diff options
| author | djm <> | 2011-11-03 02:32:23 +0000 |
|---|---|---|
| committer | djm <> | 2011-11-03 02:32:23 +0000 |
| commit | 113f799ec7d1728f0a5d7ab5b0e3b42e3de56407 (patch) | |
| tree | 26d712b25a8fa580b8f2dfc6df470ba5ffea9eb7 /src/lib/libssl/s3_srvr.c | |
| parent | 829fd51d4f8dde4a7f3bf54754f3c1d1a502f5e2 (diff) | |
| download | openbsd-113f799ec7d1728f0a5d7ab5b0e3b42e3de56407.tar.gz openbsd-113f799ec7d1728f0a5d7ab5b0e3b42e3de56407.tar.bz2 openbsd-113f799ec7d1728f0a5d7ab5b0e3b42e3de56407.zip | |
import OpenSSL 1.0.0e
Diffstat (limited to 'src/lib/libssl/s3_srvr.c')
| -rw-r--r-- | src/lib/libssl/s3_srvr.c | 41 |
1 files changed, 31 insertions, 10 deletions
diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c index 92f73b6681..c3b5ff33ff 100644 --- a/src/lib/libssl/s3_srvr.c +++ b/src/lib/libssl/s3_srvr.c | |||
| @@ -768,9 +768,7 @@ int ssl3_check_client_hello(SSL *s) | |||
| 768 | if (s->s3->tmp.message_type == SSL3_MT_CLIENT_HELLO) | 768 | if (s->s3->tmp.message_type == SSL3_MT_CLIENT_HELLO) |
| 769 | { | 769 | { |
| 770 | /* Throw away what we have done so far in the current handshake, | 770 | /* Throw away what we have done so far in the current handshake, |
| 771 | * which will now be aborted. (A full SSL_clear would be too much.) | 771 | * which will now be aborted. (A full SSL_clear would be too much.) */ |
| 772 | * I hope that tmp.dh is the only thing that may need to be cleared | ||
| 773 | * when a handshake is not completed ... */ | ||
| 774 | #ifndef OPENSSL_NO_DH | 772 | #ifndef OPENSSL_NO_DH |
| 775 | if (s->s3->tmp.dh != NULL) | 773 | if (s->s3->tmp.dh != NULL) |
| 776 | { | 774 | { |
| @@ -778,6 +776,13 @@ int ssl3_check_client_hello(SSL *s) | |||
| 778 | s->s3->tmp.dh = NULL; | 776 | s->s3->tmp.dh = NULL; |
| 779 | } | 777 | } |
| 780 | #endif | 778 | #endif |
| 779 | #ifndef OPENSSL_NO_ECDH | ||
| 780 | if (s->s3->tmp.ecdh != NULL) | ||
| 781 | { | ||
| 782 | EC_KEY_free(s->s3->tmp.ecdh); | ||
| 783 | s->s3->tmp.ecdh = NULL; | ||
| 784 | } | ||
| 785 | #endif | ||
| 781 | return 2; | 786 | return 2; |
| 782 | } | 787 | } |
| 783 | return 1; | 788 | return 1; |
| @@ -985,6 +990,10 @@ int ssl3_get_client_hello(SSL *s) | |||
| 985 | break; | 990 | break; |
| 986 | } | 991 | } |
| 987 | } | 992 | } |
| 993 | /* Disabled because it can be used in a ciphersuite downgrade | ||
| 994 | * attack: CVE-2010-4180. | ||
| 995 | */ | ||
| 996 | #if 0 | ||
| 988 | if (j == 0 && (s->options & SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG) && (sk_SSL_CIPHER_num(ciphers) == 1)) | 997 | if (j == 0 && (s->options & SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG) && (sk_SSL_CIPHER_num(ciphers) == 1)) |
| 989 | { | 998 | { |
| 990 | /* Special case as client bug workaround: the previously used cipher may | 999 | /* Special case as client bug workaround: the previously used cipher may |
| @@ -999,6 +1008,7 @@ int ssl3_get_client_hello(SSL *s) | |||
| 999 | j = 1; | 1008 | j = 1; |
| 1000 | } | 1009 | } |
| 1001 | } | 1010 | } |
| 1011 | #endif | ||
| 1002 | if (j == 0) | 1012 | if (j == 0) |
| 1003 | { | 1013 | { |
| 1004 | /* we need to have the cipher in the cipher | 1014 | /* we need to have the cipher in the cipher |
| @@ -1486,7 +1496,6 @@ int ssl3_send_server_key_exchange(SSL *s) | |||
| 1486 | 1496 | ||
| 1487 | if (s->s3->tmp.dh != NULL) | 1497 | if (s->s3->tmp.dh != NULL) |
| 1488 | { | 1498 | { |
| 1489 | DH_free(dh); | ||
| 1490 | SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); | 1499 | SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); |
| 1491 | goto err; | 1500 | goto err; |
| 1492 | } | 1501 | } |
