diff options
Diffstat (limited to 'src/lib/libssl/t1_lib.c')
| -rw-r--r-- | src/lib/libssl/t1_lib.c | 214 |
1 files changed, 1 insertions, 213 deletions
diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c index 6e4a29c4c8..b780faf603 100644 --- a/src/lib/libssl/t1_lib.c +++ b/src/lib/libssl/t1_lib.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: t1_lib.c,v 1.45 2014/06/12 15:49:31 deraadt Exp $ */ | 1 | /* $OpenBSD: t1_lib.c,v 1.46 2014/06/13 04:29:13 miod Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -557,25 +557,6 @@ skip_ext: | |||
| 557 | ret += sizeof(tls12_sigalgs); | 557 | ret += sizeof(tls12_sigalgs); |
| 558 | } | 558 | } |
| 559 | 559 | ||
| 560 | #ifdef TLSEXT_TYPE_opaque_prf_input | ||
| 561 | if (s->s3->client_opaque_prf_input != NULL && | ||
| 562 | s->version != DTLS1_VERSION) { | ||
| 563 | size_t col = s->s3->client_opaque_prf_input_len; | ||
| 564 | |||
| 565 | if ((size_t)(limit - ret) < 6 + col) | ||
| 566 | return NULL; | ||
| 567 | if (col > 0xFFFD) /* can't happen */ | ||
| 568 | return NULL; | ||
| 569 | |||
| 570 | s2n(TLSEXT_TYPE_opaque_prf_input, ret); | ||
| 571 | |||
| 572 | s2n(col + 2, ret); | ||
| 573 | s2n(col, ret); | ||
| 574 | memcpy(ret, s->s3->client_opaque_prf_input, col); | ||
| 575 | ret += col; | ||
| 576 | } | ||
| 577 | #endif | ||
| 578 | |||
| 579 | if (s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp && | 560 | if (s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp && |
| 580 | s->version != DTLS1_VERSION) { | 561 | s->version != DTLS1_VERSION) { |
| 581 | int i; | 562 | int i; |
| @@ -783,25 +764,6 @@ ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit) | |||
| 783 | s2n(0, ret); | 764 | s2n(0, ret); |
| 784 | } | 765 | } |
| 785 | 766 | ||
| 786 | #ifdef TLSEXT_TYPE_opaque_prf_input | ||
| 787 | if (s->s3->server_opaque_prf_input != NULL && | ||
| 788 | s->version != DTLS1_VERSION) { | ||
| 789 | size_t sol = s->s3->server_opaque_prf_input_len; | ||
| 790 | |||
| 791 | if ((size_t)(limit - ret) < 6 + sol) | ||
| 792 | return NULL; | ||
| 793 | if (sol > 0xFFFD) /* can't happen */ | ||
| 794 | return NULL; | ||
| 795 | |||
| 796 | s2n(TLSEXT_TYPE_opaque_prf_input, ret); | ||
| 797 | |||
| 798 | s2n(sol + 2, ret); | ||
| 799 | s2n(sol, ret); | ||
| 800 | memcpy(ret, s->s3->server_opaque_prf_input, sol); | ||
| 801 | ret += sol; | ||
| 802 | } | ||
| 803 | #endif | ||
| 804 | |||
| 805 | #ifndef OPENSSL_NO_SRTP | 767 | #ifndef OPENSSL_NO_SRTP |
| 806 | if (s->srtp_profile) { | 768 | if (s->srtp_profile) { |
| 807 | int el; | 769 | int el; |
| @@ -1131,35 +1093,6 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, | |||
| 1131 | memcpy(s->session->tlsext_ellipticcurvelist, sdata, ellipticcurvelist_length); | 1093 | memcpy(s->session->tlsext_ellipticcurvelist, sdata, ellipticcurvelist_length); |
| 1132 | } | 1094 | } |
| 1133 | } | 1095 | } |
| 1134 | #ifdef TLSEXT_TYPE_opaque_prf_input | ||
| 1135 | else if (type == TLSEXT_TYPE_opaque_prf_input && | ||
| 1136 | s->version != DTLS1_VERSION) { | ||
| 1137 | unsigned char *sdata = data; | ||
