From 5f042374703a2263625c80de3c1b4b849652f939 Mon Sep 17 00:00:00 2001 From: Peter Avalos Date: Sun, 28 Feb 2010 00:07:00 +0000 Subject: [PATCH] Import OpenSSL-0.9.8m. This new OpenSSL version is a security and bugfix release which implements RFC5746 to address renegotiation vulnerabilities mentioned in CVE-2009-3555. For a complete list of changes, please see the CHANGES file. --- crypto/openssl/CHANGES | 177 ++++- crypto/openssl/FAQ | 2 +- crypto/openssl/NEWS | 14 +- crypto/openssl/README | 27 +- crypto/openssl/README.DELETED | 19 +- crypto/openssl/apps/CA.pl | 2 +- crypto/openssl/apps/CA.sh | 121 +++- crypto/openssl/apps/apps.c | 2 + crypto/openssl/apps/ca.c | 69 +- crypto/openssl/apps/dsa.c | 2 +- crypto/openssl/apps/dsaparam.c | 6 + crypto/openssl/apps/enc.c | 7 +- crypto/openssl/apps/gendsa.c | 6 + crypto/openssl/apps/genrsa.c | 8 +- crypto/openssl/apps/openssl.c | 10 +- crypto/openssl/apps/pkcs12.c | 6 + crypto/openssl/apps/req.c | 6 +- crypto/openssl/apps/s_apps.h | 3 + crypto/openssl/apps/s_cb.c | 105 ++- crypto/openssl/apps/s_client.c | 43 +- crypto/openssl/apps/s_server.c | 56 +- crypto/openssl/apps/s_socket.c | 6 + crypto/openssl/apps/speed.c | 26 +- crypto/openssl/apps/x509.c | 1 + crypto/openssl/crypto/aes/aes_cfb.c | 1 - crypto/openssl/crypto/asn1/a_mbstr.c | 2 +- crypto/openssl/crypto/asn1/a_object.c | 11 + crypto/openssl/crypto/asn1/asn1.h | 8 +- crypto/openssl/crypto/asn1/asn1_err.c | 2 +- crypto/openssl/crypto/asn1/asn1_gen.c | 9 +- crypto/openssl/crypto/asn1/asn1_par.c | 2 +- crypto/openssl/crypto/asn1/t_x509.c | 17 +- crypto/openssl/crypto/bio/bio.h | 9 +- crypto/openssl/crypto/bio/bss_dgram.c | 243 ++++++- crypto/openssl/crypto/bio/bss_file.c | 11 +- crypto/openssl/crypto/bn/bn_div.c | 5 +- crypto/openssl/crypto/bn/bn_exp.c | 3 +- crypto/openssl/crypto/bn/bn_gf2m.c | 3 +- crypto/openssl/crypto/bn/bn_mul.c | 10 +- crypto/openssl/crypto/cast/c_cfb64.c | 3 +- crypto/openssl/crypto/cast/c_ecb.c | 3 +- crypto/openssl/crypto/cast/c_enc.c | 13 +- crypto/openssl/crypto/cast/c_ofb64.c | 3 +- crypto/openssl/crypto/cast/cast.h | 12 +- crypto/openssl/crypto/cms/cms_ess.c | 4 +- crypto/openssl/crypto/cms/cms_lib.c | 6 +- crypto/openssl/crypto/comp/c_zlib.c | 17 +- crypto/openssl/crypto/cryptlib.c | 2 +- crypto/openssl/crypto/dsa/dsa_asn1.c | 2 + crypto/openssl/crypto/dsa/dsa_lib.c | 2 +- crypto/openssl/crypto/dso/dso_dlfcn.c | 28 +- crypto/openssl/crypto/ec/ec2_smpl.c | 10 +- crypto/openssl/crypto/ecdsa/ecs_ossl.c | 54 +- crypto/openssl/crypto/ecdsa/ecs_sign.c | 2 + crypto/openssl/crypto/engine/eng_cnf.c | 17 +- crypto/openssl/crypto/engine/eng_cryptodev.c | 34 +- crypto/openssl/crypto/engine/eng_ctrl.c | 8 +- crypto/openssl/crypto/engine/eng_err.c | 3 +- crypto/openssl/crypto/engine/eng_table.c | 3 +- crypto/openssl/crypto/engine/engine.h | 3 + crypto/openssl/crypto/err/err_all.c | 2 + crypto/openssl/crypto/evp/c_allc.c | 2 + crypto/openssl/crypto/evp/c_alld.c | 3 - crypto/openssl/crypto/evp/digest.c | 23 +- crypto/openssl/crypto/evp/evp_lib.c | 6 + crypto/openssl/crypto/evp/evp_locl.h | 12 +- crypto/openssl/crypto/lhash/lhash.c | 58 +- crypto/openssl/crypto/o_init.c | 7 +- crypto/openssl/crypto/objects/obj_dat.c | 11 +- crypto/openssl/crypto/objects/obj_dat.h | 253 ++++++- crypto/openssl/crypto/objects/obj_mac.h | 141 +++- crypto/openssl/crypto/ocsp/ocsp_prn.c | 4 +- crypto/openssl/crypto/opensslv.h | 6 +- crypto/openssl/crypto/pem/pem_seal.c | 2 +- crypto/openssl/crypto/pkcs12/p12_attr.c | 6 + crypto/openssl/crypto/pkcs12/p12_key.c | 6 + crypto/openssl/crypto/pkcs12/p12_utl.c | 6 + crypto/openssl/crypto/pkcs12/pkcs12.h | 7 +- crypto/openssl/crypto/pkcs7/pk7_mime.c | 662 +----------------- crypto/openssl/crypto/pqueue/pqueue.c | 14 + crypto/openssl/crypto/pqueue/pqueue.h | 1 + crypto/openssl/crypto/rand/randfile.c | 17 +- crypto/openssl/crypto/rsa/rsa_eng.c | 13 +- crypto/openssl/crypto/rsa/rsa_oaep.c | 14 +- crypto/openssl/crypto/rsa/rsa_pss.c | 2 +- crypto/openssl/crypto/rsa/rsa_sign.c | 10 +- crypto/openssl/crypto/sha/sha512.c | 9 + crypto/openssl/crypto/stack/safestack.h | 66 -- crypto/openssl/crypto/symhacks.h | 20 + crypto/openssl/crypto/ui/ui_openssl.c | 11 +- crypto/openssl/crypto/x509/by_dir.c | 5 +- crypto/openssl/crypto/x509/x509.h | 1 + crypto/openssl/crypto/x509/x509_lu.c | 66 +- crypto/openssl/crypto/x509/x509_vfy.c | 14 +- crypto/openssl/crypto/x509/x509_vfy.h | 3 + crypto/openssl/crypto/x509/x509_vpm.c | 6 +- crypto/openssl/crypto/x509v3/pcy_tree.c | 2 +- crypto/openssl/crypto/x509v3/v3_alt.c | 3 + crypto/openssl/crypto/x509v3/v3_ocsp.c | 20 +- crypto/openssl/doc/apps/enc.pod | 10 +- crypto/openssl/doc/apps/verify.pod | 17 +- .../doc/crypto/ASN1_generate_nconf.pod | 2 +- crypto/openssl/doc/crypto/EVP_DigestInit.pod | 6 +- crypto/openssl/doc/crypto/PKCS12_parse.pod | 31 +- crypto/openssl/doc/crypto/bn_internal.pod | 28 +- crypto/openssl/doc/crypto/d2i_X509.pod | 12 +- crypto/openssl/doc/crypto/d2i_X509_CRL.pod | 4 +- crypto/openssl/doc/crypto/d2i_X509_REQ.pod | 4 +- crypto/openssl/doc/crypto/hmac.pod | 2 - crypto/openssl/doc/crypto/pem.pod | 2 +- .../openssl/doc/ssl/SSL_CIPHER_get_name.pod | 2 +- .../openssl/doc/ssl/SSL_CTX_set_options.pod | 120 +++- crypto/openssl/engines/e_ubsec.c | 4 +- crypto/openssl/ssl/d1_both.c | 283 +++++--- crypto/openssl/ssl/d1_clnt.c | 104 ++- crypto/openssl/ssl/d1_enc.c | 2 +- crypto/openssl/ssl/d1_lib.c | 199 +++++- crypto/openssl/ssl/d1_pkt.c | 229 +++--- crypto/openssl/ssl/d1_srvr.c | 228 +++++- crypto/openssl/ssl/dtls1.h | 52 +- crypto/openssl/ssl/kssl.c | 5 - crypto/openssl/ssl/s23_clnt.c | 5 +- crypto/openssl/ssl/s23_srvr.c | 9 +- crypto/openssl/ssl/s2_srvr.c | 2 +- crypto/openssl/ssl/s3_both.c | 127 ++-- crypto/openssl/ssl/s3_clnt.c | 59 +- crypto/openssl/ssl/s3_lib.c | 20 +- crypto/openssl/ssl/s3_pkt.c | 61 +- crypto/openssl/ssl/s3_srvr.c | 92 ++- crypto/openssl/ssl/ssl.h | 50 +- crypto/openssl/ssl/ssl3.h | 18 +- crypto/openssl/ssl/ssl_algs.c | 3 - crypto/openssl/ssl/ssl_asn1.c | 65 +- crypto/openssl/ssl/ssl_cert.c | 7 +- crypto/openssl/ssl/ssl_ciph.c | 3 +- crypto/openssl/ssl/ssl_err.c | 15 + crypto/openssl/ssl/ssl_lib.c | 60 +- crypto/openssl/ssl/ssl_locl.h | 27 +- crypto/openssl/ssl/ssl_rsa.c | 2 +- crypto/openssl/ssl/ssl_sess.c | 7 +- crypto/openssl/ssl/ssl_stat.c | 11 + crypto/openssl/ssl/ssl_txt.c | 8 +- crypto/openssl/ssl/t1_enc.c | 6 +- crypto/openssl/ssl/t1_lib.c | 156 ++++- crypto/openssl/ssl/{d1_enc.c => t1_reneg.c} | 434 ++++++------ crypto/openssl/ssl/tls1.h | 7 +- 146 files changed, 3546 insertions(+), 1857 deletions(-) copy crypto/openssl/ssl/{d1_enc.c => t1_reneg.c} (52%) diff --git a/crypto/openssl/CHANGES b/crypto/openssl/CHANGES index 3c9f51c5b7..97b3810f40 100644 --- a/crypto/openssl/CHANGES +++ b/crypto/openssl/CHANGES @@ -2,6 +2,166 @@ OpenSSL CHANGES _______________ + Changes between 0.9.8l and 0.9.8m [25 Feb 2010] + + *) Always check bn_wexpend() return values for failure. (CVE-2009-3245) + [Martin Olsson, Neel Mehta] + + *) Fix X509_STORE locking: Every 'objs' access requires a lock (to + accommodate for stack sorting, always a write lock!). + [Bodo Moeller] + + *) On some versions of WIN32 Heap32Next is very slow. This can cause + excessive delays in the RAND_poll(): over a minute. As a workaround + include a time check in the inner Heap32Next loop too. + [Steve Henson] + + *) The code that handled flushing of data in SSL/TLS originally used the + BIO_CTRL_INFO ctrl to see if any data was pending first. This caused + the problem outlined in PR#1949. The fix suggested there however can + trigger problems with buggy BIO_CTRL_WPENDING (e.g. some versions + of Apache). So instead simplify the code to flush unconditionally. + This should be fine since flushing with no data to flush is a no op. + [Steve Henson] + + *) Handle TLS versions 2.0 and later properly and correctly use the + highest version of TLS/SSL supported. Although TLS >= 2.0 is some way + off ancient servers have a habit of sticking around for a while... + [Steve Henson] + + *) Modify compression code so it frees up structures without using the + ex_data callbacks. This works around a problem where some applications + call CRYPTO_cleanup_all_ex_data() before application exit (e.g. when + restarting) then use compression (e.g. SSL with compression) later. + This results in significant per-connection memory leaks and + has caused some security issues including CVE-2008-1678 and + CVE-2009-4355. + [Steve Henson] + + *) Constify crypto/cast (i.e., ): a CAST_KEY doesn't + change when encrypting or decrypting. + [Bodo Moeller] + + *) Add option SSL_OP_LEGACY_SERVER_CONNECT which will allow clients to + connect and renegotiate with servers which do not support RI. + Until RI is more widely deployed this option is enabled by default. + [Steve Henson] + + *) Add "missing" ssl ctrls to clear options and mode. + [Steve Henson] + + *) If client attempts to renegotiate and doesn't support RI respond with + a no_renegotiation alert as required by RFC5746. Some renegotiating + TLS clients will continue a connection gracefully when they receive + the alert. Unfortunately OpenSSL mishandled this alert and would hang + waiting for a server hello which it will never receive. Now we treat a + received no_renegotiation alert as a fatal error. This is because + applications requesting a renegotiation might well expect it to succeed + and would have no code in place to handle the server denying it so the + only safe thing to do is to terminate the connection. + [Steve Henson] + + *) Add ctrl macro SSL_get_secure_renegotiation_support() which returns 1 if + peer supports secure renegotiation and 0 otherwise. Print out peer + renegotiation support in s_client/s_server. + [Steve Henson] + + *) Replace the highly broken and deprecated SPKAC certification method with + the updated NID creation version. This should correctly handle UTF8. + [Steve Henson] + + *) Implement RFC5746. Re-enable renegotiation but require the extension + as needed. Unfortunately, SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION + turns out to be a bad idea. It has been replaced by + SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION which can be set with + SSL_CTX_set_options(). This is really not recommended unless you + know what you are doing. + [Eric Rescorla , Ben Laurie, Steve Henson] + + *) Fixes to stateless session resumption handling. Use initial_ctx when + issuing and attempting to decrypt tickets in case it has changed during + servername handling. Use a non-zero length session ID when attempting + stateless session resumption: this makes it possible to determine if + a resumption has occurred immediately after receiving server hello + (several places in OpenSSL subtly assume this) instead of later in + the handshake. + [Steve Henson] + + *) The functions ENGINE_ctrl(), OPENSSL_isservice(), + CMS_get1_RecipientRequest() and RAND_bytes() can return <=0 on error + fixes for a few places where the return code is not checked + correctly. + [Julia Lawall ] + + *) Add --strict-warnings option to Configure script to include devteam + warnings in other configurations. + [Steve Henson] + + *) Add support for --libdir option and LIBDIR variable in makefiles. This + makes it possible to install openssl libraries in locations which + have names other than "lib", for example "/usr/lib64" which some + systems need. + [Steve Henson, based on patch from Jeremy Utley] + + *) Don't allow the use of leading 0x80 in OIDs. This is a violation of + X690 8.9.12 and can produce some misleading textual output of OIDs. + [Steve Henson, reported by Dan Kaminsky] + + *) Delete MD2 from algorithm tables. This follows the recommendation in + several standards that it is not used in new applications due to + several cryptographic weaknesses. For binary compatibility reasons + the MD2 API is still compiled in by default. + [Steve Henson] + + *) Add compression id to {d2i,i2d}_SSL_SESSION so it is correctly saved + and restored. + [Steve Henson] + + *) Rename uni2asc and asc2uni functions to OPENSSL_uni2asc and + OPENSSL_asc2uni conditionally on Netware platforms to avoid a name + clash. + [Guenter ] + + *) Fix the server certificate chain building code to use X509_verify_cert(), + it used to have an ad-hoc builder which was unable to cope with anything + other than a simple chain. + [David Woodhouse , Steve Henson] + + *) Don't check self signed certificate signatures in X509_verify_cert() + by default (a flag can override this): it just wastes time without + adding any security. As a useful side effect self signed root CAs + with non-FIPS digests are now usable in FIPS mode. + [Steve Henson] + + *) In dtls1_process_out_of_seq_message() the check if the current message + is already buffered was missing. For every new message was memory + allocated, allowing an attacker to perform an denial of service attack + with sending out of seq handshake messages until there is no memory + left. Additionally every future messege was buffered, even if the + sequence number made no sense and would be part of another handshake. + So only messages with sequence numbers less than 10 in advance will be + buffered. (CVE-2009-1378) + [Robin Seggelmann, discovered by Daniel Mentz] + + *) Records are buffered if they arrive with a future epoch to be + processed after finishing the corresponding handshake. There is + currently no limitation to this buffer allowing an attacker to perform + a DOS attack with sending records with future epochs until there is no + memory left. This patch adds the pqueue_size() function to detemine + the size of a buffer and limits the record buffer to 100 entries. + (CVE-2009-1377) + [Robin Seggelmann, discovered by Daniel Mentz] + + *) Keep a copy of frag->msg_header.frag_len so it can be used after the + parent structure is freed. (CVE-2009-1379) + [Daniel Mentz] + + *) Handle non-blocking I/O properly in SSL_shutdown() call. + [Darryl Miles ] + + *) Add 2.5.4.* OIDs + [Ilya O. ] + Changes between 0.9.8k and 0.9.8l [5 Nov 2009] *) Disable renegotiation completely - this fixes a severe security @@ -96,6 +256,10 @@ Changes between 0.9.8h and 0.9.8i [15 Sep 2008] + *) Fix NULL pointer dereference if a DTLS server received + ChangeCipherSpec as first record (CVE-2009-1386). + [PR #1679] + *) Fix a state transitition in s3_srvr.c and d1_srvr.c (was using SSL3_ST_CW_CLNT_HELLO_B, should be ..._ST_SW_SRVR_...). [Nagendra Modadugu] @@ -1499,19 +1663,6 @@ differing sizes. [Richard Levitte] - Changes between 0.9.7m and 0.9.7n [xx XXX xxxx] - - *) In the SSL/TLS server implementation, be strict about session ID - context matching (which matters if an application uses a single - external cache for different purposes). Previously, - out-of-context reuse was forbidden only if SSL_VERIFY_PEER was - set. This did ensure strict client verification, but meant that, - with applications using a single external cache for quite - different requirements, clients could circumvent ciphersuite - restrictions for a given session ID context by starting a session - in a different context. - [Bodo Moeller] - Changes between 0.9.7l and 0.9.7m [23 Feb 2007] *) Cleanse PEM buffers before freeing them since they may contain diff --git a/crypto/openssl/FAQ b/crypto/openssl/FAQ index 93613bb19b..8041479c7e 100644 --- a/crypto/openssl/FAQ +++ b/crypto/openssl/FAQ @@ -78,7 +78,7 @@ OpenSSL - Frequently Asked Questions * Which is the current version of OpenSSL? The current version is available from . -OpenSSL 0.9.8l was released on Nov 5th, 2009. +OpenSSL 0.9.8m was released on Feb 25th, 2010. In addition to the current stable release, you can also access daily snapshots of the OpenSSL development version at /dev/null 1>/dev/null + if [ $? -eq 0 ] ; then + echo $line >>$outfile + break + else + echo $line >>$outfile + fi + fi + + echo $line|grep "^-----BEGIN.*$bound" 2>/dev/null 1>/dev/null + if [ $? -eq 0 ]; then + echo $line >$outfile + flag=1 + fi + done +} + +usage() { + echo "usage: $0 -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify" >&2 +} if [ -z "$OPENSSL" ]; then OPENSSL=openssl; fi -DAYS="-days 365" # 1 year +if [ -z "$DAYS" ] ; then DAYS="-days 365" ; fi # 1 year CADAYS="-days 1095" # 3 years REQ="$OPENSSL req $SSLEAY_CONFIG" CA="$OPENSSL ca $SSLEAY_CONFIG" VERIFY="$OPENSSL verify" X509="$OPENSSL x509" +PKCS12="openssl pkcs12" -CATOP=./demoCA +if [ -z "$CATOP" ] ; then CATOP=./demoCA ; fi CAKEY=./cakey.pem CAREQ=./careq.pem CACERT=./cacert.pem -for i -do -case $i in +RET=0 + +while [ "$1" != "" ] ; do +case $1 in -\?|-h|-help) - echo "usage: CA -newcert|-newreq|-newca|-sign|-verify" >&2 + usage exit 0 ;; --newcert) +-newcert) # create a certificate $REQ -new -x509 -keyout newkey.pem -out newcert.pem $DAYS RET=$? echo "Certificate is in newcert.pem, private key is in newkey.pem" ;; --newreq) +-newreq) # create a certificate request $REQ -new -keyout newkey.pem -out newreq.pem $DAYS RET=$? echo "Request is in newreq.pem, private key is in newkey.pem" ;; --newca) +-newreq-nodes) + # create a certificate request + $REQ -new -nodes -keyout newreq.pem -out newreq.pem $DAYS + RET=$? + echo "Request (and private key) is in newreq.pem" + ;; +-newca) # if explicitly asked for or it doesn't exist then setup the directory - # structure that Eric likes to manage things + # structure that Eric likes to manage things NEW="1" if [ "$NEW" -o ! -f ${CATOP}/serial ]; then # create the directory hierarchy - mkdir ${CATOP} - mkdir ${CATOP}/certs - mkdir ${CATOP}/crl - mkdir ${CATOP}/newcerts - mkdir ${CATOP}/private - echo "00" > ${CATOP}/serial + mkdir -p ${CATOP} + mkdir -p ${CATOP}/certs + mkdir -p ${CATOP}/crl + mkdir -p ${CATOP}/newcerts + mkdir -p ${CATOP}/private touch ${CATOP}/index.txt fi if [ ! -f ${CATOP}/private/$CAKEY ]; then @@ -83,37 +118,60 @@ case $i in # ask user for existing CA certificate if [ "$FILE" ]; then - cp $FILE ${CATOP}/private/$CAKEY + cp_pem $FILE ${CATOP}/private/$CAKEY PRIVATE + cp_pem $FILE ${CATOP}/$CACERT CERTIFICATE RET=$? + if [ ! -f "${CATOP}/serial" ]; then + $X509 -in ${CATOP}/$CACERT -noout -next_serial \ + -out ${CATOP}/serial + fi else echo "Making CA certificate ..." $REQ -new -keyout ${CATOP}/private/$CAKEY \ -out ${CATOP}/$CAREQ - $CA -out ${CATOP}/$CACERT $CADAYS -batch \ + $CA -create_serial -out ${CATOP}/$CACERT $CADAYS -batch \ -keyfile ${CATOP}/private/$CAKEY -selfsign \ - -infiles ${CATOP}/$CAREQ + -extensions v3_ca \ + -infiles ${CATOP}/$CAREQ RET=$? fi fi ;; -xsign) - $CA -policy policy_anything -infiles newreq.pem + $CA -policy policy_anything -infiles newreq.pem RET=$? ;; --sign|-signreq) +-pkcs12) + if [ -z "$2" ] ; then + CNAME="My Certificate" + else + CNAME="$2" + fi + $PKCS12 -in newcert.pem -inkey newreq.pem -certfile ${CATOP}/$CACERT \ + -out newcert.p12 -export -name "$CNAME" + RET=$? + exit $RET + ;; +-sign|-signreq) $CA -policy policy_anything -out newcert.pem -infiles newreq.pem RET=$? cat newcert.pem echo "Signed certificate is in newcert.pem" ;; --signcert) +-signCA) + $CA -policy policy_anything -out newcert.pem -extensions v3_ca -infiles newreq.pem + RET=$? + echo "Signed CA certificate is in newcert.pem" + ;; +-signcert) echo "Cert passphrase will be requested twice - bug?" $X509 -x509toreq -in newreq.pem -signkey newreq.pem -out tmp.pem $CA -policy policy_anything -out newcert.pem -infiles tmp.pem + RET=$? cat newcert.pem echo "Signed certificate is in newcert.pem" ;; --verify) +-verify) shift if [ -z "$1" ]; then $VERIFY -CAfile $CATOP/$CACERT newcert.pem @@ -127,13 +185,14 @@ case $i in fi done fi - exit 0 + exit $RET ;; *) - echo "Unknown arg $i"; + echo "Unknown arg $i" >&2 + usage exit 1 ;; esac +shift done exit $RET - diff --git a/crypto/openssl/apps/apps.c b/crypto/openssl/apps/apps.c index 498722a5a2..35b62b8b09 100644 --- a/crypto/openssl/apps/apps.c +++ b/crypto/openssl/apps/apps.c @@ -2261,6 +2261,8 @@ int args_verify(char ***pargs, int *pargc, flags |= X509_V_FLAG_X509_STRICT; else if (!strcmp(arg, "-policy_print")) flags |= X509_V_FLAG_NOTIFY_POLICY; + else if (!strcmp(arg, "-check_ss_sig")) + flags |= X509_V_FLAG_CHECK_SS_SIGNATURE; else return 0; diff --git a/crypto/openssl/apps/ca.c b/crypto/openssl/apps/ca.c index 68516ee9bd..651c5a648a 100644 --- a/crypto/openssl/apps/ca.c +++ b/crypto/openssl/apps/ca.c @@ -216,7 +216,6 @@ static int certify_spkac(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509, char *startdate, char *enddate, long days, char *ext_sect, CONF *conf, int verbose, unsigned long certopt, unsigned long nameopt, int default_op, int ext_copy); -static int fix_data(int nid, int *type); static void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext); static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial,char *subj,unsigned long chtype, int multirdn, @@ -227,7 +226,7 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, static int do_revoke(X509 *x509, CA_DB *db, int ext, char *extval); static int get_certificate_status(const char *ser_status, CA_DB *db); static int do_updatedb(CA_DB *db); -static int check_time_format(char *str); +static int check_time_format(const char *str); char *make_revocation_str(int rev_type, char *rev_arg); int make_revoked(X509_REVOKED *rev, const char *str); int old_entry_print(BIO *bp, ASN1_OBJECT *obj, ASN1_STRING *str); @@ -858,8 +857,8 @@ bad: perror(outdir); goto err; } -#ifdef S_IFDIR - if (!(sb.st_mode & S_IFDIR)) +#ifdef S_ISDIR + if (!S_ISDIR(sb.st_mode)) { BIO_printf(bio_err,"%s need to be a directory\n",outdir); perror(outdir); @@ -895,7 +894,7 @@ bad: BIO_printf(bio_err," in entry %d\n", i+1); goto err; } - if (!check_time_format((char *)pp[DB_exp_date])) + if (!check_time_format(pp[DB_exp_date])) { BIO_printf(bio_err,"entry %d: invalid expiry date\n",i+1); goto err; @@ -1249,7 +1248,12 @@ bad: BIO_printf(bio_err,"\n%d out of %d certificate requests certified, commit? [y/n]",total_done,total); (void)BIO_flush(bio_err); buf[0][0]='\0'; - fgets(buf[0],10,stdin); + if (!fgets(buf[0],10,stdin)) + { + BIO_printf(bio_err,"CERTIFICATION CANCELED: I/O error\n"); + ret=0; + goto err; + } if ((buf[0][0] != 'y') && (buf[0][0] != 'Y')) { BIO_printf(bio_err,"CERTIFICATION CANCELED\n"); @@ -2091,7 +2095,7 @@ again2: } BIO_printf(bio_err,"Certificate is to be certified until "); - ASN1_UTCTIME_print(bio_err,X509_get_notAfter(ret)); + ASN1_TIME_print(bio_err,X509_get_notAfter(ret)); if (days) BIO_printf(bio_err," (%ld days)",days); BIO_printf(bio_err, "\n"); @@ -2101,7 +2105,12 @@ again2: BIO_printf(bio_err,"Sign the certificate? [y/n]:"); (void)BIO_flush(bio_err); buf[0]='\0'; - fgets(buf,sizeof(buf)-1,stdin); + if (!fgets(buf,sizeof(buf)-1,stdin)) + { + BIO_printf(bio_err,"CERTIFICATE WILL NOT BE CERTIFIED: I/O error\n"); + ok=0; + goto err; + } if (!((buf[0] == 'y') || (buf[0] == 'Y'))) { BIO_printf(bio_err,"CERTIFICATE WILL NOT BE CERTIFIED\n"); @@ -2317,25 +2326,9 @@ static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, continue; } - /* - if ((nid == NID_pkcs9_emailAddress) && (email_dn == 0)) - continue; - */ - - j=ASN1_PRINTABLE_type((unsigned char *)buf,-1); - if (fix_data(nid, &j) == 0) - { - BIO_printf(bio_err, - "invalid characters in string %s\n",buf); - goto err; - } - - if ((ne=X509_NAME_ENTRY_create_by_NID(&ne,nid,j, - (unsigned char *)buf, - strlen(buf))) == NULL) + if (!X509_NAME_add_entry_by_NID(n, nid, chtype, + (unsigned char *)buf, -1, -1, 0)) goto err; - - if (!X509_NAME_add_entry(n,ne,-1, 0)) goto err; } if (spki == NULL) { @@ -2378,29 +2371,17 @@ err: return(ok); } -static int fix_data(int nid, int *type) - { - if (nid == NID_pkcs9_emailAddress) - *type=V_ASN1_IA5STRING; - if ((nid == NID_commonName) && (*type == V_ASN1_IA5STRING)) - *type=V_ASN1_T61STRING; - if ((nid == NID_pkcs9_challengePassword) && (*type == V_ASN1_IA5STRING)) - *type=V_ASN1_T61STRING; - if ((nid == NID_pkcs9_unstructuredName) && (*type == V_ASN1_T61STRING)) - return(0); - if (nid == NID_pkcs9_unstructuredName) - *type=V_ASN1_IA5STRING; - return(1); - } - -static int check_time_format(char *str) +static int check_time_format(const char *str) { - ASN1_UTCTIME tm; + ASN1_TIME tm; tm.data=(unsigned char *)str; tm.length=strlen(str); tm.type=V_ASN1_UTCTIME; - return(ASN1_UTCTIME_check(&tm)); + if (ASN1_TIME_check(&tm)) + return 1; + tm.type=V_ASN1_GENERALIZEDTIME; + return ASN1_TIME_check(&tm); } static int do_revoke(X509 *x509, CA_DB *db, int type, char *value) diff --git a/crypto/openssl/apps/dsa.c b/crypto/openssl/apps/dsa.c index cbc1fe3f81..5e68a56cfd 100644 --- a/crypto/openssl/apps/dsa.c +++ b/crypto/openssl/apps/dsa.c @@ -65,11 +65,11 @@ #include "apps.h" #include #include -#include #include #include #include #include +#include #undef PROG #define PROG dsa_main diff --git a/crypto/openssl/apps/dsaparam.c b/crypto/openssl/apps/dsaparam.c index c301e81af1..4305a739b3 100644 --- a/crypto/openssl/apps/dsaparam.c +++ b/crypto/openssl/apps/dsaparam.c @@ -475,4 +475,10 @@ static int MS_CALLBACK dsa_cb(int p, int n, BN_GENCB *cb) #endif return 1; } +#else /* !OPENSSL_NO_DSA */ + +# if PEDANTIC +static void *dummy=&dummy; +# endif + #endif diff --git a/crypto/openssl/apps/enc.c b/crypto/openssl/apps/enc.c index f4f9a4c4a4..8f5e5b8935 100644 --- a/crypto/openssl/apps/enc.c +++ b/crypto/openssl/apps/enc.c @@ -226,7 +226,12 @@ int MAIN(int argc, char **argv) goto bad; } buf[0]='\0'; - fgets(buf,sizeof buf,infile); + if (!fgets(buf,sizeof buf,infile)) + { + BIO_printf(bio_err,"unable to read key from '%s'\n", + file); + goto bad; + } fclose(infile); i=strlen(buf); if ((i > 0) && diff --git a/crypto/openssl/apps/gendsa.c b/crypto/openssl/apps/gendsa.c index 8a296c66e5..22c39629e5 100644 --- a/crypto/openssl/apps/gendsa.c +++ b/crypto/openssl/apps/gendsa.c @@ -279,4 +279,10 @@ end: apps_shutdown(); OPENSSL_EXIT(ret); } +#else /* !OPENSSL_NO_DSA */ + +# if PEDANTIC +static void *dummy=&dummy; +# endif + #endif diff --git a/crypto/openssl/apps/genrsa.c b/crypto/openssl/apps/genrsa.c index fdc0d4a07d..5759acbf9b 100644 --- a/crypto/openssl/apps/genrsa.c +++ b/crypto/openssl/apps/genrsa.c @@ -106,9 +106,9 @@ int MAIN(int argc, char **argv) char *inrand=NULL; BIO *out=NULL; BIGNUM *bn = BN_new(); - RSA *rsa = RSA_new(); + RSA *rsa = NULL; - if(!bn || !rsa) goto err; + if(!bn) goto err; apps_startup(); BN_GENCB_set(&cb, genrsa_cb, bio_err); @@ -269,6 +269,10 @@ bad: BIO_printf(bio_err,"Generating RSA private key, %d bit long modulus\n", num); + rsa = RSA_new(); + if (!rsa) + goto err; + if (use_x931) { BIGNUM *pubexp; diff --git a/crypto/openssl/apps/openssl.c b/crypto/openssl/apps/openssl.c index 7d2b476cf0..480fef9e14 100644 --- a/crypto/openssl/apps/openssl.c +++ b/crypto/openssl/apps/openssl.c @@ -235,16 +235,19 @@ int main(int Argc, char *Argv[]) in_FIPS_mode = 0; -#ifdef OPENSSL_FIPS if(getenv("OPENSSL_FIPS")) { +#ifdef OPENSSL_FIPS if (!FIPS_mode_set(1)) { ERR_load_crypto_strings(); ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE)); EXIT(1); } in_FIPS_mode = 1; - } +#else + fprintf(stderr, "FIPS mode not supported.\n"); + EXIT(1); #endif + } if (bio_err == NULL) if ((bio_err=BIO_new(BIO_s_file())) != NULL) @@ -333,7 +336,8 @@ int main(int Argc, char *Argv[]) else prompt="OpenSSL> "; fputs(prompt,stdout); fflush(stdout); - fgets(p,n,stdin); + if (!fgets(p,n,stdin)) + goto end; if (p[0] == '\0') goto end; i=strlen(p); if (i <= 1) break; diff --git a/crypto/openssl/apps/pkcs12.c b/crypto/openssl/apps/pkcs12.c index 248bc1154d..0db0b79765 100644 --- a/crypto/openssl/apps/pkcs12.c +++ b/crypto/openssl/apps/pkcs12.c @@ -68,6 +68,12 @@ #include #include +#ifdef OPENSSL_SYS_NETWARE +/* Rename these functions to avoid name clashes on NetWare OS */ +#define uni2asc OPENSSL_uni2asc +#define asc2uni OPENSSL_asc2uni +#endif + #define PROG pkcs12_main const EVP_CIPHER *enc; diff --git a/crypto/openssl/apps/req.c b/crypto/openssl/apps/req.c index 5ed08960c1..314197de83 100644 --- a/crypto/openssl/apps/req.c +++ b/crypto/openssl/apps/req.c @@ -1538,7 +1538,8 @@ start: buf[0]='\0'; if (!batch) { - fgets(buf,sizeof buf,stdin); + if (!fgets(buf,sizeof buf,stdin)) + return 0; } else { @@ -1596,7 +1597,8 @@ start: buf[0]='\0'; if (!batch) { - fgets(buf,sizeof buf,stdin); + if (!fgets(buf,sizeof buf,stdin)) + return 0; } else { diff --git a/crypto/openssl/apps/s_apps.h b/crypto/openssl/apps/s_apps.h index 08fbbc2229..f5a39bae66 100644 --- a/crypto/openssl/apps/s_apps.h +++ b/crypto/openssl/apps/s_apps.h @@ -171,3 +171,6 @@ void MS_CALLBACK tlsext_cb(SSL *s, int client_server, int type, unsigned char *data, int len, void *arg); #endif + +int MS_CALLBACK generate_cookie_callback(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len); +int MS_CALLBACK verify_cookie_callback(SSL *ssl, unsigned char *cookie, unsigned int cookie_len); diff --git a/crypto/openssl/apps/s_cb.c b/crypto/openssl/apps/s_cb.c index a512589e8c..97caffc401 100644 --- a/crypto/openssl/apps/s_cb.c +++ b/crypto/openssl/apps/s_cb.c @@ -117,12 +117,17 @@ #undef NON_MAIN #undef USE_SOCKETS #include +#include #include #include #include "s_apps.h" +#define COOKIE_SECRET_LENGTH 16 + int verify_depth=0; int verify_error=X509_V_OK; +unsigned char cookie_secret[COOKIE_SECRET_LENGTH]; +int cookie_initialized=0; int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx) { @@ -338,6 +343,12 @@ void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void * break; default: str_version = "???"; + case DTLS1_VERSION: + str_version = "DTLS 1.0 "; + break; + case DTLS1_BAD_VER: + str_version = "DTLS 1.0 (bad) "; + break; } if (version == SSL2_VERSION) @@ -401,7 +412,10 @@ void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void * } } - if (version == SSL3_VERSION || version == TLS1_VERSION) + if (version == SSL3_VERSION || + version == TLS1_VERSION || + version == DTLS1_VERSION || + version == DTLS1_BAD_VER) { switch (content_type) { @@ -540,6 +554,9 @@ void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void * case 15: str_details1 = ", CertificateVerify"; break; + case 3: + str_details1 = ", HelloVerifyRequest"; + break; case 16: str_details1 = ", ClientKeyExchange"; break; @@ -621,6 +638,9 @@ void MS_CALLBACK tlsext_cb(SSL *s, int client_server, int type, extname = "server ticket"; break; + case TLSEXT_TYPE_renegotiate: + extname = "renegotiate"; + break; default: extname = "unknown"; @@ -634,3 +654,86 @@ void MS_CALLBACK tlsext_cb(SSL *s, int client_server, int type, BIO_dump(bio, (char *)data, len); (void)BIO_flush(bio); } + +int MS_CALLBACK generate_cookie_callback(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len) + { + unsigned char *buffer, result[EVP_MAX_MD_SIZE]; + unsigned int length, resultlength; + struct sockaddr_in peer; + + /* Initialize a random secret */ + if (!cookie_initialized) + { + if (!RAND_bytes(cookie_secret, COOKIE_SECRET_LENGTH)) + { + BIO_printf(bio_err,"error setting random cookie secret\n"); + return 0; + } + cookie_initialized = 1; + } + + /* Read peer information */ + (void)BIO_dgram_get_peer(SSL_get_rbio(ssl), &peer); + + /* Create buffer with peer's address and port */ + length = sizeof(peer.sin_addr); + length += sizeof(peer.sin_port); + buffer = OPENSSL_malloc(length); + + if (buffer == NULL) + { + BIO_printf(bio_err,"out of memory\n"); + return 0; + } + + memcpy(buffer, &peer.sin_addr, sizeof(peer.sin_addr)); + memcpy(buffer + sizeof(peer.sin_addr), &peer.sin_port, sizeof(peer.sin_port)); + + /* Calculate HMAC of buffer using the secret */ + HMAC(EVP_sha1(), cookie_secret, COOKIE_SECRET_LENGTH, + buffer, length, result, &resultlength); + OPENSSL_free(buffer); + + memcpy(cookie, result, resultlength); + *cookie_len = resultlength; + + return 1; + } + +int MS_CALLBACK verify_cookie_callback(SSL *ssl, unsigned char *cookie, unsigned int cookie_len) + { + unsigned char *buffer, result[EVP_MAX_MD_SIZE]; + unsigned int length, resultlength; + struct sockaddr_in peer; + + /* If secret isn't initialized yet, the cookie can't be valid */ + if (!cookie_initialized) + return 0; + + /* Read peer information */ + (void)BIO_dgram_get_peer(SSL_get_rbio(ssl), &peer); + + /* Create buffer with peer's address and port */ + length = sizeof(peer.sin_addr); + length += sizeof(peer.sin_port); + buffer = (unsigned char*) OPENSSL_malloc(length); + + if (buffer == NULL) + { + BIO_printf(bio_err,"out of memory\n"); + return 0; + } + + memcpy(buffer, &peer.sin_addr, sizeof(peer.sin_addr)); + memcpy(buffer + sizeof(peer.sin_addr), &peer.sin_port, sizeof(peer.sin_port)); + + /* Calculate HMAC of buffer using the secret */ + HMAC(EVP_sha1(), cookie_secret, COOKIE_SECRET_LENGTH, + buffer, length, result, &resultlength); + OPENSSL_free(buffer); + + if (cookie_len == resultlength && memcmp(result, cookie, resultlength) == 0) + return 1; + + return 0; + } diff --git a/crypto/openssl/apps/s_client.c b/crypto/openssl/apps/s_client.c index 4974f5fc93..2f743f0a0a 100644 --- a/crypto/openssl/apps/s_client.c +++ b/crypto/openssl/apps/s_client.c @@ -226,7 +226,7 @@ static void sc_usage(void) BIO_printf(bio_err," -ssl3 - just use SSLv3\n"); BIO_printf(bio_err," -tls1 - just use TLSv1\n"); BIO_printf(bio_err," -dtls1 - just use DTLSv1\n"); - BIO_printf(bio_err," -mtu - set the MTU\n"); + BIO_printf(bio_err," -mtu - set the link layer MTU\n"); BIO_printf(bio_err," -no_tls1/-no_ssl3/-no_ssl2 - turn off that protocol\n"); BIO_printf(bio_err," -bugs - Switch on all SSL implementation bug workarounds\n"); BIO_printf(bio_err," -serverpref - Use server's cipher preferences (only SSLv2)\n"); @@ -249,6 +249,7 @@ static void sc_usage(void) BIO_printf(bio_err," -status - request certificate status from server\n"); BIO_printf(bio_err," -no_ticket - disable use of RFC4507bis session tickets\n"); #endif + BIO_printf(bio_err," -legacy_renegotiation - enable use of legacy renegotiation (dangerous)\n"); } #ifndef OPENSSL_NO_TLSEXT @@ -286,7 +287,7 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { - int off=0; + int off=0, clr = 0; SSL *con=NULL,*con2=NULL; X509_STORE *store = NULL; int s,k,width,state=0; @@ -318,6 +319,7 @@ int MAIN(int argc, char **argv) BIO *sbio; char *inrand=NULL; int mbuf_len=0; + struct timeval timeout, *timeoutp; #ifndef OPENSSL_NO_ENGINE char *engine_id=NULL; char *ssl_client_engine_id=NULL; @@ -338,7 +340,7 @@ int MAIN(int argc, char **argv) struct sockaddr peer; int peerlen = sizeof(peer); int enable_timeouts = 0 ; - long mtu = 0; + long socket_mtu = 0; #ifndef OPENSSL_NO_JPAKE char *jpake_secret = NULL; #endif @@ -489,7 +491,7 @@ int MAIN(int argc, char **argv) else if (strcmp(*argv,"-mtu") == 0) { if (--argc < 1) goto bad; - mtu = atol(*(++argv)); + socket_mtu = atol(*(++argv)); } #endif else if (strcmp(*argv,"-bugs") == 0) @@ -535,6 +537,12 @@ int MAIN(int argc, char **argv) #endif else if (strcmp(*argv,"-serverpref") == 0) off|=SSL_OP_CIPHER_SERVER_PREFERENCE; + else if (strcmp(*argv,"-legacy_renegotiation") == 0) + off|=SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION; + else if (strcmp(*argv,"-legacy_server_connect") == 0) + { off|=SSL_OP_LEGACY_SERVER_CONNECT; } + else if (strcmp(*argv,"-no_legacy_server_connect") == 0) + { clr|=SSL_OP_LEGACY_SERVER_CONNECT; } else if (strcmp(*argv,"-cipher") == 0) { if (--argc < 1) goto bad; @@ -709,6 +717,9 @@ bad: SSL_CTX_set_options(ctx,SSL_OP_ALL|off); else SSL_CTX_set_options(ctx,off); + + if (clr) + SSL_CTX_clear_options(ctx, clr); /* DTLS: partial reads end up discarding unread UDP bytes :-( * Setting read ahead solves this problem. */ @@ -819,7 +830,6 @@ re_start: if ( SSL_version(con) == DTLS1_VERSION) { - struct timeval timeout; sbio=BIO_new_dgram(s,BIO_NOCLOSE); if (getsockname(s, &peer, (void *)&peerlen) < 0) @@ -843,10 +853,10 @@ re_start: BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_SEND_TIMEOUT, 0, &timeout); } - if ( mtu > 0) + if (socket_mtu > 28) { SSL_set_options(con, SSL_OP_NO_QUERY_MTU); - SSL_set_mtu(con, mtu); + SSL_set_mtu(con, socket_mtu - 28); } else /* want to do MTU discovery */ @@ -1036,6 +1046,12 @@ SSL_set_tlsext_status_ids(con, ids); FD_ZERO(&readfds); FD_ZERO(&writefds); + if ((SSL_version(con) == DTLS1_VERSION) && + DTLSv1_get_timeout(con, &timeout)) + timeoutp = &timeout; + else + timeoutp = NULL; + if (SSL_in_init(con) && !SSL_total_renegotiations(con)) { in_init=1; @@ -1132,7 +1148,7 @@ SSL_set_tlsext_status_ids(con, ids); if(!i && (!((_kbhit()) || (WAIT_OBJECT_0 == WaitForSingleObject(GetStdHandle(STD_INPUT_HANDLE), 0))) || !read_tty) ) continue; #endif } else i=select(width,(void *)&readfds,(void *)&writefds, - NULL,NULL); + NULL,timeoutp); } #elif defined(OPENSSL_SYS_NETWARE) if(!write_tty) { @@ -1142,11 +1158,11 @@ SSL_set_tlsext_status_ids(con, ids); i=select(width,(void *)&readfds,(void *)&writefds, NULL,&tv); } else i=select(width,(void *)&readfds,(void *)&writefds, - NULL,NULL); + NULL,timeoutp); } #else i=select(width,(void *)&readfds,(void *)&writefds, - NULL,NULL); + NULL,timeoutp); #endif if ( i < 0) { @@ -1157,6 +1173,11 @@ SSL_set_tlsext_status_ids(con, ids); } } + if ((SSL_version(con) == DTLS1_VERSION) && DTLSv1_handle_timeout(con) > 0) + { + BIO_printf(bio_err,"TIMEOUT occured\n"); + } + if (!ssl_pending && FD_ISSET(SSL_get_fd(con),&writefds)) { k=SSL_write(con,&(cbuf[cbuf_off]), @@ -1511,6 +1532,8 @@ static void print_stuff(BIO *bio, SSL *s, int full) EVP_PKEY_bits(pktmp)); EVP_PKEY_free(pktmp); } + BIO_printf(bio, "Secure Renegotiation IS%s supported\n", + SSL_get_secure_renegotiation_support(s) ? "" : " NOT"); #ifndef OPENSSL_NO_COMP comp=SSL_get_current_compression(s); expansion=SSL_get_current_expansion(s); diff --git a/crypto/openssl/apps/s_server.c b/crypto/openssl/apps/s_server.c index 84b1b28461..88b308ca38 100644 --- a/crypto/openssl/apps/s_server.c +++ b/crypto/openssl/apps/s_server.c @@ -283,11 +283,10 @@ static char *engine_id=NULL; static const char *session_id_prefix=NULL; static int enable_timeouts = 0; -#ifdef mtu -#undef mtu -#endif -static long mtu; +static long socket_mtu; +#ifndef OPENSSL_NO_DTLS1 static int cert_chain = 0; +#endif #ifdef MONOLITH @@ -375,7 +374,7 @@ static void sv_usage(void) BIO_printf(bio_err," -tls1 - Just talk TLSv1\n"); BIO_printf(bio_err," -dtls1 - Just talk DTLSv1\n"); BIO_printf(bio_err," -timeout - Enable timeouts\n"); - BIO_printf(bio_err," -mtu - Set MTU\n"); + BIO_printf(bio_err," -mtu - Set link layer MTU\n"); BIO_printf(bio_err," -chain - Read a certificate chain\n"); BIO_printf(bio_err," -no_ssl2 - Just disable SSLv2\n"); BIO_printf(bio_err," -no_ssl3 - Just disable SSLv3\n"); @@ -405,6 +404,7 @@ static void sv_usage(void) BIO_printf(bio_err," not specified (default is %s)\n",TEST_CERT2); BIO_printf(bio_err," -tlsextdebug - hex dump of all TLS extensions received\n"); BIO_printf(bio_err," -no_ticket - disable use of RFC4507bis session tickets\n"); + BIO_printf(bio_err," -legacy_renegotiation - enable use of legacy renegotiation (dangerous)\n"); #endif } @@ -772,6 +772,7 @@ int MAIN(int argc, char *argv[]) int s_dcert_format = FORMAT_PEM, s_dkey_format = FORMAT_PEM; X509 *s_cert = NULL, *s_dcert = NULL; EVP_PKEY *s_key = NULL, *s_dkey = NULL; + int no_cache = 0; #ifndef OPENSSL_NO_TLSEXT EVP_PKEY *s_key2 = NULL; X509 *s_cert2 = NULL; @@ -911,6 +912,8 @@ int MAIN(int argc, char *argv[]) if (--argc < 1) goto bad; CApath= *(++argv); } + else if (strcmp(*argv,"-no_cache") == 0) + no_cache = 1; else if (strcmp(*argv,"-crl_check") == 0) { vflags |= X509_V_FLAG_CRL_CHECK; @@ -921,6 +924,8 @@ int MAIN(int argc, char *argv[]) } else if (strcmp(*argv,"-serverpref") == 0) { off|=SSL_OP_CIPHER_SERVER_PREFERENCE; } + else if (strcmp(*argv,"-legacy_renegotiation") == 0) + off|=SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION; else if (strcmp(*argv,"-cipher") == 0) { if (--argc < 1) goto bad; @@ -1032,7 +1037,7 @@ int MAIN(int argc, char *argv[]) else if (strcmp(*argv,"-mtu") == 0) { if (--argc < 1) goto bad; - mtu = atol(*(++argv)); + socket_mtu = atol(*(++argv)); } else if (strcmp(*argv, "-chain") == 0) cert_chain = 1; @@ -1253,8 +1258,10 @@ bad: if (socket_type == SOCK_DGRAM) SSL_CTX_set_read_ahead(ctx, 1); if (state) SSL_CTX_set_info_callback(ctx,apps_ssl_info_callback); - - SSL_CTX_sess_set_cache_size(ctx,128); + if (no_cache) + SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF); + else + SSL_CTX_sess_set_cache_size(ctx,128); #if 0 if (cipher == NULL) cipher=getenv("SSL_CIPHER"); @@ -1321,7 +1328,10 @@ bad: if (state) SSL_CTX_set_info_callback(ctx2,apps_ssl_info_callback); - SSL_CTX_sess_set_cache_size(ctx2,128); + if (no_cache) + SSL_CTX_set_session_cache_mode(ctx2,SSL_SESS_CACHE_OFF); + else + SSL_CTX_sess_set_cache_size(ctx2,128); if ((!SSL_CTX_load_verify_locations(ctx2,CAfile,CApath)) || (!SSL_CTX_set_default_verify_paths(ctx2))) @@ -1498,6 +1508,10 @@ bad: SSL_CTX_set_session_id_context(ctx,(void*)&s_server_session_id_context, sizeof s_server_session_id_context); + /* Set DTLS cookie generation and verification callbacks */ + SSL_CTX_set_cookie_generate_cb(ctx, generate_cookie_callback); + SSL_CTX_set_cookie_verify_cb(ctx, verify_cookie_callback); + #ifndef OPENSSL_NO_TLSEXT if (ctx2) { @@ -1591,8 +1605,11 @@ static int sv_body(char *hostname, int s, unsigned char *context) unsigned long l; SSL *con=NULL; BIO *sbio; + struct timeval timeout; #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE) struct timeval tv; +#else + struct timeval *timeoutp; #endif if ((buf=OPENSSL_malloc(bufsize)) == NULL) @@ -1644,7 +1661,6 @@ static int sv_body(char *hostname, int s, unsigned char *context) if (SSL_version(con) == DTLS1_VERSION) { - struct timeval timeout; sbio=BIO_new_dgram(s,BIO_NOCLOSE); @@ -1660,10 +1676,10 @@ static int sv_body(char *hostname, int s, unsigned char *context) } - if ( mtu > 0) + if (socket_mtu > 28) { SSL_set_options(con, SSL_OP_NO_QUERY_MTU); - SSL_set_mtu(con, mtu); + SSL_set_mtu(con, socket_mtu - 28); } else /* want to do MTU discovery */ @@ -1745,7 +1761,19 @@ static int sv_body(char *hostname, int s, unsigned char *context) if(_kbhit()) read_from_terminal = 1; #else - i=select(width,(void *)&readfds,NULL,NULL,NULL); + if ((SSL_version(con) == DTLS1_VERSION) && + DTLSv1_get_timeout(con, &timeout)) + timeoutp = &timeout; + else + timeoutp = NULL; + + i=select(width,(void *)&readfds,NULL,NULL,timeoutp); + + if ((SSL_version(con) == DTLS1_VERSION) && DTLSv1_handle_timeout(con) > 0) + { + BIO_printf(bio_err,"TIMEOUT occured\n"); + } + if (i <= 0) continue; if (FD_ISSET(fileno(stdin),&readfds)) read_from_terminal = 1; @@ -2002,6 +2030,8 @@ static int init_ssl_connection(SSL *con) con->kssl_ctx->client_princ); } #endif /* OPENSSL_NO_KRB5 */ + BIO_printf(bio_s_out, "Secure Renegotiation IS%s supported\n", + SSL_get_secure_renegotiation_support(con) ? "" : " NOT"); return(1); } diff --git a/crypto/openssl/apps/s_socket.c b/crypto/openssl/apps/s_socket.c index 4a922e16a0..cf82358535 100644 --- a/crypto/openssl/apps/s_socket.c +++ b/crypto/openssl/apps/s_socket.c @@ -62,6 +62,12 @@ #include #include +#ifdef FLAT_INC +#include "e_os2.h" +#else +#include "../e_os2.h" +#endif + /* With IPv6, it looks like Digital has mixed up the proper order of recursive header file inclusion, resulting in the compiler complaining that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which diff --git a/crypto/openssl/apps/speed.c b/crypto/openssl/apps/speed.c index af077b54a8..07f0ae04a6 100644 --- a/crypto/openssl/apps/speed.c +++ b/crypto/openssl/apps/speed.c @@ -254,8 +254,12 @@ # endif #endif -#if !defined(OPENSSL_SYS_VMS) && !