summaryrefslogtreecommitdiff
path: root/app/openssl/ssl
diff options
context:
space:
mode:
authorParménides GV <parmegv@sdf.org>2014-09-26 09:46:26 +0200
committerParménides GV <parmegv@sdf.org>2014-09-26 09:46:26 +0200
commit394451dbae3e71282611058e00b5fd16c865f147 (patch)
tree17b71034d9350a2848603f5edf0a8b13025909be /app/openssl/ssl
parent644fd02cf8da95b0b5a99fb9f2142628dd27f7c2 (diff)
Revert "Updated native subprojects from ics-openvpn."
This reverts commit d0e7ba3029b2fd42582413aa95773fe7dbdede90. I'll postpone this work for the next cycle, it's not trivial because it doesn't link properly.
Diffstat (limited to 'app/openssl/ssl')
-rw-r--r--app/openssl/ssl/bio_ssl.c8
-rw-r--r--app/openssl/ssl/d1_both.c15
-rw-r--r--app/openssl/ssl/d1_lib.c9
-rw-r--r--app/openssl/ssl/d1_pkt.c19
-rw-r--r--app/openssl/ssl/d1_srvr.c1
-rw-r--r--app/openssl/ssl/s3_both.c2
-rw-r--r--app/openssl/ssl/s3_clnt.c70
-rw-r--r--app/openssl/ssl/s3_enc.c2
-rw-r--r--app/openssl/ssl/s3_lib.c31
-rw-r--r--app/openssl/ssl/s3_pkt.c42
-rw-r--r--app/openssl/ssl/s3_srvr.c65
-rw-r--r--app/openssl/ssl/ssl.h37
-rw-r--r--app/openssl/ssl/ssl3.h10
-rw-r--r--app/openssl/ssl/ssl_asn1.c29
-rw-r--r--app/openssl/ssl/ssl_err.c3
-rw-r--r--app/openssl/ssl/ssl_lib.c39
-rw-r--r--app/openssl/ssl/ssl_locl.h3
-rw-r--r--app/openssl/ssl/ssl_sess.c11
-rw-r--r--app/openssl/ssl/t1_enc.c99
-rw-r--r--app/openssl/ssl/t1_lib.c105
-rw-r--r--app/openssl/ssl/tls1.h15
21 files changed, 171 insertions, 444 deletions
diff --git a/app/openssl/ssl/bio_ssl.c b/app/openssl/ssl/bio_ssl.c
index 06a13de4..e9552cae 100644
--- a/app/openssl/ssl/bio_ssl.c
+++ b/app/openssl/ssl/bio_ssl.c
@@ -206,10 +206,6 @@ static int ssl_read(BIO *b, char *out, int outl)
BIO_set_retry_special(b);
retry_reason=BIO_RR_SSL_X509_LOOKUP;
break;
- case SSL_ERROR_WANT_CHANNEL_ID_LOOKUP:
- BIO_set_retry_special(b);
- retry_reason=BIO_RR_SSL_CHANNEL_ID_LOOKUP;
- break;
case SSL_ERROR_WANT_ACCEPT:
BIO_set_retry_special(b);
retry_reason=BIO_RR_ACCEPT;
@@ -284,10 +280,6 @@ static int ssl_write(BIO *b, const char *out, int outl)
BIO_set_retry_special(b);
retry_reason=BIO_RR_SSL_X509_LOOKUP;
break;
- case SSL_ERROR_WANT_CHANNEL_ID_LOOKUP:
- BIO_set_retry_special(b);
- retry_reason=BIO_RR_SSL_CHANNEL_ID_LOOKUP;
- break;
case SSL_ERROR_WANT_CONNECT:
BIO_set_retry_special(b);
retry_reason=BIO_RR_CONNECT;
diff --git a/app/openssl/ssl/d1_both.c b/app/openssl/ssl/d1_both.c
index 04aa2310..2e8cf681 100644
--- a/app/openssl/ssl/d1_both.c
+++ b/app/openssl/ssl/d1_both.c
@@ -627,16 +627,7 @@ dtls1_reassemble_fragment(SSL *s, struct hm_header_st* msg_hdr, int *ok)
frag->msg_header.frag_off = 0;
}
else
- {
frag = (hm_fragment*) item->data;
- if (frag->msg_header.msg_len != msg_hdr->msg_len)
- {
- item = NULL;
- frag = NULL;
- goto err;
- }
- }
-
/* If message is already reassembled, this must be a
* retransmit and can be dropped.
@@ -683,8 +674,8 @@ dtls1_reassemble_fragment(SSL *s, struct hm_header_st* msg_hdr, int *ok)
item = pitem_new(seq64be, frag);
if (item == NULL)
{
- i = -1;
goto err;
+ i = -1;
}
pqueue_insert(s->d1->buffered_messages, item);
@@ -793,7 +784,6 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
int i,al;
struct hm_header_st msg_hdr;
- redo:
/* see if we have the required fragment already */
if ((frag_len = dtls1_retrieve_buffered_fragment(s,max,ok)) || *ok)
{
@@ -852,7 +842,8 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
s->msg_callback_arg);
s->init_num = 0;
- goto redo;
+ return dtls1_get_message_fragment(s, st1, stn,
+ max, ok);
}
else /* Incorrectly formated Hello request */
{
diff --git a/app/openssl/ssl/d1_lib.c b/app/openssl/ssl/d1_lib.c
index 6bde16fa..106939f2 100644
--- a/app/openssl/ssl/d1_lib.c
+++ b/app/openssl/ssl/d1_lib.c
@@ -176,12 +176,9 @@ static void dtls1_clear_queues(SSL *s)
while ( (item = pqueue_pop(s->d1->buffered_app_data.q)) != NULL)
{
- rdata = (DTLS1_RECORD_DATA *) item->data;
- if (rdata->rbuf.buf)
- {
- OPENSSL_free(rdata->rbuf.buf);
- }
- OPENSSL_free(item->data);
+ frag = (hm_fragment *)item->data;
+ OPENSSL_free(frag->fragment);
+ OPENSSL_free(frag);
pitem_free(item);
}
}
diff --git a/app/openssl/ssl/d1_pkt.c b/app/openssl/ssl/d1_pkt.c
index 363fc8c8..5b84e97c 100644
--- a/app/openssl/ssl/d1_pkt.c
+++ b/app/openssl/ssl/d1_pkt.c
@@ -241,28 +241,27 @@ dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority)
}
#endif
- s->packet = NULL;
- s->packet_length = 0;
- memset(&(s->s3->rbuf), 0, sizeof(SSL3_BUFFER));
- memset(&(s->s3->rrec), 0, sizeof(SSL3_RECORD));
-
- if (!ssl3_setup_buffers(s))
+ /* insert should not fail, since duplicates are dropped */
+ if (pqueue_insert(queue->q, item) == NULL)
{
- SSLerr(SSL_F_DTLS1_BUFFER_RECORD, ERR_R_INTERNAL_ERROR);
OPENSSL_free(rdata);
pitem_free(item);
return(0);
}
- /* insert should not fail, since duplicates are dropped */
- if (pqueue_insert(queue->q, item) == NULL)
+ s->packet = NULL;
+ s->packet_length = 0;
+ memset(&(s->s3->rbuf), 0, sizeof(SSL3_BUFFER));
+ memset(&(s->s3->rrec), 0, sizeof(SSL3_RECORD));
+
+ if (!ssl3_setup_buffers(s))
{
SSLerr(SSL_F_DTLS1_BUFFER_RECORD, ERR_R_INTERNAL_ERROR);
OPENSSL_free(rdata);
pitem_free(item);
return(0);
}
-
+
return(1);
}
diff --git a/app/openssl/ssl/d1_srvr.c b/app/openssl/ssl/d1_srvr.c
index c181db6d..09f47627 100644
--- a/app/openssl/ssl/d1_srvr.c
+++ b/app/openssl/ssl/d1_srvr.c
@@ -1356,7 +1356,6 @@ int dtls1_send_server_key_exchange(SSL *s)
(unsigned char *)encodedPoint,
encodedlen);
OPENSSL_free(encodedPoint);
- encodedPoint = NULL;
p += encodedlen;
}
#endif
diff --git a/app/openssl/ssl/s3_both.c b/app/openssl/ssl/s3_both.c
index 607990d0..d9e18a31 100644
--- a/app/openssl/ssl/s3_both.c
+++ b/app/openssl/ssl/s3_both.c
@@ -561,7 +561,7 @@ long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
#endif
/* Feed this message into MAC computation. */
- if (*((unsigned char*) s->init_buf->data) != SSL3_MT_ENCRYPTED_EXTENSIONS)
+ if (*(unsigned char*)s->init_buf->data != SSL3_MT_ENCRYPTED_EXTENSIONS)
ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, s->init_num + 4);
if (s->msg_callback)
s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->init_buf->data, (size_t)s->init_num + 4, s, s->msg_callback_arg);
diff --git a/app/openssl/ssl/s3_clnt.c b/app/openssl/ssl/s3_clnt.c
index 486f538b..5e15b75c 100644
--- a/app/openssl/ssl/s3_clnt.c
+++ b/app/openssl/ssl/s3_clnt.c
@@ -215,12 +215,24 @@ int ssl3_connect(SSL *s)
}
#endif
+// BEGIN android-added
+#if 0
+/* Send app data in separate packet, otherwise, some particular site
+ * (only one site so far) closes the socket. http://b/2511073
+ * Note: there is a very small chance that two TCP packets
+ * could be arriving at server combined into a single TCP packet,
+ * then trigger that site to break. We haven't encounter that though.
