Update upstream source from tag 'upstream/1.1.1k'
Update to upstream version '1.1.1k'
with Debian dir 87906ad25120d8a0110965b833237aac73d2005e
Sebastian Andrzej Siewior
3 years ago
5 | 5 | For a full list of changes, see the git commit log; for example, |
6 | 6 | https://github.com/openssl/openssl/commits/ and pick the appropriate |
7 | 7 | release branch. |
8 | ||
9 | Changes between 1.1.1j and 1.1.1k [25 Mar 2021] | |
10 | ||
11 | *) Fixed a problem with verifying a certificate chain when using the | |
12 | X509_V_FLAG_X509_STRICT flag. This flag enables additional security checks | |
13 | of the certificates present in a certificate chain. It is not set by | |
14 | default. | |
15 | ||
16 | Starting from OpenSSL version 1.1.1h a check to disallow certificates in | |
17 | the chain that have explicitly encoded elliptic curve parameters was added | |
18 | as an additional strict check. | |
19 | ||
20 | An error in the implementation of this check meant that the result of a | |
21 | previous check to confirm that certificates in the chain are valid CA | |
22 | certificates was overwritten. This effectively bypasses the check | |
23 | that non-CA certificates must not be able to issue other certificates. | |
24 | ||
25 | If a "purpose" has been configured then there is a subsequent opportunity | |
26 | for checks that the certificate is a valid CA. All of the named "purpose" | |
27 | values implemented in libcrypto perform this check. Therefore, where | |
28 | a purpose is set the certificate chain will still be rejected even when the | |
29 | strict flag has been used. A purpose is set by default in libssl client and | |
30 | server certificate verification routines, but it can be overridden or | |
31 | removed by an application. | |
32 | ||
33 | In order to be affected, an application must explicitly set the | |
34 | X509_V_FLAG_X509_STRICT verification flag and either not set a purpose | |
35 | for the certificate verification or, in the case of TLS client or server | |
36 | applications, override the default purpose. | |
37 | (CVE-2021-3450) | |
38 | [Tomáš Mráz] | |
39 | ||
40 | *) Fixed an issue where an OpenSSL TLS server may crash if sent a maliciously | |
41 | crafted renegotiation ClientHello message from a client. If a TLSv1.2 | |
42 | renegotiation ClientHello omits the signature_algorithms extension (where | |
43 | it was present in the initial ClientHello), but includes a | |
44 | signature_algorithms_cert extension then a NULL pointer dereference will | |
45 | result, leading to a crash and a denial of service attack. | |
46 | ||
47 | A server is only vulnerable if it has TLSv1.2 and renegotiation enabled | |
48 | (which is the default configuration). OpenSSL TLS clients are not impacted | |
49 | by this issue. | |
50 | (CVE-2021-3449) | |
51 | [Peter Kästle and Samuel Sapalski] | |
8 | 52 | |
9 | 53 | Changes between 1.1.1i and 1.1.1j [16 Feb 2021] |
10 | 54 |
916 | 916 | done ) |
917 | 917 | |
918 | 918 | ordinals: |
919 | ( b=`pwd`; cd $(SRCDIR); $(PERL) -I$$b util/mkdef.pl crypto update ) | |
920 | ( b=`pwd`; cd $(SRCDIR); $(PERL) -I$$b util/mkdef.pl ssl update ) | |
919 | $(PERL) $(SRCDIR)/util/mkdef.pl crypto update | |
920 | $(PERL) $(SRCDIR)/util/mkdef.pl ssl update | |
921 | 921 | |
