diff options
| -rw-r--r-- | src/lib/libssl/Makefile | 4 | ||||
| -rw-r--r-- | src/lib/libssl/ssl_lib.c | 157 | ||||
| -rw-r--r-- | src/lib/libssl/ssl_versions.c | 172 |
3 files changed, 175 insertions, 158 deletions
diff --git a/src/lib/libssl/Makefile b/src/lib/libssl/Makefile index 24606d1862..e80863719b 100644 --- a/src/lib/libssl/Makefile +++ b/src/lib/libssl/Makefile | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | # $OpenBSD: Makefile,v 1.29 2017/01/26 05:51:54 jsing Exp $ | 1 | # $OpenBSD: Makefile,v 1.30 2017/01/26 06:01:44 jsing Exp $ |
| 2 | 2 | ||
| 3 | .include <bsd.own.mk> | 3 | .include <bsd.own.mk> |
| 4 | .ifndef NOMAN | 4 | .ifndef NOMAN |
| @@ -32,7 +32,7 @@ SRCS= \ | |||
| 32 | ssl_ciph.c ssl_stat.c ssl_rsa.c \ | 32 | ssl_ciph.c ssl_stat.c ssl_rsa.c \ |
| 33 | ssl_asn1.c ssl_txt.c ssl_algs.c \ | 33 | ssl_asn1.c ssl_txt.c ssl_algs.c \ |
| 34 | bio_ssl.c ssl_err.c t1_reneg.c \ | 34 | bio_ssl.c ssl_err.c t1_reneg.c \ |
| 35 | ssl_packet.c pqueue.c | 35 | ssl_packet.c ssl_versions.c pqueue.c |
| 36 | SRCS+= s3_cbc.c | 36 | SRCS+= s3_cbc.c |
| 37 | SRCS+= bs_ber.c bs_cbb.c bs_cbs.c | 37 | SRCS+= bs_ber.c bs_cbb.c bs_cbs.c |
| 38 | 38 | ||
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c index 649b238bd9..6f31d6dcdf 100644 --- a/src/lib/libssl/ssl_lib.c +++ b/src/lib/libssl/ssl_lib.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_lib.c,v 1.151 2017/01/26 00:42:44 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_lib.c,v 1.152 2017/01/26 06:01:44 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -2492,161 +2492,6 @@ SSL_get_version(const SSL *s) | |||
| 2492 | return ssl_version_string(s->version); | 2492 | return ssl_version_string(s->version); |
| 2493 | } | 2493 | } |
| 2494 | 2494 | ||
| 2495 | static int | ||
| 2496 | ssl_clamp_version_range(uint16_t *min_ver, uint16_t *max_ver, | ||
| 2497 | uint16_t clamp_min, uint16_t clamp_max) | ||
| 2498 | { | ||
| 2499 | if (clamp_min > clamp_max || *min_ver > *max_ver) | ||
| 2500 | return 0; | ||
| 2501 | if (clamp_max < *min_ver || clamp_min > *max_ver) | ||
| 2502 | return 0; | ||
| 2503 | |||
| 2504 | if (*min_ver < clamp_min) | ||
| 2505 | *min_ver = clamp_min; | ||
| 2506 | if (*max_ver > clamp_max) | ||
| 2507 | *max_ver = clamp_max; | ||
| 2508 | |||
| 2509 | return 1; | ||
| 2510 | } | ||
| 2511 | |||
| 2512 | int | ||
| 2513 | ssl_enabled_version_range(SSL *s, uint16_t *min_ver, uint16_t *max_ver) | ||
| 2514 | { | ||
| 2515 | uint16_t min_version, max_version; | ||
| 2516 | |||
| 2517 | /* | ||
| 2518 | * The enabled versions have to be a contiguous range, which means we | ||
| 2519 | * cannot enable and disable single versions at our whim, even though | ||
| 2520 | * this is what the OpenSSL flags allow. The historical way this has | ||
| 2521 | * been handled is by making a flag mean that all higher versions | ||
| 2522 | * are disabled, if any version lower than the flag is enabled. | ||
| 2523 | */ | ||
| 2524 | |||
| 2525 | min_version = 0; | ||
| 2526 | max_version = TLS1_2_VERSION; | ||
| 2527 | |||
| 2528 | if ((s->internal->options & SSL_OP_NO_TLSv1) == 0) | ||
| 2529 | min_version = TLS1_VERSION; | ||
| 2530 | else if ((s->internal->options & SSL_OP_NO_TLSv1_1) == 0) | ||
| 2531 | min_version = TLS1_1_VERSION; | ||
| 2532 | else if ((s->internal->options & SSL_OP_NO_TLSv1_2) == 0) | ||
| 2533 | min_version = TLS1_2_VERSION; | ||
| 2534 | |||
| 2535 | if ((s->internal->options & SSL_OP_NO_TLSv1_2) && min_version < TLS1_2_VERSION) | ||
| 2536 | max_version = TLS1_1_VERSION; | ||