+ */
+// END android-added
if (SSL_get_mode(s) & SSL_MODE_HANDSHAKE_CUTTHROUGH)
{
/* Send app data along with CCS/Finished */
s->s3->flags |= SSL3_FLAGS_DELAY_CLIENT_FINISHED;
}
+// BEGIN android-added
+#endif
+// END android-added
for (;;)
{
state=s->state;
@@ -546,20 +558,7 @@ int ssl3_connect(SSL *s)
}
else
{
- /* This is a non-resumption handshake. If it
- * involves ChannelID, then record the
- * handshake hashes at this point in the
- * session so that any resumption of this
- * session with ChannelID can sign those
- * hashes. */
- if (s->s3->tlsext_channel_id_new)
- {
- ret = tls1_record_handshake_hashes_for_channel_id(s);
- if (ret <= 0)
- goto end;
- }
- if ((SSL_get_mode(s) & SSL_MODE_HANDSHAKE_CUTTHROUGH)
- && ssl3_can_cutthrough(s)
+ if ((SSL_get_mode(s) & SSL_MODE_HANDSHAKE_CUTTHROUGH) && SSL_get_cipher_bits(s, NULL) >= 128
&& s->s3->previous_server_finished_len == 0 /* no cutthrough on renegotiation (would complicate the state machine) */
)
{
@@ -608,7 +607,6 @@ int ssl3_connect(SSL *s)
case SSL3_ST_CR_FINISHED_A:
case SSL3_ST_CR_FINISHED_B:
-
s->s3->flags |= SSL3_FLAGS_CCS_OK;
ret=ssl3_get_finished(s,SSL3_ST_CR_FINISHED_A,
SSL3_ST_CR_FINISHED_B);
@@ -2304,7 +2302,7 @@ int ssl3_get_server_done(SSL *s)
int ssl3_send_client_key_exchange(SSL *s)
{
unsigned char *p,*d;
- int n = 0;
+ int n;
unsigned long alg_k;
unsigned long alg_a;
#ifndef OPENSSL_NO_RSA
@@ -2690,13 +2688,6 @@ int ssl3_send_client_key_exchange(SSL *s)
unsigned int i;
#endif
- if (s->session->sess_cert == NULL)
- {
- ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE);
- SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE);
- goto err;
- }
-
/* Did we send out the client's
* ECDH share for use in premaster
* computation as part of client certificate?
@@ -3036,7 +3027,7 @@ int ssl3_send_client_key_exchange(SSL *s)
}
}
#endif
- else if (!(alg_k & SSL_kPSK) || ((alg_k & SSL_kPSK) && !(alg_a & SSL_aPSK)))
+ else if (!(alg_k & SSL_kPSK))
{
ssl3_send_alert(s, SSL3_AL_FATAL,
SSL_AD_HANDSHAKE_FAILURE);
@@ -3500,29 +3491,10 @@ int ssl3_send_channel_id(SSL *s)
if (s->state != SSL3_ST_CW_CHANNEL_ID_A)
return ssl3_do_write(s, SSL3_RT_HANDSHAKE);
- if (!s->tlsext_channel_id_private && s->ctx->channel_id_cb)
- {
- EVP_PKEY *key = NULL;
- s->ctx->channel_id_cb(s, &key);
- if (key != NULL)
- {
- s->tlsext_channel_id_private = key;
- }
- }
- if (!s->tlsext_channel_id_private)
- {
- s->rwstate=SSL_CHANNEL_ID_LOOKUP;
- return (-1);
- }
- s->rwstate=SSL_NOTHING;
-
d = (unsigned char *)s->init_buf->data;
*(d++)=SSL3_MT_ENCRYPTED_EXTENSIONS;
l2n3(2 + 2 + TLSEXT_CHANNEL_ID_SIZE, d);
- if (s->s3->tlsext_channel_id_new)
- s2n(TLSEXT_TYPE_channel_id_new, d);
- else
- s2n(TLSEXT_TYPE_channel_id, d);
+ s2n(TLSEXT_TYPE_channel_id, d);
s2n(TLSEXT_CHANNEL_ID_SIZE, d);
EVP_MD_CTX_init(&md_ctx);
@@ -3533,9 +3505,9 @@ int ssl3_send_channel_id(SSL *s)
SSLerr(SSL_F_SSL3_SEND_CHANNEL_ID,SSL_R_CANNOT_SERIALIZE_PUBLIC_KEY);
goto err;
}
- /* i2d_PublicKey will produce an ANSI X9.62 public key which, for a
- * P-256 key, is 0x04 (meaning uncompressed) followed by the x and y
- * field elements as 32-byte, big-endian numbers. */
+ // i2d_PublicKey will produce an ANSI X9.62 public key which, for a
+ // P-256 key, is 0x04 (meaning uncompressed) followed by the x and y
+ // field elements as 32-byte, big-endian numbers.
if (public_key_len != 65)
{
SSLerr(SSL_F_SSL3_SEND_CHANNEL_ID,SSL_R_CHANNEL_ID_NOT_P256);
@@ -3581,14 +3553,14 @@ int ssl3_send_channel_id(SSL *s)
}
derp = der_sig;
- sig = d2i_ECDSA_SIG(NULL, (const unsigned char**) &derp, sig_len);
+ sig = d2i_ECDSA_SIG(NULL, (const unsigned char**)&derp, sig_len);
if (sig == NULL)
{
SSLerr(SSL_F_SSL3_SEND_CHANNEL_ID,SSL_R_D2I_ECDSA_SIG);
goto err;
}
- /* The first byte of public_key will be 0x4, denoting an uncompressed key. */
+ // The first byte of public_key will be 0x4, denoting an uncompressed key.
