Codebase list openssl / 3dbc525
Update upstream source from tag 'upstream/1.1.1k' Update to upstream version '1.1.1k' with Debian dir 87906ad25120d8a0110965b833237aac73d2005e Sebastian Andrzej Siewior 3 years ago
29 changed file(s) with 256 addition(s) and 65 deletion(s). Raw diff Collapse all Expand all
+44
-0
CHANGES less more
55 For a full list of changes, see the git commit log; for example,
66 https://github.com/openssl/openssl/commits/ and pick the appropriate
77 release branch.
8
9 Changes between 1.1.1j and 1.1.1k [25 Mar 2021]
10
11 *) Fixed a problem with verifying a certificate chain when using the
12 X509_V_FLAG_X509_STRICT flag. This flag enables additional security checks
13 of the certificates present in a certificate chain. It is not set by
14 default.
15
16 Starting from OpenSSL version 1.1.1h a check to disallow certificates in
17 the chain that have explicitly encoded elliptic curve parameters was added
18 as an additional strict check.
19
20 An error in the implementation of this check meant that the result of a
21 previous check to confirm that certificates in the chain are valid CA
22 certificates was overwritten. This effectively bypasses the check
23 that non-CA certificates must not be able to issue other certificates.
24
25 If a "purpose" has been configured then there is a subsequent opportunity
26 for checks that the certificate is a valid CA. All of the named "purpose"
27 values implemented in libcrypto perform this check. Therefore, where
28 a purpose is set the certificate chain will still be rejected even when the
29 strict flag has been used. A purpose is set by default in libssl client and
30 server certificate verification routines, but it can be overridden or
31 removed by an application.
32
33 In order to be affected, an application must explicitly set the
34 X509_V_FLAG_X509_STRICT verification flag and either not set a purpose
35 for the certificate verification or, in the case of TLS client or server
36 applications, override the default purpose.
37 (CVE-2021-3450)
38 [Tomáš Mráz]
39
40 *) Fixed an issue where an OpenSSL TLS server may crash if sent a maliciously
41 crafted renegotiation ClientHello message from a client. If a TLSv1.2
42 renegotiation ClientHello omits the signature_algorithms extension (where
43 it was present in the initial ClientHello), but includes a
44 signature_algorithms_cert extension then a NULL pointer dereference will
45 result, leading to a crash and a denial of service attack.
46
47 A server is only vulnerable if it has TLSv1.2 and renegotiation enabled
48 (which is the default configuration). OpenSSL TLS clients are not impacted
49 by this issue.
50 (CVE-2021-3449)
51 [Peter Kästle and Samuel Sapalski]
852
953 Changes between 1.1.1i and 1.1.1j [16 Feb 2021]
1054
+2
-2
Configurations/unix-Makefile.tmpl less more
916916 done )
917917
918918 ordinals:
919 ( b=`pwd`; cd $(SRCDIR); $(PERL) -I$$b util/mkdef.pl crypto update )
920 ( b=`pwd`; cd $(SRCDIR); $(PERL) -I$$b util/mkdef.pl ssl update )
919 $(PERL) $(SRCDIR)/util/mkdef.pl crypto update
920 $(PERL) $(SRCDIR)/util/mkdef.pl ssl update
921921
922922 test_ordinals:
923923 ( cd test; \
+8
-0
NEWS less more
33
44 This file gives a brief overview of the major changes between each OpenSSL
55 release. For more details please read the CHANGES file.
6
7 Major changes between OpenSSL 1.1.1j and OpenSSL 1.1.1k [25 Mar 2021]
8
9 o Fixed a problem with verifying a certificate chain when using the
10 X509_V_FLAG_X509_STRICT flag (CVE-2021-3450)
11 o Fixed an issue where an OpenSSL TLS server may crash if sent a
12 maliciously crafted renegotiation ClientHello message from a client
13 (CVE-2021-3449)
