aboutsummaryrefslogtreecommitdiff
path: root/openssl/ssl
diff options
context:
space:
mode:
authormarha <marha@users.sourceforge.net>2010-06-17 08:30:55 +0000
committermarha <marha@users.sourceforge.net>2010-06-17 08:30:55 +0000
commiteb8e32daea99b6e3ebf134efeeba184c23817f08 (patch)
treeffbda57952ba3f40612e6409bd9a95f9a0a892dc /openssl/ssl
parented16af1abc515d7cc3ff9c5794aef89551fe7494 (diff)
parentfef0b61e18b9c7475e4d6e67ddfc55db46573f4e (diff)
downloadvcxsrv-eb8e32daea99b6e3ebf134efeeba184c23817f08.tar.gz
vcxsrv-eb8e32daea99b6e3ebf134efeeba184c23817f08.tar.bz2
vcxsrv-eb8e32daea99b6e3ebf134efeeba184c23817f08.zip
svn merge ^/branches/released .
Diffstat (limited to 'openssl/ssl')
-rw-r--r--openssl/ssl/d1_both.c315
-rw-r--r--openssl/ssl/d1_lib.c10
-rw-r--r--openssl/ssl/d1_pkt.c44
-rw-r--r--openssl/ssl/dtls1.h1
-rw-r--r--openssl/ssl/ssl-lib.com16
-rw-r--r--openssl/ssl/ssl_algs.c8
-rw-r--r--openssl/ssl/t1_enc.c151
7 files changed, 377 insertions, 168 deletions
diff --git a/openssl/ssl/d1_both.c b/openssl/ssl/d1_both.c
index 0242f1e4d..4ce4064cc 100644
--- a/openssl/ssl/d1_both.c
+++ b/openssl/ssl/d1_both.c
@@ -123,6 +123,37 @@
#include <openssl/evp.h>
#include <openssl/x509.h>
+#define RSMBLY_BITMASK_SIZE(msg_len) (((msg_len) + 7) / 8)
+
+#define RSMBLY_BITMASK_MARK(bitmask, start, end) { \
+ if ((end) - (start) <= 8) { \
+ long ii; \
+ for (ii = (start); ii < (end); ii++) bitmask[((ii) >> 3)] |= (1 << ((ii) & 7)); \
+ } else { \
+ long ii; \
+ bitmask[((start) >> 3)] |= bitmask_start_values[((start) & 7)]; \
+ for (ii = (((start) >> 3) + 1); ii < ((((end) - 1)) >> 3); ii++) bitmask[ii] = 0xff; \
+ bitmask[(((end) - 1) >> 3)] |= bitmask_end_values[((end) & 7)]; \
+ } }
+
+#define RSMBLY_BITMASK_IS_COMPLETE(bitmask, msg_len, is_complete) { \
+ long ii; \
+ OPENSSL_assert((msg_len) > 0); \
+ is_complete = 1; \
+ if (bitmask[(((msg_len) - 1) >> 3)] != bitmask_end_values[((msg_len) & 7)]) is_complete = 0; \
+ if (is_complete) for (ii = (((msg_len) - 1) >> 3) - 1; ii >= 0 ; ii--) \
+ if (bitmask[ii] != 0xff) { is_complete = 0; break; } }
+
+#if 0
+#define RSMBLY_BITMASK_PRINT(bitmask, msg_len) { \
+ long ii; \
+ printf("bitmask: "); for (ii = 0; ii < (msg_len); ii++) \
+ printf("%d ", (bitmask[ii >> 3] & (1 << (ii & 7))) >> (ii & 7)); \
+ printf("\n"); }
+#endif
+
+static unsigned char bitmask_start_values[] = {0xff, 0xfe, 0xfc, 0xf8, 0xf0, 0xe0, 0xc0, 0x80};
+static unsigned char bitmask_end_values[] = {0x00, 0x01, 0x03, 0x07, 0x0f, 0x1f, 0x3f, 0x7f};
/* XDTLS: figure out the right values */
static unsigned int g_probable_mtu[] = {1500 - 28, 512 - 28, 256 - 28};
@@ -140,10 +171,11 @@ static long dtls1_get_message_fragment(SSL *s, int st1, int stn,
long max, int *ok);
static hm_fragment *
-dtls1_hm_fragment_new(unsigned long frag_len)
+dtls1_hm_fragment_new(unsigned long frag_len, int reassembly)
{
hm_fragment *frag = NULL;
unsigned char *buf = NULL;
+ unsigned char *bitmask = NULL;
frag = (hm_fragment *)OPENSSL_malloc(sizeof(hm_fragment));
if ( frag == NULL)
@@ -162,6 +194,21 @@ dtls1_hm_fragment_new(unsigned long frag_len)
/* zero length fragment gets zero frag->fragment */
frag->fragment = buf;
+ /* Initialize reassembly bitmask if necessary */
+ if (reassembly)
+ {
+ bitmask = (unsigned char *)OPENSSL_malloc(RSMBLY_BITMASK_SIZE(frag_len));
+ if (bitmask == NULL)
+ {
+ if (buf != NULL) OPENSSL_free(buf);
+ OPENSSL_free(frag);
+ return NULL;
+ }
+ memset(bitmask, 0, RSMBLY_BITMASK_SIZE(frag_len));
+ }
+
+ frag->reassembly = bitmask;
+
return frag;
}
@@ -169,6 +216,7 @@ static void
dtls1_hm_fragment_free(hm_fragment *frag)
{
if (frag->fragment) OPENSSL_free(frag->fragment);
+ if (frag->reassembly) OPENSSL_free(frag->reassembly);
OPENSSL_free(frag);
