diff options
Diffstat (limited to 'src/lib/libssl/t1_lib.c')
| -rw-r--r-- | src/lib/libssl/t1_lib.c | 269 | 
1 files changed, 208 insertions, 61 deletions
| diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c index a649dafba9..bddffd92cc 100644 --- a/src/lib/libssl/t1_lib.c +++ b/src/lib/libssl/t1_lib.c | |||
| @@ -342,19 +342,11 @@ static unsigned char tls12_sigalgs[] = { | |||
| 342 | #ifndef OPENSSL_NO_SHA | 342 | #ifndef OPENSSL_NO_SHA | 
| 343 | tlsext_sigalg(TLSEXT_hash_sha1) | 343 | tlsext_sigalg(TLSEXT_hash_sha1) | 
| 344 | #endif | 344 | #endif | 
| 345 | #ifndef OPENSSL_NO_MD5 | ||
| 346 | tlsext_sigalg_rsa(TLSEXT_hash_md5) | ||
| 347 | #endif | ||
| 348 | }; | 345 | }; | 
| 349 | 346 | ||
| 350 | int tls12_get_req_sig_algs(SSL *s, unsigned char *p) | 347 | int tls12_get_req_sig_algs(SSL *s, unsigned char *p) | 
| 351 | { | 348 | { | 
| 352 | size_t slen = sizeof(tls12_sigalgs); | 349 | size_t slen = sizeof(tls12_sigalgs); | 
| 353 | #ifdef OPENSSL_FIPS | ||
| 354 | /* If FIPS mode don't include MD5 which is last */ | ||
| 355 | if (FIPS_mode()) | ||
| 356 | slen -= 2; | ||
| 357 | #endif | ||
| 358 | if (p) | 350 | if (p) | 
| 359 | memcpy(p, tls12_sigalgs, slen); | 351 | memcpy(p, tls12_sigalgs, slen); | 
| 360 | return (int)slen; | 352 | return (int)slen; | 
| @@ -649,6 +641,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha | |||
| 649 | } | 641 | } | 
| 650 | #endif | 642 | #endif | 
| 651 | 643 | ||
| 644 | #ifndef OPENSSL_NO_SRTP | ||
| 652 | if(SSL_get_srtp_profiles(s)) | 645 | if(SSL_get_srtp_profiles(s)) | 
| 653 | { | 646 | { | 
| 654 | int el; | 647 | int el; | 
| @@ -667,6 +660,37 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha | |||
| 667 | } | 660 | } | 
| 668 | ret += el; | 661 | ret += el; | 
| 669 | } | 662 | } | 
| 663 | #endif | ||
| 664 | |||
| 665 | #ifdef TLSEXT_TYPE_padding | ||
| 666 | /* Add padding to workaround bugs in F5 terminators. | ||
| 667 | * See https://tools.ietf.org/html/draft-agl-tls-padding-03 | ||
| 668 | * | ||
| 669 | * NB: because this code works out the length of all existing | ||
| 670 | * extensions it MUST always appear last. | ||
| 671 | */ | ||
| 672 | { | ||
| 673 | int hlen = ret - (unsigned char *)s->init_buf->data; | ||
| 674 | /* The code in s23_clnt.c to build ClientHello messages includes the | ||
| 675 | * 5-byte record header in the buffer, while the code in s3_clnt.c does | ||
| 676 | * not. */ | ||
| 677 | if (s->state == SSL23_ST_CW_CLNT_HELLO_A) | ||
| 678 | hlen -= 5; | ||
| 679 | if (hlen > 0xff && hlen < 0x200) | ||
| 680 | { | ||
| 681 | hlen = 0x200 - hlen; | ||
| 682 | if (hlen >= 4) | ||
| 683 | hlen -= 4; | ||
| 684 | else | ||
| 685 | hlen = 0; | ||
| 686 | |||
| 687 | s2n(TLSEXT_TYPE_padding, ret); | ||
| 688 | s2n(hlen, ret); | ||
| 689 | memset(ret, 0, hlen); | ||
| 690 | ret += hlen; | ||
| 691 | } | ||
| 692 | } | ||
