summaryrefslogtreecommitdiff
path: root/src/lib/libssl
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libssl')
-rw-r--r--src/lib/libssl/LICENSE2
-rw-r--r--src/lib/libssl/bio_ssl.c4
-rw-r--r--src/lib/libssl/d1_both.c28
-rw-r--r--src/lib/libssl/d1_clnt.c6
-rw-r--r--src/lib/libssl/d1_enc.c6
-rw-r--r--src/lib/libssl/d1_lib.c65
-rw-r--r--src/lib/libssl/d1_pkt.c22
-rw-r--r--src/lib/libssl/d1_srvr.c26
-rw-r--r--src/lib/libssl/s23_lib.c7
-rw-r--r--src/lib/libssl/s3_clnt.c6
-rw-r--r--src/lib/libssl/s3_lib.c6
-rw-r--r--src/lib/libssl/s3_pkt.c6
-rw-r--r--src/lib/libssl/s3_srvr.c41
-rw-r--r--src/lib/libssl/ssl_asn1.c3
-rw-r--r--src/lib/libssl/ssl_ciph.c6
-rw-r--r--src/lib/libssl/ssl_lib.c47
-rw-r--r--src/lib/libssl/t1_enc.c14
-rw-r--r--src/lib/libssl/t1_lib.c88
-rw-r--r--src/lib/libssl/test/cms-test.pl94
19 files changed, 284 insertions, 193 deletions
diff --git a/src/lib/libssl/LICENSE b/src/lib/libssl/LICENSE
index a2c4adcbe6..e47d101f10 100644
--- a/src/lib/libssl/LICENSE
+++ b/src/lib/libssl/LICENSE
@@ -12,7 +12,7 @@
12 --------------- 12 ---------------
13 13
14/* ==================================================================== 14/* ====================================================================
15 * Copyright (c) 1998-2008 The OpenSSL Project. All rights reserved. 15 * Copyright (c) 1998-2011 The OpenSSL Project. All rights reserved.
16 * 16 *
17 * Redistribution and use in source and binary forms, with or without 17 * Redistribution and use in source and binary forms, with or without
18 * modification, are permitted provided that the following conditions 18 * modification, are permitted provided that the following conditions
diff --git a/src/lib/libssl/bio_ssl.c b/src/lib/libssl/bio_ssl.c
index af319af302..eedac8a3fc 100644
--- a/src/lib/libssl/bio_ssl.c
+++ b/src/lib/libssl/bio_ssl.c
@@ -348,7 +348,11 @@ static long ssl_ctrl(BIO *b, int cmd, long num, void *ptr)
348 break; 348 break;
349 case BIO_C_SET_SSL: 349 case BIO_C_SET_SSL:
350 if (ssl != NULL) 350 if (ssl != NULL)
351 {
351 ssl_free(b); 352 ssl_free(b);
353 if (!ssl_new(b))
354 return 0;
355 }
352 b->shutdown=(int)num; 356 b->shutdown=(int)num;
353 ssl=(SSL *)ptr; 357 ssl=(SSL *)ptr;
354 ((BIO_SSL *)b->ptr)->ssl=ssl; 358 ((BIO_SSL *)b->ptr)->ssl=ssl;
diff --git a/src/lib/libssl/d1_both.c b/src/lib/libssl/d1_both.c
index 4ce4064cc9..2180c6d4da 100644
--- a/src/lib/libssl/d1_both.c
+++ b/src/lib/libssl/d1_both.c
@@ -153,7 +153,7 @@
153#endif 153#endif
154 154
155static unsigned char bitmask_start_values[] = {0xff, 0xfe, 0xfc, 0xf8, 0xf0, 0xe0, 0xc0, 0x80}; 155static unsigned char bitmask_start_values[] = {0xff, 0xfe, 0xfc, 0xf8, 0xf0, 0xe0, 0xc0, 0x80};
156static unsigned char bitmask_end_values[] = {0x00, 0x01, 0x03, 0x07, 0x0f, 0x1f, 0x3f, 0x7f}; 156static unsigned char bitmask_end_values[] = {0xff, 0x01, 0x03, 0x07, 0x0f, 0x1f, 0x3f, 0x7f};
157 157
158/* XDTLS: figure out the right values */ 158/* XDTLS: figure out the right values */
159static unsigned int g_probable_mtu[] = {1500 - 28, 512 - 28, 256 - 28}; 159static unsigned int g_probable_mtu[] = {1500 - 28, 512 - 28, 256 - 28};
@@ -464,20 +464,9 @@ again:
464 464
465 memset(msg_hdr, 0x00, sizeof(struct hm_header_st)); 465 memset(msg_hdr, 0x00, sizeof(struct hm_header_st));
466 466
467 s->d1->handshake_read_seq++; 467 /* Don't change sequence numbers while listening */
468 /* we just read a handshake message from the other side: 468 if (!s->d1->listen)
469 * this means that we don't need to retransmit of the 469 s->d1->handshake_read_seq++;
470 * buffered messages.
471 * XDTLS: may be able clear out this
472 * buffer a little sooner (i.e if an out-of-order
473 * handshake message/record is received at the record
474 * layer.
475 * XDTLS: exception is that the server needs to
476 * know that change cipher spec and finished messages
477 * have been received by the client before clearing this
478 * buffer. this can simply be done by waiting for the
479 * first data segment, but is there a better way? */
480 dtls1_clear_record_buffer(s);
481 470
482 s->init_msg = s->init_buf->data + DTLS1_HM_HEADER_LENGTH; 471 s->init_msg = s->init_buf->data + DTLS1_HM_HEADER_LENGTH;
483 return s->init_num; 472 return s->init_num;
@@ -813,9 +802,11 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
813 802
814 /* 803 /*
815 * if this is a future (or stale) message it gets buffered 804 * if this is a future (or stale) message it gets buffered
816 * (or dropped)--no further processing at this time 805 * (or dropped)--no further processing at this time
806 * While listening, we accept seq 1 (ClientHello with cookie)
807 * although we're still expecting seq 0 (ClientHello)
817 */ 808 */
818 if ( msg_hdr.seq != s->d1->handshake_read_seq) 809 if (msg_hdr.seq != s->d1->handshake_read_seq && !(s->d1->listen && msg_hdr.seq == 1))
819 return dtls1_process_out_of_seq_message(s, &msg_hdr, ok); 810 return dtls1_process_out_of_seq_message(s, &msg_hdr, ok);
820 811
821 len = msg_hdr.msg_len; 812 len = msg_hdr.msg_len;
@@ -1322,7 +1313,8 @@ unsigned char *
1322dtls1_set_message_header(SSL *s, unsigned char *p, unsigned char mt, 1313dtls1_set_message_header(SSL *s, unsigned char *p, unsigned char mt,
1323 unsigned long len, unsigned long frag_off, unsigned long frag_len) 1314 unsigned long len, unsigned long frag_off, unsigned long frag_len)
1324 { 1315 {
1325 if ( frag_off == 0) 1316 /* Don't change sequence numbers while listening */
1317 if (frag_off == 0 && !s->d1->listen)
1326 { 1318 {
1327 s->d1->handshake_write_seq = s->d1->next_handshake_write_seq; 1319 s->d1->handshake_write_seq = s->d1->next_handshake_write_seq;
1328 s->d1->next_handshake_write_seq++; 1320 s->d1->next_handshake_write_seq++;
diff --git a/src/lib/libssl/d1_clnt.c b/src/lib/libssl/d1_clnt.c
index 5bc9eb6603..089fa4c7f8 100644
--- a/src/lib/libssl/d1_clnt.c
+++ b/src/lib/libssl/d1_clnt.c
@@ -407,7 +407,8 @@ int dtls1_connect(SSL *s)
407 407
408 case SSL3_ST_CW_CHANGE_A: 408 case SSL3_ST_CW_CHANGE_A:
409 case SSL3_ST_CW_CHANGE_B: 409 case SSL3_ST_CW_CHANGE_B:
410 dtls1_start_timer(s); 410 if (!s->hit)
411 dtls1_start_timer(s);
411 ret=dtls1_send_change_cipher_spec(s, 412 ret=dtls1_send_change_cipher_spec(s,
412 SSL3_ST_CW_CHANGE_A,SSL3_ST_CW_CHANGE_B); 413 SSL3_ST_CW_CHANGE_A,SSL3_ST_CW_CHANGE_B);
413 if (ret <= 0) goto end; 414 if (ret <= 0) goto end;
@@ -442,7 +443,8 @@ int dtls1_connect(SSL *s)
442 443
443 case SSL3_ST_CW_FINISHED_A: 444 case SSL3_ST_CW_FINISHED_A:
444 case SSL3_ST_CW_FINISHED_B: 445 case SSL3_ST_CW_FINISHED_B:
445 dtls1_start_timer(s); 446 if (!s->hit)
447 dtls1_start_timer(s);
446 ret=dtls1_send_finished(s, 448 ret=dtls1_send_finished(s,
447 SSL3_ST_CW_FINISHED_A,SSL3_ST_CW_FINISHED_B, 449 SSL3_ST_CW_FINISHED_A,SSL3_ST_CW_FINISHED_B,
448 s->method->ssl3_enc->client_finished_label, 450 s->method->ssl3_enc->client_finished_label,
diff --git a/src/lib/libssl/d1_enc.c b/src/lib/libssl/d1_enc.c
index 8fa57347a9..becbab91c2 100644
--- a/src/lib/libssl/d1_enc.c
+++ b/src/lib/libssl/d1_enc.c
@@ -231,11 +231,7 @@ int dtls1_enc(SSL *s, int send)
231 if (!send) 231 if (!send)
232 { 232 {
233 if (l == 0 || l%bs != 0) 233 if (l == 0 || l%bs != 0)
234 { 234 return -1;
235 SSLerr(SSL_F_DTLS1_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
236 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED);
237 return 0;
238 }
239 } 235 }
240 236
