse(buf, (int)(q - buf)); + OPENSSL_cleanse(buf2, sizeof(buf2)); if (err) return 0; else @@ -1130,6 +1146,7 @@ int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, co, col, s->s3->server_random, SSL3_RANDOM_SIZE, so, sol, p, len, s->session->master_key, buff, sizeof buff); + OPENSSL_cleanse(buff, sizeof buff); #ifdef SSL_DEBUG fprintf(stderr, "Premaster Secret:\n"); BIO_dump_fp(stderr, (char *)p, len); @@ -1240,6 +1257,8 @@ int tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen, NULL, 0, s->session->master_key, s->session->master_key_length, out, buff, olen); + OPENSSL_cleanse(val, vallen); + OPENSSL_cleanse(buff, olen); #ifdef KSSL_DEBUG fprintf(stderr, "tls1_export_keying_material() complete\n"); diff --git a/openssl/ssl/t1_lib.c b/openssl/ssl/t1_lib.c index 72be01dd6..d85d26e59 100644 --- a/openssl/ssl/t1_lib.c +++ b/openssl/ssl/t1_lib.c @@ -470,7 +470,7 @@ static int tls1_get_curvelist(SSL *s, int sess, # ifdef OPENSSL_FIPS if (FIPS_mode()) { *pcurves = fips_curves_default; - *pcurveslen = sizeof(fips_curves_default); + pcurveslen = sizeof(fips_curves_default); } else # endif { @@ -651,6 +651,8 @@ static int nid_cb(const char *elem, int len, void *arg) size_t i; int nid; char etmp[20]; + if (elem == NULL) + return 0; if (narg->nidcnt == MAX_CURVELIST) return 0; if (len > (int)(sizeof(etmp) - 1)) @@ -2965,6 +2967,7 @@ int tls1_set_server_sigalgs(SSL *s) if (s->cert->shared_sigalgs) { OPENSSL_free(s->cert->shared_sigalgs); s->cert->shared_sigalgs = NULL; + s->cert->shared_sigalgslen = 0; } /* Clear certificate digests and validity flags */ for (i = 0; i < SSL_PKEY_NUM; i++) { @@ -3618,6 +3621,7 @@ static int tls1_set_shared_sigalgs(SSL *s) if (c->shared_sigalgs) { OPENSSL_free(c->shared_sigalgs); c->shared_sigalgs = NULL; + c->shared_sigalgslen = 0; } /* If client use client signature algorithms if not NULL */ if (!s->server && c->client_sigalgs && !is_suiteb) { @@ -3640,12 +3644,14 @@ static int tls1_set_shared_sigalgs(SSL *s) preflen = c->peer_sigalgslen; } nmatch = tls12_do_shared_sigalgs(NULL, pref, preflen, allow, allowlen); - if (!nmatch) - return 1; - salgs = OPENSSL_malloc(nmatch * sizeof(TLS_SIGALGS)); - if (!salgs) - return 0; - nmatch = tls12_do_shared_sigalgs(salgs, pref, preflen, allow, allowlen); + if (nmatch) { + salgs = OPENSSL_malloc(nmatch * sizeof(TLS_SIGALGS)); + if (!salgs) + return 0; + nmatch = tls12_do_shared_sigalgs(salgs, pref, preflen, allow, allowlen); + } else { + salgs = NULL; + } c->shared_sigalgs = salgs; c->shared_sigalgslen = nmatch; return 1; @@ -3948,6 +3954,8 @@ static int sig_cb(const char *elem, int len, void *arg) size_t i; char etmp[20], *p; int sig_alg, hash_alg; + if (elem == NULL) + return 0; if (sarg->sigalgcnt == MAX_SIGALGLEN) return 0; if (len > (int)(sizeof(etmp) - 1)) @@ -4122,10 +4130,10 @@ int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain, # endif } else { if (!x || !pk) - goto end; + return 0; idx = ssl_cert_type(x, pk); if (idx == -1) - goto end; + return 0; cpk = c->pkeys + idx; if (c->cert_flags & SSL_CERT_FLAGS_CHECK_TLS_STRICT) check_flags = CERT_PKEY_STRICT_FLAGS; |