| 693 | #endif | ||
| 670 | 694 | ||
| 671 | if ((extdatalen = ret-p-2)== 0) | 695 | if ((extdatalen = ret-p-2)== 0) | 
| 672 | return p; | 696 | return p; | 
| @@ -781,6 +805,7 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned cha | |||
| 781 | } | 805 | } | 
| 782 | #endif | 806 | #endif | 
| 783 | 807 | ||
| 808 | #ifndef OPENSSL_NO_SRTP | ||
| 784 | if(s->srtp_profile) | 809 | if(s->srtp_profile) | 
| 785 | { | 810 | { | 
| 786 | int el; | 811 | int el; | 
| @@ -799,6 +824,7 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned cha | |||
| 799 | } | 824 | } | 
| 800 | ret+=el; | 825 | ret+=el; | 
| 801 | } | 826 | } | 
| 827 | #endif | ||
| 802 | 828 | ||
| 803 | if (((s->s3->tmp.new_cipher->id & 0xFFFF)==0x80 || (s->s3->tmp.new_cipher->id & 0xFFFF)==0x81) | 829 | if (((s->s3->tmp.new_cipher->id & 0xFFFF)==0x80 || (s->s3->tmp.new_cipher->id & 0xFFFF)==0x81) | 
| 804 | && (SSL_get_options(s) & SSL_OP_CRYPTOPRO_TLSEXT_BUG)) | 830 | && (SSL_get_options(s) & SSL_OP_CRYPTOPRO_TLSEXT_BUG)) | 
| @@ -862,6 +888,89 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned cha | |||
| 862 | return ret; | 888 | return ret; | 
| 863 | } | 889 | } | 
| 864 | 890 | ||
| 891 | #ifndef OPENSSL_NO_EC | ||
| 892 | /* ssl_check_for_safari attempts to fingerprint Safari using OS X | ||
| 893 | * SecureTransport using the TLS extension block in |d|, of length |n|. | ||
| 894 | * Safari, since 10.6, sends exactly these extensions, in this order: | ||
| 895 | * SNI, | ||
| 896 | * elliptic_curves | ||
| 897 | * ec_point_formats | ||
| 898 | * | ||
| 899 | * We wish to fingerprint Safari because they broke ECDHE-ECDSA support in 10.8, | ||
| 900 | * but they advertise support. So enabling ECDHE-ECDSA ciphers breaks them. | ||
| 901 | * Sadly we cannot differentiate 10.6, 10.7 and 10.8.4 (which work), from | ||
| 902 | * 10.8..10.8.3 (which don't work). | ||
| 903 | */ | ||
| 904 | static void ssl_check_for_safari(SSL *s, const unsigned char *data, const unsigned char *d, int n) { | ||
| 905 | unsigned short type, size; | ||
| 906 | static const unsigned char kSafariExtensionsBlock[] = { | ||
| 907 | 0x00, 0x0a, /* elliptic_curves extension */ | ||
| 908 | 0x00, 0x08, /* 8 bytes */ | ||
| 909 | 0x00, 0x06, /* 6 bytes of curve ids */ | ||
| 910 | 0x00, 0x17, /* P-256 */ | ||
| 911 | 0x00, 0x18, /* P-384 */ | ||
| 912 | 0x00, 0x19, /* P-521 */ | ||
| 913 | |||
| 914 | 0x00, 0x0b, /* ec_point_formats */ | ||
| 915 | 0x00, 0x02, /* 2 bytes */ | ||
| 916 | 0x01, /* 1 point format */ | ||
| 917 | 0x00, /* uncompressed */ | ||
| 918 | }; | ||
| 919 | |||
| 920 | /* The following is only present in TLS 1.2 */ | ||
| 921 | static const unsigned char kSafariTLS12ExtensionsBlock[] = { | ||
| 922 | 0x00, 0x0d, /* signature_algorithms */ | ||
| 923 | 0x00, 0x0c, /* 12 bytes */ | ||
| 924 | 0x00, 0x0a, /* 10 bytes */ | ||
| 925 | 0x05, 0x01, /* SHA-384/RSA */ | ||