| 2537 | if ((s->internal->options & SSL_OP_NO_TLSv1_1) && min_version < TLS1_1_VERSION) | ||
| 2538 | max_version = TLS1_VERSION; | ||
| 2539 | if ((s->internal->options & SSL_OP_NO_TLSv1) && min_version < TLS1_VERSION) | ||
| 2540 | max_version = 0; | ||
| 2541 | |||
| 2542 | /* Everything has been disabled... */ | ||
| 2543 | if (min_version == 0 || max_version == 0) | ||
| 2544 | return 0; | ||
| 2545 | |||
| 2546 | /* Limit to configured version range. */ | ||
| 2547 | if (!ssl_clamp_version_range(&min_version, &max_version, | ||
| 2548 | s->internal->min_version, s->internal->max_version)) | ||
| 2549 | return 0; | ||
| 2550 | |||
| 2551 | if (min_ver != NULL) | ||
| 2552 | *min_ver = min_version; | ||
| 2553 | if (max_ver != NULL) | ||
| 2554 | *max_ver = max_version; | ||
| 2555 | |||
| 2556 | return 1; | ||
| 2557 | } | ||
| 2558 | |||
| 2559 | int | ||
| 2560 | ssl_supported_version_range(SSL *s, uint16_t *min_ver, uint16_t *max_ver) | ||
| 2561 | { | ||
| 2562 | uint16_t min_version, max_version; | ||
| 2563 | |||
| 2564 | /* DTLS cannot currently be disabled... */ | ||
| 2565 | if (SSL_IS_DTLS(s)) { | ||
| 2566 | min_version = max_version = DTLS1_VERSION; | ||
| 2567 | goto done; | ||
| 2568 | } | ||
| 2569 | |||
| 2570 | if (!ssl_enabled_version_range(s, &min_version, &max_version)) | ||
| 2571 | return 0; | ||
| 2572 | |||
| 2573 | /* Limit to the versions supported by this method. */ | ||
| 2574 | if (!ssl_clamp_version_range(&min_version, &max_version, | ||
| 2575 | s->method->internal->min_version, | ||
| 2576 | s->method->internal->max_version)) | ||
| 2577 | return 0; | ||
| 2578 | |||
| 2579 | done: | ||
| 2580 | if (min_ver != NULL) | ||
| 2581 | *min_ver = min_version; | ||
| 2582 | if (max_ver != NULL) | ||
| 2583 | *max_ver = max_version; | ||
| 2584 | |||
| 2585 | return 1; | ||
| 2586 | } | ||
| 2587 | |||
| 2588 | int | ||
| 2589 | ssl_max_shared_version(SSL *s, uint16_t peer_ver, uint16_t *max_ver) | ||
| 2590 | { | ||
| 2591 | uint16_t min_version, max_version, shared_version; | ||
| 2592 | |||
| 2593 | *max_ver = 0; | ||
| 2594 | |||
| 2595 | if (SSL_IS_DTLS(s)) { | ||
| 2596 | if (peer_ver >= DTLS1_VERSION) { | ||
| 2597 | *max_ver = DTLS1_VERSION; | ||
| 2598 | return 1; | ||
| 2599 | } | ||
| 2600 | return 0; | ||
| 2601 | } | ||
| 2602 | |||
| 2603 | if (peer_ver >= TLS1_2_VERSION) | ||
| 2604 | shared_version = TLS1_2_VERSION; | ||
| 2605 | else if (peer_ver >= TLS1_1_VERSION) | ||
| 2606 | shared_version = TLS1_1_VERSION; | ||
| 2607 | else if (peer_ver >= TLS1_VERSION) | ||
| 2608 | shared_version = TLS1_VERSION; | ||
| 2609 | else | ||
| 2610 | return 0; | ||
| 2611 | |||
| 2612 | if (!ssl_supported_version_range(s, &min_version, &max_version)) | ||
| 2613 | return 0; | ||
| 2614 | |||
| 2615 | if (shared_version < min_version) | ||
| 2616 | return 0; | ||
| 2617 | |||
| 2618 | if (shared_version > max_version) | ||
| 2619 | shared_version = max_version; | ||
| 2620 | |||
| 2621 | *max_ver = shared_version; | ||
| 2622 | |||
| 2623 | return 1; | ||
| 2624 | } | ||
| 2625 | |||
| 2626 | uint16_t | ||
| 2627 | ssl_max_server_version(SSL *s) | ||
| 2628 | { | ||
| 2629 | uint16_t max_version, min_version = 0; | ||
| 2630 | |||
| 2631 | if (SSL_IS_DTLS(s)) | ||
| 2632 | return (DTLS1_VERSION); | ||
| 2633 | |||
| 2634 | if (!ssl_enabled_version_range(s, &min_version, &max_version)) | ||
| 2635 | return 0; | ||
| 2636 | |||
| 2637 | /* | ||
| 2638 | * Limit to the versions supported by this method. The SSL method | ||