memcpy(d, public_key + 1, 64);
d += 64;
memset(d, 0, 2 * 32);
diff --git a/app/openssl/ssl/s3_enc.c b/app/openssl/ssl/s3_enc.c
index 53b94b7c..90fbb180 100644
--- a/app/openssl/ssl/s3_enc.c
+++ b/app/openssl/ssl/s3_enc.c
@@ -728,7 +728,7 @@ int n_ssl3_mac(SSL *ssl, unsigned char *md, int send)
}
t=EVP_MD_CTX_size(hash);
- if (t < 0 || t > 20)
+ if (t < 0)
return -1;
md_size=t;
npad=(48/md_size)*md_size;
diff --git a/app/openssl/ssl/s3_lib.c b/app/openssl/ssl/s3_lib.c
index 896d1e19..f84da7f5 100644
--- a/app/openssl/ssl/s3_lib.c
+++ b/app/openssl/ssl/s3_lib.c
@@ -2828,34 +2828,35 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
#ifndef OPENSSL_NO_PSK
/* ECDH PSK ciphersuites from RFC 5489 */
- /* Cipher C035 */
+
+ /* Cipher C037 */
{
1,
- TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA,
- TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA,
+ TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
+ TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
SSL_kEECDH,
SSL_aPSK,
SSL_AES128,
- SSL_SHA1,
+ SSL_SHA256,
SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+ SSL_NOT_EXP|SSL_HIGH,
+ SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF_SHA256,
128,
128,
},
- /* Cipher C036 */
+ /* Cipher C038 */
{
1,
- TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA,
- TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA,
+ TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
+ TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
SSL_kEECDH,
SSL_aPSK,
SSL_AES256,
- SSL_SHA1,
+ SSL_SHA384,
SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+ SSL_NOT_EXP|SSL_HIGH,
+ SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF_SHA384,
256,
256,
},
@@ -3411,6 +3412,8 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
break;
#endif
case SSL_CTRL_CHANNEL_ID:
+ if (!s->server)
+ break;
s->tlsext_channel_id_enabled = 1;
ret = 1;
break;
@@ -3426,7 +3429,7 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
}
if (s->tlsext_channel_id_private)
EVP_PKEY_free(s->tlsext_channel_id_private);
- s->tlsext_channel_id_private = EVP_PKEY_dup((EVP_PKEY*) parg);
+ s->tlsext_channel_id_private = (EVP_PKEY*) parg;
ret = 1;
break;
@@ -3741,7 +3744,7 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
}
if (ctx->tlsext_channel_id_private)
EVP_PKEY_free(ctx->tlsext_channel_id_private);
- ctx->tlsext_channel_id_private = EVP_PKEY_dup((EVP_PKEY*) parg);
+ ctx->tlsext_channel_id_private = (EVP_PKEY*) parg;
break;
default:
diff --git a/app/openssl/ssl/s3_pkt.c b/app/openssl/ssl/s3_pkt.c
index 60c4f1a4..75997ac2 100644
--- a/app/openssl/ssl/s3_pkt.c
+++ b/app/openssl/ssl/s3_pkt.c
@@ -110,7 +110,6 @@
*/
#include <stdio.h>
-#include <limits.h>
#include <errno.h>
#define USE_SOCKETS
#include "ssl_locl.h"
@@ -581,11 +580,10 @@ int ssl3_do_compress(SSL *ssl)
int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len)
{
const unsigned char *buf=buf_;
- unsigned int n,nw;
- int i,tot;
+ unsigned int tot,n,nw;
+ int i;
s->rwstate=SSL_NOTHING;
- OPENSSL_assert(s->s3->wnum <= INT_MAX);
tot=s->s3->wnum;
s->s3->wnum=0;
@@ -600,22 +598,6 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len)
}
}
- /* ensure that if we end up with a smaller value of data to write
- * out than the the original len from a write which didn't complete
- * for non-blocking I/O and also somehow ended up avoiding
- * the check for this in ssl3_write_pending/SSL_R_BAD_WRITE_RETRY as
- * it must never be possible to end up with (len-tot) as a large
- * number that will then promptly send beyond the end of the users
- * buffer ... so we trap and report the error in a way the user
- * will notice
- */
- if (len < tot)
- {
- SSLerr(SSL_F_SSL3_WRITE_BYTES,SSL_R_BAD_LENGTH);
- return(-1);
- }
-
-
n=(len-tot);
for (;;)
{
@@ -686,6 +668,9 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
SSL3_BUFFER *wb=&(s->s3->wbuf);
SSL_SESSION *sess;
+ if (wb->buf == NULL)
+ if (!ssl3_setup_write_buffer(s))
+ return -1;
/* first check if there is a SSL3_BUFFER still being written
* out. This will happen with non blocking IO */
@@ -701,10 +686,6 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
/* if it went, fall through and send more stuff */
}
- if (wb->buf == NULL)
- if (!ssl3_setup_write_buffer(s))
- return -1;
-
if (len == 0)
return 0;
@@ -1086,7 +1067,7 @@ start:
{
s->rstate=SSL_ST_READ_HEADER;
rr->off=0;
- if (s->mode & SSL_MODE_RELEASE_BUFFERS && s->s3->rbuf.left == 0)
+ if (s->mode & SSL_MODE_RELEASE_BUFFERS)
ssl3_release_read_buffer(s);
}
}
@@ -1331,12 +1312,10 @@ start:
if (!(s->s3->flags & SSL3_FLAGS_CCS_OK))
{
al=SSL_AD_UNEXPECTED_MESSAGE;
- SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_CCS_RECEIVED_EARLY);
+ SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_UNEXPECTED_CCS);
goto f_err;
}
- s->s3->flags &= ~SSL3_FLAGS_CCS_OK;
-
rr->length=0;
if (s->msg_callback)
@@ -1471,7 +1450,12 @@ int ssl3_do_change_cipher_spec(SSL *s)
if (s->s3->tmp.key_block == NULL)
{
- if (s->session == NULL || s->session->master_key_length == 0)
+ if (s->session->master_key_length == 0)
+ {
+ SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC,SSL_R_UNEXPECTED_CCS);
+ return (0);
+ }
+ if (s->session == NULL)
{
/* might happen if dtls1_read_bytes() calls this */
SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC,SSL_R_CCS_RECEIVED_EARLY);
diff --git a/app/openssl/ssl/s3_srvr.c b/app/openssl/ssl/s3_srvr.c
index f83c9366..1976efa7 100644
--- a/app/openssl/ssl/s3_srvr.c
+++ b/app/openssl/ssl/s3_srvr.c
@@ -675,8 +675,8 @@ int ssl3_accept(SSL *s)
case SSL3_ST_SR_CERT_VRFY_A:
case SSL3_ST_SR_CERT_VRFY_B:
- s->s3->flags |= SSL3_FLAGS_CCS_OK;
/* we should decide if we expected this one */
+ s->s3->flags |= SSL3_FLAGS_CCS_OK;
ret=ssl3_get_cert_verify(s);
if (ret <= 0) goto end;
@@ -694,6 +694,7 @@ int ssl3_accept(SSL *s)