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MACINTOSH_CLASSIC) && !defined(OPENSSL_SYS_OS2) && !defined(OPENSSL_SYS_NETWARE) -# define HAVE_FORK 1 +#if defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MACINTOSH_CLASSIC) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_NETWARE) +# define NO_FORK 1 +#elif HAVE_FORK +# undef NO_FORK +#else +# define NO_FORK 1 #endif #undef BUFSIZE @@ -271,7 +275,7 @@ static void print_message(const char *s,long num,int length); static void pkey_print_message(const char *str, const char *str2, long num, int bits, int sec); static void print_result(int alg,int run_no,int count,double time_used); -#ifdef HAVE_FORK +#ifndef NO_FORK static int do_multi(int multi); #endif @@ -293,8 +297,12 @@ static const char *names[ALGOR_NUM]={ "aes-128 ige","aes-192 ige","aes-256 ige"}; static double results[ALGOR_NUM][SIZE_NUM]; static int lengths[SIZE_NUM]={16,64,256,1024,8*1024}; +#ifndef OPENSSL_NO_RSA static double rsa_results[RSA_NUM][2]; +#endif +#ifndef OPENSSL_NO_DSA static double dsa_results[DSA_NUM][2]; +#endif #ifndef OPENSSL_NO_ECDSA static double ecdsa_results[EC_NUM][2]; #endif @@ -749,7 +757,7 @@ int MAIN(int argc, char **argv) const EVP_CIPHER *evp_cipher=NULL; const EVP_MD *evp_md=NULL; int decrypt=0; -#ifdef HAVE_FORK +#ifndef NO_FORK int multi=0; #endif @@ -877,7 +885,7 @@ int MAIN(int argc, char **argv) j--; } #endif -#ifdef HAVE_FORK +#ifndef NO_FORK else if ((argc > 0) && (strcmp(*argv,"-multi") == 0)) { argc--; @@ -1257,7 +1265,7 @@ int MAIN(int argc, char **argv) BIO_printf(bio_err,"-evp e use EVP e.\n"); BIO_printf(bio_err,"-decrypt time decryption instead of encryption (only EVP).\n"); BIO_printf(bio_err,"-mr produce machine readable output.\n"); -#ifdef HAVE_FORK +#ifndef NO_FORK BIO_printf(bio_err,"-multi n run n benchmarks in parallel.\n"); #endif goto end; @@ -1267,7 +1275,7 @@ int MAIN(int argc, char **argv) j++; } -#ifdef HAVE_FORK +#ifndef NO_FORK if(multi && do_multi(multi)) goto show_res; #endif @@ -2462,7 +2470,7 @@ int MAIN(int argc, char **argv) } if (rnd_fake) RAND_cleanup(); #endif -#ifdef HAVE_FORK +#ifndef NO_FORK show_res: #endif if(!mr) @@ -2717,7 +2725,7 @@ static void print_result(int alg,int run_no,int count,double time_used) results[alg][run_no]=((double)count)/time_used*lengths[run_no]; } -#ifdef HAVE_FORK +#ifndef NO_FORK static char *sstrsep(char **string, const char *delim) { char isdelim[256]; diff --git a/crypto/openssl/apps/x509.c b/crypto/openssl/apps/x509.c index 6debce4419..b25508aa8e 100644 --- a/crypto/openssl/apps/x509.c +++ b/crypto/openssl/apps/x509.c @@ -1151,6 +1151,7 @@ static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest, /* NOTE: this certificate can/should be self signed, unless it was * a certificate request in which case it is not. */ X509_STORE_CTX_set_cert(&xsc,x); + X509_STORE_CTX_set_flags(&xsc, X509_V_FLAG_CHECK_SS_SIGNATURE); if (!reqfile && X509_verify_cert(&xsc) <= 0) goto end; diff --git a/crypto/openssl/crypto/aes/aes_cfb.c b/crypto/openssl/crypto/aes/aes_cfb.c index 49f0411010..9384ba67f7 100644 --- a/crypto/openssl/crypto/aes/aes_cfb.c +++ b/crypto/openssl/crypto/aes/aes_cfb.c @@ -201,7 +201,6 @@ void AES_cfb1_encrypt(const unsigned char *in, unsigned char *out, assert(in && out && key && ivec && num); assert(*num == 0); - memset(out,0,(length+7)/8); for(n=0 ; n < length ; ++n) { c[0]=(in[n/8]&(1 << (7-n%8))) ? 0x80 : 0; diff --git a/crypto/openssl/crypto/asn1/a_mbstr.c b/crypto/openssl/crypto/asn1/a_mbstr.c index 1bcd046893..1538e0a4fc 100644 --- a/crypto/openssl/crypto/asn1/a_mbstr.c +++ b/crypto/openssl/crypto/asn1/a_mbstr.c @@ -93,7 +93,7 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len, int str_type; int ret; char free_out; - int outform, outlen; + int outform, outlen = 0; ASN1_STRING *dest; unsigned char *p; int nchar; diff --git a/crypto/openssl/crypto/asn1/a_object.c b/crypto/openssl/crypto/asn1/a_object.c index dc980421d0..d169f8c147 100644 --- a/crypto/openssl/crypto/asn1/a_object.c +++ b/crypto/openssl/crypto/asn1/a_object.c @@ -291,6 +291,17 @@ ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp, ASN1_OBJECT *ret=NULL; const unsigned char *p; int i; + /* Sanity check OID encoding: can't have 0x80 in subidentifiers, see: + * X.690 8.19.2 + */ + for (i = 0, p = *pp + 1; i < len - 1; i++, p++) + { + if (*p == 0x80) + { + ASN1err(ASN1_F_C2I_ASN1_OBJECT,ASN1_R_INVALID_OBJECT_ENCODING); + return NULL; + } + } /* only the ASN1_OBJECTs from the 'table' will have values * for ->sn or ->ln */ diff --git a/crypto/openssl/crypto/asn1/asn1.h b/crypto/openssl/crypto/asn1/asn1.h index b57aac0d3a..1958298f74 100644 --- a/crypto/openssl/crypto/asn1/asn1.h +++ b/crypto/openssl/crypto/asn1/asn1.h @@ -344,6 +344,8 @@ typedef struct ASN1_VALUE_st ASN1_VALUE; ((void*) (1 ? p : (type*)0)) #define CHECKED_PPTR_OF(type, p) \ ((void**) (1 ? p : (type**)0)) +#define CHECKED_PTR_OF_TO_CHAR(type, p) \ + ((char*) (1 ? p : (type*)0)) #define TYPEDEF_D2I_OF(type) typedef type *d2i_of_##type(type **,const unsigned char **,long) #define TYPEDEF_I2D_OF(type) typedef int i2d_of_##type(type *,unsigned char **) @@ -933,12 +935,12 @@ void *ASN1_dup(i2d_of_void *i2d, d2i_of_void *d2i, char *x); #define ASN1_dup_of(type,i2d,d2i,x) \ ((type*)ASN1_dup(CHECKED_I2D_OF(type, i2d), \ CHECKED_D2I_OF(type, d2i), \ - CHECKED_PTR_OF(type, x))) + CHECKED_PTR_OF_TO_CHAR(type, x))) #define ASN1_dup_of_const(type,i2d,d2i,x) \ ((type*)ASN1_dup(CHECKED_I2D_OF(const type, i2d), \ CHECKED_D2I_OF(type, d2i), \ - CHECKED_PTR_OF(const type, x))) + CHECKED_PTR_OF_TO_CHAR(const type, x))) void *ASN1_item_dup(const ASN1_ITEM *it, void *x); @@ -1158,7 +1160,6 @@ void ERR_load_ASN1_strings(void); #define ASN1_F_ASN1_VERIFY 137 #define ASN1_F_B64_READ_ASN1 208 #define ASN1_F_B64_WRITE_ASN1 209 -#define ASN1_F_BIO_NEW_NDEF 212 #define ASN1_F_BITSTR_CB 180 #define ASN1_F_BN_TO_ASN1_ENUMERATED 138 #define ASN1_F_BN_TO_ASN1_INTEGER 139 @@ -1264,6 +1265,7 @@ void ERR_load_ASN1_strings(void); #define ASN1_R_INVALID_MIME_TYPE 200 #define ASN1_R_INVALID_MODIFIER 186 #define ASN1_R_INVALID_NUMBER 187 +#define ASN1_R_INVALID_OBJECT_ENCODING 212 #define ASN1_R_INVALID_SEPARATOR 131 #define ASN1_R_INVALID_TIME_FORMAT 132 #define ASN1_R_INVALID_UNIVERSALSTRING_LENGTH 133 diff --git a/crypto/openssl/crypto/asn1/asn1_err.c b/crypto/openssl/crypto/asn1/asn1_err.c index 1cf41e55eb..ba88eb318b 100644 --- a/crypto/openssl/crypto/asn1/asn1_err.c +++ b/crypto/openssl/crypto/asn1/asn1_err.c @@ -132,7 +132,6 @@ static ERR_STRING_DATA ASN1_str_functs[]= {ERR_FUNC(ASN1_F_ASN1_VERIFY), "ASN1_verify"}, {ERR_FUNC(ASN1_F_B64_READ_ASN1), "B64_READ_ASN1"}, {ERR_FUNC(ASN1_F_B64_WRITE_ASN1), "B64_WRITE_ASN1"}, -{ERR_FUNC(ASN1_F_BIO_NEW_NDEF), "BIO_NEW_NDEF"}, {ERR_FUNC(ASN1_F_BITSTR_CB), "BITSTR_CB"}, {ERR_FUNC(ASN1_F_BN_TO_ASN1_ENUMERATED), "BN_to_ASN1_ENUMERATED"}, {ERR_FUNC(ASN1_F_BN_TO_ASN1_INTEGER), "BN_to_ASN1_INTEGER"}, @@ -241,6 +240,7 @@ static ERR_STRING_DATA ASN1_str_reasons[]= {ERR_REASON(ASN1_R_INVALID_MIME_TYPE) ,"invalid mime type"}, {ERR_REASON(ASN1_R_INVALID_MODIFIER) ,"invalid modifier"}, {ERR_REASON(ASN1_R_INVALID_NUMBER) ,"invalid number"}, +{ERR_REASON(ASN1_R_INVALID_OBJECT_ENCODING),"invalid object encoding"}, {ERR_REASON(ASN1_R_INVALID_SEPARATOR) ,"invalid separator"}, {ERR_REASON(ASN1_R_INVALID_TIME_FORMAT) ,"invalid time format"}, {ERR_REASON(ASN1_R_INVALID_UNIVERSALSTRING_LENGTH),"invalid universalstring length"}, diff --git a/crypto/openssl/crypto/asn1/asn1_gen.c b/crypto/openssl/crypto/asn1/asn1_gen.c index 2da38292c8..213a8e986c 100644 --- a/crypto/openssl/crypto/asn1/asn1_gen.c +++ b/crypto/openssl/crypto/asn1/asn1_gen.c @@ -227,6 +227,8 @@ ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf) /* Allocate buffer for new encoding */ new_der = OPENSSL_malloc(len); + if (!new_der) + goto err; /* Generate tagged encoding */ @@ -446,6 +448,8 @@ static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf) int derlen; int i, is_set; sk = sk_ASN1_TYPE_new_null(); + if (!sk) + goto bad; if (section) { if (!cnf) @@ -458,7 +462,8 @@ static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf) typ = ASN1_generate_v3(sk_CONF_VALUE_value(sect, i)->value, cnf); if (!typ) goto bad; - sk_ASN1_TYPE_push(sk, typ); + if (!sk_ASN1_TYPE_push(sk, typ)) + goto bad; typ = NULL; } } @@ -474,6 +479,8 @@ static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf) derlen = i2d_ASN1_SET_OF_ASN1_TYPE(sk, NULL, i2d_ASN1_TYPE, utype, V_ASN1_UNIVERSAL, is_set); der = OPENSSL_malloc(derlen); + if (!der) + goto bad; p = der; i2d_ASN1_SET_OF_ASN1_TYPE(sk, &p, i2d_ASN1_TYPE, utype, V_ASN1_UNIVERSAL, is_set); diff --git a/crypto/openssl/crypto/asn1/asn1_par.c b/crypto/openssl/crypto/asn1/asn1_par.c index 8657f73d66..cb08e15488 100644 --- a/crypto/openssl/crypto/asn1/asn1_par.c +++ b/crypto/openssl/crypto/asn1/asn1_par.c @@ -246,7 +246,7 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, int offse ii=d2i_ASN1_BOOLEAN(NULL,&opp,len+hl); if (ii < 0) { - if (BIO_write(bp,"Bad boolean\n",12)) + if (BIO_write(bp,"Bad boolean\n",12) <= 0) goto end; } BIO_printf(bp,":%d",ii); diff --git a/crypto/openssl/crypto/asn1/t_x509.c b/crypto/openssl/crypto/asn1/t_x509.c index 8f746f9c05..6f295b4e14 100644 --- a/crypto/openssl/crypto/asn1/t_x509.c +++ b/crypto/openssl/crypto/asn1/t_x509.c @@ -379,6 +379,8 @@ int ASN1_GENERALIZEDTIME_print(BIO *bp, ASN1_GENERALIZEDTIME *tm) int gmt=0; int i; int y=0,M=0,d=0,h=0,m=0,s=0; + char *f = NULL; + int f_len = 0; i=tm->length; v=(char *)tm->data; @@ -396,10 +398,21 @@ int ASN1_GENERALIZEDTIME_print(BIO *bp, ASN1_GENERALIZEDTIME *tm) if (tm->length >= 14 && (v[12] >= '0') && (v[12] <= '9') && (v[13] >= '0') && (v[13] <= '9')) + { s= (v[12]-'0')*10+(v[13]-'0'); + /* Check for fractions of seconds. */ + if (tm->length >= 15 && v[14] == '.') + { + int l = tm->length; + f = &v[14]; /* The decimal point. */ + f_len = 1; + while (14 + f_len < l && f[f_len] >= '0' && f[f_len] <= '9') + ++f_len; + } + } - if (BIO_printf(bp,"%s %2d %02d:%02d:%02d %d%s", - mon[M-1],d,h,m,s,y,(gmt)?" GMT":"") <= 0) + if (BIO_printf(bp,"%s %2d %02d:%02d:%02d%.*s %d%s", + mon[M-1],d,h,m,s,f_len,f,y,(gmt)?" GMT":"") <= 0) return(0); else return(1); diff --git a/crypto/openssl/crypto/bio/bio.h b/crypto/openssl/crypto/bio/bio.h index cecb6a7207..ebb42781e6 100644 --- a/crypto/openssl/crypto/bio/bio.h +++ b/crypto/openssl/crypto/bio/bio.h @@ -156,8 +156,11 @@ extern "C" { * previous write * operation */ +#define BIO_CTRL_DGRAM_GET_PEER 46 #define BIO_CTRL_DGRAM_SET_PEER 44 /* Destination for the data */ +#define BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT 45 /* Next DTLS handshake timeout to + * adjust socket timeouts */ /* modifiers */ #define BIO_FP_READ 0x02 @@ -405,7 +408,7 @@ typedef struct bio_f_buffer_ctx_struct #define BIO_get_conn_hostname(b) BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,0) #define BIO_get_conn_port(b) BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,1) #define BIO_get_conn_ip(b) BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,2) -#define BIO_get_conn_int_port(b) BIO_int_ctrl(b,BIO_C_GET_CONNECT,3) +#define BIO_get_conn_int_port(b) BIO_int_ctrl(b,BIO_C_GET_CONNECT,3,0) #define BIO_set_nbio(b,n) BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL) @@ -414,7 +417,7 @@ typedef struct bio_f_buffer_ctx_struct #define BIO_set_accept_port(b,name) BIO_ctrl(b,BIO_C_SET_ACCEPT,0,(char *)name) #define BIO_get_accept_port(b) BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,0) /* #define BIO_set_nbio(b,n) BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL) */ -#define BIO_set_nbio_accept(b,n) BIO_ctrl(b,BIO_C_SET_ACCEPT,1,(n)?"a":NULL) +#define BIO_set_nbio_accept(b,n) BIO_ctrl(b,BIO_C_SET_ACCEPT,1,(n)?(void *)"a":NULL) #define BIO_set_accept_bios(b,bio) BIO_ctrl(b,BIO_C_SET_ACCEPT,2,(char *)bio) #define BIO_BIND_NORMAL 0 @@ -541,6 +544,8 @@ int BIO_ctrl_reset_read_request(BIO *b); (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_RECV_TIMER_EXP, 0, NULL) #define BIO_dgram_send_timedout(b) \ (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP, 0, NULL) +#define BIO_dgram_get_peer(b,peer) \ + (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_PEER, 0, (char *)peer) #define BIO_dgram_set_peer(b,peer) \ (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, (char *)peer) diff --git a/crypto/openssl/crypto/bio/bss_dgram.c b/crypto/openssl/crypto/bio/bss_dgram.c index c3da6dc82f..14ca854b4a 100644 --- a/crypto/openssl/crypto/bio/bss_dgram.c +++ b/crypto/openssl/crypto/bio/bss_dgram.c @@ -66,7 +66,13 @@ #include +#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) +#include +#endif + +#ifdef OPENSSL_SYS_LINUX #define IP_MTU 14 /* linux is lame */ +#endif #ifdef WATT32 #define sock_write SockWrite /* Watt-32 uses same names */ @@ -84,6 +90,8 @@ static int dgram_clear(BIO *bio); static int BIO_dgram_should_retry(int s); +static void get_current_time(struct timeval *t); + static BIO_METHOD methods_dgramp= { BIO_TYPE_DGRAM, @@ -104,6 +112,8 @@ typedef struct bio_dgram_data_st unsigned int connected; unsigned int _errno; unsigned int mtu; + struct timeval next_timeout; + struct timeval socket_timeout; } bio_dgram_data; BIO_METHOD *BIO_s_datagram(void) @@ -165,7 +175,100 @@ static int dgram_clear(BIO *a) } return(1); } - + +static void dgram_adjust_rcv_timeout(BIO *b) + { +#if defined(SO_RCVTIMEO) + bio_dgram_data *data = (bio_dgram_data *)b->ptr; + int sz = sizeof(int); + + /* Is a timer active? */ + if (data->next_timeout.tv_sec > 0 || data->next_timeout.tv_usec > 0) + { + struct timeval timenow, timeleft; + + /* Read current socket timeout */ +#ifdef OPENSSL_SYS_WINDOWS + int timeout; + if (getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, + (void*)&timeout, &sz) < 0) + { perror("getsockopt"); } + else + { + data->socket_timeout.tv_sec = timeout / 1000; + data->socket_timeout.tv_usec = (timeout % 1000) * 1000; + } +#else + if ( getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, + &(data->socket_timeout), (void *)&sz) < 0) + { perror("getsockopt"); } +#endif + + /* Get current time */ + get_current_time(&timenow); + + /* Calculate time left until timer expires */ + memcpy(&timeleft, &(data->next_timeout), sizeof(struct timeval)); + timeleft.tv_sec -= timenow.tv_sec; + timeleft.tv_usec -= timenow.tv_usec; + if (timeleft.tv_usec < 0) + { + timeleft.tv_sec--; + timeleft.tv_usec += 1000000; + } + + if (timeleft.tv_sec < 0) + { + timeleft.tv_sec = 0; + timeleft.tv_usec = 1; + } + + /* Adjust socket timeout if next handhake message timer + * will expire earlier. + */ + if ((data->socket_timeout.tv_sec == 0 && data->socket_timeout.tv_usec == 0) || + (data->socket_timeout.tv_sec > timeleft.tv_sec) || + (data->socket_timeout.tv_sec == timeleft.tv_sec && + data->socket_timeout.tv_usec >= timeleft.tv_usec)) + { +#ifdef OPENSSL_SYS_WINDOWS + timeout = timeleft.tv_sec * 1000 + timeleft.tv_usec / 1000; + if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, + (void*)&timeout, sizeof(timeout)) < 0) + { perror("setsockopt"); } +#else + if ( setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, &timeleft, + sizeof(struct timeval)) < 0) + { perror("setsockopt"); } +#endif + } + } +#endif + } + +static void dgram_reset_rcv_timeout(BIO *b) + { +#if defined(SO_RCVTIMEO) + bio_dgram_data *data = (bio_dgram_data *)b->ptr; + + /* Is a timer active? */ + if (data->next_timeout.tv_sec > 0 || data->next_timeout.tv_usec > 0) + { +#ifdef OPENSSL_SYS_WINDOWS + int timeout = data->socket_timeout.tv_sec * 1000 + + data->socket_timeout.tv_usec / 1000; + if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, + (void*)&timeout, sizeof(timeout)) < 0) + { perror("setsockopt"); } +#else + if ( setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, &(data->socket_timeout), + sizeof(struct timeval)) < 0) + { perror("setsockopt"); } +#endif + } +#endif + } + static int dgram_read(BIO *b, char *out, int outl) { int ret=0; @@ -183,13 +286,15 @@ static int dgram_read(BIO *b, char *out, int outl) * but this is not universal. Cast to (void *) to avoid * compiler warnings. */ + dgram_adjust_rcv_timeout(b); ret=recvfrom(b->num,out,outl,0,&peer,(void *)&peerlen); + dgram_reset_rcv_timeout(b); - if ( ! data->connected && ret > 0) - BIO_ctrl(b, BIO_CTRL_DGRAM_CONNECT, 0, &peer); + if ( ! data->connected && ret >= 0) + BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, &peer); BIO_clear_retry_flags(b); - if (ret <= 0) + if (ret < 0) { if (BIO_dgram_should_retry(ret)) { @@ -219,7 +324,7 @@ static int dgram_write(BIO *b, const char *in, int inl) BIO_clear_retry_flags(b); if (ret <= 0) { - if (BIO_sock_should_retry(ret)) + if (BIO_dgram_should_retry(ret)) { BIO_set_retry_write(b); data->_errno = get_last_socket_error(); @@ -240,8 +345,14 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr) int *ip; struct sockaddr *to = NULL; bio_dgram_data *data = NULL; +#if defined(IP_MTU_DISCOVER) || defined(IP_MTU) long sockopt_val = 0; unsigned int sockopt_len = 0; +#endif +#ifdef OPENSSL_SYS_LINUX + socklen_t addr_len; + struct sockaddr_storage addr; +#endif data = (bio_dgram_data *)b->ptr; @@ -300,24 +411,87 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr) #endif break; /* (Linux)kernel sets DF bit on outgoing IP packets */ -#ifdef IP_MTU_DISCOVER case BIO_CTRL_DGRAM_MTU_DISCOVER: - sockopt_val = IP_PMTUDISC_DO; - if ((ret = setsockopt(b->num, IPPROTO_IP, IP_MTU_DISCOVER, - &sockopt_val, sizeof(sockopt_val))) < 0) - perror("setsockopt"); +#ifdef OPENSSL_SYS_LINUX + addr_len = (socklen_t)sizeof(struct sockaddr_storage); + memset((void *)&addr, 0, sizeof(struct sockaddr_storage)); + if (getsockname(b->num, (void *)&addr, &addr_len) < 0) + { + ret = 0; + break; + } + sockopt_len = sizeof(sockopt_val); + switch (addr.ss_family) + { + case AF_INET: + sockopt_val = IP_PMTUDISC_DO; + if ((ret = setsockopt(b->num, IPPROTO_IP, IP_MTU_DISCOVER, + &sockopt_val, sizeof(sockopt_val))) < 0) + perror("setsockopt"); + break; + case AF_INET6: + sockopt_val = IPV6_PMTUDISC_DO; + if ((ret = setsockopt(b->num, IPPROTO_IPV6, IPV6_MTU_DISCOVER, + &sockopt_val, sizeof(sockopt_val))) < 0) + perror("setsockopt"); + break; + default: + ret = -1; + break; + } + ret = -1; +#else break; #endif case BIO_CTRL_DGRAM_QUERY_MTU: - sockopt_len = sizeof(sockopt_val); - if ((ret = getsockopt(b->num, IPPROTO_IP, IP_MTU, (void *)&sockopt_val, - &sockopt_len)) < 0 || sockopt_val < 0) - { ret = 0; } - else +#ifdef OPENSSL_SYS_LINUX + addr_len = (socklen_t)sizeof(struct sockaddr_storage); + memset((void *)&addr, 0, sizeof(struct sockaddr_storage)); + if (getsockname(b->num, (void *)&addr, &addr_len) < 0) { - data->mtu = sockopt_val; - ret = data->mtu; + ret = 0; + break; } + sockopt_len = sizeof(sockopt_val); + switch (addr.ss_family) + { + case AF_INET: + if ((ret = getsockopt(b->num, IPPROTO_IP, IP_MTU, (void *)&sockopt_val, + &sockopt_len)) < 0 || sockopt_val < 0) + { + ret = 0; + } + else + { + /* we assume that the transport protocol is UDP and no + * IP options are used. + */ + data->mtu = sockopt_val - 8 - 20; + ret = data->mtu; + } + break; + case AF_INET6: + if ((ret = getsockopt(b->num, IPPROTO_IPV6, IPV6_MTU, (void *)&sockopt_val, + &sockopt_len)) < 0 || sockopt_val < 0) + { + ret = 0; + } + else + { + /* we assume that the transport protocol is UDP and no + * IPV6 options are used. + */ + data->mtu = sockopt_val - 8 - 40; + ret = data->mtu; + } + break; + default: + ret = 0; + break; + } +#else + ret = 0; +#endif break; case BIO_CTRL_DGRAM_GET_MTU: return data->mtu; @@ -340,11 +514,20 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr) memset(&(data->peer), 0x00, sizeof(struct sockaddr)); } break; + case BIO_CTRL_DGRAM_GET_PEER: + to = (struct sockaddr *) ptr; + + memcpy(to, &(data->peer), sizeof(struct sockaddr)); + ret = sizeof(struct sockaddr); + break; case BIO_CTRL_DGRAM_SET_PEER: to = (struct sockaddr *) ptr; memcpy(&(data->peer), to, sizeof(struct sockaddr)); break; + case BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT: + memcpy(&(data->next_timeout), ptr, sizeof(struct timeval)); + break; #if defined(SO_RCVTIMEO) case BIO_CTRL_DGRAM_SET_RECV_TIMEOUT: #ifdef OPENSSL_SYS_WINDOWS @@ -507,10 +690,6 @@ int BIO_dgram_non_fatal_error(int err) # endif #endif -#if defined(ENOTCONN) - case ENOTCONN: -#endif - #ifdef EINTR case EINTR: #endif @@ -533,11 +712,6 @@ int BIO_dgram_non_fatal_error(int err) case EALREADY: #endif -/* DF bit set, and packet larger than MTU */ -#ifdef EMSGSIZE - case EMSGSIZE: -#endif - return(1); /* break; */ default: @@ -546,3 +720,20 @@ int BIO_dgram_non_fatal_error(int err) return(0); } #endif + +static void get_current_time(struct timeval *t) + { +#ifdef OPENSSL_SYS_WIN32 + struct _timeb tb; + _ftime(&tb); + t->tv_sec = (long)tb.time; + t->tv_usec = (long)tb.millitm * 1000; +#elif defined(OPENSSL_SYS_VMS) + struct timeb tb; + ftime(&tb); + t->tv_sec = (long)tb.time; + t->tv_usec = (long)tb.millitm * 1000; +#else + gettimeofday(t, NULL); +#endif + } diff --git a/crypto/openssl/crypto/bio/bss_file.c b/crypto/openssl/crypto/bio/bss_file.c index 9ad46fa081..62c10731d4 100644 --- a/crypto/openssl/crypto/bio/bss_file.c +++ b/crypto/openssl/crypto/bio/bss_file.c @@ -404,11 +404,18 @@ static int MS_CALLBACK file_gets(BIO *bp, char *buf, int size) buf[0]='\0'; if (bp->flags&BIO_FLAGS_UPLINK) - UP_fgets(buf,size,bp->ptr); + { + if (!UP_fgets(buf,size,bp->ptr)) + goto err; + } else - fgets(buf,size,(FILE *)bp->ptr); + { + if (!fgets(buf,size,(FILE *)bp->ptr)) + goto err; + } if (buf[0] != '\0') ret=strlen(buf); + err: return(ret); } diff --git a/crypto/openssl/crypto/bn/bn_div.c b/crypto/openssl/crypto/bn/bn_div.c index 1e8e57626b..7c35545354 100644 --- a/crypto/openssl/crypto/bn/bn_div.c +++ b/crypto/openssl/crypto/bn/bn_div.c @@ -102,7 +102,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, /* The next 2 are needed so we can do a dv->d[0]|=1 later * since BN_lshift1 will only work once there is a value :-) */ BN_zero(dv); - bn_wexpand(dv,1); + if(bn_wexpand(dv,1) == NULL) goto end; dv->top=1; if (!BN_lshift(D,D,nm-nd)) goto end; @@ -229,7 +229,8 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, if (dv == NULL) res=BN_CTX_get(ctx); else res=dv; - if (sdiv == NULL || res == NULL) goto err; + if (sdiv == NULL || res == NULL || tmp == NULL || snum == NULL) + goto err; /* First we normalise the numbers */ norm_shift=BN_BITS2-((BN_num_bits(divisor))%BN_BITS2); diff --git a/crypto/openssl/crypto/bn/bn_exp.c b/crypto/openssl/crypto/bn/bn_exp.c index 70a33f0d93..d9b6c737fc 100644 --- a/crypto/openssl/crypto/bn/bn_exp.c +++ b/crypto/openssl/crypto/bn/bn_exp.c @@ -134,7 +134,8 @@ int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) rr = BN_CTX_get(ctx); else rr = r; - if ((v = BN_CTX_get(ctx)) == NULL) goto err; + v = BN_CTX_get(ctx); + if (rr == NULL || v == NULL) goto err; if (BN_copy(v,a) == NULL) goto err; bits=BN_num_bits(p); diff --git a/crypto/openssl/crypto/bn/bn_gf2m.c b/crypto/openssl/crypto/bn/bn_gf2m.c index 306f029f27..ae642ccb39 100644 --- a/crypto/openssl/crypto/bn/bn_gf2m.c +++ b/crypto/openssl/crypto/bn/bn_gf2m.c @@ -294,7 +294,8 @@ int BN_GF2m_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) if (a->top < b->top) { at = b; bt = a; } else { at = a; bt = b; } - bn_wexpand(r, at->top); + if(bn_wexpand(r, at->top) == NULL) + return 0; for (i = 0; i < bt->top; i++) { diff --git a/crypto/openssl/crypto/bn/bn_mul.c b/crypto/openssl/crypto/bn/bn_mul.c index b848c8cc60..a0e9ec3b46 100644 --- a/crypto/openssl/crypto/bn/bn_mul.c +++ b/crypto/openssl/crypto/bn/bn_mul.c @@ -1028,17 +1028,19 @@ int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) assert(j <= al || j <= bl); k = j+j; t = BN_CTX_get(ctx); + if (t == NULL) + goto err; if (al > j || bl > j) { - bn_wexpand(t,k*4); - bn_wexpand(rr,k*4); + if (bn_wexpand(t,k*4) == NULL) goto err; + if (bn_wexpand(rr,k*4) == NULL) goto err; bn_mul_part_recursive(rr->d,a->d,b->d, j,al-j,bl-j,t->d); } else /* al <= j || bl <= j */ { - bn_wexpand(t,k*2); - bn_wexpand(rr,k*2); + if (bn_wexpand(t,k*2) == NULL) goto err; + if (bn_wexpand(rr,k*2) == NULL) goto err; bn_mul_recursive(rr->d,a->d,b->d, j,al-j,bl-j,t->d); } diff --git a/crypto/openssl/crypto/cast/c_cfb64.c b/crypto/openssl/crypto/cast/c_cfb64.c index 514c005c32..dcec13a201 100644 --- a/crypto/openssl/crypto/cast/c_cfb64.c +++ b/crypto/openssl/crypto/cast/c_cfb64.c @@ -65,7 +65,7 @@ */ void CAST_cfb64_encrypt(const unsigned char *in, unsigned char *out, - long length, CAST_KEY *schedule, unsigned char *ivec, + long length, const CAST_KEY *schedule, unsigned char *ivec, int *num, int enc) { register CAST_LONG v0,v1,t; @@ -119,4 +119,3 @@ void CAST_cfb64_encrypt(const unsigned char *in, unsigned char *out, v0=v1=ti[0]=ti[1]=t=c=cc=0; *num=n; } - diff --git a/crypto/openssl/crypto/cast/c_ecb.c b/crypto/openssl/crypto/cast/c_ecb.c index f2dc606226..b6a3b1fff9 100644 --- a/crypto/openssl/crypto/cast/c_ecb.c +++ b/crypto/openssl/crypto/cast/c_ecb.c @@ -63,7 +63,7 @@ const char CAST_version[]="CAST" OPENSSL_VERSION_PTEXT; void CAST_ecb_encrypt(const unsigned char *in, unsigned char *out, - CAST_KEY *ks, int enc) + const CAST_KEY *ks, int enc) { CAST_LONG l,d[2]; @@ -77,4 +77,3 @@ void CAST_ecb_encrypt(const unsigned char *in, unsigned char *out, l=d[1]; l2n(l,out); l=d[0]=d[1]=0; } - diff --git a/crypto/openssl/crypto/cast/c_enc.c b/crypto/openssl/crypto/cast/c_enc.c index 0fe2cffecc..357c41ebf0 100644 --- a/crypto/openssl/crypto/cast/c_enc.c +++ b/crypto/openssl/crypto/cast/c_enc.c @@ -59,9 +59,10 @@ #include #include "cast_lcl.h" -void CAST_encrypt(CAST_LONG *data, CAST_KEY *key) +void CAST_encrypt(CAST_LONG *data, const CAST_KEY *key) { - register CAST_LONG l,r,*k,t; + register CAST_LONG l,r,t; + const register CAST_LONG *k; k= &(key->data[0]); l=data[0]; @@ -91,9 +92,10 @@ void CAST_encrypt(CAST_LONG *data, CAST_KEY *key) data[0]=r&0xffffffffL; } -void CAST_decrypt(CAST_LONG *data, CAST_KEY *key) +void CAST_decrypt(CAST_LONG *data, const CAST_KEY *key) { - register CAST_LONG l,r,*k,t; + register CAST_LONG l,r,t; + const register CAST_LONG *k; k= &(key->data[0]); l=data[0]; @@ -124,7 +126,7 @@ void CAST_decrypt(CAST_LONG *data, CAST_KEY *key) } void CAST_cbc_encrypt(const unsigned char *in, unsigned char *out, long length, - CAST_KEY *ks, unsigned char *iv, int enc) + const CAST_KEY *ks, unsigned char *iv, int enc) { register CAST_LONG tin0,tin1; register CAST_LONG tout0,tout1,xor0,xor1; @@ -204,4 +206,3 @@ void CAST_cbc_encrypt(const unsigned char *in, unsigned char *out, long length, tin0=tin1=tout0=tout1=xor0=xor1=0; tin[0]=tin[1]=0; } - diff --git a/crypto/openssl/crypto/cast/c_ofb64.c b/crypto/openssl/crypto/cast/c_ofb64.c index fd0469a62f..cb3222456c 100644 --- a/crypto/openssl/crypto/cast/c_ofb64.c +++ b/crypto/openssl/crypto/cast/c_ofb64.c @@ -64,7 +64,7 @@ * 64bit block we have used is contained in *num; */ void CAST_ofb64_encrypt(const unsigned char *in, unsigned char *out, - long length, CAST_KEY *schedule, unsigned char *ivec, + long length, const CAST_KEY *schedule, unsigned char *ivec, int *num) { register CAST_LONG v0,v1,t; @@ -108,4 +108,3 @@ void CAST_ofb64_encrypt(const unsigned char *in, unsigned char *out, t=v0=v1=ti[0]=ti[1]=0; *num=n; } - diff --git a/crypto/openssl/crypto/cast/cast.h b/crypto/openssl/crypto/cast/cast.h index 1faf5806aa..6e0cd31ae4 100644 --- a/crypto/openssl/crypto/cast/cast.h +++ b/crypto/openssl/crypto/cast/cast.h @@ -87,17 +87,17 @@ typedef struct cast_key_st void private_CAST_set_key(CAST_KEY *key, int len, const unsigned char *data); #endif void CAST_set_key(CAST_KEY *key, int len, const unsigned char *data); -void CAST_ecb_encrypt(const unsigned char *in,unsigned char *out,CAST_KEY *key, +void CAST_ecb_encrypt(const unsigned char *in, unsigned char *out, const CAST_KEY *key, int enc); -void CAST_encrypt(CAST_LONG *data,CAST_KEY *key); -void CAST_decrypt(CAST_LONG *data,CAST_KEY *key); +void CAST_encrypt(CAST_LONG *data, const CAST_KEY *key); +void CAST_decrypt(CAST_LONG *data, const CAST_KEY *key); void CAST_cbc_encrypt(const unsigned char *in, unsigned char *out, long length, - CAST_KEY *ks, unsigned char *iv, int enc); + const CAST_KEY *ks, unsigned char *iv, int enc); void CAST_cfb64_encrypt(const unsigned char *in, unsigned char *out, - long length, CAST_KEY *schedule, unsigned char *ivec, + long length, const CAST_KEY *schedule, unsigned char *ivec, int *num, int enc); void CAST_ofb64_encrypt(const unsigned char *in, unsigned char *out, - long length, CAST_KEY *schedule, unsigned char *ivec, + long length, const CAST_KEY *schedule, unsigned char *ivec, int *num); #ifdef __cplusplus diff --git a/crypto/openssl/crypto/cms/cms_ess.c b/crypto/openssl/crypto/cms/cms_ess.c index ed34ff3228..65613aab65 100644 --- a/crypto/openssl/crypto/cms/cms_ess.c +++ b/crypto/openssl/crypto/cms/cms_ess.c @@ -344,7 +344,7 @@ int cms_Receipt_verify(CMS_ContentInfo *cms, CMS_ContentInfo *req_cms) /* Get original receipt request details */ - if (!CMS_get1_ReceiptRequest(osi, &rr)) + if (CMS_get1_ReceiptRequest(osi, &rr) <= 0) { CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NO_RECEIPT_REQUEST); goto err; @@ -385,7 +385,7 @@ ASN1_OCTET_STRING *cms_encode_Receipt(CMS_SignerInfo *si) /* Get original receipt request details */ - if (!CMS_get1_ReceiptRequest(si, &rr)) + if (CMS_get1_ReceiptRequest(si, &rr) <= 0) { CMSerr(CMS_F_CMS_ENCODE_RECEIPT, CMS_R_NO_RECEIPT_REQUEST); goto err; diff --git a/crypto/openssl/crypto/cms/cms_lib.c b/crypto/openssl/crypto/cms/cms_lib.c index 8e6c1d29a5..cc00526d3e 100644 --- a/crypto/openssl/crypto/cms/cms_lib.c +++ b/crypto/openssl/crypto/cms/cms_lib.c @@ -415,7 +415,11 @@ int cms_DigestAlgorithm_find_ctx(EVP_MD_CTX *mctx, BIO *chain, return 0; } BIO_get_md_ctx(chain, &mtmp); - if (EVP_MD_CTX_type(mtmp) == nid) + if (EVP_MD_CTX_type(mtmp) == nid + /* Workaround for broken implementations that use signature + * algorithm OID instead of digest. + */ + || EVP_MD_pkey_type(EVP_MD_CTX_md(mtmp)) == nid) { EVP_MD_CTX_copy_ex(mctx, mtmp); return 1; diff --git a/crypto/openssl/crypto/comp/c_zlib.c b/crypto/openssl/crypto/comp/c_zlib.c index eccfd09137..8df7792c50 100644 --- a/crypto/openssl/crypto/comp/c_zlib.c +++ b/crypto/openssl/crypto/comp/c_zlib.c @@ -136,15 +136,6 @@ struct zlib_state static int zlib_stateful_ex_idx = -1; -static void zlib_stateful_free_ex_data(void *obj, void *item, - CRYPTO_EX_DATA *ad, int ind,long argl, void *argp) - { - struct zlib_state *state = (struct zlib_state *)item; - inflateEnd(&state->istream); - deflateEnd(&state->ostream); - OPENSSL_free(state); - } - static int zlib_stateful_init(COMP_CTX *ctx) { int err; @@ -188,6 +179,12 @@ static int zlib_stateful_init(COMP_CTX *ctx) static void zlib_stateful_finish(COMP_CTX *ctx) { + struct zlib_state *state = + (struct zlib_state *)CRYPTO_get_ex_data(&ctx->ex_data, + zlib_stateful_ex_idx); + inflateEnd(&state->istream); + deflateEnd(&state->ostream); + OPENSSL_free(state); CRYPTO_free_ex_data(CRYPTO_EX_INDEX_COMP,ctx,&ctx->ex_data); } @@ -402,7 +399,7 @@ COMP_METHOD *COMP_zlib(void) if (zlib_stateful_ex_idx == -1) zlib_stateful_ex_idx = CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_COMP, - 0,NULL,NULL,NULL,zlib_stateful_free_ex_data); + 0,NULL,NULL,NULL,NULL); CRYPTO_w_unlock(CRYPTO_LOCK_COMP); if (zlib_stateful_ex_idx == -1) goto err; diff --git a/crypto/openssl/crypto/cryptlib.c b/crypto/openssl/crypto/cryptlib.c index 8f9e88e403..497d00363e 100644 --- a/crypto/openssl/crypto/cryptlib.c +++ b/crypto/openssl/crypto/cryptlib.c @@ -513,7 +513,7 @@ void OPENSSL_showfatal (const char *fmta,...) #if defined(_WIN32_WINNT) && _WIN32_WINNT>=0x0333 /* this -------------v--- guards NT-specific calls */ - if (GetVersion() < 0x80000000 && OPENSSL_isservice()) + if (GetVersion() < 0x80000000 && OPENSSL_isservice() > 0) { HANDLE h = RegisterEventSource(0,_T("OPENSSL")); const TCHAR *pmsg=buf; ReportEvent(h,EVENTLOG_ERROR_TYPE,0,0,0,1,0,&pmsg,0); diff --git a/crypto/openssl/crypto/dsa/dsa_asn1.c b/crypto/openssl/crypto/dsa/dsa_asn1.c index 0645facb4b..bc7d7a02a3 100644 --- a/crypto/openssl/crypto/dsa/dsa_asn1.c +++ b/crypto/openssl/crypto/dsa/dsa_asn1.c @@ -62,6 +62,7 @@ #include #include #include +#include #ifdef OPENSSL_FIPS #include #endif @@ -155,6 +156,7 @@ int DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig, return 0; } #endif + RAND_seed(dgst, dlen); s=DSA_do_sign(dgst,dlen,dsa); if (s == NULL) { diff --git a/crypto/openssl/crypto/dsa/dsa_lib.c b/crypto/openssl/crypto/dsa/dsa_lib.c index 7ac9dc8c89..85556d12d6 100644 --- a/crypto/openssl/crypto/dsa/dsa_lib.c +++ b/crypto/openssl/crypto/dsa/dsa_lib.c @@ -190,7 +190,7 @@ DSA *DSA_new_method(ENGINE *engine) ret->method_mont_p=NULL; ret->references=1; - ret->flags=ret->meth->flags; + ret->flags=ret->meth->flags & ~DSA_FLAG_NON_FIPS_ALLOW; CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data); if ((ret->meth->init != NULL) && !ret->meth->init(ret)) { diff --git a/crypto/openssl/crypto/dso/dso_dlfcn.c b/crypto/openssl/crypto/dso/dso_dlfcn.c index 1fd10104c5..d91e821af6 100644 --- a/crypto/openssl/crypto/dso/dso_dlfcn.c +++ b/crypto/openssl/crypto/dso/dso_dlfcn.c @@ -237,7 +237,10 @@ static void *dlfcn_bind_var(DSO *dso, const char *symname) static DSO_FUNC_TYPE dlfcn_bind_func(DSO *dso, const char *symname) { void *ptr; - DSO_FUNC_TYPE sym, *tsym = &sym; + union { + DSO_FUNC_TYPE sym; + void *dlret; + } u; if((dso == NULL) || (symname == NULL)) { @@ -255,14 +258,14 @@ static DSO_FUNC_TYPE dlfcn_bind_func(DSO *dso, const char *symname) DSOerr(DSO_F_DLFCN_BIND_FUNC,DSO_R_NULL_HANDLE); return(NULL); } - *(void **)(tsym) = dlsym(ptr, symname); - if(sym == NULL) + u.dlret = dlsym(ptr, symname); + if(u.dlret == NULL) { DSOerr(DSO_F_DLFCN_BIND_FUNC,DSO_R_SYM_FAILURE); ERR_add_error_data(4, "symname(", symname, "): ", dlerror()); return(NULL); } - return(sym); + return u.sym; } static char *dlfcn_merger(DSO *dso, const char *filespec1, @@ -332,6 +335,15 @@ static char *dlfcn_merger(DSO *dso, const char *filespec1, return(merged); } +#ifdef OPENSSL_SYS_MACOSX +#define DSO_ext ".dylib" +#define DSO_extlen 6 +#else +#define DSO_ext ".so" +#define DSO_extlen 3 +#endif + + static char *dlfcn_name_converter(DSO *dso, const char *filename) { char *translated; @@ -342,8 +354,8 @@ static char *dlfcn_name_converter(DSO *dso, const char *filename) transform = (strstr(filename, "/") == NULL); if(transform) { - /* We will convert this to "%s.so" or "lib%s.so" */ - rsize += 3; /* The length of ".so" */ + /* We will convert this to "%s.so" or "lib%s.so" etc */ + rsize += DSO_extlen; /* The length of ".so" */ if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0) rsize += 3; /* The length of "lib" */ } @@ -357,9 +369,9 @@ static char *dlfcn_name_converter(DSO *dso, const char *filename) if(transform) { if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0) - sprintf(translated, "lib%s.so", filename); + sprintf(translated, "lib%s" DSO_ext, filename); else - sprintf(translated, "%s.so", filename); + sprintf(translated, "%s" DSO_ext, filename); } else sprintf(translated, "%s", filename); diff --git a/crypto/openssl/crypto/ec/ec2_smpl.c b/crypto/openssl/crypto/ec/ec2_smpl.c index 5cd1eac41f..522d036ca1 100644 --- a/crypto/openssl/crypto/ec/ec2_smpl.c +++ b/crypto/openssl/crypto/ec/ec2_smpl.c @@ -174,8 +174,10 @@ int ec_GF2m_simple_group_copy(EC_GROUP *dest, const EC_GROUP *src) dest->poly[2] = src->poly[2]; dest->poly[3] = src->poly[3]; dest->poly[4] = src->poly[4]; - bn_wexpand(&dest->a, (int)(dest->poly[0] + BN_BITS2 - 1) / BN_BITS2); - bn_wexpand(&dest->b, (int)(dest->poly[0] + BN_BITS2 - 1) / BN_BITS2); + if(bn_wexpand(&dest->a, (int)(dest->poly[0] + BN_BITS2 - 1) / BN_BITS2) == NULL) + return 0; + if(bn_wexpand(&dest->b, (int)(dest->poly[0] + BN_BITS2 - 1) / BN_BITS2) == NULL) + return 0; for (i = dest->a.top; i < dest->a.dmax; i++) dest->a.d[i] = 0; for (i = dest->b.top; i < dest->b.dmax; i++) dest->b.d[i] = 0; return 1; @@ -199,12 +201,12 @@ int ec_GF2m_simple_group_set_curve(EC_GROUP *group, /* group->a */ if (!BN_GF2m_mod_arr(&group->a, a, group->poly)) goto err; - bn_wexpand(&group->a, (int)(group->poly[0] + BN_BITS2 - 1) / BN_BITS2); + if(bn_wexpand(&group->a, (int)(group->poly[0] + BN_BITS2 - 1) / BN_BITS2) == NULL) goto err; for (i = group->a.top; i < group->a.dmax; i++) group->a.d[i] = 0; /* group->b */ if (!BN_GF2m_mod_arr(&group->b, b, group->poly)) goto err; - bn_wexpand(&group->b, (int)(group->poly[0] + BN_BITS2 - 1) / BN_BITS2); + if(bn_wexpand(&group->b, (int)(group->poly[0] + BN_BITS2 - 1) / BN_BITS2) == NULL) goto err; for (i = group->b.top; i < group->b.dmax; i++) group->b.d[i] = 0; ret = 1; diff --git a/crypto/openssl/crypto/ecdsa/ecs_ossl.c b/crypto/openssl/crypto/ecdsa/ecs_ossl.c index 3ead1af94e..551cf5068f 100644 --- a/crypto/openssl/crypto/ecdsa/ecs_ossl.c +++ b/crypto/openssl/crypto/ecdsa/ecs_ossl.c @@ -212,7 +212,7 @@ err: static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dgst_len, const BIGNUM *in_kinv, const BIGNUM *in_r, EC_KEY *eckey) { - int ok = 0; + int ok = 0, i; BIGNUM *kinv=NULL, *s, *m=NULL,*tmp=NULL,*order=NULL; const BIGNUM *ckinv; BN_CTX *ctx = NULL; @@ -251,22 +251,19 @@ static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dgst_len, ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB); goto err; } - if (8 * dgst_len > BN_num_bits(order)) + i = BN_num_bits(order); + /* Need to truncate digest if it is too long: first truncate whole + * bytes. + */ + if (8 * dgst_len > i) + dgst_len = (i + 7)/8; + if (!BN_bin2bn(dgst, dgst_len, m)) { - /* XXX - * - * Should provide for optional hash truncation: - * Keep the BN_num_bits(order) leftmost bits of dgst - * (see March 2006 FIPS 186-3 draft, which has a few - * confusing errors in this part though) - */ - - ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, - ECDSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); goto err; } - - if (!BN_bin2bn(dgst, dgst_len, m)) + /* If still too long truncate remaining bits with a shift */ + if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) { ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); goto err; @@ -346,7 +343,7 @@ err: static int ecdsa_do_verify(const unsigned char *dgst, int dgst_len, const ECDSA_SIG *sig, EC_KEY *eckey) { - int ret = -1; + int ret = -1, i; BN_CTX *ctx; BIGNUM *order, *u1, *u2, *m, *X; EC_POINT *point = NULL; @@ -384,21 +381,6 @@ static int ecdsa_do_verify(const unsigned char *dgst, int dgst_len, ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); goto err; } - if (8 * dgst_len > BN_num_bits(order)) - { - /* XXX - * - * Should provide for optional hash truncation: - * Keep the BN_num_bits(order) leftmost bits of dgst - * (see March 2006 FIPS 186-3 draft, which has a few - * confusing errors in this part though) - */ - - ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, - ECDSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); - ret = 0; - goto err; - } if (BN_is_zero(sig->r) || BN_is_negative(sig->r) || BN_ucmp(sig->r, order) >= 0 || BN_is_zero(sig->s) || @@ -415,11 +397,23 @@ static int ecdsa_do_verify(const unsigned char *dgst, int dgst_len, goto err; } /* digest -> m */ + i = BN_num_bits(order); + /* Need to truncate digest if it is too long: first truncate whole + * bytes. + */ + if (8 * dgst_len > i) + dgst_len = (i + 7)/8; if (!BN_bin2bn(dgst, dgst_len, m)) { ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB); goto err; } + /* If still too long truncate remaining bits with a shift */ + if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) + { + ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB); + goto