summaryrefslogtreecommitdiff
path: root/src/lib/libssl/s3_srvr.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libssl/s3_srvr.c')
-rw-r--r--src/lib/libssl/s3_srvr.c106
1 files changed, 65 insertions, 41 deletions
diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c
index 66a4552237..89325b7be9 100644
--- a/src/lib/libssl/s3_srvr.c
+++ b/src/lib/libssl/s3_srvr.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_srvr.c,v 1.74 2014/07/11 15:18:52 miod Exp $ */ 1/* $OpenBSD: s3_srvr.c,v 1.75 2014/07/11 22:57:25 miod Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -894,18 +894,17 @@ ssl3_get_client_hello(SSL *s)
894 s->state = SSL3_ST_SR_CLNT_HELLO_B; 894 s->state = SSL3_ST_SR_CLNT_HELLO_B;
895 } 895 }
896 s->first_packet = 1; 896 s->first_packet = 1;
897 n = s->method->ssl_get_message(s, 897 n = s->method->ssl_get_message(s, SSL3_ST_SR_CLNT_HELLO_B,
898 SSL3_ST_SR_CLNT_HELLO_B, 898 SSL3_ST_SR_CLNT_HELLO_C, SSL3_MT_CLIENT_HELLO,
899 SSL3_ST_SR_CLNT_HELLO_C, 899 SSL3_RT_MAX_PLAIN_LENGTH, &ok);
900 SSL3_MT_CLIENT_HELLO,
901 SSL3_RT_MAX_PLAIN_LENGTH,
902 &ok);
903 900
904 if (!ok) 901 if (!ok)
905 return ((int)n); 902 return ((int)n);
906 s->first_packet = 0; 903 s->first_packet = 0;
907 d = p=(unsigned char *)s->init_msg; 904 d = p = (unsigned char *)s->init_msg;
908 905
906 if (2 > n)
907 goto truncated;
909 /* 908 /*
910 * Use version from inside client hello, not from record header. 909 * Use version from inside client hello, not from record header.
911 * (may differ: see RFC 2246, Appendix E, second paragraph) 910 * (may differ: see RFC 2246, Appendix E, second paragraph)
@@ -944,12 +943,17 @@ ssl3_get_client_hello(SSL *s)
944 return (1); 943 return (1);
945 } 944 }
946 945
946 if (p + SSL3_RANDOM_SIZE + 1 - d > n)
947 goto truncated;
948
947 /* load the client random */ 949 /* load the client random */
948 memcpy(s->s3->client_random, p, SSL3_RANDOM_SIZE); 950 memcpy(s->s3->client_random, p, SSL3_RANDOM_SIZE);
949 p += SSL3_RANDOM_SIZE; 951 p += SSL3_RANDOM_SIZE;
950 952
951 /* get the session-id */ 953 /* get the session-id */
952 j= *(p++); 954 j= *(p++);
955 if (p + j - d > n)
956 goto truncated;
953 957
954 s->hit = 0; 958 s->hit = 0;
955 /* 959 /*
@@ -988,6 +992,8 @@ ssl3_get_client_hello(SSL *s)
988 992
989 if (SSL_IS_DTLS(s)) { 993 if (SSL_IS_DTLS(s)) {
990 /* cookie stuff */ 994 /* cookie stuff */
995 if (p + 1 - d > n)
996 goto truncated;
991 cookie_len = *(p++); 997 cookie_len = *(p++);
992 998
993 /* 999 /*
@@ -1003,6 +1009,9 @@ ssl3_get_client_hello(SSL *s)
1003 goto f_err; 1009 goto f_err;
1004 } 1010 }
1005 1011
1012 if (p + cookie_len - d > n)
1013 goto truncated;
1014
1006 /* verify the cookie if appropriate option is set. */ 1015 /* verify the cookie if appropriate option is set. */
1007 if ((SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) && 1016 if ((SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) &&
1008 cookie_len > 0) { 1017 cookie_len > 0) {
@@ -1032,6 +1041,8 @@ ssl3_get_client_hello(SSL *s)
1032 p += cookie_len; 1041 p += cookie_len;
1033 } 1042 }
1034 1043
1044 if (p + 2 - d > n)
1045 goto truncated;
1035 n2s(p, i); 1046 n2s(p, i);
1036 if ((i == 0) && (j != 0)) { 1047 if ((i == 0) && (j != 0)) {