241 EVP_Cipher(ds,rec->data,rec->input,l); 237 EVP_Cipher(ds,rec->data,rec->input,l);
diff --git a/src/lib/libssl/d1_lib.c b/src/lib/libssl/d1_lib.c
index 96b220e87c..48e8b6ffbb 100644
--- a/src/lib/libssl/d1_lib.c
+++ b/src/lib/libssl/d1_lib.c
@@ -129,26 +129,33 @@ int dtls1_new(SSL *s)
129 return(1); 129 return(1);
130 } 130 }
131 131
132void dtls1_free(SSL *s) 132static void dtls1_clear_queues(SSL *s)
133 { 133 {
134 pitem *item = NULL; 134 pitem *item = NULL;
135 hm_fragment *frag = NULL; 135 hm_fragment *frag = NULL;
136 136 DTLS1_RECORD_DATA *rdata;
137 ssl3_free(s);
138 137
139 while( (item = pqueue_pop(s->d1->unprocessed_rcds.q)) != NULL) 138 while( (item = pqueue_pop(s->d1->unprocessed_rcds.q)) != NULL)
140 { 139 {
140 rdata = (DTLS1_RECORD_DATA *) item->data;
141 if (rdata->rbuf.buf)
142 {
143 OPENSSL_free(rdata->rbuf.buf);
144 }
141 OPENSSL_free(item->data); 145 OPENSSL_free(item->data);
142 pitem_free(item); 146 pitem_free(item);
143 } 147 }
144 pqueue_free(s->d1->unprocessed_rcds.q);
145 148
146 while( (item = pqueue_pop(s->d1->processed_rcds.q)) != NULL) 149 while( (item = pqueue_pop(s->d1->processed_rcds.q)) != NULL)
147 { 150 {
151 rdata = (DTLS1_RECORD_DATA *) item->data;
152 if (rdata->rbuf.buf)
153 {
154 OPENSSL_free(rdata->rbuf.buf);
155 }
148 OPENSSL_free(item->data); 156 OPENSSL_free(item->data);
149 pitem_free(item); 157 pitem_free(item);
150 } 158 }
151 pqueue_free(s->d1->processed_rcds.q);
152 159
153 while( (item = pqueue_pop(s->d1->buffered_messages)) != NULL) 160 while( (item = pqueue_pop(s->d1->buffered_messages)) != NULL)
154 { 161 {
@@ -157,7 +164,6 @@ void dtls1_free(SSL *s)
157 OPENSSL_free(frag); 164 OPENSSL_free(frag);
158 pitem_free(item); 165 pitem_free(item);
159 } 166 }
160 pqueue_free(s->d1->buffered_messages);
161 167
162 while ( (item = pqueue_pop(s->d1->sent_messages)) != NULL) 168 while ( (item = pqueue_pop(s->d1->sent_messages)) != NULL)
163 { 169 {
@@ -166,7 +172,6 @@ void dtls1_free(SSL *s)
166 OPENSSL_free(frag); 172 OPENSSL_free(frag);
167 pitem_free(item); 173 pitem_free(item);
168 } 174 }
169 pqueue_free(s->d1->sent_messages);
170 175
171 while ( (item = pqueue_pop(s->d1->buffered_app_data.q)) != NULL) 176 while ( (item = pqueue_pop(s->d1->buffered_app_data.q)) != NULL)
172 { 177 {
@@ -175,6 +180,18 @@ void dtls1_free(SSL *s)
175 OPENSSL_free(frag); 180 OPENSSL_free(frag);
176 pitem_free(item); 181 pitem_free(item);
177 } 182 }
183 }
184
185void dtls1_free(SSL *s)
186 {
187 ssl3_free(s);
188
189 dtls1_clear_queues(s);
190
191 pqueue_free(s->d1->unprocessed_rcds.q);
192 pqueue_free(s->d1->processed_rcds.q);
193 pqueue_free(s->d1->buffered_messages);
194 pqueue_free(s->d1->sent_messages);
178 pqueue_free(s->d1->buffered_app_data.q); 195 pqueue_free(s->d1->buffered_app_data.q);
179 196
180 OPENSSL_free(s->d1); 197 OPENSSL_free(s->d1);
@@ -182,6 +199,36 @@ void dtls1_free(SSL *s)
182 199
183void dtls1_clear(SSL *s) 200void dtls1_clear(SSL *s)
184 { 201 {
202 pqueue unprocessed_rcds;
203 pqueue processed_rcds;
204 pqueue buffered_messages;
205 pqueue sent_messages;
206 pqueue buffered_app_data;
207
208 if (s->d1)
209 {
210 unprocessed_rcds = s->d1->unprocessed_rcds.q;
211 processed_rcds = s->d1->processed_rcds.q;
212 buffered_messages = s->d1->buffered_messages;
213 sent_messages = s->d1->sent_messages;
214 buffered_app_data = s->d1->buffered_app_data.q;
215
216 dtls1_clear_queues(s);
217
218 memset(s->d1, 0, sizeof(*(s->d1)));
219
220 if (s->server)
221 {
222 s->d1->cookie_len = sizeof(s->d1->cookie);
223 }
224
225 s->d1->unprocessed_rcds.q = unprocessed_rcds;
226 s->d1->processed_rcds.q = processed_rcds;
227 s->d1->buffered_messages = buffered_messages;
228 s->d1->sent_messages = sent_messages;
229 s->d1->buffered_app_data.q = buffered_app_data;
230 }
231
185 ssl3_clear(s); 232 ssl3_clear(s);
186 if (s->options & SSL_OP_CISCO_ANYCONNECT) 233 if (s->options & SSL_OP_CISCO_ANYCONNECT)
187 s->version=DTLS1_BAD_VER; 234 s->version=DTLS1_BAD_VER;
@@ -330,6 +377,8 @@ void dtls1_stop_timer(SSL *s)
330 memset(&(s->d1->next_timeout), 0, sizeof(struct timeval)); 377 memset(&(s->d1->next_timeout), 0, sizeof(struct timeval));
331 s->d1->timeout_duration = 1; 378 s->d1->timeout_duration = 1;
332 BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0, &(s->d1->next_timeout)); 379 BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0, &(s->d1->next_timeout));
380 /* Clear retransmission buffer */
381 dtls1_clear_record_buffer(s);
333 } 382 }
334 383
335int dtls1_handle_timeout(SSL *s) 384int dtls1_handle_timeout(SSL *s)
@@ -349,7 +398,7 @@ int dtls1_handle_timeout(SSL *s)
349 { 398 {
350 /* fail the connection, enough alerts have been sent */ 399 /* fail the connection, enough alerts have been sent */
351 SSLerr(SSL_F_DTLS1_HANDLE_TIMEOUT,SSL_R_READ_TIMEOUT_EXPIRED); 400 SSLerr(SSL_F_DTLS1_HANDLE_TIMEOUT,SSL_R_READ_TIMEOUT_EXPIRED);
352 return 0; 401 return -1;
353 } 402 }
354 403
355 state->timeout.read_timeouts++; 404 state->timeout.read_timeouts++;
diff --git a/src/lib/libssl/d1_pkt.c b/src/lib/libssl/d1_pkt.c
index a5439d544f..39aac73e10 100644
--- a/src/lib/libssl/d1_pkt.c
+++ b/src/lib/libssl/d1_pkt.c
@@ -296,9 +296,6 @@ dtls1_process_buffered_records(SSL *s)
296 item = pqueue_peek(s->d1->unprocessed_rcds.q); 296 item = pqueue_peek(s->d1->unprocessed_rcds.q);
297 if (item) 297 if (item)
298 { 298 {
299 DTLS1_RECORD_DATA *rdata;
300 rdata = (DTLS1_RECORD_DATA *)item->data;
301
302 /* Check if epoch is current. */ 299 /* Check if epoch is current. */
303 if (s->d1->unprocessed_rcds.epoch != s->d1->r_epoch) 300 if (s->d1->unprocessed_rcds.epoch != s->d1->r_epoch)
304 return(1); /* Nothing to do. */ 301 return(1); /* Nothing to do. */
@@ -412,11 +409,12 @@ dtls1_process_record(SSL *s)
412 enc_err = s->method->ssl3_enc->enc(s,0); 409 enc_err = s->method->ssl3_enc->enc(s,0);
413 if (enc_err <= 0) 410 if (enc_err <= 0)
414 { 411 {
415 if (enc_err == 0) 412 /* decryption failed, silently discard message */
416 /* SSLerr() and ssl3_send_alert() have been called */ 413 if (enc_err < 0)
417 goto err; 414 {
418 415 rr->length = 0;
419 /* otherwise enc_err == -1 */ 416 s->packet_length = 0;
417 }
420 goto err; 418 goto err;
421 } 419 }
422 420
@@ -528,14 +526,12 @@ int dtls1_get_record(SSL *s)
528 int ssl_major,ssl_minor; 526 int ssl_major,ssl_minor;
529 int i,n; 527 int i,n;
530 SSL3_RECORD *rr; 528 SSL3_RECORD *rr;
531 SSL_SESSION *sess;
532 unsigned char *p = NULL; 529 unsigned char *p = NULL;
533 unsigned short version; 530 unsigned short version;
534 DTLS1_BITMAP *bitmap; 531 DTLS1_BITMAP *bitmap;
535 unsigned int is_next_epoch; 532 unsigned int is_next_epoch;
536 533
537 rr= &(s->s3->rrec); 534 rr= &(s->s3->rrec);
538 sess=s->session;
539 535
540 /* The epoch may have changed. If so, process all the 536 /* The epoch may have changed. If so, process all the
541 * pending records. This is a non-blocking operation. */ 537 * pending records. This is a non-blocking operation. */
@@ -662,10 +658,12 @@ again:
662 658
663 /* If this record is from the next epoch (either HM or ALERT), 659 /* If this record is from the next epoch (either HM or ALERT),
664 * and a handshake is currently in progress, buffer it since it 660 * and a handshake is currently in progress, buffer it since it
665 * cannot be processed at this time. */ 661 * cannot be processed at this time. However, do not buffer
662 * anything while listening.
