diff options
Diffstat (limited to 'src/lib/libssl')
| -rw-r--r-- | src/lib/libssl/d1_both.c | 23 | ||||
| -rw-r--r-- | src/lib/libssl/d1_lib.c | 9 | ||||
| -rw-r--r-- | src/lib/libssl/d1_pkt.c | 26 | ||||
| -rw-r--r-- | src/lib/libssl/d1_srvr.c | 2 | ||||
| -rw-r--r-- | src/lib/libssl/doc/openssl.cnf | 2 | ||||
| -rw-r--r-- | src/lib/libssl/s3_clnt.c | 6 | ||||
| -rw-r--r-- | src/lib/libssl/s3_lib.c | 3 | ||||
| -rw-r--r-- | src/lib/libssl/s3_srvr.c | 11 | ||||
| -rw-r--r-- | src/lib/libssl/ssl.h | 2 | ||||
| -rw-r--r-- | src/lib/libssl/ssl3.h | 11 | ||||
| -rw-r--r-- | src/lib/libssl/ssl_ciph.c | 1 | ||||
| -rw-r--r-- | src/lib/libssl/ssl_err.c | 4 | ||||
| -rw-r--r-- | src/lib/libssl/ssl_lib.c | 3 | ||||
| -rw-r--r-- | src/lib/libssl/ssl_locl.h | 1 | ||||
| -rw-r--r-- | src/lib/libssl/t1_lib.c | 6 | ||||
| -rw-r--r-- | src/lib/libssl/test/testssl | 8 |
16 files changed, 90 insertions, 28 deletions
diff --git a/src/lib/libssl/d1_both.c b/src/lib/libssl/d1_both.c index 2180c6d4da..9f898d6997 100644 --- a/src/lib/libssl/d1_both.c +++ b/src/lib/libssl/d1_both.c | |||
| @@ -158,7 +158,6 @@ static unsigned char bitmask_end_values[] = {0xff, 0x01, 0x03, 0x07, 0x0f, 0x1 | |||
| 158 | /* XDTLS: figure out the right values */ | 158 | /* XDTLS: figure out the right values */ |
| 159 | static unsigned int g_probable_mtu[] = {1500 - 28, 512 - 28, 256 - 28}; | 159 | static unsigned int g_probable_mtu[] = {1500 - 28, 512 - 28, 256 - 28}; |
| 160 | 160 | ||
| 161 | static unsigned int dtls1_min_mtu(void); | ||
| 162 | static unsigned int dtls1_guess_mtu(unsigned int curr_mtu); | 161 | static unsigned int dtls1_guess_mtu(unsigned int curr_mtu); |
| 163 | static void dtls1_fix_message_header(SSL *s, unsigned long frag_off, | 162 | static void dtls1_fix_message_header(SSL *s, unsigned long frag_off, |
| 164 | unsigned long frag_len); | 163 | unsigned long frag_len); |
| @@ -264,11 +263,10 @@ int dtls1_do_write(SSL *s, int type) | |||
| 264 | return ret; | 263 | return ret; |
| 265 | mtu = s->d1->mtu - (DTLS1_HM_HEADER_LENGTH + DTLS1_RT_HEADER_LENGTH); | 264 | mtu = s->d1->mtu - (DTLS1_HM_HEADER_LENGTH + DTLS1_RT_HEADER_LENGTH); |
| 266 | } | 265 | } |
| 267 | |||
| 268 | OPENSSL_assert(mtu > 0); /* should have something reasonable now */ | ||
| 269 | |||
| 270 | #endif | 266 | #endif |
| 271 | 267 | ||
| 268 | OPENSSL_assert(s->d1->mtu >= dtls1_min_mtu()); /* should have something reasonable now */ | ||
| 269 | |||
| 272 | if ( s->init_off == 0 && type == SSL3_RT_HANDSHAKE) | 270 | if ( s->init_off == 0 && type == SSL3_RT_HANDSHAKE) |
| 273 | OPENSSL_assert(s->init_num == | 271 | OPENSSL_assert(s->init_num == |
| 274 | (int)s->d1->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH); | 272 | (int)s->d1->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH); |
| @@ -795,7 +793,13 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok) | |||
| 795 | *ok = 0; | 793 | *ok = 0; |
| 796 | return i; | 794 | return i; |
| 797 | } | 795 | } |
| 798 | OPENSSL_assert(i == DTLS1_HM_HEADER_LENGTH); | 796 | /* Handshake fails if message header is incomplete */ |
| 797 | if (i != DTLS1_HM_HEADER_LENGTH) | ||
| 798 | { | ||
| 799 | al=SSL_AD_UNEXPECTED_MESSAGE; | ||
| 800 | SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT,SSL_R_UNEXPECTED_MESSAGE); | ||
| 801 | goto f_err; | ||
| 802 | } | ||
| 799 | 803 | ||
