From 1c98a87f0daac81245653c227eb2f2508a22a965 Mon Sep 17 00:00:00 2001 From: markus <> Date: Sun, 11 May 2003 21:36:58 +0000 Subject: import 0.9.7b (without idea and rc5) --- src/lib/libssl/LICENSE | 2 +- src/lib/libssl/bio_ssl.c | 6 ++ src/lib/libssl/doc/standards.txt | 173 ++++++++++++++++++++++++++++++----- src/lib/libssl/s23_clnt.c | 24 +++-- src/lib/libssl/s23_srvr.c | 19 ++-- src/lib/libssl/s3_both.c | 25 +++-- src/lib/libssl/s3_clnt.c | 73 ++++++++------- src/lib/libssl/s3_lib.c | 193 +++++++++++++++++++++++++++++++-------- src/lib/libssl/s3_pkt.c | 47 ++++++---- src/lib/libssl/s3_srvr.c | 53 ++++++----- src/lib/libssl/ssl.h | 30 ++++-- src/lib/libssl/ssl3.h | 48 +++++++--- src/lib/libssl/ssl_asn1.c | 11 ++- src/lib/libssl/ssl_cert.c | 30 +++++- src/lib/libssl/ssl_ciph.c | 14 ++- src/lib/libssl/ssl_err.c | 1 + src/lib/libssl/ssl_lib.c | 45 +++++---- src/lib/libssl/ssl_sess.c | 17 ++-- src/lib/libssl/t1_clnt.c | 17 +++- src/lib/libssl/t1_enc.c | 20 ++-- src/lib/libssl/t1_meth.c | 20 ++-- src/lib/libssl/t1_srvr.c | 17 +++- src/lib/libssl/test/methtest.c | 4 +- src/lib/libssl/test/testgen | 2 + src/lib/libssl/test/testssl | 16 +++- 25 files changed, 669 insertions(+), 238 deletions(-) (limited to 'src/lib/libssl') diff --git a/src/lib/libssl/LICENSE b/src/lib/libssl/LICENSE index 7b93e0dbce..dddb07842b 100644 --- a/src/lib/libssl/LICENSE +++ b/src/lib/libssl/LICENSE @@ -12,7 +12,7 @@ --------------- /* ==================================================================== - * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions diff --git a/src/lib/libssl/bio_ssl.c b/src/lib/libssl/bio_ssl.c index 467e149947..d683ee43e1 100644 --- a/src/lib/libssl/bio_ssl.c +++ b/src/lib/libssl/bio_ssl.c @@ -403,6 +403,10 @@ static long ssl_ctrl(BIO *b, int cmd, long num, void *ptr) { BIO_free_all(ssl->wbio); } + if (b->next_bio != NULL) + { + CRYPTO_add(&b->next_bio->references,1,CRYPTO_LOCK_BIO); + } ssl->wbio=NULL; ssl->rbio=NULL; break; @@ -509,6 +513,7 @@ static int ssl_puts(BIO *bp, const char *str) BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx) { +#ifndef OPENSSL_NO_SOCK BIO *ret=NULL,*buf=NULL,*ssl=NULL; if ((buf=BIO_new(BIO_f_buffer())) == NULL) @@ -521,6 +526,7 @@ BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx) err: if (buf != NULL) BIO_free(buf); if (ssl != NULL) BIO_free(ssl); +#endif return(NULL); } diff --git a/src/lib/libssl/doc/standards.txt b/src/lib/libssl/doc/standards.txt index 596d9001e6..edbe2f3a57 100644 --- a/src/lib/libssl/doc/standards.txt +++ b/src/lib/libssl/doc/standards.txt @@ -42,20 +42,9 @@ whole or at least great parts) in OpenSSL. 2268 A Description of the RC2(r) Encryption Algorithm. R. Rivest. January 1998. (Format: TXT=19048 bytes) (Status: INFORMATIONAL) -2314 PKCS 10: Certification Request Syntax Version 1.5. B. Kaliski. - March 1998. (Format: TXT=15814 bytes) (Status: INFORMATIONAL) - 2315 PKCS 7: Cryptographic Message Syntax Version 1.5. B. Kaliski. March 1998. (Format: TXT=69679 bytes) (Status: INFORMATIONAL) -2437 PKCS #1: RSA Cryptography Specifications Version 2.0. B. Kaliski, - J. Staddon. October 1998. (Format: TXT=73529 bytes) (Obsoletes - RFC2313) (Status: INFORMATIONAL) - -2459 Internet X.509 Public Key Infrastructure Certificate and CRL - Profile. R. Housley, W. Ford, W. Polk, D. Solo. January 1999. - (Format: TXT=278438 bytes) (Status: PROPOSED STANDARD) - PKCS#8: Private-Key Information Syntax Standard PKCS#12: Personal Information Exchange Syntax Standard, version 1.0. @@ -65,6 +54,40 @@ PKCS#12: Personal Information Exchange Syntax Standard, version 1.0. C. Adams. June 1999. (Format: TXT=43243 bytes) (Status: PROPOSED STANDARD) +2712 Addition of Kerberos Cipher Suites to Transport Layer Security + (TLS). A. Medvinsky, M. Hur. October 1999. (Format: TXT=13763 bytes) + (Status: PROPOSED STANDARD) + +2898 PKCS #5: Password-Based Cryptography Specification Version 2.0. + B. Kaliski. September 2000. (Format: TXT=68692 bytes) (Status: + INFORMATIONAL) + +2986 PKCS #10: Certification Request Syntax Specification Version 1.7. + M. Nystrom, B. Kaliski. November 2000. (Format: TXT=27794 bytes) + (Obsoletes RFC2314) (Status: INFORMATIONAL) + +3174 US Secure Hash Algorithm 1 (SHA1). D. Eastlake 3rd, P. Jones. + September 2001. (Format: TXT=35525 bytes) (Status: INFORMATIONAL) + +3268 Advanced Encryption Standard (AES) Ciphersuites for Transport + Layer Security (TLS). P. Chown. June 2002. (Format: TXT=13530 bytes) + (Status: PROPOSED STANDARD) + +3279 Algorithms and Identifiers for the Internet X.509 Public Key + Infrastructure Certificate and Certificate Revocation List (CRL) + Profile. L. Bassham, W. Polk, R. Housley. April 2002. (Format: + TXT=53833 bytes) (Status: PROPOSED STANDARD) + +3280 Internet X.509 Public Key Infrastructure Certificate and + Certificate Revocation List (CRL) Profile. R. Housley, W. Polk, W. + Ford, D. Solo. April 2002. (Format: TXT=295556 bytes) (Obsoletes + RFC2459) (Status: PROPOSED STANDARD) + +3447 Public-Key Cryptography Standards (PKCS) #1: RSA Cryptography + Specifications Version 2.1. J. Jonsson, B. Kaliski. February 2003. + (Format: TXT=143173 bytes) (Obsoletes RFC2437) (Status: + INFORMATIONAL) + Related: -------- @@ -90,23 +113,60 @@ STARTTLS documents. Certification and Related Services. B. Kaliski. February 1993. (Format: TXT=17537 bytes) (Status: PROPOSED STANDARD) -2256 A Summary of the X.500(96) User Schema for use with LDAPv3. M. - Wahl. December 1997. (Format: TXT=32377 bytes) (Status: PROPOSED - STANDARD) +2025 The Simple Public-Key GSS-API Mechanism (SPKM). C. Adams. October + 1996. (Format: TXT=101692 bytes) (Status: PROPOSED STANDARD) + +2510 Internet X.509 Public Key Infrastructure Certificate Management + Protocols. C. Adams, S. Farrell. March 1999. (Format: TXT=158178 + bytes) (Status: PROPOSED STANDARD) + +2511 Internet X.509 Certificate Request Message Format. M. Myers, C. + Adams, D. Solo, D. Kemp. March 1999. (Format: TXT=48278 bytes) + (Status: PROPOSED STANDARD) + +2527 Internet X.509 Public Key Infrastructure Certificate Policy and + Certification Practices Framework. S. Chokhani, W. Ford. March 1999. + (Format: TXT=91860 bytes) (Status: INFORMATIONAL) -2487 SMTP Service Extension for Secure SMTP over TLS. P. Hoffman. - January 1999. (Format: TXT=15120 bytes) (Status: PROPOSED STANDARD) +2538 Storing Certificates in the Domain Name System (DNS). D. Eastlake + 3rd, O. Gudmundsson. March 1999. (Format: TXT=19857 bytes) (Status: + PROPOSED STANDARD) + +2539 Storage of Diffie-Hellman Keys in the Domain Name System (DNS). + D. Eastlake 3rd. March 1999. (Format: TXT=21049 bytes) (Status: + PROPOSED STANDARD) + +2559 Internet X.509 Public Key Infrastructure Operational Protocols - + LDAPv2. S. Boeyen, T. Howes, P. Richard. April 1999. (Format: + TXT=22889 bytes) (Updates RFC1778) (Status: PROPOSED STANDARD) 2585 Internet X.509 Public Key Infrastructure Operational