channel_id = s->s3->tlsext_channel_id_valid;
#endif
+ s->s3->flags |= SSL3_FLAGS_CCS_OK;
if (next_proto_neg)
s->state=SSL3_ST_SR_NEXT_PROTO_A;
else if (channel_id)
@@ -728,7 +729,6 @@ int ssl3_accept(SSL *s)
case SSL3_ST_SR_FINISHED_A:
case SSL3_ST_SR_FINISHED_B:
- s->s3->flags |= SSL3_FLAGS_CCS_OK;
ret=ssl3_get_finished(s,SSL3_ST_SR_FINISHED_A,
SSL3_ST_SR_FINISHED_B);
if (ret <= 0) goto end;
@@ -740,15 +740,6 @@ int ssl3_accept(SSL *s)
#endif
else
s->state=SSL3_ST_SW_CHANGE_A;
- /* If this is a full handshake with ChannelID then
- * record the hashshake hashes in |s->session| in case
- * we need them to verify a ChannelID signature on a
- * resumption of this session in the future. */
- if (!s->hit && s->s3->tlsext_channel_id_new)
- {
- ret = tls1_record_handshake_hashes_for_channel_id(s);
- if (ret <= 0) goto end;
- }
s->init_num=0;
break;
@@ -1477,22 +1468,6 @@ int ssl3_send_server_hello(SSL *s)
if (s->state == SSL3_ST_SW_SRVR_HELLO_A)
{
- /* We only accept ChannelIDs on connections with ECDHE in order
- * to avoid a known attack while we fix ChannelID itself. */
- if (s->s3 &&
- s->s3->tlsext_channel_id_valid &&
- (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kEECDH) == 0)
- s->s3->tlsext_channel_id_valid = 0;
-
- /* If this is a resumption and the original handshake didn't
- * support ChannelID then we didn't record the original
- * handshake hashes in the session and so cannot resume with
- * ChannelIDs. */
- if (s->hit &&
- s->s3->tlsext_channel_id_new &&
- s->session->original_handshake_hash_len == 0)
- s->s3->tlsext_channel_id_valid = 0;
-
buf=(unsigned char *)s->init_buf->data;
#ifdef OPENSSL_NO_TLSEXT
p=s->s3->server_random;
@@ -2168,11 +2143,6 @@ int ssl3_send_certificate_request(SSL *s)
s->init_num=n+4;
s->init_off=0;
#ifdef NETSCAPE_HANG_BUG
- if (!BUF_MEM_grow_clean(buf, s->init_num + 4))
- {
- SSLerr(SSL_F_SSL3_SEND_CERTIFICATE_REQUEST,ERR_R_BUF_LIB);
- goto err;
- }
p=(unsigned char *)s->init_buf->data + s->init_num;
/* do the header */
@@ -2915,8 +2885,6 @@ int ssl3_get_client_key_exchange(SSL *s)
unsigned char premaster_secret[32], *start;
size_t outlen=32, inlen;
unsigned long alg_a;
- int Ttag, Tclass;
- long Tlen;
/* Get our certificate private key*/
alg_a = s->s3->tmp.new_cipher->algorithm_auth;
@@ -2938,16 +2906,28 @@ int ssl3_get_client_key_exchange(SSL *s)
ERR_clear_error();
}
/* Decrypt session key */
- if (ASN1_get_object((const unsigned char **)&p, &Tlen, &Ttag, &Tclass, n) != V_ASN1_CONSTRUCTED ||
- Ttag != V_ASN1_SEQUENCE ||
- Tclass != V_ASN1_UNIVERSAL)
+ if ((*p!=( V_ASN1_SEQUENCE| V_ASN1_CONSTRUCTED)))
+ {
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_DECRYPTION_FAILED);
+ goto gerr;
+ }
+ if (p[1] == 0x81)
+ {
+ start = p+3;
+ inlen = p[2];
+ }
+ else if (p[1] < 0x80)
+ {
+ start = p+2;
+ inlen = p[1];
+ }
+ else
{
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_DECRYPTION_FAILED);
goto gerr;
}
- start = p;
- inlen = Tlen;
if (EVP_PKEY_decrypt(pkey_ctx,premaster_secret,&outlen,start,inlen) <=0)
+
{
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_DECRYPTION_FAILED);
goto gerr;
@@ -3695,7 +3675,6 @@ int ssl3_get_channel_id(SSL *s)
EC_POINT* point = NULL;
ECDSA_SIG sig;
BIGNUM x, y;
- unsigned short expected_extension_type;
if (s->state == SSL3_ST_SR_CHANNEL_ID_A && s->init_num == 0)
{
@@ -3753,11 +3732,7 @@ int ssl3_get_channel_id(SSL *s)
n2s(p, extension_type);
n2s(p, extension_len);
- expected_extension_type = TLSEXT_TYPE_channel_id;
- if (s->s3->tlsext_channel_id_new)
- expected_extension_type = TLSEXT_TYPE_channel_id_new;
-
- if (extension_type != expected_extension_type ||
+ if (extension_type != TLSEXT_TYPE_channel_id ||
extension_len != TLSEXT_CHANNEL_ID_SIZE)
{
SSLerr(SSL_F_SSL3_GET_CHANNEL_ID,SSL_R_INVALID_MESSAGE);
diff --git a/app/openssl/ssl/ssl.h b/app/openssl/ssl/ssl.h
index a85841b3..54b0eb6c 100644
--- a/app/openssl/ssl/ssl.h
+++ b/app/openssl/ssl/ssl.h
@@ -544,13 +544,6 @@ struct ssl_session_st
#ifndef OPENSSL_NO_SRP
char *srp_username;
#endif
-
- /* original_handshake_hash contains the handshake hash (either
- * SHA-1+MD5 or SHA-2, depending on TLS version) for the original, full
- * handshake that created a session. This is used by Channel IDs during
- * resumption. */
- unsigned char original_handshake_hash[EVP_MAX_MD_SIZE];
- unsigned int original_handshake_hash_len;
};
#endif
@@ -560,7 +553,7 @@ struct ssl_session_st
/* Allow initial connection to servers that don't support RI */
#define SSL_OP_LEGACY_SERVER_CONNECT 0x00000004L
#define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x00000008L
-#define SSL_OP_TLSEXT_PADDING 0x00000010L
+#define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x00000010L
#define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020L
#define SSL_OP_SAFARI_ECDHE_ECDSA_BUG 0x00000040L
#define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x00000080L
@@ -569,8 +562,6 @@ struct ssl_session_st
/* Hasn't done anything since OpenSSL 0.9.7h, retained for compatibility */
#define SSL_OP_MSIE_SSLV2_RSA_PADDING 0x0
-/* Refers to ancient SSLREF and SSLv2, retained for compatibility */
-#define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x0
/* SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS is vestigial. Previously it disabled the
* insertion of empty records in CBC mode, but the empty records were commonly
@@ -657,14 +648,12 @@ struct ssl_session_st
* TLS only.) "Released" buffers are put onto a free-list in the context
* or just freed (depending on the context's setting for freelist_max_len). */
#define SSL_MODE_RELEASE_BUFFERS 0x00000010L
-
/* Send the current time in the Random fields of the ClientHello and
* ServerHello records for compatibility with hypothetical implementations
* that require it.