1037 /* we need a cipher if we are not resuming a session */ 1048 /* we need a cipher if we are not resuming a session */
@@ -1040,13 +1051,8 @@ ssl3_get_client_hello(SSL *s)
1040 SSL_R_NO_CIPHERS_SPECIFIED); 1051 SSL_R_NO_CIPHERS_SPECIFIED);
1041 goto f_err; 1052 goto f_err;
1042 } 1053 }
1043 if ((p + i) >= (d + n)) { 1054 if (p + i - d > n)
1044 /* not enough data */ 1055 goto truncated;
1045 al = SSL_AD_DECODE_ERROR;
1046 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
1047 SSL_R_LENGTH_MISMATCH);
1048 goto f_err;
1049 }
1050 if ((i > 0) && 1056 if ((i > 0) &&
1051 (ssl_bytes_to_cipher_list(s, p, i, &(ciphers)) == NULL)) { 1057 (ssl_bytes_to_cipher_list(s, p, i, &(ciphers)) == NULL)) {
1052 goto err; 1058 goto err;
@@ -1078,14 +1084,11 @@ ssl3_get_client_hello(SSL *s)
1078 } 1084 }
1079 1085
1080 /* compression */ 1086 /* compression */
1087 if (p + 1 - d > n)
1088 goto truncated;
1081 i= *(p++); 1089 i= *(p++);
1082 if ((p + i) > (d + n)) { 1090 if (p + i - d > n)
1083 /* not enough data */ 1091 goto truncated;
1084 al = SSL_AD_DECODE_ERROR;
1085 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
1086 SSL_R_LENGTH_MISMATCH);
1087 goto f_err;
1088 }
1089 for (j = 0; j < i; j++) { 1092 for (j = 0; j < i; j++) {
1090 if (p[j] == 0) 1093 if (p[j] == 0)
1091 break; 1094 break;
@@ -1247,6 +1250,9 @@ ssl3_get_client_hello(SSL *s)
1247 if (ret < 0) 1250 if (ret < 0)
1248 ret = 1; 1251 ret = 1;
1249 if (0) { 1252 if (0) {
1253truncated:
1254 al = SSL_AD_DECODE_ERROR;
1255 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_BAD_PACKET_LENGTH);
1250f_err: 1256f_err:
1251 ssl3_send_alert(s, SSL3_AL_FATAL, al); 1257 ssl3_send_alert(s, SSL3_AL_FATAL, al);
1252 } 1258 }
@@ -1847,7 +1853,7 @@ ssl3_get_client_key_exchange(SSL *s)
1847 int i, al, ok; 1853 int i, al, ok;
1848 long n; 1854 long n;
1849 unsigned long alg_k; 1855 unsigned long alg_k;
1850 unsigned char *p; 1856 unsigned char *d, *p;
1851 RSA *rsa = NULL; 1857 RSA *rsa = NULL;
1852 EVP_PKEY *pkey = NULL; 1858 EVP_PKEY *pkey = NULL;
1853 BIGNUM *pub = NULL; 1859 BIGNUM *pub = NULL;
@@ -1863,7 +1869,7 @@ ssl3_get_client_key_exchange(SSL *s)
1863 SSL3_ST_SR_KEY_EXCH_B, SSL3_MT_CLIENT_KEY_EXCHANGE, 2048, &ok); 1869 SSL3_ST_SR_KEY_EXCH_B, SSL3_MT_CLIENT_KEY_EXCHANGE, 2048, &ok);
1864 if (!ok) 1870 if (!ok)
1865 return ((int)n); 1871 return ((int)n);
1866 p = (unsigned char *)s->init_msg; 1872 d = p = (unsigned char *)s->init_msg;
1867 1873
1868 alg_k = s->s3->tmp.new_cipher->algorithm_mkey; 1874 alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
1869 1875
@@ -1897,6 +1903,8 @@ ssl3_get_client_key_exchange(SSL *s)
1897 1903
1898 /* TLS and [incidentally] DTLS{0xFEFF} */ 1904 /* TLS and [incidentally] DTLS{0xFEFF} */
1899 if (s->version > SSL3_VERSION && s->version != DTLS1_BAD_VER) { 1905 if (s->version > SSL3_VERSION && s->version != DTLS1_BAD_VER) {
1906 if (2 > n)
1907 goto truncated;
1900 n2s(p, i); 1908 n2s(p, i);
1901 if (n != i + 2) { 1909 if (n != i + 2) {
1902 if (!(s->options & SSL_OP_TLS_D5_BUG)) { 1910 if (!(s->options & SSL_OP_TLS_D5_BUG)) {
@@ -1919,6 +1927,8 @@ ssl3_get_client_key_exchange(SSL *s)
1919 /* SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_DECRYPT); */ 1927 /* SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_DECRYPT); */