663 */
666 if (is_next_epoch) 664 if (is_next_epoch)
667 { 665 {
668 if (SSL_in_init(s) || s->in_handshake) 666 if ((SSL_in_init(s) || s->in_handshake) && !s->d1->listen)
669 { 667 {
670 dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), rr->seq_num); 668 dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), rr->seq_num);
671 } 669 }
diff --git a/src/lib/libssl/d1_srvr.c b/src/lib/libssl/d1_srvr.c
index 301ceda7a5..a6a4c87ea6 100644
--- a/src/lib/libssl/d1_srvr.c
+++ b/src/lib/libssl/d1_srvr.c
@@ -150,6 +150,7 @@ int dtls1_accept(SSL *s)
150 unsigned long alg_k; 150 unsigned long alg_k;
151 int ret= -1; 151 int ret= -1;
152 int new_state,state,skip=0; 152 int new_state,state,skip=0;
153 int listen;
153 154
154 RAND_add(&Time,sizeof(Time),0); 155 RAND_add(&Time,sizeof(Time),0);
155 ERR_clear_error(); 156 ERR_clear_error();
@@ -159,11 +160,15 @@ int dtls1_accept(SSL *s)
159 cb=s->info_callback; 160 cb=s->info_callback;
160 else if (s->ctx->info_callback != NULL) 161 else if (s->ctx->info_callback != NULL)
161 cb=s->ctx->info_callback; 162 cb=s->ctx->info_callback;
163
164 listen = s->d1->listen;
162 165
163 /* init things to blank */ 166 /* init things to blank */
164 s->in_handshake++; 167 s->in_handshake++;
165 if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); 168 if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
166 169
170 s->d1->listen = listen;
171
167 if (s->cert == NULL) 172 if (s->cert == NULL)
168 { 173 {
169 SSLerr(SSL_F_DTLS1_ACCEPT,SSL_R_NO_CERTIFICATE_SET); 174 SSLerr(SSL_F_DTLS1_ACCEPT,SSL_R_NO_CERTIFICATE_SET);
@@ -273,11 +278,23 @@ int dtls1_accept(SSL *s)
273 278
274 s->init_num=0; 279 s->init_num=0;
275 280
281 /* Reflect ClientHello sequence to remain stateless while listening */
282 if (listen)
283 {
284 memcpy(s->s3->write_sequence, s->s3->read_sequence, sizeof(s->s3->write_sequence));
285 }
286
276 /* If we're just listening, stop here */ 287 /* If we're just listening, stop here */
277 if (s->d1->listen && s->state == SSL3_ST_SW_SRVR_HELLO_A) 288 if (listen && s->state == SSL3_ST_SW_SRVR_HELLO_A)
278 { 289 {
279 ret = 2; 290 ret = 2;
280 s->d1->listen = 0; 291 s->d1->listen = 0;
292 /* Set expected sequence numbers
293 * to continue the handshake.
294 */
295 s->d1->handshake_read_seq = 2;
296 s->d1->handshake_write_seq = 1;
297 s->d1->next_handshake_write_seq = 1;
281 goto end; 298 goto end;
282 } 299 }
283 300
@@ -286,7 +303,6 @@ int dtls1_accept(SSL *s)
286 case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A: 303 case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A:
287 case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B: 304 case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B:
288 305
289 dtls1_start_timer(s);
290 ret = dtls1_send_hello_verify_request(s); 306 ret = dtls1_send_hello_verify_request(s);
291 if ( ret <= 0) goto end; 307 if ( ret <= 0) goto end;
292 s->state=SSL3_ST_SW_FLUSH; 308 s->state=SSL3_ST_SW_FLUSH;
@@ -736,9 +752,6 @@ int dtls1_send_hello_verify_request(SSL *s)
736 /* number of bytes to write */ 752 /* number of bytes to write */
737 s->init_num=p-buf; 753 s->init_num=p-buf;
738 s->init_off=0; 754 s->init_off=0;
739
740 /* buffer the message to handle re-xmits */
741 dtls1_buffer_message(s, 0);
742 } 755 }
743 756
744 /* s->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B */ 757 /* s->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B */
@@ -1017,12 +1030,11 @@ int dtls1_send_server_key_exchange(SSL *s)
1017 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB); 1030 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
1018 goto err; 1031 goto err;
1019 } 1032 }
1020 if (!EC_KEY_up_ref(ecdhp)) 1033 if ((ecdh = EC_KEY_dup(ecdhp)) == NULL)
1021 { 1034 {
1022 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB); 1035 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
1023 goto err; 1036 goto err;
1024 } 1037 }
1025 ecdh = ecdhp;
1026 1038
1027 s->s3->tmp.ecdh=ecdh; 1039 s->s3->tmp.ecdh=ecdh;
1028 if ((EC_KEY_get0_public_key(ecdh) == NULL) || 1040 if ((EC_KEY_get0_public_key(ecdh) == NULL) ||
diff --git a/src/lib/libssl/s23_lib.c b/src/lib/libssl/s23_lib.c
index e3fce53430..3bf728318a 100644
--- a/src/lib/libssl/s23_lib.c
+++ b/src/lib/libssl/s23_lib.c
@@ -92,15 +92,8 @@ const SSL_CIPHER *ssl23_get_cipher(unsigned int u)
92 * available */ 92 * available */
93const SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p) 93const SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p)
94 { 94 {
95 SSL_CIPHER c;
96 const SSL_CIPHER *cp; 95 const SSL_CIPHER *cp;
97 unsigned long id;
98 int n;
99 96
100 n=ssl3_num_ciphers();
101 id=0x03000000|((unsigned long)p[0]<<16L)|
102 ((unsigned long)p[1]<<8L)|(unsigned long)p[2];
103 c.id=id;
104 cp=ssl3_get_cipher_by_char(p); 97 cp=ssl3_get_cipher_by_char(p);
105#ifndef OPENSSL_NO_SSL2 98#ifndef OPENSSL_NO_SSL2
106 if (cp == NULL) 99 if (cp == NULL)
diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c
index 41769febab..50bd415b56 100644
--- a/src/lib/libssl/s3_clnt.c
+++ b/src/lib/libssl/s3_clnt.c
@@ -866,8 +866,11 @@ int ssl3_get_server_hello(SSL *s)
866 s->session->cipher_id = s->session->cipher->id; 866 s->session->cipher_id = s->session->cipher->id;
867 if (s->hit && (s->session->cipher_id != c->id)) 867 if (s->hit && (s->session->cipher_id != c->id))
868 { 868 {
869/* Workaround is now obsolete */
870#if 0
869 if (!(s->options & 871 if (!(s->options &
870 SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG)) 872 SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG))
873#endif
871 { 874 {
872 al=SSL_AD_ILLEGAL_PARAMETER; 875 al=SSL_AD_ILLEGAL_PARAMETER;
873 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED); 876 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED);
@@ -1508,6 +1511,7 @@ int ssl3_get_key_exchange(SSL *s)
1508 s->session->sess_cert->peer_ecdh_tmp=ecdh; 1511 s->session->sess_cert->peer_ecdh_tmp=ecdh;
1509 ecdh=NULL; 1512 ecdh=NULL;
1510 BN_CTX_free(bn_ctx); 1513 BN_CTX_free(bn_ctx);
1514 bn_ctx = NULL;
1511 EC_POINT_free(srvr_ecpoint); 1515 EC_POINT_free(srvr_ecpoint);
1512 srvr_ecpoint = NULL; 1516 srvr_ecpoint = NULL;
1513 } 1517 }
@@ -2239,6 +2243,7 @@ int ssl3_send_client_key_exchange(SSL *s)
2239 if (!DH_generate_key(dh_clnt)) 2243 if (!DH_generate_key(dh_clnt))
2240 { 2244 {
2241 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB); 2245 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB);
2246 DH_free(dh_clnt);
2242 goto err; 2247 goto err;
2243 } 2248 }
2244 2249
@@ -2250,6 +2255,7 @@ int ssl3_send_client_key_exchange(SSL *s)
2250 if (n <= 0) 2255 if (n <= 0)
2251 { 2256 {
2252 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB); 2257 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB);
2258 DH_free(dh_clnt);
2253 goto err; 2259 goto err;
2254 } 2260 }
2255 2261
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index d6b047c995..62c791cb72 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -2198,11 +2198,17 @@ void ssl3_clear(SSL *s)
2198 } 2198 }
2199#ifndef OPENSSL_NO_DH 2199#ifndef OPENSSL_NO_DH
2200 if (s->s3->tmp.dh != NULL) 2200 if (s->s3->tmp.dh != NULL)
2201 {
2201 DH_free(s->s3->tmp.dh); 2202 DH_free(s->s3->tmp.dh);
2203 s->s3->tmp.dh = NULL;
2204 }
2202#endif 2205#endif
2203#ifndef OPENSSL_NO_ECDH 2206#ifndef OPENSSL_NO_ECDH
2204 if (s->s3->tmp.ecdh != NULL) 2207 if (s->s3->tmp.ecdh != NULL)
2208 {
2205 EC_KEY_free(s->s3->tmp.ecdh); 2209 EC_KEY_free(s->s3->tmp.ecdh);
2210 s->s3->tmp.ecdh = NULL;
2211 }
2206#endif 2212#endif
2207 2213
2208 rp = s->s3->rbuf.buf; 2214 rp = s->s3->rbuf.buf;
diff --git a/src/lib/libssl/s3_pkt.c b/src/lib/libssl/s3_pkt.c
index e3f6050a26..f9b3629cf7 100644
--- a/src/lib/libssl/s3_pkt.c
+++ b/src/lib/libssl/s3_pkt.c
@@ -246,7 +246,8 @@ int ssl3_read_n(SSL *s, int n, int max, int extend)
246 if (i <= 0) 246 if (i <= 0)
247 { 247 {
248 rb->left = left; 248 rb->left = left;
249 if (s->mode & SSL_MODE_RELEASE_BUFFERS) 249 if (s->mode & SSL_MODE_RELEASE_BUFFERS &&
250 SSL_version(s) != DTLS1_VERSION && SSL_version(s) != DTLS1_BAD_VER)
250 if (len+left == 0) 251 if (len+left == 0)
251 ssl3_release_read_buffer(s); 252 ssl3_release_read_buffer(s);
252 return(i); 253 return(i);
@@ -846,7 +847,8 @@ int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
846 { 847 {
847 wb->left=0; 848 wb->left=0;
848 wb->offset+=i; 849 wb->offset+=i;
849 if (s->mode & SSL_MODE_RELEASE_BUFFERS) 850 if (s->mode & SSL_MODE_RELEASE_BUFFERS &&
851 SSL_version(s) != DTLS1_VERSION && SSL_version(s) != DTLS1_BAD_VER)
850 ssl3_release_write_buffer(s); 852 ssl3_release_write_buffer(s);
851 s->rwstate=SSL_NOTHING; 853 s->rwstate=SSL_NOTHING;
852 return(s->s3->wpend_ret); 854 return(s->s3->wpend_ret);
diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c
index 92f73b6681..c3b5ff33ff 100644
--- a/src/lib/libssl/s3_srvr.c
+++ b/src/lib/libssl/s3_srvr.c
@@ -768,9 +768,7 @@ int ssl3_check_client_hello(SSL *s)
768 if (s->s3->tmp.message_type == SSL3_MT_CLIENT_HELLO) 768 if (s->s3->tmp.message_type == SSL3_MT_CLIENT_HELLO)
769 { 769 {
770 /* Throw away what we have done so far in the current handshake, 770 /* Throw away what we have done so far in the current handshake,
771 * which will now be aborted. (A full SSL_clear would be too much.) 771 * which will now be aborted. (A full SSL_clear would be too much.) */
772 * I hope that tmp.dh is the only thing that may need to be cleared
773 * when a handshake is not completed ... */
774#ifndef OPENSSL_NO_DH 772#ifndef OPENSSL_NO_DH
775 if (s->s3->tmp.dh != NULL) 773 if (s->s3->tmp.dh != NULL)
776 { 774 {
@@ -778,6 +776,13 @@ int ssl3_check_client_hello(SSL *s)
778 s->s3->tmp.dh = NULL; 776 s->s3->tmp.dh = NULL;
779 } 777 }
780#endif 778#endif
779#ifndef OPENSSL_NO_ECDH
780 if (s->s3->tmp.ecdh != NULL)
781 {
782 EC_KEY_free(s->s3->tmp.ecdh);
783 s->s3->tmp.ecdh = NULL;
784 }
785#endif
781 return 2; 786 return 2;
782 } 787 }
783 return 1; 788 return 1;
@@ -985,6 +990,10 @@ int ssl3_get_client_hello(SSL *s)
985 break; 990 break;
986 } 991 }
987 } 992 }
993/* Disabled because it can be used in a ciphersuite downgrade
994 * attack: CVE-2010-4180.