| 800 | /* parse the message fragment header */ | 804 | /* parse the message fragment header */ |
| 801 | dtls1_get_message_header(wire, &msg_hdr); | 805 | dtls1_get_message_header(wire, &msg_hdr); |
| @@ -867,7 +871,12 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok) | |||
| 867 | 871 | ||
| 868 | /* XDTLS: an incorrectly formatted fragment should cause the | 872 | /* XDTLS: an incorrectly formatted fragment should cause the |
| 869 | * handshake to fail */ | 873 | * handshake to fail */ |
| 870 | OPENSSL_assert(i == (int)frag_len); | 874 | if (i != (int)frag_len) |
| 875 | { | ||
| 876 | al=SSL3_AD_ILLEGAL_PARAMETER; | ||
| 877 | SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT,SSL3_AD_ILLEGAL_PARAMETER); | ||
| 878 | goto f_err; | ||
| 879 | } | ||
| 871 | 880 | ||
| 872 | *ok = 1; | 881 | *ok = 1; |
| 873 | 882 | ||
| @@ -1367,7 +1376,7 @@ dtls1_write_message_header(SSL *s, unsigned char *p) | |||
| 1367 | return p; | 1376 | return p; |
| 1368 | } | 1377 | } |
| 1369 | 1378 | ||
| 1370 | static unsigned int | 1379 | unsigned int |
| 1371 | dtls1_min_mtu(void) | 1380 | dtls1_min_mtu(void) |
| 1372 | { | 1381 | { |
| 1373 | return (g_probable_mtu[(sizeof(g_probable_mtu) / | 1382 | return (g_probable_mtu[(sizeof(g_probable_mtu) / |
diff --git a/src/lib/libssl/d1_lib.c b/src/lib/libssl/d1_lib.c index 48e8b6ffbb..c3b77c889b 100644 --- a/src/lib/libssl/d1_lib.c +++ b/src/lib/libssl/d1_lib.c | |||
| @@ -204,7 +204,8 @@ void dtls1_clear(SSL *s) | |||
| 204 | pqueue buffered_messages; | 204 | pqueue buffered_messages; |
| 205 | pqueue sent_messages; | 205 | pqueue sent_messages; |
| 206 | pqueue buffered_app_data; | 206 | pqueue buffered_app_data; |
| 207 | 207 | unsigned int mtu; | |
| 208 | |||
| 208 | if (s->d1) | 209 | if (s->d1) |
| 209 | { | 210 | { |
| 210 | unprocessed_rcds = s->d1->unprocessed_rcds.q; | 211 | unprocessed_rcds = s->d1->unprocessed_rcds.q; |
| @@ -212,6 +213,7 @@ void dtls1_clear(SSL *s) | |||
| 212 | buffered_messages = s->d1->buffered_messages; | 213 | buffered_messages = s->d1->buffered_messages; |
| 213 | sent_messages = s->d1->sent_messages; | 214 | sent_messages = s->d1->sent_messages; |
| 214 | buffered_app_data = s->d1->buffered_app_data.q; | 215 | buffered_app_data = s->d1->buffered_app_data.q; |
| 216 | mtu = s->d1->mtu; | ||
| 215 | 217 | ||
| 216 | dtls1_clear_queues(s); | 218 | dtls1_clear_queues(s); |
| 217 | 219 | ||
| @@ -222,6 +224,11 @@ void dtls1_clear(SSL *s) | |||
| 222 | s->d1->cookie_len = sizeof(s->d1->cookie); | 224 | s->d1->cookie_len = sizeof(s->d1->cookie); |
| 223 | } | 225 | } |
| 224 | 226 | ||
| 227 | if (SSL_get_options(s) & SSL_OP_NO_QUERY_MTU) | ||
| 228 | { | ||
| 229 | s->d1->mtu = mtu; | ||
| 230 | } | ||
| 231 | |||
| 225 | s->d1->unprocessed_rcds.q = unprocessed_rcds; | 232 | s->d1->unprocessed_rcds.q = unprocessed_rcds; |
| 226 | s->d1->processed_rcds.q = processed_rcds; | 233 | s->d1->processed_rcds.q = processed_rcds; |
| 227 | s->d1->buffered_messages = buffered_messages; | 234 | s->d1->buffered_messages = buffered_messages; |
diff --git a/src/lib/libssl/d1_pkt.c b/src/lib/libssl/d1_pkt.c index 39aac73e10..e0c0f0cc9a 100644 --- a/src/lib/libssl/d1_pkt.c +++ b/src/lib/libssl/d1_pkt.c | |||
| @@ -375,6 +375,7 @@ dtls1_process_record(SSL *s) | |||
| 375 | SSL3_RECORD *rr; | 375 | SSL3_RECORD *rr; |
| 376 | unsigned int mac_size; | 376 | unsigned int mac_size; |