| 2639 | * will be changed during version negotiation, as such we want to | ||
| 2640 | * use the SSL method from the context. | ||
| 2641 | */ | ||
| 2642 | if (!ssl_clamp_version_range(&min_version, &max_version, | ||
| 2643 | s->ctx->method->internal->min_version, | ||
| 2644 | s->ctx->method->internal->max_version)) | ||
| 2645 | return 0; | ||
| 2646 | |||
| 2647 | return (max_version); | ||
| 2648 | } | ||
| 2649 | |||
| 2650 | SSL * | 2495 | SSL * |
| 2651 | SSL_dup(SSL *s) | 2496 | SSL_dup(SSL *s) |
| 2652 | { | 2497 | { |
diff --git a/src/lib/libssl/ssl_versions.c b/src/lib/libssl/ssl_versions.c new file mode 100644 index 0000000000..415d935fa5 --- /dev/null +++ b/src/lib/libssl/ssl_versions.c | |||
| @@ -0,0 +1,172 @@ | |||
| 1 | /* | ||
| 2 | * Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org> | ||
| 3 | * | ||
| 4 | * Permission to use, copy, modify, and distribute this software for any | ||
| 5 | * purpose with or without fee is hereby granted, provided that the above | ||
| 6 | * copyright notice and this permission notice appear in all copies. | ||
| 7 | * | ||
| 8 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES | ||
| 9 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF | ||
| 10 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR | ||
| 11 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES | ||
| 12 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN | ||
| 13 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF | ||
| 14 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. | ||
| 15 | */ | ||
| 16 | |||
| 17 | #include "ssl_locl.h" | ||
| 18 | |||
| 19 | static int | ||
| 20 | ssl_clamp_version_range(uint16_t *min_ver, uint16_t *max_ver, | ||
| 21 | uint16_t clamp_min, uint16_t clamp_max) | ||
| 22 | { | ||
| 23 | if (clamp_min > clamp_max || *min_ver > *max_ver) | ||
| 24 | return 0; | ||
| 25 | if (clamp_max < *min_ver || clamp_min > *max_ver) | ||
| 26 | return 0; | ||
| 27 | |||
| 28 | if (*min_ver < clamp_min) | ||
| 29 | *min_ver = clamp_min; | ||
| 30 | if (*max_ver > clamp_max) | ||
| 31 | *max_ver = clamp_max; | ||
| 32 | |||
| 33 | return 1; | ||
| 34 | } | ||
| 35 | |||
| 36 | int | ||
| 37 | ssl_enabled_version_range(SSL *s, uint16_t *min_ver, uint16_t *max_ver) | ||
| 38 | { | ||
| 39 | uint16_t min_version, max_version; | ||
| 40 | |||
| 41 | /* | ||
| 42 | * The enabled versions have to be a contiguous range, which means we | ||
| 43 | * cannot enable and disable single versions at our whim, even though | ||
| 44 | * this is what the OpenSSL flags allow. The historical way this has | ||
| 45 | * been handled is by making a flag mean that all higher versions | ||
| 46 | * are disabled, if any version lower than the flag is enabled. | ||
| 47 | */ | ||
| 48 | |||
| 49 | min_version = 0; | ||
| 50 | max_version = TLS1_2_VERSION; | ||
| 51 | |||
| 52 | if ((s->internal->options & SSL_OP_NO_TLSv1) == 0) | ||
| 53 | min_version = TLS1_VERSION; | ||
| 54 | else if ((s->internal->options & SSL_OP_NO_TLSv1_1) == 0) | ||
| 55 | min_version = TLS1_1_VERSION; | ||
| 56 | else if ((s->internal->options & SSL_OP_NO_TLSv1_2) == 0) | ||
| 57 | min_version = TLS1_2_VERSION; | ||
| 58 | |||
| 59 | if ((s->internal->options & SSL_OP_NO_TLSv1_2) && min_version < TLS1_2_VERSION) | ||
| 60 | max_version = TLS1_1_VERSION; | ||
| 61 | if ((s->internal->options & SSL_OP_NO_TLSv1_1) && min_version < TLS1_1_VERSION) | ||
| 62 | max_version = TLS1_VERSION; | ||
| 63 | if ((s->internal->options & SSL_OP_NO_TLSv1) && min_version < TLS1_VERSION) | ||
| 64 | max_version = 0; | ||