*/
#define SSL_MODE_SEND_CLIENTHELLO_TIME 0x00000020L
#define SSL_MODE_SEND_SERVERHELLO_TIME 0x00000040L
-
/* When set, clients may send application data before receipt of CCS
* and Finished. This mode enables full-handshakes to 'complete' in
* one RTT. */
@@ -877,9 +866,6 @@ struct ssl_ctx_st
/* get client cert callback */
int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey);
- /* get channel id callback */
- void (*channel_id_cb)(SSL *ssl, EVP_PKEY **pkey);
-
/* cookie generate callback */
int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie,
unsigned int *cookie_len);
@@ -1042,10 +1028,6 @@ struct ssl_ctx_st
/* If true, a client will advertise the Channel ID extension and a
* server will echo it. */
char tlsext_channel_id_enabled;
- /* tlsext_channel_id_enabled_new is a hack to support both old and new
- * ChannelID signatures. It indicates that a client should advertise the
- * new ChannelID extension number. */
- char tlsext_channel_id_enabled_new;
/* The client's Channel ID private key. */
EVP_PKEY *tlsext_channel_id_private;
#endif
@@ -1104,8 +1086,6 @@ void SSL_CTX_set_info_callback(SSL_CTX *ctx, void (*cb)(const SSL *ssl,int type,
void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(const SSL *ssl,int type,int val);
void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey));
int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL *ssl, X509 **x509, EVP_PKEY **pkey);
-void SSL_CTX_set_channel_id_cb(SSL_CTX *ctx, void (*channel_id_cb)(SSL *ssl, EVP_PKEY **pkey));
-void (*SSL_CTX_get_channel_id_cb(SSL_CTX *ctx))(SSL *ssl, EVP_PKEY **pkey);
#ifndef OPENSSL_NO_ENGINE
int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e);
#endif
@@ -1182,14 +1162,12 @@ const char *SSL_get_psk_identity(const SSL *s);
#define SSL_WRITING 2
#define SSL_READING 3
#define SSL_X509_LOOKUP 4
-#define SSL_CHANNEL_ID_LOOKUP 5
/* These will only be used when doing non-blocking IO */
#define SSL_want_nothing(s) (SSL_want(s) == SSL_NOTHING)
#define SSL_want_read(s) (SSL_want(s) == SSL_READING)
#define SSL_want_write(s) (SSL_want(s) == SSL_WRITING)
#define SSL_want_x509_lookup(s) (SSL_want(s) == SSL_X509_LOOKUP)
-#define SSL_want_channel_id_lookup(s) (SSL_want(s) == SSL_CHANNEL_ID_LOOKUP)
#define SSL_MAC_FLAG_READ_MAC_STREAM 1
#define SSL_MAC_FLAG_WRITE_MAC_STREAM 2
@@ -1624,7 +1602,6 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
#define SSL_ERROR_ZERO_RETURN 6
#define SSL_ERROR_WANT_CONNECT 7
#define SSL_ERROR_WANT_ACCEPT 8
-#define SSL_ERROR_WANT_CHANNEL_ID_LOOKUP 9
#define SSL_CTRL_NEED_TMP_RSA 1
#define SSL_CTRL_SET_TMP_RSA 2
@@ -1762,11 +1739,10 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
#define SSL_set_tmp_ecdh(ssl,ecdh) \
SSL_ctrl(ssl,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh)
-/* SSL_enable_tls_channel_id either configures a TLS server to accept TLS client
- * IDs from clients, or configure a client to send TLS client IDs to server.
- * Returns 1 on success. */
-#define SSL_enable_tls_channel_id(s) \
- SSL_ctrl(s,SSL_CTRL_CHANNEL_ID,0,NULL)
+/* SSL_enable_tls_channel_id configures a TLS server to accept TLS client
+ * IDs from clients. Returns 1 on success. */
+#define SSL_enable_tls_channel_id(ctx) \
+ SSL_ctrl(ctx,SSL_CTRL_CHANNEL_ID,0,NULL)
/* SSL_set1_tls_channel_id configures a TLS client to send a TLS Channel ID to
* compatible servers. private_key must be a P-256 EVP_PKEY*. Returns 1 on
* success. */
@@ -1816,7 +1792,7 @@ int SSL_CIPHER_get_bits(const SSL_CIPHER *c,int *alg_bits);
char * SSL_CIPHER_get_version(const SSL_CIPHER *c);
const char * SSL_CIPHER_get_name(const SSL_CIPHER *c);
unsigned long SSL_CIPHER_get_id(const SSL_CIPHER *c);
-const char * SSL_CIPHER_authentication_method(const SSL_CIPHER* cipher);
+const char* SSL_CIPHER_authentication_method(const SSL_CIPHER* cipher);
int SSL_get_fd(const SSL *s);
int SSL_get_rfd(const SSL *s);
@@ -2731,6 +2707,7 @@ void ERR_load_SSL_strings(void);
#define SSL_R_WRONG_VERSION_NUMBER 267
#define SSL_R_X509_LIB 268
#define SSL_R_X509_VERIFICATION_SETUP_PROBLEMS 269
+#define SSL_R_UNEXPECTED_CCS 388
#ifdef __cplusplus
}
diff --git a/app/openssl/ssl/ssl3.h b/app/openssl/ssl/ssl3.h
index 83d59bff..f205f73d 100644
--- a/app/openssl/ssl/ssl3.h
+++ b/app/openssl/ssl/ssl3.h
@@ -388,6 +388,9 @@ typedef struct ssl3_buffer_st
#define TLS1_FLAGS_TLS_PADDING_BUG 0x0008
#define TLS1_FLAGS_SKIP_CERT_VERIFY 0x0010
#define TLS1_FLAGS_KEEP_HANDSHAKE 0x0020
+/* SSL3_FLAGS_CCS_OK indicates that a ChangeCipherSpec record is acceptable at
+ * this point in the handshake. If this flag is not set then received CCS
+ * records will cause a fatal error for the connection. */
#define SSL3_FLAGS_CCS_OK 0x0080
/* SSL3_FLAGS_SGC_RESTART_DONE is set when we
@@ -555,11 +558,6 @@ typedef struct ssl3_state_st
* for Channel IDs and that tlsext_channel_id will be valid after the
* handshake. */
char tlsext_channel_id_valid;
- /* tlsext_channel_id_new means that the updated Channel ID extension
- * was negotiated. This is a temporary hack in the code to support both
- * forms of Channel ID extension while we transition to the new format,
- * which fixed a security issue. */
- char tlsext_channel_id_new;
/* For a server:
* If |tlsext_channel_id_valid| is true, then this contains the
* verified Channel ID from the client: a P256 point, (x,y), where
@@ -680,11 +678,11 @@ typedef struct ssl3_state_st
#define SSL3_ST_SR_CERT_VRFY_B (0x1A1|SSL_ST_ACCEPT)
#define SSL3_ST_SR_CHANGE_A (0x1B0|SSL_ST_ACCEPT)
#define SSL3_ST_SR_CHANGE_B (0x1B1|SSL_ST_ACCEPT)
+#define SSL3_ST_SR_POST_CLIENT_CERT (0x1BF|SSL_ST_ACCEPT)
#ifndef OPENSSL_NO_NEXTPROTONEG
#define SSL3_ST_SR_NEXT_PROTO_A (0x210|SSL_ST_ACCEPT)
#define SSL3_ST_SR_NEXT_PROTO_B (0x211|SSL_ST_ACCEPT)
#endif
-#define SSL3_ST_SR_POST_CLIENT_CERT (0x1BF|SSL_ST_ACCEPT)
#define SSL3_ST_SR_CHANNEL_ID_A (0x220|SSL_ST_ACCEPT)
#define SSL3_ST_SR_CHANNEL_ID_B (0x221|SSL_ST_ACCEPT)
#define SSL3_ST_SR_FINISHED_A (0x1C0|SSL_ST_ACCEPT)
diff --git a/app/openssl/ssl/ssl_asn1.c b/app/openssl/ssl/ssl_asn1.c
index f83e18f8..38540be1 100644
--- a/app/openssl/ssl/ssl_asn1.c
+++ b/app/openssl/ssl/ssl_asn1.c
@@ -117,13 +117,12 @@ typedef struct ssl_session_asn1_st