Protocols: FTP and HTTP. R. Housley, P. Hoffman. May 1999. (Format: TXT=14813 bytes) (Status: PROPOSED STANDARD) +2587 Internet X.509 Public Key Infrastructure LDAPv2 Schema. S. + Boeyen, T. Howes, P. Richard. June 1999. (Format: TXT=15102 bytes) + (Status: PROPOSED STANDARD) + 2595 Using TLS with IMAP, POP3 and ACAP. C. Newman. June 1999. (Format: TXT=32440 bytes) (Status: PROPOSED STANDARD) -2712 Addition of Kerberos Cipher Suites to Transport Layer Security - (TLS). A. Medvinsky, M. Hur. October 1999. (Format: TXT=13763 bytes) - (Status: PROPOSED STANDARD) +2631 Diffie-Hellman Key Agreement Method. E. Rescorla. June 1999. + (Format: TXT=25932 bytes) (Status: PROPOSED STANDARD) + +2632 S/MIME Version 3 Certificate Handling. B. Ramsdell, Ed.. June + 1999. (Format: TXT=27925 bytes) (Status: PROPOSED STANDARD) + +2716 PPP EAP TLS Authentication Protocol. B. Aboba, D. Simon. October + 1999. (Format: TXT=50108 bytes) (Status: EXPERIMENTAL) + +2773 Encryption using KEA and SKIPJACK. R. Housley, P. Yee, W. Nace. + February 2000. (Format: TXT=20008 bytes) (Updates RFC0959) (Status: + EXPERIMENTAL) + +2797 Certificate Management Messages over CMS. M. Myers, X. Liu, J. + Schaad, J. Weinstein. April 2000. (Format: TXT=103357 bytes) (Status: + PROPOSED STANDARD) 2817 Upgrading to TLS Within HTTP/1.1. R. Khare, S. Lawrence. May 2000. (Format: TXT=27598 bytes) (Updates RFC2616) (Status: PROPOSED @@ -115,6 +175,77 @@ STARTTLS documents. 2818 HTTP Over TLS. E. Rescorla. May 2000. (Format: TXT=15170 bytes) (Status: INFORMATIONAL) +2876 Use of the KEA and SKIPJACK Algorithms in CMS. J. Pawling. July + 2000. (Format: TXT=29265 bytes) (Status: INFORMATIONAL) + +2984 Use of the CAST-128 Encryption Algorithm in CMS. C. Adams. + October 2000. (Format: TXT=11591 bytes) (Status: PROPOSED STANDARD) + +2985 PKCS #9: Selected Object Classes and Attribute Types Version 2.0. + M. Nystrom, B. Kaliski. November 2000. (Format: TXT=70703 bytes) + (Status: INFORMATIONAL) + +3029 Internet X.509 Public Key Infrastructure Data Validation and + Certification Server Protocols. C. Adams, P. Sylvester, M. Zolotarev, + R. Zuccherato. February 2001. (Format: TXT=107347 bytes) (Status: + EXPERIMENTAL) + +3039 Internet X.509 Public Key Infrastructure Qualified Certificates + Profile. S. Santesson, W. Polk, P. Barzin, M. Nystrom. January 2001. + (Format: TXT=67619 bytes) (Status: PROPOSED STANDARD) + +3058 Use of the IDEA Encryption Algorithm in CMS. S. Teiwes, P. + Hartmann, D. Kuenzi. February 2001. (Format: TXT=17257 bytes) + (Status: INFORMATIONAL) + +3161 Internet X.509 Public Key Infrastructure Time-Stamp Protocol + (TSP). C. Adams, P. Cain, D. Pinkas, R. Zuccherato. August 2001. + (Format: TXT=54585 bytes) (Status: PROPOSED STANDARD) + +3185 Reuse of CMS Content Encryption Keys. S. Farrell, S. Turner. + October 2001. (Format: TXT=20404 bytes) (Status: PROPOSED STANDARD) + +3207 SMTP Service Extension for Secure SMTP over Transport Layer + Security. P. Hoffman. February 2002. (Format: TXT=18679 bytes) + (Obsoletes RFC2487) (Status: PROPOSED STANDARD) + +3217 Triple-DES and RC2 Key Wrapping. R. Housley. December 2001. + (Format: TXT=19855 bytes) (Status: INFORMATIONAL) + +3274 Compressed Data Content Type for Cryptographic Message Syntax + (CMS). P. Gutmann. June 2002. (Format: TXT=11276 bytes) (Status: + PROPOSED STANDARD) + +3278 Use of Elliptic Curve Cryptography (ECC) Algorithms in + Cryptographic Message Syntax (CMS). S. Blake-Wilson, D. Brown, P. + Lambert. April 2002. (Format: TXT=33779 bytes) (Status: + INFORMATIONAL) + +3281 An Internet Attribute Certificate Profile for Authorization. S. + Farrell, R. Housley. April 2002. (Format: TXT=90580 bytes) (Status: + PROPOSED STANDARD) + +3369 Cryptographic Message Syntax (CMS). R. Housley. August 2002. + (Format: TXT=113975 bytes) (Obsoletes RFC2630, RFC3211) (Status: + PROPOSED STANDARD) + +3370 Cryptographic Message Syntax (CMS) Algorithms. R. Housley. August + 2002. (Format: TXT=51001 bytes) (Obsoletes RFC2630, RFC3211) (Status: + PROPOSED STANDARD) + +3377 Lightweight Directory Access Protocol (v3): Technical + Specification. J. Hodges, R. Morgan. September 2002. (Format: + TXT=9981 bytes) (Updates RFC2251, RFC2252, RFC2253, RFC2254, RFC2255, + RFC2256, RFC2829, RFC2830) (Status: PROPOSED STANDARD) + +3394 Advanced Encryption Standard (AES) Key Wrap Algorithm. J. Schaad, + R. Housley. September 2002. (Format: TXT=73072 bytes) (Status: + INFORMATIONAL) + +3436 Transport Layer Security over Stream Control Transmission + Protocol. A. Jungmaier, E. Rescorla, M. Tuexen. December 2002. + (Format: TXT=16333 bytes) (Status: PROPOSED STANDARD) + "Securing FTP with TLS", 01/27/2000, @@ -124,7 +255,3 @@ To be implemented: These are documents that describe things that are planed to be implemented in the hopefully short future. -2712 Addition of Kerberos Cipher Suites to Transport Layer Security - (TLS). A. Medvinsky, M. Hur. October 1999. (Format: TXT=13763 bytes) - (Status: PROPOSED STANDARD) - diff --git a/src/lib/libssl/s23_clnt.c b/src/lib/libssl/s23_clnt.c index 019e9aecee..64ee4269ec 100644 --- a/src/lib/libssl/s23_clnt.c +++ b/src/lib/libssl/s23_clnt.c @@ -87,18 +87,25 @@ SSL_METHOD *SSLv23_client_method(void) if (init) { - memcpy((char *)&SSLv23_client_data, - (char *)sslv23_base_method(),sizeof(SSL_METHOD)); - SSLv23_client_data.ssl_connect=ssl23_connect; - SSLv23_client_data.get_ssl_method=ssl23_get_client_method; - init=0; + CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD); + + if (init) + { + memcpy((char *)&SSLv23_client_data, + (char *)sslv23_base_method(),sizeof(SSL_METHOD)); + SSLv23_client_data.ssl_connect=ssl23_connect; + SSLv23_client_data.get_ssl_method=ssl23_get_client_method; + init=0; + } + + CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD); } return(&SSLv23_client_data); } int ssl23_connect(SSL *s) { - BUF_MEM *buf; + BUF_MEM *buf=NULL; unsigned long Time=time(NULL); void (*cb)(const SSL *ssl,int type,int val)=NULL; int ret= -1; @@ -152,6 +159,7 @@ int ssl23_connect(SSL *s) goto end; } s->init_buf=buf; + buf=NULL; } if (!ssl3_setup_buffers(s)) { ret= -1; goto end; } @@ -200,6 +208,8 @@ int ssl23_connect(SSL *s) } end: s->in_handshake--; + if (buf != NULL) + BUF_MEM_free(buf); if (cb != NULL) cb(s,SSL_CB_CONNECT_EXIT,ret); return(ret); @@ -363,7 +373,7 @@ static int ssl23_get_server_hello(SSL *s) if (s->s3 != NULL) ssl3_free(s); - if (!BUF_MEM_grow(s->init_buf, + if (!BUF_MEM_grow_clean(s->init_buf, SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)) { SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,ERR_R_BUF_LIB); diff --git a/src/lib/libssl/s23_srvr.c b/src/lib/libssl/s23_srvr.c index 8743b61cbb..c5404ca0bc 100644 --- a/src/lib/libssl/s23_srvr.c +++ b/src/lib/libssl/s23_srvr.c @@ -139,11 +139,18 @@ SSL_METHOD *SSLv23_server_method(void) if (init) { - memcpy((char *)&SSLv23_server_data, - (char *)sslv23_base_method(),sizeof(SSL_METHOD)); - SSLv23_server_data.ssl_accept=ssl23_accept; - SSLv23_server_data.get_ssl_method=ssl23_get_server_method; - init=0; + CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD); + + if (init) + { + memcpy((char *)&SSLv23_server_data, + (char *)sslv23_base_method(),sizeof(SSL_METHOD)); + SSLv23_server_data.ssl_accept=ssl23_accept; + SSLv23_server_data.get_ssl_method=ssl23_get_server_method; + init=0; + } + + CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD); } return(&SSLv23_server_data); } @@ -505,7 +512,7 @@ int ssl23_get_client_hello(SSL *s) if (s->s3 != NULL) ssl3_free(s); - if (!BUF_MEM_grow(s->init_buf, + if (!BUF_MEM_grow_clean(s->init_buf, SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)) { goto err; diff --git a/src/lib/libssl/s3_both.c b/src/lib/libssl/s3_both.c index 8864366f59..64d317b7ac 100644 --- a/src/lib/libssl/s3_both.c +++ b/src/lib/libssl/s3_both.c @@ -268,16 +268,23 @@ unsigned long ssl3_output_cert_chain(SSL *s, X509 *x) X509_STORE_CTX xs_ctx; X509_OBJECT obj; + int no_chain; + + if ((s->mode & SSL_MODE_NO_AUTO_CHAIN) || s->ctx->extra_certs) + no_chain = 1; + else + no_chain = 0; + /* TLSv1 sends a chain with nothing in it, instead of an alert */ buf=s->init_buf; - if (!BUF_MEM_grow(buf,(int)(10))) + if (!BUF_MEM_grow_clean(buf,10)) { SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB); return(0); } if (x != NULL) { - if(!X509_STORE_CTX_init(&xs_ctx,s->ctx->cert_store,NULL,NULL)) + if(!no_chain && !X509_STORE_CTX_init(&xs_ctx,s->ctx->cert_store,NULL,NULL)) { SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_X509_LIB); return(0); @@ -286,7 +293,7 @@ unsigned long ssl3_output_cert_chain(SSL *s, X509 *x) for (;;) { n=i2d_X509(x,NULL); - if (!BUF_MEM_grow(buf,(int)(n+l+3))) + if (!BUF_MEM_grow_clean(buf,(int)(n+l+3))) { SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB); return(0); @@ -295,6 +302,10 @@ unsigned long ssl3_output_cert_chain(SSL *s, X509 *x) l2n3(n,p); i2d_X509(x,&p); l+=n+3; + + if (no_chain) + break; + if (X509_NAME_cmp(X509_get_subject_name(x), X509_get_issuer_name(x)) == 0) break; @@ -306,8 +317,8 @@ unsigned long ssl3_output_cert_chain(SSL *s, X509 *x) * ref count */ X509_free(x); } - - X509_STORE_CTX_cleanup(&xs_ctx); + if (!no_chain) + X509_STORE_CTX_cleanup(&xs_ctx); } /* Thawte special :-) */ @@ -316,7 +327,7 @@ unsigned long ssl3_output_cert_chain(SSL *s, X509 *x) { x=sk_X509_value(s->ctx->extra_certs,i); n=i2d_X509(x,NULL); - if (!BUF_MEM_grow(buf,(int)(n+l+3))) + if (!BUF_MEM_grow_clean(buf,(int)(n+l+3))) { SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB); return(0); @@ -439,7 +450,7 @@ long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok) SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_EXCESSIVE_MESSAGE_SIZE); goto f_err; } - if (l && !BUF_MEM_grow(s->init_buf,(int)l+4)) + if (l && !BUF_MEM_grow_clean(s->init_buf,(int)l+4)) { SSLerr(SSL_F_SSL3_GET_MESSAGE,ERR_R_BUF_LIB); goto err; diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c index 2b58482484..fae8eadada 100644 --- a/src/lib/libssl/s3_clnt.c +++ b/src/lib/libssl/s3_clnt.c @@ -146,18 +146,25 @@ SSL_METHOD *SSLv3_client_method(void) if (init) { - init=0; - memcpy((char *)&SSLv3_client_data,(char *)sslv3_base_method(), - sizeof(SSL_METHOD)); - SSLv3_client_data.ssl_connect=ssl3_connect; - SSLv3_client_data.get_ssl_method=ssl3_get_client_method; + CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD); + + if (init) + { + memcpy((char *)&SSLv3_client_data,(char *)sslv3_base_method(), + sizeof(SSL_METHOD)); + SSLv3_client_data.ssl_connect=ssl3_connect; + SSLv3_client_data.get_ssl_method=ssl3_get_client_method; + init=0; + } + + CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD); } return(&SSLv3_client_data); } int ssl3_connect(SSL *s) { - BUF_MEM *buf; + BUF_MEM *buf=NULL; unsigned long Time=time(NULL),l; long num1; void (*cb)(const SSL *ssl,int type,int val)=NULL; @@ -218,6 +225,7 @@ int ssl3_connect(SSL *s) goto end; } s->init_buf=buf; + buf=NULL; } if (!ssl3_setup_buffers(s)) { ret= -1; goto end; } @@ -496,6 +504,8 @@ int ssl3_connect(SSL *s) } end: s->in_handshake--; + if (buf != NULL) + BUF_MEM_free(buf); if (cb != NULL) cb(s,SSL_CB_CONNECT_EXIT,ret); return(ret); @@ -632,30 +642,20 @@ static int ssl3_get_server_hello(SSL *s) /* get the session-id */ j= *(p++); - if(j > sizeof s->session->session_id) - { - al=SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, - SSL_R_SSL3_SESSION_ID_TOO_LONG); - goto f_err; - } - - if ((j != 0) && (j != SSL3_SESSION_ID_SIZE)) + if ((j > sizeof s->session->session_id) || (j > SSL3_SESSION_ID_SIZE)) { - /* SSLref returns 16 :-( */ - if (j < SSL2_SSL_SESSION_ID_LENGTH) - { - al=SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_SSL3_SESSION_ID_TOO_SHORT); - goto f_err; - } + al=SSL_AD_ILLEGAL_PARAMETER; + SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_SSL3_SESSION_ID_TOO_LONG); + goto f_err; } + if (j != 0 && j == s->session->session_id_length && memcmp(p,s->session->session_id,j) == 0) { if(s->sid_ctx_length != s->session->sid_ctx_length || memcmp(s->session->sid_ctx,s->sid_ctx,s->sid_ctx_length)) { + /* actually a client application bug */ al=SSL_AD_ILLEGAL_PARAMETER; SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT); goto f_err; @@ -699,7 +699,12 @@ static int ssl3_get_server_hello(SSL *s) goto f_err; } - if (s->hit && (s->session->cipher != c)) + /* Depending on the session caching (internal/external), the cipher + and/or cipher_id values may not be set. Make sure that + cipher_id is set and use it for comparison. */ + if (s->session->cipher) + s->session->cipher_id = s->session->cipher->id; + if (s->hit && (s->session->cipher_id != c->id)) { if (!(s->options & SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG)) @@ -1457,16 +1462,16 @@ static int ssl3_send_client_key_exchange(SSL *s) tmp_buf[0]=s->client_version>>8; tmp_buf[1]=s->client_version&0xff; - if (RAND_bytes(&(tmp_buf[2]),SSL_MAX_MASTER_KEY_LENGTH-2) <= 0) + if (RAND_bytes(&(tmp_buf[2]),sizeof tmp_buf-2) <= 0) goto err; - s->session->master_key_length=SSL_MAX_MASTER_KEY_LENGTH; + s->session->master_key_length=sizeof tmp_buf; q=p; /* Fix buf for TLS and beyond */ if (s->version > SSL3_VERSION) p+=2; - n=RSA_public_encrypt(SSL_MAX_MASTER_KEY_LENGTH, + n=RSA_public_encrypt(sizeof tmp_buf, tmp_buf,p,rsa,RSA_PKCS1_PADDING); #ifdef PKCS1_CHECK if (s->options & SSL_OP_PKCS1_CHECK_1) p[1]++; @@ -1488,8 +1493,8 @@ static int ssl3_send_client_key_exchange(SSL *s) s->session->master_key_length= s->method->ssl3_enc->generate_master_secret(s, s->session->master_key, - tmp_buf,SSL_MAX_MASTER_KEY_LENGTH); - memset(tmp_buf,0,SSL_MAX_MASTER_KEY_LENGTH); + tmp_buf,sizeof tmp_buf); + OPENSSL_cleanse(tmp_buf,sizeof tmp_buf); } #endif #ifndef OPENSSL_NO_KRB5 @@ -1585,7 +1590,7 @@ static int ssl3_send_client_key_exchange(SSL *s) n+=2; } - if (RAND_bytes(tmp_buf,SSL_MAX_MASTER_KEY_LENGTH) <= 