995 */
996#if 0
988 if (j == 0 && (s->options & SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG) && (sk_SSL_CIPHER_num(ciphers) == 1)) 997 if (j == 0 && (s->options & SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG) && (sk_SSL_CIPHER_num(ciphers) == 1))
989 { 998 {
990 /* Special case as client bug workaround: the previously used cipher may 999 /* Special case as client bug workaround: the previously used cipher may
@@ -999,6 +1008,7 @@ int ssl3_get_client_hello(SSL *s)
999 j = 1; 1008 j = 1;
1000 } 1009 }
1001 } 1010 }
1011#endif
1002 if (j == 0) 1012 if (j == 0)
1003 { 1013 {
1004 /* we need to have the cipher in the cipher 1014 /* we need to have the cipher in the cipher
@@ -1486,7 +1496,6 @@ int ssl3_send_server_key_exchange(SSL *s)
1486 1496
1487 if (s->s3->tmp.dh != NULL) 1497 if (s->s3->tmp.dh != NULL)
1488 { 1498 {
1489 DH_free(dh);
1490 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); 1499 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
1491 goto err; 1500 goto err;
1492 } 1501 }
@@ -1547,7 +1556,6 @@ int ssl3_send_server_key_exchange(SSL *s)
1547 1556
1548 if (s->s3->tmp.ecdh != NULL) 1557 if (s->s3->tmp.ecdh != NULL)
1549 { 1558 {
1550 EC_KEY_free(s->s3->tmp.ecdh);
1551 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); 1559 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
1552 goto err; 1560 goto err;
1553 } 1561 }
@@ -1558,12 +1566,11 @@ int ssl3_send_server_key_exchange(SSL *s)
1558 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB); 1566 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
1559 goto err; 1567 goto err;
1560 } 1568 }
1561 if (!EC_KEY_up_ref(ecdhp)) 1569 if ((ecdh = EC_KEY_dup(ecdhp)) == NULL)
1562 { 1570 {
1563 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB); 1571 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
1564 goto err; 1572 goto err;
1565 } 1573 }
1566 ecdh = ecdhp;
1567 1574
1568 s->s3->tmp.ecdh=ecdh; 1575 s->s3->tmp.ecdh=ecdh;
1569 if ((EC_KEY_get0_public_key(ecdh) == NULL) || 1576 if ((EC_KEY_get0_public_key(ecdh) == NULL) ||
@@ -1726,6 +1733,7 @@ int ssl3_send_server_key_exchange(SSL *s)
1726 (unsigned char *)encodedPoint, 1733 (unsigned char *)encodedPoint,
1727 encodedlen); 1734 encodedlen);
1728 OPENSSL_free(encodedPoint); 1735 OPENSSL_free(encodedPoint);
1736 encodedPoint = NULL;
1729 p += encodedlen; 1737 p += encodedlen;
1730 } 1738 }
1731#endif 1739#endif
@@ -2435,6 +2443,12 @@ int ssl3_get_client_key_exchange(SSL *s)
2435 /* Get encoded point length */ 2443 /* Get encoded point length */
2436 i = *p; 2444 i = *p;
2437 p += 1; 2445 p += 1;
2446 if (n != 1 + i)
2447 {
2448 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2449 ERR_R_EC_LIB);
2450 goto err;
2451 }
2438 if (EC_POINT_oct2point(group, 2452 if (EC_POINT_oct2point(group,
2439 clnt_ecpoint, p, i, bn_ctx) == 0) 2453 clnt_ecpoint, p, i, bn_ctx) == 0)
2440 { 2454 {
@@ -2579,12 +2593,19 @@ int ssl3_get_client_key_exchange(SSL *s)
2579 { 2593 {
2580 int ret = 0; 2594 int ret = 0;
2581 EVP_PKEY_CTX *pkey_ctx; 2595 EVP_PKEY_CTX *pkey_ctx;
2582 EVP_PKEY *client_pub_pkey = NULL; 2596 EVP_PKEY *client_pub_pkey = NULL, *pk = NULL;
2583 unsigned char premaster_secret[32], *start; 2597 unsigned char premaster_secret[32], *start;
2584 size_t outlen=32, inlen; 2598 size_t outlen=32, inlen;
2599 unsigned long alg_a;
2585 2600
2586 /* Get our certificate private key*/ 2601 /* Get our certificate private key*/
2587 pkey_ctx = EVP_PKEY_CTX_new(s->cert->key->privatekey,NULL); 2602 alg_a = s->s3->tmp.new_cipher->algorithm_auth;
2603 if (alg_a & SSL_aGOST94)
2604 pk = s->cert->pkeys[SSL_PKEY_GOST94].privatekey;
2605 else if (alg_a & SSL_aGOST01)
2606 pk = s->cert->pkeys[SSL_PKEY_GOST01].privatekey;
2607
2608 pkey_ctx = EVP_PKEY_CTX_new(pk,NULL);
2588 EVP_PKEY_decrypt_init(pkey_ctx); 2609 EVP_PKEY_decrypt_init(pkey_ctx);
2589 /* If client certificate is present and is of the same type, maybe 2610 /* If client certificate is present and is of the same type, maybe
2590 * use it for key exchange. Don't mind errors from 2611 * use it for key exchange. Don't mind errors from
diff --git a/src/lib/libssl/ssl_asn1.c b/src/lib/libssl/ssl_asn1.c
index 28709978b5..d7f4c6087e 100644
--- a/src/lib/libssl/ssl_asn1.c
+++ b/src/lib/libssl/ssl_asn1.c
@@ -357,7 +357,7 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
357SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, 357SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
358 long length) 358 long length)
359 { 359 {
360 int version,ssl_version=0,i; 360 int ssl_version=0,i;
361 long id; 361 long id;
362 ASN1_INTEGER ai,*aip; 362 ASN1_INTEGER ai,*aip;
363 ASN1_OCTET_STRING os,*osp; 363 ASN1_OCTET_STRING os,*osp;
@@ -371,7 +371,6 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
371 371
372 ai.data=NULL; ai.length=0; 372 ai.data=NULL; ai.length=0;
373 M_ASN1_D2I_get_x(ASN1_INTEGER,aip,d2i_ASN1_INTEGER); 373 M_ASN1_D2I_get_x(ASN1_INTEGER,aip,d2i_ASN1_INTEGER);
374 version=(int)ASN1_INTEGER_get(aip);
375 if (ai.data != NULL) { OPENSSL_free(ai.data); ai.data=NULL; ai.length=0; } 374 if (ai.data != NULL) { OPENSSL_free(ai.data); ai.data=NULL; ai.length=0; }
376 375
377 /* we don't care about the version right now :-) */ 376 /* we don't care about the version right now :-) */
diff --git a/src/lib/libssl/ssl_ciph.c b/src/lib/libssl/ssl_ciph.c
index bee3507ea1..a8ce186b78 100644
--- a/src/lib/libssl/ssl_ciph.c
+++ b/src/lib/libssl/ssl_ciph.c
@@ -1027,7 +1027,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
1027 const SSL_CIPHER **ca_list) 1027 const SSL_CIPHER **ca_list)
1028 { 1028 {
1029 unsigned long alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength; 1029 unsigned long alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength;
1030 const char *l, *start, *buf; 1030 const char *l, *buf;
1031 int j, multi, found, rule, retval, ok, buflen; 1031 int j, multi, found, rule, retval, ok, buflen;
1032 unsigned long cipher_id = 0; 1032 unsigned long cipher_id = 0;
1033 char ch; 1033 char ch;
@@ -1064,7 +1064,6 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
1064 alg_ssl = 0; 1064 alg_ssl = 0;
1065 algo_strength = 0; 1065 algo_strength = 0;
1066 1066
1067 start=l;
1068 for (;;) 1067 for (;;)
1069 { 1068 {
1070 ch = *l; 1069 ch = *l;
@@ -1456,7 +1455,7 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
1456 int is_export,pkl,kl; 1455 int is_export,pkl,kl;
1457 const char *ver,*exp_str; 1456 const char *ver,*exp_str;
1458 const char *kx,*au,*enc,*mac; 1457 const char *kx,*au,*enc,*mac;
1459 unsigned long alg_mkey,alg_auth,alg_enc,alg_mac,alg_ssl,alg2,alg_s; 1458 unsigned long alg_mkey,alg_auth,alg_enc,alg_mac,alg_ssl,alg2;
1460#ifdef KSSL_DEBUG 1459#ifdef KSSL_DEBUG
1461 static const char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s AL=%lx/%lx/%lx/%lx/%lx\n"; 1460 static const char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s AL=%lx/%lx/%lx/%lx/%lx\n";
1462#else 1461#else
@@ -1469,7 +1468,6 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
1469 alg_mac = cipher->algorithm_mac; 1468 alg_mac = cipher->algorithm_mac;
1470 alg_ssl = cipher->algorithm_ssl; 1469 alg_ssl = cipher->algorithm_ssl;
1471 1470
1472 alg_s=cipher->algo_strength;
1473 alg2=cipher->algorithm2; 1471 alg2=cipher->algorithm2;
1474 1472
1475 is_export=SSL_C_IS_EXPORT(cipher); 1473 is_export=SSL_C_IS_EXPORT(cipher);
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
index 3157f20eac..46732791fd 100644
--- a/src/lib/libssl/ssl_lib.c
+++ b/src/lib/libssl/ssl_lib.c
@@ -1833,7 +1833,7 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
