diff options
| author | tedu <> | 2014-04-18 21:19:20 +0000 |
|---|---|---|
| committer | tedu <> | 2014-04-18 21:19:20 +0000 |
| commit | e8a4b91de8e814e5c5c14a4606081bac4fd958bb (patch) | |
| tree | ebf82b9d93da4f9c8e6c280b1c47a8bff3fa7ab1 /src/lib/libssl/t1_lib.c | |
| parent | 3003b76c7c4042048bfe7a344d529ec0f03dd638 (diff) | |
| download | openbsd-e8a4b91de8e814e5c5c14a4606081bac4fd958bb.tar.gz openbsd-e8a4b91de8e814e5c5c14a4606081bac4fd958bb.tar.bz2 openbsd-e8a4b91de8e814e5c5c14a4606081bac4fd958bb.zip | |
now that knf carpet bombing is finished, switch to hand to hand combat.
still not sure what to make of mysteries like this:
for (i = 7; i >= 0; i--) { /* increment */
Diffstat (limited to 'src/lib/libssl/t1_lib.c')
| -rw-r--r-- | src/lib/libssl/t1_lib.c | 182 |
1 files changed, 91 insertions, 91 deletions
diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c index 6ee2289153..f6cfb508f6 100644 --- a/src/lib/libssl/t1_lib.c +++ b/src/lib/libssl/t1_lib.c | |||
| @@ -152,8 +152,9 @@ tls1_default_timeout(void) | |||
| 152 | int | 152 | int |
| 153 | tls1_new(SSL *s) | 153 | tls1_new(SSL *s) |
| 154 | { | 154 | { |
| 155 | if (!ssl3_new(s)) return (0); | 155 | if (!ssl3_new(s)) |
| 156 | s->method->ssl_clear(s); | 156 | return (0); |
| 157 | s->method->ssl_clear(s); | ||
| 157 | return (1); | 158 | return (1); |
| 158 | } | 159 | } |
| 159 | 160 | ||
| @@ -349,13 +350,14 @@ unsigned char | |||
| 349 | unsigned char *ret = p; | 350 | unsigned char *ret = p; |
| 350 | 351 | ||
| 351 | /* don't add extensions for SSLv3 unless doing secure renegotiation */ | 352 | /* don't add extensions for SSLv3 unless doing secure renegotiation */ |
| 352 | if (s->client_version == SSL3_VERSION | 353 | if (s->client_version == SSL3_VERSION && |
| 353 | && !s->s3->send_connection_binding) | 354 | !s->s3->send_connection_binding) |
| 354 | return p; | 355 | return p; |
| 355 | 356 | ||
| 356 | ret += 2; | 357 | ret += 2; |
| 357 | 358 | ||
| 358 | if (ret>=limit) return NULL; /* this really never occurs, but ... */ | 359 | if (ret>=limit) |
| 360 | return NULL; /* this really never occurs, but ... */ | ||
| 359 | 361 | ||
| 360 | if (s->tlsext_hostname != NULL) { | 362 | if (s->tlsext_hostname != NULL) { |
| 361 | /* Add TLS extension servername to the Client Hello message */ | 363 | /* Add TLS extension servername to the Client Hello message */ |
| @@ -371,9 +373,9 @@ unsigned char | |||
| 371 | + hostname length | 373 | + hostname length |
| 372 | */ | 374 | */ |
| 373 | 375 | ||
| 374 | if ((lenmax = limit - ret - 9) < 0 | 376 | if ((lenmax = limit - ret - 9) < 0 || |
| 375 | || (size_str = strlen(s->tlsext_hostname)) > (unsigned long)lenmax) | 377 | (size_str = strlen(s->tlsext_hostname)) > (unsigned long)lenmax) |
| 376 | return NULL; | 378 | return NULL; |
| 377 | 379 | ||
| 378 | /* extension type and length */ | 380 | /* extension type and length */ |
| 379 | s2n(TLSEXT_TYPE_server_name, ret); | 381 | s2n(TLSEXT_TYPE_server_name, ret); |
| @@ -399,8 +401,8 @@ unsigned char | |||
| 399 | return NULL; | 401 | return NULL; |
| 400 | } | 402 | } |
| 401 | 403 | ||
| 402 | if ((limit - p - 4 - el) | 404 | if ((limit - p - 4 - el) < 0) |
| 403 | < 0) return NULL; | 405 | return NULL; |
| 404 | 406 | ||
| 405 | s2n(TLSEXT_TYPE_renegotiate, ret); | 407 | s2n(TLSEXT_TYPE_renegotiate, ret); |
| 406 | s2n(el, ret); | 408 | s2n(el, ret); |
| @@ -415,8 +417,8 @@ unsigned char | |||
| 415 | 417 | ||
| 416 | #ifndef OPENSSL_NO_SRP | 418 | #ifndef OPENSSL_NO_SRP |
| 417 | /* Add SRP username if there is one */ | 419 | /* Add SRP username if there is one */ |
| 418 | if (s->srp_ctx.login != NULL) | 420 | if (s->srp_ctx.login != NULL) { |
