Update OpenSSL to 1.0.1g

author: Arne Schwabe <arne@rfc2549.org> 2014-04-23 12:31:35 +0200
committer: Arne Schwabe <arne@rfc2549.org> 2014-04-23 12:31:35 +0200
commit: 0c5af0c28f23f75f93e253aeccb00c5ad20c116e (patch)
tree: fae9826018c36f1011007d029b728c290c50485c /main/openssl/ssl
parent: c69ba1780496c260a1b4498596bae428e0df232d (diff)
9 files changed, 58 insertions, 32 deletions
diff --git a/main/openssl/ssl/d1_both.c b/main/openssl/ssl/d1_both.c
index 7a5596a6..2e8cf681 100644
--- a/main/openssl/ssl/d1_both.c
+++ b/main/openssl/ssl/d1_both.c
@@ -1459,26 +1459,36 @@ dtls1_process_heartbeat(SSL *s)
 	unsigned int payload;
 	unsigned int padding = 16; /* Use minimum padding */
 
-	/* Read type and payload length first */
-	hbtype = *p++;
-	n2s(p, payload);
-	pl = p;
-
 	if (s->msg_callback)
 		s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT,
 			&s->s3->rrec.data[0], s->s3->rrec.length,
 			s, s->msg_callback_arg);
 
+	/* Read type and payload length first */
+	if (1 + 2 + 16 > s->s3->rrec.length)
+		return 0; /* silently discard */
+	hbtype = *p++;
+	n2s(p, payload);
+	if (1 + 2 + payload + 16 > s->s3->rrec.length)
+		return 0; /* silently discard per RFC 6520 sec. 4 */
+	pl = p;
+
 	if (hbtype == TLS1_HB_REQUEST)
 		{
 		unsigned char *buffer, *bp;
+		unsigned int write_length = 1 /* heartbeat type */ +
+					    2 /* heartbeat length */ +
+					    payload + padding;
 		int r;
 
+		if (write_length > SSL3_RT_MAX_PLAIN_LENGTH)
+			return 0;
+
 		/* Allocate memory for the response, size is 1 byte
 		 * message type, plus 2 bytes payload length, plus
 		 * payload, plus padding
 		 */
-		buffer = OPENSSL_malloc(1 + 2 + payload + padding);
+		buffer = OPENSSL_malloc(write_length);
 		bp = buffer;
 
 		/* Enter response type, length and copy payload */
@@ -1489,11 +1499,11 @@ dtls1_process_heartbeat(SSL *s)
 		/* Random padding */
 		RAND_pseudo_bytes(bp, padding);
 
-		r = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, 3 + payload + padding);
+		r = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, write_length);
 
 		if (r >= 0 && s->msg_callback)
 			s->msg_callback(1, s->version, TLS1_RT_HEARTBEAT,
-				buffer, 3 + payload + padding,
+				buffer, write_length,
 				s, s->msg_callback_arg);
 
 		OPENSSL_free(buffer);
diff --git a/main/openssl/ssl/kssl.h b/main/openssl/ssl/kssl.h
index 8242fd5e..e4df8430 100644
--- a/main/openssl/ssl/kssl.h
+++ b/main/openssl/ssl/kssl.h
@@ -70,6 +70,15 @@
 #include <stdio.h>
 #include <ctype.h>
 #include <krb5.h>
+#ifdef OPENSSL_SYS_WIN32
+/* These can sometimes get redefined indirectly by krb5 header files
+ * after they get undefed in ossl_typ.h
+ */
+#undef X509_NAME
+#undef X509_EXTENSIONS
+#undef OCSP_REQUEST
+#undef OCSP_RESPONSE
+#endif
 