614
715 Major changes between OpenSSL 1.1.1i and OpenSSL 1.1.1j [16 Feb 2021]
816
+2
-2
README less more
00
1 OpenSSL 1.1.1j 16 Feb 2021
1 OpenSSL 1.1.1k 25 Mar 2021
22
3 Copyright (c) 1998-2020 The OpenSSL Project
3 Copyright (c) 1998-2021 The OpenSSL Project
44 Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
55 All rights reserved.
66
+3
-2
apps/s_cb.c less more
00 /*
1 * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
1 * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
22 *
33 * Licensed under the OpenSSL license (the "License"). You may not use
44 * this file except in compliance with the License. You can obtain a copy
933933 if (!SSL_build_cert_chain(ssl, 0))
934934 return 0;
935935 } else if (exc->chain != NULL) {
936 SSL_set1_chain(ssl, exc->chain);
936 if (!SSL_set1_chain(ssl, exc->chain))
937 return 0;
937938 }
938939 }
939940 exc = exc->prev;
+3
-2
apps/s_time.c less more
00 /*
1 * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
1 * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
22 *
33 * Licensed under the OpenSSL license (the "License"). You may not use
44 * this file except in compliance with the License. You can obtain a copy
262262 nConn, totalTime, ((double)nConn / totalTime), bytes_read);
263263 printf
264264 ("%d connections in %ld real seconds, %ld bytes read per connection\n",
265 nConn, (long)time(NULL) - finishtime + maxtime, bytes_read / nConn);
265 nConn, (long)time(NULL) - finishtime + maxtime,
266 nConn > 0 ? bytes_read / nConn : 0l);
266267
267268 /*
268269 * Now loop and time connections using the same session id over and over
+2
-1
crypto/asn1/asn1_par.c less more
00 /*
1 * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
1 * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
22 *
33 * Licensed under the OpenSSL license (the "License"). You may not use
44 * this file except in compliance with the License. You can obtain a copy
324324 }
325325 if (BIO_puts(bp, "]") <= 0)
326326 goto end;
327 dump_cont = 0;
327328 }
328329
329330 if (!nl) {
+3
-1
crypto/asn1/bio_ndef.c less more
00 /*
1 * Copyright 2008-2018 The OpenSSL Project Authors. All Rights Reserved.
1 * Copyright 2008-2021 The OpenSSL Project Authors. All Rights Reserved.
22 *
33 * Licensed under the OpenSSL license (the "License"). You may not use
44 * this file except in compliance with the License. You can obtain a copy
112112 ndef_aux = *(NDEF_SUPPORT **)parg;
113113
114114 derlen = ASN1_item_ndef_i2d(ndef_aux->val, NULL, ndef_aux->it);
115 if (derlen < 0)
116 return 0;
115117 if ((p = OPENSSL_malloc(derlen)) == NULL) {
116118 ASN1err(ASN1_F_NDEF_PREFIX, ERR_R_MALLOC_FAILURE);
117119 return 0;
+16
-3
crypto/engine/eng_devcrypto.c less more
00 /*
1 * Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.
1 * Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved.
22 *
33 * Licensed under the OpenSSL license (the "License"). You may not use
44 * this file except in compliance with the License. You can obtain a copy
757757 void engine_load_devcrypto_int()
758758 {
759759 ENGINE *e = NULL;
760
761 if ((cfd = open("/dev/crypto", O_RDWR, 0)) < 0) {
760 int fd;
761
762 if ((fd = open("/dev/crypto", O_RDWR, 0)) < 0) {
762763 #ifndef ENGINE_DEVCRYPTO_DEBUG
763764 if (errno != ENOENT)
764765 #endif
765766 fprintf(stderr, "Could not open /dev/crypto: %s\n", strerror(errno));
766767 return;
767768 }
769
770 #ifdef CRIOGET
771 if (ioctl(fd, CRIOGET, &cfd) < 0) {
772 fprintf(stderr, "Could not create crypto fd: %s\n", strerror(errno));
773 close(fd);
774 cfd = -1;
775 return;
776 }
777 close(fd);
778 #else
779 cfd = fd;
780 #endif
768781
769782 if ((e = ENGINE_new()) == NULL
770783 || !ENGINE_set_destroy_function(e, devcrypto_unload)) {
+1
-1
crypto/evp/evp_enc.c less more
00 /*
1 * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
1 * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
22 *
33 * Licensed under the OpenSSL license (the "License"). You may not use
44 * this file except in compliance with the License. You can obtain a copy
+5
-3
crypto/modes/cbc128.c less more
00 /*
1 * Copyright 2008-2020 The OpenSSL Project Authors. All Rights Reserved.