922 | 922 | test_ordinals: |
923 | 923 | ( cd test; \ |
3 | 3 | |
4 | 4 | This file gives a brief overview of the major changes between each OpenSSL |
5 | 5 | release. For more details please read the CHANGES file. |
6 | ||
7 | Major changes between OpenSSL 1.1.1j and OpenSSL 1.1.1k [25 Mar 2021] | |
8 | ||
9 | o Fixed a problem with verifying a certificate chain when using the | |
10 | X509_V_FLAG_X509_STRICT flag (CVE-2021-3450) | |
11 | o Fixed an issue where an OpenSSL TLS server may crash if sent a | |
12 | maliciously crafted renegotiation ClientHello message from a client | |
13 | (CVE-2021-3449) | |
6 | 14 | |
7 | 15 | Major changes between OpenSSL 1.1.1i and OpenSSL 1.1.1j [16 Feb 2021] |
8 | 16 |
0 | 0 | |
1 | OpenSSL 1.1.1j 16 Feb 2021 | |
1 | OpenSSL 1.1.1k 25 Mar 2021 | |
2 | 2 | |
3 | Copyright (c) 1998-2020 The OpenSSL Project | |
3 | Copyright (c) 1998-2021 The OpenSSL Project | |
4 | 4 | Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson |
5 | 5 | All rights reserved. |
6 | 6 |
0 | 0 | /* |
1 | * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the OpenSSL license (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
933 | 933 | if (!SSL_build_cert_chain(ssl, 0)) |
934 | 934 | return 0; |
935 | 935 | } else if (exc->chain != NULL) { |
936 | SSL_set1_chain(ssl, exc->chain); | |
936 | if (!SSL_set1_chain(ssl, exc->chain)) | |
937 | return 0; | |
937 | 938 | } |
938 | 939 | } |
939 | 940 | exc = exc->prev; |
0 | 0 | /* |
1 | * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the OpenSSL license (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
262 | 262 | nConn, totalTime, ((double)nConn / totalTime), bytes_read); |
263 | 263 | printf |
264 | 264 | ("%d connections in %ld real seconds, %ld bytes read per connection\n", |
265 | nConn, (long)time(NULL) - finishtime + maxtime, bytes_read / nConn); | |
265 | nConn, (long)time(NULL) - finishtime + maxtime, | |
266 | nConn > 0 ? bytes_read / nConn : 0l); | |
266 | 267 | |
267 | 268 | /* |
268 | 269 | * Now loop and time connections using the same session id over and over |
0 | 0 | /* |
1 | * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the OpenSSL license (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
324 | 324 | } |
325 | 325 | if (BIO_puts(bp, "]") <= 0) |
326 | 326 | goto end; |
327 | dump_cont = 0; | |
327 | 328 | } |
328 | 329 | |
329 | 330 | if (!nl) { |
0 | 0 | /* |
1 | * Copyright 2008-2018 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 2008-2021 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the OpenSSL license (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
112 | 112 | ndef_aux = *(NDEF_SUPPORT **)parg; |
113 | 113 | |
114 | 114 | derlen = ASN1_item_ndef_i2d(ndef_aux->val, NULL, ndef_aux->it); |
115 | if (derlen < 0) | |
116 | return 0; | |
115 | 117 | if ((p = OPENSSL_malloc(derlen)) == NULL) { |
116 | 118 | ASN1err(ASN1_F_NDEF_PREFIX, ERR_R_MALLOC_FAILURE); |
117 | 119 | return 0; |
0 | 0 | /* |
1 | * Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the OpenSSL license (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
757 | 757 | void engine_load_devcrypto_int() |
758 | 758 | { |
759 | 759 | ENGINE *e = NULL; |
760 | ||
761 | if ((cfd = open("/dev/crypto", O_RDWR, 0)) < 0) { | |