| 419 | { /* Add TLS extension SRP username to the Client Hello message */ | 421 | /* Add TLS extension SRP username to the Client Hello message */ |
| 420 | 422 | ||
| 421 | int login_len = strlen(s->srp_ctx.login); | 423 | int login_len = strlen(s->srp_ctx.login); |
| 422 | 424 | ||
| @@ -430,8 +432,8 @@ unsigned char | |||
| 430 | 1 for the srp user identity | 432 | 1 for the srp user identity |
| 431 | + srp user identity length | 433 | + srp user identity length |
| 432 | */ | 434 | */ |
| 433 | if ((limit - ret - 5 - login_len) | 435 | if ((limit - ret - 5 - login_len) < 0) |
| 434 | < 0) return NULL; | 436 | return NULL; |
| 435 | 437 | ||
| 436 | 438 | ||
| 437 | /* fill in the extension */ | 439 | /* fill in the extension */ |
| @@ -445,16 +447,16 @@ unsigned char | |||
| 445 | 447 | ||
| 446 | #ifndef OPENSSL_NO_EC | 448 | #ifndef OPENSSL_NO_EC |
| 447 | if (s->tlsext_ecpointformatlist != NULL && | 449 | if (s->tlsext_ecpointformatlist != NULL && |
| 448 | s->version != DTLS1_VERSION) { | 450 | s->version != DTLS1_VERSION) { |
| 449 | /* Add TLS extension ECPointFormats to the ClientHello message */ | 451 | /* Add TLS extension ECPointFormats to the ClientHello message */ |
| 450 | long lenmax; | 452 | long lenmax; |
| 451 | 453 | ||
| 454 | if ((lenmax = limit - ret - 5) < 0) | ||
| 455 | return NULL; | ||
| 452 | 456 | ||
| 453 | if ((lenmax = limit - ret - 5) | 457 | if (s->tlsext_ecpointformatlist_length > (unsigned long)lenmax) |
| 454 | < 0) return NULL; | 458 | return NULL; |
| 455 | 459 | if (s->tlsext_ecpointformatlist_length > 255) { | |
| 456 | if (s->tlsext_ecpointformatlist_length > (unsigned long)lenmax) return NULL; | ||
| 457 | if (s->tlsext_ecpointformatlist_length > 255) { | ||
| 458 | SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); | 460 | SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); |
| 459 | return NULL; | 461 | return NULL; |
| 460 | } | 462 | } |
| @@ -466,11 +468,10 @@ unsigned char | |||
| 466 | ret += s->tlsext_ecpointformatlist_length; | 468 | ret += s->tlsext_ecpointformatlist_length; |
| 467 | } | 469 | } |
| 468 | if (s->tlsext_ellipticcurvelist != NULL && | 470 | if (s->tlsext_ellipticcurvelist != NULL && |
| 469 | s->version != DTLS1_VERSION) { | 471 | s->version != DTLS1_VERSION) { |
| 470 | /* Add TLS extension EllipticCurves to the ClientHello message */ | 472 | /* Add TLS extension EllipticCurves to the ClientHello message */ |
| 471 | long lenmax; | 473 | long lenmax; |
| 472 | 474 | ||
| 473 | |||
| 474 | if ((lenmax = limit - ret - 6) | 475 | if ((lenmax = limit - ret - 6) |
| 475 | < 0) return NULL; | 476 | < 0) return NULL; |
| 476 | 477 | ||
| @@ -499,7 +500,7 @@ unsigned char | |||
| 499 | if (!s->new_session && s->session && s->session->tlsext_tick) | 500 | if (!s->new_session && s->session && s->session->tlsext_tick) |
| 500 | ticklen = s->session->tlsext_ticklen; | 501 | ticklen = s->session->tlsext_ticklen; |
| 501 | else if (s->session && s->tlsext_session_ticket && | 502 | else if (s->session && s->tlsext_session_ticket && |
| 502 | s->tlsext_session_ticket->data) { | 503 | s->tlsext_session_ticket->data) { |
| 503 | ticklen = s->tlsext_session_ticket->length; | 504 | ticklen = s->tlsext_session_ticket->length; |
| 504 | s->session->tlsext_tick = malloc(ticklen); | 505 | s->session->tlsext_tick = malloc(ticklen); |
| 505 | if (!s->session->tlsext_tick) | 506 | if (!s->session->tlsext_tick) |
| @@ -511,13 +512,14 @@ unsigned char | |||
| 511 | } else | 512 | } else |
| 512 | ticklen = 0; | 513 | ticklen = 0; |
| 513 | if (ticklen == 0 && s->tlsext_session_ticket && | 514 | if (ticklen == 0 && s->tlsext_session_ticket && |