1 * Copyright 2008-2021 The OpenSSL Project Authors. All Rights Reserved.
22 *
33 * Licensed under the OpenSSL license (the "License"). You may not use
44 * this file except in compliance with the License. You can obtain a copy
6868 in += 16;
6969 out += 16;
7070 }
71 memcpy(ivec, iv, 16);
71 if (ivec != iv)
72 memcpy(ivec, iv, 16);
7273 }
7374
7475 void CRYPTO_cbc128_decrypt(const unsigned char *in, unsigned char *out,
113114 out += 16;
114115 }
115116 }
116 memcpy(ivec, iv, 16);
117 if (ivec != iv)
118 memcpy(ivec, iv, 16);
117119 } else {
118120 if (STRICT_ALIGNMENT &&
119121 ((size_t)in | (size_t)out | (size_t)ivec) % sizeof(size_t) != 0) {
+3
-3
crypto/modes/gcm128.c less more
00 /*
1 * Copyright 2010-2020 The OpenSSL Project Authors. All Rights Reserved.
1 * Copyright 2010-2021 The OpenSSL Project Authors. All Rights Reserved.
22 *
33 * Licensed under the OpenSSL license (the "License"). You may not use
44 * this file except in compliance with the License. You can obtain a copy
13841384 else
13851385 ctx->Yi.d[3] = ctr;
13861386 for (i = 0; i < 16 / sizeof(size_t); ++i) {
1387 size_t c = in[i];
1388 out[i] = c ^ ctx->EKi.t[i];
1387 size_t c = in_t[i];
1388 out_t[i] = c ^ ctx->EKi.t[i];
13891389 ctx->Xi.t[i] ^= c;
13901390 }
13911391 GCM_MUL(ctx);
+3
-3
crypto/o_time.c less more
00 /*
1 * Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved.
1 * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved.
22 *
33 * Licensed under the OpenSSL license (the "License"). You may not use
44 * this file except in compliance with the License. You can obtain a copy
132132 static int julian_adj(const struct tm *tm, int off_day, long offset_sec,
133133 long *pday, int *psec)
134134 {
135 int offset_hms, offset_day;
136 long time_jd;
135 int offset_hms;
136 long offset_day, time_jd;
137137 int time_year, time_month, time_day;
138138 /* split offset into days and day seconds */
139139 offset_day = offset_sec / SECS_PER_DAY;
+6
-2
crypto/rand/rand_lib.c less more
00 /*
1 * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
1 * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
22 *
33 * Licensed under the OpenSSL license (the "License"). You may not use
44 * this file except in compliance with the License. You can obtain a copy
431431 RAND_POOL *rand_pool_new(int entropy_requested, int secure,
432432 size_t min_len, size_t max_len)
433433 {
434 RAND_POOL *pool = OPENSSL_zalloc(sizeof(*pool));
434 RAND_POOL *pool;
435435 size_t min_alloc_size = RAND_POOL_MIN_ALLOCATION(secure);
436436
437 if (!RUN_ONCE(&rand_init, do_rand_init))
438 return NULL;
439
440 pool = OPENSSL_zalloc(sizeof(*pool));
437441 if (pool == NULL) {
438442 RANDerr(RAND_F_RAND_POOL_NEW, ERR_R_MALLOC_FAILURE);
439443 return NULL;
+1
-1
crypto/rsa/rsa_ssl.c less more
00 /*
1 * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
1 * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
22 *
33 * Licensed under the OpenSSL license (the "License"). You may not use
44 * this file except in compliance with the License. You can obtain a copy
+9
-5
crypto/x509/x509_vfy.c less more
523523 ret = 1;
524524 break;
525525 }
526 if ((ctx->param->flags & X509_V_FLAG_X509_STRICT) && num > 1) {
526 if (ret > 0
527 && (ctx->param->flags & X509_V_FLAG_X509_STRICT) && num > 1) {
527528 /* Check for presence of explicit elliptic curve parameters */
528529 ret = check_curve(x);
529 if (ret < 0)
530 if (ret < 0) {
530531 ctx->error = X509_V_ERR_UNSPECIFIED;
531 else if (ret == 0)
532 ret = 0;
533 } else if (ret == 0) {
532534 ctx->error = X509_V_ERR_EC_KEY_EXPLICIT_PARAMS;
533 }
534 if ((x->ex_flags & EXFLAG_CA) == 0
535 }
536 }
537 if (ret > 0
538 && (x->ex_flags & EXFLAG_CA) == 0
535539 && x->ex_pathlen != -1
536540 && (ctx->param->flags & X509_V_FLAG_X509_STRICT)) {
537541 ctx->error = X509_V_ERR_INVALID_EXTENSION;
+1
-1
fuzz/x509.c less more
00 /*
1 * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
1 * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
22 *
33 * Licensed under the OpenSSL licenses, (the "License");
44 * you may not use this file except in compliance with the License.