}
@@ -363,6 +411,8 @@ long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
{
int i, al;
struct hm_header_st *msg_hdr;
+ unsigned char *p;
+ unsigned long msg_len;
/* s3->tmp is used to store messages that are unexpected, caused
* by the absence of an optional handshake message */
@@ -382,77 +432,55 @@ long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
}
msg_hdr = &s->d1->r_msg_hdr;
- do
- {
- if ( msg_hdr->frag_off == 0)
- {
- /* s->d1->r_message_header.msg_len = 0; */
- memset(msg_hdr, 0x00, sizeof(struct hm_header_st));
- }
+ memset(msg_hdr, 0x00, sizeof(struct hm_header_st));
- i = dtls1_get_message_fragment(s, st1, stn, max, ok);
- if ( i == DTLS1_HM_BAD_FRAGMENT ||
- i == DTLS1_HM_FRAGMENT_RETRY) /* bad fragment received */
- continue;
- else if ( i <= 0 && !*ok)
- return i;
+again:
+ i = dtls1_get_message_fragment(s, st1, stn, max, ok);
+ if ( i == DTLS1_HM_BAD_FRAGMENT ||
+ i == DTLS1_HM_FRAGMENT_RETRY) /* bad fragment received */
+ goto again;
+ else if ( i <= 0 && !*ok)
+ return i;
- /* Note that s->init_sum is used as a counter summing
- * up fragments' lengths: as soon as they sum up to
- * handshake packet length, we assume we have got all
- * the fragments. Overlapping fragments would cause
- * premature termination, so we don't expect overlaps.
- * Well, handling overlaps would require something more
- * drastic. Indeed, as it is now there is no way to
- * tell if out-of-order fragment from the middle was
- * the last. '>=' is the best/least we can do to control
- * the potential damage caused by malformed overlaps. */
- if ((unsigned int)s->init_num >= msg_hdr->msg_len)
- {
- unsigned char *p = (unsigned char *)s->init_buf->data;
- unsigned long msg_len = msg_hdr->msg_len;
-
- /* reconstruct message header as if it was
- * sent in single fragment */
- *(p++) = msg_hdr->type;
- l2n3(msg_len,p);
- s2n (msg_hdr->seq,p);
- l2n3(0,p);
- l2n3(msg_len,p);
- if (s->version != DTLS1_BAD_VER) {
- p -= DTLS1_HM_HEADER_LENGTH;
- msg_len += DTLS1_HM_HEADER_LENGTH;
- }
+ p = (unsigned char *)s->init_buf->data;
+ msg_len = msg_hdr->msg_len;
+
+ /* reconstruct message header */
+ *(p++) = msg_hdr->type;
+ l2n3(msg_len,p);
+ s2n (msg_hdr->seq,p);
+ l2n3(0,p);
+ l2n3(msg_len,p);
+ if (s->version != DTLS1_BAD_VER) {
+ p -= DTLS1_HM_HEADER_LENGTH;
+ msg_len += DTLS1_HM_HEADER_LENGTH;
+ }
- ssl3_finish_mac(s, p, msg_len);
- if (s->msg_callback)
- s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE,
- p, msg_len,
- s, s->msg_callback_arg);
-
- memset(msg_hdr, 0x00, sizeof(struct hm_header_st));
-
- s->d1->handshake_read_seq++;
- /* we just read a handshake message from the other side:
- * this means that we don't need to retransmit of the
- * buffered messages.
- * XDTLS: may be able clear out this
- * buffer a little sooner (i.e if an out-of-order
- * handshake message/record is received at the record
- * layer.
- * XDTLS: exception is that the server needs to
- * know that change cipher spec and finished messages
- * have been received by the client before clearing this
- * buffer. this can simply be done by waiting for the
- * first data segment, but is there a better way? */
- dtls1_clear_record_buffer(s);
-
- s->init_msg = s->init_buf->data + DTLS1_HM_HEADER_LENGTH;
- return s->init_num;
- }
- else
- msg_hdr->frag_off = i;
- } while(1) ;
+ ssl3_finish_mac(s, p, msg_len);
+ if (s->msg_callback)
+ s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE,
+ p, msg_len,
+ s, s->msg_callback_arg);
+
+ memset(msg_hdr, 0x00, sizeof(struct hm_header_st));
+
+ s->d1->handshake_read_seq++;
+ /* we just read a handshake message from the other side:
+ * this means that we don't need to retransmit of the
+ * buffered messages.