| 377 | unsigned char md[EVP_MAX_MD_SIZE]; | 377 | unsigned char md[EVP_MAX_MD_SIZE]; |
| 378 | int decryption_failed_or_bad_record_mac = 0; | ||
| 378 | 379 | ||
| 379 | 380 | ||
| 380 | rr= &(s->s3->rrec); | 381 | rr= &(s->s3->rrec); |
| @@ -409,13 +410,10 @@ dtls1_process_record(SSL *s) | |||
| 409 | enc_err = s->method->ssl3_enc->enc(s,0); | 410 | enc_err = s->method->ssl3_enc->enc(s,0); |
| 410 | if (enc_err <= 0) | 411 | if (enc_err <= 0) |
| 411 | { | 412 | { |
| 412 | /* decryption failed, silently discard message */ | 413 | /* To minimize information leaked via timing, we will always |
| 413 | if (enc_err < 0) | 414 | * perform all computations before discarding the message. |
| 414 | { | 415 | */ |
| 415 | rr->length = 0; | 416 | decryption_failed_or_bad_record_mac = 1; |
| 416 | s->packet_length = 0; | ||
| 417 | } | ||
| 418 | goto err; | ||
| 419 | } | 417 | } |
| 420 | 418 | ||
| 421 | #ifdef TLS_DEBUG | 419 | #ifdef TLS_DEBUG |
| @@ -445,7 +443,7 @@ printf("\n"); | |||
| 445 | SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_PRE_MAC_LENGTH_TOO_LONG); | 443 | SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_PRE_MAC_LENGTH_TOO_LONG); |
| 446 | goto f_err; | 444 | goto f_err; |
| 447 | #else | 445 | #else |
| 448 | goto err; | 446 | decryption_failed_or_bad_record_mac = 1; |
| 449 | #endif | 447 | #endif |
| 450 | } | 448 | } |
| 451 | /* check the MAC for rr->input (it's in mac_size bytes at the tail) */ | 449 | /* check the MAC for rr->input (it's in mac_size bytes at the tail) */ |
| @@ -456,17 +454,25 @@ printf("\n"); | |||
| 456 | SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_LENGTH_TOO_SHORT); | 454 | SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_LENGTH_TOO_SHORT); |
| 457 | goto f_err; | 455 | goto f_err; |
| 458 | #else | 456 | #else |
| 459 | goto err; | 457 | decryption_failed_or_bad_record_mac = 1; |
| 460 | #endif | 458 | #endif |
| 461 | } | 459 | } |
| 462 | rr->length-=mac_size; | 460 | rr->length-=mac_size; |
| 463 | i=s->method->ssl3_enc->mac(s,md,0); | 461 | i=s->method->ssl3_enc->mac(s,md,0); |
| 464 | if (i < 0 || memcmp(md,&(rr->data[rr->length]),mac_size) != 0) | 462 | if (i < 0 || memcmp(md,&(rr->data[rr->length]),mac_size) != 0) |
| 465 | { | 463 | { |
| 466 | goto err; | 464 | decryption_failed_or_bad_record_mac = 1; |
| 467 | } | 465 | } |
| 468 | } | 466 | } |
| 469 | 467 | ||
| 468 | if (decryption_failed_or_bad_record_mac) | ||
| 469 | { | ||
| 470 | /* decryption failed, silently discard message */ | ||
| 471 | rr->length = 0; | ||
| 472 | s->packet_length = 0; | ||
| 473 | goto err; | ||
| 474 | } | ||
| 475 | |||
| 470 | /* r->length is now just compressed */ | 476 | /* r->length is now just compressed */ |
| 471 | if (s->expand != NULL) | 477 | if (s->expand != NULL) |
| 472 | { | 478 | { |
diff --git a/src/lib/libssl/d1_srvr.c b/src/lib/libssl/d1_srvr.c index a6a4c87ea6..149983be30 100644 --- a/src/lib/libssl/d1_srvr.c +++ b/src/lib/libssl/d1_srvr.c | |||
| @@ -1271,7 +1271,7 @@ int dtls1_send_server_key_exchange(SSL *s) | |||
| 1271 | EVP_SignInit_ex(&md_ctx,EVP_ecdsa(), NULL); | 1271 | EVP_SignInit_ex(&md_ctx,EVP_ecdsa(), NULL); |
| 1272 | EVP_SignUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); | 1272 | EVP_SignUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); |