0) + if (RAND_bytes(tmp_buf,sizeof tmp_buf) <= 0) goto err; /* 20010420 VRS. Tried it this way; failed. @@ -1595,11 +1600,11 @@ static int ssl3_send_client_key_exchange(SSL *s) ** EVP_EncryptInit_ex(&ciph_ctx,NULL, key,iv); */ - memset(iv, 0, EVP_MAX_IV_LENGTH); /* per RFC 1510 */ + memset(iv, 0, sizeof iv); /* per RFC 1510 */ EVP_EncryptInit_ex(&ciph_ctx,enc, NULL, kssl_ctx->key,iv); EVP_EncryptUpdate(&ciph_ctx,epms,&outl,tmp_buf, - SSL_MAX_MASTER_KEY_LENGTH); + sizeof tmp_buf); EVP_EncryptFinal_ex(&ciph_ctx,&(epms[outl]),&padl); outl += padl; if (outl > sizeof epms) @@ -1618,10 +1623,10 @@ static int ssl3_send_client_key_exchange(SSL *s) s->session->master_key_length= s->method->ssl3_enc->generate_master_secret(s, s->session->master_key, - tmp_buf, SSL_MAX_MASTER_KEY_LENGTH); + tmp_buf, sizeof tmp_buf); - memset(tmp_buf, 0, SSL_MAX_MASTER_KEY_LENGTH); - memset(epms, 0, outl); + OPENSSL_cleanse(tmp_buf, sizeof tmp_buf); + OPENSSL_cleanse(epms, outl); } #endif #ifndef OPENSSL_NO_DH diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c index 14b2f13ae2..896b12fc4f 100644 --- a/src/lib/libssl/s3_lib.c +++ b/src/lib/libssl/s3_lib.c @@ -512,6 +512,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_ALL_STRENGTHS, }, +#if 0 /* Cipher 1E */ { 0, @@ -525,55 +526,70 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, +#endif #ifndef OPENSSL_NO_KRB5 /* The Kerberos ciphers ** 20000107 VRS: And the first shall be last, ** in hopes of avoiding the lynx ssl renegotiation problem. */ -/* Cipher 21 VRS */ +/* Cipher 1E VRS */ { 1, - SSL3_TXT_KRB5_DES_40_CBC_SHA, - SSL3_CK_KRB5_DES_40_CBC_SHA, + SSL3_TXT_KRB5_DES_64_CBC_SHA, + SSL3_CK_KRB5_DES_64_CBC_SHA, SSL_kKRB5|SSL_aKRB5| SSL_DES|SSL_SHA1 |SSL_SSLV3, - SSL_EXPORT|SSL_EXP40, + SSL_NOT_EXP|SSL_LOW, 0, - 40, + 56, 56, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, -/* Cipher 22 VRS */ +/* Cipher 1F VRS */ { 1, - SSL3_TXT_KRB5_DES_40_CBC_MD5, - SSL3_CK_KRB5_DES_40_CBC_MD5, - SSL_kKRB5|SSL_aKRB5| SSL_DES|SSL_MD5 |SSL_SSLV3, - SSL_EXPORT|SSL_EXP40, + SSL3_TXT_KRB5_DES_192_CBC3_SHA, + SSL3_CK_KRB5_DES_192_CBC3_SHA, + SSL_kKRB5|SSL_aKRB5| SSL_3DES|SSL_SHA1 |SSL_SSLV3, + SSL_NOT_EXP|SSL_HIGH, 0, - 40, - 56, + 112, + 168, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, -/* Cipher 23 VRS */ +/* Cipher 20 VRS */ { 1, - SSL3_TXT_KRB5_DES_64_CBC_SHA, - SSL3_CK_KRB5_DES_64_CBC_SHA, - SSL_kKRB5|SSL_aKRB5| SSL_DES|SSL_SHA1 |SSL_SSLV3, - SSL_NOT_EXP|SSL_LOW, + SSL3_TXT_KRB5_RC4_128_SHA, + SSL3_CK_KRB5_RC4_128_SHA, + SSL_kKRB5|SSL_aKRB5| SSL_RC4|SSL_SHA1 |SSL_SSLV3, + SSL_NOT_EXP|SSL_MEDIUM, 0, - 56, - 56, + 128, + 128, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, -/* Cipher 24 VRS */ +/* Cipher 21 VRS */ + { + 1, + SSL3_TXT_KRB5_IDEA_128_CBC_SHA, + SSL3_CK_KRB5_IDEA_128_CBC_SHA, + SSL_kKRB5|SSL_aKRB5| SSL_IDEA|SSL_SHA1 |SSL_SSLV3, + SSL_NOT_EXP|SSL_MEDIUM, + 0, + 128, + 128, + SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS, + }, + +/* Cipher 22 VRS */ { 1, SSL3_TXT_KRB5_DES_64_CBC_MD5, @@ -587,12 +603,12 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_ALL_STRENGTHS, }, -/* Cipher 25 VRS */ +/* Cipher 23 VRS */ { 1, - SSL3_TXT_KRB5_DES_192_CBC3_SHA, - SSL3_CK_KRB5_DES_192_CBC3_SHA, - SSL_kKRB5|SSL_aKRB5| SSL_3DES|SSL_SHA1 |SSL_SSLV3, + SSL3_TXT_KRB5_DES_192_CBC3_MD5, + SSL3_CK_KRB5_DES_192_CBC3_MD5, + SSL_kKRB5|SSL_aKRB5| SSL_3DES|SSL_MD5 |SSL_SSLV3, SSL_NOT_EXP|SSL_HIGH, 0, 112, @@ -601,16 +617,114 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_ALL_STRENGTHS, }, +/* Cipher 24 VRS */ + { + 1, + SSL3_TXT_KRB5_RC4_128_MD5, + SSL3_CK_KRB5_RC4_128_MD5, + SSL_kKRB5|SSL_aKRB5| SSL_RC4|SSL_MD5 |SSL_SSLV3, + SSL_NOT_EXP|SSL_MEDIUM, + 0, + 128, + 128, + SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS, + }, + +/* Cipher 25 VRS */ + { + 1, + SSL3_TXT_KRB5_IDEA_128_CBC_MD5, + SSL3_CK_KRB5_IDEA_128_CBC_MD5, + SSL_kKRB5|SSL_aKRB5| SSL_IDEA|SSL_MD5 |SSL_SSLV3, + SSL_NOT_EXP|SSL_MEDIUM, + 0, + 128, + 128, + SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS, + }, + /* Cipher 26 VRS */ { 1, - SSL3_TXT_KRB5_DES_192_CBC3_MD5, - SSL3_CK_KRB5_DES_192_CBC3_MD5, - SSL_kKRB5|SSL_aKRB5| SSL_3DES|SSL_MD5 |SSL_SSLV3, - SSL_NOT_EXP|SSL_HIGH, + SSL3_TXT_KRB5_DES_40_CBC_SHA, + SSL3_CK_KRB5_DES_40_CBC_SHA, + SSL_kKRB5|SSL_aKRB5| SSL_DES|SSL_SHA1 |SSL_SSLV3, + SSL_EXPORT|SSL_EXP40, 0, - 112, - 168, + 40, + 56, + SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS, + }, + +/* Cipher 27 VRS */ + { + 1, + SSL3_TXT_KRB5_RC2_40_CBC_SHA, + SSL3_CK_KRB5_RC2_40_CBC_SHA, + SSL_kKRB5|SSL_aKRB5| SSL_RC2|SSL_SHA1 |SSL_SSLV3, + SSL_EXPORT|SSL_EXP40, + 0, + 40, + 128, + SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS, + }, + +/* Cipher 28 VRS */ + { + 1, + SSL3_TXT_KRB5_RC4_40_SHA, + SSL3_CK_KRB5_RC4_40_SHA, + SSL_kKRB5|SSL_aKRB5| SSL_RC4|SSL_SHA1 |SSL_SSLV3, + SSL_EXPORT|SSL_EXP40, + 0, + 128, + 128, + SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS, + }, + +/* Cipher 29 VRS */ + { + 1, + SSL3_TXT_KRB5_DES_40_CBC_MD5, + SSL3_CK_KRB5_DES_40_CBC_MD5, + SSL_kKRB5|SSL_aKRB5| SSL_DES|SSL_MD5 |SSL_SSLV3, + SSL_EXPORT|SSL_EXP40, + 0, + 40, + 56, + SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS, + }, + +/* Cipher 2A VRS */ + { + 1, + SSL3_TXT_KRB5_RC2_40_CBC_MD5, + SSL3_CK_KRB5_RC2_40_CBC_MD5, + SSL_kKRB5|SSL_aKRB5| SSL_RC2|SSL_MD5 |SSL_SSLV3, + SSL_EXPORT|SSL_EXP40, + 0, + 40, + 128, + SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS, + }, + +/* Cipher 2B VRS */ + { + 1, + SSL3_TXT_KRB5_RC4_40_MD5, + SSL3_CK_KRB5_RC4_40_MD5, + SSL_kKRB5|SSL_aKRB5| SSL_RC4|SSL_MD5 |SSL_SSLV3, + SSL_EXPORT|SSL_EXP40, + 0, + 128, + 128, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, @@ -986,7 +1100,7 @@ void ssl3_free(SSL *s) sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free); EVP_MD_CTX_cleanup(&s->s3->finish_dgst1); EVP_MD_CTX_cleanup(&s->s3->finish_dgst2); - memset(s->s3,0,sizeof *s->s3); + OPENSSL_cleanse(s->s3,sizeof *s->s3); OPENSSL_free(s->s3); s->s3=NULL; } @@ -1341,16 +1455,19 @@ SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p) { CRYPTO_w_lock(CRYPTO_LOCK_SSL); - for (i=0; is3->rrec); sess=s->session; @@ -353,8 +355,11 @@ again: /* SSLerr() and ssl3_send_alert() have been called */ goto err; - /* otherwise enc_err == -1 */ - goto decryption_failed_or_bad_record_mac; + /* Otherwise enc_err == -1, which indicates bad padding + * (rec->length has not been changed in this case). + * To minimize information leaked via timing, we will perform + * the MAC computation anyway. */ + decryption_failed_or_bad_record_mac = 1; } #ifdef TLS_DEBUG @@ -380,28 +385,46 @@ printf("\n"); SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_PRE_MAC_LENGTH_TOO_LONG); goto f_err; #else - goto decryption_failed_or_bad_record_mac; + decryption_failed_or_bad_record_mac = 1; #endif } /* check the MAC for rr->input (it's in mac_size bytes at the tail) */ - if (rr->length < mac_size) + if (rr->length >= mac_size) { + rr->length -= mac_size; + mac = &rr->data[rr->length]; + } + else + { + /* record (minus padding) is too short to contain a MAC */ #if 0 /* OK only for stream ciphers */ al=SSL_AD_DECODE_ERROR; SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_LENGTH_TOO_SHORT); goto f_err; #else - goto decryption_failed_or_bad_record_mac; + decryption_failed_or_bad_record_mac = 1; + rr->length = 0; #endif } - rr->length-=mac_size; i=s->method->ssl3_enc->mac(s,md,0); - if (memcmp(md,&(rr->data[rr->length]),mac_size) != 0) + if (mac == NULL || memcmp(md, mac, mac_size) != 0) { - goto decryption_failed_or_bad_record_mac; + decryption_failed_or_bad_record_mac = 1; } } + if (decryption_failed_or_bad_record_mac) + { + /* A separate 'decryption_failed' alert was introduced with TLS 1.0, + * SSL 3.0 only has 'bad_record_mac'. But unless a decryption + * failure is directly visible from the ciphertext anyway, + * we should not reveal which kind of error occured -- this + * might become visible to an attacker (e.g. via a logfile) */ + al=SSL_AD_BAD_RECORD_MAC; + SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC); + goto f_err; + } + /* r->length is now just compressed */ if (s->expand != NULL) { @@ -443,14 +466,6 @@ printf("\n"); return(1); -decryption_failed_or_bad_record_mac: - /* Separate 'decryption_failed' alert was introduced with TLS 1.0, - * SSL 3.0 only has 'bad_record_mac'. But unless a decryption - * failure is directly visible from the ciphertext anyway, - * we should not reveal which kind of error occured -- this - * might become visible to an attacker (e.g. via logfile) */ - al=SSL_AD_BAD_RECORD_MAC; - SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC); f_err: ssl3_send_alert(s,SSL3_AL_FATAL,al); err: diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c index 20d716fb1b..58cf774967 100644 --- a/src/lib/libssl/s3_srvr.c +++ b/src/lib/libssl/s3_srvr.c @@ -152,11 +152,18 @@ SSL_METHOD *SSLv3_server_method(void) if (init) { - memcpy((char *)&SSLv3_server_data,(char *)sslv3_base_method(), - sizeof(SSL_METHOD)); - SSLv3_server_data.ssl_accept=ssl3_accept; - SSLv3_server_data.get_ssl_method=ssl3_get_server_method; - init=0; + CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD); + + if (init) + { + memcpy((char *)&SSLv3_server_data,(char *)sslv3_base_method(), + sizeof(SSL_METHOD)); + SSLv3_server_data.ssl_accept=ssl3_accept; + SSLv3_server_data.get_ssl_method=ssl3_get_server_method; + init=0; + } + + CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD); } return(&SSLv3_server_data); } @@ -1171,7 +1178,7 @@ static int ssl3_send_server_key_exchange(SSL *s) kn=0; } - if (!BUF_MEM_grow(buf,n+4+kn)) + if (!BUF_MEM_grow_clean(buf,n+4+kn)) { SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_BUF); goto err; @@ -1298,7 +1305,7 @@ static int ssl3_send_certificate_request(SSL *s) { name=sk_X509_NAME_value(sk,i); j=i2d_X509_NAME(name,NULL); - if (!BUF_MEM_grow(buf,4+n+j+2)) + if (!BUF_MEM_grow_clean(buf,4+n+j+2)) { SSLerr(SSL_F_SSL3_SEND_CERTIFICATE_REQUEST,ERR_R_BUF_LIB); goto err; @@ -1440,7 +1447,7 @@ static int ssl3_get_client_key_exchange(SSL *s) if (i != SSL_MAX_MASTER_KEY_LENGTH) { al=SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_DECRYPT); + /* SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_DECRYPT); */ } if ((al == -1) && !((p[0] == (s->client_version>>8)) && (p[1] == (s->client_version & 0xff)))) @@ -1456,37 +1463,35 @@ static int ssl3_get_client_key_exchange(SSL *s) (p[0] == (s->version>>8)) && (p[1] == (s->version & 0xff)))) { al=SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_PROTOCOL_VERSION_NUMBER); - goto f_err; + /* SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_PROTOCOL_VERSION_NUMBER); */ + + /* The Klima-Pokorny-Rosa extension of Bleichenbacher's attack + * (http://eprint.iacr.org/2003/052/) exploits the version + * number check as a "bad version oracle" -- an alert would + * reveal that the plaintext corresponding to some ciphertext + * made up by the adversary is properly formatted except + * that the version number is wrong. To avoid such attacks, + * we should treat this just like any other decryption error. */ } } if (al != -1) { -#if 0 - goto f_err; -#else /* Some decryption failure -- use random value instead as countermeasure * against Bleichenbacher's attack on PKCS #1 v1.5 RSA padding - * (see RFC 2246, section 7.4.7.1). - * But note that due to length and protocol version checking, the - * attack is impractical anyway (see section 5 in D. Bleichenbacher: - * "Chosen Ciphertext Attacks Against Protocols Based on the RSA - * Encryption Standard PKCS #1", CRYPTO '98, LNCS 1462, pp. 1-12). - */ + * (see RFC 2246, section 7.4.7.1). */ ERR_clear_error(); i = SSL_MAX_MASTER_KEY_LENGTH; p[0] = s->client_version >> 8; p[1] = s->client_version & 0xff; RAND_pseudo_bytes(p+2, i-2); /* should be RAND_bytes, but we cannot work around a failure */ -#endif } s->session->master_key_length= s->method->ssl3_enc->generate_master_secret(s, s->session->master_key, p,i); - memset(p,0,i); + OPENSSL_cleanse(p,i); } else #endif @@ -1549,7 +1554,7 @@ static int ssl3_get_client_key_exchange(SSL *s) s->session->master_key_length= s->method->ssl3_enc->generate_master_secret(s, s->session->master_key,p,i); - memset(p,0,i); + OPENSSL_cleanse(p,i); } else #endif @@ -1652,7 +1657,7 @@ static int ssl3_get_client_key_exchange(SSL *s) if (enc == NULL) goto err; - memset(iv, 0, EVP_MAX_IV_LENGTH); /* per RFC 1510 */ + memset(iv, 0, sizeof iv); /* per RFC 1510 */ if (!EVP_DecryptInit_ex(&ciph_ctx,enc,NULL,kssl_ctx->key,iv)) { @@ -1740,7 +1745,7 @@ static int ssl3_get_cert_verify(SSL *s) SSL3_ST_SR_CERT_VRFY_A, SSL3_ST_SR_CERT_VRFY_B, -1, - 512, /* 512? */ + 514, /* 514? */ &ok); if (!ok) return((int)n); diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h index e9d1e896d7..4ae8458259 100644 --- a/src/lib/libssl/ssl.h +++ b/src/lib/libssl/ssl.h @@ -204,6 +204,22 @@ extern "C" { /* VRS Additional Kerberos5 entries */ +#define SSL_TXT_KRB5_DES_64_CBC_SHA SSL3_TXT_KRB5_DES_64_CBC_SHA +#define SSL_TXT_KRB5_DES_192_CBC3_SHA SSL3_TXT_KRB5_DES_192_CBC3_SHA +#define SSL_TXT_KRB5_RC4_128_SHA SSL3_TXT_KRB5_RC4_128_SHA +#define SSL_TXT_KRB5_IDEA_128_CBC_SHA SSL3_TXT_KRB5_IDEA_128_CBC_SHA +#define SSL_TXT_KRB5_DES_64_CBC_MD5 SSL3_TXT_KRB5_DES_64_CBC_MD5 +#define SSL_TXT_KRB5_DES_192_CBC3_MD5 SSL3_TXT_KRB5_DES_192_CBC3_MD5 +#define SSL_TXT_KRB5_RC4_128_MD5 SSL3_TXT_KRB5_RC4_128_MD5 +#define SSL_TXT_KRB5_IDEA_128_CBC_MD5 SSL3_TXT_KRB5_IDEA_128_CBC_MD5 + +#define SSL_TXT_KRB5_DES_40_CBC_SHA SSL3_TXT_KRB5_DES_40_CBC_SHA +#define SSL_TXT_KRB5_RC2_40_CBC_SHA SSL3_TXT_KRB5_RC2_40_CBC_SHA +#define SSL_TXT_KRB5_RC4_40_SHA SSL3_TXT_KRB5_RC4_40_SHA +#define SSL_TXT_KRB5_DES_40_CBC_MD5 SSL3_TXT_KRB5_DES_40_CBC_MD5 +#define SSL_TXT_KRB5_RC2_40_CBC_MD5 SSL3_TXT_KRB5_RC2_40_CBC_MD5 +#define SSL_TXT_KRB5_RC4_40_MD5 SSL3_TXT_KRB5_RC4_40_MD5 + #define