 #ifdef  __cplusplus
 extern "C" {
diff --git a/main/openssl/ssl/s23_clnt.c b/main/openssl/ssl/s23_clnt.c
index fefcd167..2bc92141 100644
--- a/main/openssl/ssl/s23_clnt.c
+++ b/main/openssl/ssl/s23_clnt.c
@@ -283,7 +283,7 @@ int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, int len)
 		send_time = (s->mode & SSL_MODE_SEND_CLIENTHELLO_TIME) != 0;
 	if (send_time)
 		{
-		unsigned long Time = time(NULL);
+		unsigned long Time = (unsigned long)time(NULL);
 		unsigned char *p = result;
 		l2n(Time, p);
 		return RAND_pseudo_bytes(p, len-4);
@@ -487,10 +487,7 @@ static int ssl23_client_hello(SSL *s)
 			{
 			/* create Client Hello in SSL 3.0/TLS 1.0 format */
 
-			/* do the record header (5 bytes) and handshake message
-			 * header (4 bytes) last. Note: the code to add the
-			 * padding extension in t1_lib.c depends on the size of
-			 * this prefix. */
+			/* do the record header (5 bytes) and handshake message header (4 bytes) last */
 			d = p = &(buf[9]);
 			
 			*(p++) = version_major;
diff --git a/main/openssl/ssl/s3_clnt.c b/main/openssl/ssl/s3_clnt.c
index efbd666b..f71470a3 100644
--- a/main/openssl/ssl/s3_clnt.c
+++ b/main/openssl/ssl/s3_clnt.c
@@ -756,9 +756,7 @@ int ssl3_client_hello(SSL *s)
 		if (ssl_fill_hello_random(s, 0, p, SSL3_RANDOM_SIZE) <= 0)
 			goto err;
 
-		/* Do the message type and length last.
-		 * Note: the code to add the padding extension in t1_lib.c
-		 * depends on the size of this prefix. */
+		/* Do the message type and length last */
 		d=p= &(buf[4]);
 
 		/* version indicates the negotiated version: for example from
diff --git a/main/openssl/ssl/s3_srvr.c b/main/openssl/ssl/s3_srvr.c
index 19158850..8692f149 100644
--- a/main/openssl/ssl/s3_srvr.c
+++ b/main/openssl/ssl/s3_srvr.c
@@ -1854,7 +1854,7 @@ int ssl3_send_server_key_exchange(SSL *s)
 			SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE);
 			goto f_err;
 			}
-		for (i=0; r[i] != NULL && i<4; i++)
+		for (i=0; i < 4 && r[i] != NULL; i++)
 			{
 			nr[i]=BN_num_bytes(r[i]);
 #ifndef OPENSSL_NO_SRP
@@ -1890,7 +1890,7 @@ int ssl3_send_server_key_exchange(SSL *s)
 		d=(unsigned char *)s->init_buf->data;
 		p= &(d[4]);
 
-		for (i=0; r[i] != NULL && i<4; i++)
+		for (i=0; i < 4 && r[i] != NULL; i++)
 			{
 #ifndef OPENSSL_NO_SRP
 			if ((i == 2) && (type & SSL_kSRP))
diff --git a/main/openssl/ssl/ssl.h b/main/openssl/ssl/ssl.h
index 4c38f6ed..40c4d9cf 100644
--- a/main/openssl/ssl/ssl.h
+++ b/main/openssl/ssl/ssl.h
@@ -928,7 +928,7 @@ struct ssl_ctx_st
 	 */
 	unsigned int max_send_fragment;
 
-#ifndef OPENSSL_ENGINE
+#ifndef OPENSSL_NO_ENGINE
 	/* Engine to pass requests for client certs to
 	 */
 	ENGINE *client_cert_engine;
diff --git a/main/openssl/ssl/t1_enc.c b/main/openssl/ssl/t1_enc.c
index 07cb62bd..2ed2e076 100644
--- a/main/openssl/ssl/t1_enc.c
+++ b/main/openssl/ssl/t1_enc.c
@@ -986,7 +986,8 @@ int tls1_mac(SSL *ssl, unsigned char *md, int send)
 		}
 		else
 		{
-			EVP_MD_CTX_copy(&hmac,hash);
+			if (!EVP_MD_CTX_copy(&hmac,hash))
+				return -1;
 			mac_ctx = &hmac;
 		}
 
diff --git a/main/openssl/ssl/t1_lib.c b/main/openssl/ssl/t1_lib.c
index eba732f1..369e09f4 100644
--- a/main/openssl/ssl/t1_lib.c
+++ b/main/openssl/ssl/t1_lib.c
@@ -684,8 +684,13 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha
                 }
 #endif
 