| 65 | |||
| 66 | /* Everything has been disabled... */ | ||
| 67 | if (min_version == 0 || max_version == 0) | ||
| 68 | return 0; | ||
| 69 | |||
| 70 | /* Limit to configured version range. */ | ||
| 71 | if (!ssl_clamp_version_range(&min_version, &max_version, | ||
| 72 | s->internal->min_version, s->internal->max_version)) | ||
| 73 | return 0; | ||
| 74 | |||
| 75 | if (min_ver != NULL) | ||
| 76 | *min_ver = min_version; | ||
| 77 | if (max_ver != NULL) | ||
| 78 | *max_ver = max_version; | ||
| 79 | |||
| 80 | return 1; | ||
| 81 | } | ||
| 82 | |||
| 83 | int | ||
| 84 | ssl_supported_version_range(SSL *s, uint16_t *min_ver, uint16_t *max_ver) | ||
| 85 | { | ||
| 86 | uint16_t min_version, max_version; | ||
| 87 | |||
| 88 | /* DTLS cannot currently be disabled... */ | ||
| 89 | if (SSL_IS_DTLS(s)) { | ||
| 90 | min_version = max_version = DTLS1_VERSION; | ||
| 91 | goto done; | ||
| 92 | } | ||
| 93 | |||
| 94 | if (!ssl_enabled_version_range(s, &min_version, &max_version)) | ||
| 95 | return 0; | ||
| 96 | |||
| 97 | /* Limit to the versions supported by this method. */ | ||
| 98 | if (!ssl_clamp_version_range(&min_version, &max_version, | ||
| 99 | s->method->internal->min_version, | ||
| 100 | s->method->internal->max_version)) | ||
| 101 | return 0; | ||
| 102 | |||
| 103 | done: | ||
| 104 | if (min_ver != NULL) | ||
| 105 | *min_ver = min_version; | ||
| 106 | if (max_ver != NULL) | ||
| 107 | *max_ver = max_version; | ||
| 108 | |||
| 109 | return 1; | ||
| 110 | } | ||
| 111 | |||
| 112 | int | ||
| 113 | ssl_max_shared_version(SSL *s, uint16_t peer_ver, uint16_t *max_ver) | ||
| 114 | { | ||
| 115 | uint16_t min_version, max_version, shared_version; | ||
| 116 | |||
| 117 | *max_ver = 0; | ||
| 118 | |||
| 119 | if (SSL_IS_DTLS(s)) { | ||
| 120 | if (peer_ver >= DTLS1_VERSION) { | ||
| 121 | *max_ver = DTLS1_VERSION; | ||
| 122 | return 1; | ||
| 123 | } | ||
| 124 | return 0; | ||
| 125 | } | ||
| 126 | |||
| 127 | if (peer_ver >= TLS1_2_VERSION) | ||
| 128 | shared_version = TLS1_2_VERSION; | ||
| 129 | else if (peer_ver >= TLS1_1_VERSION) | ||
| 130 | shared_version = TLS1_1_VERSION; | ||
| 131 | else if (peer_ver >= TLS1_VERSION) | ||
| 132 | shared_version = TLS1_VERSION; | ||
| 133 | else | ||
| 134 | return 0; | ||
| 135 | |||
| 136 | if (!ssl_supported_version_range(s, &min_version, &max_version)) | ||
| 137 | return 0; | ||
| 138 | |||
| 139 | if (shared_version < min_version) | ||
| 140 | return 0; | ||
| 141 | |||
| 142 | if (shared_version > max_version) | ||
| 143 | shared_version = max_version; | ||
| 144 | |||
| 145 | *max_ver = shared_version; | ||
| 146 | |||
| 147 | return 1; | ||
| 148 | } | ||
| 149 | |||
| 150 | uint16_t | ||
| 151 | ssl_max_server_version(SSL *s) | ||
| 152 | { | ||
| 153 | uint16_t max_version, min_version = 0; | ||
| 154 | |||
| 155 | if (SSL_IS_DTLS(s)) | ||
| 156 | return (DTLS1_VERSION); | ||
| 157 | |||
| 158 | if (!ssl_enabled_version_range(s, &min_version, &max_version)) | ||
| 159 | return 0; | ||
| 160 | |||
| 161 | /* | ||
| 162 | * Limit to the versions supported by this method. The SSL method | ||
| 163 | * will be changed during version negotiation, as such we want to | ||
| 164 | * use the SSL method from the context. | ||
| 165 | */ | ||
| 166 | if (!ssl_clamp_version_range(&min_version, &max_version, | ||
| 167 | s->ctx->method->internal->min_version, | ||
| 168 | s->ctx->method->internal->max_version)) | ||
| 169 | return 0; | ||
| 170 | |||
| 171 | return (max_version); | ||
| 172 | } | ||