diff options
Diffstat (limited to '')
| -rw-r--r-- | src/lib/libssl/src/ssl/ssl_lib.c | 26 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/ssl_locl.h | 4 | ||||
| -rw-r--r-- | src/lib/libssl/ssl_lib.c | 26 | ||||
| -rw-r--r-- | src/lib/libssl/ssl_locl.h | 4 | ||||
| -rw-r--r-- | src/regress/lib/libssl/Makefile | 5 | ||||
| -rw-r--r-- | src/regress/lib/libssl/unit/cipher_list.c | 17 |
6 files changed, 59 insertions, 23 deletions
diff --git a/src/lib/libssl/src/ssl/ssl_lib.c b/src/lib/libssl/src/ssl/ssl_lib.c index b5ce2ea5ac..1dd518d0b8 100644 --- a/src/lib/libssl/src/ssl/ssl_lib.c +++ b/src/lib/libssl/src/ssl/ssl_lib.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_lib.c,v 1.103 2015/04/15 16:25:43 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_lib.c,v 1.104 2015/06/28 00:08:27 doug Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -155,6 +155,8 @@ | |||
| 155 | #include <openssl/engine.h> | 155 | #include <openssl/engine.h> |
| 156 | #endif | 156 | #endif |
| 157 | 157 | ||
| 158 | #include "bytestring.h" | ||
| 159 | |||
| 158 | const char *SSL_version_str = OPENSSL_VERSION_TEXT; | 160 | const char *SSL_version_str = OPENSSL_VERSION_TEXT; |
| 159 | 161 | ||
| 160 | SSL3_ENC_METHOD ssl3_undef_enc_method = { | 162 | SSL3_ENC_METHOD ssl3_undef_enc_method = { |
| @@ -1410,19 +1412,21 @@ ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, unsigned char *p) | |||
| 1410 | } | 1412 | } |
| 1411 | 1413 | ||
| 1412 | STACK_OF(SSL_CIPHER) * | 1414 | STACK_OF(SSL_CIPHER) * |
| 1413 | ssl_bytes_to_cipher_list(SSL *s, unsigned char *p, int num) | 1415 | ssl_bytes_to_cipher_list(SSL *s, const unsigned char *p, int num) |
| 1414 | { | 1416 | { |
| 1417 | CBS cbs; | ||
| 1415 | const SSL_CIPHER *c; | 1418 | const SSL_CIPHER *c; |
| 1416 | STACK_OF(SSL_CIPHER) *sk = NULL; | 1419 | STACK_OF(SSL_CIPHER) *sk = NULL; |
| 1417 | int i; | ||
| 1418 | unsigned long cipher_id; | 1420 | unsigned long cipher_id; |
| 1419 | uint16_t cipher_value; | 1421 | uint16_t cipher_value, max_version; |
| 1420 | uint16_t max_version; | ||
| 1421 | 1422 | ||
| 1422 | if (s->s3) | 1423 | if (s->s3) |
| 1423 | s->s3->send_connection_binding = 0; | 1424 | s->s3->send_connection_binding = 0; |
| 1424 | 1425 | ||
| 1425 | if ((num % SSL3_CIPHER_VALUE_SIZE) != 0) { | 1426 | /* |
| 1427 | * RFC 5246 section 7.4.1.2 defines the interval as [2,2^16-2]. | ||
| 1428 | */ | ||
| 1429 | if (num < 2 || num > 0x10000 - 2) { | ||
| 1426 | SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, | 1430 | SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, |
| 1427 | SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST); | 1431 | SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST); |
| 1428 | return (NULL); | 1432 | return (NULL); |
| @@ -1433,8 +1437,14 @@ ssl_bytes_to_cipher_list(SSL *s, unsigned char *p, int num) | |||
| 1433 | goto err; | 1437 | goto err; |
| 1434 | } | 1438 | } |
| 1435 | 1439 | ||
| 1436 | for (i = 0; i < num; i += SSL3_CIPHER_VALUE_SIZE) { | 1440 | CBS_init(&cbs, p, num); |
| 1437 | n2s(p, cipher_value); | 1441 | while (CBS_len(&cbs) > 0) { |
| 1442 | if (!CBS_get_u16(&cbs, &cipher_value)) { | ||
| 1443 | SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, | ||
| 1444 | SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST); | ||
| 1445 | goto err; | ||
| 1446 | } | ||
| 1447 | |||
| 1438 | cipher_id = SSL3_CK_ID | cipher_value; | 1448 | cipher_id = SSL3_CK_ID | cipher_value; |
| 1439 | 1449 | ||
| 1440 | if (s->s3 != NULL && cipher_id == SSL3_CK_SCSV) { | 1450 | if (s->s3 != NULL && cipher_id == SSL3_CK_SCSV) { |
diff --git a/src/lib/libssl/src/ssl/ssl_locl.h b/src/lib/libssl/src/ssl/ssl_locl.h index 43c6974268..8116bfddfa 100644 --- a/src/lib/libssl/src/ssl/ssl_locl.h +++ b/src/lib/libssl/src/ssl/ssl_locl.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_locl.h,v 1.93 2015/06/20 16:42:48 doug Exp $ */ | 1 | /* $OpenBSD: ssl_locl.h,v 1.94 2015/06/28 00:08:27 doug Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -569,7 +569,7 @@ int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b); | |||