1920 } 1928 }
1921 1929
1930 if (p + 2 - d > n) /* needed in the SSL3 case */
1931 goto truncated;
1922 if ((al == -1) && !((p[0] == (s->client_version >> 8)) && 1932 if ((al == -1) && !((p[0] == (s->client_version >> 8)) &&
1923 (p[1] == (s->client_version & 0xff)))) { 1933 (p[1] == (s->client_version & 0xff)))) {
1924 /* 1934 /*
@@ -1975,6 +1985,8 @@ ssl3_get_client_key_exchange(SSL *s)
1975 OPENSSL_cleanse(p, i); 1985 OPENSSL_cleanse(p, i);
1976 } else 1986 } else
1977 if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) { 1987 if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) {
1988 if (2 > n)
1989 goto truncated;
1978 n2s(p, i); 1990 n2s(p, i);
1979 if (n != i + 2) { 1991 if (n != i + 2) {
1980 if (!(s->options & SSL_OP_SSLEAY_080_CLIENT_DH_BUG)) { 1992 if (!(s->options & SSL_OP_SSLEAY_080_CLIENT_DH_BUG)) {
@@ -2206,6 +2218,8 @@ ssl3_get_client_key_exchange(SSL *s)
2206 client_pub_pkey) <= 0) 2218 client_pub_pkey) <= 0)
2207 ERR_clear_error(); 2219 ERR_clear_error();
2208 } 2220 }
2221 if (2 > n)
2222 goto truncated;
2209 /* Decrypt session key */ 2223 /* Decrypt session key */
2210 if (ASN1_get_object((const unsigned char **)&p, &Tlen, &Ttag, 2224 if (ASN1_get_object((const unsigned char **)&p, &Tlen, &Ttag,
2211 &Tclass, n) != V_ASN1_CONSTRUCTED || 2225 &Tclass, n) != V_ASN1_CONSTRUCTED ||
@@ -2242,11 +2256,14 @@ gerr:
2242 } else { 2256 } else {
2243 al = SSL_AD_HANDSHAKE_FAILURE; 2257 al = SSL_AD_HANDSHAKE_FAILURE;
2244 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, 2258 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2245 SSL_R_UNKNOWN_CIPHER_TYPE); 2259 SSL_R_UNKNOWN_CIPHER_TYPE);
2246 goto f_err; 2260 goto f_err;
2247 } 2261 }
2248 2262
2249 return (1); 2263 return (1);
2264truncated:
2265 al = SSL_AD_DECODE_ERROR;
2266 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, SSL_R_BAD_PACKET_LENGTH);
2250f_err: 2267f_err:
2251 ssl3_send_alert(s, SSL3_AL_FATAL, al); 2268 ssl3_send_alert(s, SSL3_AL_FATAL, al);
2252err: 2269err:
@@ -2338,6 +2355,8 @@ ssl3_get_cert_verify(SSL *s)
2338 al = SSL_AD_INTERNAL_ERROR; 2355 al = SSL_AD_INTERNAL_ERROR;
2339 goto f_err; 2356 goto f_err;
2340 } 2357 }
2358 if (2 > n)
2359 goto truncated;
2341 /* Check key type is consistent with signature */ 2360 /* Check key type is consistent with signature */
2342 if (sigalg != (int)p[1]) { 2361 if (sigalg != (int)p[1]) {
2343 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, 2362 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
@@ -2355,14 +2374,12 @@ ssl3_get_cert_verify(SSL *s)
2355 p += 2; 2374 p += 2;
2356 n -= 2; 2375 n -= 2;
2357 } 2376 }
2377 if (2 > n)
2378 goto truncated;
2358 n2s(p, i); 2379 n2s(p, i);
2359 n -= 2; 2380 n -= 2;
2360 if (i > n) { 2381 if (i > n)
2361 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, 2382 goto truncated;
2362 SSL_R_LENGTH_MISMATCH);
2363 al = SSL_AD_DECODE_ERROR;
2364 goto f_err;
2365 }
2366 } 2383 }
2367 j = EVP_PKEY_size(pkey); 2384 j = EVP_PKEY_size(pkey);
2368 if ((i > j) || (n > j) || (n <= 0)) { 2385 if ((i > j) || (n > j) || (n <= 0)) {
@@ -2445,7 +2462,10 @@ ssl3_get_cert_verify(SSL *s)