1833#endif 1833#endif
1834 X509 *x = NULL; 1834 X509 *x = NULL;
1835 EVP_PKEY *ecc_pkey = NULL; 1835 EVP_PKEY *ecc_pkey = NULL;
1836 int signature_nid = 0; 1836 int signature_nid = 0, pk_nid = 0, md_nid = 0;
1837 1837
1838 if (c == NULL) return; 1838 if (c == NULL) return;
1839 1839
@@ -1963,18 +1963,15 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
1963 EVP_PKEY_bits(ecc_pkey) : 0; 1963 EVP_PKEY_bits(ecc_pkey) : 0;
1964 EVP_PKEY_free(ecc_pkey); 1964 EVP_PKEY_free(ecc_pkey);
1965 if ((x->sig_alg) && (x->sig_alg->algorithm)) 1965 if ((x->sig_alg) && (x->sig_alg->algorithm))
1966 {
1966 signature_nid = OBJ_obj2nid(x->sig_alg->algorithm); 1967 signature_nid = OBJ_obj2nid(x->sig_alg->algorithm);
1968 OBJ_find_sigid_algs(signature_nid, &md_nid, &pk_nid);
1969 }
1967#ifndef OPENSSL_NO_ECDH 1970#ifndef OPENSSL_NO_ECDH
1968 if (ecdh_ok) 1971 if (ecdh_ok)
1969 { 1972 {
1970 const char *sig = OBJ_nid2ln(signature_nid); 1973
1971 if (sig == NULL) 1974 if (pk_nid == NID_rsaEncryption || pk_nid == NID_rsa)
1972 {
1973 ERR_clear_error();
1974 sig = "unknown";
1975 }
1976
1977 if (strstr(sig, "WithRSA"))
1978 { 1975 {
1979 mask_k|=SSL_kECDHr; 1976 mask_k|=SSL_kECDHr;
1980 mask_a|=SSL_aECDH; 1977 mask_a|=SSL_aECDH;
@@ -1985,7 +1982,7 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
1985 } 1982 }
1986 } 1983 }
1987 1984
1988 if (signature_nid == NID_ecdsa_with_SHA1) 1985 if (pk_nid == NID_X9_62_id_ecPublicKey)
1989 { 1986 {
1990 mask_k|=SSL_kECDHe; 1987 mask_k|=SSL_kECDHe;
1991 mask_a|=SSL_aECDH; 1988 mask_a|=SSL_aECDH;
@@ -2039,7 +2036,7 @@ int ssl_check_srvr_ecc_cert_and_alg(X509 *x, const SSL_CIPHER *cs)
2039 unsigned long alg_k, alg_a; 2036 unsigned long alg_k, alg_a;
2040 EVP_PKEY *pkey = NULL; 2037 EVP_PKEY *pkey = NULL;
2041 int keysize = 0; 2038 int keysize = 0;
2042 int signature_nid = 0; 2039 int signature_nid = 0, md_nid = 0, pk_nid = 0;
2043 2040
2044 alg_k = cs->algorithm_mkey; 2041 alg_k = cs->algorithm_mkey;
2045 alg_a = cs->algorithm_auth; 2042 alg_a = cs->algorithm_auth;
@@ -2057,7 +2054,10 @@ int ssl_check_srvr_ecc_cert_and_alg(X509 *x, const SSL_CIPHER *cs)
2057 /* This call populates the ex_flags field correctly */ 2054 /* This call populates the ex_flags field correctly */
2058 X509_check_purpose(x, -1, 0); 2055 X509_check_purpose(x, -1, 0);
2059 if ((x->sig_alg) && (x->sig_alg->algorithm)) 2056 if ((x->sig_alg) && (x->sig_alg->algorithm))
2057 {
2060 signature_nid = OBJ_obj2nid(x->sig_alg->algorithm); 2058 signature_nid = OBJ_obj2nid(x->sig_alg->algorithm);
2059 OBJ_find_sigid_algs(signature_nid, &md_nid, &pk_nid);
2060 }
2061 if (alg_k & SSL_kECDHe || alg_k & SSL_kECDHr) 2061 if (alg_k & SSL_kECDHe || alg_k & SSL_kECDHr)
2062 { 2062 {
2063 /* key usage, if present, must allow key agreement */ 2063 /* key usage, if present, must allow key agreement */
@@ -2069,7 +2069,7 @@ int ssl_check_srvr_ecc_cert_and_alg(X509 *x, const SSL_CIPHER *cs)
2069 if (alg_k & SSL_kECDHe) 2069 if (alg_k & SSL_kECDHe)
2070 { 2070 {
2071 /* signature alg must be ECDSA */ 2071 /* signature alg must be ECDSA */
2072 if (signature_nid != NID_ecdsa_with_SHA1) 2072 if (pk_nid != NID_X9_62_id_ecPublicKey)
2073 { 2073 {
2074 SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE); 2074 SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE);
2075 return 0; 2075 return 0;
@@ -2079,13 +2079,7 @@ int ssl_check_srvr_ecc_cert_and_alg(X509 *x, const SSL_CIPHER *cs)
2079 { 2079 {
2080 /* signature alg must be RSA */ 2080 /* signature alg must be RSA */
2081 2081
2082 const char *sig = OBJ_nid2ln(signature_nid); 2082 if (pk_nid != NID_rsaEncryption && pk_nid != NID_rsa)
2083 if (sig == NULL)
2084 {
2085 ERR_clear_error();
2086 sig = "unknown";
2087 }
2088 if (strstr(sig, "WithRSA") == NULL)
2089 { 2083 {
2090 SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE); 2084 SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE);
2091 return 0; 2085 return 0;
@@ -2110,23 +2104,12 @@ int ssl_check_srvr_ecc_cert_and_alg(X509 *x, const SSL_CIPHER *cs)
2110/* THIS NEEDS CLEANING UP */ 2104/* THIS NEEDS CLEANING UP */
2111X509 *ssl_get_server_send_cert(SSL *s) 2105X509 *ssl_get_server_send_cert(SSL *s)
2112 { 2106 {
2113 unsigned long alg_k,alg_a,mask_k,mask_a; 2107 unsigned long alg_k,alg_a;
2114 CERT *c; 2108 CERT *c;
2115 int i,is_export; 2109 int i;
2116 2110
2117 c=s->cert; 2111 c=s->cert;
2118 ssl_set_cert_masks(c, s->s3->tmp.new_cipher); 2112 ssl_set_cert_masks(c, s->s3->tmp.new_cipher);
2119 is_export=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher);
2120 if (is_export)
2121 {
2122 mask_k = c->export_mask_k;
2123 mask_a = c->export_mask_a;
2124 }
2125 else
2126 {
2127 mask_k = c->mask_k;
2128 mask_a = c->mask_a;
2129 }
2130 2113
2131 alg_k = s->s3->tmp.new_cipher->algorithm_mkey; 2114 alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
2132 alg_a = s->s3->tmp.new_cipher->algorithm_auth; 2115 alg_a = s->s3->tmp.new_cipher->algorithm_auth;
diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c
index 9719541f2b..793ea43e90 100644
--- a/src/lib/libssl/t1_enc.c
+++ b/src/lib/libssl/t1_enc.c
@@ -157,7 +157,7 @@ static int tls1_P_hash(const EVP_MD *md, const unsigned char *sec,
157 const void *seed5, int seed5_len, 157 const void *seed5, int seed5_len,
158 unsigned char *out, int olen) 158 unsigned char *out, int olen)
159 { 159 {
160 int chunk,n; 160 int chunk;
161 unsigned int j; 161 unsigned int j;
162 HMAC_CTX ctx; 162 HMAC_CTX ctx;
163 HMAC_CTX ctx_tmp; 163 HMAC_CTX ctx_tmp;
@@ -187,7 +187,6 @@ static int tls1_P_hash(const EVP_MD *md, const unsigned char *sec,
187 if (!HMAC_Final(&ctx,A1,&A1_len)) 187 if (!HMAC_Final(&ctx,A1,&A1_len))
188 goto err; 188 goto err;
189 189
190 n=0;
191 for (;;) 190 for (;;)
192 { 191 {
193 if (!HMAC_Init_ex(&ctx,NULL,0,NULL,NULL)) /* re-init */ 192 if (!HMAC_Init_ex(&ctx,NULL,0,NULL,NULL)) /* re-init */
@@ -309,13 +308,13 @@ static int tls1_generate_key_block(SSL *s, unsigned char *km,
309int tls1_change_cipher_state(SSL *s, int which) 308int tls1_change_cipher_state(SSL *s, int which)
310 { 309 {
311 static const unsigned char empty[]=""; 310 static const unsigned char empty[]="";
312 unsigned char *p,*key_block,*mac_secret; 311 unsigned char *p,*mac_secret;
313 unsigned char *exp_label; 312 unsigned char *exp_label;
314 unsigned char tmp1[EVP_MAX_KEY_LENGTH]; 313 unsigned char tmp1[EVP_MAX_KEY_LENGTH];
315 unsigned char tmp2[EVP_MAX_KEY_LENGTH]; 314 unsigned char tmp2[EVP_MAX_KEY_LENGTH];
316 unsigned char iv1[EVP_MAX_IV_LENGTH*2]; 315 unsigned char iv1[EVP_MAX_IV_LENGTH*2];
317 unsigned char iv2[EVP_MAX_IV_LENGTH*2]; 316 unsigned char iv2[EVP_MAX_IV_LENGTH*2];
318 unsigned char *ms,*key,*iv,*er1,*er2; 317 unsigned char *ms,*key,*iv;
319 int client_write; 318 int client_write;
320 EVP_CIPHER_CTX *dd; 319 EVP_CIPHER_CTX *dd;
321 const EVP_CIPHER *c; 320 const EVP_CIPHER *c;
@@ -337,7 +336,6 @@ int tls1_change_cipher_state(SSL *s, int which)
337#ifndef OPENSSL_NO_COMP 336#ifndef OPENSSL_NO_COMP
338 comp=s->s3->tmp.new_compression; 337 comp=s->s3->tmp.new_compression;
339#endif 338#endif
340 key_block=s->s3->tmp.key_block;
341 339
342#ifdef KSSL_DEBUG 340#ifdef KSSL_DEBUG
343 printf("tls1_change_cipher_state(which= %d) w/\n", which); 341 printf("tls1_change_cipher_state(which= %d) w/\n", which);
@@ -448,8 +446,6 @@ int tls1_change_cipher_state(SSL *s, int which)
448 cl : SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher)) : cl; 446 cl : SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher)) : cl;
449 /* Was j=(exp)?5:EVP_CIPHER_key_length(c); */ 447 /* Was j=(exp)?5:EVP_CIPHER_key_length(c); */