+ * XDTLS: may be able clear out this
+ * buffer a little sooner (i.e if an out-of-order
+ * handshake message/record is received at the record
+ * layer.
+ * XDTLS: exception is that the server needs to
+ * know that change cipher spec and finished messages
+ * have been received by the client before clearing this
+ * buffer. this can simply be done by waiting for the
+ * first data segment, but is there a better way? */
+ dtls1_clear_record_buffer(s);
+
+ s->init_msg = s->init_buf->data + DTLS1_HM_HEADER_LENGTH;
+ return s->init_num;
f_err:
ssl3_send_alert(s,SSL3_AL_FATAL,al);
@@ -528,6 +556,10 @@ dtls1_retrieve_buffered_fragment(SSL *s, long max, int *ok)
return 0;
frag = (hm_fragment *)item->data;
+
+ /* Don't return if reassembly still in progress */
+ if (frag->reassembly != NULL)
+ return 0;
if ( s->d1->handshake_read_seq == frag->msg_header.seq)
{
@@ -563,6 +595,109 @@ dtls1_retrieve_buffered_fragment(SSL *s, long max, int *ok)
static int
+dtls1_reassemble_fragment(SSL *s, struct hm_header_st* msg_hdr, int *ok)
+ {
+ hm_fragment *frag = NULL;
+ pitem *item = NULL;
+ int i = -1, is_complete;
+ unsigned char seq64be[8];
+ unsigned long frag_len = msg_hdr->frag_len, max_len;
+
+ if ((msg_hdr->frag_off+frag_len) > msg_hdr->msg_len)
+ goto err;
+
+ /* Determine maximum allowed message size. Depends on (user set)
+ * maximum certificate length, but 16k is minimum.
+ */
+ if (DTLS1_HM_HEADER_LENGTH + SSL3_RT_MAX_ENCRYPTED_LENGTH < s->max_cert_list)
+ max_len = s->max_cert_list;
+ else
+ max_len = DTLS1_HM_HEADER_LENGTH + SSL3_RT_MAX_ENCRYPTED_LENGTH;
+
+ if ((msg_hdr->frag_off+frag_len) > max_len)
+ goto err;
+
+ /* Try to find item in queue */
+ memset(seq64be,0,sizeof(seq64be));
+ seq64be[6] = (unsigned char) (msg_hdr->seq>>8);
+ seq64be[7] = (unsigned char) msg_hdr->seq;
+ item = pqueue_find(s->d1->buffered_messages, seq64be);
+
+ if (item == NULL)
+ {
+ frag = dtls1_hm_fragment_new(msg_hdr->msg_len, 1);
+ if ( frag == NULL)
+ goto err;
+ memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr));
+ frag->msg_header.frag_len = frag->msg_header.msg_len;
+ frag->msg_header.frag_off = 0;
+ }
+ else
+ frag = (hm_fragment*) item->data;
+
+ /* If message is already reassembled, this must be a
+ * retransmit and can be dropped.
+ */
+ if (frag->reassembly == NULL)
+ {
+ unsigned char devnull [256];
+
+ while (frag_len)
+ {
+ i = s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,
+ devnull,
+ frag_len>sizeof(devnull)?sizeof(devnull):frag_len,0);
+ if (i<=0) goto err;
+ frag_len -= i;
+ }
+ return DTLS1_HM_FRAGMENT_RETRY;
+ }
+
+ /* read the body of the fragment (header has already been read */
+ i = s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,
+ frag->fragment + msg_hdr->frag_off,frag_len,0);
+ if (i<=0 || (unsigned long)i!=frag_len)
+ goto err;
+
+ RSMBLY_BITMASK_MARK(frag->reassembly, (long)msg_hdr->frag_off,
+ (long)(msg_hdr->frag_off + frag_len));
+
+ RSMBLY_BITMASK_IS_COMPLETE(frag->reassembly, (long)msg_hdr->msg_len,
+ is_complete);
+
+ if (is_complete)
+ {
+ OPENSSL_free(frag->reassembly);
+ frag->reassembly = NULL;
+ }
+
+ if (item == NULL)
+ {
+ memset(seq64be,0,sizeof(seq64be));
+ seq64be[6] = (unsigned char)(msg_hdr->seq>>8);
+ seq64be[7] = (unsigned char)(msg_hdr->seq);
+
+ item = pitem_new(seq64be, frag);
+ if (item == NULL)
+ {
+ goto err;
+ i = -1;
+ }
+
+ pqueue_insert(s->d1->buffered_messages, item);
+ }
+
+ return DTLS1_HM_FRAGMENT_RETRY;
+
+err:
+ if (frag != NULL) dtls1_hm_fragment_free(frag);
+ if (item != NULL) OPENSSL_free(item);
+ *ok = 0;
+ return i;
+ }
+
+
+static int
dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st* msg_hdr, int *ok)
{
int i=-1;
@@ -579,7 +714,13 @@ dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st* msg_hdr, int *ok)
seq64be[6] = (unsigned char) (msg_hdr->seq>>8);
seq64be[7] = (unsigned char) msg_hdr->seq;
item = pqueue_find(s->d1->buffered_messages, seq64be);
-
+
+ /* If we already have an entry and this one is a fragment,
+ * don't discard it and rather try to reassemble it.