+3
-3
include/openssl/opensslv.h less more
00 /*
1 * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved.
1 * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved.
22 *
33 * Licensed under the OpenSSL license (the "License"). You may not use
44 * this file except in compliance with the License. You can obtain a copy
3838 * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
3939 * major minor fix final patch/beta)
4040 */
41 # define OPENSSL_VERSION_NUMBER 0x101010afL
42 # define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1j 16 Feb 2021"
41 # define OPENSSL_VERSION_NUMBER 0x101010bfL
42 # define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1k 25 Mar 2021"
4343
4444 /*-
4545 * The macros below are to be used for shared library (.so, .dll, ...)
+5
-2
ssl/s3_lib.c less more
00 /*
1 * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
1 * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
22 * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
33 * Copyright 2005 Nokia. All rights reserved.
44 *
46284628
46294629 OPENSSL_clear_free(s->s3->tmp.psk, psklen);
46304630 s->s3->tmp.psk = NULL;
4631 s->s3->tmp.psklen = 0;
46314632 if (!s->method->ssl3_enc->generate_master_secret(s,
46324633 s->session->master_key, pskpms, pskpmslen,
46334634 &s->session->master_key_length)) {
46574658 else
46584659 OPENSSL_cleanse(pms, pmslen);
46594660 }
4660 if (s->server == 0)
4661 if (s->server == 0) {
46614662 s->s3->tmp.pms = NULL;
4663 s->s3->tmp.pmslen = 0;
4664 }
46624665 return ret;
46634666 }
46644667
+12
-4
ssl/ssl_lib.c less more
00 /*
1 * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
1 * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
22 * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
33 * Copyright 2005 Nokia. All rights reserved.
44 *
778778 s->ext.ecpointformats =
779779 OPENSSL_memdup(ctx->ext.ecpointformats,
780780 ctx->ext.ecpointformats_len);
781 if (!s->ext.ecpointformats)
781 if (!s->ext.ecpointformats) {
782 s->ext.ecpointformats_len = 0;
782783 goto err;
784 }
783785 s->ext.ecpointformats_len =
784786 ctx->ext.ecpointformats_len;
785787 }
788790 OPENSSL_memdup(ctx->ext.supportedgroups,
789791 ctx->ext.supportedgroups_len
790792 * sizeof(*ctx->ext.supportedgroups));
791 if (!s->ext.supportedgroups)
793 if (!s->ext.supportedgroups) {
794 s->ext.supportedgroups_len = 0;
792795 goto err;
796 }
793797 s->ext.supportedgroups_len = ctx->ext.supportedgroups_len;
794798 }
795799 #endif
799803
800804 if (s->ctx->ext.alpn) {
801805 s->ext.alpn = OPENSSL_malloc(s->ctx->ext.alpn_len);
802 if (s->ext.alpn == NULL)
806 if (s->ext.alpn == NULL) {
807 s->ext.alpn_len = 0;
803808 goto err;
809 }
804810 memcpy(s->ext.alpn, s->ctx->ext.alpn, s->ctx->ext.alpn_len);
805811 s->ext.alpn_len = s->ctx->ext.alpn_len;
806812 }
28332839 OPENSSL_free(ctx->ext.alpn);
28342840 ctx->ext.alpn = OPENSSL_memdup(protos, protos_len);
28352841 if (ctx->ext.alpn == NULL) {
2842 ctx->ext.alpn_len = 0;
28362843 SSLerr(SSL_F_SSL_CTX_SET_ALPN_PROTOS, ERR_R_MALLOC_FAILURE);
28372844 return 1;
28382845 }
28522859 OPENSSL_free(ssl->ext.alpn);