| 1138 | |||
| 1139 | if (size < 2) { | ||
| 1140 | *al = SSL_AD_DECODE_ERROR; | ||
| 1141 | return 0; | ||
| 1142 | } | ||
| 1143 | n2s(sdata, s->s3->client_opaque_prf_input_len); | ||
| 1144 | if (s->s3->client_opaque_prf_input_len != size - 2) { | ||
| 1145 | *al = SSL_AD_DECODE_ERROR; | ||
| 1146 | return 0; | ||
| 1147 | } | ||
| 1148 | |||
| 1149 | free(s->s3->client_opaque_prf_input); | ||
| 1150 | s->s3->client_opaque_prf_input = NULL; | ||
| 1151 | |||
| 1152 | if (s->s3->client_opaque_prf_input_len != 0) { | ||
| 1153 | s->s3->client_opaque_prf_input = | ||
| 1154 | BUF_memdup(sdata, | ||
| 1155 | s->s3->client_opaque_prf_input_len); | ||
| 1156 | if (s->s3->client_opaque_prf_input == NULL) { | ||
| 1157 | *al = TLS1_AD_INTERNAL_ERROR; | ||
| 1158 | return 0; | ||
| 1159 | } | ||
| 1160 | } | ||
| 1161 | } | ||
| 1162 | #endif | ||
| 1163 | else if (type == TLSEXT_TYPE_session_ticket) { | 1096 | else if (type == TLSEXT_TYPE_session_ticket) { |
| 1164 | if (s->tls_session_ticket_ext_cb && | 1097 | if (s->tls_session_ticket_ext_cb && |
| 1165 | !s->tls_session_ticket_ext_cb(s, data, size, s->tls_session_ticket_ext_cb_arg)) { | 1098 | !s->tls_session_ticket_ext_cb(s, data, size, s->tls_session_ticket_ext_cb_arg)) { |
| @@ -1428,35 +1361,6 @@ ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, | |||
| 1428 | } | 1361 | } |
| 1429 | s->tlsext_ticket_expected = 1; | 1362 | s->tlsext_ticket_expected = 1; |
| 1430 | } | 1363 | } |
| 1431 | #ifdef TLSEXT_TYPE_opaque_prf_input | ||
| 1432 | else if (type == TLSEXT_TYPE_opaque_prf_input && | ||
| 1433 | s->version != DTLS1_VERSION) { | ||
| 1434 | unsigned char *sdata = data; | ||
| 1435 | |||
| 1436 | if (size < 2) { | ||
| 1437 | *al = SSL_AD_DECODE_ERROR; | ||
| 1438 | return 0; | ||
| 1439 | } | ||
| 1440 | n2s(sdata, s->s3->server_opaque_prf_input_len); | ||
| 1441 | if (s->s3->server_opaque_prf_input_len != size - 2) { | ||
| 1442 | *al = SSL_AD_DECODE_ERROR; | ||
| 1443 | return 0; | ||
| 1444 | } | ||
| 1445 | |||
| 1446 | free(s->s3->server_opaque_prf_input); | ||
| 1447 | s->s3->server_opaque_prf_input = NULL; | ||
| 1448 | |||
| 1449 | if (s->s3->server_opaque_prf_input_len != 0) | ||
| 1450 | s->s3->server_opaque_prf_input = | ||
| 1451 | BUF_memdup(sdata, | ||
| 1452 | s->s3->server_opaque_prf_input_len); | ||
| 1453 | if (s->s3->server_opaque_prf_input == NULL) { | ||
| 1454 | *al = TLS1_AD_INTERNAL_ERROR; | ||
| 1455 | return 0; | ||
| 1456 | } | ||
| 1457 | } | ||
| 1458 | } | ||
| 1459 | #endif | ||
| 1460 | else if (type == TLSEXT_TYPE_status_request && | 1364 | else if (type == TLSEXT_TYPE_status_request && |
| 1461 | s->version != DTLS1_VERSION) { | 1365 | s->version != DTLS1_VERSION) { |
| 1462 | /* MUST be empty and only sent if we've requested | 1366 | /* MUST be empty and only sent if we've requested |
| @@ -1609,42 +1513,6 @@ ssl_prepare_clienthello_tlsext(SSL *s) | |||
| 1609 | } | 1513 | } |
| 1610 | } | 1514 | } |
| 1611 | 1515 | ||
| 1612 | #ifdef TLSEXT_TYPE_opaque_prf_input | ||
| 1613 | { | ||
| 1614 | int r = 1; | ||