| 926 | 0x04, 0x01, /* SHA-256/RSA */ | ||
| 927 | 0x02, 0x01, /* SHA-1/RSA */ | ||
| 928 | 0x04, 0x03, /* SHA-256/ECDSA */ | ||
| 929 | 0x02, 0x03, /* SHA-1/ECDSA */ | ||
| 930 | }; | ||
| 931 | |||
| 932 | if (data >= (d+n-2)) | ||
| 933 | return; | ||
| 934 | data += 2; | ||
| 935 | |||
| 936 | if (data > (d+n-4)) | ||
| 937 | return; | ||
| 938 | n2s(data,type); | ||
| 939 | n2s(data,size); | ||
| 940 | |||
| 941 | if (type != TLSEXT_TYPE_server_name) | ||
| 942 | return; | ||
| 943 | |||
| 944 | if (data+size > d+n) | ||
| 945 | return; | ||
| 946 | data += size; | ||
| 947 | |||
| 948 | if (TLS1_get_client_version(s) >= TLS1_2_VERSION) | ||
| 949 | { | ||
| 950 | const size_t len1 = sizeof(kSafariExtensionsBlock); | ||
| 951 | const size_t len2 = sizeof(kSafariTLS12ExtensionsBlock); | ||
| 952 | |||
| 953 | if (data + len1 + len2 != d+n) | ||
| 954 | return; | ||
| 955 | if (memcmp(data, kSafariExtensionsBlock, len1) != 0) | ||
| 956 | return; | ||
| 957 | if (memcmp(data + len1, kSafariTLS12ExtensionsBlock, len2) != 0) | ||
| 958 | return; | ||
| 959 | } | ||
| 960 | else | ||
| 961 | { | ||
| 962 | const size_t len = sizeof(kSafariExtensionsBlock); | ||
| 963 | |||
| 964 | if (data + len != d+n) | ||
| 965 | return; | ||
| 966 | if (memcmp(data, kSafariExtensionsBlock, len) != 0) | ||
| 967 | return; | ||
| 968 | } | ||
| 969 | |||
| 970 | s->s3->is_probably_safari = 1; | ||
| 971 | } | ||
| 972 | #endif /* !OPENSSL_NO_EC */ | ||
| 973 | |||
| 865 | int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, int n, int *al) | 974 | int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, int n, int *al) | 
| 866 | { | 975 | { | 
| 867 | unsigned short type; | 976 | unsigned short type; | 
| @@ -882,6 +991,11 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in | |||
| 882 | SSL_TLSEXT_HB_DONT_SEND_REQUESTS); | 991 | SSL_TLSEXT_HB_DONT_SEND_REQUESTS); | 
| 883 | #endif | 992 | #endif | 
| 884 | 993 | ||
| 994 | #ifndef OPENSSL_NO_EC | ||
| 995 | if (s->options & SSL_OP_SAFARI_ECDHE_ECDSA_BUG) | ||
| 996 | ssl_check_for_safari(s, data, d, n); | ||
| 997 | #endif /* !OPENSSL_NO_EC */ | ||
| 998 | |||
| 885 | if (data >= (d+n-2)) | 999 | if (data >= (d+n-2)) | 
| 886 | goto ri_check; | 1000 | goto ri_check; | 
| 887 | n2s(data,len); | 1001 | n2s(data,len); | 
| @@ -1077,7 +1191,8 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in | |||
| 1077 | int ellipticcurvelist_length = (*(sdata++) << 8); | 1191 | int ellipticcurvelist_length = (*(sdata++) << 8); | 
| 1078 | ellipticcurvelist_length += (*(sdata++)); | 1192 | ellipticcurvelist_length += (*(sdata++)); | 
| 1079 | 1193 | ||
| 1080 | if (ellipticcurvelist_length != size - 2) | 1194 | if (ellipticcurvelist_length != size - 2 || | 
| 1195 | ellipticcurvelist_length < 1) | ||
| 1081 | { | 1196 | { | 
| 1082 | *al = TLS1_AD_DECODE_ERROR; | 1197 | *al = TLS1_AD_DECODE_ERROR; | 