28532860 ssl->ext.alpn = OPENSSL_memdup(protos, protos_len);
28542861 if (ssl->ext.alpn == NULL) {
2862 ssl->ext.alpn_len = 0;
28552863 SSLerr(SSL_F_SSL_SET_ALPN_PROTOS, ERR_R_MALLOC_FAILURE);
28562864 return 1;
28572865 }
+4
-0
ssl/statem/extensions.c less more
335335 tls_construct_stoc_key_share, tls_construct_ctos_key_share,
336336 final_key_share
337337 },
338 #else
339 INVALID_EXTENSION,
338340 #endif
339341 {
340342 /* Must be after key_share */
11361138 /* Clear any signature algorithms extension received */
11371139 OPENSSL_free(s->s3->tmp.peer_sigalgs);
11381140 s->s3->tmp.peer_sigalgs = NULL;
1141 s->s3->tmp.peer_sigalgslen = 0;
11391142
11401143 return 1;
11411144 }
11451148 /* Clear any signature algorithms extension received */
11461149 OPENSSL_free(s->s3->tmp.peer_cert_sigalgs);
11471150 s->s3->tmp.peer_cert_sigalgs = NULL;
1151 s->s3->tmp.peer_cert_sigalgslen = 0;
11481152
11491153 return 1;
11501154 }
+13
-3
ssl/statem/extensions_clnt.c less more
00 /*
1 * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
1 * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
22 *
33 * Licensed under the OpenSSL license (the "License"). You may not use
44 * this file except in compliance with the License. You can obtain a copy
815815 OPENSSL_free(s->psksession_id);
816816 s->psksession_id = OPENSSL_memdup(id, idlen);
817817 if (s->psksession_id == NULL) {
818 s->psksession_id_len = 0;
818819 SSLfatal(s, SSL_AD_INTERNAL_ERROR,
819820 SSL_F_TLS_CONSTRUCT_CTOS_EARLY_DATA, ERR_R_INTERNAL_ERROR);
820821 return EXT_RETURN_FAIL;
13741375 OPENSSL_free(s->ext.peer_ecpointformats);
13751376 s->ext.peer_ecpointformats = OPENSSL_malloc(ecpointformats_len);
13761377 if (s->ext.peer_ecpointformats == NULL) {
1378 s->ext.peer_ecpointformats_len = 0;
13771379 SSLfatal(s, SSL_AD_INTERNAL_ERROR,
13781380 SSL_F_TLS_PARSE_STOC_EC_PT_FORMATS, ERR_R_INTERNAL_ERROR);
13791381 return 0;
14911493 s->ext.scts_len = (uint16_t)size;
14921494 if (size > 0) {
14931495 s->ext.scts = OPENSSL_malloc(size);
1494 if (s->ext.scts == NULL
1495 || !PACKET_copy_bytes(pkt, s->ext.scts, size)) {
1496 if (s->ext.scts == NULL) {
1497 s->ext.scts_len = 0;
1498 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_SCT,
1499 ERR_R_MALLOC_FAILURE);
1500 return 0;
1501 }
1502 if (!PACKET_copy_bytes(pkt, s->ext.scts, size)) {
14961503 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_SCT,
14971504 ERR_R_INTERNAL_ERROR);
14981505 return 0;
15911598 OPENSSL_free(s->ext.npn);
15921599 s->ext.npn = OPENSSL_malloc(selected_len);
15931600 if (s->ext.npn == NULL) {
1601 s->ext.npn_len = 0;
15941602 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_NPN,
15951603 ERR_R_INTERNAL_ERROR);
15961604 return 0;
16311639 OPENSSL_free(s->s3->alpn_selected);
16321640 s->s3->alpn_selected = OPENSSL_malloc(len);
16331641 if (s->s3->alpn_selected == NULL) {
1642 s->s3->alpn_selected_len = 0;
16341643 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_ALPN,
16351644 ERR_R_INTERNAL_ERROR);
16361645 return 0;
16621671 s->session->ext.alpn_selected =
16631672 OPENSSL_memdup(s->s3->alpn_selected, s->s3->alpn_selected_len);