| @@ -1547,7 +1556,6 @@ int ssl3_send_server_key_exchange(SSL *s) | |||
| 1547 | 1556 | ||
| 1548 | if (s->s3->tmp.ecdh != NULL) | 1557 | if (s->s3->tmp.ecdh != NULL) |
| 1549 | { | 1558 | { |
| 1550 | EC_KEY_free(s->s3->tmp.ecdh); | ||
| 1551 | SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); | 1559 | SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); |
| 1552 | goto err; | 1560 | goto err; |
| 1553 | } | 1561 | } |
| @@ -1558,12 +1566,11 @@ int ssl3_send_server_key_exchange(SSL *s) | |||
| 1558 | SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB); | 1566 | SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB); |
| 1559 | goto err; | 1567 | goto err; |
| 1560 | } | 1568 | } |
| 1561 | if (!EC_KEY_up_ref(ecdhp)) | 1569 | if ((ecdh = EC_KEY_dup(ecdhp)) == NULL) |
| 1562 | { | 1570 | { |
| 1563 | SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB); | 1571 | SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB); |
| 1564 | goto err; | 1572 | goto err; |
| 1565 | } | 1573 | } |
| 1566 | ecdh = ecdhp; | ||
| 1567 | 1574 | ||
| 1568 | s->s3->tmp.ecdh=ecdh; | 1575 | s->s3->tmp.ecdh=ecdh; |
| 1569 | if ((EC_KEY_get0_public_key(ecdh) == NULL) || | 1576 | if ((EC_KEY_get0_public_key(ecdh) == NULL) || |
| @@ -1726,6 +1733,7 @@ int ssl3_send_server_key_exchange(SSL *s) | |||
| 1726 | (unsigned char *)encodedPoint, | 1733 | (unsigned char *)encodedPoint, |
| 1727 | encodedlen); | 1734 | encodedlen); |
| 1728 | OPENSSL_free(encodedPoint); | 1735 | OPENSSL_free(encodedPoint); |
| 1736 | encodedPoint = NULL; | ||
| 1729 | p += encodedlen; | 1737 | p += encodedlen; |
| 1730 | } | 1738 | } |
| 1731 | #endif | 1739 | #endif |
| @@ -2435,6 +2443,12 @@ int ssl3_get_client_key_exchange(SSL *s) | |||
| 2435 | /* Get encoded point length */ | 2443 | /* Get encoded point length */ |
| 2436 | i = *p; | 2444 | i = *p; |
| 2437 | p += 1; | 2445 | p += 1; |
| 2446 | if (n != 1 + i) | ||
| 2447 | { | ||
| 2448 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, | ||
| 2449 | ERR_R_EC_LIB); | ||
| 2450 | goto err; | ||
| 2451 | } | ||
| 2438 | if (EC_POINT_oct2point(group, | 2452 | if (EC_POINT_oct2point(group, |
| 2439 | clnt_ecpoint, p, i, bn_ctx) == 0) | 2453 | clnt_ecpoint, p, i, bn_ctx) == 0) |
| 2440 | { | 2454 | { |
| @@ -2579,12 +2593,19 @@ int ssl3_get_client_key_exchange(SSL *s) | |||
| 2579 | { | 2593 | { |
| 2580 | int ret = 0; | 2594 | int ret = 0; |
| 2581 | EVP_PKEY_CTX *pkey_ctx; | 2595 | EVP_PKEY_CTX *pkey_ctx; |
| 2582 | EVP_PKEY *client_pub_pkey = NULL; | 2596 | EVP_PKEY *client_pub_pkey = NULL, *pk = NULL; |
| 2583 | unsigned char premaster_secret[32], *start; | 2597 | unsigned char premaster_secret[32], *start; |
| 2584 | size_t outlen=32, inlen; | 2598 | size_t outlen=32, inlen; |
| 2599 | unsigned long alg_a; | ||
| 2585 | 2600 | ||
| 2586 | /* Get our certificate private key*/ | 2601 | /* Get our certificate private key*/ |
| 2587 | pkey_ctx = EVP_PKEY_CTX_new(s->cert->key->privatekey,NULL); | 2602 | alg_a = s->s3->tmp.new_cipher->algorithm_auth; |
| 2603 | if (alg_a & SSL_aGOST94) | ||
| 2604 | pk = s->cert->pkeys[SSL_PKEY_GOST94].privatekey; | ||
| 2605 | else if (alg_a & SSL_aGOST01) | ||
| 2606 | pk = s->cert->pkeys[SSL_PKEY_GOST01].privatekey; | ||
| 2607 | |||
| 2608 | pkey_ctx = EVP_PKEY_CTX_new(pk,NULL); | ||
| 2588 | EVP_PKEY_decrypt_init(pkey_ctx); | 2609 | EVP_PKEY_decrypt_init(pkey_ctx); |
| 2589 | /* If client certificate is present and is of the same type, maybe | 2610 | /* If client certificate is present and is of the same type, maybe |
| 2590 | * use it for key exchange. Don't mind errors from | 2611 | * use it for key exchange. Don't mind errors from |