SSL_TXT_KRB5_DES_40_CBC_SHA SSL3_TXT_KRB5_DES_40_CBC_SHA #define SSL_TXT_KRB5_DES_40_CBC_MD5 SSL3_TXT_KRB5_DES_40_CBC_MD5 #define SSL_TXT_KRB5_DES_64_CBC_SHA SSL3_TXT_KRB5_DES_64_CBC_SHA @@ -299,9 +315,7 @@ extern "C" { #include #include #include -#include #include -#include #ifdef __cplusplus extern "C" { @@ -507,6 +521,8 @@ typedef struct ssl_session_st /* Never bother the application with retries if the transport * is blocking: */ #define SSL_MODE_AUTO_RETRY 0x00000004L +/* Don't attempt to automatically build certificate chain */ +#define SSL_MODE_NO_AUTO_CHAIN 0x00000008L /* Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value, @@ -704,10 +720,11 @@ struct ssl_ctx_st #define SSL_SESS_CACHE_SERVER 0x0002 #define SSL_SESS_CACHE_BOTH (SSL_SESS_CACHE_CLIENT|SSL_SESS_CACHE_SERVER) #define SSL_SESS_CACHE_NO_AUTO_CLEAR 0x0080 -/* This one, when set, makes the server session-id lookup not look - * in the cache. If there is an application get_session callback - * defined, this will still get called. */ +/* enough comments already ... see SSL_CTX_set_session_cache_mode(3) */ #define SSL_SESS_CACHE_NO_INTERNAL_LOOKUP 0x0100 +#define SSL_SESS_CACHE_NO_INTERNAL_STORE 0x0200 +#define SSL_SESS_CACHE_NO_INTERNAL \ + (SSL_SESS_CACHE_NO_INTERNAL_LOOKUP|SSL_SESS_CACHE_NO_INTERNAL_STORE) struct lhash_st *SSL_CTX_sessions(SSL_CTX *ctx); #define SSL_CTX_sess_number(ctx) \ @@ -1212,14 +1229,12 @@ int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file); /* PEM t STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file); int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs, const char *file); -#ifndef OPENSSL_SYS_WIN32 #ifndef OPENSSL_SYS_VMS #ifndef OPENSSL_SYS_MACINTOSH_CLASSIC /* XXXXX: Better scheme needed! [was: #ifndef MAC_OS_pre_X] */ int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs, const char *dir); #endif #endif -#endif #endif @@ -1688,6 +1703,7 @@ void ERR_load_SSL_strings(void); #define SSL_R_LENGTH_TOO_SHORT 160 #define SSL_R_LIBRARY_BUG 274 #define SSL_R_LIBRARY_HAS_NO_CIPHERS 161 +#define SSL_R_MASTER_KEY_TOO_LONG 1112 #define SSL_R_MESSAGE_TOO_LONG 1111 #define SSL_R_MISSING_DH_DSA_CERT 162 #define SSL_R_MISSING_DH_KEY 163 diff --git a/src/lib/libssl/ssl3.h b/src/lib/libssl/ssl3.h index 8fd6951d77..1153aeda74 100644 --- a/src/lib/libssl/ssl3.h +++ b/src/lib/libssl/ssl3.h @@ -156,23 +156,29 @@ extern "C" { #define SSL3_CK_FZA_DMS_NULL_SHA 0x0300001C #define SSL3_CK_FZA_DMS_FZA_SHA 0x0300001D +#if 0 /* Because it clashes with KRB5, is never used any more, and is safe + to remove according to David Hopwood + of the ietf-tls list */ #define SSL3_CK_FZA_DMS_RC4_SHA 0x0300001E +#endif /* VRS Additional Kerberos5 entries */ -#define SSL3_CK_KRB5_DES_40_CBC_SHA 0x03000021 -#define SSL3_CK_KRB5_DES_40_CBC_MD5 0x03000022 -#define SSL3_CK_KRB5_DES_64_CBC_SHA 0x03000023 -#define SSL3_CK_KRB5_DES_64_CBC_MD5 0x03000024 -#define SSL3_CK_KRB5_DES_192_CBC3_SHA 0x03000025 -#define SSL3_CK_KRB5_DES_192_CBC3_MD5 0x03000026 - -#define SSL3_TXT_KRB5_DES_40_CBC_SHA "EXP-KRB5-DES-CBC-SHA" -#define SSL3_TXT_KRB5_DES_40_CBC_MD5 "EXP-KRB5-DES-CBC-MD5" -#define SSL3_TXT_KRB5_DES_64_CBC_SHA "KRB5-DES-CBC-SHA" -#define SSL3_TXT_KRB5_DES_64_CBC_MD5 "KRB5-DES-CBC-MD5" -#define SSL3_TXT_KRB5_DES_192_CBC3_SHA "KRB5-DES-CBC3-SHA" -#define SSL3_TXT_KRB5_DES_192_CBC3_MD5 "KRB5-DES-CBC3-MD5" +#define SSL3_CK_KRB5_DES_64_CBC_SHA 0x0300001E +#define SSL3_CK_KRB5_DES_192_CBC3_SHA 0x0300001F +#define SSL3_CK_KRB5_RC4_128_SHA 0x03000020 +#define SSL3_CK_KRB5_IDEA_128_CBC_SHA 0x03000021 +#define SSL3_CK_KRB5_DES_64_CBC_MD5 0x03000022 +#define SSL3_CK_KRB5_DES_192_CBC3_MD5 0x03000023 +#define SSL3_CK_KRB5_RC4_128_MD5 0x03000024 +#define SSL3_CK_KRB5_IDEA_128_CBC_MD5 0x03000025 + +#define SSL3_CK_KRB5_DES_40_CBC_SHA 0x03000026 +#define SSL3_CK_KRB5_RC2_40_CBC_SHA 0x03000027 +#define SSL3_CK_KRB5_RC4_40_SHA 0x03000028 +#define SSL3_CK_KRB5_DES_40_CBC_MD5 0x03000029 +#define SSL3_CK_KRB5_RC2_40_CBC_MD5 0x0300002A +#define SSL3_CK_KRB5_RC4_40_MD5 0x0300002B #define SSL3_TXT_RSA_NULL_MD5 "NULL-MD5" #define SSL3_TXT_RSA_NULL_SHA "NULL-SHA" @@ -209,6 +215,22 @@ extern "C" { #define SSL3_TXT_FZA_DMS_FZA_SHA "FZA-FZA-CBC-SHA" #define SSL3_TXT_FZA_DMS_RC4_SHA "FZA-RC4-SHA" +#define SSL3_TXT_KRB5_DES_64_CBC_SHA "KRB5-DES-CBC-SHA" +#define SSL3_TXT_KRB5_DES_192_CBC3_SHA "KRB5-DES-CBC3-SHA" +#define SSL3_TXT_KRB5_RC4_128_SHA "KRB5-RC4-SHA" +#define SSL3_TXT_KRB5_IDEA_128_CBC_SHA "KRB5-IDEA-CBC-SHA" +#define SSL3_TXT_KRB5_DES_64_CBC_MD5 "KRB5-DES-CBC-MD5" +#define SSL3_TXT_KRB5_DES_192_CBC3_MD5 "KRB5-DES-CBC3-MD5" +#define SSL3_TXT_KRB5_RC4_128_MD5 "KRB5-RC4-MD5" +#define SSL3_TXT_KRB5_IDEA_128_CBC_MD5 "KRB5-IDEA-CBC-MD5" + +#define SSL3_TXT_KRB5_DES_40_CBC_SHA "EXP-KRB5-DES-CBC-SHA" +#define SSL3_TXT_KRB5_RC2_40_CBC_SHA "EXP-KRB5-RC2-CBC-SHA" +#define SSL3_TXT_KRB5_RC4_40_SHA "EXP-KRB5-RC4-SHA" +#define SSL3_TXT_KRB5_DES_40_CBC_MD5 "EXP-KRB5-DES-CBC-MD5" +#define SSL3_TXT_KRB5_RC2_40_CBC_MD5 "EXP-KRB5-RC2-CBC-MD5" +#define SSL3_TXT_KRB5_RC4_40_MD5 "EXP-KRB5-RC4-MD5" + #define SSL3_SSL_SESSION_ID_LENGTH 32 #define SSL3_MAX_SSL_SESSION_ID_LENGTH 32 diff --git a/src/lib/libssl/ssl_asn1.c b/src/lib/libssl/ssl_asn1.c index 3723fc2e37..16bc11b559 100644 --- a/src/lib/libssl/ssl_asn1.c +++ b/src/lib/libssl/ssl_asn1.c @@ -299,6 +299,7 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, unsigned char **pp, os.length = sizeof ret->session_id; ret->session_id_length=os.length; + OPENSSL_assert(os.length <= sizeof ret->session_id); memcpy(ret->session_id,os.data,os.length); M_ASN1_D2I_get(osp,d2i_ASN1_OCTET_STRING); @@ -370,9 +371,15 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, unsigned char **pp, if(os.data != NULL) { if (os.length > SSL_MAX_SID_CTX_LENGTH) + { + ret->sid_ctx_length=os.length; SSLerr(SSL_F_D2I_SSL_SESSION,SSL_R_BAD_LENGTH); - ret->sid_ctx_length=os.length; - memcpy(ret->sid_ctx,os.data,os.length); + } + else + { + ret->sid_ctx_length=os.length; + memcpy(ret->sid_ctx,os.data,os.length); + } OPENSSL_free(os.data); os.data=NULL; os.length=0; } else diff --git a/src/lib/libssl/ssl_cert.c b/src/lib/libssl/ssl_cert.c index 3d31bbf05f..da90078a37 100644 --- a/src/lib/libssl/ssl_cert.c +++ b/src/lib/libssl/ssl_cert.c @@ -781,7 +781,7 @@ err: #endif #endif -#else +#else /* OPENSSL_SYS_WIN32 */ int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, const char *dir) @@ -789,10 +789,30 @@ int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, WIN32_FIND_DATA FindFileData; HANDLE hFind; int ret = 0; +#ifdef OPENSSL_SYS_WINCE + WCHAR* wdir = NULL; +#endif CRYPTO_w_lock(CRYPTO_LOCK_READDIR); +#ifdef OPENSSL_SYS_WINCE + /* convert strings to UNICODE */ + { + BOOL result = FALSE; + int i; + wdir = malloc((strlen(dir)+1)*2); + if (wdir == NULL) + goto err_noclose; + for (i=0; i<(int)strlen(dir)+1; i++) + wdir[i] = (short)dir[i]; + } +#endif + +#ifdef OPENSSL_SYS_WINCE + hFind = FindFirstFile(wdir, &FindFileData); +#else