err; + } /* u1 = m * tmp mod order */ if (!BN_mod_mul(u1, m, u2, order, ctx)) { diff --git a/crypto/openssl/crypto/ecdsa/ecs_sign.c b/crypto/openssl/crypto/ecdsa/ecs_sign.c index 74b1fe8caf..353d5af514 100644 --- a/crypto/openssl/crypto/ecdsa/ecs_sign.c +++ b/crypto/openssl/crypto/ecdsa/ecs_sign.c @@ -57,6 +57,7 @@ #ifndef OPENSSL_NO_ENGINE #include #endif +#include ECDSA_SIG *ECDSA_do_sign(const unsigned char *dgst, int dlen, EC_KEY *eckey) { @@ -83,6 +84,7 @@ int ECDSA_sign_ex(int type, const unsigned char *dgst, int dlen, unsigned char EC_KEY *eckey) { ECDSA_SIG *s; + RAND_seed(dgst, dlen); s = ECDSA_do_sign_ex(dgst, dlen, kinv, r, eckey); if (s == NULL) { diff --git a/crypto/openssl/crypto/engine/eng_cnf.c b/crypto/openssl/crypto/engine/eng_cnf.c index 08066cea59..95c4070015 100644 --- a/crypto/openssl/crypto/engine/eng_cnf.c +++ b/crypto/openssl/crypto/engine/eng_cnf.c @@ -95,7 +95,7 @@ static int int_engine_configure(char *name, char *value, const CONF *cnf) int ret = 0; long do_init = -1; STACK_OF(CONF_VALUE) *ecmds; - CONF_VALUE *ecmd; + CONF_VALUE *ecmd = NULL; char *ctrlname, *ctrlvalue; ENGINE *e = NULL; int soft = 0; @@ -157,7 +157,7 @@ static int int_engine_configure(char *name, char *value, const CONF *cnf) return 1; } if (!e) - return 0; + goto err; } /* Allow "EMPTY" to mean no value: this allows a valid * "value" to be passed to ctrls of type NO_INPUT @@ -186,16 +186,27 @@ static int int_engine_configure(char *name, char *value, const CONF *cnf) } else if (!ENGINE_ctrl_cmd_string(e, ctrlname, ctrlvalue, 0)) - return 0; + goto err; } } if (e && (do_init == -1) && !int_engine_init(e)) + { + ecmd = NULL; goto err; + } ret = 1; err: + if (ret != 1) + { + ENGINEerr(ENGINE_F_INT_ENGINE_CONFIGURE, ENGINE_R_ENGINE_CONFIGURATION_ERROR); + if (ecmd) + ERR_add_error_data(6, "section=", ecmd->section, + ", name=", ecmd->name, + ", value=", ecmd->value); + } if (e) ENGINE_free(e); return ret; diff --git a/crypto/openssl/crypto/engine/eng_cryptodev.c b/crypto/openssl/crypto/engine/eng_cryptodev.c index ab38cd52f0..1a1e1c2655 100644 --- a/crypto/openssl/crypto/engine/eng_cryptodev.c +++ b/crypto/openssl/crypto/engine/eng_cryptodev.c @@ -30,9 +30,13 @@ #include #include #include +#include +#include +#include +#include #if (defined(__unix__) || defined(unix)) && !defined(USG) && \ - (defined(OpenBSD) || defined(__FreeBSD_version)) + (defined(OpenBSD) || defined(__FreeBSD__)) #include # if (OpenBSD >= 200112) || ((__FreeBSD_version >= 470101 && __FreeBSD_version < 500000) || __FreeBSD_version >= 500041) # define HAVE_CRYPTODEV @@ -79,7 +83,7 @@ static int cryptodev_max_iv(int cipher); static int cryptodev_key_length_valid(int cipher, int len); static int cipher_nid_to_cryptodev(int nid); static int get_cryptodev_ciphers(const int **cnids); -static int get_cryptodev_digests(const int **cnids); +/*static int get_cryptodev_digests(const int **cnids);*/ static int cryptodev_usable_ciphers(const int **nids); static int cryptodev_usable_digests(const int **nids); static int cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, @@ -100,7 +104,7 @@ static int cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, static int cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); static int cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, - RSA *rsa); + RSA *rsa, BN_CTX *ctx); static int cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx); static int cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); @@ -139,6 +143,7 @@ static struct { { 0, NID_undef, 0, 0, }, }; +#if 0 static struct { int id; int nid; @@ -151,6 +156,7 @@ static struct { { CRYPTO_SHA1, NID_undef, }, { 0, NID_undef, }, }; +#endif /* * Return a fd if /dev/crypto seems usable, 0 otherwise. @@ -285,6 +291,7 @@ get_cryptodev_ciphers(const int **cnids) return (count); } +#if 0 /* unused */ /* * Find out what digests /dev/crypto will let us have a session for. * XXX note, that some of these openssl doesn't deal with yet! @@ -321,6 +328,8 @@ get_cryptodev_digests(const int **cnids) return (count); } +#endif + /* * Find the useable ciphers|digests from dev/crypto - this is the first * thing called by the engine init crud which determines what it @@ -374,7 +383,7 @@ cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, struct crypt_op cryp; struct dev_crypto_state *state = ctx->cipher_data; struct session_op *sess = &state->d_sess; - void *iiv; + const void *iiv; unsigned char save_iv[EVP_MAX_IV_LENGTH]; if (state->d_fd < 0) @@ -398,7 +407,7 @@ cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, if (ctx->cipher->iv_len) { cryp.iv = (caddr_t) ctx->iv; if (!ctx->encrypt) { - iiv = (void *) in + inl - ctx->cipher->iv_len; + iiv = in + inl - ctx->cipher->iv_len; memcpy(save_iv, iiv, ctx->cipher->iv_len); } } else @@ -413,7 +422,7 @@ cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, if (ctx->cipher->iv_len) { if (ctx->encrypt) - iiv = (void *) out + inl - ctx->cipher->iv_len; + iiv = out + inl - ctx->cipher->iv_len; else iiv = save_iv; memcpy(ctx->iv, iiv, ctx->cipher->iv_len); @@ -443,7 +452,7 @@ cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, if ((state->d_fd = get_dev_crypto()) < 0) return (0); - sess->key = (unsigned char *)key; + sess->key = (char *)key; sess->keylen = ctx->key_len; sess->cipher = cipher; @@ -625,7 +634,7 @@ static int bn2crparam(const BIGNUM *a, struct crparam *crp) { int i, j, k; - ssize_t words, bytes, bits; + ssize_t bytes, bits; u_char *b; crp->crp_p = NULL; @@ -638,7 +647,7 @@ bn2crparam(const BIGNUM *a, struct crparam *crp) if (b == NULL) return (1); - crp->crp_p = b; + crp->crp_p = (char *)b; crp->crp_nbits = bits; for (i = 0, j = 0; i < a->top; i++) { @@ -756,14 +765,11 @@ err: } static int -cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa) +cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) { int r; - BN_CTX *ctx; - ctx = BN_CTX_new(); r = cryptodev_bn_mod_exp(r0, I, rsa->d, rsa->n, ctx, NULL); - BN_CTX_free(ctx); return (r); } @@ -994,7 +1000,7 @@ cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) goto err; kop.crk_iparams = 3; - kop.crk_param[3].crp_p = key; + kop.crk_param[3].crp_p = (char *)key; kop.crk_param[3].crp_nbits = keylen * 8; kop.crk_oparams = 1; diff --git a/crypto/openssl/crypto/engine/eng_ctrl.c b/crypto/openssl/crypto/engine/eng_ctrl.c index 95b6b455aa..5ce25d92ec 100644 --- a/crypto/openssl/crypto/engine/eng_ctrl.c +++ b/crypto/openssl/crypto/engine/eng_ctrl.c @@ -280,7 +280,7 @@ int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name, } /* Force the result of the control command to 0 or 1, for the reasons * mentioned before. */ - if (ENGINE_ctrl(e, num, i, p, f)) + if (ENGINE_ctrl(e, num, i, p, f) > 0) return 1; return 0; } @@ -345,7 +345,7 @@ int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg, * usage of these commands is consistent across applications and * that certain applications don't understand it one way, and * others another. */ - if(ENGINE_ctrl(e, num, 0, (void *)arg, NULL)) + if(ENGINE_ctrl(e, num, 0, (void *)arg, NULL) > 0) return 1; return 0; } @@ -360,7 +360,7 @@ int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg, if(flags & ENGINE_CMD_FLAG_STRING) { /* Same explanation as above */ - if(ENGINE_ctrl(e, num, 0, (void *)arg, NULL)) + if(ENGINE_ctrl(e, num, 0, (void *)arg, NULL) > 0) return 1; return 0; } @@ -383,7 +383,7 @@ int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg, } /* Force the result of the control command to 0 or 1, for the reasons * mentioned before. */ - if(ENGINE_ctrl(e, num, l, NULL, NULL)) + if(ENGINE_ctrl(e, num, l, NULL, NULL) > 0) return 1; return 0; } diff --git a/crypto/openssl/crypto/engine/eng_err.c b/crypto/openssl/crypto/engine/eng_err.c index 574ffbb5c0..ac74dd127a 100644 --- a/crypto/openssl/crypto/engine/eng_err.c +++ b/crypto/openssl/crypto/engine/eng_err.c @@ -1,6 +1,6 @@ /* crypto/engine/eng_err.c */ /* ==================================================================== - * Copyright (c) 1999-2008 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2010 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -124,6 +124,7 @@ static ERR_STRING_DATA ENGINE_str_reasons[]= {ERR_REASON(ENGINE_R_DSO_FAILURE) ,"DSO failure"}, {ERR_REASON(ENGINE_R_DSO_NOT_FOUND) ,"dso not found"}, {ERR_REASON(ENGINE_R_ENGINES_SECTION_ERROR),"engines section error"}, +{ERR_REASON(ENGINE_R_ENGINE_CONFIGURATION_ERROR),"engine configuration error"}, {ERR_REASON(ENGINE_R_ENGINE_IS_NOT_IN_LIST),"engine is not in the list"}, {ERR_REASON(ENGINE_R_ENGINE_SECTION_ERROR),"engine section error"}, {ERR_REASON(ENGINE_R_FAILED_LOADING_PRIVATE_KEY),"failed loading private key"}, diff --git a/crypto/openssl/crypto/engine/eng_table.c b/crypto/openssl/crypto/engine/eng_table.c index 8879a267d1..8fc47b3399 100644 --- a/crypto/openssl/crypto/engine/eng_table.c +++ b/crypto/openssl/crypto/engine/eng_table.c @@ -237,6 +237,7 @@ ENGINE *engine_table_select_tmp(ENGINE_TABLE **table, int nid, const char *f, in #endif return NULL; } + ERR_set_mark(); CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); /* Check again inside the lock otherwise we could race against cleanup * operations. But don't worry about a fprintf(stderr). */ @@ -310,6 +311,6 @@ end: CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); /* Whatever happened, any failed init()s are not failures in this * context, so clear our error state. */ - ERR_clear_error(); + ERR_pop_to_mark(); return ret; } diff --git a/crypto/openssl/crypto/engine/engine.h b/crypto/openssl/crypto/engine/engine.h index f503595ece..d4bc1efc79 100644 --- a/crypto/openssl/crypto/engine/engine.h +++ b/crypto/openssl/crypto/engine/engine.h @@ -339,9 +339,11 @@ void ENGINE_load_ubsec(void); void ENGINE_load_cryptodev(void); void ENGINE_load_padlock(void); void ENGINE_load_builtin_engines(void); +#ifdef OPENSSL_SYS_WIN32 #ifndef OPENSSL_NO_CAPIENG void ENGINE_load_capi(void); #endif +#endif /* Get and set global flags (ENGINE_TABLE_FLAG_***) for the implementation * "registry" handling. */ @@ -767,6 +769,7 @@ void ERR_load_ENGINE_strings(void); #define ENGINE_R_DSO_FAILURE 104 #define ENGINE_R_DSO_NOT_FOUND 132 #define ENGINE_R_ENGINES_SECTION_ERROR 148 +#define ENGINE_R_ENGINE_CONFIGURATION_ERROR 101 #define ENGINE_R_ENGINE_IS_NOT_IN_LIST 105 #define ENGINE_R_ENGINE_SECTION_ERROR 149 #define ENGINE_R_FAILED_LOADING_PRIVATE_KEY 128 diff --git a/crypto/openssl/crypto/err/err_all.c b/crypto/openssl/crypto/err/err_all.c index f21a5276ed..39796f7cc8 100644 --- a/crypto/openssl/crypto/err/err_all.c +++ b/crypto/openssl/crypto/err/err_all.c @@ -104,6 +104,7 @@ #ifndef OPENSSL_NO_JPAKE #include #endif +#include void ERR_load_crypto_strings(void) { @@ -157,5 +158,6 @@ void ERR_load_crypto_strings(void) #ifndef OPENSSL_NO_JPAKE ERR_load_JPAKE_strings(); #endif + ERR_load_COMP_strings(); #endif } diff --git a/crypto/openssl/crypto/evp/c_allc.c b/crypto/openssl/crypto/evp/c_allc.c index 7054d8125d..e45cee8ab0 100644 --- a/crypto/openssl/crypto/evp/c_allc.c +++ b/crypto/openssl/crypto/evp/c_allc.c @@ -71,6 +71,8 @@ void OpenSSL_add_all_ciphers(void) EVP_add_cipher(EVP_des_cfb8()); EVP_add_cipher(EVP_des_ede_cfb()); EVP_add_cipher(EVP_des_ede3_cfb()); + EVP_add_cipher(EVP_des_ede3_cfb1()); + EVP_add_cipher(EVP_des_ede3_cfb8()); EVP_add_cipher(EVP_des_ofb()); EVP_add_cipher(EVP_des_ede_ofb()); diff --git a/crypto/openssl/crypto/evp/c_alld.c b/crypto/openssl/crypto/evp/c_alld.c index d270b0ee03..e0841d12f2 100644 --- a/crypto/openssl/crypto/evp/c_alld.c +++ b/crypto/openssl/crypto/evp/c_alld.c @@ -64,9 +64,6 @@ void OpenSSL_add_all_digests(void) { -#ifndef OPENSSL_NO_MD2 - EVP_add_digest(EVP_md2()); -#endif #ifndef OPENSSL_NO_MD4 EVP_add_digest(EVP_md4()); #endif diff --git a/crypto/openssl/crypto/evp/digest.c b/crypto/openssl/crypto/evp/digest.c index 3bc2d1295c..6a8f39bef7 100644 --- a/crypto/openssl/crypto/evp/digest.c +++ b/crypto/openssl/crypto/evp/digest.c @@ -127,7 +127,8 @@ EVP_MD_CTX *EVP_MD_CTX_create(void) { EVP_MD_CTX *ctx=OPENSSL_malloc(sizeof *ctx); - EVP_MD_CTX_init(ctx); + if (ctx) + EVP_MD_CTX_init(ctx); return ctx; } @@ -299,7 +300,14 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) OPENSSL_free(ctx->md_data); ctx->digest=type; if (type->ctx_size) + { ctx->md_data=OPENSSL_malloc(type->ctx_size); + if (!ctx->md_data) + { + EVPerr(EVP_F_EVP_DIGESTINIT_EX, ERR_R_MALLOC_FAILURE); + return 0; + } + } } #ifndef OPENSSL_NO_ENGINE skip_to_init: @@ -380,8 +388,17 @@ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in) if (out->digest->ctx_size) { - if (tmp_buf) out->md_data = tmp_buf; - else out->md_data=OPENSSL_malloc(out->digest->ctx_size); + if (tmp_buf) + out->md_data = tmp_buf; + else + { + out->md_data=OPENSSL_malloc(out->digest->ctx_size); + if (!out->md_data) + { + EVPerr(EVP_F_EVP_MD_CTX_COPY_EX,ERR_R_MALLOC_FAILURE); + return 0; + } + } memcpy(out->md_data,in->md_data,out->digest->ctx_size); } diff --git a/crypto/openssl/crypto/evp/evp_lib.c b/crypto/openssl/crypto/evp/evp_lib.c index 174cf6c594..9c200617a6 100644 --- a/crypto/openssl/crypto/evp/evp_lib.c +++ b/crypto/openssl/crypto/evp/evp_lib.c @@ -163,6 +163,12 @@ int EVP_CIPHER_type(const EVP_CIPHER *ctx) return NID_des_cfb64; + case NID_des_ede3_cfb64: + case NID_des_ede3_cfb8: + case NID_des_ede3_cfb1: + + return NID_des_cfb64; + default: /* Check it has an OID and it is valid */ otmp = OBJ_nid2obj(nid); diff --git a/crypto/openssl/crypto/evp/evp_locl.h b/crypto/openssl/crypto/evp/evp_locl.h index eabcc96f30..72105b0fe2 100644 --- a/crypto/openssl/crypto/evp/evp_locl.h +++ b/crypto/openssl/crypto/evp/evp_locl.h @@ -127,9 +127,9 @@ BLOCK_CIPHER_def1(cname, cbc, cbc, CBC, kstruct, nid, block_size, key_len, \ #define BLOCK_CIPHER_def_cfb(cname, kstruct, nid, key_len, \ iv_len, cbits, flags, init_key, cleanup, \ set_asn1, get_asn1, ctrl) \ -BLOCK_CIPHER_def1(cname, cfb##cbits, cfb##cbits, CFB, kstruct, nid, 1, \ - key_len, iv_len, flags, init_key, cleanup, set_asn1, \ - get_asn1, ctrl) +BLOCK_CIPHER_def1(cname, cfb##cbits, cfb##cbits, CFB, kstruct, nid, \ + (cbits + 7)/8, key_len, iv_len, \ + flags, init_key, cleanup, set_asn1, get_asn1, ctrl) #define BLOCK_CIPHER_def_ofb(cname, kstruct, nid, key_len, \ iv_len, cbits, flags, init_key, cleanup, \ @@ -139,10 +139,10 @@ BLOCK_CIPHER_def1(cname, ofb##cbits, ofb, OFB, kstruct, nid, 1, \ get_asn1, ctrl) #define BLOCK_CIPHER_def_ecb(cname, kstruct, nid, block_size, key_len, \ - iv_len, flags, init_key, cleanup, set_asn1, \ + flags, init_key, cleanup, set_asn1, \ get_asn1, ctrl) \ BLOCK_CIPHER_def1(cname, ecb, ecb, ECB, kstruct, nid, block_size, key_len, \ - iv_len, flags, init_key, cleanup, set_asn1, get_asn1, ctrl) + 0, flags, init_key, cleanup, set_asn1, get_asn1, ctrl) #define BLOCK_CIPHER_defs(cname, kstruct, \ nid, block_size, key_len, iv_len, cbits, flags, \ @@ -153,7 +153,7 @@ BLOCK_CIPHER_def_cfb(cname, kstruct, nid, key_len, iv_len, cbits, \ flags, init_key, cleanup, set_asn1, get_asn1, ctrl) \ BLOCK_CIPHER_def_ofb(cname, kstruct, nid, key_len, iv_len, cbits, \ flags, init_key, cleanup, set_asn1, get_asn1, ctrl) \ -BLOCK_CIPHER_def_ecb(cname, kstruct, nid, block_size, key_len, iv_len, flags, \ +BLOCK_CIPHER_def_ecb(cname, kstruct, nid, block_size, key_len, flags, \ init_key, cleanup, set_asn1, get_asn1, ctrl) diff --git a/crypto/openssl/crypto/lhash/lhash.c b/crypto/openssl/crypto/lhash/lhash.c index 04ea80203c..0b41f87621 100644 --- a/crypto/openssl/crypto/lhash/lhash.c +++ b/crypto/openssl/crypto/lhash/lhash.c @@ -305,16 +305,40 @@ void lh_doall_arg(LHASH *lh, LHASH_DOALL_ARG_FN_TYPE func, void *arg) static void expand(LHASH *lh) { LHASH_NODE **n,**n1,**n2,*np; - unsigned int p,i,j; + unsigned int p,i,j,pmax; unsigned long hash,nni; + p=(int)lh->p++; + nni=lh->num_alloc_nodes; + pmax=lh->pmax; + + if ((lh->p) >= lh->pmax) + { + j=(int)lh->num_alloc_nodes*2; + n=(LHASH_NODE **)OPENSSL_realloc(lh->b, + (int)sizeof(LHASH_NODE *)*j); + if (n == NULL) + { +/* fputs("realloc error in lhash",stderr); */ + lh->error++; + lh->p=0; + return; + } + /* else */ + for (i=(int)lh->num_alloc_nodes; ipmax=lh->num_alloc_nodes; + lh->num_alloc_nodes=j; + lh->num_expand_reallocs++; + lh->p=0; + lh->b=n; + } + lh->num_nodes++; lh->num_expands++; - p=(int)lh->p++; n1= &(lh->b[p]); - n2= &(lh->b[p+(int)lh->pmax]); + n2= &(lh->b[p+pmax]); *n2=NULL; /* 27/07/92 - eay - undefined pointer bug */ - nni=lh->num_alloc_nodes; for (np= *n1; np != NULL; ) { @@ -335,35 +359,14 @@ static void expand(LHASH *lh) np= *n1; } - if ((lh->p) >= lh->pmax) - { - j=(int)lh->num_alloc_nodes*2; - n=(LHASH_NODE **)OPENSSL_realloc(lh->b, - (int)(sizeof(LHASH_NODE *)*j)); - if (n == NULL) - { -/* fputs("realloc error in lhash",stderr); */ - lh->error++; - lh->p=0; - return; - } - /* else */ - for (i=(int)lh->num_alloc_nodes; ipmax=lh->num_alloc_nodes; - lh->num_alloc_nodes=j; - lh->num_expand_reallocs++; - lh->p=0; - lh->b=n; - } } static void contract(LHASH *lh) { LHASH_NODE **n,*n1,*np; + int idx = lh->p+lh->pmax-1; - np=lh->b[lh->p+lh->pmax-1]; - lh->b[lh->p+lh->pmax-1]=NULL; /* 24/07-92 - eay - weird but :-( */ + np=lh->b[idx]; if (lh->p == 0) { n=(LHASH_NODE **)OPENSSL_realloc(lh->b, @@ -383,6 +386,7 @@ static void contract(LHASH *lh) else lh->p--; + lh->b[idx] = NULL; lh->num_nodes--; lh->num_contracts++; diff --git a/crypto/openssl/crypto/o_init.c b/crypto/openssl/crypto/o_init.c index 00ed65a6cf..2a5f5aac76 100644 --- a/crypto/openssl/crypto/o_init.c +++ b/crypto/openssl/crypto/o_init.c @@ -58,6 +58,11 @@ #include #include +/* Internal only functions: only ever used here */ +extern void int_ERR_lib_init(void); +extern void int_EVP_MD_init_engine_callbacks(void ); +extern void int_EVP_CIPHER_init_engine_callbacks(void ); +extern void int_RAND_init_engine_callbacks(void ); /* Perform any essential OpenSSL initialization operations. * Currently only sets FIPS callbacks @@ -73,7 +78,7 @@ void OPENSSL_init(void) #ifdef CRYPTO_MDEBUG CRYPTO_malloc_debug_init(); #endif -#ifdef OPENSSL_ENGINE +#ifndef OPENSSL_NO_ENGINE int_EVP_MD_init_engine_callbacks(); int_EVP_CIPHER_init_engine_callbacks(); int_RAND_init_engine_callbacks(); diff --git a/crypto/openssl/crypto/objects/obj_dat.c b/crypto/openssl/crypto/objects/obj_dat.c index 7fd7433241..760af16dd9 100644 --- a/crypto/openssl/crypto/objects/obj_dat.c +++ b/crypto/openssl/crypto/objects/obj_dat.c @@ -456,10 +456,13 @@ int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name) s=OBJ_nid2ln(nid); if (s == NULL) s=OBJ_nid2sn(nid); - if (buf) - BUF_strlcpy(buf,s,buf_len); - n=strlen(s); - return n; + if (s) + { + if (buf) + BUF_strlcpy(buf,s,buf_len); + n=strlen(s); + return n; + } } diff --git a/crypto/openssl/crypto/objects/obj_dat.h b/crypto/openssl/crypto/objects/obj_dat.h index dccc15e03c..23bdb4603a 100644 --- a/crypto/openssl/crypto/objects/obj_dat.h +++ b/crypto/openssl/crypto/objects/obj_dat.h @@ -62,12 +62,12 @@ * [including the GNU Public Licence.] */ -#define NUM_NID 859 -#define NUM_SN 852 -#define NUM_LN 852 -#define NUM_OBJ 806 +#define NUM_NID 893 +#define NUM_SN 886 +#define NUM_LN 886 +#define NUM_OBJ 840 -static unsigned char lvalues[5722]={ +static unsigned char lvalues[5824]={ 0x00, /* [ 0] OBJ_undef */ 0x2A,0x86,0x48,0x86,0xF7,0x0D, /* [ 1] OBJ_rsadsi */ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01, /* [ 7] OBJ_pkcs */ @@ -707,7 +707,7 @@ static unsigned char lvalues[5722]={ 0x2B, /* [4582] OBJ_identified_organization */ 0x2B,0x81,0x04, /* [4583] OBJ_certicom_arc */ 0x67,0x2B, /* [4586] OBJ_wap */ -0x67,0x2B,0x0D, /* [4588] OBJ_wap_wsg */ +0x67,0x2B,0x01, /* [4588] OBJ_wap_wsg */ 0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03, /* [4591] OBJ_X9_62_id_characteristic_two_basis */ 0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,0x01,/* [4599] OBJ_X9_62_onBasis */ 0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,0x02,/* [4608] OBJ_X9_62_tpBasis */ @@ -763,17 +763,17 @@ static unsigned char lvalues[5722]={ 0x2B,0x81,0x04,0x00,0x25, /* [4926] OBJ_sect409r1 */ 0x2B,0x81,0x04,0x00,0x26, /* [4931] OBJ_sect571k1 */ 0x2B,0x81,0x04,0x00,0x27, /* [4936] OBJ_sect571r1 */ -0x67,0x2B,0x0D,0x04,0x01, /* [4941] OBJ_wap_wsg_idm_ecid_wtls1 */ -0x67,0x2B,0x0D,0x04,0x03, /* [4946] OBJ_wap_wsg_idm_ecid_wtls3 */ -0x67,0x2B,0x0D,0x04,0x04, /* [4951] OBJ_wap_wsg_idm_ecid_wtls4 */ -0x67,0x2B,0x0D,0x04,0x05, /* [4956] OBJ_wap_wsg_idm_ecid_wtls5 */ -0x67,0x2B,0x0D,0x04,0x06, /* [4961] OBJ_wap_wsg_idm_ecid_wtls6 */ -0x67,0x2B,0x0D,0x04,0x07, /* [4966] OBJ_wap_wsg_idm_ecid_wtls7 */ -0x67,0x2B,0x0D,0x04,0x08, /* [4971] OBJ_wap_wsg_idm_ecid_wtls8 */ -0x67,0x2B,0x0D,0x04,0x09, /* [4976] OBJ_wap_wsg_idm_ecid_wtls9 */ -0x67,0x2B,0x0D,0x04,0x0A, /* [4981] OBJ_wap_wsg_idm_ecid_wtls10 */ -0x67,0x2B,0x0D,0x04,0x0B, /* [4986] OBJ_wap_wsg_idm_ecid_wtls11 */ -0x67,0x2B,0x0D,0x04,0x0C, /* [4991] OBJ_wap_wsg_idm_ecid_wtls12 */ +0x67,0x2B,0x01,0x04,0x01, /* [4941] OBJ_wap_wsg_idm_ecid_wtls1 */ +0x67,0x2B,0x01,0x04,0x03, /* [4946] OBJ_wap_wsg_idm_ecid_wtls3 */ +0x67,0x2B,0x01,0x04,0x04, /* [4951] OBJ_wap_wsg_idm_ecid_wtls4 */ +0x67,0x2B,0x01,0x04,0x05, /* [4956] OBJ_wap_wsg_idm_ecid_wtls5 */ +0x67,0x2B,0x01,0x04,0x06, /* [4961] OBJ_wap_wsg_idm_ecid_wtls6 */ +0x67,0x2B,0x01,0x04,0x07, /* [4966] OBJ_wap_wsg_idm_ecid_wtls7 */ +0x67,0x2B,0x01,0x04,0x08, /* [4971] OBJ_wap_wsg_idm_ecid_wtls8 */ +0x67,0x2B,0x01,0x04,0x09, /* [4976] OBJ_wap_wsg_idm_ecid_wtls9 */ +0x67,0x2B,0x01,0x04,0x0A, /* [4981] OBJ_wap_wsg_idm_ecid_wtls10 */ +0x67,0x2B,0x01,0x04,0x0B, /* [4986] OBJ_wap_wsg_idm_ecid_wtls11 */ +0x67,0x2B,0x01,0x04,0x0C, /* [4991] OBJ_wap_wsg_idm_ecid_wtls12 */ 0x55,0x1D,0x20,0x00, /* [4996] OBJ_any_policy */ 0x55,0x1D,0x21, /* [5000] OBJ_policy_mappings */ 0x55,0x1D,0x36, /* [5003] OBJ_inhibit_any_policy */ @@ -874,6 +874,40 @@ static unsigned char lvalues[5722]={ 0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x11,0x02,/* [5701] OBJ_LocalKeySet */ 0x55,0x1D,0x2E, /* [5710] OBJ_freshest_crl */ 0x2B,0x06,0x01,0x05,0x05,0x07,0x08,0x03, /* [5713] OBJ_id_on_permanentIdentifier */ +0x55,0x04,0x0E, /* [5721] OBJ_searchGuide */ +0x55,0x04,0x0F, /* [5724] OBJ_businessCategory */ +0x55,0x04,0x10, /* [5727] OBJ_postalAddress */ +0x55,0x04,0x12, /* [5730] OBJ_postOfficeBox */ +0x55,0x04,0x13, /* [5733] OBJ_physicalDeliveryOfficeName */ +0x55,0x04,0x14, /* [5736] OBJ_telephoneNumber */ +0x55,0x04,0x15, /* [5739] OBJ_telexNumber */ +0x55,0x04,0x16, /* [5742] OBJ_teletexTerminalIdentifier */ +0x55,0x04,0x17, /* [5745] OBJ_facsimileTelephoneNumber */ +0x55,0x04,0x18, /* [5748] OBJ_x121Address */ +0x55,0x04,0x19, /* [5751] OBJ_internationaliSDNNumber */ +0x55,0x04,0x1A, /* [5754] OBJ_registeredAddress */ +0x55,0x04,0x1B, /* [5757] OBJ_destinationIndicator */ +0x55,0x04,0x1C, /* [5760] OBJ_preferredDeliveryMethod */ +0x55,0x04,0x1D, /* [5763] OBJ_presentationAddress */ +0x55,0x04,0x1E, /* [5766] OBJ_supportedApplicationContext */ +0x55,0x04,0x1F, /* [5769] OBJ_member */ +0x55,0x04,0x20, /* [5772] OBJ_owner */ +0x55,0x04,0x21, /* [5775] OBJ_roleOccupant */ +0x55,0x04,0x22, /* [5778] OBJ_seeAlso */ +0x55,0x04,0x23, /* [5781] OBJ_userPassword */ +0x55,0x04,0x24, /* [5784] OBJ_userCertificate */ +0x55,0x04,0x25, /* [5787] OBJ_cACertificate */ +0x55,0x04,0x26, /* [5790] OBJ_authorityRevocationList */ +0x55,0x04,0x27, /* [5793] OBJ_certificateRevocationList */ +0x55,0x04,0x28, /* [5796] OBJ_crossCertificatePair */ +0x55,0x04,0x2F, /* [5799] OBJ_enhancedSearchGuide */ +0x55,0x04,0x30, /* [5802] OBJ_protocolInformation */ +0x55,0x04,0x31, /* [5805] OBJ_distinguishedName */ +0x55,0x04,0x32, /* [5808] OBJ_uniqueMember */ +0x55,0x04,0x33, /* [5811] OBJ_houseIdentifier */ +0x55,0x04,0x34, /* [5814] OBJ_supportedAlgorithms */ +0x55,0x04,0x35, /* [5817] OBJ_deltaRevocationList */ +0x55,0x04,0x36, /* [5820] OBJ_dmdName */ }; static ASN1_OBJECT nid_objs[NUM_NID]={ @@ -1928,7 +1962,7 @@ static ASN1_OBJECT nid_objs[NUM_NID]={ {"DES-CFB8","des-cfb8",NID_des_cfb8,0,NULL,0}, {"DES-EDE3-CFB1","des-ede3-cfb1",NID_des_ede3_cfb1,0,NULL,0}, {"DES-EDE3-CFB8","des-ede3-cfb8",NID_des_ede3_cfb8,0,NULL,0}, -{"streetAddress","streetAddress",NID_streetAddress,3,&(lvalues[4462]),0}, +{"street","streetAddress",NID_streetAddress,3,&(lvalues[4462]),0}, {"postalCode","postalCode",NID_postalCode,3,&(lvalues[4465]),0}, {"id-ppl","id-ppl",NID_id_ppl,7,&(lvalues[4468]),0}, {"proxyCertInfo","Proxy Certificate Information",NID_proxyCertInfo,8, @@ -2262,6 +2296,61 @@ static ASN1_OBJECT nid_objs[NUM_NID]={ &(lvalues[5710]),0}, {"id-on-permanentIdentifier","Permanent Identifier", NID_id_on_permanentIdentifier,8,&(lvalues[5713]),0}, +{"searchGuide","searchGuide",NID_searchGuide,3,&(lvalues[5721]),0}, +{"businessCategory","businessCategory",NID_businessCategory,3, + &(lvalues[5724]),0}, +{"postalAddress","postalAddress",NID_postalAddress,3,&(lvalues[5727]),0}, +{"postOfficeBox","postOfficeBox",NID_postOfficeBox,3,&(lvalues[5730]),0}, +{"physicalDeliveryOfficeName","physicalDeliveryOfficeName", + NID_physicalDeliveryOfficeName,3,&(lvalues[5733]),0}, +{"telephoneNumber","telephoneNumber",NID_telephoneNumber,3, + &(lvalues[5736]),0}, +{"telexNumber","telexNumber",NID_telexNumber,3,&(lvalues[5739]),0}, +{"teletexTerminalIdentifier","teletexTerminalIdentifier", + NID_teletexTerminalIdentifier,3,&(lvalues[5742]),0}, +{"facsimileTelephoneNumber","facsimileTelephoneNumber", + NID_facsimileTelephoneNumber,3,&(lvalues[5745]),0}, +{"x121Address","x121Address",NID_x121Address,3,&(lvalues[5748]),0}, +{"internationaliSDNNumber","internationaliSDNNumber", + NID_internationaliSDNNumber,3,&(lvalues[5751]),0}, +{"registeredAddress","registeredAddress",NID_registeredAddress,3, + &(lvalues[5754]),0}, +{"destinationIndicator","destinationIndicator", + NID_destinationIndicator,3,&(lvalues[5757]),0}, +{"preferredDeliveryMethod","preferredDeliveryMethod", + NID_preferredDeliveryMethod,3,&(lvalues[5760]),0}, +{"presentationAddress","presentationAddress",NID_presentationAddress, + 3,&(lvalues[5763]),0}, +{"supportedApplicationContext","supportedApplicationContext", + NID_supportedApplicationContext,3,&(lvalues[5766]),0}, +{"member","member",NID_member,3,&(lvalues[5769]),0}, +{"owner","owner",NID_owner,3,&(lvalues[5772]),0}, +{"roleOccupant","roleOccupant",NID_roleOccupant,3,&(lvalues[5775]),0}, +{"seeAlso","seeAlso",NID_seeAlso,3,&(lvalues[5778]),0}, +{"userPassword","userPassword",NID_userPassword,3,&(lvalues[5781]),0}, +{"userCertificate","userCertificate",NID_userCertificate,3, + &(lvalues[5784]),0}, +{"cACertificate","cACertificate",NID_cACertificate,3,&(lvalues[5787]),0}, +{"authorityRevocationList","authorityRevocationList", + NID_authorityRevocationList,3,&(lvalues[5790]),0}, +{"certificateRevocationList","certificateRevocationList", + NID_certificateRevocationList,3,&(lvalues[5793]),0}, +{"crossCertificatePair","crossCertificatePair", + NID_crossCertificatePair,3,&(lvalues[5796]),0}, +{"enhancedSearchGuide","enhancedSearchGuide",NID_enhancedSearchGuide, + 3,&(lvalues[5799]),0}, +{"protocolInformation","protocolInformation",NID_protocolInformation, + 3,&(lvalues[5802]),0}, +{"distinguishedName","distinguishedName",NID_distinguishedName,3, + &(lvalues[5805]),0}, +{"uniqueMember","uniqueMember",NID_uniqueMember,3,&(lvalues[5808]),0}, +{"houseIdentifier","houseIdentifier",NID_houseIdentifier,3, + &(lvalues[5811]),0}, +{"supportedAlgorithms","supportedAlgorithms",NID_supportedAlgorithms, + 3,&(lvalues[5814]),0}, +{"deltaRevocationList","deltaRevocationList",NID_deltaRevocationList, + 3,&(lvalues[5817]),0}, +{"dmdName","dmdName",NID_dmdName,3,&(lvalues[5820]),0}, }; static ASN1_OBJECT *sn_objs[NUM_SN]={ @@ -2458,10 +2547,12 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[501]),/* "audio" */ &(nid_objs[177]),/* "authorityInfoAccess" */ &(nid_objs[90]),/* "authorityKeyIdentifier" */ +&(nid_objs[882]),/* "authorityRevocationList" */ &(nid_objs[87]),/* "basicConstraints" */ &(nid_objs[365]),/* "basicOCSPResponse" */ &(nid_objs[285]),/* "biometricInfo" */ &(nid_objs[494]),/* "buildingName" */ +&(nid_objs[860]),/* "businessCategory" */ &(nid_objs[691]),/* "c2onb191v4" */ &(nid_objs[692]),/* "c2onb191v5" */ &(nid_objs[697]),/* "c2onb239v4" */ @@ -2482,6 +2573,7 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[696]),/* "c2tnb239v3" */ &(nid_objs[701]),/* "c2tnb359v1" */ &(nid_objs[703]),/* "c2tnb431r1" */ +&(nid_objs[881]),/* "cACertificate" */ &(nid_objs[483]),/* "cNAMERecord" */ &(nid_objs[179]),/* "caIssuers" */ &(nid_objs[785]),/* "caRepository" */ @@ -2490,6 +2582,7 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[677]),/* "certicom-arc" */ &(nid_objs[771]),/* "certificateIssuer" */ &(nid_objs[89]),/* "certificatePolicies" */ +&(nid_objs[883]),/* "certificateRevocationList" */ &(nid_objs[54]),/* "challengePassword" */ &(nid_objs[407]),/* "characteristic-two-field" */ &(nid_objs[395]),/* "clearance" */ @@ -2500,6 +2593,7 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[153]),/* "crlBag" */ &(nid_objs[103]),/* "crlDistributionPoints" */ &(nid_objs[88]),/* "crlNumber" */ +&(nid_objs[884]),/* "crossCertificatePair" */ &(nid_objs[806]),/* "cryptocom" */ &(nid_objs[805]),/* "cryptopro" */ &(nid_objs[500]),/* "dITRedirect" */ @@ -2508,9 +2602,13 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[434]),/* "data" */ &(nid_objs[390]),/* "dcobject" */ &(nid_objs[140]),/* "deltaCRL" */ +&(nid_objs[891]),/* "deltaRevocationList" */ &(nid_objs[107]),/* "description" */ +&(nid_objs[871]),/* "destinationIndicator" */ &(nid_objs[28]),/* "dhKeyAgreement" */ &(nid_objs[382]),/* "directory" */ +&(nid_objs[887]),/* "distinguishedName" */ +&(nid_objs[892]),/* "dmdName" */ &(nid_objs[174]),/* "dnQualifier" */ &(nid_objs[447]),/* "document" */ &(nid_objs[471]),/* "documentAuthor" */ @@ -2533,12 +2631,14 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[792]),/* "ecdsa-with-Specified" */ &(nid_objs[48]),/* "emailAddress" */ &(nid_objs[132]),/* "emailProtection" */ +&(nid_objs[885]),/* "enhancedSearchGuide" */ &(nid_objs[389]),/* "enterprises" */ &(nid_objs[384]),/* "experimental" */ &(nid_objs[172]),/* "extReq" */ &(nid_objs[56]),/* "extendedCertificateAttributes" */ &(nid_objs[126]),/* "extendedKeyUsage" */ &(nid_objs[372]),/* "extendedStatus" */ +&(nid_objs[867]),/* "facsimileTelephoneNumber" */ &(nid_objs[462]),/* "favouriteDrink" */ &(nid_objs[857]),/* "freshestCRL" */ &(nid_objs[453]),/* "friendlyCountry" */ @@ -2565,6 +2665,7 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[486]),/* "homePostalAddress" */ &(nid_objs[473]),/* "homeTelephoneNumber" */ &(nid_objs[466]),/* "host" */ +&(nid_objs[889]),/* "houseIdentifier" */ &(nid_objs[442]),/* "iA5StringSyntax" */ &(nid_objs[783]),/* "id-DHBasedMac" */ &(nid_objs[824]),/* "id-Gost28147-89-CryptoPro-A-ParamSet" */ @@ -2794,6 +2895,7 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[748]),/* "inhibitAnyPolicy" */ &(nid_objs[101]),/* "initials" */ &(nid_objs[647]),/* "international-organizations" */ +&(nid_objs[869]),/* "internationaliSDNNumber" */ &(nid_objs[142]),/* "invalidityDate" */ &(nid_objs[294]),/* "ipsecEndSystem" */ &(nid_objs[295]),/* "ipsecTunnel" */ @@ -2811,6 +2913,7 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[493]),/* "mailPreferenceOption" */ &(nid_objs[467]),/* "manager" */ &(nid_objs[809]),/* "md_gost94" */ +&(nid_objs[875]),/* "member" */ &(nid_objs[182]),/* "member-body" */ &(nid_objs[51]),/* "messageDigest" */ &(nid_objs[383]),/* "mgmt" */ @@ -2846,12 +2949,14 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[681]),/* "onBasis" */ &(nid_objs[491]),/* "organizationalStatus" */ &(nid_objs[475]),/* "otherMailbox" */ +&(nid_objs[876]),/* "owner" */ &(nid_objs[489]),/* "pagerTelephoneNumber" */ &(nid_objs[374]),/* "path" */ &(nid_objs[112]),/* "pbeWithMD5AndCast5CBC" */ &(nid_objs[499]),/* "personalSignature" */ &(nid_objs[487]),/* "personalTitle" */ &(nid_objs[464]),/* "photo" */ +&(nid_objs[863]),/* "physicalDeliveryOfficeName" */ &(nid_objs[437]),/* "pilot" */ &(nid_objs[439]),/* "pilotAttributeSyntax" */ &(nid_objs[438]),/* "pilotAttributeType" */ @@ -2877,8 +2982,12 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[47]),/* "pkcs9" */ &(nid_objs[401]),/* "policyConstraints" */ &(nid_objs[747]),/* "policyMappings" */ +&(nid_objs[862]),/* "postOfficeBox" */ +&(nid_objs[861]),/* "postalAddress" */ &(nid_objs[661]),/* "postalCode" */ &(nid_objs[683]),/* "ppBasis" */ +&(nid_objs[872]),/* "preferredDeliveryMethod" */ +&(nid_objs[873]),/* "presentationAddress" */ &(nid_objs[816]),/* "prf-gostr3411-94" */ &(nid_objs[406]),/* "prime-field" */ &(nid_objs[409]),/* "prime192v1" */ @@ -2890,13 +2999,16 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[415]),/* "prime256v1" */ &(nid_objs[385]),/* "private" */ &(nid_objs[84]),/* "privateKeyUsagePeriod" */ +&(nid_objs[886]),/* "protocolInformation" */ &(nid_objs[663]),/* "proxyCertInfo" */ &(nid_objs[510]),/* "pseudonym" */ &(nid_objs[435]),/* "pss" */ &(nid_objs[286]),/* "qcStatements" */ &(nid_objs[457]),/* "qualityLabelledData" */ &(nid_objs[450]),/* "rFC822localPart" */ +&(nid_objs[870]),/* "registeredAddress" */ &(nid_objs[400]),/* "role" */ +&(nid_objs[877]),/* "roleOccupant" */ &(nid_objs[448]),/* "room" */ &(nid_objs[463]),/* "roomNumber" */ &(nid_objs[ 6]),/* "rsaEncryption" */ @@ -2909,6 +3021,7 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[290]),/* "sbgp-ipAddrBlock" */ &(nid_objs[292]),/* "sbgp-routerIdentifier" */ &(nid_objs[159]),/* "sdsiCertificate" */ +&(nid_objs[859]),/* "searchGuide" */ &(nid_objs[704]),/* "secp112r1" */ &(nid_objs[705]),/* "secp112r2" */ &(nid_objs[706]),/* "secp128r1" */ @@ -2943,6 +3056,7 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[733]),/* "sect571k1" */ &(nid_objs[734]),/* "sect571r1" */ &(nid_objs[386]),/* "security" */ +&(nid_objs[878]),/* "seeAlso" */ &(nid_objs[394]),/* "selected-attribute-types" */ &(nid_objs[105]),/* "serialNumber" */ &(nid_objs[129]),/* "serverAuth" */ @@ -3081,14 +3195,19 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[454]),/* "simpleSecurityObject" */ &(nid_objs[496]),/* "singleLevelQuality" */ &(nid_objs[387]),/* "snmpv2" */ -&(nid_objs[660]),/* "streetAddress" */ +&(nid_objs[660]),/* "street" */ &(nid_objs[85]),/* "subjectAltName" */ &(nid_objs[769]),/* "subjectDirectoryAttributes" */ &(nid_objs[398]),/* "subjectInfoAccess" */ &(nid_objs[82]),/* "subjectKeyIdentifier" */ &(nid_objs[498]),/* "subtreeMaximumQuality" */ &(nid_objs[497]),/* "subtreeMinimumQuality" */ +&(nid_objs[890]),/* "supportedAlgorithms" */ +&(nid_objs[874]),/* "supportedApplicationContext" */ &(nid_objs[402]),/* "targetInformation" */ +&(nid_objs[864]),/* "telephoneNumber" */ +&(nid_objs[866]),/* "teletexTerminalIdentifier" */ +&(nid_objs[865]),/* "telexNumber" */ &(nid_objs[459]),/* "textEncodedORAddress" */ &(nid_objs[293]),/* "textNotice" */ &(nid_objs[133]),/* "timeStamping" */ @@ -3096,9 +3215,12 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[682]),/* "tpBasis" */ &(nid_objs[375]),/* "trustRoot" */ &(nid_objs[436]),/* "ucl" */ +&(nid_objs[888]),/* "uniqueMember" */ &(nid_objs[55]),/* "unstructuredAddress" */ &(nid_objs[49]),/* "unstructuredName" */ +&(nid_objs[880]),/* "userCertificate" */ &(nid_objs[465]),/* "userClass" */ +&(nid_objs[879]),/* "userPassword" */ &(nid_objs[373]),/* "valid" */ &(nid_objs[678]),/* "wap" */ &(nid_objs[679]),/* "wap-wsg" */ @@ -3114,6 +3236,7 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[741]),/* "wap-wsg-idm-ecid-wtls8" */ &(nid_objs[742]),/* "wap-wsg-idm-ecid-wtls9" */ &(nid_objs[804]),/* "whirlpool" */ +&(nid_objs[868]),/* "x121Address" */ &(nid_objs[503]),/* "x500UniqueIdentifier" */ &(nid_objs[158]),/* "x509Certificate" */ &(nid_objs[160]),/* "x509Crl" */ @@ -3284,11 +3407,13 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ &(nid_objs[484]),/* "associatedDomain" */ &(nid_objs[485]),/* "associatedName" */ &(nid_objs[501]),/* "audio" */ +&(nid_objs[882]),/* "authorityRevocationList" */ &(nid_objs[91]),/* "bf-cbc" */ &(nid_objs[93]),/* "bf-cfb" */ &(nid_objs[92]),/* "bf-ecb" */ &(nid_objs[94]),/* "bf-ofb" */ &(nid_objs[494]),/* "buildingName" */ +&(nid_objs[860]),/* "businessCategory" */ &(nid_objs[691]),/* "c2onb191v4" */ &(nid_objs[692]),/* "c2onb191v5" */ &(nid_objs[697]),/* "c2onb239v4" */ @@ -3309,6 +3434,7 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ &(nid_objs[696]),/* "c2tnb239v3" */ &(nid_objs[701]),/* "c2tnb359v1" */ &(nid_objs[703]),/* "c2tnb431r1" */ +&(nid_objs[881]),/* "cACertificate" */ &(nid_objs[483]),/* "cNAMERecord" */ &(nid_objs[751]),/* "camellia-128-cbc" */ &(nid_objs[757]),/* "camellia-128-cfb" */ @@ -3336,6 +3462,7 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ &(nid_objs[152]),/* "certBag" */ &(nid_objs[677]),/* "certicom-arc" */ &(nid_objs[517]),/* "certificate extensions" */ +&(nid_objs[883]),/* "certificateRevocationList" */ &(nid_objs[54]),/* "challengePassword" */ &(nid_objs[407]),/* "characteristic-two-field" */ &(nid_objs[395]),/* "clearance" */ @@ -3346,6 +3473,7 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ &(nid_objs[53]),/* "countersignature" */ &(nid_objs[14]),/* "countryName" */ &(nid_objs[153]),/* "crlBag" */ +&(nid_objs[884]),/* "crossCertificatePair" */ &(nid_objs[806]),/* "cryptocom" */ &(nid_objs[805]),/* "cryptopro" */ &(nid_objs[500]),/* "dITRedirect" */ @@ -3353,6 +3481,7 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ &(nid_objs[495]),/* "dSAQuality" */ &(nid_objs[434]),/* "data" */ &(nid_objs[390]),/* "dcObject" */ +&(nid_objs[891]),/* "deltaRevocationList" */ &(nid_objs[31]),/* "des-cbc" */ &(nid_objs[643]),/* "des-cdmf" */ &(nid_objs[30]),/* "des-cfb" */ @@ -3371,10 +3500,13 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ &(nid_objs[63]),/* "des-ede3-ofb" */ &(nid_objs[45]),/* "des-ofb" */ &(nid_objs[107]),/* "description" */ +&(nid_objs[871]),/* "destinationIndicator" */ &(nid_objs[80]),/* "desx-cbc" */ &(nid_objs[28]),/* "dhKeyAgreement" */ &(nid_objs[11]),/* "directory services (X.500)" */ &(nid_objs[378]),/* "directory services - algorithms" */ +&(nid_objs[887]),/* "distinguishedName" */ +&(nid_objs[892]),/* "dmdName" */ &(nid_objs[174]),/* "dnQualifier" */ &(nid_objs[447]),/* "document" */ &(nid_objs[471]),/* "documentAuthor" */ @@ -3404,7 +3536,9 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ &(nid_objs[792]),/* "ecdsa-with-Specified" */ &(nid_objs[48]),/* "emailAddress" */ &(nid_objs[632]),/* "encrypted track 2" */ +&(nid_objs[885]),/* "enhancedSearchGuide" */ &(nid_objs[56]),/* "extendedCertificateAttributes" */ +&(nid_objs[867]),/* "facsimileTelephoneNumber" */ &(nid_objs[462]),/* "favouriteDrink" */ &(nid_objs[453]),/* "friendlyCountry" */ &(nid_objs[490]),/* "friendlyCountryName" */ @@ -3426,6 +3560,7 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ &(nid_objs[486]),/* "homePostalAddress" */ &(nid_objs[473]),/* "homeTelephoneNumber" */ &(nid_objs[466]),/* "host" */ +&(nid_objs[889]),/* "houseIdentifier" */ &(nid_objs[442]),/* "iA5StringSyntax" */ &(nid_objs[381]),/* "iana" */ &(nid_objs[824]),/* "id-Gost28147-89-CryptoPro-A-ParamSet" */ @@ -3640,6 +3775,7 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ &(nid_objs[676]),/* "identified-organization" */ &(nid_objs[461]),/* "info" */ &(nid_objs[101]),/* "initials" */ +&(nid_objs[869]),/* "internationaliSDNNumber" */ &(nid_objs[749]),/* "ipsec3" */ &(nid_objs[750]),/* "ipsec4" */ &(nid_objs[181]),/* "iso" */ @@ -3666,6 +3802,7 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ &(nid_objs[ 8]),/* "md5WithRSAEncryption" */ &(nid_objs[95]),/* "mdc2" */ &(nid_objs[96]),/* "mdc2WithRSA" */ +&(nid_objs[875]),/* "member" */ &(nid_objs[602]),/* "merchant initiated auth" */ &(nid_objs[514]),/* "message extensions" */ &(nid_objs[51]),/* "messageDigest" */ @@ -3680,6 +3817,7 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ &(nid_objs[491]),/* "organizationalStatus" */ &(nid_objs[18]),/* "organizationalUnitName" */ &(nid_objs[475]),/* "otherMailbox" */ +&(nid_objs[876]),/* "owner" */ &(nid_objs[489]),/* "pagerTelephoneNumber" */ &(nid_objs[782]),/* "password based MAC" */ &(nid_objs[374]),/* "path" */ @@ -3700,6 +3838,7 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ &(nid_objs[499]),/* "personalSignature" */ &(nid_objs[487]),/* "personalTitle" */ &(nid_objs[464]),/* "photo" */ +&(nid_objs[863]),/* "physicalDeliveryOfficeName" */ &(nid_objs[437]),/* "pilot" */ &(nid_objs[439]),/* "pilotAttributeSyntax" */ &(nid_objs[438]),/* "pilotAttributeType" */ @@ -3722,8 +3861,12 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ &(nid_objs[22]),/* "pkcs7-signedData" */ &(nid_objs[151]),/* "pkcs8ShroudedKeyBag" */ &(nid_objs[47]),/* "pkcs9" */ +&(nid_objs[862]),/* "postOfficeBox" */ +&(nid_objs[861]),/* "postalAddress" */ &(nid_objs[661]),/* "postalCode" */ &(nid_objs[683]),/* "ppBasis" */ +&(nid_objs[872]),/* "preferredDeliveryMethod" */ +&(nid_objs[873]),/* "presentationAddress" */ &(nid_objs[406]),/* "prime-field" */ &(nid_objs[409]),/* "prime192v1" */ &(nid_objs[410]),/* "prime192v2" */ @@ -3732,6 +3875,7 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ &(nid_objs[413]),/* "prime239v2" */ &(nid_objs[414]),/* "prime239v3" */ &(nid_objs[415]),/* "prime256v1" */ +&(nid_objs[886]),/* "protocolInformation" */ &(nid_objs[510]),/* "pseudonym" */ &(nid_objs[435]),/* "pss" */ &(nid_objs[286]),/* "qcStatements" */ @@ -3749,10 +3893,12 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ &(nid_objs[122]),/* "rc5-cfb" */ &(nid_objs[121]),/* "rc5-ecb" */ &(nid_objs[123]),/* "rc5-ofb" */ +&(nid_objs[870]),/* "registeredAddress" */ &(nid_objs[460]),/* "rfc822Mailbox" */ &(nid_objs[117]),/* "ripemd160" */ &(nid_objs[119]),/* "ripemd160WithRSA" */ &(nid_objs[400]),/* "role" */ +&(nid_objs[877]),/* "roleOccupant" */ &(nid_objs[448]),/* "room" */ &(nid_objs[463]),/* "roomNumber" */ &(nid_objs[19]),/* "rsa" */ @@ -3766,6 +3912,7 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ &(nid_objs[290]),/* "sbgp-ipAddrBlock" */ &(nid_objs[292]),/* "sbgp-routerIdentifier" */ &(nid_objs[159]),/* "sdsiCertificate" */ +&(nid_objs[859]),/* "searchGuide" */ &(nid_objs[704]),/* "secp112r1" */ &(nid_objs[705]),/* "secp112r2" */ &(nid_objs[706]),/* "secp128r1" */ @@ -3800,6 +3947,7 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ &(nid_objs[733]),/* "sect571k1" */ &(nid_objs[734]),/* "sect571r1" */ &(nid_objs[635]),/* "secure device signature" */ +&(nid_objs[878]),/* "seeAlso" */ &(nid_objs[777]),/* "seed-cbc" */ &(nid_objs[779]),/* "seed-cfb" */ &(nid_objs[776]),/* "seed-ecb" */ @@ -3942,17 +4090,25 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ &(nid_objs[660]),/* "streetAddress" */ &(nid_objs[498]),/* "subtreeMaximumQuality" */ &(nid_objs[497]),/* "subtreeMinimumQuality" */ +&(nid_objs[890]),/* "supportedAlgorithms" */ +&(nid_objs[874]),/* "supportedApplicationContext" */ &(nid_objs[100]),/* "surname" */ +&(nid_objs[864]),/* "telephoneNumber" */ +&(nid_objs[866]),/* "teletexTerminalIdentifier" */ +&(nid_objs[865]),/* "telexNumber" */ &(nid_objs[459]),/* "textEncodedORAddress" */ &(nid_objs[293]),/* "textNotice" */ &(nid_objs[106]),/* "title" */ &(nid_objs[682]),/* "tpBasis" */ &(nid_objs[436]),/* "ucl" */ &(nid_objs[ 0]),/* "undefined" */ +&(nid_objs[888]),/* "uniqueMember" */ &(nid_objs[55]),/* "unstructuredAddress" */ &(nid_objs[49]),/* "unstructuredName" */ +&(nid_objs[880]),/* "userCertificate" */ &(nid_objs[465]),/* "userClass" */ &(nid_objs[458]),/* "userId" */ +&(nid_objs[879]),/* "userPassword" */ &(nid_objs[373]),/* "valid" */ &(nid_objs[678]),/* "wap" */ &(nid_objs[679]),/* "wap-wsg" */ @@ -3968,6 +4124,7 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ &(nid_objs[741]),/* "wap-wsg-idm-ecid-wtls8" */ &(nid_objs[742]),/* "wap-wsg-idm-ecid-wtls9" */ &(nid_objs[804]),/* "whirlpool" */ +&(nid_objs[868]),/* "x121Address" */ &(nid_objs[503]),/* "x500UniqueIdentifier" */ &(nid_objs[158]),/* "x509Certificate" */ &(nid_objs[160]),/* "x509Crl" */ @@ -4009,13 +4166,47 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={ &(nid_objs[18]),/* OBJ_organizationalUnitName 2 5 4 11 */ &(nid_objs[106]),/* OBJ_title 2 5 4 12 */ &(nid_objs[107]),/* OBJ_description 2 5 4 13 */ +&(nid_objs[859]),/* OBJ_searchGuide 2 5 4 14 */ +&(nid_objs[860]),/* OBJ_businessCategory 2 5 4 15 */ +&(nid_objs[861]),/* OBJ_postalAddress 2 5 4 16 */ &(nid_objs[661]),/* OBJ_postalCode 2 5 4 17 */ +&(nid_objs[862]),/* OBJ_postOfficeBox 2 5 4 18 */ +&(nid_objs[863]),/* OBJ_physicalDeliveryOfficeName 2 5 4 19 */ +&(nid_objs[864]),/* OBJ_telephoneNumber 2 5 4 20 */ +&(nid_objs[865]),/* OBJ_telexNumber 2 5 4 21 */ +&(nid_objs[866]),/* OBJ_teletexTerminalIdentifier 2 5 4 22 */ +&(nid_objs[867]),/* OBJ_facsimileTelephoneNumber 2 5 4 23 */ +&(nid_objs[868]),/* OBJ_x121Address 2 5 4 24 */ +&(nid_objs[869]),/* OBJ_internationaliSDNNumber 2 5 4 25 */ +&(nid_objs[870]),/* OBJ_registeredAddress 2 5 4 26 */ +&(nid_objs[871]),/* OBJ_destinationIndicator 2 5 4 27 */ +&(nid_objs[872]),/* OBJ_preferredDeliveryMethod 2 5 4 28 */ +&(nid_objs[873]),/* OBJ_presentationAddress 2 5 4 29 */ +&(nid_objs[874]),/* OBJ_supportedApplicationContext 2 5 4 30 */ +&(nid_objs[875]),/* OBJ_member 2 5 4 31 */ +&(nid_objs[876]),/* OBJ_owner 2 5 4 32 */ +&(nid_objs[877]),/* OBJ_roleOccupant 2 5 4 33 */ +&(nid_objs[878]),/* OBJ_seeAlso 2 5 4 34 */ +&(nid_objs[879]),/* OBJ_userPassword 2 5 4 35 */ +&(nid_objs[880]),/* OBJ_userCertificate 2 5 4 36 */ +&(nid_objs[881]),/* OBJ_cACertificate 2 5 4 37 */ +&(nid_objs[882]),/* OBJ_authorityRevocationList 2 5 4 38 */ +&(nid_objs[883]),/* OBJ_certificateRevocationList 2 5 4 39 */ +&(nid_objs[884]),/* OBJ_crossCertificatePair 2 5 4 40 */ &(nid_objs[173]),/* OBJ_name 2 5 4 41 */ &(nid_objs[99]),/* OBJ_givenName 2 5 4 42 */ &(nid_objs[101]),/* OBJ_initials 2 5 4 43 */ &(nid_objs[509]),/* OBJ_generationQualifier 2 5 4 44 */ &(nid_objs[503]),/* OBJ_x500UniqueIdentifier 2 5 4 45 */ &(nid_objs[174]),/* OBJ_dnQualifier 2 5 4 46 */ +&(nid_objs[885]),/* OBJ_enhancedSearchGuide 2 5 4 47 */ +&(nid_objs[886]),/* OBJ_protocolInformation 2 5 4 48 */ +&(nid_objs[887]),/* OBJ_distinguishedName 2 5 4 49 */ +&(nid_objs[888]),/* OBJ_uniqueMember 2 5 4 50 */ +&(nid_objs[889]),/* OBJ_houseIdentifier 2 5 4 51 */ +&(nid_objs[890]),/* OBJ_supportedAlgorithms 2 5 4 52 */ +&(nid_objs[891]),/* OBJ_deltaRevocationList 2 5 4 53 */ +&(nid_objs[892]),/* OBJ_dmdName 2 5 4 54 */ &(nid_objs[510]),/* OBJ_pseudonym 2 5 4 65 */ &(nid_objs[400]),/* OBJ_role 2 5 4 72 */ &(nid_objs[769]),/* OBJ_subject_directory_attributes 2 5 29 9 */ @@ -4049,7 +4240,7 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={ &(nid_objs[516]),/* OBJ_set_policy 2 23 42 5 */ &(nid_objs[517]),/* OBJ_set_certExt 2 23 42 7 */ &(nid_objs[518]),/* OBJ_set_brand 2 23 42 8 */ -&(nid_objs[679]),/* OBJ_wap_wsg 2 23 43 13 */ +&(nid_objs[679]),/* OBJ_wap_wsg 2 23 43 1 */ &(nid_objs[382]),/* OBJ_Directory 1 3 6 1 1 */ &(nid_objs[383]),/* OBJ_Management 1 3 6 1 2 */ &(nid_objs[384]),/* OBJ_Experimental 1 3 6 1 3 */ @@ -4235,17 +4426,17 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={ &(nid_objs[629]),/* OBJ_setAttr_IssCap_T2 2 23 42 3 3 4 */ &(nid_objs[630]),/* OBJ_setAttr_IssCap_Sig 2 23 42 3 3 5 */ &(nid_objs[642]),/* OBJ_set_brand_Novus 2 23 42 8 6011 */ -&(nid_objs[735]),/* OBJ_wap_wsg_idm_ecid_wtls1 2 23 43 13 4 1 */ -&(nid_objs[736]),/* OBJ_wap_wsg_idm_ecid_wtls3 2 23 43 13 4 3 */ -&(nid_objs[737]),/* OBJ_wap_wsg_idm_ecid_wtls4 2 23 43 13 4 4 */ -&(nid_objs[738]),/* OBJ_wap_wsg_idm_ecid_wtls5 2 23 43 13 4 5 */ -&(nid_objs[739]),/* OBJ_wap_wsg_idm_ecid_wtls6 2 23 43 13 4 6 */ -&(nid_objs[740]),/* OBJ_wap_wsg_idm_ecid_wtls7 2 23 43 13 4 7 */ -&(nid_objs[741]),/* OBJ_wap_wsg_idm_ecid_wtls8 2 23 43 13 4 8 */ -&(nid_objs[742]),/* OBJ_wap_wsg_idm_ecid_wtls9 2 23 43 13 4 9 */ -&(nid_objs[743]),/* OBJ_wap_wsg_idm_ecid_wtls10 2 23 43 13 4 10 */ -&(nid_objs[744]),/* OBJ_wap_wsg_idm_ecid_wtls11 2 23 43 13 4 11 */ -&(nid_objs[745]),/* OBJ_wap_wsg_idm_ecid_wtls12 2 23 43 13 4 12 */ +&(nid_objs[735]),/* OBJ_wap_wsg_idm_ecid_wtls1 2 23 43 1 4 1 */ +&(nid_objs[736]),/* OBJ_wap_wsg_idm_ecid_wtls3 2 23 43 1 4 3 */ +&(nid_objs[737]),/* OBJ_wap_wsg_idm_ecid_wtls4 2 23 43 1 4 4 */ +&(nid_objs[738]),/* OBJ_wap_wsg_idm_ecid_wtls5 2 23 43 1 4 5 */ +&(nid_objs[739]),/* OBJ_wap_wsg_idm_ecid_wtls6 2 23 43 1 4 6 */ +&(nid_objs[740]),/* OBJ_wap_wsg_idm_ecid_wtls7 2 23 43 1 4 7 */ +&(nid_objs[741]),/* OBJ_wap_wsg_idm_ecid_wtls8 2 23 43 1 4 8 */ +&(nid_objs[742]),/* OBJ_wap_wsg_idm_ecid_wtls9 2 23 43 1 4 9 */ +&(nid_objs[743]),/* OBJ_wap_wsg_idm_ecid_wtls10 2 23 43 1 4 10 */ +&(nid_objs[744]),/* OBJ_wap_wsg_idm_ecid_wtls11 2 23 43 1 4 11 */ +&(nid_objs[745]),/* OBJ_wap_wsg_idm_ecid_wtls12 2 23 43 1 4 12 */ &(nid_objs[804]),/* OBJ_whirlpool 1 0 10118 3 0 55 */ &(nid_objs[124]),/* OBJ_rle_compression 1 1 1 1 666 1 */ &(nid_objs[773]),/* OBJ_kisa 1 2 410 200004 */ diff --git a/crypto/openssl/crypto/objects/obj_mac.h b/crypto/openssl/crypto/objects/obj_mac.h index ad5f7cfc10..282f11a8a8 100644 --- a/crypto/openssl/crypto/objects/obj_mac.h +++ b/crypto/openssl/crypto/objects/obj_mac.h @@ -122,7 +122,7 @@ #define SN_wap_wsg "wap-wsg" #define NID_wap_wsg 679 -#define OBJ_wap_wsg OBJ_wap,13L +#define OBJ_wap_wsg OBJ_wap,1L #define SN_selected_attribute_types "selected-attribute-types" #define LN_selected_attribute_types "Selected Attribute Types" @@ -2049,6 +2049,7 @@ #define NID_stateOrProvinceName 16 #define OBJ_stateOrProvinceName OBJ_X509,8L +#define SN_streetAddress "street" #define LN_streetAddress "streetAddress" #define NID_streetAddress 660 #define OBJ_streetAddress OBJ_X509,9L @@ -2063,6 +2064,7 @@ #define NID_organizationalUnitName 18 #define OBJ_organizationalUnitName OBJ_X509,11L +#define SN_title "title" #define LN_title "title" #define NID_title 106 #define OBJ_title OBJ_X509,12L @@ -2071,10 +2073,114 @@ #define NID_description 107 #define OBJ_description OBJ_X509,13L +#define LN_searchGuide "searchGuide" +#define NID_searchGuide 859 +#define OBJ_searchGuide OBJ_X509,14L + +#define LN_businessCategory "businessCategory" +#define NID_businessCategory 860 +#define OBJ_businessCategory OBJ_X509,15L + +#define LN_postalAddress "postalAddress" +#define NID_postalAddress 861 +#define OBJ_postalAddress OBJ_X509,16L + #define LN_postalCode "postalCode" #define NID_postalCode 661 #define OBJ_postalCode OBJ_X509,17L +#define LN_postOfficeBox "postOfficeBox" +#define NID_postOfficeBox 862 +#define OBJ_postOfficeBox OBJ_X509,18L + +#define LN_physicalDeliveryOfficeName "physicalDeliveryOfficeName" +#define NID_physicalDeliveryOfficeName 863 +#define OBJ_physicalDeliveryOfficeName OBJ_X509,19L + +#define LN_telephoneNumber "telephoneNumber" +#define NID_telephoneNumber 864 +#define OBJ_telephoneNumber OBJ_X509,20L + +#define LN_telexNumber "telexNumber" +#define NID_telexNumber 865 +#define OBJ_telexNumber OBJ_X509,21L + +#define LN_teletexTerminalIdentifier "teletexTerminalIdentifier" +#define NID_teletexTerminalIdentifier 866 +#define OBJ_teletexTerminalIdentifier OBJ_X509,22L + +#define LN_facsimileTelephoneNumber "facsimileTelephoneNumber" +#define NID_facsimileTelephoneNumber 867 +#define OBJ_facsimileTelephoneNumber OBJ_X509,23L + +#define LN_x121Address "x121Address" +#define NID_x121Address 868 +#define OBJ_x121Address OBJ_X509,24L + +#define LN_internationaliSDNNumber "internationaliSDNNumber" +#define NID_internationaliSDNNumber 869 +#define OBJ_internationaliSDNNumber OBJ_X509,25L + +#define LN_registeredAddress "registeredAddress" +#define NID_registeredAddress 870 +#define OBJ_registeredAddress OBJ_X509,26L + +#define LN_destinationIndicator "destinationIndicator" +#define NID_destinationIndicator 871 +#define OBJ_destinationIndicator OBJ_X509,27L + +#define LN_preferredDeliveryMethod "preferredDeliveryMethod" +#define NID_preferredDeliveryMethod 872 +#define OBJ_preferredDeliveryMethod OBJ_X509,28L + +#define LN_presentationAddress "presentationAddress" +#define NID_presentationAddress 873 +#define OBJ_presentationAddress OBJ_X509,29L + +#define LN_supportedApplicationContext "supportedApplicationContext" +#define NID_supportedApplicationContext 874 +#define OBJ_supportedApplicationContext OBJ_X509,30L + +#define SN_member "member" +#define NID_member 875 +#define OBJ_member OBJ_X509,31L + +#define SN_owner "owner" +#define NID_owner 876 +#define OBJ_owner OBJ_X509,32L + +#define LN_roleOccupant "roleOccupant" +#define NID_roleOccupant 877 +#define OBJ_roleOccupant OBJ_X509,33L + +#define SN_seeAlso "seeAlso" +#define NID_seeAlso 878 +#define OBJ_seeAlso OBJ_X509,34L + +#define LN_userPassword "userPassword" +#define NID_userPassword 879 +#define OBJ_userPassword OBJ_X509,35L + +#define LN_userCertificate "userCertificate" +#define NID_userCertificate 880 +#define OBJ_userCertificate OBJ_X509,36L + +#define LN_cACertificate "cACertificate" +#define NID_cACertificate 881 +#define OBJ_cACertificate OBJ_X509,37L + +#define LN_authorityRevocationList "authorityRevocationList" +#define NID_authorityRevocationList 882 +#define OBJ_authorityRevocationList OBJ_X509,38L + +#define LN_certificateRevocationList "certificateRevocationList" +#define NID_certificateRevocationList 883 +#define OBJ_certificateRevocationList OBJ_X509,39L + +#define LN_crossCertificatePair "crossCertificatePair" +#define NID_crossCertificatePair 884 +#define OBJ_crossCertificatePair OBJ_X509,40L + #define SN_name "name" #define LN_name "name" #define NID_name 173 @@ -2085,6 +2191,7 @@ #define NID_givenName 99 #define OBJ_givenName OBJ_X509,42L +#define SN_initials "initials" #define LN_initials "initials" #define NID_initials 101 #define OBJ_initials OBJ_X509,43L @@ -2102,6 +2209,38 @@ #define NID_dnQualifier 174 #define OBJ_dnQualifier OBJ_X509,46L +#define LN_enhancedSearchGuide "enhancedSearchGuide" +#define NID_enhancedSearchGuide 885 +#define OBJ_enhancedSearchGuide OBJ_X509,47L + +#define LN_protocolInformation "protocolInformation" +#define NID_protocolInformation 886 +#define OBJ_protocolInformation OBJ_X509,48L + +#define LN_distinguishedName "distinguishedName" +#define NID_distinguishedName 887 +#define OBJ_distinguishedName OBJ_X509,49L + +#define LN_uniqueMember "uniqueMember" +#define NID_uniqueMember 888 +#define OBJ_uniqueMember OBJ_X509,50L + +#define LN_houseIdentifier "houseIdentifier" +#define NID_houseIdentifier 889 +#define OBJ_houseIdentifier OBJ_X509,51L + +#define LN_supportedAlgorithms "supportedAlgorithms" +#define NID_supportedAlgorithms 890 +#define OBJ_supportedAlgorithms OBJ_X509,52L + +#define LN_deltaRevocationList "deltaRevocationList" +#define NID_deltaRevocationList 891 +#define OBJ_deltaRevocationList OBJ_X509,53L + +#define SN_dmdName "dmdName" +#define NID_dmdName 892 +#define OBJ_dmdName OBJ_X509,54L + #define LN_pseudonym "pseudonym" #define NID_pseudonym 510 #define OBJ_pseudonym OBJ_X509,65L diff --git a/crypto/openssl/crypto/ocsp/ocsp_prn.c b/crypto/openssl/crypto/ocsp/ocsp_prn.c index 3dfb51c1e4..01f81e7a59 100644 --- a/crypto/openssl/crypto/ocsp/ocsp_prn.c +++ b/crypto/openssl/crypto/ocsp/ocsp_prn.c @@ -266,12 +266,12 @@ int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags) if (!ASN1_GENERALIZEDTIME_print(bp,single->nextUpdate)) goto err; } - if (!BIO_write(bp,"\n",1)) goto err; + if (BIO_write(bp,"\n",1) <= 0) goto err; if (!X509V3_extensions_print(bp, "Response Single Extensions", single->singleExtensions, flags, 8)) goto err; - if (!BIO_write(bp,"\n",1)) goto err; + if (BIO_write(bp,"\n",1) <= 0) goto err; } if (!X509V3_extensions_print(bp, "Response Extensions", rd->responseExtensions, flags, 4)) diff --git a/crypto/openssl/crypto/opensslv.h b/crypto/openssl/crypto/opensslv.h index c41a38a362..3d794d9dad 100644 --- a/crypto/openssl/crypto/opensslv.h +++ b/crypto/openssl/crypto/opensslv.h @@ -25,11 +25,11 @@ * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * major minor fix final patch/beta) */ -#define OPENSSL_VERSION_NUMBER 0x009080cfL +#define OPENSSL_VERSION_NUMBER 0x009080dfL #ifdef OPENSSL_FIPS -#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8l-fips 5 Nov 2009" +#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8m-fips 25 Feb 2010" #else -#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8l 5 Nov 2009" +#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8m 25 Feb 2010" #endif #define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT diff --git a/crypto/openssl/crypto/pem/pem_seal.c b/crypto/openssl/crypto/pem/pem_seal.c index 4e554e5481..59690b56ae 100644 --- a/crypto/openssl/crypto/pem/pem_seal.c +++ b/crypto/openssl/crypto/pem/pem_seal.c @@ -100,7 +100,7 @@ int PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type, EVP_MD *md_type, EVP_CIPHER_CTX_init(&ctx->cipher); ret=EVP_SealInit(&ctx->cipher,type,ek,ekl,iv,pubk,npubk); - if (!ret) goto err; + if (ret <= 0) goto err; /* base64 encode the keys */ for (i=0; i +#ifdef OPENSSL_SYS_NETWARE +/* Rename these functions to avoid name clashes on NetWare OS */ +#define uni2asc OPENSSL_uni2asc +#define asc2uni OPENSSL_asc2uni +#endif + /* Add a local keyid to a safebag */ int PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, unsigned char *name, diff --git a/crypto/openssl/crypto/pkcs12/p12_key.c b/crypto/openssl/crypto/pkcs12/p12_key.c index 9e57eee4a4..5cfe7278df 100644 --- a/crypto/openssl/crypto/pkcs12/p12_key.c +++ b/crypto/openssl/crypto/pkcs12/p12_key.c @@ -69,6 +69,12 @@ extern BIO *bio_err; void h__dump (unsigned char *p, int len); #endif +#ifdef OPENSSL_SYS_NETWARE +/* Rename these functions to avoid name clashes on NetWare OS */ +#define uni2asc OPENSSL_uni2asc +#define asc2uni OPENSSL_asc2uni +#endif + /* PKCS12 compatible key/IV generation */ #ifndef min #define min(a,b) ((a) < (b) ? (a) : (b)) diff --git a/crypto/openssl/crypto/pkcs12/p12_utl.c b/crypto/openssl/crypto/pkcs12/p12_utl.c index ca30ac4f6d..2edbf905c5 100644 --- a/crypto/openssl/crypto/pkcs12/p12_utl.c +++ b/crypto/openssl/crypto/pkcs12/p12_utl.c @@ -60,6 +60,12 @@ #include "cryptlib.h" #include +#ifdef OPENSSL_SYS_NETWARE +/* Rename these functions to avoid name clashes on NetWare OS */ +#define uni2asc OPENSSL_uni2asc +#define asc2uni OPENSSL_asc2uni +#endif + /* Cheap and nasty Unicode stuff */ unsigned char *asc2uni(const char *asc, int asclen, unsigned char **uni, int *unilen) diff --git a/crypto/openssl/crypto/pkcs12/pkcs12.h b/crypto/openssl/crypto/pkcs12/pkcs12.h index 4bee605dc0..78317fb1fa 100644 --- a/crypto/openssl/crypto/pkcs12/pkcs12.h +++ b/crypto/openssl/crypto/pkcs12/pkcs12.h @@ -232,9 +232,14 @@ int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen, const EVP_MD *md_type); int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, int saltlen, const EVP_MD *md_type); +#if defined(NETWARE) || defined(OPENSSL_SYS_NETWARE) +/* Rename these functions to avoid name clashes on NetWare OS */ +unsigned char *OPENSSL_asc2uni(const char *asc, int asclen, unsigned char **uni, int *unilen); +char *OPENSSL_uni2asc(unsigned char *uni, int unilen); +#else unsigned char *asc2uni(const char *asc, int asclen, unsigned char **uni, int *unilen); char *uni2asc(unsigned char *uni, int unilen); - +#endif DECLARE_ASN1_FUNCTIONS(PKCS12) DECLARE_ASN1_FUNCTIONS(PKCS12_MAC_DATA) DECLARE_ASN1_FUNCTIONS(PKCS12_SAFEBAG) diff --git a/crypto/openssl/crypto/pkcs7/pk7_mime.c b/crypto/openssl/crypto/pkcs7/pk7_mime.c index bf190360d7..7762d647ca 100644 --- a/crypto/openssl/crypto/pkcs7/pk7_mime.c +++ b/crypto/openssl/crypto/pkcs7/pk7_mime.c @@ -50,10 +50,6 @@ * OF THE POSSIBILITY OF SUCH DAMAGE. * ==================================================================== * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * */ #include @@ -61,200 +57,47 @@ #include "cryptlib.h" #include #include +#include -/* MIME and related routines */ - -/* MIME format structures - * Note that all are translated to lower case apart from - * parameter values. Quotes are stripped off - */ - -typedef struct { -char *param_name; /* Param name e.g. "micalg" */ -char *param_value; /* Param value e.g. "sha1" */ -} MIME_PARAM; - -DECLARE_STACK_OF(MIME_PARAM) -IMPLEMENT_STACK_OF(MIME_PARAM) - -typedef struct { -char *name; /* Name of line e.g. "content-type" */ -char *value; /* Value of line e.g. "text/plain" */ -STACK_OF(MIME_PARAM) *params; /* Zero or more parameters */ -} MIME_HEADER; - -DECLARE_STACK_OF(MIME_HEADER) -IMPLEMENT_STACK_OF(MIME_HEADER) - -static int pkcs7_output_data(BIO *bio, BIO *data, PKCS7 *p7, int flags); -static int B64_write_PKCS7(BIO *bio, PKCS7 *p7); -static PKCS7 *B64_read_PKCS7(BIO *bio); -static char * strip_ends(char *name); -static char * strip_start(char *name); -static char * strip_end(char *name); -static MIME_HEADER *mime_hdr_new(char *name, char *value); -static int mime_hdr_addparam(MIME_HEADER *mhdr, char *name, char *value); -static STACK_OF(MIME_HEADER) *mime_parse_hdr(BIO *bio); -static int mime_hdr_cmp(const MIME_HEADER * const *a, - const MIME_HEADER * const *b); -static int mime_param_cmp(const MIME_PARAM * const *a, - const MIME_PARAM * const *b); -static void mime_param_free(MIME_PARAM *param); -static int mime_bound_check(char *line, int linelen, char *bound, int blen); -static int multi_split(BIO *bio, char *bound, STACK_OF(BIO) **ret); -static int strip_eol(char *linebuf, int *plen); -static MIME_HEADER *mime_hdr_find(STACK_OF(MIME_HEADER) *hdrs, char *name); -static MIME_PARAM *mime_param_find(MIME_HEADER *hdr, char *name); -static void mime_hdr_free(MIME_HEADER *hdr); +/* PKCS#7 wrappers round generalised MIME routines */ -#define MAX_SMLEN 1024 -#define mime_debug(x) /* x */ - -/* Base 64 read and write of PKCS#7 structure */ - -static int B64_write_PKCS7(BIO *bio, PKCS7 *p7) -{ - BIO *b64; - if(!(b64 = BIO_new(BIO_f_base64()))) { - PKCS7err(PKCS7_F_B64_WRITE_PKCS7,ERR_R_MALLOC_FAILURE); - return 0; - } - bio = BIO_push(b64, bio); - i2d_PKCS7_bio(bio, p7); - (void)BIO_flush(bio); - bio = BIO_pop(bio); - BIO_free(b64); - return 1; -} - -static PKCS7 *B64_read_PKCS7(BIO *bio) -{ - BIO *b64; - PKCS7 *p7; - if(!(b64 = BIO_new(BIO_f_base64()))) { - PKCS7err(PKCS7_F_B64_READ_PKCS7,ERR_R_MALLOC_FAILURE); - return 0; - } - bio = BIO_push(b64, bio); - if(!(p7 = d2i_PKCS7_bio(bio, NULL))) - PKCS7err(PKCS7_F_B64_READ_PKCS7,PKCS7_R_DECODE_ERROR); - (void)BIO_flush(bio); - bio = BIO_pop(bio); - BIO_free(b64); - return p7; -} - -/* SMIME sender */ - -int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags) -{ - char bound[33], c; - int i; - char *mime_prefix, *mime_eol, *msg_type=NULL; - if (flags & PKCS7_NOOLDMIMETYPE) - mime_prefix = "application/pkcs7-"; - else - mime_prefix = "application/x-pkcs7-"; - - if (flags & PKCS7_CRLFEOL) - mime_eol = "\r\n"; - else - mime_eol = "\n"; - if((flags & PKCS7_DETACHED) && data) { - /* We want multipart/signed */ - /* Generate a random boundary */ - RAND_pseudo_bytes((unsigned char *)bound, 32); - for(i = 0; i < 32; i++) { - c = bound[i] & 0xf; - if(c < 10) c += '0'; - else c += 'A' - 10; - bound[i] = c; - } - bound[32] = 0; - BIO_printf(bio, "MIME-Version: 1.0%s", mime_eol); - BIO_printf(bio, "Content-Type: multipart/signed;"); - BIO_printf(bio, " protocol=\"%ssignature\";", mime_prefix); - BIO_printf(bio, " micalg=sha1; boundary=\"----%s\"%s%s", - bound, mime_eol, mime_eol); - BIO_printf(bio, "This is an S/MIME signed message%s%s", - mime_eol, mime_eol); - /* Now write out the first part */ - BIO_printf(bio, "------%s%s", bound, mime_eol); - pkcs7_output_data(bio, data, p7, flags); - BIO_printf(bio, "%s------%s%s", mime_eol, bound, mime_eol); - - /* Headers for signature */ - - BIO_printf(bio, "Content-Type: %ssignature;", mime_prefix); - BIO_printf(bio, " name=\"smime.p7s\"%s", mime_eol); - BIO_printf(bio, "Content-Transfer-Encoding: base64%s", - mime_eol); - BIO_printf(bio, "Content-Disposition: attachment;"); - BIO_printf(bio, " filename=\"smime.p7s\"%s%s", - mime_eol, mime_eol); - B64_write_PKCS7(bio, p7); - BIO_printf(bio,"%s------%s--%s%s", mime_eol, bound, - mime_eol, mime_eol); - return 1; +PKCS7 *SMIME_read_PKCS7(BIO *bio, BIO **bcont) + { + return (PKCS7 *)SMIME_read_ASN1(bio, bcont, ASN1_ITEM_rptr(PKCS7)); } - /* Determine smime-type header */ - - if (PKCS7_type_is_enveloped(p7)) - msg_type = "enveloped-data"; - else if (PKCS7_type_is_signed(p7)) - { - /* If we have any signers it is signed-data othewise - * certs-only. - */ - STACK_OF(PKCS7_SIGNER_INFO) *sinfos; - sinfos = PKCS7_get_signer_info(p7); - if (sk_PKCS7_SIGNER_INFO_num(sinfos) > 0) - msg_type = "signed-data"; - else - msg_type = "certs-only"; - } - /* MIME headers */ - BIO_printf(bio, "MIME-Version: 1.0%s", mime_eol); - BIO_printf(bio, "Content-Disposition: attachment;"); - BIO_printf(bio, " filename=\"smime.p7m\"%s", mime_eol); - BIO_printf(bio, "Content-Type: %smime;", mime_prefix); - if (msg_type) - BIO_printf(bio, " smime-type=%s;", msg_type); - BIO_printf(bio, " name=\"smime.p7m\"%s", mime_eol); - BIO_printf(bio, "Content-Transfer-Encoding: base64%s%s", - mime_eol, mime_eol); - B64_write_PKCS7(bio, p7); - BIO_printf(bio, "%s", mime_eol); - return 1; -} - -/* Handle output of PKCS#7 data */ +/* Callback for int_smime_write_ASN1 */ - -static int pkcs7_output_data(BIO *out, BIO *data, PKCS7 *p7, int flags) +static int pk7_output_data(BIO *out, BIO *data, ASN1_VALUE *val, int flags, + const ASN1_ITEM *it) { + PKCS7 *p7 = (PKCS7 *)val; BIO *tmpbio, *p7bio; + int r = 0; - if (!(flags & PKCS7_STREAM)) + if (!(flags & SMIME_DETACHED)) { SMIME_crlf_copy(data, out, flags); return 1; } - /* Partial sign operation */ + /* Let PKCS7 code prepend any needed BIOs */ - /* Initialize sign operation */ p7bio = PKCS7_dataInit(p7, out); - /* Copy data across, computing digests etc */ + if (!p7bio) + return 0; + + /* Copy data across, passing through filter BIOs for processing */ SMIME_crlf_copy(data, p7bio, flags); - /* Must be detached */ - PKCS7_set_detached(p7, 1); + /* Finalize structure */ + if (PKCS7_dataFinal(p7, p7bio) <= 0) + goto err; + + r = 1; - /* Finalize signatures */ - PKCS7_dataFinal(p7, p7bio); + err: /* Now remove any digests prepended to the BIO */ @@ -269,454 +112,17 @@ static int pkcs7_output_data(BIO *out, BIO *data, PKCS7 *p7, int flags) } -/* SMIME reader: handle multipart/signed and opaque signing. - * in multipart case the content is placed in a memory BIO - * pointed to by "bcont". In opaque this is set to NULL - */ - -PKCS7 *SMIME_read_PKCS7(BIO *bio, BIO **bcont) -{ - BIO *p7in; - STACK_OF(MIME_HEADER) *headers = NULL; - STACK_OF(BIO) *parts = NULL; - MIME_HEADER *hdr; - MIME_PARAM *prm; - PKCS7 *p7; - int ret; - - if(bcont) *bcont = NULL; - - if (!(headers = mime_parse_hdr(bio))) { - PKCS7err(PKCS7_F_SMIME_READ_PKCS7,PKCS7_R_MIME_PARSE_ERROR); - return NULL; - } - - if(!(hdr = mime_hdr_find(headers, "content-type")) || !hdr->value) { - sk_MIME_HEADER_pop_free(headers, mime_hdr_free); - PKCS7err(PKCS7_F_SMIME_READ_PKCS7, PKCS7_R_NO_CONTENT_TYPE); - return NULL; - } - - /* Handle multipart/signed */ - - if(!strcmp(hdr->value, "multipart/signed")) { - /* Split into two parts */ - prm = mime_param_find(hdr, "boundary"); - if(!prm || !prm->param_value) { - sk_MIME_HEADER_pop_free(headers, mime_hdr_free); - PKCS7err(PKCS7_F_SMIME_READ_PKCS7, PKCS7_R_NO_MULTIPART_BOUNDARY); - return NULL; - } - ret = multi_split(bio, prm->param_value, &parts); - sk_MIME_HEADER_pop_free(headers, mime_hdr_free); - if(!ret || (sk_BIO_num(parts) != 2) ) { - PKCS7err(PKCS7_F_SMIME_READ_PKCS7, PKCS7_R_NO_MULTIPART_BODY_FAILURE); - sk_BIO_pop_free(parts, BIO_vfree); - return NULL; - } - - /* Parse the signature piece */ - p7in = sk_BIO_value(parts, 1); - - if (!(headers = mime_parse_hdr(p7in))) { - PKCS7err(PKCS7_F_SMIME_READ_PKCS7,PKCS7_R_MIME_SIG_PARSE_ERROR); - sk_BIO_pop_free(parts, BIO_vfree); - return NULL; - } - - /* Get content type */ - - if(!(hdr = mime_hdr_find(headers, "content-type")) || - !hdr->value) { - sk_MIME_HEADER_pop_free(headers, mime_hdr_free); - PKCS7err(PKCS7_F_SMIME_READ_PKCS7, PKCS7_R_NO_SIG_CONTENT_TYPE); - return NULL; - } - - if(strcmp(hdr->value, "application/x-pkcs7-signature") && - strcmp(hdr->value, "application/pkcs7-signature")) { - sk_MIME_HEADER_pop_free(headers, mime_hdr_free); - PKCS7err(PKCS7_F_SMIME_READ_PKCS7,PKCS7_R_SIG_INVALID_MIME_TYPE); - ERR_add_error_data(2, "type: ", hdr->value); - sk_BIO_pop_free(parts, BIO_vfree); - return NULL; - } - sk_MIME_HEADER_pop_free(headers, mime_hdr_free); - /* Read in PKCS#7 */ - if(!(p7 = B64_read_PKCS7(p7in))) { - PKCS7err(PKCS7_F_SMIME_READ_PKCS7,PKCS7_R_PKCS7_SIG_PARSE_ERROR); - sk_BIO_pop_free(parts, BIO_vfree); - return NULL; - } - - if(bcont) { - *bcont = sk_BIO_value(parts, 0); - BIO_free(p7in); - sk_BIO_free(parts); - } else sk_BIO_pop_free(parts, BIO_vfree); - return p7; - } - - /* OK, if not multipart/signed try opaque signature */ - - if (strcmp (hdr->value, "application/x-pkcs7-mime") && - strcmp (hdr->value, "application/pkcs7-mime")) { - PKCS7err(PKCS7_F_SMIME_READ_PKCS7,PKCS7_R_INVALID_MIME_TYPE); - ERR_add_error_data(2, "type: ", hdr->value); - sk_MIME_HEADER_pop_free(headers, mime_hdr_free); - return NULL; - } - - sk_MIME_HEADER_pop_free(headers, mime_hdr_free); - - if(!(p7 = B64_read_PKCS7(bio))) { - PKCS7err(PKCS7_F_SMIME_READ_PKCS7, PKCS7_R_PKCS7_PARSE_ERROR); - return NULL; - } - return p7; - -} - -/* Split a multipart/XXX message body into component parts: result is - * canonical parts in a STACK of bios - */ - -static int multi_split(BIO *bio, char *bound, STACK_OF(BIO) **ret) -{ - char linebuf[MAX_SMLEN]; - int len, blen; - int eol = 0, next_eol = 0; - BIO *bpart = NULL; - STACK_OF(BIO) *parts; - char state, part, first; - - blen = strlen(bound); - part = 0; - state = 0; - first = 1; - parts = sk_BIO_new_null(); - *ret = parts; - while ((len = BIO_gets(bio, linebuf, MAX_SMLEN)) > 0) { - state = mime_bound_check(linebuf, len, bound, blen); - if(state == 1) { - first = 1; - part++; - } else if(state == 2) { - sk_BIO_push(parts, bpart); - return 1; - } else if(part) { - /* Strip CR+LF from linebuf */ - next_eol = strip_eol(linebuf, &len); - if(first) { - first = 0; - if(bpart) sk_BIO_push(parts, bpart); - bpart = BIO_new(BIO_s_mem()); - BIO_set_mem_eof_return(bpart, 0); - } else if (eol) - BIO_write(bpart, "\r\n", 2); - eol = next_eol; - if (len) - BIO_write(bpart, linebuf, len); - } - } - return 0; -} - -/* This is the big one: parse MIME header lines up to message body */ - -#define MIME_INVALID 0 -#define MIME_START 1 -#define MIME_TYPE 2 -#define MIME_NAME 3 -#define MIME_VALUE 4 -#define MIME_QUOTE 5 -#define MIME_COMMENT 6 - - -static STACK_OF(MIME_HEADER) *mime_parse_hdr(BIO *bio) -{ - char *p, *q, c; - char *ntmp; - char linebuf[MAX_SMLEN]; - MIME_HEADER *mhdr = NULL; - STACK_OF(MIME_HEADER) *headers; - int len, state, save_state = 0; - - headers = sk_MIME_HEADER_new(mime_hdr_cmp); - while ((len = BIO_gets(bio, linebuf, MAX_SMLEN)) > 0) { - /* If whitespace at line start then continuation line */ - if(mhdr && isspace((unsigned char)linebuf[0])) state = MIME_NAME; - else state = MIME_START; - ntmp = NULL; - /* Go through all characters */ - for(p = linebuf, q = linebuf; (c = *p) && (c!='\r') && (c!='\n'); p++) { - - /* State machine to handle MIME headers - * if this looks horrible that's because it *is* - */ - - switch(state) { - case MIME_START: - if(c == ':') { - state = MIME_TYPE; - *p = 0; - ntmp = strip_ends(q); - q = p + 1; - } - break; - - case MIME_TYPE: - if(c == ';') { - mime_debug("Found End Value\n"); - *p = 0; - mhdr = mime_hdr_new(ntmp, strip_ends(q)); - sk_MIME_HEADER_push(headers, mhdr); - ntmp = NULL; - q = p + 1; - state = MIME_NAME; - } else if(c == '(') { - save_state = state; - state = MIME_COMMENT; - } - break; - - case MIME_COMMENT: - if(c == ')') { - state = save_state; - } - break; - - case MIME_NAME: - if(c == '=') { - state = MIME_VALUE; - *p = 0; - ntmp = strip_ends(q); - q = p + 1; - } - break ; - - case MIME_VALUE: - if(c == ';') { - state = MIME_NAME; - *p = 0; - mime_hdr_addparam(mhdr, ntmp, strip_ends(q)); - ntmp = NULL; - q = p + 1; - } else if (c == '"') { - mime_debug("Found Quote\n"); - state = MIME_QUOTE; - } else if(c == '(') { - save_state = state; - state = MIME_COMMENT; - } - break; - - case MIME_QUOTE: - if(c == '"') { - mime_debug("Found Match Quote\n"); - state = MIME_VALUE; - } - break; - } - } - - if(state == MIME_TYPE) { - mhdr = mime_hdr_new(ntmp, strip_ends(q)); - sk_MIME_HEADER_push(headers, mhdr); - } else if(state == MIME_VALUE) - mime_hdr_addparam(mhdr, ntmp, strip_ends(q)); - if(p == linebuf) break; /* Blank line means end of headers */ -} - -return headers; - -} - -static char *strip_ends(char *name) -{ - return strip_end(strip_start(name)); -} - -/* Strip a parameter of whitespace from start of param */ -static char *strip_start(char *name) -{ - char *p, c; - /* Look for first non white space or quote */ - for(p = name; (c = *p) ;p++) { - if(c == '"') { - /* Next char is start of string if non null */ - if(p[1]) return p + 1; - /* Else null string */ - return NULL; - } - if(!isspace((unsigned char)c)) return p; - } - return NULL; -} - -/* As above but strip from end of string : maybe should handle brackets? */ -static char *strip_end(char *name) -{ - char *p, c; - if(!name) return NULL; - /* Look for first non white space or quote */ - for(p = name + strlen(name) - 1; p >= name ;p--) { - c = *p; - if(c == '"') { - if(p - 1 == name) return NULL; - *p = 0; - return name; - } - if(isspace((unsigned char)c)) *p = 0; - else return name; - } - return NULL; -} - -static MIME_HEADER *mime_hdr_new(char *name, char *value) -{ - MIME_HEADER *mhdr; - char *tmpname, *tmpval, *p; - int c; - if(name) { - if(!(tmpname = BUF_strdup(name))) return NULL; - for(p = tmpname ; *p; p++) { - c = *p; - if(isupper(c)) { - c = tolower(c); - *p = c; - } - } - } else tmpname = NULL; - if(value) { - if(!(tmpval = BUF_strdup(value))) return NULL; - for(p = tmpval ; *p; p++) { - c = *p; - if(isupper(c)) { - c = tolower(c); - *p = c; - } - } - } else tmpval = NULL; - mhdr = (MIME_HEADER *) OPENSSL_malloc(sizeof(MIME_HEADER)); - if(!mhdr) return NULL; - mhdr->name = tmpname; - mhdr->value = tmpval; - if(!(mhdr->params = sk_MIME_PARAM_new(mime_param_cmp))) return NULL; - return mhdr; -} - -static int mime_hdr_addparam(MIME_HEADER *mhdr, char *name, char *value) -{ - char *tmpname, *tmpval, *p; - int c; - MIME_PARAM *mparam; - if(name) { - tmpname = BUF_strdup(name); - if(!tmpname) return 0; - for(p = tmpname ; *p; p++) { - c = *p; - if(isupper(c)) { - c = tolower(c); - *p = c; - } - } - } else tmpname = NULL; - if(value) { - tmpval = BUF_strdup(value); - if(!tmpval) return 0; - } else tmpval = NULL; - /* Parameter values are case sensitive so leave as is */ - mparam = (MIME_PARAM *) OPENSSL_malloc(sizeof(MIME_PARAM)); - if(!mparam) return 0; - mparam->param_name = tmpname; - mparam->param_value = tmpval; - sk_MIME_PARAM_push(mhdr->params, mparam); - return 1; -} - -static int mime_hdr_cmp(const MIME_HEADER * const *a, - const MIME_HEADER * const *b) -{ - return(strcmp((*a)->name, (*b)->name)); -} - -static int mime_param_cmp(const MIME_PARAM * const *a, - const MIME_PARAM * const *b) -{ - return(strcmp((*a)->param_name, (*b)->param_name)); -} - -/* Find a header with a given name (if possible) */ - -static MIME_HEADER *mime_hdr_find(STACK_OF(MIME_HEADER) *hdrs, char *name) -{ - MIME_HEADER htmp; - int idx; - htmp.name = name; - idx = sk_MIME_HEADER_find(hdrs, &htmp); - if(idx < 0) return NULL; - return sk_MIME_HEADER_value(hdrs, idx); -} - -static MIME_PARAM *mime_param_find(MIME_HEADER *hdr, char *name) -{ - MIME_PARAM param; - int idx; - param.param_name = name; - idx = sk_MIME_PARAM_find(hdr->params, ¶m); - if(idx < 0) return NULL; - return sk_MIME_PARAM_value(hdr->params, idx); -} - -static void mime_hdr_free(MIME_HEADER *hdr) -{ - if(hdr->name) OPENSSL_free(hdr->name); - if(hdr->value) OPENSSL_free(hdr->value); - if(hdr->params) sk_MIME_PARAM_pop_free(hdr->params, mime_param_free); - OPENSSL_free(hdr); -} - -static void mime_param_free(MIME_PARAM *param) -{ - if(param->param_name) OPENSSL_free(param->param_name); - if(param->param_value) OPENSSL_free(param->param_value); - OPENSSL_free(param); -} - -/* Check for a multipart boundary. Returns: - * 0 : no boundary - * 1 : part boundary - * 2 : final boundary - */ -static int mime_bound_check(char *line, int linelen, char *bound, int blen) -{ - if(linelen == -1) linelen = strlen(line); - if(blen == -1) blen = strlen(bound); - /* Quickly eliminate if line length too short */ - if(blen + 2 > linelen) return 0; - /* Check for part boundary */ - if(!strncmp(line, "--", 2) && !strncmp(line + 2, bound, blen)) { - if(!strncmp(line + blen + 2, "--", 2)) return 2; - else return 1; - } - return 0; -} - -static int strip_eol(char *linebuf, int *plen) +int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags) { - int len = *plen; - char *p, c; - int is_eol = 0; - p = linebuf + len - 1; - for (p = linebuf + len - 1; len > 0; len--, p--) - { - c = *p; - if (c == '\n') - is_eol = 1; - else if (c != '\r') - break; - } - *plen = len; - return is_eol; + STACK_OF(X509_ALGOR) *mdalgs; + int ctype_nid = OBJ_obj2nid(p7->type); + if (ctype_nid == NID_pkcs7_signed) + mdalgs = p7->d.sign->md_algs; + else + mdalgs = NULL; + + return int_smime_write_ASN1(bio, (ASN1_VALUE *)p7, data, flags, + ctype_nid, NID_undef, mdalgs, + pk7_output_data, + ASN1_ITEM_rptr(PKCS7)); } diff --git a/crypto/openssl/crypto/pqueue/pqueue.c b/crypto/openssl/crypto/pqueue/pqueue.c index 5cc18527f8..6c89f06fb1 100644 --- a/crypto/openssl/crypto/pqueue/pqueue.c +++ b/crypto/openssl/crypto/pqueue/pqueue.c @@ -234,3 +234,17 @@ pqueue_next(pitem **item) return ret; } + +int +pqueue_size(pqueue_s *pq) +{ + pitem *item = pq->items; + int count = 0; + + while(item != NULL) + { + count++; + item = item->next; + } + return count; +} diff --git a/crypto/openssl/crypto/pqueue/pqueue.h b/crypto/openssl/crypto/pqueue/pqueue.h index 02386d130e..16c4072681 100644 --- a/crypto/openssl/crypto/pqueue/pqueue.h +++ b/crypto/openssl/crypto/pqueue/pqueue.h @@ -91,5 +91,6 @@ pitem *pqueue_iterator(pqueue pq); pitem *pqueue_next(piterator *iter); void pqueue_print(pqueue pq); +int pqueue_size(pqueue pq); #endif /* ! HEADER_PQUEUE_H */ diff --git a/crypto/openssl/crypto/rand/randfile.c b/crypto/openssl/crypto/rand/randfile.c index d108353bbc..84276d7d46 100644 --- a/crypto/openssl/crypto/rand/randfile.c +++ b/crypto/openssl/crypto/rand/randfile.c @@ -117,6 +117,15 @@ int RAND_load_file(const char *file, long bytes) if (file == NULL) return(0); +#ifdef PURIFY + /* struct stat can have padding and unused fields that may not be + * initialized in the call to stat(). We need to clear the entire + * structure before calling RAND_add() to avoid complaints from + * applications such as Valgrind. + */ + memset(&sb, 0, sizeof(sb)); +#endif + if (stat(file,&sb) < 0) return(0); RAND_add(&sb,sizeof(sb),0.0); if (bytes == 0) return(ret); @@ -127,8 +136,8 @@ int RAND_load_file(const char *file, long bytes) in=fopen(file,"rb"); #endif if (in == NULL) goto err; -#if defined(S_IFBLK) && defined(S_IFCHR) - if (sb.st_mode & (S_IFBLK | S_IFCHR)) { +#if defined(S_ISBLK) && defined(S_ISCHR) + if (S_ISBLK(sb.st_mode) || S_ISCHR(sb.st_mode)) { /* this file is a device. we don't want read an infinite number * of bytes from a random device, nor do we want to use buffered * I/O because we will waste system entropy. @@ -174,8 +183,8 @@ int RAND_write_file(const char *file) i=stat(file,&sb); if (i != -1) { -#if defined(S_IFBLK) && defined(S_IFCHR) - if (sb.st_mode & (S_IFBLK | S_IFCHR)) { +#if defined(S_ISBLK) && defined(S_ISCHR) + if (S_ISBLK(sb.st_mode) || S_ISCHR(sb.st_mode)) { /* this file is a device. we don't write back to it. * we "succeed" on the assumption this is some sort * of random device. Otherwise attempting to write to diff --git a/crypto/openssl/crypto/rsa/rsa_eng.c b/crypto/openssl/crypto/rsa/rsa_eng.c index 383a7045b2..2f21ddbe74 100644 --- a/crypto/openssl/crypto/rsa/rsa_eng.c +++ b/crypto/openssl/crypto/rsa/rsa_eng.c @@ -207,8 +207,17 @@ RSA *RSA_new_method(ENGINE *engine) ret->blinding=NULL; ret->mt_blinding=NULL; ret->bignum_data=NULL; - ret->flags=ret->meth->flags; - CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data); + ret->flags=ret->meth->flags & ~RSA_FLAG_NON_FIPS_ALLOW; + if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data)) + { +#ifndef OPENSSL_NO_ENGINE + if (ret->engine) + ENGINE_finish(ret->engine); +#endif + OPENSSL_free(ret); + return(NULL); + } + if ((ret->meth->init != NULL) && !ret->meth->init(ret)) { #ifndef OPENSSL_NO_ENGINE diff --git a/crypto/openssl/crypto/rsa/rsa_oaep.c b/crypto/openssl/crypto/rsa/rsa_oaep.c index 4d30c9d2d3..546ae5fcb2 100644 --- a/crypto/openssl/crypto/rsa/rsa_oaep.c +++ b/crypto/openssl/crypto/rsa/rsa_oaep.c @@ -52,13 +52,6 @@ int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen, return 0; } - dbmask = OPENSSL_malloc(emlen - SHA_DIGEST_LENGTH); - if (dbmask == NULL) - { - RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, ERR_R_MALLOC_FAILURE); - return 0; - } - to[0] = 0; seed = to + 1; db = to + SHA_DIGEST_LENGTH + 1; @@ -76,6 +69,13 @@ int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen, 20); #endif + dbmask = OPENSSL_malloc(emlen - SHA_DIGEST_LENGTH); + if (dbmask == NULL) + { + RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, ERR_R_MALLOC_FAILURE); + return 0; + } + MGF1(dbmask, emlen - SHA_DIGEST_LENGTH, seed, SHA_DIGEST_LENGTH); for (i = 0; i < emlen - SHA_DIGEST_LENGTH; i++) db[i] ^= dbmask[i]; diff --git a/crypto/openssl/crypto/rsa/rsa_pss.c b/crypto/openssl/crypto/rsa/rsa_pss.c index 9b993aca49..2bda491a09 100644 --- a/crypto/openssl/crypto/rsa/rsa_pss.c +++ b/crypto/openssl/crypto/rsa/rsa_pss.c @@ -217,7 +217,7 @@ int RSA_padding_add_PKCS1_PSS(RSA *rsa, unsigned char *EM, ERR_R_MALLOC_FAILURE); goto err; } - if (!RAND_bytes(salt, sLen)) + if (RAND_bytes(salt, sLen) <= 0) goto err; } maskedDBLen = emLen - hLen - 1; diff --git a/crypto/openssl/crypto/rsa/rsa_sign.c b/crypto/openssl/crypto/rsa/rsa_sign.c index 5488c06f6d..743dfd7650 100644 --- a/crypto/openssl/crypto/rsa/rsa_sign.c +++ b/crypto/openssl/crypto/rsa/rsa_sign.c @@ -137,7 +137,12 @@ int RSA_sign(int type, const unsigned char *m, unsigned int m_len, i2d_X509_SIG(&sig,&p); s=tmps; } +#ifdef OPENSSL_FIPS + /* Bypass algorithm blocking: this is allowed if we get this far */ + i=rsa->meth->rsa_priv_enc(i,s,sigret,rsa,RSA_PKCS1_PADDING); +#else i=RSA_private_encrypt(i,s,sigret,rsa,RSA_PKCS1_PADDING); +#endif if (i <= 0) ret=0; else @@ -190,8 +195,11 @@ int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len, RSAerr(RSA_F_RSA_VERIFY, RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE); return 0; } -#endif + /* Bypass algorithm blocking: this is allowed */ + i=rsa->meth->rsa_pub_dec((int)siglen,sigbuf,s,rsa,RSA_PKCS1_PADDING); +#else i=RSA_public_decrypt((int)siglen,sigbuf,s,rsa,RSA_PKCS1_PADDING); +#endif if (i <= 0) goto err; diff --git a/crypto/openssl/crypto/sha/sha512.c b/crypto/openssl/crypto/sha/sha512.c index f5ed468b85..9e91bcad04 100644 --- a/crypto/openssl/crypto/sha/sha512.c +++ b/crypto/openssl/crypto/sha/sha512.c @@ -544,4 +544,13 @@ static void sha512_block_data_order (SHA512_CTX *ctx, const void *in, size_t num #endif /* SHA512_ASM */ +#else /* OPENSSL_NO_SHA512 */ + +/* Sensitive compilers ("Compaq C V6.4-005 on OpenVMS VAX V7.3", for + * example) dislike a statement-free file, complaining: + * "%CC-W-EMPTYFILE, Source file does not contain any declarations." + */ + +int sha512_dummy(); + #endif /* OPENSSL_NO_SHA512 */ diff --git a/crypto/openssl/crypto/stack/safestack.h b/crypto/openssl/crypto/stack/safestack.h index 5e482a2ef7..78cc485e6d 100644 --- a/crypto/openssl/crypto/stack/safestack.h +++ b/crypto/openssl/crypto/stack/safestack.h @@ -678,28 +678,6 @@ STACK_OF(type) \ #define sk_ENGINE_CLEANUP_ITEM_sort(st) SKM_sk_sort(ENGINE_CLEANUP_ITEM, (st)) #define sk_ENGINE_CLEANUP_ITEM_is_sorted(st) SKM_sk_is_sorted(ENGINE_CLEANUP_ITEM, (st)) -#define sk_EVP_PKEY_ASN1_METHOD_new(st) SKM_sk_new(EVP_PKEY_ASN1_METHOD, (st)) -#define sk_EVP_PKEY_ASN1_METHOD_new_null() SKM_sk_new_null(EVP_PKEY_ASN1_METHOD) -#define sk_EVP_PKEY_ASN1_METHOD_free(st) SKM_sk_free(EVP_PKEY_ASN1_METHOD, (st)) -#define sk_EVP_PKEY_ASN1_METHOD_num(st) SKM_sk_num(EVP_PKEY_ASN1_METHOD, (st)) -#define sk_EVP_PKEY_ASN1_METHOD_value(st, i) SKM_sk_value(EVP_PKEY_ASN1_METHOD, (st), (i)) -#define sk_EVP_PKEY_ASN1_METHOD_set(st, i, val) SKM_sk_set(EVP_PKEY_ASN1_METHOD, (st), (i), (val)) -#define sk_EVP_PKEY_ASN1_METHOD_zero(st) SKM_sk_zero(EVP_PKEY_ASN1_METHOD, (st)) -#define sk_EVP_PKEY_ASN1_METHOD_push(st, val) SKM_sk_push(EVP_PKEY_ASN1_METHOD, (st), (val)) -#define sk_EVP_PKEY_ASN1_METHOD_unshift(st, val) SKM_sk_unshift(EVP_PKEY_ASN1_METHOD, (st), (val)) -#define sk_EVP_PKEY_ASN1_METHOD_find(st, val) SKM_sk_find(EVP_PKEY_ASN1_METHOD, (st), (val)) -#define sk_EVP_PKEY_ASN1_METHOD_find_ex(st, val) SKM_sk_find_ex(EVP_PKEY_ASN1_METHOD, (st), (val)) -#define sk_EVP_PKEY_ASN1_METHOD_delete(st, i) SKM_sk_delete(EVP_PKEY_ASN1_METHOD, (st), (i)) -#define sk_EVP_PKEY_ASN1_METHOD_delete_ptr(st, ptr) SKM_sk_delete_ptr(EVP_PKEY_ASN1_METHOD, (st), (ptr)) -#define sk_EVP_PKEY_ASN1_METHOD_insert(st, val, i) SKM_sk_insert(EVP_PKEY_ASN1_METHOD, (st), (val), (i)) -#define sk_EVP_PKEY_ASN1_METHOD_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(EVP_PKEY_ASN1_METHOD, (st), (cmp)) -#define sk_EVP_PKEY_ASN1_METHOD_dup(st) SKM_sk_dup(EVP_PKEY_ASN1_METHOD, st) -#define sk_EVP_PKEY_ASN1_METHOD_pop_free(st, free_func) SKM_sk_pop_free(EVP_PKEY_ASN1_METHOD, (st), (free_func)) -#define sk_EVP_PKEY_ASN1_METHOD_shift(st) SKM_sk_shift(EVP_PKEY_ASN1_METHOD, (st)) -#define sk_EVP_PKEY_ASN1_METHOD_pop(st) SKM_sk_pop(EVP_PKEY_ASN1_METHOD, (st)) -#define sk_EVP_PKEY_ASN1_METHOD_sort(st) SKM_sk_sort(EVP_PKEY_ASN1_METHOD, (st)) -#define sk_EVP_PKEY_ASN1_METHOD_is_sorted(st) SKM_sk_is_sorted(EVP_PKEY_ASN1_METHOD, (st)) - #define sk_GENERAL_NAME_new(st) SKM_sk_new(GENERAL_NAME, (st)) #define sk_GENERAL_NAME_new_null() SKM_sk_new_null(GENERAL_NAME) #define sk_GENERAL_NAME_free(st) SKM_sk_free(GENERAL_NAME, (st)) @@ -1008,50 +986,6 @@ STACK_OF(type) \ #define sk_MIME_HEADER_sort(st) SKM_sk_sort(MIME_HEADER, (st)) #define sk_MIME_HEADER_is_sorted(st) SKM_sk_is_sorted(MIME_HEADER, (st)) -#define sk_MIME_HEADER_new(st) SKM_sk_new(MIME_HEADER, (st)) -#define sk_MIME_HEADER_new_null() SKM_sk_new_null(MIME_HEADER) -#define sk_MIME_HEADER_free(st) SKM_sk_free(MIME_HEADER, (st)) -#define sk_MIME_HEADER_num(st) SKM_sk_num(MIME_HEADER, (st)) -#define sk_MIME_HEADER_value(st, i) SKM_sk_value(MIME_HEADER, (st), (i)) -#define sk_MIME_HEADER_set(st, i, val) SKM_sk_set(MIME_HEADER, (st), (i), (val)) -#define sk_MIME_HEADER_zero(st) SKM_sk_zero(MIME_HEADER, (st)) -#define sk_MIME_HEADER_push(st, val) SKM_sk_push(MIME_HEADER, (st), (val)) -#define sk_MIME_HEADER_unshift(st, val) SKM_sk_unshift(MIME_HEADER, (st), (val)) -#define sk_MIME_HEADER_find(st, val) SKM_sk_find(MIME_HEADER, (st), (val)) -#define sk_MIME_HEADER_find_ex(st, val) SKM_sk_find_ex(MIME_HEADER, (st), (val)) -#define sk_MIME_HEADER_delete(st, i) SKM_sk_delete(MIME_HEADER, (st), (i)) -#define sk_MIME_HEADER_delete_ptr(st, ptr) SKM_sk_delete_ptr(MIME_HEADER, (st), (ptr)) -#define sk_MIME_HEADER_insert(st, val, i) SKM_sk_insert(MIME_HEADER, (st), (val), (i)) -#define sk_MIME_HEADER_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(MIME_HEADER, (st), (cmp)) -#define sk_MIME_HEADER_dup(st) SKM_sk_dup(MIME_HEADER, st) -#define sk_MIME_HEADER_pop_free(st, free_func) SKM_sk_pop_free(MIME_HEADER, (st), (free_func)) -#define sk_MIME_HEADER_shift(st) SKM_sk_shift(MIME_HEADER, (st)) -#define sk_MIME_HEADER_pop(st) SKM_sk_pop(MIME_HEADER, (st)) -#define sk_MIME_HEADER_sort(st) SKM_sk_sort(MIME_HEADER, (st)) -#define sk_MIME_HEADER_is_sorted(st) SKM_sk_is_sorted(MIME_HEADER, (st)) - -#define sk_MIME_PARAM_new(st) SKM_sk_new(MIME_PARAM, (st)) -#define sk_MIME_PARAM_new_null() SKM_sk_new_null(MIME_PARAM) -#define sk_MIME_PARAM_free(st) SKM_sk_free(MIME_PARAM, (st)) -#define sk_MIME_PARAM_num(st) SKM_sk_num(MIME_PARAM, (st)) -#define sk_MIME_PARAM_value(st, i) SKM_sk_value(MIME_PARAM, (st), (i)) -#define sk_MIME_PARAM_set(st, i, val) SKM_sk_set(MIME_PARAM, (st), (i), (val)) -#define sk_MIME_PARAM_zero(st) SKM_sk_zero(MIME_PARAM, (st)) -#define sk_MIME_PARAM_push(st, val) SKM_sk_push(MIME_PARAM, (st), (val)) -#define sk_MIME_PARAM_unshift(st, val) SKM_sk_unshift(MIME_PARAM, (st), (val)) -#define sk_MIME_PARAM_find(st, val) SKM_sk_find(MIME_PARAM, (st), (val)) -#define sk_MIME_PARAM_find_ex(st, val) SKM_sk_find_ex(MIME_PARAM, (st), (val)) -#define sk_MIME_PARAM_delete(st, i) SKM_sk_delete(MIME_PARAM, (st), (i)) -#define sk_MIME_PARAM_delete_ptr(st, ptr) SKM_sk_delete_ptr(MIME_PARAM, (st), (ptr)) -#define sk_MIME_PARAM_insert(st, val, i) SKM_sk_insert(MIME_PARAM, (st), (val), (i)) -#define sk_MIME_PARAM_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(MIME_PARAM, (st), (cmp)) -#define sk_MIME_PARAM_dup(st) SKM_sk_dup(MIME_PARAM, st) -#define sk_MIME_PARAM_pop_free(st, free_func) SKM_sk_pop_free(MIME_PARAM, (st), (free_func)) -#define sk_MIME_PARAM_shift(st) SKM_sk_shift(MIME_PARAM, (st)) -#define sk_MIME_PARAM_pop(st) SKM_sk_pop(MIME_PARAM, (st)) -#define sk_MIME_PARAM_sort(st) SKM_sk_sort(MIME_PARAM, (st)) -#define sk_MIME_PARAM_is_sorted(st) SKM_sk_is_sorted(MIME_PARAM, (st)) - #define sk_MIME_PARAM_new(st) SKM_sk_new(MIME_PARAM, (st)) #define sk_MIME_PARAM_new_null() SKM_sk_new_null(MIME_PARAM) #define sk_MIME_PARAM_free(st) SKM_sk_free(MIME_PARAM, (st)) diff --git a/crypto/openssl/crypto/symhacks.h b/crypto/openssl/crypto/symhacks.h index 8728e6124d..0114093c1e 100644 --- a/crypto/openssl/crypto/symhacks.h +++ b/crypto/openssl/crypto/symhacks.h @@ -60,6 +60,11 @@ /* Hacks to solve the problem with linkers incapable of handling very long symbol names. In the case of VMS, the limit is 31 characters on VMS for VAX. */ +/* Note that this affects util/libeay.num and util/ssleay.num... you may + change those manually, but that's not recommended, as those files are + controlled centrally and updated on Unix, and the central definition + may disagree with yours, which in turn may come with shareable library + incompatibilities. */ #ifdef OPENSSL_SYS_VMS /* Hack a long name in crypto/cryptlib.c */ @@ -137,6 +142,8 @@ #define X509_policy_node_get0_qualifiers X509_pcy_node_get0_qualifiers #undef X509_STORE_CTX_get_explicit_policy #define X509_STORE_CTX_get_explicit_policy X509_STORE_CTX_get_expl_policy +#undef X509_STORE_CTX_get0_current_issuer +#define X509_STORE_CTX_get0_current_issuer X509_STORE_CTX_get0_cur_issuer /* Hack some long CRYPTO names */ #undef CRYPTO_set_dynlock_destroy_callback @@ -174,6 +181,15 @@ #undef SSL_COMP_get_compression_methods #define SSL_COMP_get_compression_methods SSL_COMP_get_compress_methods +#undef ssl_add_clienthello_renegotiate_ext +#define ssl_add_clienthello_renegotiate_ext ssl_add_clienthello_reneg_ext +#undef ssl_add_serverhello_renegotiate_ext +#define ssl_add_serverhello_renegotiate_ext ssl_add_serverhello_reneg_ext +#undef ssl_parse_clienthello_renegotiate_ext +#define ssl_parse_clienthello_renegotiate_ext ssl_parse_clienthello_reneg_ext +#undef ssl_parse_serverhello_renegotiate_ext +#define ssl_parse_serverhello_renegotiate_ext ssl_parse_serverhello_reneg_ext + /* Hack some long ENGINE names */ #undef ENGINE_get_default_BN_mod_exp_crt #define ENGINE_get_default_BN_mod_exp_crt ENGINE_get_def_BN_mod_exp_crt @@ -365,6 +381,10 @@ #undef cms_SignerIdentifier_get0_signer_id #define cms_SignerIdentifier_get0_signer_id cms_SignerId_get0_signer_id +/* Hack some long DTLS1 names */ +#undef dtls1_retransmit_buffered_messages +#define dtls1_retransmit_buffered_messages dtls1_retransmit_buffered_msgs + #endif /* defined OPENSSL_SYS_VMS */ diff --git a/crypto/openssl/crypto/ui/ui_openssl.c b/crypto/openssl/crypto/ui/ui_openssl.c index ef930bf247..06270f09cd 100644 --- a/crypto/openssl/crypto/ui/ui_openssl.c +++ b/crypto/openssl/crypto/ui/ui_openssl.c @@ -297,7 +297,7 @@ static int is_a_tty; /* Declare static functions */ #if !defined(OPENSSL_SYS_WIN16) && !defined(OPENSSL_SYS_WINCE) -static void read_till_nl(FILE *); +static int read_till_nl(FILE *); static void recsig(int); static void pushsig(void); static void popsig(void); @@ -390,14 +390,16 @@ static int read_string(UI *ui, UI_STRING *uis) #if !defined(OPENSSL_SYS_WIN16) && !defined(OPENSSL_SYS_WINCE) /* Internal functions to read a string without echoing */ -static void read_till_nl(FILE *in) +static int read_till_nl(FILE *in) { #define SIZE 4 char buf[SIZE+1]; do { - fgets(buf,SIZE,in); + if (!fgets(buf,SIZE,in)) + return 0; } while (strchr(buf,'\n') == NULL); + return 1; } static volatile sig_atomic_t intr_signal; @@ -445,7 +447,8 @@ static int read_string_inner(UI *ui, UI_STRING *uis, int echo, int strip_nl) *p='\0'; } else - read_till_nl(tty_in); + if (!read_till_nl(tty_in)) + goto error; if (UI_set_result(ui, uis, result) >= 0) ok=1; diff --git a/crypto/openssl/crypto/x509/by_dir.c b/crypto/openssl/crypto/x509/by_dir.c index 341e0ba6a4..b3acd80f25 100644 --- a/crypto/openssl/crypto/x509/by_dir.c +++ b/crypto/openssl/crypto/x509/by_dir.c @@ -360,11 +360,11 @@ static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name, /* we have added it to the cache so now pull * it out again */ - CRYPTO_r_lock(CRYPTO_LOCK_X509_STORE); + CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); j = sk_X509_OBJECT_find(xl->store_ctx->objs,&stmp); if(j != -1) tmp=sk_X509_OBJECT_value(xl->store_ctx->objs,j); else tmp = NULL; - CRYPTO_r_unlock(CRYPTO_LOCK_X509_STORE); + CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); if (tmp != NULL) { @@ -383,4 +383,3 @@ finish: if (b != NULL) BUF_MEM_free(b); return(ok); } - diff --git a/crypto/openssl/crypto/x509/x509.h b/crypto/openssl/crypto/x509/x509.h index e71b5257e5..8958e34e9c 100644 --- a/crypto/openssl/crypto/x509/x509.h +++ b/crypto/openssl/crypto/x509/x509.h @@ -116,6 +116,7 @@ extern "C" { /* Under Win32 these are defined in wincrypt.h */ #undef X509_NAME #undef X509_CERT_PAIR +#undef X509_EXTENSIONS #endif #define X509_FILETYPE_PEM 1 diff --git a/crypto/openssl/crypto/x509/x509_lu.c b/crypto/openssl/crypto/x509/x509_lu.c index cd2cfb6d85..b486171868 100644 --- a/crypto/openssl/crypto/x509/x509_lu.c +++ b/crypto/openssl/crypto/x509/x509_lu.c @@ -198,7 +198,13 @@ X509_STORE *X509_STORE_new(void) ret->cert_crl = 0; ret->cleanup = 0; - CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE, ret, &ret->ex_data); + if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE, ret, &ret->ex_data)) + { + sk_X509_OBJECT_free(ret->objs); + OPENSSL_free(ret); + return NULL; + } + ret->references=1; return ret; } @@ -286,7 +292,9 @@ int X509_STORE_get_by_subject(X509_STORE_CTX *vs, int type, X509_NAME *name, X509_OBJECT stmp,*tmp; int i,j; + CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); tmp=X509_OBJECT_retrieve_by_subject(ctx->objs,type,name); + CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); if (tmp == NULL) { @@ -340,7 +348,6 @@ int X509_STORE_add_cert(X509_STORE *ctx, X509 *x) X509_OBJECT_up_ref_count(obj); - if (X509_OBJECT_retrieve_match(ctx->objs, obj)) { X509_OBJECT_free_contents(obj); @@ -446,15 +453,15 @@ int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, int type, X509_OBJECT *X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT) *h, int type, X509_NAME *name) -{ + { int idx; idx = X509_OBJECT_idx_by_subject(h, type, name); if (idx==-1) return NULL; return sk_X509_OBJECT_value(h, idx); -} + } X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h, X509_OBJECT *x) -{ + { int idx, i; X509_OBJECT *obj; idx = sk_X509_OBJECT_find(h, x); @@ -469,13 +476,13 @@ X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h, X509_OBJECT *x return obj; } return NULL; -} + } /* Try to get issuer certificate from store. Due to limitations * of the API this can only retrieve a single certificate matching * a given subject name. However it will fill the cache with all - * matching certificates, so we can examine the cache for all + * matching certificates, so we can examine the cache for all * matches. * * Return values are: @@ -483,13 +490,11 @@ X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h, X509_OBJECT *x * 0 certificate not found. * -1 some other error. */ - - int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x) -{ + { X509_NAME *xn; X509_OBJECT obj, *pobj; - int i, ok, idx; + int i, ok, idx, ret; xn=X509_get_issuer_name(x); ok=X509_STORE_get_by_subject(ctx,X509_LU_X509,xn,&obj); if (ok != X509_LU_X509) @@ -515,27 +520,34 @@ int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x) return 1; } X509_OBJECT_free_contents(&obj); - /* Else find index of first matching cert */ - idx = X509_OBJECT_idx_by_subject(ctx->ctx->objs, X509_LU_X509, xn); - /* This shouldn't normally happen since we already have one match */ - if (idx == -1) return 0; - /* Look through all matching certificates for a suitable issuer */ - for (i = idx; i < sk_X509_OBJECT_num(ctx->ctx->objs); i++) + /* Else find index of first cert accepted by 'check_issued' */ + ret = 0; + CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); + idx = X509_OBJECT_idx_by_subject(ctx->ctx->objs, X509_LU_X509, xn); + if (idx != -1) /* should be true as we've had at least one match */ { - pobj = sk_X509_OBJECT_value(ctx->ctx->objs, i); - /* See if we've ran out of matches */ - if (pobj->type != X509_LU_X509) return 0; - if (X509_NAME_cmp(xn, X509_get_subject_name(pobj->data.x509))) return 0; - if (ctx->check_issued(ctx, x, pobj->data.x509)) + /* Look through all matching certs for suitable issuer */ + for (i = idx; i < sk_X509_OBJECT_num(ctx->ctx->objs); i++) { - *issuer = pobj->data.x509; - X509_OBJECT_up_ref_count(pobj); - return 1; + pobj = sk_X509_OBJECT_value(ctx->ctx->objs, i); + /* See if we've run past the matches */ + if (pobj->type != X509_LU_X509) + break; + if (X509_NAME_cmp(xn, X509_get_subject_name(pobj->data.x509))) + break; + if (ctx->check_issued(ctx, x, pobj->data.x509)) + { + *issuer = pobj->data.x509; + X509_OBJECT_up_ref_count(pobj); + ret = 1; + break; + } } } - return 0; -} + CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); + return ret; + } int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags) { diff --git a/crypto/openssl/crypto/x509/x509_vfy.c b/crypto/openssl/crypto/x509/x509_vfy.c index 336c40ddd7..b85456e65b 100644 --- a/crypto/openssl/crypto/x509/x509_vfy.c +++ b/crypto/openssl/crypto/x509/x509_vfy.c @@ -986,7 +986,12 @@ static int internal_verify(X509_STORE_CTX *ctx) while (n >= 0) { ctx->error_depth=n; - if (!xs->valid) + + /* Skip signature check for self signed certificates unless + * explicitly asked for. It doesn't add any security and + * just wastes time. + */ + if (!xs->valid && (xs != xi || (ctx->param->flags & X509_V_FLAG_CHECK_SS_SIGNATURE))) { if ((pkey=X509_get_pubkey(xi)) == NULL) { @@ -996,13 +1001,6 @@ static int internal_verify(X509_STORE_CTX *ctx) if (!ok) goto end; } else if (X509_verify(xs,pkey) <= 0) - /* XXX For the final trusted self-signed cert, - * this is a waste of time. That check should - * optional so that e.g. 'openssl x509' can be - * used to detect invalid self-signatures, but - * we don't verify again and again in SSL - * handshakes and the like once the cert has - * been declared trusted. */ { ctx->error=X509_V_ERR_CERT_SIGNATURE_FAILURE; ctx->current_cert=xs; diff --git a/crypto/openssl/crypto/x509/x509_vfy.h b/crypto/openssl/crypto/x509/x509_vfy.h index 76c76e1719..86ae35f69d 100644 --- a/crypto/openssl/crypto/x509/x509_vfy.h +++ b/crypto/openssl/crypto/x509/x509_vfy.h @@ -363,6 +363,9 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth); /* Notify callback that policy is OK */ #define X509_V_FLAG_NOTIFY_POLICY 0x800 +/* Check selfsigned CA signature */ +#define X509_V_FLAG_CHECK_SS_SIGNATURE 0x4000 + #define X509_VP_FLAG_DEFAULT 0x1 #define X509_VP_FLAG_OVERWRITE 0x2 #define X509_VP_FLAG_RESET_FLAGS 0x4 diff --git a/crypto/openssl/crypto/x509/x509_vpm.c b/crypto/openssl/crypto/x509/x509_vpm.c index 2b06718aec..01c5541e2e 100644 --- a/crypto/openssl/crypto/x509/x509_vpm.c +++ b/crypto/openssl/crypto/x509/x509_vpm.c @@ -198,8 +198,12 @@ int X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *dest, int X509_VERIFY_PARAM_set1(X509_VERIFY_PARAM *to, const X509_VERIFY_PARAM *from) { + unsigned long save_flags = to->inh_flags; + int ret; to->inh_flags |= X509_VP_FLAG_DEFAULT; - return X509_VERIFY_PARAM_inherit(to, from); + ret = X509_VERIFY_PARAM_inherit(to, from); + to->inh_flags = save_flags; + return ret; } int X509_VERIFY_PARAM_set1_name(X509_VERIFY_PARAM *param, const char *name) diff --git a/crypto/openssl/crypto/x509v3/pcy_tree.c b/crypto/openssl/crypto/x509v3/pcy_tree.c index 6c87a7f506..89f84bfa18 100644 --- a/crypto/openssl/crypto/x509v3/pcy_tree.c +++ b/crypto/openssl/crypto/x509v3/pcy_tree.c @@ -160,7 +160,7 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs, tree->auth_policies = NULL; tree->user_policies = NULL; - if (!tree) + if (!tree->levels) { OPENSSL_free(tree); return 0; diff --git a/crypto/openssl/crypto/x509v3/v3_alt.c b/crypto/openssl/crypto/x509v3/v3_alt.c index 58b2952478..69244e4976 100644 --- a/crypto/openssl/crypto/x509v3/v3_alt.c +++ b/crypto/openssl/crypto/x509v3/v3_alt.c @@ -360,6 +360,7 @@ static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p) if (move_p) { X509_NAME_delete_entry(nm, i); + X509_NAME_ENTRY_free(ne); i--; } if(!email || !(gen = GENERAL_NAME_new())) { @@ -577,6 +578,8 @@ static int do_dirname(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx) if (!ret) X509_NAME_free(nm); gen->d.dirn = nm; + + X509V3_section_free(ctx, sk); return ret; } diff --git a/crypto/openssl/crypto/x509v3/v3_ocsp.c b/crypto/openssl/crypto/x509v3/v3_ocsp.c index e426ea930c..5c19cf4130 100644 --- a/crypto/openssl/crypto/x509v3/v3_ocsp.c +++ b/crypto/openssl/crypto/x509v3/v3_ocsp.c @@ -153,21 +153,21 @@ static int i2r_ocsp_crlid(X509V3_EXT_METHOD *method, void *in, BIO *bp, int ind) OCSP_CRLID *a = in; if (a->crlUrl) { - if (!BIO_printf(bp, "%*scrlUrl: ", ind, "")) goto err; + if (BIO_printf(bp, "%*scrlUrl: ", ind, "") <= 0) goto err; if (!ASN1_STRING_print(bp, (ASN1_STRING*)a->crlUrl)) goto err; - if (!BIO_write(bp, "\n", 1)) goto err; + if (BIO_write(bp, "\n", 1) <= 0) goto err; } if (a->crlNum) { - if (!BIO_printf(bp, "%*scrlNum: ", ind, "")) goto err; - if (!i2a_ASN1_INTEGER(bp, a->crlNum)) goto err; - if (!BIO_write(bp, "\n", 1)) goto err; + if (BIO_printf(bp, "%*scrlNum: ", ind, "") <= 0) goto err; + if (i2a_ASN1_INTEGER(bp, a->crlNum) <= 0) goto err; + if (BIO_write(bp, "\n", 1) <= 0) goto err; } if (a->crlTime) { - if (!BIO_printf(bp, "%*scrlTime: ", ind, "")) goto err; + if (BIO_printf(bp, "%*scrlTime: ", ind, "") <= 0) goto err; if (!ASN1_GENERALIZEDTIME_print(bp, a->crlTime)) goto err; - if (!BIO_write(bp, "\n", 1)) goto err; + if (BIO_write(bp, "\n", 1) <= 0) goto err; } return 1; err: @@ -176,7 +176,7 @@ static int i2r_ocsp_crlid(X509V3_EXT_METHOD *method, void *in, BIO *bp, int ind) static int i2r_ocsp_acutoff(X509V3_EXT_METHOD *method, void *cutoff, BIO *bp, int ind) { - if (!BIO_printf(bp, "%*s", ind, "")) return 0; + if (BIO_printf(bp, "%*s", ind, "") <= 0) return 0; if(!ASN1_GENERALIZEDTIME_print(bp, cutoff)) return 0; return 1; } @@ -184,8 +184,8 @@ static int i2r_ocsp_acutoff(X509V3_EXT_METHOD *method, void *cutoff, BIO *bp, in static int i2r_object(X509V3_EXT_METHOD *method, void *oid, BIO *bp, int ind) { - if (!BIO_printf(bp, "%*s", ind, "")) return 0; - if(!i2a_ASN1_OBJECT(bp, oid)) return 0; + if (BIO_printf(bp, "%*s", ind, "") <= 0) return 0; + if(i2a_ASN1_OBJECT(bp, oid) <= 0) return 0; return 1; } diff --git a/crypto/openssl/doc/apps/enc.pod b/crypto/openssl/doc/apps/enc.pod index 4391c93360..d3049e82e9 100644 --- a/crypto/openssl/doc/apps/enc.pod +++ b/crypto/openssl/doc/apps/enc.pod @@ -50,15 +50,13 @@ see the B section in L. =item B<-salt> -use a salt in the key derivation routines. This option should B -be used unless compatibility with previous versions of OpenSSL or SSLeay -is required. This option is only present on OpenSSL versions 0.9.5 or -above. +use a salt in the key derivation routines. This is the default. =item B<-nosalt> -don't use a salt in the key derivation routines. This is the default for -compatibility with previous versions of OpenSSL and SSLeay. +don't use a salt in the key derivation routines. This option B be +used except for test purposes or compatibility with ancient versions of OpenSSL +and SSLeay. =item B<-e> diff --git a/crypto/openssl/doc/apps/verify.pod b/crypto/openssl/doc/apps/verify.pod index ff2629d2cf..31875773e3 100644 --- a/crypto/openssl/doc/apps/verify.pod +++ b/crypto/openssl/doc/apps/verify.pod @@ -66,6 +66,11 @@ certificate was rejected. However the presence of rejection messages does not itself imply that anything is wrong: during the normal verify process several rejections may take place. +=item B<-check_ss_sig> + +Verify the signature on the self-signed root CA. This is disabled by default +because it doesn't add any security. + =item B<-> marks the last option. All arguments following this are assumed to be @@ -166,8 +171,8 @@ the operation was successful. =item B<2 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: unable to get issuer certificate> -the issuer certificate could not be found: this occurs if the issuer certificate -of an untrusted certificate cannot be found. +the issuer certificate of a looked up certificate could not be found. This +normally means the list of trusted certificates is not complete. =item B<3 X509_V_ERR_UNABLE_TO_GET_CRL: unable to get certificate CRL> @@ -244,8 +249,8 @@ be found locally. =item B<20 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: unable to get local issuer certificate> -the issuer certificate of a locally looked up certificate could not be found. This normally means -the list of trusted certificates is not complete. +the issuer certificate could not be found: this occurs if the issuer +certificate of an untrusted certificate cannot be found. =item B<21 X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: unable to verify the first certificate> @@ -321,6 +326,10 @@ the certificates in the file will be recognised. Previous versions of OpenSSL assume certificates with matching subject name are identical and mishandled them. +Previous versions of this documentation swapped the meaning of the +B and +B<20 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY> error codes. + =head1 SEE ALSO L diff --git a/crypto/openssl/doc/crypto/ASN1_generate_nconf.pod b/crypto/openssl/doc/crypto/ASN1_generate_nconf.pod index 1157cff510..179132d012 100644 --- a/crypto/openssl/doc/crypto/ASN1_generate_nconf.pod +++ b/crypto/openssl/doc/crypto/ASN1_generate_nconf.pod @@ -175,7 +175,7 @@ An IA5String explicitly tagged using APPLICATION tagging: A BITSTRING with bits 1 and 5 set and all others zero: - FORMAT=BITLIST,BITSTRING:1,5 + FORMAT:BITLIST,BITSTRING:1,5 A more complex example using a config file to produce a SEQUENCE consiting of a BOOL an OID and a UTF8String: diff --git a/crypto/openssl/doc/crypto/EVP_DigestInit.pod b/crypto/openssl/doc/crypto/EVP_DigestInit.pod index 130cd7f60a..98b1368d08 100644 --- a/crypto/openssl/doc/crypto/EVP_DigestInit.pod +++ b/crypto/openssl/doc/crypto/EVP_DigestInit.pod @@ -64,9 +64,9 @@ EVP digest routines The EVP digest routines are a high level interface to message digests. -EVP_MD_CTX_init() initializes digest contet B. +EVP_MD_CTX_init() initializes digest context B. -EVP_MD_CTX_create() allocates, initializes and returns a digest contet. +EVP_MD_CTX_create() allocates, initializes and returns a digest context. EVP_DigestInit_ex() sets up digest context B to use a digest B from ENGINE B. B must be initialized before calling this @@ -102,7 +102,7 @@ the passed context B does not have to be initialized, and it always uses the default digest implementation. EVP_DigestFinal() is similar to EVP_DigestFinal_ex() except the digest -contet B is automatically cleaned up. +context B is automatically cleaned up. EVP_MD_CTX_copy() is similar to EVP_MD_CTX_copy_ex() except the destination B does not have to be initialized. diff --git a/crypto/openssl/doc/crypto/PKCS12_parse.pod b/crypto/openssl/doc/crypto/PKCS12_parse.pod index 51344f883a..c54cf2ad61 100644 --- a/crypto/openssl/doc/crypto/PKCS12_parse.pod +++ b/crypto/openssl/doc/crypto/PKCS12_parse.pod @@ -20,24 +20,31 @@ certificate to B<*cert> and any additional certificates to B<*ca>. =head1 NOTES -The parameters B and B cannot be B. B can be -in which case additional certificates will be discarded. B<*ca> can also -be a valid STACK in which case additional certificates are appended to -B<*ca>. If B<*ca> is B a new STACK will be allocated. +The parameters B and B cannot be B. B can be in +which case additional certificates will be discarded. B<*ca> can also be a +valid STACK in which case additional certificates are appended to B<*ca>. If +B<*ca> is B a new STACK will be allocated. -The B and B attributes (if present) on each certificate -will be stored in the B and B attributes of the B structure. +The B and B attributes (if present) on each +certificate will be stored in the B and B attributes of the +B structure. + +=head1 RETURN VALUES + +PKCS12_parse() returns 1 for success and zero if an error occurred. + +The error can be obtained from L =head1 BUGS -Only a single private key and corresponding certificate is returned by this function. -More complex PKCS#12 files with multiple private keys will only return the first -match. +Only a single private key and corresponding certificate is returned by this +function. More complex PKCS#12 files with multiple private keys will only +return the first match. -Only B and B attributes are currently stored in certificates. -Other attributes are discarded. +Only B and B attributes are currently stored in +certificates. Other attributes are discarded. -Attributes currently cannot be store in the private key B structure. +Attributes currently cannot be stored in the private key B structure. =head1 SEE ALSO diff --git a/crypto/openssl/doc/crypto/bn_internal.pod b/crypto/openssl/doc/crypto/bn_internal.pod index 891914678c..d39ce90939 100644 --- a/crypto/openssl/doc/crypto/bn_internal.pod +++ b/crypto/openssl/doc/crypto/bn_internal.pod @@ -70,24 +70,34 @@ applications. =head2 The BIGNUM structure - typedef struct bignum_st + typedef struct bignum_st BIGNUM; + + struct bignum_st { - int top; /* number of words used in d */ - BN_ULONG *d; /* pointer to an array containing the integer value */ - int max; /* size of the d array */ - int neg; /* sign */ - } BIGNUM; + BN_ULONG *d; /* Pointer to an array of 'BN_BITS2' bit chunks. */ + int top; /* Index of last used d +1. */ + /* The next are internal book keeping for bn_expand. */ + int dmax; /* Size of the d array. */ + int neg; /* one if the number is negative */ + int flags; + }; + The integer value is stored in B, a malloc()ed array of words (B), least significant word first. A B can be either 16, 32 or 64 bits in size, depending on the 'number of bits' (B) specified in C. -B is the size of the B array that has been allocated. B +B is the size of the B array that has been allocated. B is the number of words being used, so for a value of 4, bn.d[0]=4 and bn.top=1. B is 1 if the number is negative. When a B is B<0>, the B field can be B and B == B<0>. +B is a bit field of flags which are defined in C. The +flags begin with B. The macros BN_set_flags(b,n) and +BN_get_flags(b,n) exist to enable or fetch flag(s) B from B +structure B. + Various routines in this library require the use of temporary B variables during their execution. Since dynamic memory allocation to create Bs is rather expensive when used in @@ -207,12 +217,12 @@ significant non-zero word plus one when B has shrunk. =head2 Debugging bn_check_top() verifies that C<((a)-Etop E= 0 && (a)-Etop -E= (a)-Emax)>. A violation will cause the program to abort. +E= (a)-Edmax)>. A violation will cause the program to abort. bn_print() prints B to stderr. bn_dump() prints B words at B (in reverse order, i.e. most significant word first) to stderr. -bn_set_max() makes B a static number with a B of its current size. +bn_set_max() makes B a static number with a B of its current size. This is used by bn_set_low() and bn_set_high() to make B a read-only B that contains the B low or high words of B. diff --git a/crypto/openssl/doc/crypto/d2i_X509.pod b/crypto/openssl/doc/crypto/d2i_X509.pod index 5bfa18afbb..298ec54a4c 100644 --- a/crypto/openssl/doc/crypto/d2i_X509.pod +++ b/crypto/openssl/doc/crypto/d2i_X509.pod @@ -15,8 +15,8 @@ i2d_X509_fp - X509 encode and decode functions X509 *d2i_X509_bio(BIO *bp, X509 **x); X509 *d2i_X509_fp(FILE *fp, X509 **x); - int i2d_X509_bio(X509 *x, BIO *bp); - int i2d_X509_fp(X509 *x, FILE *fp); + int i2d_X509_bio(BIO *bp, X509 *x); + int i2d_X509_fp(FILE *fp, X509 *x); =head1 DESCRIPTION @@ -212,11 +212,11 @@ d2i_X509(), d2i_X509_bio() and d2i_X509_fp() return a valid B structure or B if an error occurs. The error code that can be obtained by L. -i2d_X509(), i2d_X509_bio() and i2d_X509_fp() return a the number of bytes -successfully encoded or a negative value if an error occurs. The error code -can be obtained by L. +i2d_X509() returns the number of bytes successfully encoded or a negative +value if an error occurs. The error code can be obtained by +L. -i2d_X509_bio() and i2d_X509_fp() returns 1 for success and 0 if an error +i2d_X509_bio() and i2d_X509_fp() return 1 for success and 0 if an error occurs The error code can be obtained by L. =head1 SEE ALSO diff --git a/crypto/openssl/doc/crypto/d2i_X509_CRL.pod b/crypto/openssl/doc/crypto/d2i_X509_CRL.pod index e7295a5d61..224f9e082b 100644 --- a/crypto/openssl/doc/crypto/d2i_X509_CRL.pod +++ b/crypto/openssl/doc/crypto/d2i_X509_CRL.pod @@ -15,8 +15,8 @@ i2d_X509_CRL_bio, i2d_X509_CRL_fp - PKCS#10 certificate request functions. X509_CRL *d2i_X509_CRL_bio(BIO *bp, X509_CRL **x); X509_CRL *d2i_X509_CRL_fp(FILE *fp, X509_CRL **x); - int i2d_X509_CRL_bio(X509_CRL *x, BIO *bp); - int i2d_X509_CRL_fp(X509_CRL *x, FILE *fp); + int i2d_X509_CRL_bio(BIO *bp, X509_CRL *x); + int i2d_X509_CRL_fp(FILE *fp, X509_CRL *x); =head1 DESCRIPTION diff --git a/crypto/openssl/doc/crypto/d2i_X509_REQ.pod b/crypto/openssl/doc/crypto/d2i_X509_REQ.pod index ae32a3891d..91c0c1974b 100644 --- a/crypto/openssl/doc/crypto/d2i_X509_REQ.pod +++ b/crypto/openssl/doc/crypto/d2i_X509_REQ.pod @@ -15,8 +15,8 @@ i2d_X509_REQ_bio, i2d_X509_REQ_fp - PKCS#10 certificate request functions. X509_REQ *d2i_X509_REQ_bio(BIO *bp, X509_REQ **x); X509_REQ *d2i_X509_REQ_fp(FILE *fp, X509_REQ **x); - int i2d_X509_REQ_bio(X509_REQ *x, BIO *bp); - int i2d_X509_REQ_fp(X509_REQ *x, FILE *fp); + int i2d_X509_REQ_bio(BIO *bp, X509_REQ *x); + int i2d_X509_REQ_fp(FILE *fp, X509_REQ *x); =head1 DESCRIPTION diff --git a/crypto/openssl/doc/crypto/hmac.pod b/crypto/openssl/doc/crypto/hmac.pod index 0bd79a6d3a..484e349fd1 100644 --- a/crypto/openssl/doc/crypto/hmac.pod +++ b/crypto/openssl/doc/crypto/hmac.pod @@ -41,8 +41,6 @@ If B is NULL, the digest is placed in a static array. The size of the output is placed in B, unless it is B. B can be EVP_sha1(), EVP_ripemd160() etc. -B and B may be B if a key and hash function have -been set in a previous call to HMAC_Init() for that B. HMAC_CTX_init() initialises a B before first use. It must be called. diff --git a/crypto/openssl/doc/crypto/pem.pod b/crypto/openssl/doc/crypto/pem.pod index 4f9a27df0c..d5b1896119 100644 --- a/crypto/openssl/doc/crypto/pem.pod +++ b/crypto/openssl/doc/crypto/pem.pod @@ -2,7 +2,7 @@ =head1 NAME -PEM - PEM routines +PEM, PEM_read_bio_PrivateKey, PEM_read_PrivateKey, PEM_write_bio_PrivateKey, PEM_write_PrivateKey, PEM_write_bio_PKCS8PrivateKey, PEM_write_PKCS8PrivateKey, PEM_write_bio_PKCS8PrivateKey_nid, PEM_write_PKCS8PrivateKey_nid, PEM_read_bio_PUBKEY, PEM_read_PUBKEY, PEM_write_bio_PUBKEY, PEM_write_PUBKEY, PEM_read_bio_RSAPrivateKey, PEM_read_RSAPrivateKey, PEM_write_bio_RSAPrivateKey, PEM_write_RSAPrivateKey, PEM_read_bio_RSAPublicKey, PEM_read_RSAPublicKey, PEM_write_bio_RSAPublicKey, PEM_write_RSAPublicKey, PEM_read_bio_RSA_PUBKEY, PEM_read_RSA_PUBKEY, PEM_write_bio_RSA_PUBKEY, PEM_write_RSA_PUBKEY, PEM_read_bio_DSAPrivateKey, PEM_read_DSAPrivateKey, PEM_write_bio_DSAPrivateKey, PEM_write_DSAPrivateKey, PEM_read_bio_DSA_PUBKEY, PEM_read_DSA_PUBKEY, PEM_write_bio_DSA_PUBKEY, PEM_write_DSA_PUBKEY, PEM_read_bio_DSAparams, PEM_read_DSAparams, PEM_write_bio_DSAparams, PEM_write_DSAparams, PEM_read_bio_DHparams, PEM_read_DHparams, PEM_write_bio_DHparams, PEM_write_DHparams, PEM_read_bio_X509, PEM_read_X509, PEM_write_bio_X509, PEM_write_X509, PEM_read_bio_X509_AUX, PEM_read_X509_AUX, PEM_write_bio_X509_AUX, PEM_write_X509_AUX, PEM_read_bio_X509_REQ, PEM_read_X509_REQ, PEM_write_bio_X509_REQ, PEM_write_X509_REQ, PEM_write_bio_X509_REQ_NEW, PEM_write_X509_REQ_NEW, PEM_read_bio_X509_CRL, PEM_read_X509_CRL, PEM_write_bio_X509_CRL, PEM_write_X509_CRL, PEM_read_bio_PKCS7, PEM_read_PKCS7, PEM_write_bio_PKCS7, PEM_write_PKCS7, PEM_read_bio_NETSCAPE_CERT_SEQUENCE, PEM_read_NETSCAPE_CERT_SEQUENCE, PEM_write_bio_NETSCAPE_CERT_SEQUENCE, PEM_write_NETSCAPE_CERT_SEQUENCE - PEM routines =head1 SYNOPSIS diff --git a/crypto/openssl/doc/ssl/SSL_CIPHER_get_name.pod b/crypto/openssl/doc/ssl/SSL_CIPHER_get_name.pod index f62a869a9b..eb772b55de 100644 --- a/crypto/openssl/doc/ssl/SSL_CIPHER_get_name.pod +++ b/crypto/openssl/doc/ssl/SSL_CIPHER_get_name.pod @@ -11,7 +11,7 @@ SSL_CIPHER_get_name, SSL_CIPHER_get_bits, SSL_CIPHER_get_version, SSL_CIPHER_des const char *SSL_CIPHER_get_name(const SSL_CIPHER *cipher); int SSL_CIPHER_get_bits(const SSL_CIPHER *cipher, int *alg_bits); char *SSL_CIPHER_get_version(const SSL_CIPHER *cipher); - char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int size); + char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int size); =head1 DESCRIPTION diff --git a/crypto/openssl/doc/ssl/SSL_CTX_set_options.pod b/crypto/openssl/doc/ssl/SSL_CTX_set_options.pod index eaed190809..06025d13fa 100644 --- a/crypto/openssl/doc/ssl/SSL_CTX_set_options.pod +++ b/crypto/openssl/doc/ssl/SSL_CTX_set_options.pod @@ -2,7 +2,7 @@ =head1 NAME -SSL_CTX_set_options, SSL_set_options, SSL_CTX_get_options, SSL_get_options - manipulate SSL engine options +SSL_CTX_set_options, SSL_set_options, SSL_CTX_clear_options, SSL_clear_options, SSL_CTX_get_options, SSL_get_options, SSL_get_secure_renegotiation_support - manipulate SSL options =head1 SYNOPSIS @@ -11,26 +11,41 @@ SSL_CTX_set_options, SSL_set_options, SSL_CTX_get_options, SSL_get_options - man long SSL_CTX_set_options(SSL_CTX *ctx, long options); long SSL_set_options(SSL *ssl, long options); + long SSL_CTX_clear_options(SSL_CTX *ctx, long options); + long SSL_clear_options(SSL *ssl, long options); + long SSL_CTX_get_options(SSL_CTX *ctx); long SSL_get_options(SSL *ssl); + long SSL_get_secure_renegotiation_support(SSL *ssl); + =head1 DESCRIPTION +Note: all these functions are implemented using macros. + SSL_CTX_set_options() adds the options set via bitmask in B to B. Options already set before are not cleared! SSL_set_options() adds the options set via bitmask in B to B. Options already set before are not cleared! +SSL_CTX_clear_options() clears the options set via bitmask in B +to B. + +SSL_clear_options() clears the options set via bitmask in B to B. + SSL_CTX_get_options() returns the options set for B. SSL_get_options() returns the options set for B. +SSL_get_secure_renegotiation_support() indicates whether the peer supports +secure renegotiation. + =head1 NOTES The behaviour of the SSL library can be changed by setting several options. The options are coded as bitmasks and can be combined by a logical B -operation (|). Options can only be added but can never be reset. +operation (|). SSL_CTX_set_options() and SSL_set_options() affect the (external) protocol behaviour of the SSL library. The (internal) behaviour of @@ -199,7 +214,7 @@ Do not use the TLSv1 protocol. When performing renegotiation as a server, always start a new session (i.e., session resumption requests are only accepted in the initial -handshake). This option is not needed for clients. +handshake). This option is not needed for clients. =item SSL_OP_NO_TICKET @@ -210,15 +225,107 @@ is explicitly set when OpenSSL is compiled. If this option is set this functionality is disabled and tickets will not be used by clients or servers. +=item SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION + +Allow legacy insecure renegotiation between OpenSSL and unpatched clients or +servers. See the B section for more details. + +=item SSL_OP_LEGACY_SERVER_CONNECT + +Allow legacy insecure renegotiation between OpenSSL and unpatched servers +B: this option is currently set by default. See the +B section for more details. + =back +=head1 SECURE RENEGOTIATION + +OpenSSL 0.9.8m and later always attempts to use secure renegotiation as +described in RFC5746. This counters the prefix attack described in +CVE-2009-3555 and elsewhere. + +The deprecated and highly broken SSLv2 protocol does not support +renegotiation at all: its use is B discouraged. + +This attack has far reaching consequences which application writers should be +aware of. In the description below an implementation supporting secure +renegotiation is referred to as I. A server not supporting secure +renegotiation is referred to as I. + +The following sections describe the operations permitted by OpenSSL's secure +renegotiation implementation. + +=head2 Patched client and server + +Connections and renegotiation are always permitted by OpenSSL implementations. + +=head2 Unpatched client and patched OpenSSL server + +The initial connection suceeds but client renegotiation is denied by the +server with a B warning alert if TLS v1.0 is used or a fatal +B alert in SSL v3.0. + +If the patched OpenSSL server attempts to renegotiate a fatal +B alert is sent. This is because the server code may be +unaware of the unpatched nature of the client. + +If the option B is set then +renegotiation B succeeds. + +B a bug in OpenSSL clients earlier than 0.9.8m (all of which are +unpatched) will result in the connection hanging if it receives a +B alert. OpenSSL versions 0.9.8m and later will regard +a B alert as fatal and respond with a fatal +B alert. This is because the OpenSSL API currently has +no provision to indicate to an application that a renegotiation attempt +was refused. + +=head2 Patched OpenSSL client and unpatched server. + +If the option B or +B is set then initial connections +and renegotiation between patched OpenSSL clients and unpatched servers +succeeds. If neither option is set then initial connections to unpatched +servers will fail. + +The option B is currently set by default even +though it has security implications: otherwise it would be impossible to +connect to unpatched servers (i.e. all of them initially) and this is clearly +not acceptable. Renegotiation is permitted because this does not add any +additional security issues: during an attack clients do not see any +renegotiations anyway. + +As more servers become patched the option B will +B be set by default in a future version of OpenSSL. + +OpenSSL client applications wishing to ensure they can connect to unpatched +servers should always B B + +OpenSSL client applications that want to ensure they can B connect to +unpatched servers (and thus avoid any security issues) should always B +B using SSL_CTX_clear_options() or +SSL_clear_options(). + +The difference between the B and +B options is that +B enables initial connections and secure +renegotiation between OpenSSL clients and unpatched servers B, while +B allows initial connections +and renegotiation between OpenSSL and unpatched clients or servers. + =head1 RETURN VALUES SSL_CTX_set_options() and SSL_set_options() return the new options bitmask after adding B. +SSL_CTX_clear_options() and SSL_clear_options() return the new options bitmask +after clearing B. + SSL_CTX_get_options() and SSL_get_options() return the current bitmask. +SSL_get_secure_renegotiation_support() returns 1 is the peer supports +secure renegotiation and 0 if it does not. + =head1 SEE ALSO L, L, L, @@ -241,4 +348,11 @@ Versions up to OpenSSL 0.9.6c do not include the countermeasure that can be disabled with this option (in OpenSSL 0.9.6d, it was always enabled). +SSL_CTX_clear_options() and SSL_clear_options() were first added in OpenSSL +0.9.8m. + +B, B +and the function SSL_get_secure_renegotiation_support() were first added in +OpenSSL 0.9.8m. + =cut diff --git a/crypto/openssl/engines/e_ubsec.c b/crypto/openssl/engines/e_ubsec.c index e8389de6a1..a0f320caf5 100644 --- a/crypto/openssl/engines/e_ubsec.c +++ b/crypto/openssl/engines/e_ubsec.c @@ -934,7 +934,7 @@ static int ubsec_dh_generate_key(DH *dh) priv_key = BN_new(); if (priv_key == NULL) goto err; priv_key_len = BN_num_bits(dh->p); - bn_wexpand(priv_key, dh->p->top); + if(bn_wexpand(priv_key, dh->p->top) == NULL) goto err; do if (!BN_rand_range(priv_key, dh->p)) goto err; while (BN_is_zero(priv_key)); @@ -949,7 +949,7 @@ static int ubsec_dh_generate_key(DH *dh) { pub_key = BN_new(); pub_key_len = BN_num_bits(dh->p); - bn_wexpand(pub_key, dh->p->top); + if(bn_wexpand(pub_key, dh->p->top) == NULL) goto err; if(pub_key == NULL) goto err; } else diff --git a/crypto/openssl/ssl/d1_both.c b/crypto/openssl/ssl/d1_both.c index 15a201a25c..0a5c08d713 100644 --- a/crypto/openssl/ssl/d1_both.c +++ b/crypto/openssl/ssl/d1_both.c @@ -136,7 +136,6 @@ static unsigned char *dtls1_write_message_header(SSL *s, static void dtls1_set_message_header_int(SSL *s, unsigned char mt, unsigned long len, unsigned short seq_num, unsigned long frag_off, unsigned long frag_len); -static int dtls1_retransmit_buffered_messages(SSL *s); static long dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok); @@ -178,7 +177,7 @@ int dtls1_do_write(SSL *s, int type) { int ret; int curr_mtu; - unsigned int len, frag_off; + unsigned int len, frag_off, mac_size, blocksize; /* AHA! Figure out the MTU, and stick to the right size */ if ( ! (SSL_get_options(s) & SSL_OP_NO_QUERY_MTU)) @@ -226,11 +225,22 @@ int dtls1_do_write(SSL *s, int type) OPENSSL_assert(s->init_num == (int)s->d1->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH); + if (s->write_hash) + mac_size = EVP_MD_size(s->write_hash); + else + mac_size = 0; + + if (s->enc_write_ctx && + (EVP_CIPHER_mode( s->enc_write_ctx->cipher) & EVP_CIPH_CBC_MODE)) + blocksize = 2 * EVP_CIPHER_block_size(s->enc_write_ctx->cipher); + else + blocksize = 0; + frag_off = 0; while( s->init_num) { curr_mtu = s->d1->mtu - BIO_wpending(SSL_get_wbio(s)) - - DTLS1_RT_HEADER_LENGTH; + DTLS1_RT_HEADER_LENGTH - mac_size - blocksize; if ( curr_mtu <= DTLS1_HM_HEADER_LENGTH) { @@ -238,7 +248,8 @@ int dtls1_do_write(SSL *s, int type) ret = BIO_flush(SSL_get_wbio(s)); if ( ret <= 0) return ret; - curr_mtu = s->d1->mtu - DTLS1_RT_HEADER_LENGTH; + curr_mtu = s->d1->mtu - DTLS1_RT_HEADER_LENGTH - + mac_size - blocksize; } if ( s->init_num > curr_mtu) @@ -280,7 +291,7 @@ int dtls1_do_write(SSL *s, int type) * retransmit */ if ( BIO_ctrl(SSL_get_wbio(s), - BIO_CTRL_DGRAM_MTU_EXCEEDED, 0, NULL)) + BIO_CTRL_DGRAM_MTU_EXCEEDED, 0, NULL) > 0 ) s->d1->mtu = BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL); else @@ -519,6 +530,7 @@ dtls1_retrieve_buffered_fragment(SSL *s, long max, int *ok) if ( s->d1->handshake_read_seq == frag->msg_header.seq) { + unsigned long frag_len = frag->msg_header.frag_len; pqueue_pop(s->d1->buffered_messages); al=dtls1_preprocess_fragment(s,&frag->msg_header,max); @@ -536,7 +548,7 @@ dtls1_retrieve_buffered_fragment(SSL *s, long max, int *ok) if (al==0) { *ok = 1; - return frag->msg_header.frag_len; + return frag_len; } ssl3_send_alert(s,SSL3_AL_FATAL,al); @@ -561,7 +573,20 @@ dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st* msg_hdr, int *ok) if ((msg_hdr->frag_off+frag_len) > msg_hdr->msg_len) goto err; - if (msg_hdr->seq <= s->d1->handshake_read_seq) + /* Try to find item in queue, to prevent duplicate entries */ + pq_64bit_init(&seq64); + pq_64bit_assign_word(&seq64, msg_hdr->seq); + item = pqueue_find(s->d1->buffered_messages, seq64); + pq_64bit_free(&seq64); + + /* Discard the message if sequence number was already there, is + * too far in the future, already in the queue or if we received + * a FINISHED before the SERVER_HELLO, which then must be a stale + * retransmit. + */ + if (msg_hdr->seq <= s->d1->handshake_read_seq || + msg_hdr->seq > s->d1->handshake_read_seq + 10 || item != NULL || + (s->d1->handshake_read_seq == 0 && msg_hdr->type == SSL3_MT_FINISHED)) { unsigned char devnull [256]; @@ -575,30 +600,31 @@ dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st* msg_hdr, int *ok) } } - frag = dtls1_hm_fragment_new(frag_len); - if ( frag == NULL) - goto err; + if (frag_len) + { + frag = dtls1_hm_fragment_new(frag_len); + if ( frag == NULL) + goto err; - memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr)); + memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr)); - if (frag_len) - { - /* read the body of the fragment (header has already been read */ + /* read the body of the fragment (header has already been read) */ i = s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE, frag->fragment,frag_len,0); if (i<=0 || (unsigned long)i!