+#ifdef TLSEXT_TYPE_padding
 	/* Add padding to workaround bugs in F5 terminators.
-	 * See https://tools.ietf.org/html/draft-agl-tls-padding-02 */
+	 * See https://tools.ietf.org/html/draft-agl-tls-padding-03
+	 *
+	 * NB: because this code works out the length of all existing
+	 * extensions it MUST always appear last.
+	 */
 	{
 	int hlen = ret - (unsigned char *)s->init_buf->data;
 	/* The code in s23_clnt.c to build ClientHello messages includes the
@@ -707,7 +712,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha
 		ret += hlen;
 		}
 	}
-
+#endif
 
 	if ((extdatalen = ret-p-2)== 0) 
 		return p;
@@ -1412,7 +1417,7 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
 			tls1_process_sigalgs(s, data, dsize);
 			}
 		else if (type == TLSEXT_TYPE_status_request &&
-		         s->version != DTLS1_VERSION && s->ctx->tlsext_status_cb)
+		         s->version != DTLS1_VERSION)
 			{
 		
 			if (size < 5) 
@@ -2744,16 +2749,20 @@ tls1_process_heartbeat(SSL *s)
 	unsigned int payload;
 	unsigned int padding = 16; /* Use minimum padding */
 
-	/* Read type and payload length first */
-	hbtype = *p++;
-	n2s(p, payload);
-	pl = p;
-
 	if (s->msg_callback)
 		s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT,
 			&s->s3->rrec.data[0], s->s3->rrec.length,
 			s, s->msg_callback_arg);
 
+	/* Read type and payload length first */
+	if (1 + 2 + 16 > s->s3->rrec.length)
+		return 0; /* silently discard */
+	hbtype = *p++;
+	n2s(p, payload);
+	if (1 + 2 + payload + 16 > s->s3->rrec.length)
+		return 0; /* silently discard per RFC 6520 sec. 4 */
+	pl = p;
+
 	if (hbtype == TLS1_HB_REQUEST)
 		{
 		unsigned char *buffer, *bp;
diff --git a/main/openssl/ssl/tls1.h b/main/openssl/ssl/tls1.h
index 6f031a44..6283c6a7 100644
--- a/main/openssl/ssl/tls1.h
+++ b/main/openssl/ssl/tls1.h
@@ -230,6 +230,12 @@ extern "C" {
 /* ExtensionType value from RFC5620 */
 #define TLSEXT_TYPE_heartbeat	15
 
+/* ExtensionType value for TLS padding extension.
+ * http://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml
+ * http://tools.ietf.org/html/draft-agl-tls-padding-03
+ */
+#define TLSEXT_TYPE_padding	21
+
 /* ExtensionType value from draft-ietf-tls-applayerprotoneg-00 */
 #define TLSEXT_TYPE_application_layer_protocol_negotiation 16
 
@@ -254,10 +260,6 @@ extern "C" {
 /* This is not an IANA defined extension number */
 #define TLSEXT_TYPE_channel_id			30031
 
-/* See https://tools.ietf.org/html/draft-agl-tls-padding-02
- * Number not yet IANA assigned. */
-#define TLSEXT_TYPE_padding			35655
-
 /* NameType value from RFC 3546 */
 #define TLSEXT_NAMETYPE_host_name 0
 /* status request value from RFC 3546 */
author	Arne Schwabe <arne@rfc2549.org>	2014-04-23 12:31:35 +0200
committer	Arne Schwabe <arne@rfc2549.org>	2014-04-23 12:31:35 +0200
commit	0c5af0c28f23f75f93e253aeccb00c5ad20c116e (patch)
tree	fae9826018c36f1011007d029b728c290c50485c /main/openssl/ssl
parent	c69ba1780496c260a1b4498596bae428e0df232d (diff)