+ */
+ if (item != NULL && frag_len < msg_hdr->msg_len)
+ item = NULL;
+
/* Discard the message if sequence number was already there, is
* too far in the future, already in the queue or if we received
* a FINISHED before the SERVER_HELLO, which then must be a stale
@@ -600,20 +741,25 @@ dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st* msg_hdr, int *ok)
frag_len -= i;
}
}
-
- if (frag_len)
+ else
{
- frag = dtls1_hm_fragment_new(frag_len);
+ if (frag_len && frag_len < msg_hdr->msg_len)
+ return dtls1_reassemble_fragment(s, msg_hdr, ok);
+
+ frag = dtls1_hm_fragment_new(frag_len, 0);
if ( frag == NULL)
goto err;
memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr));
- /* read the body of the fragment (header has already been read */
- i = s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,
- frag->fragment,frag_len,0);
- if (i<=0 || (unsigned long)i!=frag_len)
- goto err;
+ if (frag_len)
+ {
+ /* read the body of the fragment (header has already been read */
+ i = s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,
+ frag->fragment,frag_len,0);
+ if (i<=0 || (unsigned long)i!=frag_len)
+ goto err;
+ }
memset(seq64be,0,sizeof(seq64be));
seq64be[6] = (unsigned char)(msg_hdr->seq>>8);
@@ -640,14 +786,14 @@ static long
dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
{
unsigned char wire[DTLS1_HM_HEADER_LENGTH];
- unsigned long l, frag_off, frag_len;
+ unsigned long len, frag_off, frag_len;
int i,al;
struct hm_header_st msg_hdr;
/* see if we have the required fragment already */
if ((frag_len = dtls1_retrieve_buffered_fragment(s,max,ok)) || *ok)
{
- if (*ok) s->init_num += frag_len;
+ if (*ok) s->init_num = frag_len;
return frag_len;
}
@@ -672,10 +818,13 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
if ( msg_hdr.seq != s->d1->handshake_read_seq)
return dtls1_process_out_of_seq_message(s, &msg_hdr, ok);
- l = msg_hdr.msg_len;
+ len = msg_hdr.msg_len;
frag_off = msg_hdr.frag_off;
frag_len = msg_hdr.frag_len;
+ if (frag_len && frag_len < len)
+ return dtls1_reassemble_fragment(s, &msg_hdr, ok);
+
if (!s->server && s->d1->r_msg_hdr.frag_off == 0 &&
wire[0] == SSL3_MT_HELLO_REQUEST)
{
@@ -735,7 +884,7 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
* s->init_buf->data, but as a counter summing up fragments'
* lengths: as soon as they sum up to handshake packet
* length, we assume we have got all the fragments. */
- s->init_num += frag_len;
+ s->init_num = frag_len;
return frag_len;
f_err:
@@ -1010,7 +1159,7 @@ dtls1_buffer_message(SSL *s, int is_ccs)
* been serialized */
OPENSSL_assert(s->init_off == 0);
- frag = dtls1_hm_fragment_new(s->init_num);
+ frag = dtls1_hm_fragment_new(s->init_num, 0);
memcpy(frag->fragment, s->init_buf->data, s->init_num);
diff --git a/openssl/ssl/d1_lib.c b/openssl/ssl/d1_lib.c
index eeffce3cc..96b220e87 100644
--- a/openssl/ssl/d1_lib.c
+++ b/openssl/ssl/d1_lib.c
@@ -283,6 +283,16 @@ struct timeval* dtls1_get_timeout(SSL *s, struct timeval* timeleft)
timeleft->tv_usec += 1000000;
}
+ /* If remaining time is less than 15 ms, set it to 0
+ * to prevent issues because of small devergences with
+ * socket timeouts.