16641673 if (s->session->ext.alpn_selected == NULL) {
1674 s->session->ext.alpn_selected_len = 0;
16651675 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_ALPN,
16661676 ERR_R_INTERNAL_ERROR);
16671677 return 0;
+7
-1
ssl/statem/statem_clnt.c less more
24612461 s->s3->tmp.ctype_len = 0;
24622462 OPENSSL_free(s->pha_context);
24632463 s->pha_context = NULL;
2464 s->pha_context_len = 0;
24642465
24652466 if (!PACKET_get_length_prefixed_1(pkt, &reqctx) ||
24662467 !PACKET_memdup(&reqctx, &s->pha_context, &s->pha_context_len)) {
27702771 }
27712772 s->ext.ocsp.resp = OPENSSL_malloc(resplen);
27722773 if (s->ext.ocsp.resp == NULL) {
2774 s->ext.ocsp.resp_len = 0;
27732775 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CERT_STATUS_BODY,
27742776 ERR_R_MALLOC_FAILURE);
27752777 return 0;
27762778 }
2779 s->ext.ocsp.resp_len = resplen;
27772780 if (!PACKET_copy_bytes(pkt, s->ext.ocsp.resp, resplen)) {
27782781 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CERT_STATUS_BODY,
27792782 SSL_R_LENGTH_MISMATCH);
27802783 return 0;
27812784 }
2782 s->ext.ocsp.resp_len = resplen;
27832785
27842786 return 1;
27852787 }
29042906 if (psklen > PSK_MAX_PSK_LEN) {
29052907 SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
29062908 SSL_F_TLS_CONSTRUCT_CKE_PSK_PREAMBLE, ERR_R_INTERNAL_ERROR);
2909 psklen = PSK_MAX_PSK_LEN; /* Avoid overrunning the array on cleanse */
29072910 goto err;
29082911 } else if (psklen == 0) {
29092912 SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
33493352 err:
33503353 OPENSSL_clear_free(s->s3->tmp.pms, s->s3->tmp.pmslen);
33513354 s->s3->tmp.pms = NULL;
3355 s->s3->tmp.pmslen = 0;
33523356 #ifndef OPENSSL_NO_PSK
33533357 OPENSSL_clear_free(s->s3->tmp.psk, s->s3->tmp.psklen);
33543358 s->s3->tmp.psk = NULL;
3359 s->s3->tmp.psklen = 0;
33553360 #endif
33563361 return 0;
33573362 }
34263431 err:
34273432 OPENSSL_clear_free(pms, pmslen);
34283433 s->s3->tmp.pms = NULL;
3434 s->s3->tmp.pmslen = 0;
34293435 return 0;
34303436 }
34313437
+15
-4
ssl/statem/statem_srvr.c less more
00 /*
1 * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
1 * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
22 * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
33 * Copyright 2005 Nokia. All rights reserved.
44 *
21772177 OPENSSL_free(s->s3->alpn_selected);
21782178 s->s3->alpn_selected = OPENSSL_memdup(selected, selected_len);
21792179 if (s->s3->alpn_selected == NULL) {
2180 s->s3->alpn_selected_len = 0;
21802181 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_HANDLE_ALPN,
21812182 ERR_R_INTERNAL_ERROR);
21822183 return 0;
28522853 if (s->post_handshake_auth == SSL_PHA_REQUEST_PENDING) {
28532854 OPENSSL_free(s->pha_context);
28542855 s->pha_context_len = 32;
2855 if ((s->pha_context = OPENSSL_malloc(s->pha_context_len)) == NULL
2856 || RAND_bytes(s->pha_context, s->pha_context_len) <= 0
2857 || !WPACKET_sub_memcpy_u8(pkt, s->pha_context, s->pha_context_len)) {
2856 if ((s->pha_context = OPENSSL_malloc(s->pha_context_len)) == NULL) {
2857 s->pha_context_len = 0;
2858 SSLfatal(s, SSL_AD_INTERNAL_ERROR,
2859 SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST,