| 1083 | return 0; | 1198 | return 0; | 
| @@ -1176,7 +1291,7 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in | |||
| 1176 | } | 1291 | } | 
| 1177 | } | 1292 | } | 
| 1178 | else if (type == TLSEXT_TYPE_status_request && | 1293 | else if (type == TLSEXT_TYPE_status_request && | 
| 1179 | s->version != DTLS1_VERSION && s->ctx->tlsext_status_cb) | 1294 | s->version != DTLS1_VERSION) | 
| 1180 | { | 1295 | { | 
| 1181 | 1296 | ||
| 1182 | if (size < 5) | 1297 | if (size < 5) | 
| @@ -1328,12 +1443,14 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in | |||
| 1328 | #endif | 1443 | #endif | 
| 1329 | 1444 | ||
| 1330 | /* session ticket processed earlier */ | 1445 | /* session ticket processed earlier */ | 
| 1446 | #ifndef OPENSSL_NO_SRTP | ||
| 1331 | else if (type == TLSEXT_TYPE_use_srtp) | 1447 | else if (type == TLSEXT_TYPE_use_srtp) | 
| 1332 | { | 1448 | { | 
| 1333 | if(ssl_parse_clienthello_use_srtp_ext(s, data, size, | 1449 | if(ssl_parse_clienthello_use_srtp_ext(s, data, size, | 
| 1334 | al)) | 1450 | al)) | 
| 1335 | return 0; | 1451 | return 0; | 
| 1336 | } | 1452 | } | 
| 1453 | #endif | ||
| 1337 | 1454 | ||
| 1338 | data+=size; | 1455 | data+=size; | 
| 1339 | } | 1456 | } | 
| @@ -1433,7 +1550,8 @@ int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in | |||
| 1433 | unsigned char *sdata = data; | 1550 | unsigned char *sdata = data; | 
| 1434 | int ecpointformatlist_length = *(sdata++); | 1551 | int ecpointformatlist_length = *(sdata++); | 
| 1435 | 1552 | ||
| 1436 | if (ecpointformatlist_length != size - 1) | 1553 | if (ecpointformatlist_length != size - 1 || | 
| 1554 | ecpointformatlist_length < 1) | ||
| 1437 | { | 1555 | { | 
| 1438 | *al = TLS1_AD_DECODE_ERROR; | 1556 | *al = TLS1_AD_DECODE_ERROR; | 
| 1439 | return 0; | 1557 | return 0; | 
| @@ -1527,7 +1645,7 @@ int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in | |||
| 1527 | unsigned char selected_len; | 1645 | unsigned char selected_len; | 
| 1528 | 1646 | ||
| 1529 | /* We must have requested it. */ | 1647 | /* We must have requested it. */ | 
| 1530 | if ((s->ctx->next_proto_select_cb == NULL)) | 1648 | if (s->ctx->next_proto_select_cb == NULL) | 
| 1531 | { | 1649 | { | 
| 1532 | *al = TLS1_AD_UNSUPPORTED_EXTENSION; | 1650 | *al = TLS1_AD_UNSUPPORTED_EXTENSION; | 
| 1533 | return 0; | 1651 | return 0; | 
| @@ -1577,12 +1695,14 @@ int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in | |||
| 1577 | } | 1695 | } | 
| 1578 | } | 1696 | } | 
| 1579 | #endif | 1697 | #endif | 
| 1698 | #ifndef OPENSSL_NO_SRTP | ||
| 1580 | else if (type == TLSEXT_TYPE_use_srtp) | 1699 | else if (type == TLSEXT_TYPE_use_srtp) | 
| 1581 | { | 1700 | { | 
| 1582 | if(ssl_parse_serverhello_use_srtp_ext(s, data, size, | 1701 | if(ssl_parse_serverhello_use_srtp_ext(s, data, size, | 
| 1583 | al)) | 1702 | al)) | 