| 514 | s->tlsext_session_ticket->data == NULL) | 515 | s->tlsext_session_ticket->data == NULL) |
| 515 | goto skip_ext; | 516 | goto skip_ext; |
| 516 | /* Check for enough room 2 for extension type, 2 for len | 517 | /* Check for enough room 2 for extension type, 2 for len |
| 517 | * rest for ticket | 518 | * rest for ticket |
| 518 | */ | 519 | */ |
| 519 | if ((long)(limit - ret - 4 - ticklen) < 0) return NULL; | 520 | if ((long)(limit - ret - 4 - ticklen) < 0) |
| 520 | s2n(TLSEXT_TYPE_session_ticket, ret); | 521 | return NULL; |
| 522 | s2n(TLSEXT_TYPE_session_ticket, ret); | ||
| 521 | 523 | ||
| 522 | s2n(ticklen, ret); | 524 | s2n(ticklen, ret); |
| 523 | if (ticklen) { | 525 | if (ticklen) { |
| @@ -525,7 +527,7 @@ unsigned char | |||
| 525 | ret += ticklen; | 527 | ret += ticklen; |
| 526 | } | 528 | } |
| 527 | } | 529 | } |
| 528 | skip_ext: | 530 | skip_ext: |
| 529 | 531 | ||
| 530 | if (TLS1_get_client_version(s) >= TLS1_2_VERSION) { | 532 | if (TLS1_get_client_version(s) >= TLS1_2_VERSION) { |
| 531 | if ((size_t)(limit - ret) < sizeof(tls12_sigalgs) + 6) | 533 | if ((size_t)(limit - ret) < sizeof(tls12_sigalgs) + 6) |
| @@ -558,7 +560,7 @@ unsigned char | |||
| 558 | #endif | 560 | #endif |
| 559 | 561 | ||
| 560 | if (s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp && | 562 | if (s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp && |
| 561 | s->version != DTLS1_VERSION) { | 563 | s->version != DTLS1_VERSION) { |
| 562 | int i; | 564 | int i; |
| 563 | long extlen, idlen, itmp; | 565 | long extlen, idlen, itmp; |
| 564 | OCSP_RESPID *id; | 566 | OCSP_RESPID *id; |
| @@ -579,8 +581,9 @@ unsigned char | |||
| 579 | } else | 581 | } else |
| 580 | extlen = 0; | 582 | extlen = 0; |
| 581 | 583 | ||
| 582 | if ((long)(limit - ret - 7 - extlen - idlen) < 0) return NULL; | 584 | if ((long)(limit - ret - 7 - extlen - idlen) < 0) |
| 583 | s2n(TLSEXT_TYPE_status_request, ret); | 585 | return NULL; |
| 586 | s2n(TLSEXT_TYPE_status_request, ret); | ||
| 584 | if (extlen + idlen > 0xFFF0) | 587 | if (extlen + idlen > 0xFFF0) |
| 585 | return NULL; | 588 | return NULL; |
| 586 | s2n(extlen + idlen + 5, ret); | 589 | s2n(extlen + idlen + 5, ret); |
| @@ -618,8 +621,8 @@ unsigned char | |||
| 618 | 621 | ||
| 619 | ssl_add_clienthello_use_srtp_ext(s, 0, &el, 0); | 622 | ssl_add_clienthello_use_srtp_ext(s, 0, &el, 0); |
| 620 | 623 | ||
| 621 | if ((limit - p - 4 - el) | 624 | if ((limit - p - 4 - el) < 0) |
| 622 | < 0) return NULL; | 625 | return NULL; |
| 623 | 626 | ||
| 624 | s2n(TLSEXT_TYPE_use_srtp, ret); | 627 | s2n(TLSEXT_TYPE_use_srtp, ret); |
| 625 | s2n(el, ret); | 628 | s2n(el, ret); |
| @@ -682,11 +685,12 @@ unsigned char | |||
| 682 | return p; | 685 | return p; |
| 683 | 686 | ||
| 684 | ret += 2; | 687 | ret += 2; |
| 685 | if (ret>=limit) return NULL; /* this really never occurs, but ... */ | 688 | if (ret>=limit) |
| 689 | return NULL; /* this really never occurs, but ... */ | ||
| 686 | 690 | ||
| 687 | if (!s->hit && s->servername_done == 1 && s->session->tlsext_hostname != NULL) { | 691 | if (!s->hit && s->servername_done == 1 && s->session->tlsext_hostname != NULL) { |
| 688 | if ((long)(limit - ret - 4) < 0) return NULL; | 692 | if ((long)(limit - ret - 4) < 0) |
| 689 | 693 | return NULL; | |
| 690 | 694 | ||
| 691 | s2n(TLSEXT_TYPE_server_name, ret); | 695 | s2n(TLSEXT_TYPE_server_name, ret); |
| 692 | s2n(0, ret); | 696 | s2n(0, ret); |
| @@ -724,8 +728,9 @@ unsigned char | |||
| 724 | if ((lenmax = limit - ret - 5) | 728 | if ((lenmax = limit - ret - 5) |
| 725 | < 0) return NULL; | 729 | < 0) return NULL; |