=frag_len) goto err; - } - pq_64bit_init(&seq64); - pq_64bit_assign_word(&seq64, msg_hdr->seq); + pq_64bit_init(&seq64); + pq_64bit_assign_word(&seq64, msg_hdr->seq); - item = pitem_new(seq64, frag); - pq_64bit_free(&seq64); - if ( item == NULL) - goto err; + item = pitem_new(seq64, frag); + pq_64bit_free(&seq64); + if ( item == NULL) + goto err; + + pqueue_insert(s->d1->buffered_messages, item); + } - pqueue_insert(s->d1->buffered_messages, item); return DTLS1_HM_FRAGMENT_RETRY; err: @@ -739,6 +765,24 @@ int dtls1_send_finished(SSL *s, int a, int b, const char *sender, int slen) p+=i; l=i; + /* Copy the finished so we can use it for + * renegotiation checks + */ + if(s->type == SSL_ST_CONNECT) + { + OPENSSL_assert(i <= EVP_MAX_MD_SIZE); + memcpy(s->s3->previous_client_finished, + s->s3->tmp.finish_md, i); + s->s3->previous_client_finished_len=i; + } + else + { + OPENSSL_assert(i <= EVP_MAX_MD_SIZE); + memcpy(s->s3->previous_server_finished, + s->s3->tmp.finish_md, i); + s->s3->previous_server_finished_len=i; + } + #ifdef OPENSSL_SYS_WIN16 /* MSVC 1.5 does not clear the top bytes of the word unless * I do this. @@ -801,14 +845,30 @@ int dtls1_send_change_cipher_spec(SSL *s, int a, int b) return(dtls1_do_write(s,SSL3_RT_CHANGE_CIPHER_SPEC)); } +static int dtls1_add_cert_to_buf(BUF_MEM *buf, unsigned long *l, X509 *x) + { + int n; + unsigned char *p; + + n=i2d_X509(x,NULL); + if (!BUF_MEM_grow_clean(buf,(int)(n+(*l)+3))) + { + SSLerr(SSL_F_DTLS1_ADD_CERT_TO_BUF,ERR_R_BUF_LIB); + return 0; + } + p=(unsigned char *)&(buf->data[*l]); + l2n3(n,p); + i2d_X509(x,&p); + *l+=n+3; + + return 1; + } unsigned long dtls1_output_cert_chain(SSL *s, X509 *x) { unsigned char *p; - int n,i; + int i; unsigned long l= 3 + DTLS1_HM_HEADER_LENGTH; BUF_MEM *buf; - X509_STORE_CTX xs_ctx; - X509_OBJECT obj; /* TLSv1 sends a chain with nothing in it, instead of an alert */ buf=s->init_buf; @@ -819,54 +879,33 @@ unsigned long dtls1_output_cert_chain(SSL *s, X509 *x) } if (x != NULL) { - if(!X509_STORE_CTX_init(&xs_ctx,s->ctx->cert_store,NULL,NULL)) - { - SSLerr(SSL_F_DTLS1_OUTPUT_CERT_CHAIN,ERR_R_X509_LIB); - return(0); - } - - for (;;) - { - n=i2d_X509(x,NULL); - if (!BUF_MEM_grow_clean(buf,(int)(n+l+3))) - { - SSLerr(SSL_F_DTLS1_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB); - return(0); - } - p=(unsigned char *)&(buf->data[l]); - l2n3(n,p); - i2d_X509(x,&p); - l+=n+3; - if (X509_NAME_cmp(X509_get_subject_name(x), - X509_get_issuer_name(x)) == 0) break; - - i=X509_STORE_get_by_subject(&xs_ctx,X509_LU_X509, - X509_get_issuer_name(x),&obj); - if (i <= 0) break; - x=obj.data.x509; - /* Count is one too high since the X509_STORE_get uped the - * ref count */ - X509_free(x); - } - - X509_STORE_CTX_cleanup(&xs_ctx); - } - + X509_STORE_CTX xs_ctx; + + if (!X509_STORE_CTX_init(&xs_ctx,s->ctx->cert_store,x,NULL)) + { + SSLerr(SSL_F_DTLS1_OUTPUT_CERT_CHAIN,ERR_R_X509_LIB); + return(0); + } + + X509_verify_cert(&xs_ctx); + for (i=0; i < sk_X509_num(xs_ctx.chain); i++) + { + x = sk_X509_value(xs_ctx.chain, i); + + if (!dtls1_add_cert_to_buf(buf, &l, x)) + { + X509_STORE_CTX_cleanup(&xs_ctx); + return 0; + } + } + X509_STORE_CTX_cleanup(&xs_ctx); + } /* Thawte special :-) */ - if (s->ctx->extra_certs != NULL) for (i=0; ictx->extra_certs); i++) { x=sk_X509_value(s->ctx->extra_certs,i); - n=i2d_X509(x,NULL); - if (!BUF_MEM_grow_clean(buf,(int)(n+l+3))) - { - SSLerr(SSL_F_DTLS1_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB); - return(0); - } - p=(unsigned char *)&(buf->data[l]); - l2n3(n,p); - i2d_X509(x,&p); - l+=n+3; + if (!dtls1_add_cert_to_buf(buf, &l, x)) + return 0; } l-= (3 + DTLS1_HM_HEADER_LENGTH); @@ -883,18 +922,13 @@ unsigned long dtls1_output_cert_chain(SSL *s, X509 *x) int dtls1_read_failed(SSL *s, int code) { - DTLS1_STATE *state; - BIO *bio; - int send_alert = 0; - if ( code > 0) { fprintf( stderr, "invalid state reached %s:%d", __FILE__, __LINE__); return 1; } - bio = SSL_get_rbio(s); - if ( ! BIO_dgram_recv_timedout(bio)) + if (!dtls1_is_timer_expired(s)) { /* not a timeout, none of our business, let higher layers handle this. in fact it's probably an error */ @@ -907,23 +941,6 @@ int dtls1_read_failed(SSL *s, int code) return code; } - state = s->d1; - state->timeout.num_alerts++; - if ( state->timeout.num_alerts > DTLS1_TMO_ALERT_COUNT) - { - /* fail the connection, enough alerts have been sent */ - SSLerr(SSL_F_DTLS1_READ_FAILED,SSL_R_READ_TIMEOUT_EXPIRED); - return 0; - } - - state->timeout.read_timeouts++; - if ( state->timeout.read_timeouts > DTLS1_TMO_READ_COUNT) - { - send_alert = 1; - state->timeout.read_timeouts = 1; - } - - #if 0 /* for now, each alert contains only one record number */ item = pqueue_peek(state->rcvd_records); if ( item ) @@ -934,16 +951,29 @@ int dtls1_read_failed(SSL *s, int code) #endif #if 0 /* no more alert sending, just retransmit the last set of messages */ - if ( send_alert) - ssl3_send_alert(s,SSL3_AL_WARNING, - DTLS1_AD_MISSING_HANDSHAKE_MESSAGE); + if ( state->timeout.read_timeouts >= DTLS1_TMO_READ_COUNT) + ssl3_send_alert(s,SSL3_AL_WARNING, + DTLS1_AD_MISSING_HANDSHAKE_MESSAGE); #endif - return dtls1_retransmit_buffered_messages(s) ; + return dtls1_handle_timeout(s); } +int +dtls1_get_queue_priority(unsigned short seq, int is_ccs) + { + /* The index of the retransmission queue actually is the message sequence number, + * since the queue only contains messages of a single handshake. However, the + * ChangeCipherSpec has no message sequence number and so using only the sequence + * will result in the CCS and Finished having the same index. To prevent this, + * the sequence number is multiplied by 2. In case of a CCS 1 is subtracted. + * This does not only differ CSS and Finished, it also maintains the order of the + * index (important for priority queues) and fits in the unsigned short variable. + */ + return seq * 2 - is_ccs; + } -static int +int dtls1_retransmit_buffered_messages(SSL *s) { pqueue sent = s->d1->sent_messages; @@ -957,8 +987,9 @@ dtls1_retransmit_buffered_messages(SSL *s) for ( item = pqueue_next(&iter); item != NULL; item = pqueue_next(&iter)) { frag = (hm_fragment *)item->data; - if ( dtls1_retransmit_message(s, frag->msg_header.seq, 0, &found) <= 0 && - found) + if ( dtls1_retransmit_message(s, + (unsigned short)dtls1_get_queue_priority(frag->msg_header.seq, frag->msg_header.is_ccs), + 0, &found) <= 0 && found) { fprintf(stderr, "dtls1_retransmit_message() failed\n"); return -1; @@ -974,7 +1005,6 @@ dtls1_buffer_message(SSL *s, int is_ccs) pitem *item; hm_fragment *frag; PQ_64BIT seq64; - unsigned int epoch = s->d1->w_epoch; /* this function is called immediately after a message has * been serialized */ @@ -988,7 +1018,6 @@ dtls1_buffer_message(SSL *s, int is_ccs) { OPENSSL_assert(s->d1->w_msg_hdr.msg_len + DTLS1_CCS_HEADER_LENGTH <= (unsigned int)s->init_num); - epoch++; } else { @@ -1003,9 +1032,19 @@ dtls1_buffer_message(SSL *s, int is_ccs) frag->msg_header.frag_len = s->d1->w_msg_hdr.msg_len; frag->msg_header.is_ccs = is_ccs; + /* save current state*/ + frag->msg_header.saved_retransmit_state.enc_write_ctx = s->enc_write_ctx; + frag->msg_header.saved_retransmit_state.write_hash = s->write_hash; + frag->msg_header.saved_retransmit_state.compress = s->compress; + frag->msg_header.saved_retransmit_state.session = s->session; + frag->msg_header.saved_retransmit_state.epoch = s->d1->w_epoch; + pq_64bit_init(&seq64); - pq_64bit_assign_word(&seq64, epoch<<16 | frag->msg_header.seq); + pq_64bit_assign_word(&seq64, + dtls1_get_queue_priority(frag->msg_header.seq, + frag->msg_header.is_ccs)); + item = pitem_new(seq64, frag); pq_64bit_free(&seq64); if ( item == NULL) @@ -1034,6 +1073,8 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off, hm_fragment *frag ; unsigned long header_length; PQ_64BIT seq64; + struct dtls1_retransmit_state saved_state; + unsigned char save_write_sequence[8]; /* OPENSSL_assert(s->init_num == 0); @@ -1069,9 +1110,45 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off, frag->msg_header.msg_len, frag->msg_header.seq, 0, frag->msg_header.frag_len); + /* save current state */ + saved_state.enc_write_ctx = s->enc_write_ctx; + saved_state.write_hash = s->write_hash; + saved_state.compress = s->compress; + saved_state.session = s->session; + saved_state.epoch = s->d1->w_epoch; + saved_state.epoch = s->d1->w_epoch; + s->d1->retransmitting = 1; + + /* restore state in which the message was originally sent */ + s->enc_write_ctx = frag->msg_header.saved_retransmit_state.enc_write_ctx; + s->write_hash = frag->msg_header.saved_retransmit_state.write_hash; + s->compress = frag->msg_header.saved_retransmit_state.compress; + s->session = frag->msg_header.saved_retransmit_state.session; + s->d1->w_epoch = frag->msg_header.saved_retransmit_state.epoch; + + if (frag->msg_header.saved_retransmit_state.epoch == saved_state.epoch - 1) + { + memcpy(save_write_sequence, s->s3->write_sequence, sizeof(s->s3->write_sequence)); + memcpy(s->s3->write_sequence, s->d1->last_write_sequence, sizeof(s->s3->write_sequence)); + } + ret = dtls1_do_write(s, frag->msg_header.is_ccs ? - SSL3_RT_CHANGE_CIPHER_SPEC : SSL3_RT_HANDSHAKE); + SSL3_RT_CHANGE_CIPHER_SPEC : SSL3_RT_HANDSHAKE); + + /* restore current state */ + s->enc_write_ctx = saved_state.enc_write_ctx; + s->write_hash = saved_state.write_hash; + s->compress = saved_state.compress; + s->session = saved_state.session; + s->d1->w_epoch = saved_state.epoch; + + if (frag->msg_header.saved_retransmit_state.epoch == saved_state.epoch - 1) + { + memcpy(s->d1->last_write_sequence, s->s3->write_sequence, sizeof(s->s3->write_sequence)); + memcpy(s->s3->write_sequence, save_write_sequence, sizeof(s->s3->write_sequence)); + } + s->d1->retransmitting = 0; (void)BIO_flush(SSL_get_wbio(s)); diff --git a/crypto/openssl/ssl/d1_clnt.c b/crypto/openssl/ssl/d1_clnt.c index 49c6760d19..223d116279 100644 --- a/crypto/openssl/ssl/d1_clnt.c +++ b/crypto/openssl/ssl/d1_clnt.c @@ -130,7 +130,7 @@ static int dtls1_get_hello_verify(SSL *s); static SSL_METHOD *dtls1_get_client_method(int ver) { - if (ver == DTLS1_VERSION) + if (ver == DTLS1_VERSION || ver == DTLS1_BAD_VER) return(DTLSv1_client_method()); else return(NULL); @@ -145,7 +145,6 @@ int dtls1_connect(SSL *s) { BUF_MEM *buf=NULL; unsigned long Time=(unsigned long)time(NULL),l; - long num1; void (*cb)(const SSL *ssl,int type,int val)=NULL; int ret= -1; int new_state,state,skip=0;; @@ -181,7 +180,8 @@ int dtls1_connect(SSL *s) s->server=0; if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1); - if ((s->version & 0xff00 ) != (DTLS1_VERSION & 0xff00)) + if ((s->version & 0xff00 ) != (DTLS1_VERSION & 0xff00) && + (s->version & 0xff00 ) != (DTLS1_BAD_VER & 0xff00)) { SSLerr(SSL_F_DTLS1_CONNECT, ERR_R_INTERNAL_ERROR); ret = -1; @@ -219,6 +219,8 @@ int dtls1_connect(SSL *s) s->init_num=0; /* mark client_random uninitialized */ memset(s->s3->client_random,0,sizeof(s->s3->client_random)); + s->d1->send_cookie = 0; + s->hit = 0; break; case SSL3_ST_CW_CLNT_HELLO_A: @@ -229,6 +231,7 @@ int dtls1_connect(SSL *s) /* every DTLS ClientHello resets Finished MAC */ ssl3_init_finished_mac(s); + dtls1_start_timer(s); ret=dtls1_client_hello(s); if (ret <= 0) goto end; @@ -254,6 +257,7 @@ int dtls1_connect(SSL *s) if (ret <= 0) goto end; else { + dtls1_stop_timer(s); if (s->hit) s->state=SSL3_ST_CR_FINISHED_A; else @@ -268,6 +272,7 @@ int dtls1_connect(SSL *s) ret = dtls1_get_hello_verify(s); if ( ret <= 0) goto end; + dtls1_stop_timer(s); if ( s->d1->send_cookie) /* start again, with a cookie */ s->state=SSL3_ST_CW_CLNT_HELLO_A; else @@ -277,15 +282,43 @@ int dtls1_connect(SSL *s) case SSL3_ST_CR_CERT_A: case SSL3_ST_CR_CERT_B: +#ifndef OPENSSL_NO_TLSEXT + ret=ssl3_check_finished(s); + if (ret <= 0) goto end; + if (ret == 2) + { + s->hit = 1; + if (s->tlsext_ticket_expected) + s->state=SSL3_ST_CR_SESSION_TICKET_A; + else + s->state=SSL3_ST_CR_FINISHED_A; + s->init_num=0; + break; + } +#endif /* Check if it is anon DH */ if (!(s->s3->tmp.new_cipher->algorithms & SSL_aNULL)) { ret=ssl3_get_server_certificate(s); if (ret <= 0) goto end; +#ifndef OPENSSL_NO_TLSEXT + if (s->tlsext_status_expected) + s->state=SSL3_ST_CR_CERT_STATUS_A; + else + s->state=SSL3_ST_CR_KEY_EXCH_A; + } + else + { + skip = 1; + s->state=SSL3_ST_CR_KEY_EXCH_A; + } +#else } else skip=1; + s->state=SSL3_ST_CR_KEY_EXCH_A; +#endif s->init_num=0; break; @@ -329,6 +362,7 @@ int dtls1_connect(SSL *s) case SSL3_ST_CW_CERT_B: case SSL3_ST_CW_CERT_C: case SSL3_ST_CW_CERT_D: + dtls1_start_timer(s); ret=dtls1_send_client_certificate(s); if (ret <= 0) goto end; s->state=SSL3_ST_CW_KEY_EXCH_A; @@ -337,6 +371,7 @@ int dtls1_connect(SSL *s) case SSL3_ST_CW_KEY_EXCH_A: case SSL3_ST_CW_KEY_EXCH_B: + dtls1_start_timer(s); ret=dtls1_send_client_key_exchange(s); if (ret <= 0) goto end; l=s->s3->tmp.new_cipher->algorithms; @@ -359,6 +394,7 @@ int dtls1_connect(SSL *s) case SSL3_ST_CW_CERT_VRFY_A: case SSL3_ST_CW_CERT_VRFY_B: + dtls1_start_timer(s); ret=dtls1_send_client_verify(s); if (ret <= 0) goto end; s->state=SSL3_ST_CW_CHANGE_A; @@ -368,6 +404,7 @@ int dtls1_connect(SSL *s) case SSL3_ST_CW_CHANGE_A: case SSL3_ST_CW_CHANGE_B: + dtls1_start_timer(s); ret=dtls1_send_change_cipher_spec(s, SSL3_ST_CW_CHANGE_A,SSL3_ST_CW_CHANGE_B); if (ret <= 0) goto end; @@ -402,6 +439,7 @@ int dtls1_connect(SSL *s) case SSL3_ST_CW_FINISHED_A: case SSL3_ST_CW_FINISHED_B: + dtls1_start_timer(s); ret=dtls1_send_finished(s, SSL3_ST_CW_FINISHED_A,SSL3_ST_CW_FINISHED_B, s->method->ssl3_enc->client_finished_label, @@ -423,20 +461,44 @@ int dtls1_connect(SSL *s) } else { +#ifndef OPENSSL_NO_TLSEXT + /* Allow NewSessionTicket if ticket expected */ + if (s->tlsext_ticket_expected) + s->s3->tmp.next_state=SSL3_ST_CR_SESSION_TICKET_A; + else +#endif + s->s3->tmp.next_state=SSL3_ST_CR_FINISHED_A; } s->init_num=0; - /* mark client_random uninitialized */ - memset (s->s3->client_random,0,sizeof(s->s3->client_random)); break; +#ifndef OPENSSL_NO_TLSEXT + case SSL3_ST_CR_SESSION_TICKET_A: + case SSL3_ST_CR_SESSION_TICKET_B: + ret=ssl3_get_new_session_ticket(s); + if (ret <= 0) goto end; + s->state=SSL3_ST_CR_FINISHED_A; + s->init_num=0; + break; + + case SSL3_ST_CR_CERT_STATUS_A: + case SSL3_ST_CR_CERT_STATUS_B: + ret=ssl3_get_cert_status(s); + if (ret <= 0) goto end; + s->state=SSL3_ST_CR_KEY_EXCH_A; + s->init_num=0; + break; +#endif + case SSL3_ST_CR_FINISHED_A: case SSL3_ST_CR_FINISHED_B: - + s->d1->change_cipher_spec_ok = 1; ret=ssl3_get_finished(s,SSL3_ST_CR_FINISHED_A, SSL3_ST_CR_FINISHED_B); if (ret <= 0) goto end; + dtls1_stop_timer(s); if (s->hit) s->state=SSL3_ST_CW_CHANGE_A; @@ -446,16 +508,13 @@ int dtls1_connect(SSL *s) break; case SSL3_ST_CW_FLUSH: - /* number of bytes to be flushed */ - num1=BIO_ctrl(s->wbio,BIO_CTRL_INFO,0,NULL); - if (num1 > 0) + s->rwstate=SSL_WRITING; + if (BIO_flush(s->wbio) <= 0) { - s->rwstate=SSL_WRITING; - num1=BIO_flush(s->wbio); - if (num1 <= 0) { ret= -1; goto end; } - s->rwstate=SSL_NOTHING; + ret= -1; + goto end; } - + s->rwstate=SSL_NOTHING; s->state=s->s3->tmp.next_state; break; @@ -492,6 +551,7 @@ int dtls1_connect(SSL *s) /* done with handshaking */ s->d1->handshake_read_seq = 0; + s->d1->next_handshake_write_seq = 0; goto end; /* break; */ @@ -541,8 +601,14 @@ int dtls1_client_hello(SSL *s) buf=(unsigned char *)s->init_buf->data; if (s->state == SSL3_ST_CW_CLNT_HELLO_A) { + SSL_SESSION *sess = s->session; if ((s->session == NULL) || (s->session->ssl_version != s->version) || +#ifdef OPENSSL_NO_TLSEXT + !sess->session_id_length || +#else + (!sess->session_id_length && !sess->tlsext_tick) || +#endif (s->session->not_resumable)) { if (!ssl_get_new_session(s,0)) @@ -621,7 +687,15 @@ int dtls1_client_hello(SSL *s) *(p++)=comp->id; } *(p++)=0; /* Add the NULL method */ - + +#ifndef OPENSSL_NO_TLSEXT + if ((p = ssl_add_clienthello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) + { + SSLerr(SSL_F_DTLS1_CLIENT_HELLO,ERR_R_INTERNAL_ERROR); + goto err; + } +#endif + l=(p-d); d=buf; diff --git a/crypto/openssl/ssl/d1_enc.c b/crypto/openssl/ssl/d1_enc.c index cf3332e4e4..3dfa5adba3 100644 --- a/crypto/openssl/ssl/d1_enc.c +++ b/crypto/openssl/ssl/d1_enc.c @@ -151,7 +151,7 @@ int dtls1_enc(SSL *s, int send) __FILE__, __LINE__); else if ( EVP_CIPHER_block_size(ds->cipher) > 1) { - if (!RAND_bytes(rec->input, EVP_CIPHER_block_size(ds->cipher))) + if (RAND_bytes(rec->input, EVP_CIPHER_block_size(ds->cipher)) <= 0) return -1; } } diff --git a/crypto/openssl/ssl/d1_lib.c b/crypto/openssl/ssl/d1_lib.c index 3568e97a87..63bfbacc82 100644 --- a/crypto/openssl/ssl/d1_lib.c +++ b/crypto/openssl/ssl/d1_lib.c @@ -58,10 +58,17 @@ */ #include +#define USE_SOCKETS #include #include "ssl_locl.h" +#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) +#include +#endif + +static void get_current_time(struct timeval *t); const char dtls1_version_str[]="DTLSv1" OPENSSL_VERSION_PTEXT; +int dtls1_listen(SSL *s, struct sockaddr *client); SSL3_ENC_METHOD DTLSv1_enc_data={ dtls1_enc, @@ -114,6 +121,7 @@ int dtls1_new(SSL *s) d1->processed_rcds.q=pqueue_new(); d1->buffered_messages = pqueue_new(); d1->sent_messages=pqueue_new(); + d1->buffered_app_data.q=pqueue_new(); if ( s->server) { @@ -121,12 +129,13 @@ int dtls1_new(SSL *s) } if( ! d1->unprocessed_rcds.q || ! d1->processed_rcds.q - || ! d1->buffered_messages || ! d1->sent_messages) + || ! d1->buffered_messages || ! d1->sent_messages || ! d1->buffered_app_data.q) { if ( d1->unprocessed_rcds.q) pqueue_free(d1->unprocessed_rcds.q); if ( d1->processed_rcds.q) pqueue_free(d1->processed_rcds.q); if ( d1->buffered_messages) pqueue_free(d1->buffered_messages); if ( d1->sent_messages) pqueue_free(d1->sent_messages); + if ( d1->buffered_app_data.q) pqueue_free(d1->buffered_app_data.q); OPENSSL_free(d1); return (0); } @@ -175,6 +184,15 @@ void dtls1_free(SSL *s) } pqueue_free(s->d1->sent_messages); + while ( (item = pqueue_pop(s->d1->buffered_app_data.q)) != NULL) + { + frag = (hm_fragment *)item->data; + OPENSSL_free(frag->fragment); + OPENSSL_free(frag); + pitem_free(item); + } + pqueue_free(s->d1->buffered_app_data.q); + pq_64bit_free(&(s->d1->bitmap.map)); pq_64bit_free(&(s->d1->bitmap.max_seq_num)); @@ -187,7 +205,36 @@ void dtls1_free(SSL *s) void dtls1_clear(SSL *s) { ssl3_clear(s); - s->version=DTLS1_VERSION; + if (s->options & SSL_OP_CISCO_ANYCONNECT) + s->version=DTLS1_BAD_VER; + else + s->version=DTLS1_VERSION; + } + +long dtls1_ctrl(SSL *s, int cmd, long larg, void *parg) + { + int ret=0; + + switch (cmd) + { + case DTLS_CTRL_GET_TIMEOUT: + if (dtls1_get_timeout(s, (struct timeval*) parg) != NULL) + { + ret = 1; + } + break; + case DTLS_CTRL_HANDLE_TIMEOUT: + ret = dtls1_handle_timeout(s); + break; + case DTLS_CTRL_LISTEN: + ret = dtls1_listen(s, parg); + break; + + default: + ret = ssl3_ctrl(s, cmd, larg, parg); + break; + } + return(ret); } /* @@ -209,3 +256,151 @@ SSL_CIPHER *dtls1_get_cipher(unsigned int u) return ciph; } + +void dtls1_start_timer(SSL *s) + { + /* If timer is not set, initialize duration with 1 second */ + if (s->d1->next_timeout.tv_sec == 0 && s->d1->next_timeout.tv_usec == 0) + { + s->d1->timeout_duration = 1; + } + + /* Set timeout to current time */ + get_current_time(&(s->d1->next_timeout)); + + /* Add duration to current time */ + s->d1->next_timeout.tv_sec += s->d1->timeout_duration; + BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0, &(s->d1->next_timeout)); + } + +struct timeval* dtls1_get_timeout(SSL *s, struct timeval* timeleft) + { + struct timeval timenow; + + /* If no timeout is set, just return NULL */ + if (s->d1->next_timeout.tv_sec == 0 && s->d1->next_timeout.tv_usec == 0) + { + return NULL; + } + + /* Get current time */ + get_current_time(&timenow); + + /* If timer already expired, set remaining time to 0 */ + if (s->d1->next_timeout.tv_sec < timenow.tv_sec || + (s->d1->next_timeout.tv_sec == timenow.tv_sec && + s->d1->next_timeout.tv_usec <= timenow.tv_usec)) + { + memset(timeleft, 0, sizeof(struct timeval)); + return timeleft; + } + + /* Calculate time left until timer expires */ + memcpy(timeleft, &(s->d1->next_timeout), sizeof(struct timeval)); + timeleft->tv_sec -= timenow.tv_sec; + timeleft->tv_usec -= timenow.tv_usec; + if (timeleft->tv_usec < 0) + { + timeleft->tv_sec--; + timeleft->tv_usec += 1000000; + } + + return timeleft; + } + +int dtls1_is_timer_expired(SSL *s) + { + struct timeval timeleft; + + /* Get time left until timeout, return false if no timer running */ + if (dtls1_get_timeout(s, &timeleft) == NULL) + { + return 0; + } + + /* Return false if timer is not expired yet */ + if (timeleft.tv_sec > 0 || timeleft.tv_usec > 0) + { + return 0; + } + + /* Timer expired, so return true */ + return 1; + } + +void dtls1_double_timeout(SSL *s) + { + s->d1->timeout_duration *= 2; + if (s->d1->timeout_duration > 60) + s->d1->timeout_duration = 60; + dtls1_start_timer(s); + } + +void dtls1_stop_timer(SSL *s) + { + /* Reset everything */ + memset(&(s->d1->next_timeout), 0, sizeof(struct timeval)); + s->d1->timeout_duration = 1; + BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0, &(s->d1->next_timeout)); + } + +int dtls1_handle_timeout(SSL *s) + { + DTLS1_STATE *state; + + /* if no timer is expired, don't do anything */ + if (!dtls1_is_timer_expired(s)) + { + return 0; + } + + dtls1_double_timeout(s); + state = s->d1; + state->timeout.num_alerts++; + if ( state->timeout.num_alerts > DTLS1_TMO_ALERT_COUNT) + { + /* fail the connection, enough alerts have been sent */ + SSLerr(SSL_F_DTLS1_HANDLE_TIMEOUT,SSL_R_READ_TIMEOUT_EXPIRED); + return 0; + } + + state->timeout.read_timeouts++; + if ( state->timeout.read_timeouts > DTLS1_TMO_READ_COUNT) + { + state->timeout.read_timeouts = 1; + } + + dtls1_start_timer(s); + return dtls1_retransmit_buffered_messages(s); + } + +static void get_current_time(struct timeval *t) +{ +#ifdef OPENSSL_SYS_WIN32 + struct _timeb tb; + _ftime(&tb); + t->tv_sec = (long)tb.time; + t->tv_usec = (long)tb.millitm * 1000; +#elif defined(OPENSSL_SYS_VMS) + struct timeb tb; + ftime(&tb); + t->tv_sec = (long)tb.time; + t->tv_usec = (long)tb.millitm * 1000; +#else + gettimeofday(t, NULL); +#endif +} + +int dtls1_listen(SSL *s, struct sockaddr *client) + { + int ret; + + SSL_set_options(s, SSL_OP_COOKIE_EXCHANGE); + s->d1->listen = 1; + + ret = SSL_accept(s); + if (ret <= 0) return ret; + + (void) BIO_dgram_get_peer(SSL_get_rbio(s), client); + return 1; + } diff --git a/crypto/openssl/ssl/d1_pkt.c b/crypto/openssl/ssl/d1_pkt.c index eb56cf987b..ca2d73f02e 100644 --- a/crypto/openssl/ssl/d1_pkt.c +++ b/crypto/openssl/ssl/d1_pkt.c @@ -134,7 +134,7 @@ static int dtls1_record_needs_buffering(SSL *s, SSL3_RECORD *rr, unsigned short *priority, unsigned long *offset); #endif static int dtls1_buffer_record(SSL *s, record_pqueue *q, - PQ_64BIT priority); + PQ_64BIT *priority); static int dtls1_process_record(SSL *s); #if PQ_64BIT_IS_INTEGER static PQ_64BIT bytes_to_long_long(unsigned char *bytes, PQ_64BIT *num); @@ -162,13 +162,17 @@ dtls1_copy_record(SSL *s, pitem *item) static int -dtls1_buffer_record(SSL *s, record_pqueue *queue, PQ_64BIT priority) +dtls1_buffer_record(SSL *s, record_pqueue *queue, PQ_64BIT *priority) { DTLS1_RECORD_DATA *rdata; pitem *item; + /* Limit the size of the queue to prevent DOS attacks */ + if (pqueue_size(queue->q) >= 100) + return 0; + rdata = OPENSSL_malloc(sizeof(DTLS1_RECORD_DATA)); - item = pitem_new(priority, rdata); + item = pitem_new(*priority, rdata); if (rdata == NULL || item == NULL) { if (rdata != NULL) OPENSSL_free(rdata); @@ -263,7 +267,7 @@ dtls1_process_buffered_records(SSL *s) if ( ! dtls1_process_record(s)) return(0); dtls1_buffer_record(s, &(s->d1->processed_rcds), - s->s3->rrec.seq_num); + &s->s3->rrec.seq_num); } } @@ -482,11 +486,11 @@ err: /* used only by dtls1_read_bytes */ int dtls1_get_record(SSL *s) { - int ssl_major,ssl_minor,al; + int ssl_major,ssl_minor; int i,n; SSL3_RECORD *rr; SSL_SESSION *sess; - unsigned char *p; + unsigned char *p = NULL; unsigned short version; DTLS1_BITMAP *bitmap; unsigned int is_next_epoch; @@ -513,7 +517,12 @@ again: /* read timeout is handled by dtls1_read_bytes */ if (n <= 0) return(n); /* error or non-blocking */ - OPENSSL_assert(s->packet_length == DTLS1_RT_HEADER_LENGTH); + /* this packet contained a partial record, dump it */ + if (s->packet_length != DTLS1_RT_HEADER_LENGTH) + { + s->packet_length = 0; + goto again; + } s->rstate=SSL_ST_READ_BODY; @@ -538,27 +547,28 @@ again: { if (version != s->version && version != DTLS1_BAD_VER) { - SSLerr(SSL_F_DTLS1_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER); - /* Send back error using their - * version number :-) */ - s->version=version; - al=SSL_AD_PROTOCOL_VERSION; - goto f_err; + /* unexpected version, silently discard */ + rr->length = 0; + s->packet_length = 0; + goto again; } } if ((version & 0xff00) != (DTLS1_VERSION & 0xff00) && (version & 0xff00) != (DTLS1_BAD_VER & 0xff00)) { - SSLerr(SSL_F_DTLS1_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER); - goto err; + /* wrong version, silently discard record */ + rr->length = 0; + s->packet_length = 0; + goto again; } if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH) { - al=SSL_AD_RECORD_OVERFLOW; - SSLerr(SSL_F_DTLS1_GET_RECORD,SSL_R_PACKET_LENGTH_TOO_LONG); - goto f_err; + /* record too long, silently discard it */ + rr->length = 0; + s->packet_length = 0; + goto again; } s->client_version = version; @@ -577,6 +587,7 @@ again: /* this packet contained a partial record, dump it */ if ( n != i) { + rr->length = 0; s->packet_length = 0; goto again; } @@ -590,12 +601,20 @@ again: bitmap = dtls1_get_bitmap(s, rr, &is_next_epoch); if ( bitmap == NULL) { + rr->length = 0; s->packet_length = 0; /* dump this record */ goto again; /* get another record */ } - /* check whether this is a repeat, or aged record */ - if ( ! dtls1_record_replay_check(s, bitmap, &(rr->seq_num))) + /* Check whether this is a repeat, or aged record. + * Don't check if we're listening and this message is + * a ClientHello. They can look as if they're replayed, + * since they arrive from different connections and + * would be dropped unnecessarily. + */ + if (!(s->d1->listen && rr->type == SSL3_RT_HANDSHAKE && + *p == SSL3_MT_CLIENT_HELLO) && + ! dtls1_record_replay_check(s, bitmap, &(rr->seq_num))) { rr->length = 0; s->packet_length=0; /* dump this record */ @@ -612,7 +631,8 @@ again: if (is_next_epoch) { dtls1_record_bitmap_update(s, bitmap); - dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), rr->seq_num); + dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), &rr->seq_num); + rr->length = 0; s->packet_length = 0; goto again; } @@ -623,10 +643,6 @@ again: dtls1_clear_timeouts(s); /* done waiting */ return(1); -f_err: - ssl3_send_alert(s,SSL3_AL_FATAL,al); -err: - return(0); } /* Return up to 'len' payload bytes received in 'type' records. @@ -703,6 +719,27 @@ start: * s->s3->rrec.length, - number of bytes. */ rr = &(s->s3->rrec); + /* We are not handshaking and have no data yet, + * so process data buffered during the last handshake + * in advance, if any. + */ + if (s->state == SSL_ST_OK && rr->length == 0) + { + pitem *item; + item = pqueue_pop(s->d1->buffered_app_data.q); + if (item) + { + dtls1_copy_record(s, item); + + OPENSSL_free(item->data); + pitem_free(item); + } + } + + /* Check for timeout */ + if (dtls1_handle_timeout(s) > 0) + goto start; + /* get new packet if necessary */ if ((rr->length == 0) || (s->rstate == SSL_ST_READ_BODY)) { @@ -724,9 +761,14 @@ start: * reset by ssl3_get_finished */ && (rr->type != SSL3_RT_HANDSHAKE)) { - al=SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_DATA_BETWEEN_CCS_AND_FINISHED); - goto err; + /* We now have application data between CCS and Finished. + * Most likely the packets were reordered on their way, so + * buffer the application data for later processing rather + * than dropping the connection. + */ + dtls1_buffer_record(s, &(s->d1->buffered_app_data), 0); + rr->length = 0; + goto start; } /* If the other end has shut down, throw anything we read away @@ -796,15 +838,28 @@ start: dest = s->d1->alert_fragment; dest_len = &s->d1->alert_fragment_len; } - /* else it's a CCS message, or it's wrong */ - else if (rr->type != SSL3_RT_CHANGE_CIPHER_SPEC) - { - /* Not certain if this is the right error handling */ - al=SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_UNEXPECTED_RECORD); - goto f_err; - } + /* else it's a CCS message, or application data or wrong */ + else if (rr->type != SSL3_RT_CHANGE_CIPHER_SPEC) + { + /* Application data while renegotiating + * is allowed. Try again reading. + */ + if (rr->type == SSL3_RT_APPLICATION_DATA) + { + BIO *bio; + s->s3->in_read_app_data=2; + bio=SSL_get_rbio(s); + s->rwstate=SSL_READING; + BIO_clear_retry_flags(bio); + BIO_set_retry_read(bio); + return(-1); + } + /* Not certain if this is the right error handling */ + al=SSL_AD_UNEXPECTED_MESSAGE; + SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_UNEXPECTED_RECORD); + goto f_err; + } if (dest_maxlen > 0) { @@ -942,7 +997,9 @@ start: n2s(p, seq); n2l3(p, frag_off); - dtls1_retransmit_message(s, seq, frag_off, &found); + dtls1_retransmit_message(s, + dtls1_get_queue_priority(frag->msg_header.seq, 0), + frag_off, &found); if ( ! found && SSL_in_init(s)) { /* fprintf( stderr,"in init = %d\n", SSL_in_init(s)); */ @@ -987,15 +1044,17 @@ start: if (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC) { struct ccs_header_st ccs_hdr; + unsigned int ccs_hdr_len = DTLS1_CCS_HEADER_LENGTH; dtls1_get_ccs_header(rr->data, &ccs_hdr); /* 'Change Cipher Spec' is just a single byte, so we know * exactly what the record payload has to look like */ /* XDTLS: check that epoch is consistent */ - if ( (s->client_version == DTLS1_BAD_VER && rr->length != 3) || - (s->client_version != DTLS1_BAD_VER && rr->length != DTLS1_CCS_HEADER_LENGTH) || - (rr->off != 0) || (rr->data[0] != SSL3_MT_CCS)) + if (s->client_version == DTLS1_BAD_VER || s->version == DTLS1_BAD_VER) + ccs_hdr_len = 3; + + if ((rr->length != ccs_hdr_len) || (rr->off != 0) || (rr->data[0] != SSL3_MT_CCS)) { i=SSL_AD_ILLEGAL_PARAMETER; SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_BAD_CHANGE_CIPHER_SPEC); @@ -1008,6 +1067,16 @@ start: s->msg_callback(0, s->version, SSL3_RT_CHANGE_CIPHER_SPEC, rr->data, 1, s, s->msg_callback_arg); + /* We can't process a CCS now, because previous handshake + * messages are still missing, so just drop it. + */ + if (!s->d1->change_cipher_spec_ok) + { + goto start; + } + + s->d1->change_cipher_spec_ok = 0; + s->s3->change_cipher_spec=1; if (!ssl3_do_change_cipher_spec(s)) goto err; @@ -1035,6 +1104,16 @@ start: goto start; } + /* If we are server, we may have a repeated FINISHED of the + * client here, then retransmit our CCS and FINISHED. + */ + if (msg_hdr.type == SSL3_MT_FINISHED) + { + dtls1_retransmit_buffered_messages(s); + rr->length = 0; + goto start; + } + if (((s->state&SSL_ST_MASK) == SSL_ST_OK) && !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)) { @@ -1141,7 +1220,6 @@ err: int dtls1_write_app_data_bytes(SSL *s, int type, const void *buf_, int len) { - unsigned int n,tot; int i; if (SSL_in_init(s) && !s->in_handshake) @@ -1155,31 +1233,14 @@ dtls1_write_app_data_bytes(SSL *s, int type, const void *buf_, int len) } } - tot = s->s3->wnum; - n = len - tot; - - while( n) + if (len > SSL3_RT_MAX_PLAIN_LENGTH) { - /* dtls1_write_bytes sends one record at a time, sized according to - * the currently known MTU */ - i = dtls1_write_bytes(s, type, buf_, len); - if (i <= 0) return i; - - if ((i == (int)n) || - (type == SSL3_RT_APPLICATION_DATA && - (s->mode & SSL_MODE_ENABLE_PARTIAL_WRITE))) - { - /* next chunk of data should get another prepended empty fragment - * in ciphersuites with known-IV weakness: */ - s->s3->empty_fragment_done = 0; - return tot+i; - } - - tot += i; - n-=i; + SSLerr(SSL_F_DTLS1_WRITE_APP_DATA_BYTES,SSL_R_DTLS_MESSAGE_TOO_BIG); + return -1; } - return tot; + i = dtls1_write_bytes(s, type, buf_, len); + return i; } @@ -1220,46 +1281,13 @@ have_handshake_fragment(SSL *s, int type, unsigned char *buf, /* Call this to write data in records of type 'type' * It will return <= 0 if not all data has been sent or non-blocking IO. */ -int dtls1_write_bytes(SSL *s, int type, const void *buf_, int len) +int dtls1_write_bytes(SSL *s, int type, const void *buf, int len) { - const unsigned char *buf=buf_; - unsigned int tot,n,nw; int i; - unsigned int mtu; + OPENSSL_assert(len <= SSL3_RT_MAX_PLAIN_LENGTH); s->rwstate=SSL_NOTHING; - tot=s->s3->wnum; - - n=(len-tot); - - /* handshake layer figures out MTU for itself, but data records - * are also sent through this interface, so need to figure out MTU */ -#if 0 - mtu = BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_GET_MTU, 0, NULL); - mtu += DTLS1_HM_HEADER_LENGTH; /* HM already inserted */ -#endif - mtu = s->d1->mtu; - - if (mtu > SSL3_RT_MAX_PLAIN_LENGTH) - mtu = SSL3_RT_MAX_PLAIN_LENGTH; - - if (n > mtu) - nw=mtu; - else - nw=n; - - i=do_dtls1_write(s, type, &(buf[tot]), nw, 0); - if (i <= 0) - { - s->s3->wnum=tot; - return i; - } - - if ( (int)s->s3->wnum + i == len) - s->s3->wnum = 0; - else - s->s3->wnum += i; - + i=do_dtls1_write(s, type, buf, len, 0); return i; } @@ -1311,7 +1339,7 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len, #if 0 /* 'create_empty_fragment' is true only when this function calls itself */ if (!clear && !create_empty_fragment && !s->s3->empty_fragment_done - && SSL_version(s) != DTLS1_VERSION) + && SSL_version(s) != DTLS1_VERSION && SSL_version(s) != DTLS1_BAD_VER) { /* countermeasure against known-IV weakness in CBC ciphersuites * (see http://www.openssl.org/~bodo/tls-cbc.txt) @@ -1758,6 +1786,7 @@ dtls1_reset_seq_numbers(SSL *s, int rw) else { seq = s->s3->write_sequence; + memcpy(s->d1->last_write_sequence, seq, sizeof(s->s3->write_sequence)); s->d1->w_epoch++; } diff --git a/crypto/openssl/ssl/d1_srvr.c b/crypto/openssl/ssl/d1_srvr.c index 0bbf8ae7f3..5b313664dd 100644 --- a/crypto/openssl/ssl/d1_srvr.c +++ b/crypto/openssl/ssl/d1_srvr.c @@ -146,7 +146,6 @@ int dtls1_accept(SSL *s) BUF_MEM *buf; unsigned long l,Time=(unsigned long)time(NULL); void (*cb)(const SSL *ssl,int type,int val)=NULL; - long num1; int ret= -1; int new_state,state,skip=0; @@ -236,17 +235,13 @@ int dtls1_accept(SSL *s) s->state=SSL3_ST_SW_HELLO_REQ_A; } - if ( (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE)) - s->d1->send_cookie = 1; - else - s->d1->send_cookie = 0; - break; case SSL3_ST_SW_HELLO_REQ_A: case SSL3_ST_SW_HELLO_REQ_B: s->shutdown=0; + dtls1_start_timer(s); ret=dtls1_send_hello_request(s); if (ret <= 0) goto end; s->s3->tmp.next_state=SSL3_ST_SW_HELLO_REQ_C; @@ -267,22 +262,31 @@ int dtls1_accept(SSL *s) s->shutdown=0; ret=ssl3_get_client_hello(s); if (ret <= 0) goto end; - s->new_session = 2; + dtls1_stop_timer(s); - if ( s->d1->send_cookie) + if (ret == 1 && (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE)) s->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A; else s->state = SSL3_ST_SW_SRVR_HELLO_A; s->init_num=0; + + /* If we're just listening, stop here */ + if (s->d1->listen && s->state == SSL3_ST_SW_SRVR_HELLO_A) + { + ret = 2; + s->d1->listen = 0; + goto end; + } + break; case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A: case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B: + dtls1_start_timer(s); ret = dtls1_send_hello_verify_request(s); if ( ret <= 0) goto end; - s->d1->send_cookie = 0; s->state=SSL3_ST_SW_FLUSH; s->s3->tmp.next_state=SSL3_ST_SR_CLNT_HELLO_A; @@ -293,11 +297,23 @@ int dtls1_accept(SSL *s) case SSL3_ST_SW_SRVR_HELLO_A: case SSL3_ST_SW_SRVR_HELLO_B: + s->new_session = 2; + dtls1_start_timer(s); ret=dtls1_send_server_hello(s); if (ret <= 0) goto end; +#ifndef OPENSSL_NO_TLSEXT if (s->hit) - s->state=SSL3_ST_SW_CHANGE_A; + { + if (s->tlsext_ticket_expected) + s->state=SSL3_ST_SW_SESSION_TICKET_A; + else + s->state=SSL3_ST_SW_CHANGE_A; + } +#else + if (s->hit) + s->state=SSL3_ST_SW_CHANGE_A; +#endif else s->state=SSL3_ST_SW_CERT_A; s->init_num=0; @@ -308,12 +324,27 @@ int dtls1_accept(SSL *s) /* Check if it is anon DH */ if (!