#ifndef OPENSSL_NO_SRP
ASN1_OCTET_STRING srp_username;
#endif /* OPENSSL_NO_SRP */
- ASN1_OCTET_STRING original_handshake_hash;
} SSL_SESSION_ASN1;
int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
{
#define LSIZE2 (sizeof(long)*2)
- int v1=0,v2=0,v3=0,v4=0,v5=0,v7=0,v8=0,v14=0;
+ int v1=0,v2=0,v3=0,v4=0,v5=0,v7=0,v8=0;
unsigned char buf[4],ibuf1[LSIZE2],ibuf2[LSIZE2];
unsigned char ibuf3[LSIZE2],ibuf4[LSIZE2],ibuf5[LSIZE2];
#ifndef OPENSSL_NO_TLSEXT
@@ -273,13 +272,6 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
a.psk_identity.type=V_ASN1_OCTET_STRING;
a.psk_identity.data=(unsigned char *)(in->psk_identity);
}
-
- if (in->original_handshake_hash_len > 0)
- {
- a.original_handshake_hash.length = in->original_handshake_hash_len;
- a.original_handshake_hash.type = V_ASN1_OCTET_STRING;
- a.original_handshake_hash.data = in->original_handshake_hash;
- }
#endif /* OPENSSL_NO_PSK */
#ifndef OPENSSL_NO_SRP
if (in->srp_username)
@@ -333,8 +325,6 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
if (in->srp_username)
M_ASN1_I2D_len_EXP_opt(&(a.srp_username), i2d_ASN1_OCTET_STRING,12,v12);
#endif /* OPENSSL_NO_SRP */
- if (in->original_handshake_hash_len > 0)
- M_ASN1_I2D_len_EXP_opt(&(a.original_handshake_hash),i2d_ASN1_OCTET_STRING,14,v14);
M_ASN1_I2D_seq_total();
@@ -383,8 +373,6 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
if (in->srp_username)
M_ASN1_I2D_put_EXP_opt(&(a.srp_username), i2d_ASN1_OCTET_STRING,12,v12);
#endif /* OPENSSL_NO_SRP */
- if (in->original_handshake_hash_len > 0)
- M_ASN1_I2D_put_EXP_opt(&(a.original_handshake_hash),i2d_ASN1_OCTET_STRING,14,v14);
M_ASN1_I2D_finish();
}
@@ -420,7 +408,6 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
if (os.length != 3)
{
c.error=SSL_R_CIPHER_CODE_WRONG_LENGTH;
- c.line=__LINE__;
goto err;
}
id=0x02000000L|
@@ -433,7 +420,6 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
if (os.length != 2)
{
c.error=SSL_R_CIPHER_CODE_WRONG_LENGTH;
- c.line=__LINE__;
goto err;
}
id=0x03000000L|
@@ -443,7 +429,6 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
else
{
c.error=SSL_R_UNKNOWN_SSL_VERSION;
- c.line=__LINE__;
goto err;
}
@@ -536,7 +521,6 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
if (os.length > SSL_MAX_SID_CTX_LENGTH)
{
c.error=SSL_R_BAD_LENGTH;
- c.line=__LINE__;
goto err;
}
else
@@ -654,16 +638,5 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
ret->srp_username=NULL;
#endif /* OPENSSL_NO_SRP */
- os.length=0;
- os.data=NULL;
- M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,14);
- if (os.data && os.length < (int)sizeof(ret->original_handshake_hash))
- {
- memcpy(ret->original_handshake_hash, os.data, os.length);
- ret->original_handshake_hash_len = os.length;
- OPENSSL_free(os.data);
- os.data = NULL;
- }
-
M_ASN1_D2I_Finish(a,SSL_SESSION_free,SSL_F_D2I_SSL_SESSION);
}
diff --git a/app/openssl/ssl/ssl_err.c b/app/openssl/ssl/ssl_err.c
index ac0aad9b..bddd7949 100644
--- a/app/openssl/ssl/ssl_err.c
+++ b/app/openssl/ssl/ssl_err.c
@@ -553,7 +553,7 @@ static ERR_STRING_DATA SSL_str_reasons[]=
{ERR_REASON(SSL_R_TLSV1_UNRECOGNIZED_NAME),"tlsv1 unrecognized name"},
{ERR_REASON(SSL_R_TLSV1_UNSUPPORTED_EXTENSION),"tlsv1 unsupported extension"},
{ERR_REASON(SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER),"tls client cert req with anon cipher"},
-{ERR_REASON(SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT),"peer does not accept heartbeats"},
+{ERR_REASON(SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT),"peer does not accept heartbearts"},
{ERR_REASON(SSL_R_TLS_HEARTBEAT_PENDING) ,"heartbeat request already pending"},
{ERR_REASON(SSL_R_TLS_ILLEGAL_EXPORTER_LABEL),"tls illegal exporter label"},
{ERR_REASON(SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST),"tls invalid ecpointformat list"},
@@ -604,6 +604,7 @@ static ERR_STRING_DATA SSL_str_reasons[]=
{ERR_REASON(SSL_R_WRONG_VERSION_NUMBER) ,"wrong version number"},
{ERR_REASON(SSL_R_X509_LIB) ,"x509 lib"},
{ERR_REASON(SSL_R_X509_VERIFICATION_SETUP_PROBLEMS),"x509 verification setup problems"},
+{ERR_REASON(SSL_R_UNEXPECTED_CCS),"unexpected CCS"},
{0,NULL}
};
diff --git a/app/openssl/ssl/ssl_lib.c b/app/openssl/ssl/ssl_lib.c
index 3de68a78..8d2c3a76 100644
--- a/app/openssl/ssl/ssl_lib.c
+++ b/app/openssl/ssl/ssl_lib.c
@@ -1403,10 +1403,6 @@ char *SSL_get_shared_ciphers(const SSL *s,char *buf,int len)
p=buf;
sk=s->session->ciphers;
-
- if (sk_SSL_CIPHER_num(sk) == 0)
- return NULL;
-
for (i=0; i<sk_SSL_CIPHER_num(sk); i++)
{
int n;
@@ -2675,10 +2671,6 @@ int SSL_get_error(const SSL *s,int i)
{
return(SSL_ERROR_WANT_X509_LOOKUP);
}
- if ((i < 0) && SSL_want_channel_id_lookup(s))
- {
- return(SSL_ERROR_WANT_CHANNEL_ID_LOOKUP);
- }
if (i == 0)
{
@@ -3427,41 +3419,12 @@ int SSL_cutthrough_complete(const SSL *s)
s->version >= SSL3_VERSION &&
s->s3->in_read_app_data == 0 && /* cutthrough only applies to write() */
(SSL_get_mode((SSL*)s) & SSL_MODE_HANDSHAKE_CUTTHROUGH) && /* cutthrough enabled */
- ssl3_can_cutthrough(s) && /* cutthrough allowed */
+ SSL_get_cipher_bits(s, NULL) >= 128 && /* strong cipher choosen */
s->s3->previous_server_finished_len == 0 && /* not a renegotiation handshake */
(s->state == SSL3_ST_CR_SESSION_TICKET_A || /* ready to write app-data*/
s->state == SSL3_ST_CR_FINISHED_A));
}
-int ssl3_can_cutthrough(const SSL *s)
- {
- const SSL_CIPHER *c;
-
- /* require a strong enough cipher */
- if (SSL_get_cipher_bits(s, NULL) < 128)
- return 0;
-
- /* require ALPN or NPN extension */
- if (!s->s3->alpn_selected
-#ifndef OPENSSL_NO_NEXTPROTONEG
- && !s->s3->next_proto_neg_seen
-#endif
- )
- {
- return 0;
- }
-
- /* require a forward-secret cipher */
- c = SSL_get_current_cipher(s);
- if (!c || (c->algorithm_mkey != SSL_kEDH &&
- c->algorithm_mkey != SSL_kEECDH))
- {
- return 0;
- }
-
- return 1;
- }
-
/* Allocates new EVP_MD_CTX and sets pointer to it into given pointer
* vairable, freeing EVP_MD_CTX previously stored in that variable, if
* any. If EVP_MD pointer is passed, initializes ctx with this md
diff --git a/app/openssl/ssl/ssl_locl.h b/app/openssl/ssl/ssl_locl.h
index 6b7731a4..f79ab009 100644
--- a/app/openssl/ssl/ssl_locl.h
+++ b/app/openssl/ssl/ssl_locl.h