| 726 | 730 | ||
| 727 | if (s->tlsext_ecpointformatlist_length > (unsigned long)lenmax) return NULL; | 731 | if (s->tlsext_ecpointformatlist_length > (unsigned long)lenmax) |
| 728 | if (s->tlsext_ecpointformatlist_length > 255) { | 732 | return NULL; |
| 733 | if (s->tlsext_ecpointformatlist_length > 255) { | ||
| 729 | SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); | 734 | SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); |
| 730 | return NULL; | 735 | return NULL; |
| 731 | } | 736 | } |
| @@ -740,24 +745,24 @@ unsigned char | |||
| 740 | /* Currently the server should not respond with a SupportedCurves extension */ | 745 | /* Currently the server should not respond with a SupportedCurves extension */ |
| 741 | #endif /* OPENSSL_NO_EC */ | 746 | #endif /* OPENSSL_NO_EC */ |
| 742 | 747 | ||
| 743 | if (s->tlsext_ticket_expected | 748 | if (s->tlsext_ticket_expected && !(SSL_get_options(s) & SSL_OP_NO_TICKET)) { |
| 744 | && !(SSL_get_options(s) & SSL_OP_NO_TICKET)) { | 749 | if ((long)(limit - ret - 4) < 0) |
| 745 | if ((long)(limit - ret - 4) < 0) return NULL; | 750 | return NULL; |
| 746 | 751 | ||
| 747 | s2n(TLSEXT_TYPE_session_ticket, ret); | 752 | s2n(TLSEXT_TYPE_session_ticket, ret); |
| 748 | s2n(0, ret); | 753 | s2n(0, ret); |
| 749 | } | 754 | } |
| 750 | 755 | ||
| 751 | if (s->tlsext_status_expected) { | 756 | if (s->tlsext_status_expected) { |
| 752 | if ((long)(limit - ret - 4) < 0) return NULL; | 757 | if ((long)(limit - ret - 4) < 0) |
| 758 | return NULL; | ||
| 753 | 759 | ||
| 754 | s2n(TLSEXT_TYPE_status_request, ret); | 760 | s2n(TLSEXT_TYPE_status_request, ret); |
| 755 | s2n(0, ret); | 761 | s2n(0, ret); |
| 756 | } | 762 | } |
| 757 | 763 | ||
| 758 | #ifdef TLSEXT_TYPE_opaque_prf_input | 764 | #ifdef TLSEXT_TYPE_opaque_prf_input |
| 759 | if (s->s3->server_opaque_prf_input != NULL && | 765 | if (s->s3->server_opaque_prf_input != NULL && s->version != DTLS1_VERSION) { |
| 760 | s->version != DTLS1_VERSION) { | ||
| 761 | size_t sol = s->s3->server_opaque_prf_input_len; | 766 | size_t sol = s->s3->server_opaque_prf_input_len; |
| 762 | 767 | ||
| 763 | if ((long)(limit - ret - 6 - sol) < 0) | 768 | if ((long)(limit - ret - 6 - sol) < 0) |
| @@ -794,8 +799,9 @@ unsigned char | |||
| 794 | } | 799 | } |
| 795 | #endif | 800 | #endif |
| 796 | 801 | ||
| 797 | if (((s->s3->tmp.new_cipher->id & 0xFFFF) == 0x80 || (s->s3->tmp.new_cipher->id & 0xFFFF) == 0x81) | 802 | if (((s->s3->tmp.new_cipher->id & 0xFFFF) == 0x80 || |
| 798 | && (SSL_get_options(s) & SSL_OP_CRYPTOPRO_TLSEXT_BUG)) { | 803 | (s->s3->tmp.new_cipher->id & 0xFFFF) == 0x81) && |
| 804 | (SSL_get_options(s) & SSL_OP_CRYPTOPRO_TLSEXT_BUG)) { | ||
| 799 | const unsigned char cryptopro_ext[36] = { | 805 | const unsigned char cryptopro_ext[36] = { |
| 800 | 0xfd, 0xe8, /*65000*/ | 806 | 0xfd, 0xe8, /*65000*/ |
| 801 | 0x00, 0x20, /*32 bytes length*/ | 807 | 0x00, 0x20, /*32 bytes length*/ |
| @@ -820,8 +826,9 @@ unsigned char | |||
| 820 | 826 | ||
| 821 | r = s->ctx->next_protos_advertised_cb(s, &npa, &npalen, s->ctx->next_protos_advertised_cb_arg); | 827 | r = s->ctx->next_protos_advertised_cb(s, &npa, &npalen, s->ctx->next_protos_advertised_cb_arg); |
| 822 | if (r == SSL_TLSEXT_ERR_OK) { | 828 | if (r == SSL_TLSEXT_ERR_OK) { |
| 823 | if ((long)(limit - ret - 4 - npalen) < 0) return NULL; | 829 | if ((long)(limit - ret - 4 - npalen) < 0) |
| 824 | s2n(TLSEXT_TYPE_next_proto_neg, ret); | 830 | return NULL; |
| 831 | s2n(TLSEXT_TYPE_next_proto_neg, ret); | ||
| 825 | s2n(npalen, ret); | 832 | s2n(npalen, ret); |
| 826 | memcpy(ret, npa, npalen); | 833 | memcpy(ret, npa, npalen); |