760 | int fd; | |
761 | ||
762 | if ((fd = open("/dev/crypto", O_RDWR, 0)) < 0) { | |
762 | 763 | #ifndef ENGINE_DEVCRYPTO_DEBUG |
763 | 764 | if (errno != ENOENT) |
764 | 765 | #endif |
765 | 766 | fprintf(stderr, "Could not open /dev/crypto: %s\n", strerror(errno)); |
766 | 767 | return; |
767 | 768 | } |
769 | ||
770 | #ifdef CRIOGET | |
771 | if (ioctl(fd, CRIOGET, &cfd) < 0) { | |
772 | fprintf(stderr, "Could not create crypto fd: %s\n", strerror(errno)); | |
773 | close(fd); | |
774 | cfd = -1; | |
775 | return; | |
776 | } | |
777 | close(fd); | |
778 | #else | |
779 | cfd = fd; | |
780 | #endif | |
768 | 781 | |
769 | 782 | if ((e = ENGINE_new()) == NULL |
770 | 783 | || !ENGINE_set_destroy_function(e, devcrypto_unload)) { |
0 | 0 | /* |
1 | * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the OpenSSL license (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
0 | 0 | /* |
1 | * Copyright 2008-2020 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 2008-2021 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the OpenSSL license (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
68 | 68 | in += 16; |
69 | 69 | out += 16; |
70 | 70 | } |
71 | memcpy(ivec, iv, 16); | |
71 | if (ivec != iv) | |
72 | memcpy(ivec, iv, 16); | |
72 | 73 | } |
73 | 74 | |
74 | 75 | void CRYPTO_cbc128_decrypt(const unsigned char *in, unsigned char *out, |
113 | 114 | out += 16; |
114 | 115 | } |
115 | 116 | } |
116 | memcpy(ivec, iv, 16); | |
117 | if (ivec != iv) | |
118 | memcpy(ivec, iv, 16); | |
117 | 119 | } else { |
118 | 120 | if (STRICT_ALIGNMENT && |
119 | 121 | ((size_t)in | (size_t)out | (size_t)ivec) % sizeof(size_t) != 0) { |
0 | 0 | /* |
1 | * Copyright 2010-2020 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 2010-2021 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the OpenSSL license (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
1384 | 1384 | else |
1385 | 1385 | ctx->Yi.d[3] = ctr; |
1386 | 1386 | for (i = 0; i < 16 / sizeof(size_t); ++i) { |
1387 | size_t c = in[i]; | |
1388 | out[i] = c ^ ctx->EKi.t[i]; | |
1387 | size_t c = in_t[i]; | |
1388 | out_t[i] = c ^ ctx->EKi.t[i]; | |
1389 | 1389 | ctx->Xi.t[i] ^= c; |
1390 | 1390 | } |
1391 | 1391 | GCM_MUL(ctx); |
0 | 0 | /* |
1 | * Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the OpenSSL license (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
132 | 132 | static int julian_adj(const struct tm *tm, int off_day, long offset_sec, |
133 | 133 | long *pday, int *psec) |
134 | 134 | { |
135 | int offset_hms, offset_day; | |
136 | long time_jd; | |
135 | int offset_hms; | |
136 | long offset_day, time_jd; | |
137 | 137 | int time_year, time_month, time_day; |
138 | 138 | /* split offset into days and day seconds */ |
139 | 139 | offset_day = offset_sec / SECS_PER_DAY; |
0 | 0 | /* |
1 | * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the OpenSSL license (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
431 | 431 | RAND_POOL *rand_pool_new(int entropy_requested, int secure, |
432 | 432 | size_t min_len, size_t max_len) |
433 | 433 | { |
434 | RAND_POOL *pool = OPENSSL_zalloc(sizeof(*pool)); | |
434 | RAND_POOL *pool; | |
435 | 435 | size_t min_alloc_size = RAND_POOL_MIN_ALLOCATION(secure); |
436 | 436 | |