@@ -1070,7 +1070,6 @@ void ssl_free_wbio_buffer(SSL *s);
int tls1_change_cipher_state(SSL *s, int which);
int tls1_setup_key_block(SSL *s);
int tls1_enc(SSL *s, int snd);
-int tls1_handshake_digest(SSL *s, unsigned char *out, size_t out_len);
int tls1_final_finish_mac(SSL *s,
const char *str, int slen, unsigned char *p);
int tls1_cert_verify_mac(SSL *s, int md_nid, unsigned char *p);
@@ -1127,10 +1126,8 @@ int tls12_get_sigid(const EVP_PKEY *pk);
const EVP_MD *tls12_get_hash(unsigned char hash_alg);
int tls1_channel_id_hash(EVP_MD_CTX *ctx, SSL *s);
-int tls1_record_handshake_hashes_for_channel_id(SSL *s);
#endif
-int ssl3_can_cutthrough(const SSL *s);
EVP_MD_CTX* ssl_replace_hash(EVP_MD_CTX **hash,const EVP_MD *md) ;
void ssl_clear_hash_ctx(EVP_MD_CTX **hash);
int ssl_add_serverhello_renegotiate_ext(SSL *s, unsigned char *p, int *len,
diff --git a/app/openssl/ssl/ssl_sess.c b/app/openssl/ssl/ssl_sess.c
index 7d170852..ec088404 100644
--- a/app/openssl/ssl/ssl_sess.c
+++ b/app/openssl/ssl/ssl_sess.c
@@ -1144,17 +1144,6 @@ int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL * ssl, X509 ** x509 , EVP_PK
return ctx->client_cert_cb;
}
-void SSL_CTX_set_channel_id_cb(SSL_CTX *ctx,
- void (*cb)(SSL *ssl, EVP_PKEY **pkey))
- {
- ctx->channel_id_cb=cb;
- }
-
-void (*SSL_CTX_get_channel_id_cb(SSL_CTX *ctx))(SSL * ssl, EVP_PKEY **pkey)
- {
- return ctx->channel_id_cb;
- }
-
#ifndef OPENSSL_NO_ENGINE
int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e)
{
diff --git a/app/openssl/ssl/t1_enc.c b/app/openssl/ssl/t1_enc.c
index 22dd3cab..2ed2e076 100644
--- a/app/openssl/ssl/t1_enc.c
+++ b/app/openssl/ssl/t1_enc.c
@@ -895,79 +895,54 @@ int tls1_cert_verify_mac(SSL *s, int md_nid, unsigned char *out)
return((int)ret);
}
-/* tls1_handshake_digest calculates the current handshake hash and writes it to
- * |out|, which has space for |out_len| bytes. It returns the number of bytes
- * written or -1 in the event of an error. This function works on a copy of the
- * underlying digests so can be called multiple times and prior to the final
- * update etc. */
-int tls1_handshake_digest(SSL *s, unsigned char *out, size_t out_len)
- {
- const EVP_MD *md;
- EVP_MD_CTX ctx;
- int i, err = 0, len = 0;
- long mask;
-
- EVP_MD_CTX_init(&ctx);
-
- for (i = 0; ssl_get_handshake_digest(i, &mask, &md); i++)
- {
- int hash_size;
- unsigned int digest_len;
- EVP_MD_CTX *hdgst = s->s3->handshake_dgst[i];
-
- if ((mask & ssl_get_algorithm2(s)) == 0)
- continue;
-
- hash_size = EVP_MD_size(md);
- if (!hdgst || hash_size < 0 || (size_t)hash_size > out_len)
- {
- err = 1;
- break;
- }
-
- if (!EVP_MD_CTX_copy_ex(&ctx, hdgst) ||
- !EVP_DigestFinal_ex(&ctx, out, &digest_len) ||
- digest_len != (unsigned int)hash_size) /* internal error */
- {
- err = 1;
- break;
- }
- out += digest_len;
- out_len -= digest_len;
- len += digest_len;
- }
-
- EVP_MD_CTX_cleanup(&ctx);
-
- if (err != 0)
- return -1;
- return len;
- }
-
int tls1_final_finish_mac(SSL *s,
const char *str, int slen, unsigned char *out)
{
+ unsigned int i;
+ EVP_MD_CTX ctx;
unsigned char buf[2*EVP_MAX_MD_SIZE];
- unsigned char buf2[12];
+ unsigned char *q,buf2[12];
+ int idx;
+ long mask;
int err=0;
- int digests_len;
+ const EVP_MD *md;
- if (s->s3->handshake_buffer)
+ q=buf;
+
+ if (s->s3->handshake_buffer)
if (!ssl3_digest_cached_records(s))
return 0;
- digests_len = tls1_handshake_digest(s, buf, sizeof(buf));
- if (digests_len < 0)
+ EVP_MD_CTX_init(&ctx);
+
+ for (idx=0;ssl_get_handshake_digest(idx,&mask,&md);idx++)
{
- err = 1;
- digests_len = 0;
+ if (mask & ssl_get_algorithm2(s))
+ {
+ int hashsize = EVP_MD_size(md);
+ EVP_MD_CTX *hdgst = s->s3->handshake_dgst[idx];
+ if (!hdgst || hashsize < 0 || hashsize > (int)(sizeof buf - (size_t)(q-buf)))
+ {
+ /* internal error: 'buf' is too small for this cipersuite! */
+ err = 1;
+ }
+ else
+ {
+ if (!EVP_MD_CTX_copy_ex(&ctx, hdgst) ||
+ !EVP_DigestFinal_ex(&ctx,q,&i) ||
+ (i != (unsigned int)hashsize))
+ err = 1;
+ q+=hashsize;
+ }
+ }
}
-
+
if (!tls1_PRF(ssl_get_algorithm2(s),
- str,slen, buf, digests_len, NULL,0, NULL,0, NULL,0,
+ str,slen, buf,(int)(q-buf), NULL,0, NULL,0, NULL,0,
s->session->master_key,s->session->master_key_length,
out,buf2,sizeof buf2))
err = 1;
+ EVP_MD_CTX_cleanup(&ctx);
if (err)
return 0;
@@ -1073,10 +1048,14 @@ int tls1_mac(SSL *ssl, unsigned char *md, int send)
if (!stream_mac)
EVP_MD_CTX_cleanup(&hmac);
#ifdef TLS_DEBUG
+printf("sec=");
+{unsigned int z; for (z=0; z<md_size; z++) printf("%02X ",mac_sec[z]); printf("\n"); }
printf("seq=");
{int z; for (z=0; z<8; z++) printf("%02X ",seq[z]); printf("\n"); }
+printf("buf=");
+{int z; for (z=0; z<5; z++) printf("%02X ",buf[z]); printf("\n"); }
printf("rec=");
-{unsigned int z; for (z=0; z<rec->length; z++) printf("%02X ",rec->data[z]); printf("\n"); }
+{unsigned int z; for (z=0; z<rec->length; z++) printf("%02X ",buf[z]); printf("\n"); }
#endif
if (ssl->version != DTLS1_VERSION && ssl->version != DTLS1_BAD_VER)
@@ -1206,7 +1185,7 @@ int tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen,
if (memcmp(val, TLS_MD_KEY_EXPANSION_CONST,
TLS_MD_KEY_EXPANSION_CONST_SIZE) == 0) goto err1;
- rv = tls1_PRF(ssl_get_algorithm2(s),
+ rv = tls1_PRF(s->s3->tmp.new_cipher->algorithm2,
val, vallen,
NULL, 0,
NULL, 0,
diff --git a/app/openssl/ssl/t1_lib.c b/app/openssl/ssl/t1_lib.c
index 122a25f5..369e09f4 100644
--- a/app/openssl/ssl/t1_lib.c
+++ b/app/openssl/ssl/t1_lib.c
@@ -617,8 +617,6 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha
#ifndef OPENSSL_NO_HEARTBEATS
/* Add Heartbeat extension */
- if ((limit - ret - 4 - 1) < 0)
- return NULL;
s2n(TLSEXT_TYPE_heartbeat,ret);
s2n(1,ret);
/* Set mode:
@@ -649,10 +647,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha
* support for Channel ID. */
if (limit - ret - 4 < 0)
return NULL;
- if (s->ctx->tlsext_channel_id_enabled_new)
- s2n(TLSEXT_TYPE_channel_id_new,ret);
- else
- s2n(TLSEXT_TYPE_channel_id,ret);
+ s2n(TLSEXT_TYPE_channel_id,ret);
s2n(0,ret);
}
@@ -688,35 +683,36 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha
ret += el;
}
#endif
+
+#ifdef TLSEXT_TYPE_padding
/* Add padding to workaround bugs in F5 terminators.
