summaryrefslogtreecommitdiff
path: root/thirdparty/openssl/ssl
diff options
context:
space:
mode:
Diffstat (limited to 'thirdparty/openssl/ssl')
-rw-r--r--thirdparty/openssl/ssl/s23_clnt.c30
-rw-r--r--thirdparty/openssl/ssl/s3_pkt.c12
-rw-r--r--thirdparty/openssl/ssl/s3_srvr.c36
-rw-r--r--thirdparty/openssl/ssl/ssl_ciph.c2
-rw-r--r--thirdparty/openssl/ssl/ssl_lib.c10
-rw-r--r--thirdparty/openssl/ssl/ssl_sess.c6
-rw-r--r--thirdparty/openssl/ssl/t1_lib.c2
7 files changed, 81 insertions, 17 deletions
diff --git a/thirdparty/openssl/ssl/s23_clnt.c b/thirdparty/openssl/ssl/s23_clnt.c
index b80d1fd8ce..add8c9916c 100644
--- a/thirdparty/openssl/ssl/s23_clnt.c
+++ b/thirdparty/openssl/ssl/s23_clnt.c
@@ -735,7 +735,37 @@ static int ssl23_get_server_hello(SSL *s)
s->version = TLS1_2_VERSION;
s->method = TLSv1_2_client_method();
} else {
+ /*
+ * Unrecognised version, we'll send a protocol version alert using
+ * our preferred version.
+ */
+ switch(s->client_version) {
+ default:
+ /*
+ * Shouldn't happen
+ * Fall through
+ */
+ case TLS1_2_VERSION:
+ s->version = TLS1_2_VERSION;
+ s->method = TLSv1_2_client_method();
+ break;
+ case TLS1_1_VERSION:
+ s->version = TLS1_1_VERSION;
+ s->method = TLSv1_1_client_method();
+ break;
+ case TLS1_VERSION:
+ s->version = TLS1_VERSION;
+ s->method = TLSv1_client_method();
+ break;
+#ifndef OPENSSL_NO_SSL3
+ case SSL3_VERSION:
+ s->version = SSL3_VERSION;
+ s->method = SSLv3_client_method();
+ break;
+#endif
+ }
SSLerr(SSL_F_SSL23_GET_SERVER_HELLO, SSL_R_UNSUPPORTED_PROTOCOL);
+ ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_PROTOCOL_VERSION);
goto err;
}
diff --git a/thirdparty/openssl/ssl/s3_pkt.c b/thirdparty/openssl/ssl/s3_pkt.c
index 0290c991d8..b914568430 100644
--- a/thirdparty/openssl/ssl/s3_pkt.c
+++ b/thirdparty/openssl/ssl/s3_pkt.c
@@ -1324,10 +1324,16 @@ int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
}
#ifndef OPENSSL_NO_HEARTBEATS
else if (rr->type == TLS1_RT_HEARTBEAT) {
- tls1_process_heartbeat(s);
+ i = tls1_process_heartbeat(s);
+
+ if (i < 0)
+ return i;
- /* Exit and notify application to read again */
rr->length = 0;
+ if (s->mode & SSL_MODE_AUTO_RETRY)
+ goto start;
+
+ /* Exit and notify application to read again */
s->rwstate = SSL_READING;
BIO_clear_retry_flags(SSL_get_rbio(s));
BIO_set_retry_read(SSL_get_rbio(s));
@@ -1427,7 +1433,7 @@ int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
(s->s3->handshake_fragment_len >= 4) &&
(s->s3->handshake_fragment[0] == SSL3_MT_CLIENT_HELLO) &&
(s->session != NULL) && (s->session->cipher != NULL) &&
- !(s->ctx->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) {
+ !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) {
/*
* s->s3->handshake_fragment_len = 0;
*/
diff --git a/thirdparty/openssl/ssl/s3_srvr.c b/thirdparty/openssl/ssl/s3_srvr.c
index ba17f1b562..0fb4845d44 100644
--- a/thirdparty/openssl/ssl/s3_srvr.c
+++ b/thirdparty/openssl/ssl/s3_srvr.c
@@ -2202,7 +2202,7 @@ int ssl3_get_client_key_exchange(SSL *s)
unsigned char rand_premaster_secret[SSL_MAX_MASTER_KEY_LENGTH];
int decrypt_len;
unsigned char decrypt_good, version_good;
- size_t j;
+ size_t j, padding_len;
/* FIX THIS UP EAY EAY EAY EAY */
if (s->s3->tmp.use_rsa_tmp) {
@@ -2270,16 +2270,38 @@ int ssl3_get_client_key_exchange(SSL *s)
if (RAND_bytes(rand_premaster_secret,
sizeof(rand_premaster_secret)) <= 0)
goto err;
+
+ /*
+ * Decrypt with no padding. PKCS#1 padding will be removed as part of
+ * the timing-sensitive code below.
+ */
decrypt_len =
- RSA_private_decrypt((int)n, p, p, rsa, RSA_PKCS1_PADDING);
- ERR_clear_error();
+ RSA_private_decrypt((int)n, p, p, rsa, RSA_NO_PADDING);
+ if (decrypt_len < 0)
+ goto err;
+
+ /* Check the padding. See RFC 3447, section 7.2.2. */
/*
- * decrypt_len should be SSL_MAX_MASTER_KEY_LENGTH. decrypt_good will
- * be 0xff if so and zero otherwise.
+ * The smallest padded premaster is 11 bytes of overhead. Small keys
+ * are publicly invalid, so this may return immediately. This ensures
+ * PS is at least 8 bytes.