| 1273 | EVP_SignUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE); | 1273 | EVP_SignUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE); |
| 1274 | EVP_SignUpdate(&md_ctx,&(d[4]),n); | 1274 | EVP_SignUpdate(&md_ctx,&(d[DTLS1_HM_HEADER_LENGTH]),n); |
| 1275 | if (!EVP_SignFinal(&md_ctx,&(p[2]), | 1275 | if (!EVP_SignFinal(&md_ctx,&(p[2]), |
| 1276 | (unsigned int *)&i,pkey)) | 1276 | (unsigned int *)&i,pkey)) |
| 1277 | { | 1277 | { |
diff --git a/src/lib/libssl/doc/openssl.cnf b/src/lib/libssl/doc/openssl.cnf index 9d2cd5bfa5..18760c6e67 100644 --- a/src/lib/libssl/doc/openssl.cnf +++ b/src/lib/libssl/doc/openssl.cnf | |||
| @@ -145,7 +145,7 @@ localityName = Locality Name (eg, city) | |||
| 145 | organizationalUnitName = Organizational Unit Name (eg, section) | 145 | organizationalUnitName = Organizational Unit Name (eg, section) |
| 146 | #organizationalUnitName_default = | 146 | #organizationalUnitName_default = |
| 147 | 147 | ||
| 148 | commonName = Common Name (eg, YOUR name) | 148 | commonName = Common Name (e.g. server FQDN or YOUR name) |
| 149 | commonName_max = 64 | 149 | commonName_max = 64 |
| 150 | 150 | ||
| 151 | emailAddress = Email Address | 151 | emailAddress = Email Address |
diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c index 50bd415b56..53223bd38d 100644 --- a/src/lib/libssl/s3_clnt.c +++ b/src/lib/libssl/s3_clnt.c | |||
| @@ -953,7 +953,7 @@ int ssl3_get_server_hello(SSL *s) | |||
| 953 | /* wrong packet length */ | 953 | /* wrong packet length */ |
| 954 | al=SSL_AD_DECODE_ERROR; | 954 | al=SSL_AD_DECODE_ERROR; |
| 955 | SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_BAD_PACKET_LENGTH); | 955 | SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_BAD_PACKET_LENGTH); |
| 956 | goto err; | 956 | goto f_err; |
| 957 | } | 957 | } |
| 958 | 958 | ||
| 959 | return(1); | 959 | return(1); |
| @@ -1837,7 +1837,7 @@ int ssl3_get_new_session_ticket(SSL *s) | |||
| 1837 | if (n < 6) | 1837 | if (n < 6) |
| 1838 | { | 1838 | { |
| 1839 | /* need at least ticket_lifetime_hint + ticket length */ | 1839 | /* need at least ticket_lifetime_hint + ticket length */ |
| 1840 | al = SSL3_AL_FATAL,SSL_AD_DECODE_ERROR; | 1840 | al = SSL_AD_DECODE_ERROR; |
| 1841 | SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,SSL_R_LENGTH_MISMATCH); | 1841 | SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,SSL_R_LENGTH_MISMATCH); |
| 1842 | goto f_err; | 1842 | goto f_err; |
| 1843 | } | 1843 | } |
| @@ -1848,7 +1848,7 @@ int ssl3_get_new_session_ticket(SSL *s) | |||
| 1848 | /* ticket_lifetime_hint + ticket_length + ticket */ | 1848 | /* ticket_lifetime_hint + ticket_length + ticket */ |
| 1849 | if (ticklen + 6 != n) | 1849 | if (ticklen + 6 != n) |
| 1850 | { | 1850 | { |
| 1851 | al = SSL3_AL_FATAL,SSL_AD_DECODE_ERROR; | 1851 | al = SSL_AD_DECODE_ERROR; |
| 1852 | SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,SSL_R_LENGTH_MISMATCH); | 1852 | SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,SSL_R_LENGTH_MISMATCH); |
| 1853 | goto f_err; | 1853 | goto f_err; |
| 1854 | } | 1854 | } |
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c index 62c791cb72..1130244aeb 100644 --- a/src/lib/libssl/s3_lib.c +++ b/src/lib/libssl/s3_lib.c | |||
| @@ -2177,6 +2177,7 @@ void ssl3_clear(SSL *s) | |||
| 2177 | { | 2177 | { |
| 2178 | unsigned char *rp,*wp; | 2178 | unsigned char *rp,*wp; |
| 2179 | size_t rlen, wlen; | 2179 | size_t rlen, wlen; |