| 1584 | return 0; | 1703 | return 0; | 
| 1585 | } | 1704 | } | 
| 1705 | #endif | ||
| 1586 | 1706 | ||
| 1587 | data+=size; | 1707 | data+=size; | 
| 1588 | } | 1708 | } | 
| @@ -1763,7 +1883,7 @@ int ssl_prepare_serverhello_tlsext(SSL *s) | |||
| 1763 | return 1; | 1883 | return 1; | 
| 1764 | } | 1884 | } | 
| 1765 | 1885 | ||
| 1766 | int ssl_check_clienthello_tlsext(SSL *s) | 1886 | int ssl_check_clienthello_tlsext_early(SSL *s) | 
| 1767 | { | 1887 | { | 
| 1768 | int ret=SSL_TLSEXT_ERR_NOACK; | 1888 | int ret=SSL_TLSEXT_ERR_NOACK; | 
| 1769 | int al = SSL_AD_UNRECOGNIZED_NAME; | 1889 | int al = SSL_AD_UNRECOGNIZED_NAME; | 
| @@ -1782,42 +1902,12 @@ int ssl_check_clienthello_tlsext(SSL *s) | |||
| 1782 | else if (s->initial_ctx != NULL && s->initial_ctx->tlsext_servername_callback != 0) | 1902 | else if (s->initial_ctx != NULL && s->initial_ctx->tlsext_servername_callback != 0) | 
| 1783 | ret = s->initial_ctx->tlsext_servername_callback(s, &al, s->initial_ctx->tlsext_servername_arg); | 1903 | ret = s->initial_ctx->tlsext_servername_callback(s, &al, s->initial_ctx->tlsext_servername_arg); | 
| 1784 | 1904 | ||
| 1785 | /* If status request then ask callback what to do. | ||
| 1786 | * Note: this must be called after servername callbacks in case | ||
| 1787 | * the certificate has changed. | ||
| 1788 | */ | ||
| 1789 | if ((s->tlsext_status_type != -1) && s->ctx && s->ctx->tlsext_status_cb) | ||
| 1790 | { | ||
| 1791 | int r; | ||
| 1792 | r = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg); | ||
| 1793 | switch (r) | ||
| 1794 | { | ||
| 1795 | /* We don't want to send a status request response */ | ||
| 1796 | case SSL_TLSEXT_ERR_NOACK: | ||
| 1797 | s->tlsext_status_expected = 0; | ||
| 1798 | break; | ||
| 1799 | /* status request response should be sent */ | ||
| 1800 | case SSL_TLSEXT_ERR_OK: | ||
| 1801 | if (s->tlsext_ocsp_resp) | ||
| 1802 | s->tlsext_status_expected = 1; | ||
| 1803 | else | ||
| 1804 | s->tlsext_status_expected = 0; | ||
| 1805 | break; | ||
| 1806 | /* something bad happened */ | ||
| 1807 | case SSL_TLSEXT_ERR_ALERT_FATAL: | ||
| 1808 | ret = SSL_TLSEXT_ERR_ALERT_FATAL; | ||
| 1809 | al = SSL_AD_INTERNAL_ERROR; | ||
| 1810 | goto err; | ||
| 1811 | } | ||
| 1812 | } | ||
| 1813 | else | ||
| 1814 | s->tlsext_status_expected = 0; | ||
| 1815 | |||
| 1816 | #ifdef TLSEXT_TYPE_opaque_prf_input | 1905 | #ifdef TLSEXT_TYPE_opaque_prf_input | 
| 1817 | { | 1906 | { | 
| 1818 | /* This sort of belongs into ssl_prepare_serverhello_tlsext(), | 1907 | /* This sort of belongs into ssl_prepare_serverhello_tlsext(), | 
| 1819 | * but we might be sending an alert in response to the client hello, | 1908 | * but we might be sending an alert in response to the client hello, | 
| 1820 | * so this has to happen here in ssl_check_clienthello_tlsext(). */ | 1909 | * so this has to happen here in | 