hFind = FindFirstFile(dir, &FindFileData); +#endif /* Note that a side effect is that the CAs will be sorted by name */ if(hFind == INVALID_HANDLE_VALUE) { @@ -807,7 +827,11 @@ int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, char buf[1024]; int r; +#ifdef OPENSSL_SYS_WINCE + if(strlen(dir)+_tcslen(FindFileData.cFileName)+2 > sizeof buf) +#else if(strlen(dir)+strlen(FindFileData.cFileName)+2 > sizeof buf) +#endif { SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK,SSL_R_PATH_TOO_LONG); goto err; @@ -825,6 +849,10 @@ int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, err: FindClose(hFind); err_noclose: +#ifdef OPENSSL_SYS_WINCE + if (wdir != NULL) + free(wdir); +#endif CRYPTO_w_unlock(CRYPTO_LOCK_READDIR); return ret; } diff --git a/src/lib/libssl/ssl_ciph.c b/src/lib/libssl/ssl_ciph.c index 37f58886a6..888b667fa1 100644 --- a/src/lib/libssl/ssl_ciph.c +++ b/src/lib/libssl/ssl_ciph.c @@ -668,13 +668,14 @@ static int ssl_cipher_process_rulestr(const char *rule_str, * So additionally check whether the cipher name found * has the correct length. We can save a strlen() call: * just checking for the '\0' at the right place is - * sufficient, we have to strncmp() anyway. + * sufficient, we have to strncmp() anyway. (We cannot + * use strcmp(), because buf is not '\0' terminated.) */ j = found = 0; while (ca_list[j]) { - if ((ca_list[j]->name[buflen] == '\0') && - !strncmp(buf, ca_list[j]->name, buflen)) + if (!strncmp(buf, ca_list[j]->name, buflen) && + (ca_list[j]->name[buflen] == '\0')) { found = 1; break; @@ -751,7 +752,12 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, */ if (rule_str == NULL) return(NULL); - if (init_ciphers) load_ciphers(); + if (init_ciphers) + { + CRYPTO_w_lock(CRYPTO_LOCK_SSL); + if (init_ciphers) load_ciphers(); + CRYPTO_w_unlock(CRYPTO_LOCK_SSL); + } /* * To reduce the work to do we only want to process the compiled diff --git a/src/lib/libssl/ssl_err.c b/src/lib/libssl/ssl_err.c index 7067a745f3..d2cb181503 100644 --- a/src/lib/libssl/ssl_err.c +++ b/src/lib/libssl/ssl_err.c @@ -296,6 +296,7 @@ static ERR_STRING_DATA SSL_str_reasons[]= {SSL_R_LENGTH_TOO_SHORT ,"length too short"}, {SSL_R_LIBRARY_BUG ,"library bug"}, {SSL_R_LIBRARY_HAS_NO_CIPHERS ,"library has no ciphers"}, +{SSL_R_MASTER_KEY_TOO_LONG ,"master key too long"}, {SSL_R_MESSAGE_TOO_LONG ,"message too long"}, {SSL_R_MISSING_DH_DSA_CERT ,"missing dh dsa cert"}, {SSL_R_MISSING_DH_KEY ,"missing dh key"}, diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c index 4bc4ce5b3a..ddd8114587 100644 --- a/src/lib/libssl/ssl_lib.c +++ b/src/lib/libssl/ssl_lib.c @@ -121,6 +121,7 @@ #include #include #include +#include "cryptlib.h" const char *SSL_version_str=OPENSSL_VERSION_TEXT; @@ -273,6 +274,7 @@ SSL *SSL_new(SSL_CTX *ctx) s->verify_mode=ctx->verify_mode; s->verify_depth=ctx->verify_depth; s->sid_ctx_length=ctx->sid_ctx_length; + OPENSSL_assert(s->sid_ctx_length <= sizeof s->sid_ctx); memcpy(&s->sid_ctx,&ctx->sid_ctx,sizeof(s->sid_ctx)); s->verify_callback=ctx->default_verify_callback; s->generate_session_id=ctx->generate_session_id; @@ -314,7 +316,7 @@ err: int SSL_CTX_set_session_id_context(SSL_CTX *ctx,const unsigned char *sid_ctx, unsigned int sid_ctx_len) { - if(sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) + if(sid_ctx_len > sizeof ctx->sid_ctx) { SSLerr(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT,SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG); return 0; @@ -364,6 +366,10 @@ int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id, * any new session built out of this id/id_len and the ssl_version in * use by this SSL. */ SSL_SESSION r, *p; + + if(id_len > sizeof r.session_id) + return 0; + r.ssl_version = ssl->version; r.session_id_length = id_len; memcpy(r.session_id, id, id_len); @@ -1063,14 +1069,17 @@ int ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap, * preference */ STACK_OF(SSL_CIPHER) *SSL_get_ciphers(SSL *s) { - if ((s != NULL) && (s->cipher_list != NULL)) - { - return(s->cipher_list); - } - else if ((s->ctx != NULL) && - (s->ctx->cipher_list != NULL)) + if (s != NULL) { - return(s->ctx->cipher_list); + if (s->cipher_list != NULL) + { + return(s->cipher_list); + } + else if ((s->ctx != NULL) && + (s->ctx->cipher_list != NULL)) + { + return(s->ctx->cipher_list); + } } return(NULL); } @@ -1079,14 +1088,17 @@ STACK_OF(SSL_CIPHER) *SSL_get_ciphers(SSL *s) * algorithm id */ STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s) { - if ((s != NULL) && (s->cipher_list_by_id != NULL)) - { - return(s->cipher_list_by_id); - } - else if ((s != NULL) && (s->ctx != NULL) && - (s->ctx->cipher_list_by_id != NULL)) + if (s != NULL) { - return(s->ctx->cipher_list_by_id); + if (s->cipher_list_by_id != NULL) + { + return(s->cipher_list_by_id); + } + else if ((s->ctx != NULL) && + (s->ctx->cipher_list_by_id != NULL)) + { + return(s->ctx->cipher_list_by_id); + } } return(NULL); } @@ -1652,7 +1664,7 @@ void ssl_update_cache(SSL *s,int mode) i=s->ctx->session_cache_mode; if ((i & mode) && (!s->hit) - && ((i & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP) + && ((i & SSL_SESS_CACHE_NO_INTERNAL_STORE) || SSL_CTX_add_session(s->ctx,s->session)) && (s->ctx->new_session_cb != NULL)) { @@ -1884,6 +1896,7 @@ SSL *SSL_dup(SSL *s) * they should not both point to the same object, * and thus we can't use SSL_copy_session_id. */ + ret->method->ssl_free(ret); ret->method = s->method; ret->method->ssl_new(ret); diff --git a/src/lib/libssl/ssl_sess.c b/src/lib/libssl/ssl_sess.c index ca1a7427be..fbc30b94e6 100644 --- a/src/lib/libssl/ssl_sess.c +++ b/src/lib/libssl/ssl_sess.c @@ -309,9 +309,12 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len) if (copy) CRYPTO_add(&ret->references,1,CRYPTO_LOCK_SSL_SESSION); - /* The following should not return 1, otherwise, - * things are very strange */ - SSL_CTX_add_session(s->ctx,ret); + /* Add the externally cached session to the internal + * cache as well if and only if we are supposed to. */ + if(!