summaryrefslogtreecommitdiff
path: root/main/openssl/ssl
diff options
context:
space:
mode:
authorArne Schwabe <arne@rfc2549.org>2014-04-23 12:31:35 +0200
committerArne Schwabe <arne@rfc2549.org>2014-04-23 12:31:35 +0200
commit0c5af0c28f23f75f93e253aeccb00c5ad20c116e (patch)
treefae9826018c36f1011007d029b728c290c50485c /main/openssl/ssl
parentc69ba1780496c260a1b4498596bae428e0df232d (diff)
Update OpenSSL to 1.0.1g
Diffstat (limited to 'main/openssl/ssl')
-rw-r--r--main/openssl/ssl/d1_both.c26
-rw-r--r--main/openssl/ssl/kssl.h9
-rw-r--r--main/openssl/ssl/s23_clnt.c7
-rw-r--r--main/openssl/ssl/s3_clnt.c4
-rw-r--r--main/openssl/ssl/s3_srvr.c4
-rw-r--r--main/openssl/ssl/ssl.h2
-rw-r--r--main/openssl/ssl/t1_enc.c3
-rw-r--r--main/openssl/ssl/t1_lib.c25
-rw-r--r--main/openssl/ssl/tls1.h10
9 files changed, 58 insertions, 32 deletions
diff --git a/main/openssl/ssl/d1_both.c b/main/openssl/ssl/d1_both.c
index 7a5596a6..2e8cf681 100644
--- a/main/openssl/ssl/d1_both.c
+++ b/main/openssl/ssl/d1_both.c
@@ -1459,26 +1459,36 @@ dtls1_process_heartbeat(SSL *s)
unsigned int payload;
unsigned int padding = 16; /* Use minimum padding */
- /* Read type and payload length first */
- hbtype = *p++;
- n2s(p, payload);
- pl = p;
-
if (s->msg_callback)
s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT,
&s->s3->rrec.data[0], s->s3->rrec.length,
s, s->msg_callback_arg);
+ /* Read type and payload length first */
+ if (1 + 2 + 16 > s->s3->rrec.length)
+ return 0; /* silently discard */
+ hbtype = *p++;
+ n2s(p, payload);
+ if (1 + 2 + payload + 16 > s->s3->rrec.length)
+ return 0; /* silently discard per RFC 6520 sec. 4 */
+ pl = p;
+
if (hbtype == TLS1_HB_REQUEST)
{
unsigned char *buffer, *bp;
+ unsigned int write_length = 1 /* heartbeat type */ +
+ 2 /* heartbeat length */ +
+ payload + padding;
int r;
+ if (write_length > SSL3_RT_MAX_PLAIN_LENGTH)
+ return 0;
+
/* Allocate memory for the response, size is 1 byte
* message type, plus 2 bytes payload length, plus
* payload, plus padding
*/
- buffer = OPENSSL_malloc(1 + 2 + payload + padding);
+ buffer = OPENSSL_malloc(write_length);
bp = buffer;
/* Enter response type, length and copy payload */
@@ -1489,11 +1499,11 @@ dtls1_process_heartbeat(SSL *s)
/* Random padding */
RAND_pseudo_bytes(bp, padding);
- r = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, 3 + payload + padding);
+ r = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, write_length);
if (r >= 0 && s->msg_callback)
s->msg_callback(1, s->version, TLS1_RT_HEARTBEAT,
- buffer, 3 + payload + padding,
+ buffer, write_length,
s, s->msg_callback_arg);
OPENSSL_free(buffer);
diff --git a/main/openssl/ssl/kssl.h b/main/openssl/ssl/kssl.h
index 8242fd5e..e4df8430 100644
--- a/main/openssl/ssl/kssl.h
+++ b/main/openssl/ssl/kssl.h
@@ -70,6 +70,15 @@
#include <stdio.h>
#include <ctype.h>
#include <krb5.h>
+#ifdef OPENSSL_SYS_WIN32
+/* These can sometimes get redefined indirectly by krb5 header files
+ * after they get undefed in ossl_typ.h
+ */
+#undef X509_NAME
+#undef X509_EXTENSIONS
+#undef OCSP_REQUEST
+#undef OCSP_RESPONSE
+#endif
#ifdef __cplusplus
extern "C" {
diff --git a/main/openssl/ssl/s23_clnt.c b/main/openssl/ssl/s23_clnt.c