+ */
+ if (timeleft->tv_sec == 0 && timeleft->tv_usec < 15000)
+ {
+ memset(timeleft, 0, sizeof(struct timeval));
+ }
+
+
return timeleft;
}
diff --git a/openssl/ssl/d1_pkt.c b/openssl/ssl/d1_pkt.c
index c9757e1d6..a5439d544 100644
--- a/openssl/ssl/d1_pkt.c
+++ b/openssl/ssl/d1_pkt.c
@@ -196,6 +196,9 @@ dtls1_copy_record(SSL *s, pitem *item)
s->packet_length = rdata->packet_length;
memcpy(&(s->s3->rbuf), &(rdata->rbuf), sizeof(SSL3_BUFFER));
memcpy(&(s->s3->rrec), &(rdata->rrec), sizeof(SSL3_RECORD));
+
+ /* Set proper sequence number for mac calculation */
+ memcpy(&(s->s3->read_sequence[2]), &(rdata->packet[5]), 6);
return(1);
}
@@ -414,7 +417,7 @@ dtls1_process_record(SSL *s)
goto err;
/* otherwise enc_err == -1 */
- goto decryption_failed_or_bad_record_mac;
+ goto err;
}
#ifdef TLS_DEBUG
@@ -444,7 +447,7 @@ printf("\n");
SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_PRE_MAC_LENGTH_TOO_LONG);
goto f_err;
#else
- goto decryption_failed_or_bad_record_mac;
+ goto err;
#endif
}
/* check the MAC for rr->input (it's in mac_size bytes at the tail) */
@@ -455,14 +458,14 @@ printf("\n");
SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_LENGTH_TOO_SHORT);
goto f_err;
#else
- goto decryption_failed_or_bad_record_mac;
+ goto err;
#endif
}
rr->length-=mac_size;
i=s->method->ssl3_enc->mac(s,md,0);
if (i < 0 || memcmp(md,&(rr->data[rr->length]),mac_size) != 0)
{
- goto decryption_failed_or_bad_record_mac;
+ goto err;
}
}
@@ -504,14 +507,6 @@ printf("\n");
dtls1_record_bitmap_update(s, &(s->d1->bitmap));/* Mark receipt of record. */
return(1);
-decryption_failed_or_bad_record_mac:
- /* Separate 'decryption_failed' alert was introduced with TLS 1.0,
- * SSL 3.0 only has 'bad_record_mac'. But unless a decryption
- * failure is directly visible from the ciphertext anyway,
- * we should not reveal which kind of error occured -- this
- * might become visible to an attacker (e.g. via logfile) */
- al=SSL_AD_BAD_RECORD_MAC;
- SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);
f_err:
ssl3_send_alert(s,SSL3_AL_FATAL,al);
err:
@@ -544,8 +539,7 @@ int dtls1_get_record(SSL *s)
/* The epoch may have changed. If so, process all the
* pending records. This is a non-blocking operation. */
- if ( ! dtls1_process_buffered_records(s))
- return 0;
+ dtls1_process_buffered_records(s);
/* if we're renegotiating, then there may be buffered records */
if (dtls1_get_processed_record(s))
@@ -667,21 +661,25 @@ again:
if (rr->length == 0) goto again;
/* If this record is from the next epoch (either HM or ALERT),
- * buffer it since it cannot be processed at this time. Records
- * from the next epoch are marked as received even though they
- * are not processed, so as to prevent any potential resource
- * DoS attack */
+ * and a handshake is currently in progress, buffer it since it
+ * cannot be processed at this time. */
if (is_next_epoch)
{
- dtls1_record_bitmap_update(s, bitmap);
- dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), rr->seq_num);
+ if (SSL_in_init(s) || s->in_handshake)
+ {
+ dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), rr->seq_num);
+ }
rr->length = 0;
s->packet_length = 0;
goto again;
}
- if ( ! dtls1_process_record(s))
- return(0);
+ if (!dtls1_process_record(s))
+ {
+ rr->length = 0;
+ s->packet_length = 0; /* dump this record */
+ goto again; /* get another record */
+ }
dtls1_clear_timeouts(s); /* done waiting */
return(1);
@@ -809,7 +807,7 @@ start:
* buffer the application data for later processing rather
* than dropping the connection.
*/
- dtls1_buffer_record(s, &(s->d1->buffered_app_data), 0);
+ dtls1_buffer_record(s, &(s->d1->buffered_app_data), rr->seq_num);
rr->length = 0;
goto start;
}
diff --git a/openssl/ssl/dtls1.h b/openssl/ssl/dtls1.h
index af363a984..2900d1d8a 100644
--- a/openssl/ssl/dtls1.h
+++ b/openssl/ssl/dtls1.h
@@ -167,6 +167,7 @@ typedef struct hm_fragment_st
{
struct hm_header_st msg_header;
unsigned char *fragment;
+ unsigned char *reassembly;
} hm_fragment;
typedef struct dtls1_state_st
diff --git a/openssl/ssl/ssl-lib.com b/openssl/ssl/ssl-lib.com
index 85ab2f61f..c5ca9e1df 100644
--- a/openssl/ssl/ssl-lib.com
+++ b/openssl/ssl/ssl-lib.com
@@ -30,7 +30,7 @@ $! VAXC For VAX C.
$! DECC For DEC C.
$! GNUC For GNU C.
$!
-$! If you don't speficy a compiler, it will try to determine which
+$! If you don't specify a compiler, it will try to determine which
$! "C" compiler to use.
$!
$! P4, if defined, sets a TCP/IP library to use, through one of the following
@@ -55,7 +55,7 @@ $ THEN
$!
$! The Architecture Is VAX.
$!
-$ ARCH := VAX
+$ ARCH = "VAX"
$!
$! Else...
$!
@@ -524,12 +524,12 @@ $! Else...
$!
$ ELSE
$!