437 | if (!RUN_ONCE(&rand_init, do_rand_init)) | |
438 | return NULL; | |
439 | ||
440 | pool = OPENSSL_zalloc(sizeof(*pool)); | |
437 | 441 | if (pool == NULL) { |
438 | 442 | RANDerr(RAND_F_RAND_POOL_NEW, ERR_R_MALLOC_FAILURE); |
439 | 443 | return NULL; |
0 | 0 | /* |
1 | * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the OpenSSL license (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
523 | 523 | ret = 1; |
524 | 524 | break; |
525 | 525 | } |
526 | if ((ctx->param->flags & X509_V_FLAG_X509_STRICT) && num > 1) { | |
526 | if (ret > 0 | |
527 | && (ctx->param->flags & X509_V_FLAG_X509_STRICT) && num > 1) { | |
527 | 528 | /* Check for presence of explicit elliptic curve parameters */ |
528 | 529 | ret = check_curve(x); |
529 | if (ret < 0) | |
530 | if (ret < 0) { | |
530 | 531 | ctx->error = X509_V_ERR_UNSPECIFIED; |
531 | else if (ret == 0) | |
532 | ret = 0; | |
533 | } else if (ret == 0) { | |
532 | 534 | ctx->error = X509_V_ERR_EC_KEY_EXPLICIT_PARAMS; |
533 | } | |
534 | if ((x->ex_flags & EXFLAG_CA) == 0 | |
535 | } | |
536 | } | |
537 | if (ret > 0 | |
538 | && (x->ex_flags & EXFLAG_CA) == 0 | |
535 | 539 | && x->ex_pathlen != -1 |
536 | 540 | && (ctx->param->flags & X509_V_FLAG_X509_STRICT)) { |
537 | 541 | ctx->error = X509_V_ERR_INVALID_EXTENSION; |
0 | 0 | /* |
1 | * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the OpenSSL licenses, (the "License"); |
4 | 4 | * you may not use this file except in compliance with the License. |
0 | 0 | /* |
1 | * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the OpenSSL license (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
38 | 38 | * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for |
39 | 39 | * major minor fix final patch/beta) |
40 | 40 | */ |
41 | # define OPENSSL_VERSION_NUMBER 0x101010afL | |
42 | # define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1j 16 Feb 2021" | |
41 | # define OPENSSL_VERSION_NUMBER 0x101010bfL | |
42 | # define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1k 25 Mar 2021" | |
43 | 43 | |
44 | 44 | /*- |
45 | 45 | * The macros below are to be used for shared library (.so, .dll, ...) |
0 | 0 | /* |
1 | * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved |
3 | 3 | * Copyright 2005 Nokia. All rights reserved. |
4 | 4 | * |
4628 | 4628 | |
4629 | 4629 | OPENSSL_clear_free(s->s3->tmp.psk, psklen); |
4630 | 4630 | s->s3->tmp.psk = NULL; |
4631 | s->s3->tmp.psklen = 0; | |
4631 | 4632 | if (!s->method->ssl3_enc->generate_master_secret(s, |
4632 | 4633 | s->session->master_key, pskpms, pskpmslen, |
4633 | 4634 | &s->session->master_key_length)) { |
4657 | 4658 | else |
4658 | 4659 | OPENSSL_cleanse(pms, pmslen); |
4659 | 4660 | } |
4660 | if (s->server == 0) | |
4661 | if (s->server == 0) { | |
4661 | 4662 | s->s3->tmp.pms = NULL; |
4663 | s->s3->tmp.pmslen = 0; | |
4664 | } | |
4662 | 4665 | return ret; |
4663 | 4666 | } |
4664 | 4667 |
0 | 0 | /* |
1 | * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved |
3 | 3 | * Copyright 2005 Nokia. All rights reserved. |
4 | 4 | * |
778 | 778 | s->ext.ecpointformats = |
779 | 779 | OPENSSL_memdup(ctx->ext.ecpointformats, |
780 | 780 | ctx->ext.ecpointformats_len); |
781 | if (!s->ext.ecpointformats) | |
781 | if (!s->ext.ecpointformats) { | |