| 1615 | |||
| 1616 | if (s->ctx->tlsext_opaque_prf_input_callback != 0) { | ||
| 1617 | r = s->ctx->tlsext_opaque_prf_input_callback(s, NULL, 0, | ||
| 1618 | s->ctx->tlsext_opaque_prf_input_callback_arg); | ||
| 1619 | if (!r) | ||
| 1620 | return -1; | ||
| 1621 | } | ||
| 1622 | |||
| 1623 | if (s->tlsext_opaque_prf_input != NULL) { | ||
| 1624 | free(s->s3->client_opaque_prf_input); | ||
| 1625 | s->s3->client_opaque_prf_input = NULL; | ||
| 1626 | if (s->tlsext_opaque_prf_input_len != 0) { | ||
| 1627 | s->s3->client_opaque_prf_input = | ||
| 1628 | BUF_memdup(s->tlsext_opaque_prf_input, | ||
| 1629 | s->tlsext_opaque_prf_input_len); | ||
| 1630 | if (s->s3->client_opaque_prf_input == NULL) { | ||
| 1631 | SSLerr(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT, | ||
| 1632 | ERR_R_MALLOC_FAILURE); | ||
| 1633 | return -1; | ||
| 1634 | } | ||
| 1635 | } | ||
| 1636 | s->s3->client_opaque_prf_input_len = | ||
| 1637 | s->tlsext_opaque_prf_input_len; | ||
| 1638 | } | ||
| 1639 | |||
| 1640 | if (r == 2) { | ||
| 1641 | /* at callback's request, insist on receiving an appropriate server opaque PRF input */ | ||
| 1642 | s->s3->server_opaque_prf_input_len = | ||
| 1643 | s->tlsext_opaque_prf_input_len; | ||
| 1644 | } | ||
| 1645 | } | ||
| 1646 | #endif | ||
| 1647 | |||
| 1648 | return 1; | 1516 | return 1; |
| 1649 | } | 1517 | } |
| 1650 | 1518 | ||
| @@ -1694,65 +1562,6 @@ ssl_check_clienthello_tlsext_early(SSL *s) | |||
| 1694 | else if (s->initial_ctx != NULL && s->initial_ctx->tlsext_servername_callback != 0) | 1562 | else if (s->initial_ctx != NULL && s->initial_ctx->tlsext_servername_callback != 0) |
| 1695 | ret = s->initial_ctx->tlsext_servername_callback(s, &al, s->initial_ctx->tlsext_servername_arg); | 1563 | ret = s->initial_ctx->tlsext_servername_callback(s, &al, s->initial_ctx->tlsext_servername_arg); |
| 1696 | 1564 | ||
| 1697 | #ifdef TLSEXT_TYPE_opaque_prf_input | ||
| 1698 | { | ||
| 1699 | /* This sort of belongs into ssl_prepare_serverhello_tlsext(), | ||
| 1700 | * but we might be sending an alert in response to the client hello, | ||
| 1701 | * so this has to happen here in | ||
| 1702 | * ssl_check_clienthello_tlsext_early(). */ | ||
| 1703 | |||
| 1704 | int r = 1; | ||
| 1705 | |||
| 1706 | if (s->ctx->tlsext_opaque_prf_input_callback != 0) { | ||
| 1707 | r = s->ctx->tlsext_opaque_prf_input_callback(s, NULL, 0, | ||
| 1708 | s->ctx->tlsext_opaque_prf_input_callback_arg); | ||
| 1709 | if (!r) { | ||
| 1710 | ret = SSL_TLSEXT_ERR_ALERT_FATAL; | ||
| 1711 | al = SSL_AD_INTERNAL_ERROR; | ||
| 1712 | goto err; | ||
| 1713 | } | ||
| 1714 | } | ||
| 1715 | |||
| 1716 | free(s->s3->server_opaque_prf_input); | ||
| 1717 | s->s3->server_opaque_prf_input = NULL; | ||
| 1718 | |||
| 1719 | if (s->tlsext_opaque_prf_input != NULL) { | ||
| 1720 | if (s->s3->client_opaque_prf_input != NULL && | ||
| 1721 | s->s3->client_opaque_prf_input_len == | ||
| 1722 | s->tlsext_opaque_prf_input_len) { | ||
| 1723 | /* | ||
| 1724 | * Can only use this extension if we have a | ||