| 2180 | int init_extra; | ||
| 2180 | 2181 | ||
| 2181 | #ifdef TLSEXT_TYPE_opaque_prf_input | 2182 | #ifdef TLSEXT_TYPE_opaque_prf_input |
| 2182 | if (s->s3->client_opaque_prf_input != NULL) | 2183 | if (s->s3->client_opaque_prf_input != NULL) |
| @@ -2215,6 +2216,7 @@ void ssl3_clear(SSL *s) | |||
| 2215 | wp = s->s3->wbuf.buf; | 2216 | wp = s->s3->wbuf.buf; |
| 2216 | rlen = s->s3->rbuf.len; | 2217 | rlen = s->s3->rbuf.len; |
| 2217 | wlen = s->s3->wbuf.len; | 2218 | wlen = s->s3->wbuf.len; |
| 2219 | init_extra = s->s3->init_extra; | ||
| 2218 | if (s->s3->handshake_buffer) { | 2220 | if (s->s3->handshake_buffer) { |
| 2219 | BIO_free(s->s3->handshake_buffer); | 2221 | BIO_free(s->s3->handshake_buffer); |
| 2220 | s->s3->handshake_buffer = NULL; | 2222 | s->s3->handshake_buffer = NULL; |
| @@ -2227,6 +2229,7 @@ void ssl3_clear(SSL *s) | |||
| 2227 | s->s3->wbuf.buf = wp; | 2229 | s->s3->wbuf.buf = wp; |
| 2228 | s->s3->rbuf.len = rlen; | 2230 | s->s3->rbuf.len = rlen; |
| 2229 | s->s3->wbuf.len = wlen; | 2231 | s->s3->wbuf.len = wlen; |
| 2232 | s->s3->init_extra = init_extra; | ||
| 2230 | 2233 | ||
| 2231 | ssl_free_wbio_buffer(s); | 2234 | ssl_free_wbio_buffer(s); |
| 2232 | 2235 | ||
diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c index c3b5ff33ff..d734c359fb 100644 --- a/src/lib/libssl/s3_srvr.c +++ b/src/lib/libssl/s3_srvr.c | |||
| @@ -258,6 +258,7 @@ int ssl3_accept(SSL *s) | |||
| 258 | } | 258 | } |
| 259 | 259 | ||
| 260 | s->init_num=0; | 260 | s->init_num=0; |
| 261 | s->s3->flags &= ~SSL3_FLAGS_SGC_RESTART_DONE; | ||
| 261 | 262 | ||
| 262 | if (s->state != SSL_ST_RENEGOTIATE) | 263 | if (s->state != SSL_ST_RENEGOTIATE) |
| 263 | { | 264 | { |
| @@ -755,6 +756,14 @@ int ssl3_check_client_hello(SSL *s) | |||
| 755 | int ok; | 756 | int ok; |
| 756 | long n; | 757 | long n; |
| 757 | 758 | ||
| 759 | /* We only allow the client to restart the handshake once per | ||
| 760 | * negotiation. */ | ||
| 761 | if (s->s3->flags & SSL3_FLAGS_SGC_RESTART_DONE) | ||
| 762 | { | ||
| 763 | SSLerr(SSL_F_SSL3_CHECK_CLIENT_HELLO, SSL_R_MULTIPLE_SGC_RESTARTS); | ||
| 764 | return -1; | ||
| 765 | } | ||
| 766 | |||
| 758 | /* this function is called when we really expect a Certificate message, | 767 | /* this function is called when we really expect a Certificate message, |
| 759 | * so permit appropriate message length */ | 768 | * so permit appropriate message length */ |
| 760 | n=s->method->ssl_get_message(s, | 769 | n=s->method->ssl_get_message(s, |
| @@ -783,6 +792,7 @@ int ssl3_check_client_hello(SSL *s) | |||
| 783 | s->s3->tmp.ecdh = NULL; | 792 | s->s3->tmp.ecdh = NULL; |
| 784 | } | 793 | } |
| 785 | #endif | 794 | #endif |
| 795 | s->s3->flags |= SSL3_FLAGS_SGC_RESTART_DONE; | ||
| 786 | return 2; | 796 | return 2; |
| 787 | } | 797 | } |
| 788 | return 1; | 798 | return 1; |
| @@ -2130,6 +2140,7 @@ int ssl3_get_client_key_exchange(SSL *s) | |||
| 2130 | if (i <= 0) | 2140 | if (i <= 0) |
| 2131 | { | 2141 | { |
| 2132 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB); | 2142 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB); |
| 2143 | BN_clear_free(pub); | ||
| 2133 | goto err; | 2144 | goto err; |
| 2134 | } | 2145 | } |
| 2135 | 2146 | ||
diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h index e4c3f65010..8f922eea72 100644 --- a/src/lib/libssl/ssl.h +++ b/src/lib/libssl/ssl.h | |||