(s->s3->tmp.new_cipher->algorithms & SSL_aNULL)) { + dtls1_start_timer(s); ret=dtls1_send_server_certificate(s); if (ret <= 0) goto end; +#ifndef OPENSSL_NO_TLSEXT + if (s->tlsext_status_expected) + s->state=SSL3_ST_SW_CERT_STATUS_A; + else + s->state=SSL3_ST_SW_KEY_EXCH_A; + } + else + { + skip = 1; + s->state=SSL3_ST_SW_KEY_EXCH_A; + } +#else } else skip=1; + s->state=SSL3_ST_SW_KEY_EXCH_A; +#endif s->init_num=0; break; @@ -349,6 +380,7 @@ int dtls1_accept(SSL *s) ) ) { + dtls1_start_timer(s); ret=dtls1_send_server_key_exchange(s); if (ret <= 0) goto end; } @@ -385,6 +417,7 @@ int dtls1_accept(SSL *s) else { s->s3->tmp.cert_request=1; + dtls1_start_timer(s); ret=dtls1_send_certificate_request(s); if (ret <= 0) goto end; #ifndef NETSCAPE_HANG_BUG @@ -399,6 +432,7 @@ int dtls1_accept(SSL *s) case SSL3_ST_SW_SRVR_DONE_A: case SSL3_ST_SW_SRVR_DONE_B: + dtls1_start_timer(s); ret=dtls1_send_server_done(s); if (ret <= 0) goto end; s->s3->tmp.next_state=SSL3_ST_SR_CERT_A; @@ -407,16 +441,13 @@ int dtls1_accept(SSL *s) break; case SSL3_ST_SW_FLUSH: - /* number of bytes to be flushed */ - num1=BIO_ctrl(s->wbio,BIO_CTRL_INFO,0,NULL); - if (num1 > 0) + s->rwstate=SSL_WRITING; + if (BIO_flush(s->wbio) <= 0) { - s->rwstate=SSL_WRITING; - num1=BIO_flush(s->wbio); - if (num1 <= 0) { ret= -1; goto end; } - s->rwstate=SSL_NOTHING; + ret= -1; + goto end; } - + s->rwstate=SSL_NOTHING; s->state=s->s3->tmp.next_state; break; @@ -426,6 +457,7 @@ int dtls1_accept(SSL *s) ret = ssl3_check_client_hello(s); if (ret <= 0) goto end; + dtls1_stop_timer(s); if (ret == 2) s->state = SSL3_ST_SR_CLNT_HELLO_C; else { @@ -433,6 +465,7 @@ int dtls1_accept(SSL *s) * have not asked for it :-) */ ret=ssl3_get_client_certificate(s); if (ret <= 0) goto end; + dtls1_stop_timer(s); s->init_num=0; s->state=SSL3_ST_SR_KEY_EXCH_A; } @@ -442,6 +475,7 @@ int dtls1_accept(SSL *s) case SSL3_ST_SR_KEY_EXCH_B: ret=ssl3_get_client_key_exchange(s); if (ret <= 0) goto end; + dtls1_stop_timer(s); s->state=SSL3_ST_SR_CERT_VRFY_A; s->init_num=0; @@ -459,9 +493,11 @@ int dtls1_accept(SSL *s) case SSL3_ST_SR_CERT_VRFY_A: case SSL3_ST_SR_CERT_VRFY_B: + s->d1->change_cipher_spec_ok = 1; /* we should decide if we expected this one */ ret=ssl3_get_cert_verify(s); if (ret <= 0) goto end; + dtls1_stop_timer(s); s->state=SSL3_ST_SR_FINISHED_A; s->init_num=0; @@ -469,16 +505,41 @@ int dtls1_accept(SSL *s) case SSL3_ST_SR_FINISHED_A: case SSL3_ST_SR_FINISHED_B: + s->d1->change_cipher_spec_ok = 1; ret=ssl3_get_finished(s,SSL3_ST_SR_FINISHED_A, SSL3_ST_SR_FINISHED_B); if (ret <= 0) goto end; + dtls1_stop_timer(s); if (s->hit) s->state=SSL_ST_OK; +#ifndef OPENSSL_NO_TLSEXT + else if (s->tlsext_ticket_expected) + s->state=SSL3_ST_SW_SESSION_TICKET_A; +#endif else s->state=SSL3_ST_SW_CHANGE_A; s->init_num=0; break; +#ifndef OPENSSL_NO_TLSEXT + case SSL3_ST_SW_SESSION_TICKET_A: + case SSL3_ST_SW_SESSION_TICKET_B: + ret=dtls1_send_newsession_ticket(s); + if (ret <= 0) goto end; + s->state=SSL3_ST_SW_CHANGE_A; + s->init_num=0; + break; + + case SSL3_ST_SW_CERT_STATUS_A: + case SSL3_ST_SW_CERT_STATUS_B: + ret=ssl3_send_cert_status(s); + if (ret <= 0) goto end; + s->state=SSL3_ST_SW_KEY_EXCH_A; + s->init_num=0; + break; + +#endif + case SSL3_ST_SW_CHANGE_A: case SSL3_ST_SW_CHANGE_B: @@ -554,6 +615,7 @@ int dtls1_accept(SSL *s) s->d1->handshake_read_seq = 0; /* next message is server hello */ s->d1->handshake_write_seq = 0; + s->d1->next_handshake_write_seq = 0; goto end; /* break; */ @@ -631,15 +693,13 @@ int dtls1_send_hello_verify_request(SSL *s) *(p++) = s->version >> 8, *(p++) = s->version & 0xFF; - if (s->ctx->app_gen_cookie_cb != NULL && - s->ctx->app_gen_cookie_cb(s, s->d1->cookie, - &(s->d1->cookie_len)) == 0) + if (s->ctx->app_gen_cookie_cb == NULL || + s->ctx->app_gen_cookie_cb(s, s->d1->cookie, + &(s->d1->cookie_len)) == 0) { SSLerr(SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST,ERR_R_INTERNAL_ERROR); return 0; } - /* else the cookie is assumed to have - * been initialized by the application */ *(p++) = (unsigned char) s->d1->cookie_len; memcpy(p, s->d1->cookie, s->d1->cookie_len); @@ -713,6 +773,8 @@ int dtls1_send_server_hello(SSL *s) p+=sl; /* put the cipher */ + if (s->s3->tmp.new_cipher == NULL) + return -1; i=ssl3_put_cipher_by_char(s->s3->tmp.new_cipher,p); p+=i; @@ -726,6 +788,14 @@ int dtls1_send_server_hello(SSL *s) *(p++)=s->s3->tmp.new_compression->id; #endif +#ifndef OPENSSL_NO_TLSEXT + if ((p = ssl_add_serverhello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) + { + SSLerr(SSL_F_DTLS1_SEND_SERVER_HELLO,ERR_R_INTERNAL_ERROR); + return -1; + } +#endif + /* do the header */ l=(p-d); d=buf; @@ -1145,3 +1215,115 @@ int dtls1_send_server_certificate(SSL *s) /* SSL3_ST_SW_CERT_B */ return(dtls1_do_write(s,SSL3_RT_HANDSHAKE)); } + +#ifndef OPENSSL_NO_TLSEXT +int dtls1_send_newsession_ticket(SSL *s) + { + if (s->state == SSL3_ST_SW_SESSION_TICKET_A) + { + unsigned char *p, *senc, *macstart; + int len, slen; + unsigned int hlen, msg_len; + EVP_CIPHER_CTX ctx; + HMAC_CTX hctx; + SSL_CTX *tctx = s->initial_ctx; + unsigned char iv[EVP_MAX_IV_LENGTH]; + unsigned char key_name[16]; + + /* get session encoding length */ + slen = i2d_SSL_SESSION(s->session, NULL); + /* Some length values are 16 bits, so forget it if session is + * too long + */ + if (slen > 0xFF00) + return -1; + /* Grow buffer if need be: the length calculation is as + * follows 12 (DTLS handshake message header) + + * 4 (ticket lifetime hint) + 2 (ticket length) + + * 16 (key name) + max_iv_len (iv length) + + * session_length + max_enc_block_size (max encrypted session + * length) + max_md_size (HMAC). + */ + if (!BUF_MEM_grow(s->init_buf, + DTLS1_HM_HEADER_LENGTH + 22 + EVP_MAX_IV_LENGTH + + EVP_MAX_BLOCK_LENGTH + EVP_MAX_MD_SIZE + slen)) + return -1; + senc = OPENSSL_malloc(slen); + if (!senc) + return -1; + p = senc; + i2d_SSL_SESSION(s->session, &p); + + p=(unsigned char *)&(s->init_buf->data[DTLS1_HM_HEADER_LENGTH]); + EVP_CIPHER_CTX_init(&ctx); + HMAC_CTX_init(&hctx); + /* Initialize HMAC and cipher contexts. If callback present + * it does all the work otherwise use generated values + * from parent ctx. + */ + if (tctx->tlsext_ticket_key_cb) + { + if (tctx->tlsext_ticket_key_cb(s, key_name, iv, &ctx, + &hctx, 1) < 0) + { + OPENSSL_free(senc); + return -1; + } + } + else + { + RAND_pseudo_bytes(iv, 16); + EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, + tctx->tlsext_tick_aes_key, iv); + HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16, + tlsext_tick_md(), NULL); + memcpy(key_name, tctx->tlsext_tick_key_name, 16); + } + l2n(s->session->tlsext_tick_lifetime_hint, p); + /* Skip ticket length for now */ + p += 2; + /* Output key name */ + macstart = p; + memcpy(p, key_name, 16); + p += 16; + /* output IV */ + memcpy(p, iv, EVP_CIPHER_CTX_iv_length(&ctx)); + p += EVP_CIPHER_CTX_iv_length(&ctx); + /* Encrypt session data */ + EVP_EncryptUpdate(&ctx, p, &len, senc, slen); + p += len; + EVP_EncryptFinal(&ctx, p, &len); + p += len; + EVP_CIPHER_CTX_cleanup(&ctx); + + HMAC_Update(&hctx, macstart, p - macstart); + HMAC_Final(&hctx, p, &hlen); + HMAC_CTX_cleanup(&hctx); + + p += hlen; + /* Now write out lengths: p points to end of data written */ + /* Total length */ + len = p - (unsigned char *)(s->init_buf->data); + /* Ticket length */ + p=(unsigned char *)&(s->init_buf->data[DTLS1_HM_HEADER_LENGTH]) + 4; + s2n(len - DTLS1_HM_HEADER_LENGTH - 6, p); + + /* number of bytes to write */ + s->init_num= len; + s->state=SSL3_ST_SW_SESSION_TICKET_B; + s->init_off=0; + OPENSSL_free(senc); + + /* XDTLS: set message header ? */ + msg_len = s->init_num - DTLS1_HM_HEADER_LENGTH; + dtls1_set_message_header(s, (void *)s->init_buf->data, + SSL3_MT_NEWSESSION_TICKET, msg_len, 0, msg_len); + + /* buffer the message to handle re-xmits */ + dtls1_buffer_message(s, 0); + } + + /* SSL3_ST_SW_SESSION_TICKET_B */ + return(dtls1_do_write(s,SSL3_RT_HANDSHAKE)); + } +#endif diff --git a/crypto/openssl/ssl/dtls1.h b/crypto/openssl/ssl/dtls1.h index f159d37110..a8ce51ac3e 100644 --- a/crypto/openssl/ssl/dtls1.h +++ b/crypto/openssl/ssl/dtls1.h @@ -62,6 +62,18 @@ #include #include +#ifdef OPENSSL_SYS_VMS +#include +#include +#endif +#ifdef OPENSSL_SYS_WIN32 +/* Needed for struct timeval */ +#include +#elif defined(OPENSSL_SYS_NETWARE) && !defined(_WINSOCK2API_) +#include +#else +#include +#endif #ifdef __cplusplus extern "C" { @@ -76,7 +88,7 @@ extern "C" { #endif /* lengths of messages */ -#define DTLS1_COOKIE_LENGTH 32 +#define DTLS1_COOKIE_LENGTH 256 #define DTLS1_RT_HEADER_LENGTH 13 @@ -101,6 +113,19 @@ typedef struct dtls1_bitmap_st PQ_64BIT max_seq_num; /* max record number seen so far */ } DTLS1_BITMAP; +struct dtls1_retransmit_state + { + EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */ + const EVP_MD *write_hash; /* used for mac generation */ +#ifndef OPENSSL_NO_COMP + COMP_CTX *compress; /* compression */ +#else + char *compress; +#endif + SSL_SESSION *session; + unsigned short epoch; + }; + struct hm_header_st { unsigned char type; @@ -109,6 +134,7 @@ struct hm_header_st unsigned long frag_off; unsigned long frag_len; unsigned int is_ccs; + struct dtls1_retransmit_state saved_retransmit_state; }; struct ccs_header_st @@ -168,6 +194,9 @@ typedef struct dtls1_state_st unsigned short handshake_read_seq; + /* save last sequence number for retransmissions */ + unsigned char last_write_sequence[8]; + /* Received handshake records (processed and unprocessed) */ record_pqueue unprocessed_rcds; record_pqueue processed_rcds; @@ -178,13 +207,29 @@ typedef struct dtls1_state_st /* Buffered (sent) handshake records */ pqueue sent_messages; - unsigned int mtu; /* max wire packet size */ + /* Buffered application records. + * Only for records between CCS and Finished + * to prevent either protocol violation or + * unnecessary message loss. + */ + record_pqueue buffered_app_data; + + /* Is set when listening for new connections with dtls1_listen() */ + unsigned int listen; + + unsigned int mtu; /* max DTLS packet size */ struct hm_header_st w_msg_hdr; struct hm_header_st r_msg_hdr; struct dtls1_timeout_st timeout; - + + /* Indicates when the last handshake msg sent will timeout */ + struct timeval next_timeout; + + /* Timeout duration */ + unsigned short timeout_duration; + /* storage for Alert/Handshake protocol data received but not * yet processed by ssl3_read_bytes: */ unsigned char alert_fragment[DTLS1_AL_HEADER_LENGTH]; @@ -193,6 +238,7 @@ typedef struct dtls1_state_st unsigned int handshake_fragment_len; unsigned int retransmitting; + unsigned int change_cipher_spec_ok; } DTLS1_STATE; diff --git a/crypto/openssl/ssl/kssl.c b/crypto/openssl/ssl/kssl.c index 019030ae3c..73401c92a3 100644 --- a/crypto/openssl/ssl/kssl.c +++ b/crypto/openssl/ssl/kssl.c @@ -68,11 +68,6 @@ #include -#define _XOPEN_SOURCE 500 /* glibc2 needs this to declare strptime() */ -#include -#if 0 /* experimental */ -#undef _XOPEN_SOURCE /* To avoid clashes with anything else... */ -#endif #include #define KRB5_PRIVATE 1 diff --git a/crypto/openssl/ssl/s23_clnt.c b/crypto/openssl/ssl/s23_clnt.c index bc918170e1..de0238935a 100644 --- a/crypto/openssl/ssl/s23_clnt.c +++ b/crypto/openssl/ssl/s23_clnt.c @@ -202,11 +202,14 @@ static int ssl23_client_hello(SSL *s) { unsigned char *buf; unsigned char *p,*d; - int i,j,ch_len; + int i,ch_len; unsigned long Time,l; int ssl2_compat; int version = 0, version_major, version_minor; +#ifndef OPENSSL_NO_COMP + int j; SSL_COMP *comp; +#endif int ret; ssl2_compat = (s->options & SSL_OP_NO_SSLv2) ? 0 : 1; diff --git a/crypto/openssl/ssl/s23_srvr.c b/crypto/openssl/ssl/s23_srvr.c index ba06e7ae2e..be05911e96 100644 --- a/crypto/openssl/ssl/s23_srvr.c +++ b/crypto/openssl/ssl/s23_srvr.c @@ -315,7 +315,7 @@ int ssl23_get_client_hello(SSL *s) (p[1] == SSL3_VERSION_MAJOR) && (p[5] == SSL3_MT_CLIENT_HELLO) && ((p[3] == 0 && p[4] < 5 /* silly record length? */) - || (p[9] == p[1]))) + || (p[9] >= p[1]))) { /* * SSLv3 or tls1 header @@ -339,6 +339,13 @@ int ssl23_get_client_hello(SSL *s) v[1] = TLS1_VERSION_MINOR; #endif } + /* if major version number > 3 set minor to a value + * which will use the highest version 3 we support. + * If TLS 2.0 ever appears we will need to revise + * this.... + */ + else if (p[9] > SSL3_VERSION_MAJOR) + v[1]=0xff; else v[1]=p[10]; /* minor version according to client_version */ if (v[1] >= TLS1_VERSION_MINOR) diff --git a/crypto/openssl/ssl/s2_srvr.c b/crypto/openssl/ssl/s2_srvr.c index 50d55e6bf1..01d62fad11 100644 --- a/crypto/openssl/ssl/s2_srvr.c +++ b/crypto/openssl/ssl/s2_srvr.c @@ -267,7 +267,7 @@ int ssl2_accept(SSL *s) case SSL2_ST_SEND_SERVER_VERIFY_C: /* get the number of bytes to write */ num1=BIO_ctrl(s->wbio,BIO_CTRL_INFO,0,NULL); - if (num1 != 0) + if (num1 > 0) { s->rwstate=SSL_WRITING; num1=BIO_flush(s->wbio); diff --git a/crypto/openssl/ssl/s3_both.c b/crypto/openssl/ssl/s3_both.c index 2ecfbb77cb..7f462250c7 100644 --- a/crypto/openssl/ssl/s3_both.c +++ b/crypto/openssl/ssl/s3_both.c @@ -168,6 +168,23 @@ int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen) p+=i; l=i; + /* Copy the finished so we can use it for + renegotiation checks */ + if(s->type == SSL_ST_CONNECT) + { + OPENSSL_assert(i <= EVP_MAX_MD_SIZE); + memcpy(s->s3->previous_client_finished, + s->s3->tmp.finish_md, i); + s->s3->previous_client_finished_len=i; + } + else + { + OPENSSL_assert(i <= EVP_MAX_MD_SIZE); + memcpy(s->s3->previous_server_finished, + s->s3->tmp.finish_md, i); + s->s3->previous_server_finished_len=i; + } + #ifdef OPENSSL_SYS_WIN16 /* MSVC 1.5 does not clear the top bytes of the word unless * I do this. @@ -232,6 +249,23 @@ int ssl3_get_finished(SSL *s, int a, int b) goto f_err; } + /* Copy the finished so we can use it for + renegotiation checks */ + if(s->type == SSL_ST_ACCEPT) + { + OPENSSL_assert(i <= EVP_MAX_MD_SIZE); + memcpy(s->s3->previous_client_finished, + s->s3->tmp.peer_finish_md, i); + s->s3->previous_client_finished_len=i; + } + else + { + OPENSSL_assert(i <= EVP_MAX_MD_SIZE); + memcpy(s->s3->previous_server_finished, + s->s3->tmp.peer_finish_md, i); + s->s3->previous_server_finished_len=i; + } + return(1); f_err: ssl3_send_alert(s,SSL3_AL_FATAL,al); @@ -264,15 +298,31 @@ int ssl3_send_change_cipher_spec(SSL *s, int a, int b) return(ssl3_do_write(s,SSL3_RT_CHANGE_CIPHER_SPEC)); } +static int ssl3_add_cert_to_buf(BUF_MEM *buf, unsigned long *l, X509 *x) + { + int n; + unsigned char *p; + + n=i2d_X509(x,NULL); + if (!BUF_MEM_grow_clean(buf,(int)(n+(*l)+3))) + { + SSLerr(SSL_F_SSL3_ADD_CERT_TO_BUF,ERR_R_BUF_LIB); + return(-1); + } + p=(unsigned char *)&(buf->data[*l]); + l2n3(n,p); + i2d_X509(x,&p); + *l+=n+3; + + return(0); + } + unsigned long ssl3_output_cert_chain(SSL *s, X509 *x) { unsigned char *p; - int n,i; + int i; unsigned long l=7; BUF_MEM *buf; - X509_STORE_CTX xs_ctx; - X509_OBJECT obj; - int no_chain; if ((s->mode & SSL_MODE_NO_AUTO_CHAIN) || s->ctx->extra_certs) @@ -289,58 +339,40 @@ unsigned long ssl3_output_cert_chain(SSL *s, X509 *x) } if (x != NULL) { - if(!no_chain && !X509_STORE_CTX_init(&xs_ctx,s->ctx->cert_store,NULL,NULL)) + if (no_chain) { - SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_X509_LIB); - return(0); + if (ssl3_add_cert_to_buf(buf, &l, x)) + return(0); } - - for (;;) + else { - n=i2d_X509(x,NULL); - if (!BUF_MEM_grow_clean(buf,(int)(n+l+3))) + X509_STORE_CTX xs_ctx; + + if (!X509_STORE_CTX_init(&xs_ctx,s->ctx->cert_store,x,NULL)) { - SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB); + SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_X509_LIB); return(0); } - p=(unsigned char *)&(buf->data[l]); - l2n3(n,p); - i2d_X509(x,&p); - l+=n+3; - - if (no_chain) - break; - - if (X509_NAME_cmp(X509_get_subject_name(x), - X509_get_issuer_name(x)) == 0) break; - - i=X509_STORE_get_by_subject(&xs_ctx,X509_LU_X509, - X509_get_issuer_name(x),&obj); - if (i <= 0) break; - x=obj.data.x509; - /* Count is one too high since the X509_STORE_get uped the - * ref count */ - X509_free(x); - } - if (!no_chain) + X509_verify_cert(&xs_ctx); + for (i=0; i < sk_X509_num(xs_ctx.chain); i++) + { + x = sk_X509_value(xs_ctx.chain, i); + + if (ssl3_add_cert_to_buf(buf, &l, x)) + { + X509_STORE_CTX_cleanup(&xs_ctx); + return 0; + } + } X509_STORE_CTX_cleanup(&xs_ctx); + } } - /* Thawte special :-) */ - if (s->ctx->extra_certs != NULL) for (i=0; ictx->extra_certs); i++) { x=sk_X509_value(s->ctx->extra_certs,i); - n=i2d_X509(x,NULL); - if (!BUF_MEM_grow_clean(buf,(int)(n+l+3))) - { - SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB); + if (ssl3_add_cert_to_buf(buf, &l, x)) return(0); - } - p=(unsigned char *)&(buf->data[l]); - l2n3(n,p); - i2d_X509(x,&p); - l+=n+3; } l-=7; @@ -589,9 +621,14 @@ int ssl_verify_alarm_type(long type) int ssl3_setup_buffers(SSL *s) { unsigned char *p; - unsigned int extra; + unsigned int extra,headerlen; size_t len; + if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER) + headerlen = DTLS1_RT_HEADER_LENGTH; + else + headerlen = SSL3_RT_HEADER_LENGTH; + if (s->s3->rbuf.buf == NULL) { if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER) @@ -608,7 +645,7 @@ int ssl3_setup_buffers(SSL *s) if (s->s3->wbuf.buf == NULL) { len = SSL3_RT_MAX_PACKET_SIZE; - len += SSL3_RT_HEADER_LENGTH + 256; /* extra space for empty fragment */ + len += headerlen + 256; /* extra space for empty fragment */ if ((p=OPENSSL_malloc(len)) == NULL) goto err; s->s3->wbuf.buf = p; diff --git a/crypto/openssl/ssl/s3_clnt.c b/crypto/openssl/ssl/s3_clnt.c index 50308487aa..e5138b6e5e 100644 --- a/crypto/openssl/ssl/s3_clnt.c +++ b/crypto/openssl/ssl/s3_clnt.c @@ -144,9 +144,6 @@ static SSL_METHOD *ssl3_get_client_method(int ver); static int ca_dn_cmp(const X509_NAME * const *a,const X509_NAME * const *b); -#ifndef OPENSSL_NO_TLSEXT -static int ssl3_check_finished(SSL *s); -#endif #ifndef OPENSSL_NO_ECDH static int curve_id2nid(int curve_id); @@ -170,7 +167,6 @@ int ssl3_connect(SSL *s) { BUF_MEM *buf=NULL; unsigned long Time=(unsigned long)time(NULL),l; - long num1; void (*cb)(const SSL *ssl,int type,int val)=NULL; int ret= -1; int new_state,state,skip=0; @@ -499,16 +495,13 @@ int ssl3_connect(SSL *s) break; case SSL3_ST_CW_FLUSH: - /* number of bytes to be flushed */ - num1=BIO_ctrl(s->wbio,BIO_CTRL_INFO,0,NULL); - if (num1 > 0) + s->rwstate=SSL_WRITING; + if (BIO_flush(s->wbio) <= 0) { - s->rwstate=SSL_WRITING; - num1=BIO_flush(s->wbio); - if (num1 <= 0) { ret= -1; goto end; } - s->rwstate=SSL_NOTHING; + ret= -1; + goto end; } - + s->rwstate=SSL_NOTHING; s->state=s->s3->tmp.next_state; break; @@ -594,9 +587,15 @@ int ssl3_client_hello(SSL *s) buf=(unsigned char *)s->init_buf->data; if (s->state == SSL3_ST_CW_CLNT_HELLO_A) { - if ((s->session == NULL) || - (s->session->ssl_version != s->version) || - (s->session->not_resumable)) + SSL_SESSION *sess = s->session; + if ((sess == NULL) || + (sess->ssl_version != s->version) || +#ifdef OPENSSL_NO_TLSEXT + !sess->session_id_length || +#else + (!sess->session_id_length && !sess->tlsext_tick) || +#endif + (sess->not_resumable)) { if (!ssl_get_new_session(s,0)) goto err; @@ -708,7 +707,7 @@ int ssl3_get_server_hello(SSL *s) if (!ok) return((int)n); - if ( SSL_version(s) == DTLS1_VERSION) + if ( SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER) { if ( s->s3->tmp.message_type == DTLS1_MT_HELLO_VERIFY_REQUEST) { @@ -855,7 +854,7 @@ int ssl3_get_server_hello(SSL *s) #endif #ifndef OPENSSL_NO_TLSEXT /* TLS extensions*/ - if (s->version > SSL3_VERSION) + if (s->version >= SSL3_VERSION) { if (!ssl_parse_serverhello_tlsext(s,&p,d,n, &al)) { @@ -1715,6 +1714,7 @@ int ssl3_get_new_session_ticket(SSL *s) SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,SSL_R_LENGTH_MISMATCH); goto f_err; } + p=d=(unsigned char *)s->init_msg; n2l(p, s->session->tlsext_tick_lifetime_hint); n2s(p, ticklen); @@ -1738,7 +1738,28 @@ int ssl3_get_new_session_ticket(SSL *s) } memcpy(s->session->tlsext_tick, p, ticklen); s->session->tlsext_ticklen = ticklen; - + /* There are two ways to detect a resumed ticket sesion. + * One is to set an appropriate session ID and then the server + * must return a match in ServerHello. This allows the normal + * client session ID matching to work and we know much + * earlier that the ticket has been accepted. + * + * The other way is to set zero length session ID when the + * ticket is presented and rely on the handshake to determine + * session resumption. + * + * We choose the former approach because this fits in with + * assumptions elsewhere in OpenSSL. The session ID is set + * to the SHA256 (or SHA1 is SHA256 is disabled) hash of the + * ticket. + */ + EVP_Digest(p, ticklen, + s->session->session_id, &s->session->session_id_length, +#ifndef OPENSSL_NO_SHA256 + EVP_sha256(), NULL); +#else + EVP_sha1(), NULL); +#endif ret=1; return(ret); f_err: @@ -2697,7 +2718,7 @@ static int curve_id2nid(int curve_id) */ #ifndef OPENSSL_NO_TLSEXT -static int ssl3_check_finished(SSL *s) +int ssl3_check_finished(SSL *s) { int ok; long n; diff --git a/crypto/openssl/ssl/s3_lib.c b/crypto/openssl/ssl/s3_lib.c index 5aa7bb21da..8fa4ab02c3 100644 --- a/crypto/openssl/ssl/s3_lib.c +++ b/crypto/openssl/ssl/s3_lib.c @@ -2458,6 +2458,7 @@ int ssl3_get_req_cert_type(SSL *s, unsigned char *p) int ssl3_shutdown(SSL *s) { + int ret; /* Don't do anything much if we have not done the handshake or * we don't want to send messages :-) */ @@ -2475,18 +2476,32 @@ int ssl3_shutdown(SSL *s) #endif /* our shutdown alert has been sent now, and if it still needs * to be written, s->s3->alert_dispatch will be true */ + if (s->s3->alert_dispatch) + return(-1); /* return WANT_WRITE */ } else if (s->s3->alert_dispatch) { /* resend it if not sent */ #if 1 - s->method->ssl_dispatch_alert(s); + ret=s->method->ssl_dispatch_alert(s); + if(ret == -1) + { + /* we only get to return -1 here the 2nd/Nth + * invocation, we must have already signalled + * return 0 upon a previous invoation, + * return WANT_WRITE */ + return(ret); + } #endif } else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) { /* If we are waiting for a close from our peer, we are closed */ s->method->ssl_read_bytes(s,0,NULL,0,0); + if(!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) + { + return(-1); /* return WANT_READ */ + } } if ((s->shutdown == (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN)) && @@ -2592,9 +2607,6 @@ int ssl3_renegotiate(SSL *s) if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) return(0); - if (!(s->s3->flags & SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) - return(0); - s->s3->renegotiate=1; return(1); } diff --git a/crypto/openssl/ssl/s3_pkt.c b/crypto/openssl/ssl/s3_pkt.c index b98b84044f..a2ba5748d5 100644 --- a/crypto/openssl/ssl/s3_pkt.c +++ b/crypto/openssl/ssl/s3_pkt.c @@ -141,9 +141,10 @@ int ssl3_read_n(SSL *s, int n, int max, int extend) /* ... now we can act as if 'extend' was set */ } - /* extend reads should not span multiple packets for DTLS */ - if ( SSL_version(s) == DTLS1_VERSION && - extend) + /* For DTLS/UDP reads should not span multiple packets + * because the read operation returns the whole packet + * at once (as long as it fits into the buffer). */ + if (SSL_version(s) == DTLS1_VERSION) { if ( s->s3->rbuf.left > 0 && n > s->s3->rbuf.left) n = s->s3->rbuf.left; @@ -209,6 +210,14 @@ int ssl3_read_n(SSL *s, int n, int max, int extend) return(i); } newb+=i; + /* reads should *never* span multiple packets for DTLS because + * the underlying transport protocol is message oriented as opposed + * to byte oriented as in the TLS case. */ + if (SSL_version(s) == DTLS1_VERSION) + { + if (n > newb) + n = newb; /* makes the while condition false */ + } } /* done reading, now the book-keeping */ @@ -985,7 +994,6 @@ start: if (SSL_is_init_finished(s) && !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) && - (s->s3->flags & SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION) && !s->s3->renegotiate) { ssl3_renegotiate(s); @@ -1021,7 +1029,25 @@ start: * now try again to obtain the (application) data we were asked for */ goto start; } - + /* If we are a server and get a client hello when renegotiation isn't + * allowed send back a no renegotiation alert and carry on. + * WARNING: experimental code, needs reviewing (steve) + */ + if (s->server && + SSL_is_init_finished(s) && + !s->s3->send_connection_binding && + (s->version > SSL3_VERSION) && + (s->s3->handshake_fragment_len >= 4) && + (s->s3->handshake_fragment[0] == SSL3_MT_CLIENT_HELLO) && + (s->session != NULL) && (s->session->cipher != NULL) && + !(s->ctx->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) + + { + /*s->s3->handshake_fragment_len = 0;*/ + rr->length = 0; + ssl3_send_alert(s,SSL3_AL_WARNING, SSL_AD_NO_RENEGOTIATION); + goto start; + } if (s->s3->alert_fragment_len >= 2) { int alert_level = s->s3->alert_fragment[0]; @@ -1051,6 +1077,21 @@ start: s->shutdown |= SSL_RECEIVED_SHUTDOWN; return(0); } + /* This is a warning but we receive it if we requested + * renegotiation and the peer denied it. Terminate with + * a fatal alert because if application tried to + * renegotiatie it presumably had a good reason and + * expects it to succeed. + * + * In future we might have a renegotiation where we + * don't care if the peer refused it where we carry on. + */ + else if (alert_descr == SSL_AD_NO_RENEGOTIATION) + { + al = SSL_AD_HANDSHAKE_FAILURE; + SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_NO_RENEGOTIATION); + goto f_err; + } } else if (alert_level == 2) /* fatal */ { @@ -1118,8 +1159,7 @@ start: if ((s->s3->handshake_fragment_len >= 4) && !s->in_handshake) { if (((s->state&SSL_ST_MASK) == SSL_ST_OK) && - !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) && - (s->s3->flags & SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) + !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)) { #if 0 /* worked only because C operator preferences are not as expected (and * because this is not really needed for clients except for detecting @@ -1270,13 +1310,13 @@ int ssl3_do_change_cipher_spec(SSL *s) return(1); } -void ssl3_send_alert(SSL *s, int level, int desc) +int ssl3_send_alert(SSL *s, int level, int desc) { /* Map tls/ssl alert value to correct one */ desc=s->method->ssl3_enc->alert_value(desc); if (s->version == SSL3_VERSION && desc == SSL_AD_PROTOCOL_VERSION) desc = SSL_AD_HANDSHAKE_FAILURE; /* SSL 3.0 does not have protocol_version alerts */ - if (desc < 0) return; + if (desc < 0) return -1; /* If a fatal one, remove from cache */ if ((level == 2) && (s->session != NULL)) SSL_CTX_remove_session(s->ctx,s->session); @@ -1285,9 +1325,10 @@ void ssl3_send_alert(SSL *s, int level, int desc) s->s3->send_alert[0]=level; s->s3->send_alert[1]=desc; if (s->s3->wbuf.left == 0) /* data still being written out? */ - s->method->ssl_dispatch_alert(s); + return s->method->ssl_dispatch_alert(s); /* else data is still being written out, we will get written * some time in the future */ + return -1; } int ssl3_dispatch_alert(SSL *s) diff --git a/crypto/openssl/ssl/s3_srvr.c b/crypto/openssl/ssl/s3_srvr.c index 79f3706c31..e696450d65 100644 --- a/crypto/openssl/ssl/s3_srvr.c +++ b/crypto/openssl/ssl/s3_srvr.c @@ -166,7 +166,6 @@ int ssl3_accept(SSL *s) BUF_MEM *buf; unsigned long l,Time=(unsigned long)time(NULL); void (*cb)(const SSL *ssl,int type,int val)=NULL; - long num1; int ret= -1; int new_state,state,skip=0; @@ -248,6 +247,18 @@ int ssl3_accept(SSL *s) s->state=SSL3_ST_SR_CLNT_HELLO_A; s->ctx->stats.sess_accept++; } + else if (!s->s3->send_connection_binding && + !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) + { + /* Server attempting to renegotiate with + * client that doesn't support secure + * renegotiation. + */ + SSLerr(SSL_F_SSL3_ACCEPT, SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED); + ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE); + ret = -1; + goto end; + } else { /* s->state == SSL_ST_RENEGOTIATE, @@ -435,15 +446,24 @@ int ssl3_accept(SSL *s) break; case SSL3_ST_SW_FLUSH: - /* number of bytes to be flushed */ - num1=BIO_ctrl(s->wbio,BIO_CTRL_INFO,0,NULL); - if (num1 > 0) + + /* This code originally checked to see if + * any data was pending using BIO_CTRL_INFO + * and then flushed. This caused problems + * as documented in PR#1939. The proposed + * fix doesn't completely resolve this issue + * as buggy implementations of BIO_CTRL_PENDING + * still exist. So instead we just flush + * unconditionally. + */ + + s->rwstate=SSL_WRITING; + if (BIO_flush(s->wbio) <= 0) { - s->rwstate=SSL_WRITING; - num1=BIO_flush(s->wbio); - if (num1 <= 0) { ret= -1; goto end; } - s->rwstate=SSL_NOTHING; + ret= -1; + goto end; } + s->rwstate=SSL_NOTHING; s->state=s->s3->tmp.next_state; break; @@ -718,14 +738,6 @@ int ssl3_get_client_hello(SSL *s) #endif STACK_OF(SSL_CIPHER) *ciphers=NULL; - if (s->new_session - && !(s->s3->flags&SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) - { - al=SSL_AD_HANDSHAKE_FAILURE; - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, ERR_R_INTERNAL_ERROR); - goto f_err; - } - /* We do this so that we will respond with our native type. * If we are TLSv1 and we get SSLv3, we will respond with TLSv1, * This down switching should be handled by a different method. @@ -766,6 +778,21 @@ int ssl3_get_client_hello(SSL *s) goto f_err; } + /* If we require cookies and this ClientHello doesn't + * contain one, just return since we do not want to + * allocate any memory yet. So check cookie length... + */ + if (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) + { + unsigned int session_length, cookie_length; + + session_length = *(p + SSL3_RANDOM_SIZE); + cookie_length = *(p + SSL3_RANDOM_SIZE + session_length + 1); + + if (cookie_length == 0) + return 1; + } + /* load the client random */ memcpy(s->s3->client_random,p,SSL3_RANDOM_SIZE); p+=SSL3_RANDOM_SIZE; @@ -805,23 +832,11 @@ int ssl3_get_client_hello(SSL *s) p+=j; - if (s->version == DTLS1_VERSION) + if (s->version == DTLS1_VERSION || s->version == DTLS1_BAD_VER) { /* cookie stuff */ cookie_len = *(p++); - if ( (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) && - s->d1->send_cookie == 0) - { - /* HelloVerifyMessage has already been sent */ - if ( cookie_len != s->d1->cookie_len) - { - al = SSL_AD_HANDSHAKE_FAILURE; - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_COOKIE_MISMATCH); - goto f_err; - } - } - /* * The ClientHello may contain a cookie even if the * HelloVerify message has not been sent--make sure that it @@ -836,7 +851,7 @@ int ssl3_get_client_hello(SSL *s) } /* verify the cookie if appropriate option is set. */ - if ( (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) && + if ((SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) && cookie_len > 0) { memcpy(s->d1->rcvd_cookie, p, cookie_len); @@ -861,6 +876,8 @@ int ssl3_get_client_hello(SSL *s) SSL_R_COOKIE_MISMATCH); goto f_err; } + + ret = 2; } p += cookie_len; @@ -960,7 +977,7 @@ int ssl3_get_client_hello(SSL *s) #ifndef OPENSSL_NO_TLSEXT /* TLS extensions*/ - if (s->version > SSL3_VERSION) + if (s->version >= SSL3_VERSION) { if (!ssl_parse_clienthello_tlsext(s,&p,d,n, &al)) { @@ -1095,7 +1112,7 @@ int ssl3_get_client_hello(SSL *s) * s->tmp.new_cipher - the new cipher to use. */ - ret=1; + if (ret < 0) ret=1; if (0) { f_err: @@ -2719,6 +2736,7 @@ int ssl3_send_newsession_ticket(SSL *s) unsigned int hlen; EVP_CIPHER_CTX ctx; HMAC_CTX hctx; + SSL_CTX *tctx = s->initial_ctx; unsigned char iv[EVP_MAX_IV_LENGTH]; unsigned char key_name[16]; @@ -2757,9 +2775,9 @@ int ssl3_send_newsession_ticket(SSL *s) * it does all the work otherwise use generated values * from parent ctx. */ - if (s->ctx->tlsext_ticket_key_cb) + if (tctx->tlsext_ticket_key_cb) { - if (s->ctx->tlsext_ticket_key_cb(s, key_name, iv, &ctx, + if (tctx->tlsext_ticket_key_cb(s, key_name, iv, &ctx, &hctx, 1) < 0) { OPENSSL_free(senc); @@ -2770,10 +2788,10 @@ int ssl3_send_newsession_ticket(SSL *s) { RAND_pseudo_bytes(iv, 16); EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, - s->ctx->tlsext_tick_aes_key, iv); - HMAC_Init_ex(&hctx, s->ctx->tlsext_tick_hmac_key, 16, + tctx->tlsext_tick_aes_key, iv); + HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16, tlsext_tick_md(), NULL); - memcpy(key_name, s->ctx->tlsext_tick_key_name, 16); + memcpy(key_name, tctx->tlsext_tick_key_name, 16); } l2n(s->session->tlsext_tick_lifetime_hint, p); /* Skip ticket length for now */ diff --git a/crypto/openssl/ssl/ssl.h b/crypto/openssl/ssl/ssl.h index 5ef11a3b2b..7d4e46e916 100644 --- a/crypto/openssl/ssl/ssl.h +++ b/crypto/openssl/ssl/ssl.h @@ -485,6 +485,8 @@ typedef struct ssl_session_st #define SSL_OP_MICROSOFT_SESS_ID_BUG 0x00000001L #define SSL_OP_NETSCAPE_CHALLENGE_BUG 0x00000002L +/* Allow initial connection to servers that don't support RI */ +#define SSL_OP_LEGACY_SERVER_CONNECT 0x00000004L #define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x00000008L #define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x00000010L #define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020L @@ -510,9 +512,13 @@ typedef struct ssl_session_st #define SSL_OP_COOKIE_EXCHANGE 0x00002000L /* Don't use RFC4507 ticket extension */ #define SSL_OP_NO_TICKET 0x00004000L +/* Use Cisco's "speshul" version of DTLS_BAD_VER (as client) */ +#define SSL_OP_CISCO_ANYCONNECT 0x00008000L /* As server, disallow session resumption on renegotiation */ #define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 0x00010000L +/* Permit unsafe legacy renegotiation */ +#define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 0x00040000L /* If set, always create a new key when using tmp_ecdh parameters */ #define SSL_OP_SINGLE_ECDH_USE 0x00080000L /* If set, always create a new key when using tmp_dh parameters */ @@ -561,17 +567,25 @@ typedef struct ssl_session_st #define SSL_CTX_set_options(ctx,op) \ SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,(op),NULL) +#define SSL_CTX_clear_options(ctx,op) \ + SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_OPTIONS,(op),NULL) #define SSL_CTX_get_options(ctx) \ SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,0,NULL) #define SSL_set_options(ssl,op) \ SSL_ctrl((ssl),SSL_CTRL_OPTIONS,(op),NULL) +#define SSL_clear_options(ssl,op) \ + SSL_ctrl((ssl),SSL_CTRL_CLEAR_OPTIONS,(op),NULL) #define SSL_get_options(ssl) \ SSL_ctrl((ssl),SSL_CTRL_OPTIONS,0,NULL) #define SSL_CTX_set_mode(ctx,op) \ SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,(op),NULL) +#define SSL_CTX_clear_mode(ctx,op) \ + SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_MODE,(op),NULL) #define SSL_CTX_get_mode(ctx) \ SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,0,NULL) +#define SSL_clear_mode(ssl,op) \ + SSL_ctrl((ssl),SSL_CTRL_CLEAR_MODE,(op),NULL) #define SSL_set_mode(ssl,op) \ SSL_ctrl((ssl),SSL_CTRL_MODE,(op),NULL) #define SSL_get_mode(ssl) \ @@ -579,6 +593,8 @@ typedef struct ssl_session_st #define SSL_set_mtu(ssl, mtu) \ SSL_ctrl((ssl),SSL_CTRL_SET_MTU,(mtu),NULL) +#define SSL_get_secure_renegotiation_support(ssl) \ + SSL_ctrl((ssl), SSL_CTRL_GET_RI_SUPPORT, 0, NULL) void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)); void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)); @@ -1269,6 +1285,21 @@ size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count); #define SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB 72 #endif +#define DTLS_CTRL_GET_TIMEOUT 73 +#define DTLS_CTRL_HANDLE_TIMEOUT 74 +#define DTLS_CTRL_LISTEN 75 + +#define SSL_CTRL_GET_RI_SUPPORT 76 +#define SSL_CTRL_CLEAR_OPTIONS 77 +#define SSL_CTRL_CLEAR_MODE 78 + +#define DTLSv1_get_timeout(ssl, arg) \ + SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg) +#define DTLSv1_handle_timeout(ssl) \ + SSL_ctrl(ssl,DTLS_CTRL_HANDLE_TIMEOUT,0, NULL) +#define DTLSv1_listen(ssl, peer) \ + SSL_ctrl(ssl,DTLS_CTRL_LISTEN,0, (void *)peer) + #define SSL_session_reused(ssl) \ SSL_ctrl((ssl),SSL_CTRL_GET_SESSION_REUSED,0,NULL) #define SSL_num_renegotiations(ssl) \ @@ -1519,7 +1550,7 @@ long SSL_get_default_timeout(const SSL *s); int SSL_library_init(void ); -char *SSL_CIPHER_description(SSL_CIPHER *,char *buf,int size); +char *SSL_CIPHER_description(const SSL_CIPHER *,char *buf,int size); STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk); SSL *SSL_dup(SSL *ssl); @@ -1649,6 +1680,7 @@ void ERR_load_SSL_strings(void); #define SSL_F_DO_DTLS1_WRITE 245 #define SSL_F_DO_SSL3_WRITE 104 #define SSL_F_DTLS1_ACCEPT 246 +#define SSL_F_DTLS1_ADD_CERT_TO_BUF 280 #define SSL_F_DTLS1_BUFFER_RECORD 247 #define SSL_F_DTLS1_CLIENT_HELLO 248 #define SSL_F_DTLS1_CONNECT 249 @@ -1657,6 +1689,7 @@ void ERR_load_SSL_strings(void); #define SSL_F_DTLS1_GET_MESSAGE 252 #define SSL_F_DTLS1_GET_MESSAGE_FRAGMENT 253 #define SSL_F_DTLS1_GET_RECORD 254 +#define SSL_F_DTLS1_HANDLE_TIMEOUT 282 #define SSL_F_DTLS1_OUTPUT_CERT_CHAIN 255 #define SSL_F_DTLS1_PREPROCESS_FRAGMENT 277 #define SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE 256 @@ -1702,6 +1735,7 @@ void ERR_load_SSL_strings(void); #define SSL_F_SSL2_SET_CERTIFICATE 126 #define SSL_F_SSL2_WRITE 127 #define SSL_F_SSL3_ACCEPT 128 +#define SSL_F_SSL3_ADD_CERT_TO_BUF 281 #define SSL_F_SSL3_CALLBACK_CTRL 233 #define SSL_F_SSL3_CHANGE_CIPHER_STATE 129 #define SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM 130 @@ -1742,9 +1776,11 @@ void ERR_load_SSL_strings(void); #define SSL_F_SSL3_SETUP_KEY_BLOCK 157 #define SSL_F_SSL3_WRITE_BYTES 158 #define SSL_F_SSL3_WRITE_PENDING 159 +#define SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT 285 #define SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT 272 #define SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK 215 #define SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK 216 +#define SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT 286 #define SSL_F_SSL_ADD_SERVERHELLO_TLSEXT 273 #define SSL_F_SSL_BAD_METHOD 160 #define SSL_F_SSL_BYTES_TO_CIPHER_LIST 161 @@ -1786,6 +1822,10 @@ void ERR_load_SSL_strings(void); #define SSL_F_SSL_INIT_WBIO_BUFFER 184 #define SSL_F_SSL_LOAD_CLIENT_CA_FILE 185 #define SSL_F_SSL_NEW 186 +#define SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT 287 +#define SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT 290 +#define SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT 289 +#define SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT 291 #define SSL_F_SSL_PEEK 270 #define SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT 275 #define SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT 276 @@ -1885,6 +1925,7 @@ void ERR_load_SSL_strings(void); #define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC 281 #define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG 148 #define SSL_R_DIGEST_CHECK_FAILED 149 +#define SSL_R_DTLS_MESSAGE_TOO_BIG 318 #define SSL_R_DUPLICATE_COMPRESSION_ID 309 #define SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER 310 #define SSL_R_ENCRYPTED_LENGTH_TOO_LONG 150 @@ -1952,7 +1993,7 @@ void ERR_load_SSL_strings(void); #define SSL_R_NO_PRIVATE_KEY_ASSIGNED 190 #define SSL_R_NO_PROTOCOLS_AVAILABLE 191 #define SSL_R_NO_PUBLICKEY 192 -#define SSL_R_NO_RENEGOTIATION 318 +#define SSL_R_NO_RENEGOTIATION 319 #define SSL_R_NO_SHARED_CIPHER 193 #define SSL_R_NO_VERIFY_CALLBACK 194 #define SSL_R_NULL_SSL_CTX 195 @@ -1980,10 +2021,14 @@ void ERR_load_SSL_strings(void); #define SSL_R_RECORD_LENGTH_MISMATCH 213 #define SSL_R_RECORD_TOO_LARGE 214 #define SSL_R_RECORD_TOO_SMALL 298 +#define SSL_R_RENEGOTIATE_EXT_TOO_LONG 320 +#define SSL_R_RENEGOTIATION_ENCODING_ERR 321 +#define SSL_R_RENEGOTIATION_MISMATCH 322 #define SSL_R_REQUIRED_CIPHER_MISSING 215 #define SSL_R_REUSE_CERT_LENGTH_NOT_ZERO 216 #define SSL_R_REUSE_CERT_TYPE_NOT_ZERO 217 #define SSL_R_REUSE_CIPHER_LIST_NOT_ZERO 218 +#define SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING 324 #define SSL_R_SERVERHELLO_TLSEXT 224 #define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED 277 #define SSL_R_SHORT_READ 219 @@ -2053,6 +2098,7 @@ void ERR_load_SSL_strings(void); #define SSL_R_UNKNOWN_REMOTE_ERROR_TYPE 253 #define SSL_R_UNKNOWN_SSL_VERSION 254 #define SSL_R_UNKNOWN_STATE 255 +#define SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED 323 #define SSL_R_UNSUPPORTED_CIPHER 256 #define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM 257 #define SSL_R_UNSUPPORTED_ELLIPTIC_CURVE 315 diff --git a/crypto/openssl/ssl/ssl3.h b/crypto/openssl/ssl/ssl3.h index a1a19cbfcb..2f579c253b 100644 --- a/crypto/openssl/ssl/ssl3.h +++ b/crypto/openssl/ssl/ssl3.h @@ -129,6 +129,9 @@ extern "C" { #endif +/* Signalling cipher suite value: from draft-ietf-tls-renegotiation-03.txt */ +#define SSL3_CK_SCSV 0x030000FF + #define SSL3_CK_RSA_NULL_MD5 0x03000001 #define SSL3_CK_RSA_NULL_SHA 0x03000002 #define SSL3_CK_RSA_RC4_40_MD5 0x03000003 @@ -326,11 +329,10 @@ typedef struct ssl3_buffer_st #define SSL3_CT_NUMBER 7 -#define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS 0x0001 -#define SSL3_FLAGS_DELAY_CLIENT_FINISHED 0x0002 -#define SSL3_FLAGS_POP_BUFFER 0x0004 -#define TLS1_FLAGS_TLS_PADDING_BUG 0x0008 -#define SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 0x0010 +#define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS 0x0001 +#define SSL3_FLAGS_DELAY_CLIENT_FINISHED 0x0002 +#define SSL3_FLAGS_POP_BUFFER 0x0004 +#define TLS1_FLAGS_TLS_PADDING_BUG 0x0008 typedef struct ssl3_state_st { @@ -441,6 +443,12 @@ typedef struct ssl3_state_st int cert_request; } tmp; + /* Connection binding to prevent renegotiation attacks */ + unsigned char previous_client_finished[EVP_MAX_MD_SIZE]; + unsigned char previous_client_finished_len; + unsigned char previous_server_finished[EVP_MAX_MD_SIZE]; + unsigned char previous_server_finished_len; + int send_connection_binding; /* TODOEKR */ } SSL3_STATE; diff --git a/crypto/openssl/ssl/ssl_algs.c