index fefcd167..2bc92141 100644
--- a/main/openssl/ssl/s23_clnt.c
+++ b/main/openssl/ssl/s23_clnt.c
@@ -283,7 +283,7 @@ int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, int len)
send_time = (s->mode & SSL_MODE_SEND_CLIENTHELLO_TIME) != 0;
if (send_time)
{
- unsigned long Time = time(NULL);
+ unsigned long Time = (unsigned long)time(NULL);
unsigned char *p = result;
l2n(Time, p);
return RAND_pseudo_bytes(p, len-4);
@@ -487,10 +487,7 @@ static int ssl23_client_hello(SSL *s)
{
/* create Client Hello in SSL 3.0/TLS 1.0 format */
- /* do the record header (5 bytes) and handshake message
- * header (4 bytes) last. Note: the code to add the
- * padding extension in t1_lib.c depends on the size of
- * this prefix. */
+ /* do the record header (5 bytes) and handshake message header (4 bytes) last */
d = p = &(buf[9]);
*(p++) = version_major;
diff --git a/main/openssl/ssl/s3_clnt.c b/main/openssl/ssl/s3_clnt.c
index efbd666b..f71470a3 100644
--- a/main/openssl/ssl/s3_clnt.c
+++ b/main/openssl/ssl/s3_clnt.c
@@ -756,9 +756,7 @@ int ssl3_client_hello(SSL *s)
if (ssl_fill_hello_random(s, 0, p, SSL3_RANDOM_SIZE) <= 0)
goto err;
- /* Do the message type and length last.
- * Note: the code to add the padding extension in t1_lib.c
- * depends on the size of this prefix. */
+ /* Do the message type and length last */
d=p= &(buf[4]);
/* version indicates the negotiated version: for example from
diff --git a/main/openssl/ssl/s3_srvr.c b/main/openssl/ssl/s3_srvr.c
index 19158850..8692f149 100644
--- a/main/openssl/ssl/s3_srvr.c
+++ b/main/openssl/ssl/s3_srvr.c
@@ -1854,7 +1854,7 @@ int ssl3_send_server_key_exchange(SSL *s)
SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE);
goto f_err;
}
- for (i=0; r[i] != NULL && i<4; i++)
+ for (i=0; i < 4 && r[i] != NULL; i++)
{
nr[i]=BN_num_bytes(r[i]);
#ifndef OPENSSL_NO_SRP
@@ -1890,7 +1890,7 @@ int ssl3_send_server_key_exchange(SSL *s)
d=(unsigned char *)s->init_buf->data;
p= &(d[4]);
- for (i=0; r[i] != NULL && i<4; i++)
+ for (i=0; i < 4 && r[i] != NULL; i++)
{
#ifndef OPENSSL_NO_SRP
if ((i == 2) && (type & SSL_kSRP))
diff --git a/main/openssl/ssl/ssl.h b/main/openssl/ssl/ssl.h
index 4c38f6ed..40c4d9cf 100644
--- a/main/openssl/ssl/ssl.h
+++ b/main/openssl/ssl/ssl.h
@@ -928,7 +928,7 @@ struct ssl_ctx_st
*/
unsigned int max_send_fragment;
-#ifndef OPENSSL_ENGINE
+#ifndef OPENSSL_NO_ENGINE
/* Engine to pass requests for client certs to
*/
ENGINE *client_cert_engine;
diff --git a/main/openssl/ssl/t1_enc.c b/main/openssl/ssl/t1_enc.c
index 07cb62bd..2ed2e076 100644
--- a/main/openssl/ssl/t1_enc.c
+++ b/main/openssl/ssl/t1_enc.c
@@ -986,7 +986,8 @@ int tls1_mac(SSL *ssl, unsigned char *md, int send)
}
else
{
- EVP_MD_CTX_copy(&hmac,hash);
+ if (!EVP_MD_CTX_copy(&hmac,hash))
+ return -1;
mac_ctx = &hmac;
}
diff --git a/main/openssl/ssl/t1_lib.c b/main/openssl/ssl/t1_lib.c
index eba732f1..369e09f4 100644
--- a/main/openssl/ssl/t1_lib.c
+++ b/main/openssl/ssl/t1_lib.c
@@ -684,8 +684,13 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha
}
#endif
+#ifdef TLSEXT_TYPE_padding
/* Add padding to workaround bugs in F5 terminators.