| @@ -1882,6 +1882,7 @@ void ERR_load_SSL_strings(void); | |||
| 1882 | #define SSL_F_SSL3_CALLBACK_CTRL 233 | 1882 | #define SSL_F_SSL3_CALLBACK_CTRL 233 |
| 1883 | #define SSL_F_SSL3_CHANGE_CIPHER_STATE 129 | 1883 | #define SSL_F_SSL3_CHANGE_CIPHER_STATE 129 |
| 1884 | #define SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM 130 | 1884 | #define SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM 130 |
| 1885 | #define SSL_F_SSL3_CHECK_CLIENT_HELLO 304 | ||
| 1885 | #define SSL_F_SSL3_CLIENT_HELLO 131 | 1886 | #define SSL_F_SSL3_CLIENT_HELLO 131 |
| 1886 | #define SSL_F_SSL3_CONNECT 132 | 1887 | #define SSL_F_SSL3_CONNECT 132 |
| 1887 | #define SSL_F_SSL3_CTRL 213 | 1888 | #define SSL_F_SSL3_CTRL 213 |
| @@ -2139,6 +2140,7 @@ void ERR_load_SSL_strings(void); | |||
| 2139 | #define SSL_R_MISSING_TMP_RSA_KEY 172 | 2140 | #define SSL_R_MISSING_TMP_RSA_KEY 172 |
| 2140 | #define SSL_R_MISSING_TMP_RSA_PKEY 173 | 2141 | #define SSL_R_MISSING_TMP_RSA_PKEY 173 |
| 2141 | #define SSL_R_MISSING_VERIFY_MESSAGE 174 | 2142 | #define SSL_R_MISSING_VERIFY_MESSAGE 174 |
| 2143 | #define SSL_R_MULTIPLE_SGC_RESTARTS 346 | ||
| 2142 | #define SSL_R_NON_SSLV2_INITIAL_PACKET 175 | 2144 | #define SSL_R_NON_SSLV2_INITIAL_PACKET 175 |
| 2143 | #define SSL_R_NO_CERTIFICATES_RETURNED 176 | 2145 | #define SSL_R_NO_CERTIFICATES_RETURNED 176 |
| 2144 | #define SSL_R_NO_CERTIFICATE_ASSIGNED 177 | 2146 | #define SSL_R_NO_CERTIFICATE_ASSIGNED 177 |
diff --git a/src/lib/libssl/ssl3.h b/src/lib/libssl/ssl3.h index baaa89e717..9c2c41287a 100644 --- a/src/lib/libssl/ssl3.h +++ b/src/lib/libssl/ssl3.h | |||
| @@ -379,6 +379,17 @@ typedef struct ssl3_buffer_st | |||
| 379 | #define SSL3_FLAGS_POP_BUFFER 0x0004 | 379 | #define SSL3_FLAGS_POP_BUFFER 0x0004 |
| 380 | #define TLS1_FLAGS_TLS_PADDING_BUG 0x0008 | 380 | #define TLS1_FLAGS_TLS_PADDING_BUG 0x0008 |
| 381 | #define TLS1_FLAGS_SKIP_CERT_VERIFY 0x0010 | 381 | #define TLS1_FLAGS_SKIP_CERT_VERIFY 0x0010 |
| 382 | |||
| 383 | /* SSL3_FLAGS_SGC_RESTART_DONE is set when we | ||
| 384 | * restart a handshake because of MS SGC and so prevents us | ||
| 385 | * from restarting the handshake in a loop. It's reset on a | ||
| 386 | * renegotiation, so effectively limits the client to one restart | ||
| 387 | * per negotiation. This limits the possibility of a DDoS | ||
| 388 | * attack where the client handshakes in a loop using SGC to | ||
| 389 | * restart. Servers which permit renegotiation can still be | ||
| 390 | * effected, but we can't prevent that. | ||
| 391 | */ | ||
| 392 | #define SSL3_FLAGS_SGC_RESTART_DONE 0x0040 | ||
| 382 | 393 | ||
| 383 | typedef struct ssl3_state_st | 394 | typedef struct ssl3_state_st |
| 384 | { | 395 | { |
diff --git a/src/lib/libssl/ssl_ciph.c b/src/lib/libssl/ssl_ciph.c index a8ce186b78..54ba7ef5b4 100644 --- a/src/lib/libssl/ssl_ciph.c +++ b/src/lib/libssl/ssl_ciph.c | |||
| @@ -446,6 +446,7 @@ static void load_builtin_compressions(void) | |||
| 446 | sk_SSL_COMP_push(ssl_comp_methods,comp); | 446 | sk_SSL_COMP_push(ssl_comp_methods,comp); |
| 447 | } | 447 | } |
| 448 | } | 448 | } |
| 449 | sk_SSL_COMP_sort(ssl_comp_methods); | ||
| 449 | } | 450 | } |
| 450 | MemCheck_on(); | 451 | MemCheck_on(); |
| 451 | } | 452 | } |