| 1725 | * server opaque PRF input of the same length | ||
| 1726 | * as the client opaque PRF input! | ||
| 1727 | */ | ||
| 1728 | if (s->tlsext_opaque_prf_input_len != 0) { | ||
| 1729 | s->s3->server_opaque_prf_input = | ||
| 1730 | BUF_memdup(s->tlsext_opaque_prf_input, | ||
| 1731 | s->tlsext_opaque_prf_input_len); | ||
| 1732 | if (s->s3->server_opaque_prf_input == | ||
| 1733 | NULL) { | ||
| 1734 | ret = SSL_TLSEXT_ERR_ALERT_FATAL; | ||
| 1735 | al = SSL_AD_INTERNAL_ERROR; | ||
| 1736 | goto err; | ||
| 1737 | } | ||
| 1738 | } | ||
| 1739 | s->s3->server_opaque_prf_input_len = | ||
| 1740 | s->tlsext_opaque_prf_input_len; | ||
| 1741 | } | ||
| 1742 | } | ||
| 1743 | |||
| 1744 | if (r == 2 && s->s3->server_opaque_prf_input == NULL) { | ||
| 1745 | /* The callback wants to enforce use of the extension, | ||
| 1746 | * but we can't do that with the client opaque PRF input; | ||
| 1747 | * abort the handshake. | ||
| 1748 | */ | ||
| 1749 | ret = SSL_TLSEXT_ERR_ALERT_FATAL; | ||
| 1750 | al = SSL_AD_HANDSHAKE_FAILURE; | ||
| 1751 | } | ||
| 1752 | } | ||
| 1753 | |||
| 1754 | err: | ||
| 1755 | #endif | ||
| 1756 | switch (ret) { | 1565 | switch (ret) { |
| 1757 | case SSL_TLSEXT_ERR_ALERT_FATAL: | 1566 | case SSL_TLSEXT_ERR_ALERT_FATAL: |
| 1758 | ssl3_send_alert(s, SSL3_AL_FATAL, al); | 1567 | ssl3_send_alert(s, SSL3_AL_FATAL, al); |
| @@ -1867,27 +1676,6 @@ ssl_check_serverhello_tlsext(SSL *s) | |||
| 1867 | else if (s->initial_ctx != NULL && s->initial_ctx->tlsext_servername_callback != 0) | 1676 | else if (s->initial_ctx != NULL && s->initial_ctx->tlsext_servername_callback != 0) |
| 1868 | ret = s->initial_ctx->tlsext_servername_callback(s, &al, s->initial_ctx->tlsext_servername_arg); | 1677 | ret = s->initial_ctx->tlsext_servername_callback(s, &al, s->initial_ctx->tlsext_servername_arg); |
| 1869 | 1678 | ||
| 1870 | #ifdef TLSEXT_TYPE_opaque_prf_input | ||
| 1871 | if (s->s3->server_opaque_prf_input_len > 0) { | ||
| 1872 | /* This case may indicate that we, as a client, want to insist on using opaque PRF inputs. | ||
| 1873 | * So first verify that we really have a value from the server too. */ | ||
| 1874 | |||
| 1875 | if (s->s3->server_opaque_prf_input == NULL) { | ||
| 1876 | ret = SSL_TLSEXT_ERR_ALERT_FATAL; | ||
| 1877 | al = SSL_AD_HANDSHAKE_FAILURE; | ||
| 1878 | } | ||
| 1879 | |||
| 1880 | /* Anytime the server *has* sent an opaque PRF input, we need to check | ||
| 1881 | * that we have a client opaque PRF input of the same size. */ | ||
| 1882 | if (s->s3->client_opaque_prf_input == NULL || | ||
| 1883 | s->s3->client_opaque_prf_input_len != | ||
| 1884 | s->s3->server_opaque_prf_input_len) { | ||
| 1885 | ret = SSL_TLSEXT_ERR_ALERT_FATAL; | ||
| 1886 | al = SSL_AD_ILLEGAL_PARAMETER; | ||
| 1887 | } | ||
| 1888 | } | ||
| 1889 | #endif | ||
| 1890 | |||
| 1891 | /* If we've requested certificate status and we wont get one | 1679 | /* If we've requested certificate status and we wont get one |
| 1892 | * tell the callback | 1680 | * tell the callback |
| 1893 | */ | 1681 | */ |