2860 ERR_R_INTERNAL_ERROR);
2861 return 0;
2862 }
2863 if (RAND_bytes(s->pha_context, s->pha_context_len) <= 0
2864 || !WPACKET_sub_memcpy_u8(pkt, s->pha_context,
2865 s->pha_context_len)) {
28582866 SSLfatal(s, SSL_AD_INTERNAL_ERROR,
28592867 SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST,
28602868 ERR_R_INTERNAL_ERROR);
29682976 OPENSSL_cleanse(psk, psklen);
29692977
29702978 if (s->s3->tmp.psk == NULL) {
2979 s->s3->tmp.psklen = 0;
29712980 SSLfatal(s, SSL_AD_INTERNAL_ERROR,
29722981 SSL_F_TLS_PROCESS_CKE_PSK_PREAMBLE, ERR_R_MALLOC_FAILURE);
29732982 return 0;
35073516 #ifndef OPENSSL_NO_PSK
35083517 OPENSSL_clear_free(s->s3->tmp.psk, s->s3->tmp.psklen);
35093518 s->s3->tmp.psk = NULL;
3519 s->s3->tmp.psklen = 0;
35103520 #endif
35113521 return MSG_PROCESS_ERROR;
35123522 }
41164126 s->session->ext.alpn_selected =
41174127 OPENSSL_memdup(s->s3->alpn_selected, s->s3->alpn_selected_len);
41184128 if (s->session->ext.alpn_selected == NULL) {
4129 s->session->ext.alpn_selected_len = 0;
41194130 SSLfatal(s, SSL_AD_INTERNAL_ERROR,
41204131 SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET,
41214132 ERR_R_MALLOC_FAILURE);
+36
-2
test/recipes/70-test_renegotiation.t less more
00 #! /usr/bin/env perl
1 # Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
1 # Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
22 #
33 # Licensed under the OpenSSL license (the "License"). You may not use
44 # this file except in compliance with the License. You can obtain a copy
3737 $proxy->clientflags("-no_tls1_3");
3838 $proxy->reneg(1);
3939 $proxy->start() or plan skip_all => "Unable to start up Proxy for tests";
40 plan tests => 3;
40 plan tests => 4;
4141 ok(TLSProxy::Message->success(), "Basic renegotiation");
4242
4343 #Test 2: Client does not send the Reneg SCSV. Reneg should fail
7676 "Check ClientHello version is the same");
7777 }
7878
79 SKIP: {
80 skip "TLSv1.2 disabled", 1
81 if disabled("tls1_2");
82
83 #Test 4: Test for CVE-2021-3449. client_sig_algs instead of sig_algs in
84 # resumption ClientHello
85 $proxy->clear();
86 $proxy->filter(\&sigalgs_filter);
87 $proxy->clientflags("-tls1_2");
88 $proxy->reneg(1);
89 $proxy->start();
90 ok(TLSProxy::Message->fail(), "client_sig_algs instead of sig_algs");
91 }
92
7993 sub reneg_filter
8094 {
8195 my $proxy = shift;
95109 }
96110 }
97111 }
112
113 sub sigalgs_filter
114 {
115 my $proxy = shift;
116 my $cnt = 0;
117
118 # We're only interested in the second ClientHello message
119 foreach my $message (@{$proxy->message_list}) {
120 if ($message->mt == TLSProxy::Message::MT_CLIENT_HELLO) {
121 next if ($cnt++ == 0);
122
123 my $sigs = pack "C10", 0x00, 0x08,
124 # rsa_pkcs_sha{256,384,512,1}
125 0x04, 0x01, 0x05, 0x01, 0x06, 0x01, 0x02, 0x01;
126 $message->set_extension(TLSProxy::Message::EXT_SIG_ALGS_CERT, $sigs);
127 $message->delete_extension(TLSProxy::Message::EXT_SIG_ALGS);
128 $message->repack();
129 }
130 }
131 }
+2
-2
test/rsa_test.c less more
00 /*
1 * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved.
1 * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved.