2445 EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new(pkey, NULL); 2462 EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new(pkey, NULL);
2446 EVP_PKEY_verify_init(pctx); 2463 EVP_PKEY_verify_init(pctx);
2447 if (i != 64) { 2464 if (i != 64) {
2448 fprintf(stderr, "GOST signature length is %d", i); 2465 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
2466 SSL_R_WRONG_SIGNATURE_SIZE);
2467 al = SSL_AD_DECODE_ERROR;
2468 goto f_err;
2449 } 2469 }
2450 for (idx = 0; idx < 64; idx++) { 2470 for (idx = 0; idx < 64; idx++) {
2451 signature[63 - idx] = p[idx]; 2471 signature[63 - idx] = p[idx];
@@ -2469,6 +2489,9 @@ ssl3_get_cert_verify(SSL *s)
2469 2489
2470 ret = 1; 2490 ret = 1;
2471 if (0) { 2491 if (0) {
2492truncated:
2493 al = SSL_AD_DECODE_ERROR;
2494 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, SSL_R_BAD_PACKET_LENGTH);
2472f_err: 2495f_err:
2473 ssl3_send_alert(s, SSL3_AL_FATAL, al); 2496 ssl3_send_alert(s, SSL3_AL_FATAL, al);
2474 } 2497 }
@@ -2490,7 +2513,6 @@ ssl3_get_client_certificate(SSL *s)
2490 X509 *x = NULL; 2513 X509 *x = NULL;
2491 unsigned long l, nc, llen, n; 2514 unsigned long l, nc, llen, n;
2492 const unsigned char *p, *q; 2515 const unsigned char *p, *q;
2493 unsigned char *d;
2494 STACK_OF(X509) *sk = NULL; 2516 STACK_OF(X509) *sk = NULL;
2495 2517
2496 n = s->method->ssl_get_message(s, SSL3_ST_SR_CERT_A, SSL3_ST_SR_CERT_B, 2518 n = s->method->ssl_get_message(s, SSL3_ST_SR_CERT_A, SSL3_ST_SR_CERT_B,
@@ -2528,7 +2550,7 @@ ssl3_get_client_certificate(SSL *s)
2528 SSL_R_WRONG_MESSAGE_TYPE); 2550 SSL_R_WRONG_MESSAGE_TYPE);
2529 goto f_err; 2551 goto f_err;
2530 } 2552 }
2531 p = d = (unsigned char *)s->init_msg; 2553 p = (const unsigned char *)s->init_msg;
2532 2554
2533 if ((sk = sk_X509_new_null()) == NULL) { 2555 if ((sk = sk_X509_new_null()) == NULL) {
2534 SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE, 2556 SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,
@@ -2536,16 +2558,14 @@ ssl3_get_client_certificate(SSL *s)
2536 goto err; 2558 goto err;
2537 } 2559 }
2538 2560
2561 if (3 > n)
2562 goto truncated;
2539 n2l3(p, llen); 2563 n2l3(p, llen);
2540 if (llen + 3 != n) { 2564 if (llen + 3 != n)
2541 al = SSL_AD_DECODE_ERROR; 2565 goto truncated;
2542 SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,
2543 SSL_R_LENGTH_MISMATCH);
2544 goto f_err;
2545 }
2546 for (nc = 0; nc < llen;) { 2566 for (nc = 0; nc < llen;) {
2547 n2l3(p, l); 2567 n2l3(p, l);
2548 if ((l + nc + 3) > llen) { 2568 if (l + nc + 3 > llen) {
2549 al = SSL_AD_DECODE_ERROR; 2569 al = SSL_AD_DECODE_ERROR;
2550 SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE, 2570 SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,
2551 SSL_R_CERT_LENGTH_MISMATCH); 2571 SSL_R_CERT_LENGTH_MISMATCH);
@@ -2635,6 +2655,10 @@ ssl3_get_client_certificate(SSL *s)
2635 2655
2636 ret = 1; 2656 ret = 1;
2637 if (0) { 2657 if (0) {
2658truncated:
2659 al = SSL_AD_DECODE_ERROR;
2660 SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,
2661 SSL_R_BAD_PACKET_LENGTH);
2638f_err: 2662f_err:
2639 ssl3_send_alert(s, SSL3_AL_FATAL, al); 2663 ssl3_send_alert(s, SSL3_AL_FATAL, al);
2640 } 2664 }
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-26 21:12:59 +0000