| 827 | ret += npalen; | 834 | ret += npalen; |
| @@ -987,7 +994,6 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, | |||
| 987 | int servname_type; | 994 | int servname_type; |
| 988 | int dsize; | 995 | int dsize; |
| 989 | 996 | ||
| 990 | |||
| 991 | if (size < 2) { | 997 | if (size < 2) { |
| 992 | *al = SSL_AD_DECODE_ERROR; | 998 | *al = SSL_AD_DECODE_ERROR; |
| 993 | return 0; | 999 | return 0; |
| @@ -1013,7 +1019,7 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, | |||
| 1013 | } | 1019 | } |
| 1014 | if (s->servername_done == 0) | 1020 | if (s->servername_done == 0) |
| 1015 | switch (servname_type) { | 1021 | switch (servname_type) { |
| 1016 | case TLSEXT_NAMETYPE_host_name: | 1022 | case TLSEXT_NAMETYPE_host_name: |
| 1017 | if (!s->hit) { | 1023 | if (!s->hit) { |
| 1018 | if (s->session->tlsext_hostname) { | 1024 | if (s->session->tlsext_hostname) { |
| 1019 | *al = SSL_AD_DECODE_ERROR; | 1025 | *al = SSL_AD_DECODE_ERROR; |
| @@ -1038,14 +1044,14 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, | |||
| 1038 | s->servername_done = 1; | 1044 | s->servername_done = 1; |
| 1039 | 1045 | ||
| 1040 | 1046 | ||
| 1041 | } else | 1047 | } else { |
| 1042 | s->servername_done = s->session->tlsext_hostname | 1048 | s->servername_done = s->session->tlsext_hostname && |
| 1043 | && strlen(s->session->tlsext_hostname) == len | 1049 | strlen(s->session->tlsext_hostname) == len && |
| 1044 | && strncmp(s->session->tlsext_hostname, (char *)sdata, len) == 0; | 1050 | strncmp(s->session->tlsext_hostname, (char *)sdata, len) == 0; |
| 1045 | 1051 | } | |
| 1046 | break; | 1052 | break; |
| 1047 | 1053 | ||
| 1048 | default: | 1054 | default: |
| 1049 | break; | 1055 | break; |
| 1050 | } | 1056 | } |
| 1051 | 1057 | ||
| @@ -1285,12 +1291,12 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, | |||
| 1285 | return 0; | 1291 | return 0; |
| 1286 | } | 1292 | } |
| 1287 | } | 1293 | } |
| 1288 | } | 1294 | } else { |
| 1289 | /* We don't know what to do with any other type | 1295 | /* We don't know what to do with any other type |
| 1290 | * so ignore it. | 1296 | * so ignore it. |
| 1291 | */ | 1297 | */ |
| 1292 | else | ||
| 1293 | s->tlsext_status_type = -1; | 1298 | s->tlsext_status_type = -1; |
| 1299 | } | ||
| 1294 | } | 1300 | } |
| 1295 | #ifndef OPENSSL_NO_NEXTPROTONEG | 1301 | #ifndef OPENSSL_NO_NEXTPROTONEG |
| 1296 | else if (type == TLSEXT_TYPE_next_proto_neg && | 1302 | else if (type == TLSEXT_TYPE_next_proto_neg && |
| @@ -1317,9 +1323,8 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, | |||
| 1317 | /* session ticket processed earlier */ | 1323 | /* session ticket processed earlier */ |
| 1318 | #ifndef OPENSSL_NO_SRTP | 1324 | #ifndef OPENSSL_NO_SRTP |
| 1319 | else if (type == TLSEXT_TYPE_use_srtp) { | 1325 | else if (type == TLSEXT_TYPE_use_srtp) { |
| 1320 | if (ssl_parse_clienthello_use_srtp_ext(s, data, size, | 1326 | if (ssl_parse_clienthello_use_srtp_ext(s, data, size, al)) |
| 1321 | al)) | 1327 | return 0; |
| 1322 | return 0; | ||
| 1323 | } | 1328 | } |
| 1324 | #endif | 1329 | #endif |
| 1325 | 1330 | ||
| @@ -1404,7 +1409,6 @@ ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, int n, | |||
| 1404 | tlsext_servername = 1; | 1409 | tlsext_servername = 1; |
| 1405 | 1410 | ||
| 1406 | } | 1411 | } |
| 1407 | |||
| 1408 | #ifndef OPENSSL_NO_EC | 1412 | #ifndef OPENSSL_NO_EC |
| 1409 | else if (type == TLSEXT_TYPE_ec_point_formats && | 1413 | else if (type == TLSEXT_TYPE_ec_point_formats && |
| 1410 | s->version != DTLS1_VERSION) { | 1414 | s->version != DTLS1_VERSION) { |
| @@ -1434,15 +1438,13 @@ ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, int n, | |||