(s->ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_STORE)) + /* The following should not return 1, otherwise, + * things are very strange */ + SSL_CTX_add_session(s->ctx,ret); } if (ret == NULL) goto err; @@ -525,13 +528,13 @@ void SSL_SESSION_free(SSL_SESSION *ss) CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data); - memset(ss->key_arg,0,SSL_MAX_KEY_ARG_LENGTH); - memset(ss->master_key,0,SSL_MAX_MASTER_KEY_LENGTH); - memset(ss->session_id,0,SSL_MAX_SSL_SESSION_ID_LENGTH); + OPENSSL_cleanse(ss->key_arg,sizeof ss->key_arg); + OPENSSL_cleanse(ss->master_key,sizeof ss->master_key); + OPENSSL_cleanse(ss->session_id,sizeof ss->session_id); if (ss->sess_cert != NULL) ssl_sess_cert_free(ss->sess_cert); if (ss->peer != NULL) X509_free(ss->peer); if (ss->ciphers != NULL) sk_SSL_CIPHER_free(ss->ciphers); - memset(ss,0,sizeof(*ss)); + OPENSSL_cleanse(ss,sizeof(*ss)); OPENSSL_free(ss); } diff --git a/src/lib/libssl/t1_clnt.c b/src/lib/libssl/t1_clnt.c index 9ad518f9f4..57205fb429 100644 --- a/src/lib/libssl/t1_clnt.c +++ b/src/lib/libssl/t1_clnt.c @@ -79,11 +79,18 @@ SSL_METHOD *TLSv1_client_method(void) if (init) { - memcpy((char *)&TLSv1_client_data,(char *)tlsv1_base_method(), - sizeof(SSL_METHOD)); - TLSv1_client_data.ssl_connect=ssl3_connect; - TLSv1_client_data.get_ssl_method=tls1_get_client_method; - init=0; + CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD); + + if (init) + { + memcpy((char *)&TLSv1_client_data,(char *)tlsv1_base_method(), + sizeof(SSL_METHOD)); + TLSv1_client_data.ssl_connect=ssl3_connect; + TLSv1_client_data.get_ssl_method=tls1_get_client_method; + init=0; + } + + CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD); } return(&TLSv1_client_data); } diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c index 5290bf6665..271e247eea 100644 --- a/src/lib/libssl/t1_enc.c +++ b/src/lib/libssl/t1_enc.c @@ -124,7 +124,7 @@ static void tls1_P_hash(const EVP_MD *md, const unsigned char *sec, unsigned int j; HMAC_CTX ctx; HMAC_CTX ctx_tmp; - unsigned char A1[HMAC_MAX_MD_CBLOCK]; + unsigned char A1[EVP_MAX_MD_SIZE]; unsigned int A1_len; chunk=EVP_MD_size(md); @@ -161,7 +161,7 @@ static void tls1_P_hash(const EVP_MD *md, const unsigned char *sec, } HMAC_CTX_cleanup(&ctx); HMAC_CTX_cleanup(&ctx_tmp); - memset(A1,0,sizeof(A1)); + OPENSSL_cleanse(A1,sizeof(A1)); } static void tls1_PRF(const EVP_MD *md5, const EVP_MD *sha1, @@ -418,10 +418,10 @@ printf("\niv="); printf("\n"); #endif - memset(tmp1,0,sizeof(tmp1)); - memset(tmp2,0,sizeof(tmp1)); - memset(iv1,0,sizeof(iv1)); - memset(iv2,0,sizeof(iv2)); + OPENSSL_cleanse(tmp1,sizeof(tmp1)); + OPENSSL_cleanse(tmp2,sizeof(tmp1)); + OPENSSL_cleanse(iv1,sizeof(iv1)); + OPENSSL_cleanse(iv2,sizeof(iv2)); return(1); err: SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,ERR_R_MALLOC_FAILURE); @@ -476,7 +476,7 @@ printf("pre-master\n"); { int z; for (z=0; zsession->master_key_length; z++) printf("%02X%c",s->session->master_key[z],((z+1)%16)?' ':'\n'); } #endif tls1_generate_key_block(s,p1,p2,num); - memset(p2,0,num); + OPENSSL_cleanse(p2,num); OPENSSL_free(p2); #ifdef TLS_DEBUG printf("\nkey block\n"); @@ -683,10 +683,10 @@ int tls1_final_finish_mac(SSL *s, EVP_MD_CTX *in1_ctx, EVP_MD_CTX *in2_ctx, tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,(int)(q-buf), s->session->master_key,s->session->master_key_length, - out,buf2,12); + out,buf2,sizeof buf2); EVP_MD_CTX_cleanup(&ctx); - return((int)12); + return sizeof buf2; } int tls1_mac(SSL *ssl, unsigned char *md, int send) @@ -773,7 +773,7 @@ int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, s->s3->server_random,SSL3_RANDOM_SIZE); tls1_PRF(s->ctx->md5,s->ctx->sha1, buf,TLS_MD_MASTER_SECRET_CONST_SIZE+SSL3_RANDOM_SIZE*2,p,len, - s->session->master_key,buff,SSL3_MASTER_SECRET_SIZE); + s->session->master_key,buff,sizeof buff); #ifdef KSSL_DEBUG printf ("tls1_generate_master_secret() complete\n"); #endif /* KSSL_DEBUG */ diff --git a/src/lib/libssl/t1_meth.c b/src/lib/libssl/t1_meth.c index 9bb36a7d1c..fcc243f782 100644 --- a/src/lib/libssl/t1_meth.c +++ b/src/lib/libssl/t1_meth.c @@ -76,13 +76,21 @@ SSL_METHOD *TLSv1_method(void) if (init) { - memcpy((char *)&TLSv1_data,(char *)tlsv1_base_method(), - sizeof(SSL_METHOD)); - TLSv1_data.ssl_connect=ssl3_connect; - TLSv1_data.ssl_accept=ssl3_accept; - TLSv1_data.get_ssl_method=tls1_get_method; - init=0; + CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD); + + if (init) + { + memcpy((char *)&TLSv1_data,(char *)tlsv1_base_method(), + sizeof(SSL_METHOD)); + TLSv1_data.ssl_connect=ssl3_connect; + TLSv1_data.ssl_accept=ssl3_accept; + TLSv1_data.get_ssl_method=tls1_get_method; + init=0; + } + + CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD); } + return(&TLSv1_data); } diff --git a/src/lib/libssl/t1_srvr.c b/src/lib/libssl/t1_srvr.c index 6e765e587f..1c1149e49f 100644 --- a/src/lib/libssl/t1_srvr.c +++ b/src/lib/libssl/t1_srvr.c @@ -80,11 +80,18 @@ SSL_METHOD *TLSv1_server_method(void) if (init) { - memcpy((char *)&TLSv1_server_data,(char *)tlsv1_base_method(), - sizeof(SSL_METHOD)); - TLSv1_server_data.ssl_accept=ssl3_accept; - TLSv1_server_data.get_ssl_method=tls1_get_server_method; - init=0; + CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD); + + if (init) + { + memcpy((char *)&TLSv1_server_data,(char *)tlsv1_base_method(), + sizeof(SSL_METHOD)); + TLSv1_server_data.ssl_accept=ssl3_accept; + TLSv1_server_data.get_ssl_method=tls1_get_server_method; + init=0; + } + + CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD); } return(&TLSv1_server_data); } diff --git a/src/lib/libssl/test/methtest.c b/src/lib/libssl/test/methtest.c index 06ccb3b310..005c2f4822 100644 --- a/src/lib/libssl/test/methtest.c +++ b/src/lib/libssl/test/methtest.c @@ -96,10 +96,10 @@ char *argv[]; METH_init(top); METH_control(tmp1,METH_CONTROL_DUMP,stdout); METH_control(tmp2,METH_CONTROL_DUMP,stdout); - exit(0); + EXIT(0); err: ERR_load_crypto_strings(); ERR_print_errors_fp(stderr); - exit(1); + EXIT(1); return(0); } diff --git a/src/lib/libssl/test/testgen b/src/lib/libssl/test/testgen index 55c496f4bc..3798543e04 100644 --- a/src/lib/libssl/test/testgen +++ b/src/lib/libssl/test/testgen @@ -27,6 +27,8 @@ fi echo "This could take some time." +rm -f testkey.pem testreq.pem + ../apps/openssl req -config test.cnf $req_new -out testreq.pem if [ $? != 0 ]; then echo problems creating request diff --git a/src/lib/libssl/test/testssl b/src/lib/libssl/test/testssl index ba5e41c861..ca8e718022 100644 --- a/src/lib/libssl/test/testssl +++ b/src/lib/libssl/test/testssl @@ -121,8 +121,12 @@ $ssltest -bio_pair -server_auth -client_auth -app_verify $CA $extra || exit 1 ############################################################################# -echo test tls1 with 1024bit anonymous DH, multiple handshakes -$ssltest -v -bio_pair -tls1 -cipher ADH -dhe1024dsa -num 10 -f -time $extra || exit 1 +if ../apps/openssl no-dh; then + echo skipping anonymous DH tests +else + echo test tls1 with 1024bit anonymous DH, multiple handshakes + $ssltest -v -bio_pair -tls1 -cipher ADH -dhe1024dsa -num 10 -f -time $extra || exit 1 +fi if ../apps/openssl no-rsa; then echo skipping RSA tests @@ -130,8 +134,12 @@ else echo test tls1 with 1024bit RSA, no DHE, multiple handshakes ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -no_dhe -num 10 -f -time $extra || exit 1 - echo test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes - ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -dhe1024dsa -num 10 -f -time $extra || exit 1 + if ../apps/openssl no-dh; then + echo skipping RSA+DHE tests + else + echo test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes + ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -dhe1024dsa -num 10 -f -time $extra || exit 1 + fi fi exit 0 -- cgit v1.2.3-55-g6feb