450 k=EVP_CIPHER_iv_length(c); 448 k=EVP_CIPHER_iv_length(c);
451 er1= &(s->s3->client_random[0]);
452 er2= &(s->s3->server_random[0]);
453 if ( (which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) || 449 if ( (which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) ||
454 (which == SSL3_CHANGE_CIPHER_SERVER_READ)) 450 (which == SSL3_CHANGE_CIPHER_SERVER_READ))
455 { 451 {
@@ -880,7 +876,7 @@ int tls1_final_finish_mac(SSL *s,
880int tls1_mac(SSL *ssl, unsigned char *md, int send) 876int tls1_mac(SSL *ssl, unsigned char *md, int send)
881 { 877 {
882 SSL3_RECORD *rec; 878 SSL3_RECORD *rec;
883 unsigned char *mac_sec,*seq; 879 unsigned char *seq;
884 EVP_MD_CTX *hash; 880 EVP_MD_CTX *hash;
885 size_t md_size; 881 size_t md_size;
886 int i; 882 int i;
@@ -892,14 +888,12 @@ int tls1_mac(SSL *ssl, unsigned char *md, int send)
892 if (send) 888 if (send)
893 { 889 {
894 rec= &(ssl->s3->wrec); 890 rec= &(ssl->s3->wrec);
895 mac_sec= &(ssl->s3->write_mac_secret[0]);
896 seq= &(ssl->s3->write_sequence[0]); 891 seq= &(ssl->s3->write_sequence[0]);
897 hash=ssl->write_hash; 892 hash=ssl->write_hash;
898 } 893 }
899 else 894 else
900 { 895 {
901 rec= &(ssl->s3->rrec); 896 rec= &(ssl->s3->rrec);
902 mac_sec= &(ssl->s3->read_mac_secret[0]);
903 seq= &(ssl->s3->read_sequence[0]); 897 seq= &(ssl->s3->read_sequence[0]);
904 hash=ssl->read_hash; 898 hash=ssl->read_hash;
905 } 899 }
diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c
index e8bc34c111..85371c87b8 100644
--- a/src/lib/libssl/t1_lib.c
+++ b/src/lib/libssl/t1_lib.c
@@ -714,14 +714,23 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
714 switch (servname_type) 714 switch (servname_type)
715 { 715 {
716 case TLSEXT_NAMETYPE_host_name: 716 case TLSEXT_NAMETYPE_host_name:
717 if (s->session->tlsext_hostname == NULL) 717 if (!s->hit)
718 { 718 {
719 if (len > TLSEXT_MAXLEN_host_name || 719 if(s->session->tlsext_hostname)
720 ((s->session->tlsext_hostname = OPENSSL_malloc(len+1)) == NULL)) 720 {
721 *al = SSL_AD_DECODE_ERROR;
722 return 0;
723 }
724 if (len > TLSEXT_MAXLEN_host_name)
721 { 725 {
722 *al = TLS1_AD_UNRECOGNIZED_NAME; 726 *al = TLS1_AD_UNRECOGNIZED_NAME;
723 return 0; 727 return 0;
724 } 728 }
729 if ((s->session->tlsext_hostname = OPENSSL_malloc(len+1)) == NULL)
730 {
731 *al = TLS1_AD_INTERNAL_ERROR;
732 return 0;
733 }
725 memcpy(s->session->tlsext_hostname, sdata, len); 734 memcpy(s->session->tlsext_hostname, sdata, len);
726 s->session->tlsext_hostname[len]='\0'; 735 s->session->tlsext_hostname[len]='\0';
727 if (strlen(s->session->tlsext_hostname) != len) { 736 if (strlen(s->session->tlsext_hostname) != len) {
@@ -734,7 +743,8 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
734 743
735 } 744 }
736 else 745 else
737 s->servername_done = strlen(s->session->tlsext_hostname) == len 746 s->servername_done = s->session->tlsext_hostname
747 && strlen(s->session->tlsext_hostname) == len
738 && strncmp(s->session->tlsext_hostname, (char *)sdata, len) == 0; 748 && strncmp(s->session->tlsext_hostname, (char *)sdata, len) == 0;
739 749
740 break; 750 break;
@@ -765,15 +775,22 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
765 *al = TLS1_AD_DECODE_ERROR; 775 *al = TLS1_AD_DECODE_ERROR;
766 return 0; 776 return 0;
767 } 777 }
768 s->session->tlsext_ecpointformatlist_length = 0; 778 if (!s->hit)
769 if (s->session->tlsext_ecpointformatlist != NULL) OPENSSL_free(s->session->tlsext_ecpointformatlist);
770 if ((s->session->tlsext_ecpointformatlist = OPENSSL_malloc(ecpointformatlist_length)) == NULL)
771 { 779 {
772 *al = TLS1_AD_INTERNAL_ERROR; 780 if(s->session->tlsext_ecpointformatlist)
773 return 0; 781 {
782 OPENSSL_free(s->session->tlsext_ecpointformatlist);
783 s->session->tlsext_ecpointformatlist = NULL;
784 }
785 s->session->tlsext_ecpointformatlist_length = 0;
786 if ((s->session->tlsext_ecpointformatlist = OPENSSL_malloc(ecpointformatlist_length)) == NULL)
787 {
788 *al = TLS1_AD_INTERNAL_ERROR;
789 return 0;
790 }
791 s->session->tlsext_ecpointformatlist_length = ecpointformatlist_length;
792 memcpy(s->session->tlsext_ecpointformatlist, sdata, ecpointformatlist_length);
774 } 793 }
775 s->session->tlsext_ecpointformatlist_length = ecpointformatlist_length;
776 memcpy(s->session->tlsext_ecpointformatlist, sdata, ecpointformatlist_length);
777#if 0 794#if 0
778 fprintf(stderr,"ssl_parse_clienthello_tlsext s->session->tlsext_ecpointformatlist (length=%i) ", s->session->tlsext_ecpointformatlist_length); 795 fprintf(stderr,"ssl_parse_clienthello_tlsext s->session->tlsext_ecpointformatlist (length=%i) ", s->session->tlsext_ecpointformatlist_length);
779 sdata = s->session->tlsext_ecpointformatlist; 796 sdata = s->session->tlsext_ecpointformatlist;
@@ -794,15 +811,22 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
794 *al = TLS1_AD_DECODE_ERROR; 811 *al = TLS1_AD_DECODE_ERROR;
795 return 0; 812 return 0;
796 } 813 }
797 s->session->tlsext_ellipticcurvelist_length = 0; 814 if (!s->hit)
798 if (s->session->tlsext_ellipticcurvelist != NULL) OPENSSL_free(s->session->tlsext_ellipticcurvelist);
799 if ((s->session->tlsext_ellipticcurvelist = OPENSSL_malloc(ellipticcurvelist_length)) == NULL)
800 { 815 {
801 *al = TLS1_AD_INTERNAL_ERROR; 816 if(s->session->tlsext_ellipticcurvelist)
802 return 0; 817 {
818 *al = TLS1_AD_DECODE_ERROR;
819 return 0;
820 }
821 s->session->tlsext_ellipticcurvelist_length = 0;
822 if ((s->session->tlsext_ellipticcurvelist = OPENSSL_malloc(ellipticcurvelist_length)) == NULL)
823 {
824 *al = TLS1_AD_INTERNAL_ERROR;
825 return 0;
826 }
827 s->session->tlsext_ellipticcurvelist_length = ellipticcurvelist_length;
828 memcpy(s->session->tlsext_ellipticcurvelist, sdata, ellipticcurvelist_length);
803 } 829 }
804 s->session->tlsext_ellipticcurvelist_length = ellipticcurvelist_length;
805 memcpy(s->session->tlsext_ellipticcurvelist, sdata, ellipticcurvelist_length);
806#if 0 830#if 0
807 fprintf(stderr,"ssl_parse_clienthello_tlsext s->session->tlsext_ellipticcurvelist (length=%i) ", s->session->tlsext_ellipticcurvelist_length); 831 fprintf(stderr,"ssl_parse_clienthello_tlsext s->session->tlsext_ellipticcurvelist (length=%i) ", s->session->tlsext_ellipticcurvelist_length);
808 sdata = s->session->tlsext_ellipticcurvelist; 832 sdata = s->session->tlsext_ellipticcurvelist;
@@ -893,6 +917,7 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
893 } 917 }
894 n2s(data, idsize); 918 n2s(data, idsize);
895 dsize -= 2 + idsize; 919 dsize -= 2 + idsize;
920 size -= 2 + idsize;
896 if (dsize < 0) 921 if (dsize < 0)
897 { 922 {
898 *al = SSL_AD_DECODE_ERROR; 923 *al = SSL_AD_DECODE_ERROR;
@@ -931,9 +956,14 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
931 } 956 }
932 957
933 /* Read in request_extensions */ 958 /* Read in request_extensions */
959 if (size < 2)
960 {
961 *al = SSL_AD_DECODE_ERROR;
962 return 0;
963 }
934 n2s(data,dsize); 964 n2s(data,dsize);
935 size -= 2; 965 size -= 2;
936 if (dsize > size) 966 if (dsize != size)
937 { 967 {
938 *al = SSL_AD_DECODE_ERROR; 968 *al = SSL_AD_DECODE_ERROR;
939 return 0; 969 return 0;
@@ -983,9 +1013,9 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
983 1013
984int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, int n, int *al) 1014int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, int n, int *al)
985 { 1015 {
1016 unsigned short length;
986 unsigned short type; 1017 unsigned short type;
987 unsigned short size; 1018 unsigned short size;
988 unsigned short len;
989 unsigned char *data = *p; 1019 unsigned char *data = *p;
990 int tlsext_servername = 0; 1020 int tlsext_servername = 0;