| 1434 | #endif | 1438 | #endif |
| 1435 | } | 1439 | } |
| 1436 | #endif /* OPENSSL_NO_EC */ | 1440 | #endif /* OPENSSL_NO_EC */ |
| 1437 | |||
| 1438 | else if (type == TLSEXT_TYPE_session_ticket) { | 1441 | else if (type == TLSEXT_TYPE_session_ticket) { |
| 1439 | if (s->tls_session_ticket_ext_cb && | 1442 | if (s->tls_session_ticket_ext_cb && |
| 1440 | !s->tls_session_ticket_ext_cb(s, data, size, s->tls_session_ticket_ext_cb_arg)) { | 1443 | !s->tls_session_ticket_ext_cb(s, data, size, s->tls_session_ticket_ext_cb_arg)) { |
| 1441 | *al = TLS1_AD_INTERNAL_ERROR; | 1444 | *al = TLS1_AD_INTERNAL_ERROR; |
| 1442 | return 0; | 1445 | return 0; |
| 1443 | } | 1446 | } |
| 1444 | if ((SSL_get_options(s) & SSL_OP_NO_TICKET) | 1447 | if ((SSL_get_options(s) & SSL_OP_NO_TICKET) || (size > 0)) { |
| 1445 | || (size > 0)) { | ||
| 1446 | *al = TLS1_AD_UNSUPPORTED_EXTENSION; | 1448 | *al = TLS1_AD_UNSUPPORTED_EXTENSION; |
| 1447 | return 0; | 1449 | return 0; |
| 1448 | } | 1450 | } |
| @@ -1450,7 +1452,7 @@ ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, int n, | |||
| 1450 | } | 1452 | } |
| 1451 | #ifdef TLSEXT_TYPE_opaque_prf_input | 1453 | #ifdef TLSEXT_TYPE_opaque_prf_input |
| 1452 | else if (type == TLSEXT_TYPE_opaque_prf_input && | 1454 | else if (type == TLSEXT_TYPE_opaque_prf_input && |
| 1453 | s->version != DTLS1_VERSION) { | 1455 | s->version != DTLS1_VERSION) { |
| 1454 | unsigned char *sdata = data; | 1456 | unsigned char *sdata = data; |
| 1455 | 1457 | ||
| 1456 | if (size < 2) { | 1458 | if (size < 2) { |
| @@ -1477,7 +1479,7 @@ ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, int n, | |||
| 1477 | } | 1479 | } |
| 1478 | #endif | 1480 | #endif |
| 1479 | else if (type == TLSEXT_TYPE_status_request && | 1481 | else if (type == TLSEXT_TYPE_status_request && |
| 1480 | s->version != DTLS1_VERSION) { | 1482 | s->version != DTLS1_VERSION) { |
| 1481 | /* MUST be empty and only sent if we've requested | 1483 | /* MUST be empty and only sent if we've requested |
| 1482 | * a status request message. | 1484 | * a status request message. |
| 1483 | */ | 1485 | */ |
| @@ -1490,7 +1492,7 @@ ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, int n, | |||
| 1490 | } | 1492 | } |
| 1491 | #ifndef OPENSSL_NO_NEXTPROTONEG | 1493 | #ifndef OPENSSL_NO_NEXTPROTONEG |
| 1492 | else if (type == TLSEXT_TYPE_next_proto_neg && | 1494 | else if (type == TLSEXT_TYPE_next_proto_neg && |
| 1493 | s->s3->tmp.finish_md_len == 0) { | 1495 | s->s3->tmp.finish_md_len == 0) { |
| 1494 | unsigned char *selected; | 1496 | unsigned char *selected; |
| 1495 | unsigned char selected_len; | 1497 | unsigned char selected_len; |
| 1496 | 1498 | ||
| @@ -1558,7 +1560,7 @@ ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, int n, | |||
| 1558 | 1560 | ||
| 1559 | *p = data; | 1561 | *p = data; |
| 1560 | 1562 | ||
| 1561 | ri_check: | 1563 | ri_check: |
| 1562 | 1564 | ||
| 1563 | /* Determine if we need to see RI. Strictly speaking if we want to | 1565 | /* Determine if we need to see RI. Strictly speaking if we want to |
| 1564 | * avoid an attack we should *always* see RI even on initial server | 1566 | * avoid an attack we should *always* see RI even on initial server |
| @@ -1567,8 +1569,7 @@ ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, int n, | |||
| 1567 | * which doesn't support RI so for the immediate future tolerate RI | 1569 | * which doesn't support RI so for the immediate future tolerate RI |
| 1568 | * absence on initial connect only. | 1570 | * absence on initial connect only. |
| 1569 | */ | 1571 | */ |