diff --git a/src/lib/libssl/ssl_err.c b/src/lib/libssl/ssl_err.c index 0eed464749..e9be77109f 100644 --- a/src/lib/libssl/ssl_err.c +++ b/src/lib/libssl/ssl_err.c | |||
| @@ -1,6 +1,6 @@ | |||
| 1 | /* ssl/ssl_err.c */ | 1 | /* ssl/ssl_err.c */ |
| 2 | /* ==================================================================== | 2 | /* ==================================================================== |
| 3 | * Copyright (c) 1999-2009 The OpenSSL Project. All rights reserved. | 3 | * Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved. |
| 4 | * | 4 | * |
| 5 | * Redistribution and use in source and binary forms, with or without | 5 | * Redistribution and use in source and binary forms, with or without |
| 6 | * modification, are permitted provided that the following conditions | 6 | * modification, are permitted provided that the following conditions |
| @@ -137,6 +137,7 @@ static ERR_STRING_DATA SSL_str_functs[]= | |||
| 137 | {ERR_FUNC(SSL_F_SSL3_CALLBACK_CTRL), "SSL3_CALLBACK_CTRL"}, | 137 | {ERR_FUNC(SSL_F_SSL3_CALLBACK_CTRL), "SSL3_CALLBACK_CTRL"}, |
| 138 | {ERR_FUNC(SSL_F_SSL3_CHANGE_CIPHER_STATE), "SSL3_CHANGE_CIPHER_STATE"}, | 138 | {ERR_FUNC(SSL_F_SSL3_CHANGE_CIPHER_STATE), "SSL3_CHANGE_CIPHER_STATE"}, |
| 139 | {ERR_FUNC(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM), "SSL3_CHECK_CERT_AND_ALGORITHM"}, | 139 | {ERR_FUNC(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM), "SSL3_CHECK_CERT_AND_ALGORITHM"}, |
| 140 | {ERR_FUNC(SSL_F_SSL3_CHECK_CLIENT_HELLO), "SSL3_CHECK_CLIENT_HELLO"}, | ||
| 140 | {ERR_FUNC(SSL_F_SSL3_CLIENT_HELLO), "SSL3_CLIENT_HELLO"}, | 141 | {ERR_FUNC(SSL_F_SSL3_CLIENT_HELLO), "SSL3_CLIENT_HELLO"}, |
| 141 | {ERR_FUNC(SSL_F_SSL3_CONNECT), "SSL3_CONNECT"}, | 142 | {ERR_FUNC(SSL_F_SSL3_CONNECT), "SSL3_CONNECT"}, |
| 142 | {ERR_FUNC(SSL_F_SSL3_CTRL), "SSL3_CTRL"}, | 143 | {ERR_FUNC(SSL_F_SSL3_CTRL), "SSL3_CTRL"}, |
| @@ -397,6 +398,7 @@ static ERR_STRING_DATA SSL_str_reasons[]= | |||
| 397 | {ERR_REASON(SSL_R_MISSING_TMP_RSA_KEY) ,"missing tmp rsa key"}, | 398 | {ERR_REASON(SSL_R_MISSING_TMP_RSA_KEY) ,"missing tmp rsa key"}, |
| 398 | {ERR_REASON(SSL_R_MISSING_TMP_RSA_PKEY) ,"missing tmp rsa pkey"}, | 399 | {ERR_REASON(SSL_R_MISSING_TMP_RSA_PKEY) ,"missing tmp rsa pkey"}, |
| 399 | {ERR_REASON(SSL_R_MISSING_VERIFY_MESSAGE),"missing verify message"}, | 400 | {ERR_REASON(SSL_R_MISSING_VERIFY_MESSAGE),"missing verify message"}, |
| 401 | {ERR_REASON(SSL_R_MULTIPLE_SGC_RESTARTS) ,"multiple sgc restarts"}, | ||
| 400 | {ERR_REASON(SSL_R_NON_SSLV2_INITIAL_PACKET),"non sslv2 initial packet"}, | 402 | {ERR_REASON(SSL_R_NON_SSLV2_INITIAL_PACKET),"non sslv2 initial packet"}, |
| 401 | {ERR_REASON(SSL_R_NO_CERTIFICATES_RETURNED),"no certificates returned"}, | 403 | {ERR_REASON(SSL_R_NO_CERTIFICATES_RETURNED),"no certificates returned"}, |
| 402 | {ERR_REASON(SSL_R_NO_CERTIFICATE_ASSIGNED),"no certificate assigned"}, | 404 | {ERR_REASON(SSL_R_NO_CERTIFICATE_ASSIGNED),"no certificate assigned"}, |
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c index 46732791fd..8e89911f48 100644 --- a/src/lib/libssl/ssl_lib.c +++ b/src/lib/libssl/ssl_lib.c | |||
| @@ -1054,6 +1054,9 @@ long SSL_ctrl(SSL *s,int cmd,long larg,void *parg) | |||
| 1054 | s->max_cert_list=larg; | 1054 | s->max_cert_list=larg; |
| 1055 | return(l); | 1055 | return(l); |
| 1056 | case SSL_CTRL_SET_MTU: | 1056 | case SSL_CTRL_SET_MTU: |
| 1057 | if (larg < (long)dtls1_min_mtu()) | ||