991 int renegotiate_seen = 0; 1021 int renegotiate_seen = 0;
@@ -993,7 +1023,12 @@ int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
993 if (data >= (d+n-2)) 1023 if (data >= (d+n-2))
994 goto ri_check; 1024 goto ri_check;
995 1025
996 n2s(data,len); 1026 n2s(data,length);
1027 if (data+length != d+n)
1028 {
1029 *al = SSL_AD_DECODE_ERROR;
1030 return 0;
1031 }
997 1032
998 while(data <= (d+n-4)) 1033 while(data <= (d+n-4))
999 { 1034 {
@@ -1423,23 +1458,20 @@ int ssl_check_serverhello_tlsext(SSL *s)
1423 int al = SSL_AD_UNRECOGNIZED_NAME; 1458 int al = SSL_AD_UNRECOGNIZED_NAME;
1424 1459
1425#ifndef OPENSSL_NO_EC 1460#ifndef OPENSSL_NO_EC
1426 /* If we are client and using an elliptic curve cryptography cipher suite, then server 1461 /* If we are client and using an elliptic curve cryptography cipher
1427 * must return a an EC point formats lists containing uncompressed. 1462 * suite, then if server returns an EC point formats lists extension
1463 * it must contain uncompressed.
1428 */ 1464 */
1429 unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey; 1465 unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
1430 unsigned long alg_a = s->s3->tmp.new_cipher->algorithm_auth; 1466 unsigned long alg_a = s->s3->tmp.new_cipher->algorithm_auth;
1431 if ((s->tlsext_ecpointformatlist != NULL) && (s->tlsext_ecpointformatlist_length > 0) && 1467 if ((s->tlsext_ecpointformatlist != NULL) && (s->tlsext_ecpointformatlist_length > 0) &&
1468 (s->session->tlsext_ecpointformatlist != NULL) && (s->session->tlsext_ecpointformatlist_length > 0) &&
1432 ((alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) || (alg_a & SSL_aECDSA))) 1469 ((alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) || (alg_a & SSL_aECDSA)))
1433 { 1470 {
1434 /* we are using an ECC cipher */ 1471 /* we are using an ECC cipher */
1435 size_t i; 1472 size_t i;
1436 unsigned char *list; 1473 unsigned char *list;
1437 int found_uncompressed = 0; 1474 int found_uncompressed = 0;
1438 if ((s->session->tlsext_ecpointformatlist == NULL) || (s->session->tlsext_ecpointformatlist_length == 0))
1439 {
1440 SSLerr(SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT,SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST);
1441 return -1;
1442 }
1443 list = s->session->tlsext_ecpointformatlist; 1475 list = s->session->tlsext_ecpointformatlist;
1444 for (i = 0; i < s->session->tlsext_ecpointformatlist_length; i++) 1476 for (i = 0; i < s->session->tlsext_ecpointformatlist_length; i++)
1445 { 1477 {
diff --git a/src/lib/libssl/test/cms-test.pl b/src/lib/libssl/test/cms-test.pl
index 9c50dff3e9..c938bcf00d 100644
--- a/src/lib/libssl/test/cms-test.pl
+++ b/src/lib/libssl/test/cms-test.pl
@@ -54,9 +54,13 @@
54# OpenSSL PKCS#7 and CMS implementations. 54# OpenSSL PKCS#7 and CMS implementations.
55 55
56my $ossl_path; 56my $ossl_path;
57my $redir = " 2>cms.err 1>cms.out"; 57my $redir = " 2> cms.err > cms.out";
58# Make VMS work
59if ( $^O eq "VMS" && -f "OSSLX:openssl.exe" ) {
60 $ossl_path = "pipe mcr OSSLX:openssl";
61}
58# Make MSYS work 62# Make MSYS work
59if ( $^O eq "MSWin32" && -f "../apps/openssl.exe" ) { 63elsif ( $^O eq "MSWin32" && -f "../apps/openssl.exe" ) {
60 $ossl_path = "cmd /c ..\\apps\\openssl"; 64 $ossl_path = "cmd /c ..\\apps\\openssl";
61} 65}
62elsif ( -f "../apps/openssl$ENV{EXE_EXT}" ) { 66elsif ( -f "../apps/openssl$ENV{EXE_EXT}" ) {
@@ -84,79 +88,79 @@ my @smime_pkcs7_tests = (
84 88
85 [ 89 [
86 "signed content DER format, RSA key", 90 "signed content DER format, RSA key",
87 "-sign -in smcont.txt -outform DER -nodetach" 91 "-sign -in smcont.txt -outform \"DER\" -nodetach"
88 . " -certfile $smdir/smroot.pem" 92 . " -certfile $smdir/smroot.pem"
89 . " -signer $smdir/smrsa1.pem -out test.cms", 93 . " -signer $smdir/smrsa1.pem -out test.cms",
90 "-verify -in test.cms -inform DER " 94 "-verify -in test.cms -inform \"DER\" "
91 . " -CAfile $smdir/smroot.pem -out smtst.txt" 95 . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt"
92 ], 96 ],
93 97
94 [ 98 [
95 "signed detached content DER format, RSA key", 99 "signed detached content DER format, RSA key",
96 "-sign -in smcont.txt -outform DER" 100 "-sign -in smcont.txt -outform \"DER\""
97 . " -signer $smdir/smrsa1.pem -out test.cms", 101 . " -signer $smdir/smrsa1.pem -out test.cms",
98 "-verify -in test.cms -inform DER " 102 "-verify -in test.cms -inform \"DER\" "
99 . " -CAfile $smdir/smroot.pem -out smtst.txt -content smcont.txt" 103 . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt -content smcont.txt"
100 ], 104 ],
101 105
102 [ 106 [
103 "signed content test streaming BER format, RSA", 107 "signed content test streaming BER format, RSA",
104 "-sign -in smcont.txt -outform DER -nodetach" 108 "-sign -in smcont.txt -outform \"DER\" -nodetach"
105 . " -stream -signer $smdir/smrsa1.pem -out test.cms", 109 . " -stream -signer $smdir/smrsa1.pem -out test.cms",
106 "-verify -in test.cms -inform DER " 110 "-verify -in test.cms -inform \"DER\" "
107 . " -CAfile $smdir/smroot.pem -out smtst.txt" 111 . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt"
108 ], 112 ],
109 113
110 [ 114 [
111 "signed content DER format, DSA key", 115 "signed content DER format, DSA key",
112 "-sign -in smcont.txt -outform DER -nodetach" 116 "-sign -in smcont.txt -outform \"DER\" -nodetach"
113 . " -signer $smdir/smdsa1.pem -out test.cms", 117 . " -signer $smdir/smdsa1.pem -out test.cms",
114 "-verify -in test.cms -inform DER " 118 "-verify -in test.cms -inform \"DER\" "
115 . " -CAfile $smdir/smroot.pem -out smtst.txt" 119 . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt"
116 ], 120 ],
117 121
118 [ 122 [
119 "signed detached content DER format, DSA key", 123 "signed detached content DER format, DSA key",
120 "-sign -in smcont.txt -outform DER" 124 "-sign -in smcont.txt -outform \"DER\""
121 . " -signer $smdir/smdsa1.pem -out test.cms", 125 . " -signer $smdir/smdsa1.pem -out test.cms",
122 "-verify -in test.cms -inform DER " 126 "-verify -in test.cms -inform \"DER\" "
123 . " -CAfile $smdir/smroot.pem -out smtst.txt -content smcont.txt" 127 . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt -content smcont.txt"
124 ], 128 ],
125 129
126 [ 130 [
127 "signed detached content DER format, add RSA signer", 131 "signed detached content DER format, add RSA signer",
128 "-resign -inform DER -in test.cms -outform DER" 132 "-resign -inform \"DER\" -in test.cms -outform \"DER\""
129 . " -signer $smdir/smrsa1.pem -out test2.cms", 133 . " -signer $smdir/smrsa1.pem -out test2.cms",
130 "-verify -in test2.cms -inform DER " 134 "-verify -in test2.cms -inform \"DER\" "
131 . " -CAfile $smdir/smroot.pem -out smtst.txt -content smcont.txt" 135 . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt -content smcont.txt"
132 ], 136 ],
133 137
134 [ 138 [
135 "signed content test streaming BER format, DSA key", 139 "signed content test streaming BER format, DSA key",
136 "-sign -in smcont.txt -outform DER -nodetach" 140 "-sign -in smcont.txt -outform \"DER\" -nodetach"
137 . " -stream -signer $smdir/smdsa1.pem -out test.cms", 141 . " -stream -signer $smdir/smdsa1.pem -out test.cms",
138 "-verify -in test.cms -inform DER " 142 "-verify -in test.cms -inform \"DER\" "
139 . " -CAfile $smdir/smroot.pem -out smtst.txt" 143 . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt"
140 ], 144 ],
141 145
142 [ 146 [
143 "signed content test streaming BER format, 2 DSA and 2 RSA keys", 147 "signed content test streaming BER format, 2 DSA and 2 RSA keys",
144 "-sign -in smcont.txt -outform DER -nodetach" 148 "-sign -in smcont.txt -outform \"DER\" -nodetach"