-$! Else, Check To See If P1 Has A Valid Arguement.
+$! Else, Check To See If P1 Has A Valid Argument.
$!
$ IF (P1.EQS."LIBRARY").OR.(P1.EQS."SSL_TASK")
$ THEN
$!
-$! A Valid Arguement.
+$! A Valid Argument.
$!
$ BUILDALL = P1
$!
@@ -557,7 +557,7 @@ $! Time To EXIT.
$!
$ EXIT
$!
-$! End The Valid Arguement Check.
+$! End The Valid Argument Check.
$!
$ ENDIF
$!
@@ -611,7 +611,7 @@ $! Time To EXIT.
$!
$ EXIT
$!
-$! End The Valid Arguement Check.
+$! End The Valid Argument Check.
$!
$ ENDIF
$!
@@ -893,7 +893,7 @@ $! Show user the result
$!
$ WRITE/SYMBOL SYS$OUTPUT "Main Compiling Command: ",CC
$!
-$! Else The User Entered An Invalid Arguement.
+$! Else The User Entered An Invalid Argument.
$!
$ ELSE
$!
@@ -994,7 +994,7 @@ $! Print info
$!
$ WRITE SYS$OUTPUT "TCP/IP library spec: ", TCPIP_LIB
$!
-$! Else The User Entered An Invalid Arguement.
+$! Else The User Entered An Invalid Argument.
$!
$ ELSE
$!
diff --git a/openssl/ssl/ssl_algs.c b/openssl/ssl/ssl_algs.c
index a26ae4395..0967b2dfe 100644
--- a/openssl/ssl/ssl_algs.c
+++ b/openssl/ssl/ssl_algs.c
@@ -105,6 +105,14 @@ int SSL_library_init(void)
EVP_add_digest_alias(SN_sha1,"ssl3-sha1");
EVP_add_digest_alias(SN_sha1WithRSAEncryption,SN_sha1WithRSA);
#endif
+#ifndef OPENSSL_NO_SHA256
+ EVP_add_digest(EVP_sha224());
+ EVP_add_digest(EVP_sha256());
+#endif
+#ifndef OPENSSL_NO_SHA512
+ EVP_add_digest(EVP_sha384());
+ EVP_add_digest(EVP_sha512());
+#endif
#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_DSA)
EVP_add_digest(EVP_dss1()); /* DSA with sha1 */
EVP_add_digest_alias(SN_dsaWithSHA1,SN_dsaWithSHA1_2);
diff --git a/openssl/ssl/t1_enc.c b/openssl/ssl/t1_enc.c
index d9cb059d0..9719541f2 100644
--- a/openssl/ssl/t1_enc.c
+++ b/openssl/ssl/t1_enc.c
@@ -148,7 +148,7 @@
#endif
/* seed1 through seed5 are virtually concatenated */
-static void tls1_P_hash(const EVP_MD *md, const unsigned char *sec,
+static int tls1_P_hash(const EVP_MD *md, const unsigned char *sec,
int sec_len,
const void *seed1, int seed1_len,
const void *seed2, int seed2_len,
@@ -163,55 +163,79 @@ static void tls1_P_hash(const EVP_MD *md, const unsigned char *sec,
HMAC_CTX ctx_tmp;
unsigned char A1[EVP_MAX_MD_SIZE];
unsigned int A1_len;
+ int ret = 0;
chunk=EVP_MD_size(md);
OPENSSL_assert(chunk >= 0);
HMAC_CTX_init(&ctx);
HMAC_CTX_init(&ctx_tmp);
- HMAC_Init_ex(&ctx,sec,sec_len,md, NULL);
- HMAC_Init_ex(&ctx_tmp,sec,sec_len,md, NULL);
- if (seed1 != NULL) HMAC_Update(&ctx,seed1,seed1_len);
- if (seed2 != NULL) HMAC_Update(&ctx,seed2,seed2_len);
- if (seed3 != NULL) HMAC_Update(&ctx,seed3,seed3_len);
- if (seed4 != NULL) HMAC_Update(&ctx,seed4,seed4_len);
- if (seed5 != NULL) HMAC_Update(&ctx,seed5,seed5_len);
- HMAC_Final(&ctx,A1,&A1_len);
+ if (!HMAC_Init_ex(&ctx,sec,sec_len,md, NULL))
+ goto err;
+ if (!HMAC_Init_ex(&ctx_tmp,sec,sec_len,md, NULL))
+ goto err;
+ if (seed1 != NULL && !HMAC_Update(&ctx,seed1,seed1_len))
+ goto err;
+ if (seed2 != NULL && !HMAC_Update(&ctx,seed2,seed2_len))
+ goto err;
+ if (seed3 != NULL && !HMAC_Update(&ctx,seed3,seed3_len))
+ goto err;
+ if (seed4 != NULL && !HMAC_Update(&ctx,seed4,seed4_len))
+ goto err;
+ if (seed5 != NULL && !HMAC_Update(&ctx,seed5,seed5_len))
+ goto err;
+ if (!HMAC_Final(&ctx,A1,&A1_len))
+ goto err;
n=0;
for (;;)
{
- HMAC_Init_ex(&ctx,NULL,0,NULL,NULL); /* re-init */