- * See https://tools.ietf.org/html/draft-agl-tls-padding-02 */
+ * See https://tools.ietf.org/html/draft-agl-tls-padding-03
+ *
+ * NB: because this code works out the length of all existing
+ * extensions it MUST always appear last.
+ */
{
int hlen = ret - (unsigned char *)s->init_buf->data;
/* The code in s23_clnt.c to build ClientHello messages includes the
@@ -707,7 +712,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha
ret += hlen;
}
}
-
+#endif
if ((extdatalen = ret-p-2)== 0)
return p;
@@ -1412,7 +1417,7 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
tls1_process_sigalgs(s, data, dsize);
}
else if (type == TLSEXT_TYPE_status_request &&
- s->version != DTLS1_VERSION && s->ctx->tlsext_status_cb)
+ s->version != DTLS1_VERSION)
{
if (size < 5)
@@ -2744,16 +2749,20 @@ tls1_process_heartbeat(SSL *s)
unsigned int payload;
unsigned int padding = 16; /* Use minimum padding */
- /* Read type and payload length first */
- hbtype = *p++;
- n2s(p, payload);
- pl = p;
-
if (s->msg_callback)
s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT,
&s->s3->rrec.data[0], s->s3->rrec.length,
s, s->msg_callback_arg);
+ /* Read type and payload length first */
+ if (1 + 2 + 16 > s->s3->rrec.length)
+ return 0; /* silently discard */
+ hbtype = *p++;
+ n2s(p, payload);
+ if (1 + 2 + payload + 16 > s->s3->rrec.length)
+ return 0; /* silently discard per RFC 6520 sec. 4 */
+ pl = p;
+
if (hbtype == TLS1_HB_REQUEST)
{
unsigned char *buffer, *bp;
diff --git a/main/openssl/ssl/tls1.h b/main/openssl/ssl/tls1.h
index 6f031a44..6283c6a7 100644
--- a/main/openssl/ssl/tls1.h
+++ b/main/openssl/ssl/tls1.h
@@ -230,6 +230,12 @@ extern "C" {
/* ExtensionType value from RFC5620 */
#define TLSEXT_TYPE_heartbeat 15
+/* ExtensionType value for TLS padding extension.
+ * http://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml
+ * http://tools.ietf.org/html/draft-agl-tls-padding-03
+ */
+#define TLSEXT_TYPE_padding 21
+
/* ExtensionType value from draft-ietf-tls-applayerprotoneg-00 */
#define TLSEXT_TYPE_application_layer_protocol_negotiation 16
@@ -254,10 +260,6 @@ extern "C" {
/* This is not an IANA defined extension number */
#define TLSEXT_TYPE_channel_id 30031
-/* See https://tools.ietf.org/html/draft-agl-tls-padding-02
- * Number not yet IANA assigned. */
-#define TLSEXT_TYPE_padding 35655
-
/* NameType value from RFC 3546 */
#define TLSEXT_NAMETYPE_host_name 0
/* status request value from RFC 3546 */