145 . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem" 149 . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem"
146 . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem" 150 . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem"
147 . " -stream -out test.cms", 151 . " -stream -out test.cms",
148 "-verify -in test.cms -inform DER " 152 "-verify -in test.cms -inform \"DER\" "
149 . " -CAfile $smdir/smroot.pem -out smtst.txt" 153 . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt"
150 ], 154 ],
151 155
152 [ 156 [
153"signed content test streaming BER format, 2 DSA and 2 RSA keys, no attributes", 157"signed content test streaming BER format, 2 DSA and 2 RSA keys, no attributes",
154 "-sign -in smcont.txt -outform DER -noattr -nodetach" 158 "-sign -in smcont.txt -outform \"DER\" -noattr -nodetach"
155 . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem" 159 . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem"
156 . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem" 160 . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem"
157 . " -stream -out test.cms", 161 . " -stream -out test.cms",
158 "-verify -in test.cms -inform DER " 162 "-verify -in test.cms -inform \"DER\" "
159 . " -CAfile $smdir/smroot.pem -out smtst.txt" 163 . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt"
160 ], 164 ],
161 165
162 [ 166 [
@@ -165,7 +169,7 @@ my @smime_pkcs7_tests = (
165 . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem" 169 . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem"
166 . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem" 170 . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem"
167 . " -stream -out test.cms", 171 . " -stream -out test.cms",
168 "-verify -in test.cms " . " -CAfile $smdir/smroot.pem -out smtst.txt" 172 "-verify -in test.cms " . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt"
169 ], 173 ],
170 174
171 [ 175 [
@@ -174,7 +178,7 @@ my @smime_pkcs7_tests = (
174 . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem" 178 . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem"
175 . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem" 179 . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem"
176 . " -stream -out test.cms", 180 . " -stream -out test.cms",
177 "-verify -in test.cms " . " -CAfile $smdir/smroot.pem -out smtst.txt" 181 "-verify -in test.cms " . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt"
178 ], 182 ],
179 183
180 [ 184 [
@@ -215,12 +219,12 @@ my @smime_cms_tests = (
215 219
216 [ 220 [
217 "signed content test streaming BER format, 2 DSA and 2 RSA keys, keyid", 221 "signed content test streaming BER format, 2 DSA and 2 RSA keys, keyid",
218 "-sign -in smcont.txt -outform DER -nodetach -keyid" 222 "-sign -in smcont.txt -outform \"DER\" -nodetach -keyid"
219 . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem" 223 . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem"
220 . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem" 224 . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem"
221 . " -stream -out test.cms", 225 . " -stream -out test.cms",
222 "-verify -in test.cms -inform DER " 226 "-verify -in test.cms -inform \"DER\" "
223 . " -CAfile $smdir/smroot.pem -out smtst.txt" 227 . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt"
224 ], 228 ],
225 229
226 [ 230 [
@@ -230,7 +234,7 @@ my @smime_cms_tests = (
230 . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem" 234 . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem"
231 . " -stream -out test.cms", 235 . " -stream -out test.cms",
232 "-verify -in test.cms -inform PEM " 236 "-verify -in test.cms -inform PEM "
233 . " -CAfile $smdir/smroot.pem -out smtst.txt" 237 . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt"
234 ], 238 ],
235 239
236 [ 240 [
@@ -239,7 +243,7 @@ my @smime_cms_tests = (
239 . " -receipt_request_to test\@openssl.org -receipt_request_all" 243 . " -receipt_request_to test\@openssl.org -receipt_request_all"
240 . " -out test.cms", 244 . " -out test.cms",
241 "-verify -in test.cms " 245 "-verify -in test.cms "
242 . " -CAfile $smdir/smroot.pem -out smtst.txt" 246 . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt"
243 ], 247 ],
244 248
245 [ 249 [
@@ -248,7 +252,7 @@ my @smime_cms_tests = (
248 . " -signer $smdir/smrsa2.pem" 252 . " -signer $smdir/smrsa2.pem"
249 . " -out test2.cms", 253 . " -out test2.cms",
250 "-verify_receipt test2.cms -in test.cms" 254 "-verify_receipt test2.cms -in test.cms"
251 . " -CAfile $smdir/smroot.pem" 255 . " \"-CAfile\" $smdir/smroot.pem"
252 ], 256 ],
253 257
254 [ 258 [
@@ -289,38 +293,38 @@ my @smime_cms_tests = (
289 293
290 [ 294 [
291 "encrypted content test streaming PEM format, 128 bit RC2 key", 295 "encrypted content test streaming PEM format, 128 bit RC2 key",
292 "-EncryptedData_encrypt -in smcont.txt -outform PEM" 296 "\"-EncryptedData_encrypt\" -in smcont.txt -outform PEM"
293 . " -rc2 -secretkey 000102030405060708090A0B0C0D0E0F" 297 . " -rc2 -secretkey 000102030405060708090A0B0C0D0E0F"
294 . " -stream -out test.cms", 298 . " -stream -out test.cms",
295 "-EncryptedData_decrypt -in test.cms -inform PEM " 299 "\"-EncryptedData_decrypt\" -in test.cms -inform PEM "
296 . " -secretkey 000102030405060708090A0B0C0D0E0F -out smtst.txt" 300 . " -secretkey 000102030405060708090A0B0C0D0E0F -out smtst.txt"
297 ], 301 ],
298 302
299 [ 303 [
300 "encrypted content test streaming PEM format, 40 bit RC2 key", 304 "encrypted content test streaming PEM format, 40 bit RC2 key",
301 "-EncryptedData_encrypt -in smcont.txt -outform PEM" 305 "\"-EncryptedData_encrypt\" -in smcont.txt -outform PEM"
302 . " -rc2 -secretkey 0001020304" 306 . " -rc2 -secretkey 0001020304"
303 . " -stream -out test.cms", 307 . " -stream -out test.cms",
304 "-EncryptedData_decrypt -in test.cms -inform PEM " 308 "\"-EncryptedData_decrypt\" -in test.cms -inform PEM "
305 . " -secretkey 0001020304 -out smtst.txt" 309 . " -secretkey 0001020304 -out smtst.txt"
306 ], 310 ],
307 311
308 [ 312 [
309 "encrypted content test streaming PEM format, triple DES key", 313 "encrypted content test streaming PEM format, triple DES key",
310 "-EncryptedData_encrypt -in smcont.txt -outform PEM" 314 "\"-EncryptedData_encrypt\" -in smcont.txt -outform PEM"
311 . " -des3 -secretkey 000102030405060708090A0B0C0D0E0F1011121314151617" 315 . " -des3 -secretkey 000102030405060708090A0B0C0D0E0F1011121314151617"
312 . " -stream -out test.cms", 316 . " -stream -out test.cms",
313 "-EncryptedData_decrypt -in test.cms -inform PEM " 317 "\"-EncryptedData_decrypt\" -in test.cms -inform PEM "
314 . " -secretkey 000102030405060708090A0B0C0D0E0F1011121314151617" 318 . " -secretkey 000102030405060708090A0B0C0D0E0F1011121314151617"
315 . " -out smtst.txt" 319 . " -out smtst.txt"
316 ], 320 ],
317 321
318 [ 322 [
319 "encrypted content test streaming PEM format, 128 bit AES key", 323 "encrypted content test streaming PEM format, 128 bit AES key",
320 "-EncryptedData_encrypt -in smcont.txt -outform PEM" 324 "\"-EncryptedData_encrypt\" -in smcont.txt -outform PEM"
321 . " -aes128 -secretkey 000102030405060708090A0B0C0D0E0F" 325 . " -aes128 -secretkey 000102030405060708090A0B0C0D0E0F"
322 . " -stream -out test.cms", 326 . " -stream -out test.cms",
323 "-EncryptedData_decrypt -in test.cms -inform PEM " 327 "\"-EncryptedData_decrypt\" -in test.cms -inform PEM "
324 . " -secretkey 000102030405060708090A0B0C0D0E0F -out smtst.txt" 328 . " -secretkey 000102030405060708090A0B0C0D0E0F -out smtst.txt"
325 ], 329 ],
326 330