| 1910 | * ssl_check_clienthello_tlsext_early(). */ | ||
| 1821 | 1911 | ||
| 1822 | int r = 1; | 1912 | int r = 1; | 
| 1823 | 1913 | ||
| @@ -1869,8 +1959,8 @@ int ssl_check_clienthello_tlsext(SSL *s) | |||
| 1869 | } | 1959 | } | 
| 1870 | } | 1960 | } | 
| 1871 | 1961 | ||
| 1872 | #endif | ||
| 1873 | err: | 1962 | err: | 
| 1963 | #endif | ||
| 1874 | switch (ret) | 1964 | switch (ret) | 
| 1875 | { | 1965 | { | 
| 1876 | case SSL_TLSEXT_ERR_ALERT_FATAL: | 1966 | case SSL_TLSEXT_ERR_ALERT_FATAL: | 
| @@ -1888,6 +1978,71 @@ int ssl_check_clienthello_tlsext(SSL *s) | |||
| 1888 | } | 1978 | } | 
| 1889 | } | 1979 | } | 
| 1890 | 1980 | ||
| 1981 | int ssl_check_clienthello_tlsext_late(SSL *s) | ||
| 1982 | { | ||
| 1983 | int ret = SSL_TLSEXT_ERR_OK; | ||
| 1984 | int al; | ||
| 1985 | |||
| 1986 | /* If status request then ask callback what to do. | ||
| 1987 | * Note: this must be called after servername callbacks in case | ||
| 1988 | * the certificate has changed, and must be called after the cipher | ||
| 1989 | * has been chosen because this may influence which certificate is sent | ||
| 1990 | */ | ||
| 1991 | if ((s->tlsext_status_type != -1) && s->ctx && s->ctx->tlsext_status_cb) | ||
| 1992 | { | ||
| 1993 | int r; | ||
| 1994 | CERT_PKEY *certpkey; | ||
| 1995 | certpkey = ssl_get_server_send_pkey(s); | ||
| 1996 | /* If no certificate can't return certificate status */ | ||
| 1997 | if (certpkey == NULL) | ||
| 1998 | { | ||
| 1999 | s->tlsext_status_expected = 0; | ||
| 2000 | return 1; | ||
| 2001 | } | ||
| 2002 | /* Set current certificate to one we will use so | ||
| 2003 | * SSL_get_certificate et al can pick it up. | ||
| 2004 | */ | ||
| 2005 | s->cert->key = certpkey; | ||
| 2006 | r = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg); | ||
| 2007 | switch (r) | ||
| 2008 | { | ||
| 2009 | /* We don't want to send a status request response */ | ||
| 2010 | case SSL_TLSEXT_ERR_NOACK: | ||
| 2011 | s->tlsext_status_expected = 0; | ||
| 2012 | break; | ||
| 2013 | /* status request response should be sent */ | ||
| 2014 | case SSL_TLSEXT_ERR_OK: | ||
| 2015 | if (s->tlsext_ocsp_resp) | ||
| 2016 | s->tlsext_status_expected = 1; | ||
| 2017 | else | ||
| 2018 | s->tlsext_status_expected = 0; | ||
| 2019 | break; | ||
| 2020 | /* something bad happened */ | ||
| 2021 | case SSL_TLSEXT_ERR_ALERT_FATAL: | ||
| 2022 | ret = SSL_TLSEXT_ERR_ALERT_FATAL; | ||
| 2023 | al = SSL_AD_INTERNAL_ERROR; | ||
| 2024 | goto err; | ||
| 2025 | } | ||
| 2026 | } | ||
| 2027 | else | ||
| 2028 | s->tlsext_status_expected = 0; | ||
| 2029 | |||
| 2030 | err: | ||
| 2031 | switch (ret) | ||
| 2032 | { | ||
| 2033 | case SSL_TLSEXT_ERR_ALERT_FATAL: | ||
| 2034 | ssl3_send_alert(s,SSL3_AL_FATAL,al); | ||
| 2035 | return -1; | ||
| 2036 | |||
| 2037 | case SSL_TLSEXT_ERR_ALERT_WARNING: | ||
| 2038 | ssl3_send_alert(s,SSL3_AL_WARNING,al); | ||