- HMAC_Init_ex(&ctx_tmp,NULL,0,NULL,NULL); /* re-init */
- HMAC_Update(&ctx,A1,A1_len);
- HMAC_Update(&ctx_tmp,A1,A1_len);
- if (seed1 != NULL) HMAC_Update(&ctx,seed1,seed1_len);
- if (seed2 != NULL) HMAC_Update(&ctx,seed2,seed2_len);
- if (seed3 != NULL) HMAC_Update(&ctx,seed3,seed3_len);
- if (seed4 != NULL) HMAC_Update(&ctx,seed4,seed4_len);
- if (seed5 != NULL) HMAC_Update(&ctx,seed5,seed5_len);
+ if (!HMAC_Init_ex(&ctx,NULL,0,NULL,NULL)) /* re-init */
+ goto err;
+ if (!HMAC_Init_ex(&ctx_tmp,NULL,0,NULL,NULL)) /* re-init */
+ goto err;
+ if (!HMAC_Update(&ctx,A1,A1_len))
+ goto err;
+ if (!HMAC_Update(&ctx_tmp,A1,A1_len))
+ goto err;
+ if (seed1 != NULL && !HMAC_Update(&ctx,seed1,seed1_len))
+ goto err;
+ if (seed2 != NULL && !HMAC_Update(&ctx,seed2,seed2_len))
+ goto err;
+ if (seed3 != NULL && !HMAC_Update(&ctx,seed3,seed3_len))
+ goto err;
+ if (seed4 != NULL && !HMAC_Update(&ctx,seed4,seed4_len))
+ goto err;
+ if (seed5 != NULL && !HMAC_Update(&ctx,seed5,seed5_len))
+ goto err;
if (olen > chunk)
{
- HMAC_Final(&ctx,out,&j);
+ if (!HMAC_Final(&ctx,out,&j))
+ goto err;
out+=j;
olen-=j;
- HMAC_Final(&ctx_tmp,A1,&A1_len); /* calc the next A1 value */
+ if (!HMAC_Final(&ctx_tmp,A1,&A1_len)) /* calc the next A1 value */
+ goto err;
}
else /* last one */
{
- HMAC_Final(&ctx,A1,&A1_len);
+ if (!HMAC_Final(&ctx,A1,&A1_len))
+ goto err;
memcpy(out,A1,olen);
break;
}
}
+ ret = 1;
+err:
HMAC_CTX_cleanup(&ctx);
HMAC_CTX_cleanup(&ctx_tmp);
OPENSSL_cleanse(A1,sizeof(A1));
+ return ret;
}
/* seed1 through seed5 are virtually concatenated */
-static void tls1_PRF(long digest_mask,
+static int tls1_PRF(long digest_mask,
const void *seed1, int seed1_len,
const void *seed2, int seed2_len,
const void *seed3, int seed3_len,
@@ -225,6 +249,7 @@ static void tls1_PRF(long digest_mask,
const unsigned char *S1;
long m;
const EVP_MD *md;
+ int ret = 0;
/* Count number of digests and partition sec evenly */
count=0;
@@ -239,11 +264,12 @@ static void tls1_PRF(long digest_mask,
if (!md) {
SSLerr(SSL_F_TLS1_PRF,
SSL_R_UNSUPPORTED_DIGEST_TYPE);
- return;
+ goto err;
}
- tls1_P_hash(md ,S1,len+(slen&1),
- seed1,seed1_len,seed2,seed2_len,seed3,seed3_len,seed4,seed4_len,seed5,seed5_len,
- out2,olen);
+ if (!tls1_P_hash(md ,S1,len+(slen&1),
+ seed1,seed1_len,seed2,seed2_len,seed3,seed3_len,seed4,seed4_len,seed5,seed5_len,
+ out2,olen))
+ goto err;
S1+=len;
for (i=0; i<olen; i++)
{
@@ -251,12 +277,15 @@ static void tls1_PRF(long digest_mask,
}
}
}
-
+ ret = 1;
+err:
+ return ret;
}
-static void tls1_generate_key_block(SSL *s, unsigned char *km,
+static int tls1_generate_key_block(SSL *s, unsigned char *km,
unsigned char *tmp, int num)
{
- tls1_PRF(s->s3->tmp.new_cipher->algorithm2,
+ int ret;
+ ret = tls1_PRF(s->s3->tmp.new_cipher->algorithm2,
TLS_MD_KEY_EXPANSION_CONST,TLS_MD_KEY_EXPANSION_CONST_SIZE,
s->s3->server_random,SSL3_RANDOM_SIZE,
s->s3->client_random,SSL3_RANDOM_SIZE,
@@ -274,6 +303,7 @@ static void tls1_generate_key_block(SSL *s, unsigned char *km,
}
printf("\n"); }
#endif /* KSSL_DEBUG */
+ return ret;
}
int tls1_change_cipher_state(SSL *s, int which)
@@ -461,22 +491,24 @@ printf("which = %04X\nmac key=",which);
/* In here I set both the read and write key/iv to the
* same value since only the correct one will be used :-).