| 569 | DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER, ssl_cipher_id); | 569 | DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER, ssl_cipher_id); |
| 570 | int ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap, | 570 | int ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap, |
| 571 | const SSL_CIPHER * const *bp); | 571 | const SSL_CIPHER * const *bp); |
| 572 | STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s, unsigned char *p, | 572 | STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s, const unsigned char *p, |
| 573 | int num); | 573 | int num); |
| 574 | int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, | 574 | int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, |
| 575 | unsigned char *p); | 575 | unsigned char *p); |
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c index b5ce2ea5ac..1dd518d0b8 100644 --- a/src/lib/libssl/ssl_lib.c +++ b/src/lib/libssl/ssl_lib.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_lib.c,v 1.103 2015/04/15 16:25:43 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_lib.c,v 1.104 2015/06/28 00:08:27 doug Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -155,6 +155,8 @@ | |||
| 155 | #include <openssl/engine.h> | 155 | #include <openssl/engine.h> |
| 156 | #endif | 156 | #endif |
| 157 | 157 | ||
| 158 | #include "bytestring.h" | ||
| 159 | |||
| 158 | const char *SSL_version_str = OPENSSL_VERSION_TEXT; | 160 | const char *SSL_version_str = OPENSSL_VERSION_TEXT; |
| 159 | 161 | ||
| 160 | SSL3_ENC_METHOD ssl3_undef_enc_method = { | 162 | SSL3_ENC_METHOD ssl3_undef_enc_method = { |
| @@ -1410,19 +1412,21 @@ ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, unsigned char *p) | |||
| 1410 | } | 1412 | } |
| 1411 | 1413 | ||
| 1412 | STACK_OF(SSL_CIPHER) * | 1414 | STACK_OF(SSL_CIPHER) * |
| 1413 | ssl_bytes_to_cipher_list(SSL *s, unsigned char *p, int num) | 1415 | ssl_bytes_to_cipher_list(SSL *s, const unsigned char *p, int num) |
| 1414 | { | 1416 | { |
| 1417 | CBS cbs; | ||
| 1415 | const SSL_CIPHER *c; | 1418 | const SSL_CIPHER *c; |
| 1416 | STACK_OF(SSL_CIPHER) *sk = NULL; | 1419 | STACK_OF(SSL_CIPHER) *sk = NULL; |
| 1417 | int i; | ||
| 1418 | unsigned long cipher_id; | 1420 | unsigned long cipher_id; |
| 1419 | uint16_t cipher_value; | 1421 | uint16_t cipher_value, max_version; |
| 1420 | uint16_t max_version; | ||
| 1421 | 1422 | ||
| 1422 | if (s->s3) | 1423 | if (s->s3) |
| 1423 | s->s3->send_connection_binding = 0; | 1424 | s->s3->send_connection_binding = 0; |
| 1424 | 1425 | ||
| 1425 | if ((num % SSL3_CIPHER_VALUE_SIZE) != 0) { | 1426 | /* |
| 1427 | * RFC 5246 section 7.4.1.2 defines the interval as [2,2^16-2]. | ||
| 1428 | */ | ||
| 1429 | if (num < 2 || num > 0x10000 - 2) { | ||
| 1426 | SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, | 1430 | SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, |
| 1427 | SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST); | 1431 | SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST); |
| 1428 | return (NULL); | 1432 | return (NULL); |
| @@ -1433,8 +1437,14 @@ ssl_bytes_to_cipher_list(SSL *s, unsigned char *p, int num) | |||
| 1433 | goto err; | 1437 | goto err; |
| 1434 | } | 1438 | } |
| 1435 | 1439 | ||
| 1436 | for (i = 0; i < num; i += SSL3_CIPHER_VALUE_SIZE) { | 1440 | CBS_init(&cbs, p, num); |
| 1437 | n2s(p, cipher_value); | 1441 | while (CBS_len(&cbs) > 0) { |
| 1442 | if (!CBS_get_u16(&cbs, &cipher_value)) { | ||
| 1443 | SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, | ||
| 1444 | SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST); | ||
| 1445 | goto err; | ||
| 1446 | } | ||
| 1447 | |||
| 1438 | cipher_id = SSL3_CK_ID | cipher_value; | 1448 | cipher_id = SSL3_CK_ID | cipher_value; |
| 1439 | 1449 | ||
| 1440 | if (s->s3 != NULL && cipher_id == SSL3_CK_SCSV) { | 1450 | if (s->s3 != NULL && cipher_id == SSL3_CK_SCSV) { |