| 2039 | return 1; | ||
| 2040 | |||
| 2041 | default: | ||
| 2042 | return 1; | ||
| 2043 | } | ||
| 2044 | } | ||
| 2045 | |||
| 1891 | int ssl_check_serverhello_tlsext(SSL *s) | 2046 | int ssl_check_serverhello_tlsext(SSL *s) | 
| 1892 | { | 2047 | { | 
| 1893 | int ret=SSL_TLSEXT_ERR_NOACK; | 2048 | int ret=SSL_TLSEXT_ERR_NOACK; | 
| @@ -2189,7 +2344,7 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick, int eticklen, | |||
| 2189 | HMAC_Update(&hctx, etick, eticklen); | 2344 | HMAC_Update(&hctx, etick, eticklen); | 
| 2190 | HMAC_Final(&hctx, tick_hmac, NULL); | 2345 | HMAC_Final(&hctx, tick_hmac, NULL); | 
| 2191 | HMAC_CTX_cleanup(&hctx); | 2346 | HMAC_CTX_cleanup(&hctx); | 
| 2192 | if (timingsafe_bcmp(tick_hmac, etick + eticklen, mlen)) | 2347 | if (CRYPTO_memcmp(tick_hmac, etick + eticklen, mlen)) | 
| 2193 | return 2; | 2348 | return 2; | 
| 2194 | /* Attempt to decrypt session data */ | 2349 | /* Attempt to decrypt session data */ | 
| 2195 | /* Move p after IV to start of encrypted ticket, update length */ | 2350 | /* Move p after IV to start of encrypted ticket, update length */ | 
| @@ -2319,14 +2474,6 @@ const EVP_MD *tls12_get_hash(unsigned char hash_alg) | |||
| 2319 | { | 2474 | { | 
| 2320 | switch(hash_alg) | 2475 | switch(hash_alg) | 
| 2321 | { | 2476 | { | 
| 2322 | #ifndef OPENSSL_NO_MD5 | ||
| 2323 | case TLSEXT_hash_md5: | ||
| 2324 | #ifdef OPENSSL_FIPS | ||
| 2325 | if (FIPS_mode()) | ||
| 2326 | return NULL; | ||
| 2327 | #endif | ||
| 2328 | return EVP_md5(); | ||
| 2329 | #endif | ||
| 2330 | #ifndef OPENSSL_NO_SHA | 2477 | #ifndef OPENSSL_NO_SHA | 
| 2331 | case TLSEXT_hash_sha1: | 2478 | case TLSEXT_hash_sha1: | 
| 2332 | return EVP_sha1(); | 2479 | return EVP_sha1(); | 
| @@ -2414,7 +2561,7 @@ int tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize) | |||
| 2414 | */ | 2561 | */ | 
| 2415 | #ifndef OPENSSL_NO_DSA | 2562 | #ifndef OPENSSL_NO_DSA | 
| 2416 | if (!c->pkeys[SSL_PKEY_DSA_SIGN].digest) | 2563 | if (!c->pkeys[SSL_PKEY_DSA_SIGN].digest) | 
| 2417 | c->pkeys[SSL_PKEY_DSA_SIGN].digest = EVP_dss1(); | 2564 | c->pkeys[SSL_PKEY_DSA_SIGN].digest = EVP_sha1(); | 
| 2418 | #endif | 2565 | #endif | 
| 2419 | #ifndef OPENSSL_NO_RSA | 2566 | #ifndef OPENSSL_NO_RSA | 
| 2420 | if (!c->pkeys[SSL_PKEY_RSA_SIGN].digest) | 2567 | if (!c->pkeys[SSL_PKEY_RSA_SIGN].digest) | 
| @@ -2425,7 +2572,7 @@ int tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize) | |||
| 2425 | #endif | 2572 | #endif | 
| 2426 | #ifndef OPENSSL_NO_ECDSA | 2573 | #ifndef OPENSSL_NO_ECDSA | 
| 2427 | if (!c->pkeys[SSL_PKEY_ECC].digest) | 2574 | if (!c->pkeys[SSL_PKEY_ECC].digest) | 
| 2428 | c->pkeys[SSL_PKEY_ECC].digest = EVP_ecdsa(); | 2575 | c->pkeys[SSL_PKEY_ECC].digest = EVP_sha1(); | 
| 2429 | #endif | 2576 | #endif | 
| 2430 | return 1; | 2577 | return 1; | 
| 2431 | } | 2578 | } | 