* See https://tools.ietf.org/html/draft-agl-tls-padding-03
*
* NB: because this code works out the length of all existing
* extensions it MUST always appear last.
*/
- if (s->options & SSL_OP_TLSEXT_PADDING)
+ {
+ int hlen = ret - (unsigned char *)s->init_buf->data;
+ /* The code in s23_clnt.c to build ClientHello messages includes the
+ * 5-byte record header in the buffer, while the code in s3_clnt.c does
+ * not. */
+ if (s->state == SSL23_ST_CW_CLNT_HELLO_A)
+ hlen -= 5;
+ if (hlen > 0xff && hlen < 0x200)
{
- int hlen = ret - (unsigned char *)s->init_buf->data;
- /* The code in s23_clnt.c to build ClientHello messages
- * includes the 5-byte record header in the buffer, while
- * the code in s3_clnt.c does not.
- */
- if (s->state == SSL23_ST_CW_CLNT_HELLO_A)
- hlen -= 5;
- if (hlen > 0xff && hlen < 0x200)
- {
- hlen = 0x200 - hlen;
- if (hlen >= 4)
- hlen -= 4;
- else
- hlen = 0;
+ hlen = 0x200 - hlen;
+ if (hlen >= 4)
+ hlen -= 4;
+ else
+ hlen = 0;
- s2n(TLSEXT_TYPE_padding, ret);
- s2n(hlen, ret);
- memset(ret, 0, hlen);
- ret += hlen;
- }
+ s2n(TLSEXT_TYPE_padding, ret);
+ s2n(hlen, ret);
+ memset(ret, 0, hlen);
+ ret += hlen;
}
+ }
+#endif
if ((extdatalen = ret-p-2)== 0)
return p;
@@ -871,8 +867,6 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned cha
/* Add Heartbeat extension if we've received one */
if (s->tlsext_heartbeat & SSL_TLSEXT_HB_ENABLED)
{
- if ((limit - ret - 4 - 1) < 0)
- return NULL;
s2n(TLSEXT_TYPE_heartbeat,ret);
s2n(1,ret);
/* Set mode:
@@ -915,10 +909,7 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned cha
{
if (limit - ret - 4 < 0)
return NULL;
- if (s->s3->tlsext_channel_id_new)
- s2n(TLSEXT_TYPE_channel_id_new,ret);
- else
- s2n(TLSEXT_TYPE_channel_id,ret);
+ s2n(TLSEXT_TYPE_channel_id,ret);
s2n(0,ret);
}
@@ -1581,13 +1572,6 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
else if (type == TLSEXT_TYPE_channel_id && s->tlsext_channel_id_enabled)
s->s3->tlsext_channel_id_valid = 1;
- else if (type == TLSEXT_TYPE_channel_id_new &&
- s->tlsext_channel_id_enabled)
- {
- s->s3->tlsext_channel_id_valid = 1;
- s->s3->tlsext_channel_id_new = 1;
- }
-
else if (type == TLSEXT_TYPE_application_layer_protocol_negotiation &&
s->ctx->alpn_select_cb &&
s->s3->tmp.finish_md_len == 0)
@@ -1837,12 +1821,6 @@ int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
else if (type == TLSEXT_TYPE_channel_id)
s->s3->tlsext_channel_id_valid = 1;
- else if (type == TLSEXT_TYPE_channel_id_new)
- {
- s->s3->tlsext_channel_id_valid = 1;
- s->s3->tlsext_channel_id_new = 1;
- }
-
else if (type == TLSEXT_TYPE_application_layer_protocol_negotiation)
{
unsigned len;
@@ -2930,17 +2908,6 @@ tls1_channel_id_hash(EVP_MD_CTX *md, SSL *s)
EVP_DigestUpdate(md, kClientIDMagic, sizeof(kClientIDMagic));
- if (s->hit && s->s3->tlsext_channel_id_new)
- {
- static const char kResumptionMagic[] = "Resumption";
- EVP_DigestUpdate(md, kResumptionMagic,
- sizeof(kResumptionMagic));
- if (s->session->original_handshake_hash_len == 0)
- return 0;
- EVP_DigestUpdate(md, s->session->original_handshake_hash,
- s->session->original_handshake_hash_len);
- }
-
EVP_MD_CTX_init(&ctx);
for (i = 0; i < SSL_MAX_DIGEST; i++)
{
@@ -2955,29 +2922,3 @@ tls1_channel_id_hash(EVP_MD_CTX *md, SSL *s)
return 1;
}
#endif
-
-/* tls1_record_handshake_hashes_for_channel_id records the current handshake
- * hashes in |s->session| so that Channel ID resumptions can sign that data. */
-int tls1_record_handshake_hashes_for_channel_id(SSL *s)
- {
- int digest_len;
- /* This function should never be called for a resumed session because
- * the handshake hashes that we wish to record are for the original,
- * full handshake. */
- if (s->hit)
- return -1;
- /* It only makes sense to call this function if Channel IDs have been
- * negotiated. */
- if (!s->s3->tlsext_channel_id_new)
- return -1;
-
- digest_len = tls1_handshake_digest(
- s, s->session->original_handshake_hash,
- sizeof(s->session->original_handshake_hash));
- if (digest_len < 0)
- return -1;
-
- s->session->original_handshake_hash_len = digest_len;
-
- return 1;
- }
diff --git a/app/openssl/ssl/tls1.h b/app/openssl/ssl/tls1.h
index b9a0899e..ec8948d5 100644
--- a/app/openssl/ssl/tls1.h
+++ b/app/openssl/ssl/tls1.h
@@ -259,7 +259,6 @@ extern "C" {
/* This is not an IANA defined extension number */
#define TLSEXT_TYPE_channel_id 30031
-#define TLSEXT_TYPE_channel_id_new 30032
/* NameType value from RFC 3546 */
#define TLSEXT_NAMETYPE_host_name 0
@@ -532,11 +531,9 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
#define TLS1_CK_ECDH_RSA_WITH_AES_128_GCM_SHA256 0x0300C031
#define TLS1_CK_ECDH_RSA_WITH_AES_256_GCM_SHA384 0x0300C032
-/* ECDHE PSK ciphersuites from RFC5489
- * SHA-2 cipher suites are omitted because they cannot be used safely with
- * SSLv3. */
-#define TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA 0x0300C035
-#define TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA 0x0300C036
+/* ECDHE PSK ciphersuites from RFC 5489 */
+#define TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA256 0x0300C037
+#define TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA384 0x0300C038
/* XXX
* Inconsistency alert:
@@ -689,9 +686,9 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
#define TLS1_TXT_ECDH_RSA_WITH_AES_128_GCM_SHA256 "ECDH-RSA-AES128-GCM-SHA256"
#define TLS1_TXT_ECDH_RSA_WITH_AES_256_GCM_SHA384 "ECDH-RSA-AES256-GCM-SHA384"
-/* ECDHE PSK ciphersuites from RFC5489 */
-#define TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA "ECDHE-PSK-AES128-CBC-SHA"
-#define TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA "ECDHE-PSK-AES256-CBC-SHA"
+/* ECDHE PSK ciphersuites from RFC 5489 */
+#define TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA256 "ECDHE-PSK-WITH-AES-128-CBC-SHA256"
+#define TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA384 "ECDHE-PSK-WITH-AES-256-CBC-SHA384"
#define TLS_CT_RSA_SIGN 1
#define TLS_CT_DSS_SIGN 2