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h index 43c6974268..8116bfddfa 100644 --- a/src/lib/libssl/ssl_locl.h +++ b/src/lib/libssl/ssl_locl.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_locl.h,v 1.93 2015/06/20 16:42:48 doug Exp $ */ | 1 | /* $OpenBSD: ssl_locl.h,v 1.94 2015/06/28 00:08:27 doug Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -569,7 +569,7 @@ int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b); | |||
| 569 | DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER, ssl_cipher_id); | 569 | DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER, ssl_cipher_id); |
| 570 | int ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap, | 570 | int ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap, |
| 571 | const SSL_CIPHER * const *bp); | 571 | const SSL_CIPHER * const *bp); |
| 572 | STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s, unsigned char *p, | 572 | STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s, const unsigned char *p, |
| 573 | int num); | 573 | int num); |
| 574 | int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, | 574 | int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, |
| 575 | unsigned char *p); | 575 | unsigned char *p); |
diff --git a/src/regress/lib/libssl/Makefile b/src/regress/lib/libssl/Makefile index 4d64dc3966..7c2d92e340 100644 --- a/src/regress/lib/libssl/Makefile +++ b/src/regress/lib/libssl/Makefile | |||
| @@ -1,10 +1,11 @@ | |||
| 1 | # $OpenBSD: Makefile,v 1.21 2015/02/06 09:36:16 doug Exp $ | 1 | # $OpenBSD: Makefile,v 1.22 2015/06/28 00:08:27 doug Exp $ |
| 2 | 2 | ||
| 3 | SUBDIR= \ | 3 | SUBDIR= \ |
| 4 | asn1 \ | 4 | asn1 \ |
| 5 | bytestring \ | 5 | bytestring \ |
| 6 | ciphers \ | 6 | ciphers \ |
| 7 | ssl | 7 | ssl \ |
| 8 | unit | ||
| 8 | 9 | ||
| 9 | install: | 10 | install: |
| 10 | 11 | ||
diff --git a/src/regress/lib/libssl/unit/cipher_list.c b/src/regress/lib/libssl/unit/cipher_list.c index b513007771..1c829f369c 100644 --- a/src/regress/lib/libssl/unit/cipher_list.c +++ b/src/regress/lib/libssl/unit/cipher_list.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: cipher_list.c,v 1.1 2015/06/27 23:35:52 doug Exp $ */ | 1 | /* $OpenBSD: cipher_list.c,v 1.2 2015/06/28 00:08:27 doug Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2015 Doug Hogan <doug@openbsd.org> | 3 | * Copyright (c) 2015 Doug Hogan <doug@openbsd.org> |
| 4 | * Copyright (c) 2015 Joel Sing <jsing@openbsd.org> | 4 | * Copyright (c) 2015 Joel Sing <jsing@openbsd.org> |
| @@ -146,6 +146,8 @@ err: | |||
| 146 | static int | 146 | static int |
| 147 | ssl_bytes_to_list_invalid(SSL *s, STACK_OF(SSL_CIPHER) **ciphers) | 147 | ssl_bytes_to_list_invalid(SSL *s, STACK_OF(SSL_CIPHER) **ciphers) |
| 148 | { | 148 | { |
| 149 | uint8_t empty_cipher_bytes[] = { }; | ||
| 150 | |||
| 149 | sk_SSL_CIPHER_free(*ciphers); | 151 | sk_SSL_CIPHER_free(*ciphers); |
| 150 | 152 | ||
| 151 | /* Invalid length: CipherSuite is 2 bytes so it must be even */ | 153 | /* Invalid length: CipherSuite is 2 bytes so it must be even */ |
| @@ -153,6 +155,19 @@ ssl_bytes_to_list_invalid(SSL *s, STACK_OF(SSL_CIPHER) **ciphers) | |||
| 153 | sizeof(cipher_bytes) - 1); | 155 | sizeof(cipher_bytes) - 1); |
| 154 | CHECK(*ciphers == NULL); | 156 | CHECK(*ciphers == NULL); |
| 155 | 157 | ||
| 158 | /* Invalid length: cipher_suites must be at least 2 */ | ||
| 159 | *ciphers = ssl_bytes_to_cipher_list(s, empty_cipher_bytes, | ||
| 160 | sizeof(empty_cipher_bytes)); | ||
| 161 | CHECK(*ciphers == NULL); | ||
| 162 | |||
| 163 | /* Invalid length: cipher_suites must be at most 2^16-2 */ | ||
| 164 | *ciphers = ssl_bytes_to_cipher_list(s, cipher_bytes, 0x10000); | ||
| 165 | CHECK(*ciphers == NULL); | ||
| 166 | |||
| 167 | /* Invalid len: prototype is signed, but it shouldn't accept len < 0 */ | ||
| 168 | *ciphers = ssl_bytes_to_cipher_list(s, cipher_bytes, -2); | ||
| 169 | CHECK(*ciphers == NULL); | ||
| 170 | |||
| 156 | return 1; | 171 | return 1; |
| 157 | } | 172 | } |
| 158 | 173 | ||