*/
- decrypt_good =
- constant_time_eq_int_8(decrypt_len, SSL_MAX_MASTER_KEY_LENGTH);
+ if (decrypt_len < 11 + SSL_MAX_MASTER_KEY_LENGTH) {
+ al = SSL_AD_DECRYPT_ERROR;
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+ SSL_R_DECRYPTION_FAILED);
+ goto f_err;
+ }
+
+ padding_len = decrypt_len - SSL_MAX_MASTER_KEY_LENGTH;
+ decrypt_good = constant_time_eq_int_8(p[0], 0) &
+ constant_time_eq_int_8(p[1], 2);
+ for (j = 2; j < padding_len - 1; j++) {
+ decrypt_good &= ~constant_time_is_zero_8(p[j]);
+ }
+ decrypt_good &= constant_time_is_zero_8(p[padding_len - 1]);
+ p += padding_len;
/*
* If the version in the decrypted pre-master secret is correct then
diff --git a/thirdparty/openssl/ssl/ssl_ciph.c b/thirdparty/openssl/ssl/ssl_ciph.c
index 40021329a9..ccdf00fa1b 100644
--- a/thirdparty/openssl/ssl/ssl_ciph.c
+++ b/thirdparty/openssl/ssl/ssl_ciph.c
@@ -1205,7 +1205,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
((ch >= '0') && (ch <= '9')) ||
((ch >= 'a') && (ch <= 'z')) || (ch == '-') || (ch == '.'))
#else
- while (isalnum(ch) || (ch == '-') || (ch == '.'))
+ while (isalnum((unsigned char)ch) || (ch == '-') || (ch == '.'))
#endif
{
ch = *(++l);
diff --git a/thirdparty/openssl/ssl/ssl_lib.c b/thirdparty/openssl/ssl/ssl_lib.c
index 24be376c9f..3539f4b8d2 100644
--- a/thirdparty/openssl/ssl/ssl_lib.c
+++ b/thirdparty/openssl/ssl/ssl_lib.c
@@ -1825,15 +1825,15 @@ void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data,
int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen,
const char *label, size_t llen,
- const unsigned char *p, size_t plen,
+ const unsigned char *context, size_t contextlen,
int use_context)
{
if (s->version < TLS1_VERSION && s->version != DTLS1_BAD_VER)
return -1;
return s->method->ssl3_enc->export_keying_material(s, out, olen, label,
- llen, p, plen,
- use_context);
+ llen, context,
+ contextlen, use_context);
}
static unsigned long ssl_session_hash(const SSL_SESSION *a)
@@ -3180,6 +3180,7 @@ SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX *ctx)
#endif
ssl->cert = ssl_cert_dup(ctx->cert);
if (ocert) {
+ int i;
/* Preserve any already negotiated parameters */
if (ssl->server) {
ssl->cert->peer_sigalgs = ocert->peer_sigalgs;
@@ -3189,6 +3190,9 @@ SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX *ctx)
ssl->cert->ciphers_rawlen = ocert->ciphers_rawlen;
ocert->ciphers_raw = NULL;
}
+ for (i = 0; i < SSL_PKEY_NUM; i++) {
+ ssl->cert->pkeys[i].digest = ocert->pkeys[i].digest;
+ }
#ifndef OPENSSL_NO_TLSEXT
ssl->cert->alpn_proposed = ocert->alpn_proposed;
ssl->cert->alpn_proposed_len = ocert->alpn_proposed_len;
diff --git a/thirdparty/openssl/ssl/ssl_sess.c b/thirdparty/openssl/ssl/ssl_sess.c
index f50f514212..23dd3e7a01 100644
--- a/thirdparty/openssl/ssl/ssl_sess.c
+++ b/thirdparty/openssl/ssl/ssl_sess.c
@@ -261,7 +261,6 @@ SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket)
#ifndef OPENSSL_NO_SRP
dest->srp_username = NULL;
#endif
- memset(&dest->ex_data, 0, sizeof(dest->ex_data));
/* We deliberately don't copy the prev and next pointers */
dest->prev = NULL;
@@ -275,6 +274,9 @@ SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket)
if (src->peer != NULL)
CRYPTO_add(&src->peer->references, 1, CRYPTO_LOCK_X509);
+ if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, dest, &dest->ex_data))
+ goto err;
+
#ifndef OPENSSL_NO_PSK
if (src->psk_identity_hint) {
dest->psk_identity_hint = BUF_strdup(src->psk_identity_hint);
@@ -325,7 +327,7 @@ SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket)
}
# endif
- if (ticket != 0) {
+ if (ticket != 0 && src->tlsext_tick != NULL) {
dest->tlsext_tick = BUF_memdup(src->tlsext_tick, src->tlsext_ticklen);
if(dest->tlsext_tick == NULL)
goto err;
diff --git a/thirdparty/openssl/ssl/t1_lib.c b/thirdparty/openssl/ssl/t1_lib.c
index 6587e8bb68..1a4387b78e 100644
--- a/thirdparty/openssl/ssl/t1_lib.c
+++ b/thirdparty/openssl/ssl/t1_lib.c
@@ -1916,7 +1916,7 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf,
s2n(TLSEXT_TYPE_application_layer_protocol_negotiation, ret);
s2n(3 + len, ret);
s2n(1 + len, ret);
- *ret++ = len;
+ *ret++ = (unsigned char)len;
memcpy(ret, selected, len);
ret += len;
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-12-18 09:36:01 +0000