*/
- tls1_PRF(s->s3->tmp.new_cipher->algorithm2,
- exp_label,exp_label_len,
- s->s3->client_random,SSL3_RANDOM_SIZE,
- s->s3->server_random,SSL3_RANDOM_SIZE,
- NULL,0,NULL,0,
- key,j,tmp1,tmp2,EVP_CIPHER_key_length(c));
+ if (!tls1_PRF(s->s3->tmp.new_cipher->algorithm2,
+ exp_label,exp_label_len,
+ s->s3->client_random,SSL3_RANDOM_SIZE,
+ s->s3->server_random,SSL3_RANDOM_SIZE,
+ NULL,0,NULL,0,
+ key,j,tmp1,tmp2,EVP_CIPHER_key_length(c)))
+ goto err2;
key=tmp1;
if (k > 0)
{
- tls1_PRF(s->s3->tmp.new_cipher->algorithm2,
- TLS_MD_IV_BLOCK_CONST,TLS_MD_IV_BLOCK_CONST_SIZE,
- s->s3->client_random,SSL3_RANDOM_SIZE,
- s->s3->server_random,SSL3_RANDOM_SIZE,
- NULL,0,NULL,0,
- empty,0,iv1,iv2,k*2);
+ if (!tls1_PRF(s->s3->tmp.new_cipher->algorithm2,
+ TLS_MD_IV_BLOCK_CONST,TLS_MD_IV_BLOCK_CONST_SIZE,
+ s->s3->client_random,SSL3_RANDOM_SIZE,
+ s->s3->server_random,SSL3_RANDOM_SIZE,
+ NULL,0,NULL,0,
+ empty,0,iv1,iv2,k*2))
+ goto err2;
if (client_write)
iv=iv1;
else
@@ -518,12 +550,13 @@ err2:
int tls1_setup_key_block(SSL *s)
{
- unsigned char *p1,*p2;
+ unsigned char *p1,*p2=NULL;
const EVP_CIPHER *c;
const EVP_MD *hash;
int num;
SSL_COMP *comp;
int mac_type= NID_undef,mac_secret_size=0;
+ int ret=0;
#ifdef KSSL_DEBUG
printf ("tls1_setup_key_block()\n");
@@ -548,13 +581,19 @@ int tls1_setup_key_block(SSL *s)
ssl3_cleanup_key_block(s);
if ((p1=(unsigned char *)OPENSSL_malloc(num)) == NULL)
+ {
+ SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK,ERR_R_MALLOC_FAILURE);
goto err;
- if ((p2=(unsigned char *)OPENSSL_malloc(num)) == NULL)
- goto err;
+ }
s->s3->tmp.key_block_length=num;
s->s3->tmp.key_block=p1;
+ if ((p2=(unsigned char *)OPENSSL_malloc(num)) == NULL)
+ {
+ SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK,ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
#ifdef TLS_DEBUG
printf("client random\n");
@@ -564,9 +603,8 @@ printf("server random\n");
printf("pre-master\n");
{ int z; for (z=0; z<s->session->master_key_length; z++) printf("%02X%c",s->session->master_key[z],((z+1)%16)?' ':'\n'); }
#endif
- tls1_generate_key_block(s,p1,p2,num);
- OPENSSL_cleanse(p2,num);
- OPENSSL_free(p2);
+ if (!tls1_generate_key_block(s,p1,p2,num))
+ goto err;
#ifdef TLS_DEBUG
printf("\nkey block\n");
{ int z; for (z=0; z<num; z++) printf("%02X%c",p1[z],((z+1)%16)?' ':'\n'); }
@@ -591,10 +629,14 @@ printf("\nkey block\n");
}
}
- return(1);
+ ret = 1;
err:
- SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK,ERR_R_MALLOC_FAILURE);
- return(0);
+ if (p2)
+ {
+ OPENSSL_cleanse(p2,num);
+ OPENSSL_free(p2);
+ }
+ return(ret);
}
int tls1_enc(SSL *s, int send)
@@ -822,10 +864,11 @@ int tls1_final_finish_mac(SSL *s,
}
}
- tls1_PRF(s->s3->tmp.new_cipher->algorithm2,
- str,slen, buf,(int)(q-buf), NULL,0, NULL,0, NULL,0,
- s->session->master_key,s->session->master_key_length,
- out,buf2,sizeof buf2);
+ if (!tls1_PRF(s->s3->tmp.new_cipher->algorithm2,
+ str,slen, buf,(int)(q-buf), NULL,0, NULL,0, NULL,0,
+ s->session->master_key,s->session->master_key_length,
+ out,buf2,sizeof buf2))
+ err = 1;
EVP_MD_CTX_cleanup(&ctx);
if (err)