| 1570 | if (!renegotiate_seen | 1572 | if (!renegotiate_seen && !(s->options & SSL_OP_LEGACY_SERVER_CONNECT)) { |
| 1571 | && !(s->options & SSL_OP_LEGACY_SERVER_CONNECT)) { | ||
| 1572 | *al = SSL_AD_HANDSHAKE_FAILURE; | 1573 | *al = SSL_AD_HANDSHAKE_FAILURE; |
| 1573 | SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT, | 1574 | SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT, |
| 1574 | SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED); | 1575 | SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED); |
| @@ -1578,7 +1579,6 @@ ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, int n, | |||
| 1578 | return 1; | 1579 | return 1; |
| 1579 | } | 1580 | } |
| 1580 | 1581 | ||
| 1581 | |||
| 1582 | int | 1582 | int |
| 1583 | ssl_prepare_clienthello_tlsext(SSL *s) | 1583 | ssl_prepare_clienthello_tlsext(SSL *s) |
| 1584 | { | 1584 | { |
| @@ -1597,7 +1597,8 @@ ssl_prepare_clienthello_tlsext(SSL *s) | |||
| 1597 | 1597 | ||
| 1598 | alg_k = c->algorithm_mkey; | 1598 | alg_k = c->algorithm_mkey; |
| 1599 | alg_a = c->algorithm_auth; | 1599 | alg_a = c->algorithm_auth; |
| 1600 | if ((alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe) || (alg_a & SSL_aECDSA))) { | 1600 | if ((alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe) || |
| 1601 | (alg_a & SSL_aECDSA))) { | ||
| 1601 | using_ecc = 1; | 1602 | using_ecc = 1; |
| 1602 | break; | 1603 | break; |
| 1603 | } | 1604 | } |
| @@ -1625,9 +1626,8 @@ ssl_prepare_clienthello_tlsext(SSL *s) | |||
| 1625 | return -1; | 1626 | return -1; |
| 1626 | } | 1627 | } |
| 1627 | for (i = 0, j = s->tlsext_ellipticcurvelist; | 1628 | for (i = 0, j = s->tlsext_ellipticcurvelist; |
| 1628 | (unsigned int)i < | 1629 | (unsigned int)i < sizeof(pref_list)/sizeof(pref_list[0]); |
| 1629 | sizeof(pref_list)/sizeof(pref_list[0]); | 1630 | i++) { |
| 1630 | i++) { | ||
| 1631 | int id = tls1_ec_nid2curve_id(pref_list[i]); | 1631 | int id = tls1_ec_nid2curve_id(pref_list[i]); |
| 1632 | s2n(id, j); | 1632 | s2n(id, j); |
| 1633 | } | 1633 | } |
| @@ -1659,9 +1659,11 @@ ssl_prepare_clienthello_tlsext(SSL *s) | |||
| 1659 | s->s3->client_opaque_prf_input_len = s->tlsext_opaque_prf_input_len; | 1659 | s->s3->client_opaque_prf_input_len = s->tlsext_opaque_prf_input_len; |
| 1660 | } | 1660 | } |
| 1661 | 1661 | ||
| 1662 | if (r == 2) | 1662 | if (r == 2) { |
| 1663 | /* at callback's request, insist on receiving an appropriate server opaque PRF input */ | 1663 | /* at callback's request, insist on receiving an appropriate server opaque PRF input */ |
| 1664 | s->s3->server_opaque_prf_input_len = s->tlsext_opaque_prf_input_len; | 1664 | s->s3->server_opaque_prf_input_len = |
| 1665 | s->tlsext_opaque_prf_input_len; | ||
| 1666 | } | ||
| 1665 | } | 1667 | } |
| 1666 | #endif | 1668 | #endif |
| 1667 | 1669 | ||
| @@ -1743,7 +1745,7 @@ ssl_check_clienthello_tlsext_early(SSL *s) | |||
| 1743 | 1745 | ||
| 1744 | if (s->tlsext_opaque_prf_input != NULL) { | 1746 | if (s->tlsext_opaque_prf_input != NULL) { |
| 1745 | if (s->s3->client_opaque_prf_input != NULL && | 1747 | if (s->s3->client_opaque_prf_input != NULL && |
| 1746 | s->s3->client_opaque_prf_input_len == s->tlsext_opaque_prf_input_len) { | 1748 | s->s3->client_opaque_prf_input_len == s->tlsext_opaque_prf_input_len) { |
| 1747 | /* can only use this extension if we have a server opaque PRF input | 1749 | /* can only use this extension if we have a server opaque PRF input |
| 1748 | * of the same length as the client opaque PRF input! */ | 1750 | * of the same length as the client opaque PRF input! */ |
| 1749 | 1751 | ||
| @@ -1770,7 +1772,7 @@ ssl_check_clienthello_tlsext_early(SSL *s) | |||
| 1770 | } | 1772 | } |