22 *
33 * Licensed under the OpenSSL license (the "License"). You may not use
44 * this file except in compliance with the License. You can obtain a copy
303303 static int test_rsa_oaep(int idx)
304304 {
305305 int ret = 0;
306 RSA *key;
306 RSA *key = NULL;
307307 unsigned char ptext[256];
308308 unsigned char ctext[256];
309309 static unsigned char ptext_ex[] = "\x54\x85\x9b\x34\x2c\x49\xea\x2a";
+14
-2
test/verify_extra_test.c less more
139139
140140 i = X509_verify_cert(sctx);
141141
142 if (i == 0 && X509_STORE_CTX_get_error(sctx) == X509_V_ERR_INVALID_CA) {
142 if (i != 0 || X509_STORE_CTX_get_error(sctx) != X509_V_ERR_INVALID_CA)
143 goto err;
144
145 /* repeat with X509_V_FLAG_X509_STRICT */
146 X509_STORE_CTX_cleanup(sctx);
147 X509_STORE_set_flags(store, X509_V_FLAG_X509_STRICT);
148
149 if (!X509_STORE_CTX_init(sctx, store, x, untrusted))
150 goto err;
151
152 i = X509_verify_cert(sctx);
153
154 if (i == 0 && X509_STORE_CTX_get_error(sctx) == X509_V_ERR_INVALID_CA)
143155 /* This is the result we were expecting: Test passed */
144156 ret = 1;
145 }
157
146158 err:
147159 X509_STORE_CTX_free(sctx);
148160 X509_free(x);
+2
-2
tools/c_rehash.in less more
00 #!{- $config{HASHBANGPERL} -}
11
22 # {- join("\n# ", @autowarntext) -}
3 # Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved.
3 # Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved.
44 #
55 # Licensed under the OpenSSL license (the "License"). You may not use
66 # this file except in compliance with the License. You can obtain a copy
160160
161161 sub link_hash_cert {
162162 my $fname = $_[0];
163 $fname =~ s/'/'\\''/g;
163 $fname =~ s/\"/\\\"/g;
164164 my ($hash, $fprint) = `"$openssl" x509 $x509hash -fingerprint -noout -in "$fname"`;
165165 chomp $hash;
166166 chomp $fprint;
+31
-8
util/perl/TLSProxy/Message.pm less more
0 # Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
0 # Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
11 #
22 # Licensed under the OpenSSL license (the "License"). You may not use
33 # this file except in compliance with the License. You can obtain a copy
447447 }
448448
449449 #Update all the underlying records with the modified data from this message
450 #Note: Only supports re-encrypting for TLSv1.3
450 #Note: Only supports TLSv1.3 and ETM encryption
451451 sub repack
452452 {
453453 my $self = shift;
489489 # (If a length override is ever needed to construct invalid packets,
490490 # use an explicit override field instead.)
491491 $rec->decrypt_len(length($rec->decrypt_data));
492 $rec->len($rec->len + length($msgdata) - $old_length);
493 # Only support re-encryption for TLSv1.3.
494 if (TLSProxy::Proxy->is_tls13() && $rec->encrypted()) {
495 #Add content type (1 byte) and 16 tag bytes
496 $rec->data($rec->decrypt_data
497 .pack("C", TLSProxy::Record::RT_HANDSHAKE).("\0"x16));
492 # Only support re-encryption for TLSv1.3 and ETM.
493 if ($rec->encrypted()) {
494 if (TLSProxy::Proxy->is_tls13()) {
495 #Add content type (1 byte) and 16 tag bytes
496 $rec->data($rec->decrypt_data
497 .pack("C", TLSProxy::Record::RT_HANDSHAKE).("\0"x16));
498 } elsif ($rec->etm()) {
499 my $data = $rec->decrypt_data;
500 #Add padding
501 my $padval = length($data) % 16;
502 $padval = 15 - $padval;
503 for (0..$padval) {
504 $data .= pack("C", $padval);
505 }
506
507 #Add MAC. Assumed to be 20 bytes
508 foreach my $macval (0..19) {
509 $data .= pack("C", $macval);
510 }
511
512 if ($rec->version() >= TLSProxy::Record::VERS_TLS_1_1) {
513 #Explicit IV
514 $data = ("\0"x16).$data;
515 }
516 $rec->data($data);
517 } else {
518 die "Unsupported encryption: No ETM";
519 }
498520 } else {
499521 $rec->data($rec->decrypt_data);
500522 }
523 $rec->len(length($rec->data));
501524
502525 #Update the fragment len in case we changed it above
503526 ${$self->message_frag_lens}[0] = length($msgdata)