| 1058 | return 0; | ||
| 1059 | |||
| 1057 | if (SSL_version(s) == DTLS1_VERSION || | 1060 | if (SSL_version(s) == DTLS1_VERSION || |
| 1058 | SSL_version(s) == DTLS1_BAD_VER) | 1061 | SSL_version(s) == DTLS1_BAD_VER) |
| 1059 | { | 1062 | { |
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h index 4c78393f3f..cea622a2a6 100644 --- a/src/lib/libssl/ssl_locl.h +++ b/src/lib/libssl/ssl_locl.h | |||
| @@ -950,6 +950,7 @@ void dtls1_stop_timer(SSL *s); | |||
| 950 | int dtls1_is_timer_expired(SSL *s); | 950 | int dtls1_is_timer_expired(SSL *s); |
| 951 | void dtls1_double_timeout(SSL *s); | 951 | void dtls1_double_timeout(SSL *s); |
| 952 | int dtls1_send_newsession_ticket(SSL *s); | 952 | int dtls1_send_newsession_ticket(SSL *s); |
| 953 | unsigned int dtls1_min_mtu(void); | ||
| 953 | 954 | ||
| 954 | /* some client-only functions */ | 955 | /* some client-only functions */ |
| 955 | int ssl3_client_hello(SSL *s); | 956 | int ssl3_client_hello(SSL *s); |
diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c index 85371c87b8..26cbae449e 100644 --- a/src/lib/libssl/t1_lib.c +++ b/src/lib/libssl/t1_lib.c | |||
| @@ -971,6 +971,12 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in | |||
| 971 | sdata = data; | 971 | sdata = data; |
| 972 | if (dsize > 0) | 972 | if (dsize > 0) |
| 973 | { | 973 | { |
| 974 | if (s->tlsext_ocsp_exts) | ||
| 975 | { | ||
| 976 | sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts, | ||
| 977 | X509_EXTENSION_free); | ||
| 978 | } | ||
| 979 | |||
| 974 | s->tlsext_ocsp_exts = | 980 | s->tlsext_ocsp_exts = |
| 975 | d2i_X509_EXTENSIONS(NULL, | 981 | d2i_X509_EXTENSIONS(NULL, |
| 976 | &sdata, dsize); | 982 | &sdata, dsize); |
diff --git a/src/lib/libssl/test/testssl b/src/lib/libssl/test/testssl index f9d7c5d65f..b55364ae88 100644 --- a/src/lib/libssl/test/testssl +++ b/src/lib/libssl/test/testssl | |||
| @@ -100,8 +100,8 @@ echo test sslv2/sslv3 via BIO pair | |||
| 100 | $ssltest $extra || exit 1 | 100 | $ssltest $extra || exit 1 |
| 101 | 101 | ||
| 102 | if [ $dsa_cert = NO ]; then | 102 | if [ $dsa_cert = NO ]; then |
| 103 | echo test sslv2/sslv3 w/o DHE via BIO pair | 103 | echo 'test sslv2/sslv3 w/o (EC)DHE via BIO pair' |
| 104 | $ssltest -bio_pair -no_dhe $extra || exit 1 | 104 | $ssltest -bio_pair -no_dhe -no_ecdhe $extra || exit 1 |
| 105 | fi | 105 | fi |
| 106 | 106 | ||
| 107 | echo test sslv2/sslv3 with 1024bit DHE via BIO pair | 107 | echo test sslv2/sslv3 with 1024bit DHE via BIO pair |
| @@ -131,8 +131,8 @@ fi | |||
| 131 | if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then | 131 | if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then |
| 132 | echo skipping RSA tests | 132 | echo skipping RSA tests |
| 133 | else | 133 | else |
| 134 | echo test tls1 with 1024bit RSA, no DHE, multiple handshakes | 134 | echo 'test tls1 with 1024bit RSA, no (EC)DHE, multiple handshakes' |
| 135 | ../util/shlib_wrap.sh ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -no_dhe -num 10 -f -time $extra || exit 1 | 135 | ../util/shlib_wrap.sh ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -no_dhe -no_ecdhe -num 10 -f -time $extra || exit 1 |
| 136 | 136 | ||
| 137 | if ../util/shlib_wrap.sh ../apps/openssl no-dh; then | 137 | if ../util/shlib_wrap.sh ../apps/openssl no-dh; then |
| 138 | echo skipping RSA+DHE tests | 138 | echo skipping RSA+DHE tests |