| 1771 | } | 1773 | } |
| 1772 | 1774 | ||
| 1773 | err: | 1775 | err: |
| 1774 | #endif | 1776 | #endif |
| 1775 | switch (ret) { | 1777 | switch (ret) { |
| 1776 | case SSL_TLSEXT_ERR_ALERT_FATAL: | 1778 | case SSL_TLSEXT_ERR_ALERT_FATAL: |
| @@ -1842,12 +1844,10 @@ err: | |||
| 1842 | ssl3_send_alert(s, SSL3_AL_FATAL, al); | 1844 | ssl3_send_alert(s, SSL3_AL_FATAL, al); |
| 1843 | 1845 | ||
| 1844 | return -1; | 1846 | return -1; |
| 1845 | |||
| 1846 | case SSL_TLSEXT_ERR_ALERT_WARNING: | 1847 | case SSL_TLSEXT_ERR_ALERT_WARNING: |
| 1847 | ssl3_send_alert(s, SSL3_AL_WARNING, al); | 1848 | ssl3_send_alert(s, SSL3_AL_WARNING, al); |
| 1848 | return 1; | 1849 | return 1; |
| 1849 | 1850 | ||
| 1850 | |||
| 1851 | default: | 1851 | default: |
| 1852 | return 1; | 1852 | return 1; |
| 1853 | } | 1853 | } |
| @@ -1866,9 +1866,11 @@ ssl_check_serverhello_tlsext(SSL *s) | |||
| 1866 | */ | 1866 | */ |
| 1867 | unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey; | 1867 | unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey; |
| 1868 | unsigned long alg_a = s->s3->tmp.new_cipher->algorithm_auth; | 1868 | unsigned long alg_a = s->s3->tmp.new_cipher->algorithm_auth; |
| 1869 | if ((s->tlsext_ecpointformatlist != NULL) && (s->tlsext_ecpointformatlist_length > 0) && | 1869 | if ((s->tlsext_ecpointformatlist != NULL) && |
| 1870 | (s->session->tlsext_ecpointformatlist != NULL) && (s->session->tlsext_ecpointformatlist_length > 0) && | 1870 | (s->tlsext_ecpointformatlist_length > 0) && |
| 1871 | ((alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) || (alg_a & SSL_aECDSA))) { | 1871 | (s->session->tlsext_ecpointformatlist != NULL) && |
| 1872 | (s->session->tlsext_ecpointformatlist_length > 0) && | ||
| 1873 | ((alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) || (alg_a & SSL_aECDSA))) { | ||
| 1872 | /* we are using an ECC cipher */ | 1874 | /* we are using an ECC cipher */ |
| 1873 | size_t i; | 1875 | size_t i; |
| 1874 | unsigned char *list; | 1876 | unsigned char *list; |
| @@ -1943,12 +1945,10 @@ ssl_check_serverhello_tlsext(SSL *s) | |||
| 1943 | ssl3_send_alert(s, SSL3_AL_FATAL, al); | 1945 | ssl3_send_alert(s, SSL3_AL_FATAL, al); |
| 1944 | 1946 | ||
| 1945 | return -1; | 1947 | return -1; |
| 1946 | |||
| 1947 | case SSL_TLSEXT_ERR_ALERT_WARNING: | 1948 | case SSL_TLSEXT_ERR_ALERT_WARNING: |
| 1948 | ssl3_send_alert(s, SSL3_AL_WARNING, al); | 1949 | ssl3_send_alert(s, SSL3_AL_WARNING, al); |
| 1949 | return 1; | ||
| 1950 | |||
| 1951 | 1950 | ||
| 1951 | return 1; | ||
| 1952 | case SSL_TLSEXT_ERR_NOACK: | 1952 | case SSL_TLSEXT_ERR_NOACK: |
| 1953 | s->servername_done = 0; | 1953 | s->servername_done = 0; |
| 1954 | default: | 1954 | default: |
| @@ -2279,6 +2279,7 @@ tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize) | |||
| 2279 | int i, idx; | 2279 | int i, idx; |
| 2280 | const EVP_MD *md; | 2280 | const EVP_MD *md; |
| 2281 | CERT *c = s->cert; | 2281 | CERT *c = s->cert; |
| 2282 | |||
| 2282 | /* Extension ignored for TLS versions below 1.2 */ | 2283 | /* Extension ignored for TLS versions below 1.2 */ |
| 2283 | if (TLS1_get_version(s) < TLS1_2_VERSION) | 2284 | if (TLS1_get_version(s) < TLS1_2_VERSION) |
| 2284 | return 1; | 2285 | return 1; |
| @@ -2321,7 +2322,6 @@ tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize) | |||
| 2321 | 2322 | ||
| 2322 | } | 2323 | } |
| 2323 | 2324 | ||
| 2324 | |||
| 2325 | /* Set any remaining keys to default values. NOTE: if alg is not | 2325 | /* Set any remaining keys to default values. NOTE: if alg is not |
| 2326 | * supported it stays as NULL. | 2326 | * supported it stays as NULL. |
| 2327 | */ | 2327 | */ |