b/crypto/openssl/ssl/ssl_algs.c index 4717c0e6e1..2d9077e303 100644 --- a/crypto/openssl/ssl/ssl_algs.c +++ b/crypto/openssl/ssl/ssl_algs.c @@ -92,9 +92,6 @@ int SSL_library_init(void) EVP_add_cipher(EVP_seed_cbc()); #endif -#ifndef OPENSSL_NO_MD2 - EVP_add_digest(EVP_md2()); -#endif #ifndef OPENSSL_NO_MD5 EVP_add_digest(EVP_md5()); EVP_add_digest_alias(SN_md5,"ssl2-md5"); diff --git a/crypto/openssl/ssl/ssl_asn1.c b/crypto/openssl/ssl/ssl_asn1.c index 0f9a3489dd..d82e47a14e 100644 --- a/crypto/openssl/ssl/ssl_asn1.c +++ b/crypto/openssl/ssl/ssl_asn1.c @@ -68,6 +68,7 @@ typedef struct ssl_session_asn1_st ASN1_INTEGER version; ASN1_INTEGER ssl_version; ASN1_OCTET_STRING cipher; + ASN1_OCTET_STRING comp_id; ASN1_OCTET_STRING master_key; ASN1_OCTET_STRING session_id; ASN1_OCTET_STRING session_id_context; @@ -94,6 +95,10 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) #ifndef OPENSSL_NO_TLSEXT int v6=0,v9=0,v10=0; unsigned char ibuf6[LSIZE2]; +#endif +#ifndef OPENSSL_NO_COMP + int v11=0; + unsigned char cbuf; #endif long l; SSL_SESSION_ASN1 a; @@ -138,6 +143,16 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) buf[1]=((unsigned char)(l ))&0xff; } +#ifndef OPENSSL_NO_COMP + if (in->compress_meth) + { + cbuf = (unsigned char)in->compress_meth; + a.comp_id.length = 1; + a.comp_id.type = V_ASN1_OCTET_STRING; + a.comp_id.data = &cbuf; + } +#endif + a.master_key.length=in->master_key_length; a.master_key.type=V_ASN1_OCTET_STRING; a.master_key.data=in->master_key; @@ -199,12 +214,6 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) a.tlsext_tick.length= in->tlsext_ticklen; a.tlsext_tick.type=V_ASN1_OCTET_STRING; a.tlsext_tick.data=(unsigned char *)in->tlsext_tick; - /* If we have a ticket set session ID to empty because - * it will be bogus. If liftime hint is -1 treat as a special - * case because the session is being used as a container - */ - if (in->tlsext_ticklen && (in->tlsext_tick_lifetime_hint != -1)) - a.session_id.length=0; } if (in->tlsext_tick_lifetime_hint > 0) { @@ -242,6 +251,10 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) M_ASN1_I2D_len_EXP_opt(&(a.tlsext_tick), i2d_ASN1_OCTET_STRING,10,v10); if (in->tlsext_hostname) M_ASN1_I2D_len_EXP_opt(&(a.tlsext_hostname), i2d_ASN1_OCTET_STRING,6,v6); +#ifndef OPENSSL_NO_COMP + if (in->compress_meth) + M_ASN1_I2D_len_EXP_opt(&(a.comp_id), i2d_ASN1_OCTET_STRING,11,v11); +#endif #endif /* OPENSSL_NO_TLSEXT */ M_ASN1_I2D_seq_total(); @@ -274,6 +287,10 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) if (in->tlsext_tick) M_ASN1_I2D_put_EXP_opt(&(a.tlsext_tick), i2d_ASN1_OCTET_STRING,10,v10); #endif /* OPENSSL_NO_TLSEXT */ +#ifndef OPENSSL_NO_COMP + if (in->compress_meth) + M_ASN1_I2D_put_EXP_opt(&(a.comp_id), i2d_ASN1_OCTET_STRING,11,v11); +#endif M_ASN1_I2D_finish(); } @@ -317,7 +334,7 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, ((unsigned long)os.data[1]<< 8L)| (unsigned long)os.data[2]; } - else if ((ssl_version>>8) == SSL3_VERSION_MAJOR) + else if ((ssl_version>>8) >= SSL3_VERSION_MAJOR) { if (os.length != 2) { @@ -330,15 +347,15 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, } else { - SSLerr(SSL_F_D2I_SSL_SESSION,SSL_R_UNKNOWN_SSL_VERSION); - return(NULL); + c.error=SSL_R_UNKNOWN_SSL_VERSION; + goto err; } ret->cipher=NULL; ret->cipher_id=id; M_ASN1_D2I_get_x(ASN1_OCTET_STRING,osp,d2i_ASN1_OCTET_STRING); - if ((ssl_version>>8) == SSL3_VERSION_MAJOR) + if ((ssl_version>>8) >= SSL3_VERSION_MAJOR) i=SSL3_MAX_SSL_SESSION_ID_LENGTH; else /* if (ssl_version>>8 == SSL2_VERSION_MAJOR) */ i=SSL2_MAX_SSL_SESSION_ID_LENGTH; @@ -422,8 +439,8 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, { if (os.length > SSL_MAX_SID_CTX_LENGTH) { - ret->sid_ctx_length=os.length; - SSLerr(SSL_F_D2I_SSL_SESSION,SSL_R_BAD_LENGTH); + c.error=SSL_R_BAD_LENGTH; + goto err; } else { @@ -478,23 +495,21 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, ret->tlsext_ticklen = os.length; os.data = NULL; os.length = 0; -#if 0 - /* There are two ways to detect a resumed ticket sesion. - * One is to set a random session ID and then the server - * must return a match in ServerHello. This allows the normal - * client session ID matching to work. - */ - if (ret->session_id_length == 0) - { - ret->session_id_length=SSL3_MAX_SSL_SESSION_ID_LENGTH; - RAND_pseudo_bytes(ret->session_id, - ret->session_id_length); - } -#endif } else ret->tlsext_tick=NULL; #endif /* OPENSSL_NO_TLSEXT */ +#ifndef OPENSSL_NO_COMP + os.length=0; + os.data=NULL; + M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,11); + if (os.data) + { + ret->compress_meth = os.data[0]; + OPENSSL_free(os.data); + os.data = NULL; + } +#endif M_ASN1_D2I_Finish(a,SSL_SESSION_free,SSL_F_D2I_SSL_SESSION); } diff --git a/crypto/openssl/ssl/ssl_cert.c b/crypto/openssl/ssl/ssl_cert.c index a32b2d4446..16fda5d8bf 100644 --- a/crypto/openssl/ssl/ssl_cert.c +++ b/crypto/openssl/ssl/ssl_cert.c @@ -500,9 +500,6 @@ int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk) SSLerr(SSL_F_SSL_VERIFY_CERT_CHAIN,ERR_R_X509_LIB); return(0); } - if (s->param) - X509_VERIFY_PARAM_inherit(X509_STORE_CTX_get0_param(&ctx), - s->param); #if 0 if (SSL_get_verify_depth(s) >= 0) X509_STORE_CTX_set_depth(&ctx, SSL_get_verify_depth(s)); @@ -516,6 +513,10 @@ int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk) X509_STORE_CTX_set_default(&ctx, s->server ? "ssl_client" : "ssl_server"); + /* Anything non-default in "param" should overwrite anything in the + * ctx. + */ + X509_VERIFY_PARAM_set1(X509_STORE_CTX_get0_param(&ctx), s->param); if (s->verify_callback) X509_STORE_CTX_set_verify_cb(&ctx, s->verify_callback); diff --git a/crypto/openssl/ssl/ssl_ciph.c b/crypto/openssl/ssl/ssl_ciph.c index 52f91cfe60..5e2d436da3 100644 --- a/crypto/openssl/ssl/ssl_ciph.c +++ b/crypto/openssl/ssl/ssl_ciph.c @@ -1091,10 +1091,11 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, *cipher_list_by_id = tmp_cipher_list; (void)sk_SSL_CIPHER_set_cmp_func(*cipher_list_by_id,ssl_cipher_ptr_id_cmp); + sk_SSL_CIPHER_sort(*cipher_list_by_id); return(cipherstack); } -char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len) +char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) { int is_export,pkl,kl; const char *ver,*exp_str; diff --git a/crypto/openssl/ssl/ssl_err.c b/crypto/openssl/ssl/ssl_err.c index ce2a5557a6..7eb52026e7 100644 --- a/crypto/openssl/ssl/ssl_err.c +++ b/crypto/openssl/ssl/ssl_err.c @@ -78,6 +78,7 @@ static ERR_STRING_DATA SSL_str_functs[]= {ERR_FUNC(SSL_F_DO_DTLS1_WRITE), "DO_DTLS1_WRITE"}, {ERR_FUNC(SSL_F_DO_SSL3_WRITE), "DO_SSL3_WRITE"}, {ERR_FUNC(SSL_F_DTLS1_ACCEPT), "DTLS1_ACCEPT"}, +{ERR_FUNC(SSL_F_DTLS1_ADD_CERT_TO_BUF), "DTLS1_ADD_CERT_TO_BUF"}, {ERR_FUNC(SSL_F_DTLS1_BUFFER_RECORD), "DTLS1_BUFFER_RECORD"}, {ERR_FUNC(SSL_F_DTLS1_CLIENT_HELLO), "DTLS1_CLIENT_HELLO"}, {ERR_FUNC(SSL_F_DTLS1_CONNECT), "DTLS1_CONNECT"}, @@ -86,6 +87,7 @@ static ERR_STRING_DATA SSL_str_functs[]= {ERR_FUNC(SSL_F_DTLS1_GET_MESSAGE), "DTLS1_GET_MESSAGE"}, {ERR_FUNC(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT), "DTLS1_GET_MESSAGE_FRAGMENT"}, {ERR_FUNC(SSL_F_DTLS1_GET_RECORD), "DTLS1_GET_RECORD"}, +{ERR_FUNC(SSL_F_DTLS1_HANDLE_TIMEOUT), "DTLS1_HANDLE_TIMEOUT"}, {ERR_FUNC(SSL_F_DTLS1_OUTPUT_CERT_CHAIN), "DTLS1_OUTPUT_CERT_CHAIN"}, {ERR_FUNC(SSL_F_DTLS1_PREPROCESS_FRAGMENT), "DTLS1_PREPROCESS_FRAGMENT"}, {ERR_FUNC(SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE), "DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE"}, @@ -131,6 +133,7 @@ static ERR_STRING_DATA SSL_str_functs[]= {ERR_FUNC(SSL_F_SSL2_SET_CERTIFICATE), "SSL2_SET_CERTIFICATE"}, {ERR_FUNC(SSL_F_SSL2_WRITE), "SSL2_WRITE"}, {ERR_FUNC(SSL_F_SSL3_ACCEPT), "SSL3_ACCEPT"}, +{ERR_FUNC(SSL_F_SSL3_ADD_CERT_TO_BUF), "SSL3_ADD_CERT_TO_BUF"}, {ERR_FUNC(SSL_F_SSL3_CALLBACK_CTRL), "SSL3_CALLBACK_CTRL"}, {ERR_FUNC(SSL_F_SSL3_CHANGE_CIPHER_STATE), "SSL3_CHANGE_CIPHER_STATE"}, {ERR_FUNC(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM), "SSL3_CHECK_CERT_AND_ALGORITHM"}, @@ -171,9 +174,11 @@ static ERR_STRING_DATA SSL_str_functs[]= {ERR_FUNC(SSL_F_SSL3_SETUP_KEY_BLOCK), "SSL3_SETUP_KEY_BLOCK"}, {ERR_FUNC(SSL_F_SSL3_WRITE_BYTES), "SSL3_WRITE_BYTES"}, {ERR_FUNC(SSL_F_SSL3_WRITE_PENDING), "SSL3_WRITE_PENDING"}, +{ERR_FUNC(SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT), "SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT"}, {ERR_FUNC(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT), "SSL_ADD_CLIENTHELLO_TLSEXT"}, {ERR_FUNC(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK), "SSL_add_dir_cert_subjects_to_stack"}, {ERR_FUNC(SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK), "SSL_add_file_cert_subjects_to_stack"}, +{ERR_FUNC(SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT), "SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT"}, {ERR_FUNC(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT), "SSL_ADD_SERVERHELLO_TLSEXT"}, {ERR_FUNC(SSL_F_SSL_BAD_METHOD), "SSL_BAD_METHOD"}, {ERR_FUNC(SSL_F_SSL_BYTES_TO_CIPHER_LIST), "SSL_BYTES_TO_CIPHER_LIST"}, @@ -215,6 +220,10 @@ static ERR_STRING_DATA SSL_str_functs[]= {ERR_FUNC(SSL_F_SSL_INIT_WBIO_BUFFER), "SSL_INIT_WBIO_BUFFER"}, {ERR_FUNC(SSL_F_SSL_LOAD_CLIENT_CA_FILE), "SSL_load_client_CA_file"}, {ERR_FUNC(SSL_F_SSL_NEW), "SSL_new"}, +{ERR_FUNC(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT), "SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT"}, +{ERR_FUNC(SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT), "SSL_PARSE_CLIENTHELLO_TLSEXT"}, +{ERR_FUNC(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT), "SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT"}, +{ERR_FUNC(SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT), "SSL_PARSE_SERVERHELLO_TLSEXT"}, {ERR_FUNC(SSL_F_SSL_PEEK), "SSL_peek"}, {ERR_FUNC(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT), "SSL_PREPARE_CLIENTHELLO_TLSEXT"}, {ERR_FUNC(SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT), "SSL_PREPARE_SERVERHELLO_TLSEXT"}, @@ -317,6 +326,7 @@ static ERR_STRING_DATA SSL_str_reasons[]= {ERR_REASON(SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC),"decryption failed or bad record mac"}, {ERR_REASON(SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG),"dh public value length is wrong"}, {ERR_REASON(SSL_R_DIGEST_CHECK_FAILED) ,"digest check failed"}, +{ERR_REASON(SSL_R_DTLS_MESSAGE_TOO_BIG) ,"dtls message too big"}, {ERR_REASON(SSL_R_DUPLICATE_COMPRESSION_ID),"duplicate compression id"}, {ERR_REASON(SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER),"ecgroup too large for cipher"}, {ERR_REASON(SSL_R_ENCRYPTED_LENGTH_TOO_LONG),"encrypted length too long"}, @@ -412,10 +422,14 @@ static ERR_STRING_DATA SSL_str_reasons[]= {ERR_REASON(SSL_R_RECORD_LENGTH_MISMATCH),"record length mismatch"}, {ERR_REASON(SSL_R_RECORD_TOO_LARGE) ,"record too large"}, {ERR_REASON(SSL_R_RECORD_TOO_SMALL) ,"record too small"}, +{ERR_REASON(SSL_R_RENEGOTIATE_EXT_TOO_LONG),"renegotiate ext too long"}, +{ERR_REASON(SSL_R_RENEGOTIATION_ENCODING_ERR),"renegotiation encoding err"}, +{ERR_REASON(SSL_R_RENEGOTIATION_MISMATCH),"renegotiation mismatch"}, {ERR_REASON(SSL_R_REQUIRED_CIPHER_MISSING),"required cipher missing"}, {ERR_REASON(SSL_R_REUSE_CERT_LENGTH_NOT_ZERO),"reuse cert length not zero"}, {ERR_REASON(SSL_R_REUSE_CERT_TYPE_NOT_ZERO),"reuse cert type not zero"}, {ERR_REASON(SSL_R_REUSE_CIPHER_LIST_NOT_ZERO),"reuse cipher list not zero"}, +{ERR_REASON(SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING),"scsv received when renegotiating"}, {ERR_REASON(SSL_R_SERVERHELLO_TLSEXT) ,"serverhello tlsext"}, {ERR_REASON(SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED),"session id context uninitialized"}, {ERR_REASON(SSL_R_SHORT_READ) ,"short read"}, @@ -485,6 +499,7 @@ static ERR_STRING_DATA SSL_str_reasons[]= {ERR_REASON(SSL_R_UNKNOWN_REMOTE_ERROR_TYPE),"unknown remote error type"}, {ERR_REASON(SSL_R_UNKNOWN_SSL_VERSION) ,"unknown ssl version"}, {ERR_REASON(SSL_R_UNKNOWN_STATE) ,"unknown state"}, +{ERR_REASON(SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED),"unsafe legacy renegotiation disabled"}, {ERR_REASON(SSL_R_UNSUPPORTED_CIPHER) ,"unsupported cipher"}, {ERR_REASON(SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM),"unsupported compression algorithm"}, {ERR_REASON(SSL_R_UNSUPPORTED_ELLIPTIC_CURVE),"unsupported elliptic curve"}, diff --git a/crypto/openssl/ssl/ssl_lib.c b/crypto/openssl/ssl/ssl_lib.c index 893abff1f4..15650da5e7 100644 --- a/crypto/openssl/ssl/ssl_lib.c +++ b/crypto/openssl/ssl/ssl_lib.c @@ -508,7 +508,6 @@ void SSL_free(SSL *s) if (s->cert != NULL) ssl_cert_free(s->cert); /* Free up if allocated */ - if (s->ctx) SSL_CTX_free(s->ctx); #ifndef OPENSSL_NO_TLSEXT if (s->tlsext_hostname) OPENSSL_free(s->tlsext_hostname); @@ -526,6 +525,8 @@ void SSL_free(SSL *s) if (s->method != NULL) s->method->ssl_free(s); + if (s->ctx) SSL_CTX_free(s->ctx); + #ifndef OPENSSL_NO_KRB5 if (s->kssl_ctx != NULL) kssl_ctx_free(s->kssl_ctx); @@ -986,8 +987,12 @@ long SSL_ctrl(SSL *s,int cmd,long larg,void *parg) case SSL_CTRL_OPTIONS: return(s->options|=larg); + case SSL_CTRL_CLEAR_OPTIONS: + return(s->options&=~larg); case SSL_CTRL_MODE: return(s->mode|=larg); + case SSL_CTRL_CLEAR_MODE: + return(s->mode &=~larg); case SSL_CTRL_GET_MAX_CERT_LIST: return(s->max_cert_list); case SSL_CTRL_SET_MAX_CERT_LIST: @@ -995,12 +1000,17 @@ long SSL_ctrl(SSL *s,int cmd,long larg,void *parg) s->max_cert_list=larg; return(l); case SSL_CTRL_SET_MTU: - if (SSL_version(s) == DTLS1_VERSION) + if (SSL_version(s) == DTLS1_VERSION || + SSL_version(s) == DTLS1_BAD_VER) { s->d1->mtu = larg; return larg; } return 0; + case SSL_CTRL_GET_RI_SUPPORT: + if (s->s3) + return s->s3->send_connection_binding; + else return 0; default: return(s->method->ssl_ctrl(s,cmd,larg,parg)); } @@ -1087,8 +1097,12 @@ long SSL_CTX_ctrl(SSL_CTX *ctx,int cmd,long larg,void *parg) return(ctx->stats.sess_cache_full); case SSL_CTRL_OPTIONS: return(ctx->options|=larg); + case SSL_CTRL_CLEAR_OPTIONS: + return(ctx->options&=~larg); case SSL_CTRL_MODE: return(ctx->mode|=larg); + case SSL_CTRL_CLEAR_MODE: + return(ctx->mode&=~larg); default: return(ctx->method->ssl_ctx_ctrl(ctx,cmd,larg,parg)); } @@ -1285,6 +1299,22 @@ int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p, j = put_cb ? put_cb(c,p) : ssl_put_cipher_by_char(s,c,p); p+=j; } + /* If p == q, no ciphers and caller indicates an error. Otherwise + * add SCSV if not renegotiating. + */ + if (p != q && !s->new_session) + { + static SSL_CIPHER scsv = + { + 0, NULL, SSL3_CK_SCSV, 0, 0, 0, 0, 0, 0, 0, + }; + j = put_cb ? put_cb(&scsv,p) : ssl_put_cipher_by_char(s,&scsv,p); + p+=j; +#ifdef OPENSSL_RI_DEBUG + fprintf(stderr, "SCSV sent by client\n"); +#endif + } + return(p-q); } @@ -1294,6 +1324,8 @@ STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num, SSL_CIPHER *c; STACK_OF(SSL_CIPHER) *sk; int i,n; + if (s->s3) + s->s3->send_connection_binding = 0; n=ssl_put_cipher_by_char(s,NULL,NULL); if ((num%n) != 0) @@ -1311,6 +1343,26 @@ STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num, for (i=0; is3 && (n != 3 || !p[0]) && + (p[n-2] == ((SSL3_CK_SCSV >> 8) & 0xff)) && + (p[n-1] == (SSL3_CK_SCSV & 0xff))) + { + /* SCSV fatal if renegotiating */ + if (s->new_session) + { + SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING); + ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE); + goto err; + } + s->s3->send_connection_binding = 1; + p += n; +#ifdef OPENSSL_RI_DEBUG + fprintf(stderr, "SCSV received by server\n"); +#endif + continue; + } + c=ssl_get_cipher_by_char(s,p); p+=n; if (c != NULL) @@ -1546,6 +1598,10 @@ SSL_CTX *SSL_CTX_new(SSL_METHOD *meth) } #endif #endif + /* Default is to connect to non-RI servers. When RI is more widely + * deployed might change this. + */ + ret->options |= SSL_OP_LEGACY_SERVER_CONNECT; return(ret); err: diff --git a/crypto/openssl/ssl/ssl_locl.h b/crypto/openssl/ssl/ssl_locl.h index ed4ddbbae6..e305db43ff 100644 --- a/crypto/openssl/ssl/ssl_locl.h +++ b/crypto/openssl/ssl/ssl_locl.h @@ -694,7 +694,7 @@ SSL_METHOD *func_name(void) \ dtls1_read_bytes, \ dtls1_write_app_data_bytes, \ dtls1_dispatch_alert, \ - ssl3_ctrl, \ + dtls1_ctrl, \ ssl3_ctx_ctrl, \ ssl3_get_cipher_by_char, \ ssl3_put_cipher_by_char, \ @@ -789,7 +789,7 @@ int ssl3_send_change_cipher_spec(SSL *s,int state_a,int state_b); int ssl3_change_cipher_state(SSL *s,int which); void ssl3_cleanup_key_block(SSL *s); int ssl3_do_write(SSL *s,int type); -void ssl3_send_alert(SSL *s,int level, int desc); +int ssl3_send_alert(SSL *s,int level, int desc); int ssl3_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, int len); int ssl3_get_req_cert_type(SSL *s,unsigned char *p); @@ -862,13 +862,21 @@ int dtls1_read_failed(SSL *s, int code); int dtls1_buffer_message(SSL *s, int ccs); int dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off, int *found); +int dtls1_get_queue_priority(unsigned short seq, int is_ccs); +int dtls1_retransmit_buffered_messages(SSL *s); void dtls1_clear_record_buffer(SSL *s); void dtls1_get_message_header(unsigned char *data, struct hm_header_st *msg_hdr); void dtls1_get_ccs_header(unsigned char *data, struct ccs_header_st *ccs_hdr); void dtls1_reset_seq_numbers(SSL *s, int rw); long dtls1_default_timeout(void); +struct timeval* dtls1_get_timeout(SSL *s, struct timeval* timeleft); +int dtls1_handle_timeout(SSL *s); SSL_CIPHER *dtls1_get_cipher(unsigned int u); - +void dtls1_start_timer(SSL *s); +void dtls1_stop_timer(SSL *s); +int dtls1_is_timer_expired(SSL *s); +void dtls1_double_timeout(SSL *s); +int dtls1_send_newsession_ticket(SSL *s); /* some client-only functions */ @@ -885,6 +893,9 @@ int ssl3_send_client_key_exchange(SSL *s); int ssl3_get_key_exchange(SSL *s); int ssl3_get_server_certificate(SSL *s); int ssl3_check_cert_and_algorithm(SSL *s); +#ifndef OPENSSL_NO_TLSEXT +int ssl3_check_finished(SSL *s); +#endif int dtls1_client_hello(SSL *s); int dtls1_send_client_certificate(SSL *s); @@ -968,6 +979,7 @@ int ssl_prepare_clienthello_tlsext(SSL *s); int ssl_prepare_serverhello_tlsext(SSL *s); int ssl_check_clienthello_tlsext(SSL *s); int ssl_check_serverhello_tlsext(SSL *s); + #ifdef OPENSSL_NO_SHA256 #define tlsext_tick_md EVP_sha1 #else @@ -977,6 +989,15 @@ int tls1_process_ticket(SSL *s, unsigned char *session_id, int len, const unsigned char *limit, SSL_SESSION **ret); EVP_MD_CTX* ssl_replace_hash(EVP_MD_CTX **hash,const EVP_MD *md) ; void ssl_clear_hash_ctx(EVP_MD_CTX **hash); + +int ssl_add_serverhello_renegotiate_ext(SSL *s, unsigned char *p, int *len, + int maxlen); +int ssl_parse_serverhello_renegotiate_ext(SSL *s, unsigned char *d, int len, + int *al); +int ssl_add_clienthello_renegotiate_ext(SSL *s, unsigned char *p, int *len, + int maxlen); +int ssl_parse_clienthello_renegotiate_ext(SSL *s, unsigned char *d, int len, + int *al); #endif #endif diff --git a/crypto/openssl/ssl/ssl_rsa.c b/crypto/openssl/ssl/ssl_rsa.c index 27113eba50..c0960b5712 100644 --- a/crypto/openssl/ssl/ssl_rsa.c +++ b/crypto/openssl/ssl/ssl_rsa.c @@ -723,7 +723,7 @@ int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file) goto end; } - x=PEM_read_bio_X509(in,NULL,ctx->default_passwd_callback,ctx->default_passwd_callback_userdata); + x=PEM_read_bio_X509_AUX(in,NULL,ctx->default_passwd_callback,ctx->default_passwd_callback_userdata); if (x == NULL) { SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_PEM_LIB); diff --git a/crypto/openssl/ssl/ssl_sess.c b/crypto/openssl/ssl/ssl_sess.c index 8391d62212..e7802e1d9e 100644 --- a/crypto/openssl/ssl/ssl_sess.c +++ b/crypto/openssl/ssl/ssl_sess.c @@ -211,6 +211,11 @@ int ssl_get_new_session(SSL *s, int session) ss->ssl_version=TLS1_VERSION; ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH; } + else if (s->version == DTLS1_BAD_VER) + { + ss->ssl_version=DTLS1_BAD_VER; + ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH; + } else if (s->version == DTLS1_VERSION) { ss->ssl_version=DTLS1_VERSION; @@ -418,7 +423,7 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len, p=buf; l=ret->cipher_id; l2n(l,p); - if ((ret->ssl_version>>8) == SSL3_VERSION_MAJOR) + if ((ret->ssl_version>>8) >= SSL3_VERSION_MAJOR) ret->cipher=ssl_get_cipher_by_char(s,&(buf[2])); else ret->cipher=ssl_get_cipher_by_char(s,&(buf[1])); diff --git a/crypto/openssl/ssl/ssl_stat.c b/crypto/openssl/ssl/ssl_stat.c index 73b02509d4..e7509f0303 100644 --- a/crypto/openssl/ssl/ssl_stat.c +++ b/crypto/openssl/ssl/ssl_stat.c @@ -198,6 +198,12 @@ case SSL23_ST_SR_CLNT_HELLO_A: str="SSLv2/v3 read client hello A"; break; case SSL23_ST_SR_CLNT_HELLO_B: str="SSLv2/v3 read client hello B"; break; #endif +/* DTLS */ +case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A: str="DTLS1 read hello verify request A"; break; +case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B: str="DTLS1 read hello verify request B"; break; +case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A: str="DTLS1 write hello verify request A"; break; +case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B: str="DTLS1 write hello verify request B"; break; + default: str="unknown state"; break; } return(str); @@ -345,6 +351,11 @@ case SSL23_ST_CR_SRVR_HELLO_B: str="23RSHA"; break; case SSL23_ST_SR_CLNT_HELLO_A: str="23RCHA"; break; case SSL23_ST_SR_CLNT_HELLO_B: str="23RCHB"; break; #endif +/* DTLS */ +case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A: str="DRCHVA"; break; +case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B: str="DRCHVB"; break; +case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A: str="DWCHVA"; break; +case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B: str="DWCHVB"; break; default: str="UNKWN "; break; } diff --git a/crypto/openssl/ssl/ssl_txt.c b/crypto/openssl/ssl/ssl_txt.c index 06b86750fd..81c1361698 100644 --- a/crypto/openssl/ssl/ssl_txt.c +++ b/crypto/openssl/ssl/ssl_txt.c @@ -91,6 +91,10 @@ int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x) s="SSLv3"; else if (x->ssl_version == TLS1_VERSION) s="TLSv1"; + else if (x->ssl_version == DTLS1_VERSION) + s="DTLSv1"; + else if (x->ssl_version == DTLS1_BAD_VER) + s="DTLSv1-bad"; else s="unknown"; if (BIO_printf(bp," Protocol : %s\n",s) <= 0) goto err; @@ -174,11 +178,11 @@ int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x) ssl_cipher_get_evp(x,NULL,NULL,&comp); if (comp == NULL) { - if (BIO_printf(bp,"\n Compression: %d",x->compress_meth) <= 0) goto err; + if (BIO_printf(bp,"\n Compression: %d",x->compress_meth) <= 0) goto err; } else { - if (BIO_printf(bp,"\n Compression: %d (%s)", comp->id,comp->method->name) <= 0) goto err; + if (BIO_printf(bp,"\n Compression: %d (%s)", comp->id,comp->method->name) <= 0) goto err; } } #endif diff --git a/crypto/openssl/ssl/t1_enc.c b/crypto/openssl/ssl/t1_enc.c index 7cb3e29a41..dab6e4485b 100644 --- a/crypto/openssl/ssl/t1_enc.c +++ b/crypto/openssl/ssl/t1_enc.c @@ -765,10 +765,10 @@ int tls1_mac(SSL *ssl, unsigned char *md, int send) HMAC_CTX_init(&hmac); HMAC_Init_ex(&hmac,mac_sec,EVP_MD_size(hash),hash,NULL); - if (ssl->version == DTLS1_VERSION && ssl->client_version != DTLS1_BAD_VER) + if (ssl->version == DTLS1_BAD_VER || + (ssl->version == DTLS1_VERSION && ssl->client_version != DTLS1_BAD_VER)) { unsigned char dtlsseq[8],*p=dtlsseq; - s2n(send?ssl->d1->w_epoch:ssl->d1->r_epoch, p); memcpy (p,&seq[2],6); @@ -793,7 +793,7 @@ printf("rec="); {unsigned int z; for (z=0; zlength; z++) printf("%02X ",buf[z]); printf("\n"); } #endif - if ( SSL_version(ssl) != DTLS1_VERSION) + if ( SSL_version(ssl) != DTLS1_VERSION && SSL_version(ssl) != DTLS1_BAD_VER) { for (i=7; i>=0; i--) { diff --git a/crypto/openssl/ssl/t1_lib.c b/crypto/openssl/ssl/t1_lib.c index 9ce726996d..8b53112770 100644 --- a/crypto/openssl/ssl/t1_lib.c +++ b/crypto/openssl/ssl/t1_lib.c @@ -133,6 +133,11 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha int extdatalen=0; unsigned char *ret = p; + /* don't add extensions for SSLv3 unless doing secure renegotiation */ + if (s->client_version == SSL3_VERSION + && !s->s3->send_connection_binding) + return p; + ret+=2; if (ret>=limit) return NULL; /* this really never occurs, but ... */ @@ -169,11 +174,37 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha ret+=size_str; } - + + /* Add RI if renegotiating */ + if (s->new_session) + { + int el; + + if(!ssl_add_clienthello_renegotiate_ext(s, 0, &el, 0)) + { + SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); + return NULL; + } + + if((limit - p - 4 - el) < 0) return NULL; + + s2n(TLSEXT_TYPE_renegotiate,ret); + s2n(el,ret); + + if(!ssl_add_clienthello_renegotiate_ext(s, ret, &el, el)) + { + SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); + return NULL; + } + + ret += el; + } + + if (!(SSL_get_options(s) & SSL_OP_NO_TICKET)) { int ticklen; - if (s->session && s->session->tlsext_tick) + if (!s->new_session && s->session && s->session->tlsext_tick) ticklen = s->session->tlsext_ticklen; else ticklen = 0; @@ -191,7 +222,8 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha } } - if (s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp) + if (s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp && + s->version != DTLS1_VERSION) { int i; long extlen, idlen, itmp; @@ -251,6 +283,10 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned cha int extdatalen=0; unsigned char *ret = p; + /* don't add extensions for SSLv3, unless doing secure renegotiation */ + if (s->version == SSL3_VERSION && !s->s3->send_connection_binding) + return p; + ret+=2; if (ret>=limit) return NULL; /* this really never occurs, but ... */ @@ -261,6 +297,30 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned cha s2n(TLSEXT_TYPE_server_name,ret); s2n(0,ret); } + + if(s->s3->send_connection_binding) + { + int el; + + if(!ssl_add_serverhello_renegotiate_ext(s, 0, &el, 0)) + { + SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); + return NULL; + } + + if((limit - p - 4 - el) < 0) return NULL; + + s2n(TLSEXT_TYPE_renegotiate,ret); + s2n(el,ret); + + if(!ssl_add_serverhello_renegotiate_ext(s, ret, &el, el)) + { + SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); + return NULL; + } + + ret += el; + } if (s->tlsext_ticket_expected && !(SSL_get_options(s) & SSL_OP_NO_TICKET)) @@ -290,15 +350,18 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in unsigned short size; unsigned short len; unsigned char *data = *p; + int renegotiate_seen = 0; + s->servername_done = 0; s->tlsext_status_type = -1; if (data >= (d+n-2)) - return 1; + goto ri_check; + n2s(data,len); if (data > (d+n-len)) - return 1; + goto ri_check; while (data <= (d+n-4)) { @@ -306,7 +369,7 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in n2s(data,size); if (data+size > (d+n)) - return 1; + goto ri_check; if (s->tlsext_debug_cb) s->tlsext_debug_cb(s, 0, type, data, size, @@ -407,8 +470,14 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in } } - else if (type == TLSEXT_TYPE_status_request - && s->ctx->tlsext_status_cb) + else if (type == TLSEXT_TYPE_renegotiate) + { + if(!ssl_parse_clienthello_renegotiate_ext(s, data, size, al)) + return 0; + renegotiate_seen = 1; + } + else if (type == TLSEXT_TYPE_status_request && + s->version != DTLS1_VERSION && s->ctx->tlsext_status_cb) { if (size < 5) @@ -507,12 +576,26 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in else s->tlsext_status_type = -1; } + /* session ticket processed earlier */ data+=size; } - *p = data; + + ri_check: + + /* Need RI if renegotiating */ + + if (!renegotiate_seen && s->new_session && + !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) + { + *al = SSL_AD_HANDSHAKE_FAILURE; + SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT, + SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED); + return 0; + } + return 1; } @@ -522,11 +605,11 @@ int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in unsigned short size; unsigned short len; unsigned char *data = *p; - int tlsext_servername = 0; + int renegotiate_seen = 0; if (data >= (d+n-2)) - return 1; + goto ri_check; n2s(data,len); @@ -536,7 +619,7 @@ int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in n2s(data,size); if (data+size > (d+n)) - return 1; + goto ri_check; if (s->tlsext_debug_cb) s->tlsext_debug_cb(s, 1, type, data, size, @@ -561,7 +644,8 @@ int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in } s->tlsext_ticket_expected = 1; } - else if (type == TLSEXT_TYPE_status_request) + else if (type == TLSEXT_TYPE_status_request && + s->version != DTLS1_VERSION) { /* MUST be empty and only sent if we've requested * a status request message. @@ -574,7 +658,12 @@ int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in /* Set flag to expect CertificateStatus message */ s->tlsext_status_expected = 1; } - + else if (type == TLSEXT_TYPE_renegotiate) + { + if(!ssl_parse_serverhello_renegotiate_ext(s, data, size, al)) + return 0; + renegotiate_seen = 1; + } data+=size; } @@ -606,6 +695,26 @@ int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in } *p = data; + + ri_check: + + /* Determine if we need to see RI. Strictly speaking if we want to + * avoid an attack we should *always* see RI even on initial server + * hello because the client doesn't see any renegotiation during an + * attack. However this would mean we could not connect to any server + * which doesn't support RI so for the immediate future tolerate RI + * absence on initial connect only. + */ + if (!renegotiate_seen + && !(s->options & SSL_OP_LEGACY_SERVER_CONNECT) + && !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) + { + *al = SSL_AD_HANDSHAKE_FAILURE; + SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT, + SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED); + return 0; + } + return 1; } @@ -745,6 +854,14 @@ int tls1_process_ticket(SSL *s, unsigned char *session_id, int len, return 1; if (p >= limit) return -1; + /* Skip past DTLS cookie */ + if (s->version == DTLS1_VERSION || s->version == DTLS1_BAD_VER) + { + i = *(p++); + p+= i; + if (p >= limit) + return -1; + } /* Skip past cipher list */ n2s(p, i); p+= i; @@ -795,16 +912,17 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick, int eticklen, unsigned char tick_hmac[EVP_MAX_MD_SIZE]; HMAC_CTX hctx; EVP_CIPHER_CTX ctx; + SSL_CTX *tctx = s->initial_ctx; /* Need at least keyname + iv + some encrypted data */ if (eticklen < 48) goto tickerr; /* Initialize session ticket encryption and HMAC contexts */ HMAC_CTX_init(&hctx); EVP_CIPHER_CTX_init(&ctx); - if (s->ctx->tlsext_ticket_key_cb) + if (tctx->tlsext_ticket_key_cb) { unsigned char *nctick = (unsigned char *)etick; - int rv = s->ctx->tlsext_ticket_key_cb(s, nctick, nctick + 16, + int rv = tctx->tlsext_ticket_key_cb(s, nctick, nctick + 16, &ctx, &hctx, 0); if (rv < 0) return -1; @@ -816,12 +934,12 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick, int eticklen, else { /* Check key name matches */ - if (memcmp(etick, s->ctx->tlsext_tick_key_name, 16)) + if (memcmp(etick, tctx->tlsext_tick_key_name, 16)) goto tickerr; - HMAC_Init_ex(&hctx, s->ctx->tlsext_tick_hmac_key, 16, + HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16, tlsext_tick_md(), NULL); EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, - s->ctx->tlsext_tick_aes_key, etick + 16); + tctx->tlsext_tick_aes_key, etick + 16); } /* Attempt to process session ticket, first conduct sanity and * integrity checks on ticket. diff --git a/crypto/openssl/ssl/d1_enc.c b/crypto/openssl/ssl/t1_reneg.c similarity index 52% copy from crypto/openssl/ssl/d1_enc.c copy to crypto/openssl/ssl/t1_reneg.c index cf3332e4e4..9c2cc3c712 100644 --- a/crypto/openssl/ssl/d1_enc.c +++ b/crypto/openssl/ssl/t1_reneg.c @@ -1,61 +1,4 @@ -/* ssl/d1_enc.c */ -/* - * DTLS implementation written by Nagendra Modadugu - * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. - */ -/* ==================================================================== - * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ +/* ssl/t1_reneg.c */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -112,175 +55,238 @@ * copied and put under another distribution licence * [including the GNU Public Licence.] */ - +/* ==================================================================== + * Copyright (c) 1998-2009 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ #include +#include #include "ssl_locl.h" -#ifndef OPENSSL_NO_COMP -#include -#endif -#include -#include -#include -#include -#ifdef KSSL_DEBUG -#include + +/* Add the client's renegotiation binding */ +int ssl_add_clienthello_renegotiate_ext(SSL *s, unsigned char *p, int *len, + int maxlen) + { + if(p) + { + if((s->s3->previous_client_finished_len+1) > maxlen) + { + SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATE_EXT_TOO_LONG); + return 0; + } + + /* Length byte */ + *p = s->s3->previous_client_finished_len; + p++; + + memcpy(p, s->s3->previous_client_finished, + s->s3->previous_client_finished_len); +#ifdef OPENSSL_RI_DEBUG + fprintf(stderr, "%s RI extension sent by client\n", + s->s3->previous_client_finished_len ? "Non-empty" : "Empty"); #endif + } + + *len=s->s3->previous_client_finished_len + 1; + + + return 1; + } -int dtls1_enc(SSL *s, int send) - { - SSL3_RECORD *rec; - EVP_CIPHER_CTX *ds; - unsigned long l; - int bs,i,ii,j,k,n=0; - const EVP_CIPHER *enc; +/* Parse the client's renegotiation binding and abort if it's not + right */ +int ssl_parse_clienthello_renegotiate_ext(SSL *s, unsigned char *d, int len, + int *al) + { + int ilen; - if (send) - { - if (s->write_hash != NULL) - n=EVP_MD_size(s->write_hash); - ds=s->enc_write_ctx; - rec= &(s->s3->wrec); - if (s->enc_write_ctx == NULL) - enc=NULL; - else - { - enc=EVP_CIPHER_CTX_cipher(s->enc_write_ctx); - if ( rec->data != rec->input) - /* we can't write into the input stream */ - fprintf(stderr, "%s:%d: rec->data != rec->input\n", - __FILE__, __LINE__); - else if ( EVP_CIPHER_block_size(ds->cipher) > 1) - { - if (!RAND_bytes(rec->input, EVP_CIPHER_block_size(ds->cipher))) - return -1; - } - } - } - else - { - if (s->read_hash != NULL) - n=EVP_MD_size(s->read_hash); - ds=s->enc_read_ctx; - rec= &(s->s3->rrec); - if (s->enc_read_ctx == NULL) - enc=NULL; - else - enc=EVP_CIPHER_CTX_cipher(s->enc_read_ctx); - } + /* Parse the length byte */ + if(len < 1) + { + SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_ENCODING_ERR); + *al=SSL_AD_ILLEGAL_PARAMETER; + return 0; + } + ilen = *d; + d++; -#ifdef KSSL_DEBUG - printf("dtls1_enc(%d)\n", send); -#endif /* KSSL_DEBUG */ + /* Consistency check */ + if((ilen+1) != len) + { + SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_ENCODING_ERR); + *al=SSL_AD_ILLEGAL_PARAMETER; + return 0; + } - if ((s->session == NULL) || (ds == NULL) || - (enc == NULL)) - { - memmove(rec->data,rec->input,rec->length); - rec->input=rec->data; - } - else - { - l=rec->length; - bs=EVP_CIPHER_block_size(ds->cipher); + /* Check that the extension matches */ + if(ilen != s->s3->previous_client_finished_len) + { + SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_MISMATCH); + *al=SSL_AD_HANDSHAKE_FAILURE; + return 0; + } + + if(memcmp(d, s->s3->previous_client_finished, + s->s3->previous_client_finished_len)) + { + SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_MISMATCH); + *al=SSL_AD_HANDSHAKE_FAILURE; + return 0; + } +#ifdef OPENSSL_RI_DEBUG + fprintf(stderr, "%s RI extension received by server\n", + ilen ? "Non-empty" : "Empty"); +#endif - if ((bs != 1) && send) - { - i=bs-((int)l%bs); + s->s3->send_connection_binding=1; - /* Add weird padding of upto 256 bytes */ + return 1; + } - /* we need to add 'i' padding bytes of value j */ - j=i-1; - if (s->options & SSL_OP_TLS_BLOCK_PADDING_BUG) - { - if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG) - j++; - } - for (k=(int)l; k<(int)(l+i); k++) - rec->input[k]=j; - l+=i; - rec->length+=i; - } +/* Add the server's renegotiation binding */ +int ssl_add_serverhello_renegotiate_ext(SSL *s, unsigned char *p, int *len, + int maxlen) + { + if(p) + { + if((s->s3->previous_client_finished_len + + s->s3->previous_server_finished_len + 1) > maxlen) + { + SSLerr(SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATE_EXT_TOO_LONG); + return 0; + } + + /* Length byte */ + *p = s->s3->previous_client_finished_len + s->s3->previous_server_finished_len; + p++; -#ifdef KSSL_DEBUG - { - unsigned long ui; - printf("EVP_Cipher(ds=%p,rec->data=%p,rec->input=%p,l=%ld) ==>\n", - (void *)ds,rec->data,rec->input,l); - printf("\tEVP_CIPHER_CTX: %d buf_len, %d key_len [%ld %ld], %d iv_len\n", - ds->buf_len, ds->cipher->key_len, - (unsigned long)DES_KEY_SZ, - (unsigned long)DES_SCHEDULE_SZ, - ds->cipher->iv_len); - printf("\t\tIV: "); - for (i=0; icipher->iv_len; i++) printf("%02X", ds->iv[i]); - printf("\n"); - printf("\trec->input="); - for (ui=0; uiinput[ui]); - printf("\n"); - } -#endif /* KSSL_DEBUG */ + memcpy(p, s->s3->previous_client_finished, + s->s3->previous_client_finished_len); + p += s->s3->previous_client_finished_len; - if (!send) - { - if (l == 0 || l%bs != 0) - { - SSLerr(SSL_F_DTLS1_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG); - ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED); - return 0; - } - } - - EVP_Cipher(ds,rec->data,rec->input,l); + memcpy(p, s->s3->previous_server_finished, + s->s3->previous_server_finished_len); +#ifdef OPENSSL_RI_DEBUG + fprintf(stderr, "%s RI extension sent by server\n", + s->s3->previous_client_finished_len ? "Non-empty" : "Empty"); +#endif + } + + *len=s->s3->previous_client_finished_len + + s->s3->previous_server_finished_len + 1; + + return 1; + } -#ifdef KSSL_DEBUG - { - unsigned long ki; - printf("\trec->data="); - for (ki=0; kidata[ki]); printf("\n"); - } -#endif /* KSSL_DEBUG */ +/* Parse the server's renegotiation binding and abort if it's not + right */ +int ssl_parse_serverhello_renegotiate_ext(SSL *s, unsigned char *d, int len, + int *al) + { + int expected_len=s->s3->previous_client_finished_len + + s->s3->previous_server_finished_len; + int ilen; - if ((bs != 1) && !send) - { - ii=i=rec->data[l-1]; /* padding_length */ - i++; - if (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG) - { - /* First packet is even in size, so check */ - if ((memcmp(s->s3->read_sequence, - "\0\0\0\0\0\0\0\0",8) == 0) && !(ii & 1)) - s->s3->flags|=TLS1_FLAGS_TLS_PADDING_BUG; - if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG) - i--; - } - /* TLS 1.0 does not bound the number of padding bytes by the block size. - * All of them must have value 'padding_length'. */ - if (i > (int)rec->length) - { - /* Incorrect padding. SSLerr() and ssl3_alert are done - * by caller: we don't want to reveal whether this is - * a decryption error or a MAC verification failure - * (see http://www.openssl.org/~bodo/tls-cbc.txt) - */ - return -1; - } - for (j=(int)(l-i); j<(int)l; j++) - { - if (rec->data[j] != ii) - { - /* Incorrect padding */ - return -1; - } - } - rec->length-=i; + /* Check for logic errors */ + OPENSSL_assert(!expected_len || s->s3->previous_client_finished_len); + OPENSSL_assert(!expected_len || s->s3->previous_server_finished_len); + + /* Parse the length byte */ + if(len < 1) + { + SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_ENCODING_ERR); + *al=SSL_AD_ILLEGAL_PARAMETER; + return 0; + } + ilen = *d; + d++; - rec->data += bs; /* skip the implicit IV */ - rec->input += bs; - rec->length -= bs; - } - } - return(1); - } + /* Consistency check */ + if(ilen+1 != len) + { + SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_ENCODING_ERR); + *al=SSL_AD_ILLEGAL_PARAMETER; + return 0; + } + + /* Check that the extension matches */ + if(ilen != expected_len) + { + SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_MISMATCH); + *al=SSL_AD_HANDSHAKE_FAILURE; + return 0; + } + + if(memcmp(d, s->s3->previous_client_finished, + s->s3->previous_client_finished_len)) + { + SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_MISMATCH); + *al=SSL_AD_HANDSHAKE_FAILURE; + return 0; + } + d += s->s3->previous_client_finished_len; + + if(memcmp(d, s->s3->previous_server_finished, + s->s3->previous_server_finished_len)) + { + SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_MISMATCH); + *al=SSL_AD_ILLEGAL_PARAMETER; + return 0; + } +#ifdef OPENSSL_RI_DEBUG + fprintf(stderr, "%s RI extension received by client\n", + ilen ? "Non-empty" : "Empty"); +#endif + s->s3->send_connection_binding=1; + return 1; + } diff --git a/crypto/openssl/ssl/tls1.h b/crypto/openssl/ssl/tls1.h index 2d1d293e1a..afe4807fa9 100644 --- a/crypto/openssl/ssl/tls1.h +++ b/crypto/openssl/ssl/tls1.h @@ -115,6 +115,9 @@ extern "C" { #define TLSEXT_TYPE_ec_point_formats 11 #define TLSEXT_TYPE_session_ticket 35 +/* Temporary extension type */ +#define TLSEXT_TYPE_renegotiate 0xff01 + /* NameType value from RFC 3546 */ #define TLSEXT_NAMETYPE_host_name 0 /* status request value from RFC 3546 */ @@ -169,9 +172,9 @@ SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_CB,(void (*)(void))cb) SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG,0, (void *)arg) #define SSL_CTX_get_tlsext_ticket_keys(ctx, keys, keylen) \ - SSL_CTX_ctrl((ctx),SSL_CTRL_GET_TLXEXT_TICKET_KEYS,(keylen),(keys)) + SSL_CTX_ctrl((ctx),SSL_CTRL_GET_TLSEXT_TICKET_KEYS,(keylen),(keys)) #define SSL_CTX_set_tlsext_ticket_keys(ctx, keys, keylen) \ - SSL_CTX_ctrl((ctx),SSL_CTRL_SET_TLXEXT_TICKET_KEYS,(keylen),(keys)) + SSL_CTX_ctrl((ctx),SSL_CTRL_SET_TLSEXT_TICKET_KEYS,(keylen),(keys)) #define SSL_CTX_set_tlsext_status_cb(ssl, cb) \ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB,(void (*)(void))cb) -- 2.41.0