782 | s->ext.ecpointformats_len = 0; | |
782 | 783 | goto err; |
784 | } | |
783 | 785 | s->ext.ecpointformats_len = |
784 | 786 | ctx->ext.ecpointformats_len; |
785 | 787 | } |
788 | 790 | OPENSSL_memdup(ctx->ext.supportedgroups, |
789 | 791 | ctx->ext.supportedgroups_len |
790 | 792 | * sizeof(*ctx->ext.supportedgroups)); |
791 | if (!s->ext.supportedgroups) | |
793 | if (!s->ext.supportedgroups) { | |
794 | s->ext.supportedgroups_len = 0; | |
792 | 795 | goto err; |
796 | } | |
793 | 797 | s->ext.supportedgroups_len = ctx->ext.supportedgroups_len; |
794 | 798 | } |
795 | 799 | #endif |
799 | 803 | |
800 | 804 | if (s->ctx->ext.alpn) { |
801 | 805 | s->ext.alpn = OPENSSL_malloc(s->ctx->ext.alpn_len); |
802 | if (s->ext.alpn == NULL) | |
806 | if (s->ext.alpn == NULL) { | |
807 | s->ext.alpn_len = 0; | |
803 | 808 | goto err; |
809 | } | |
804 | 810 | memcpy(s->ext.alpn, s->ctx->ext.alpn, s->ctx->ext.alpn_len); |
805 | 811 | s->ext.alpn_len = s->ctx->ext.alpn_len; |
806 | 812 | } |
2833 | 2839 | OPENSSL_free(ctx->ext.alpn); |
2834 | 2840 | ctx->ext.alpn = OPENSSL_memdup(protos, protos_len); |
2835 | 2841 | if (ctx->ext.alpn == NULL) { |
2842 | ctx->ext.alpn_len = 0; | |
2836 | 2843 | SSLerr(SSL_F_SSL_CTX_SET_ALPN_PROTOS, ERR_R_MALLOC_FAILURE); |
2837 | 2844 | return 1; |
2838 | 2845 | } |
2852 | 2859 | OPENSSL_free(ssl->ext.alpn); |
2853 | 2860 | ssl->ext.alpn = OPENSSL_memdup(protos, protos_len); |
2854 | 2861 | if (ssl->ext.alpn == NULL) { |
2862 | ssl->ext.alpn_len = 0; | |
2855 | 2863 | SSLerr(SSL_F_SSL_SET_ALPN_PROTOS, ERR_R_MALLOC_FAILURE); |
2856 | 2864 | return 1; |
2857 | 2865 | } |
335 | 335 | tls_construct_stoc_key_share, tls_construct_ctos_key_share, |
336 | 336 | final_key_share |
337 | 337 | }, |
338 | #else | |
339 | INVALID_EXTENSION, | |
338 | 340 | #endif |
339 | 341 | { |
340 | 342 | /* Must be after key_share */ |
1136 | 1138 | /* Clear any signature algorithms extension received */ |
1137 | 1139 | OPENSSL_free(s->s3->tmp.peer_sigalgs); |
1138 | 1140 | s->s3->tmp.peer_sigalgs = NULL; |
1141 | s->s3->tmp.peer_sigalgslen = 0; | |
1139 | 1142 | |
1140 | 1143 | return 1; |
1141 | 1144 | } |
1145 | 1148 | /* Clear any signature algorithms extension received */ |
1146 | 1149 | OPENSSL_free(s->s3->tmp.peer_cert_sigalgs); |
1147 | 1150 | s->s3->tmp.peer_cert_sigalgs = NULL; |
1151 | s->s3->tmp.peer_cert_sigalgslen = 0; | |
1148 | 1152 | |
1149 | 1153 | return 1; |
1150 | 1154 | } |
0 | 0 | /* |
1 | * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the OpenSSL license (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
815 | 815 | OPENSSL_free(s->psksession_id); |
816 | 816 | s->psksession_id = OPENSSL_memdup(id, idlen); |
817 | 817 | if (s->psksession_id == NULL) { |
818 | s->psksession_id_len = 0; | |
818 | 819 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, |
819 | 820 | SSL_F_TLS_CONSTRUCT_CTOS_EARLY_DATA, ERR_R_INTERNAL_ERROR); |
820 | 821 | return EXT_RETURN_FAIL; |
1374 | 1375 | OPENSSL_free(s->ext.peer_ecpointformats); |
1375 | 1376 | s->ext.peer_ecpointformats = OPENSSL_malloc(ecpointformats_len); |
1376 | 1377 | if (s->ext.peer_ecpointformats == NULL) { |
1378 | s->ext.peer_ecpointformats_len = 0; | |
1377 | 1379 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, |
1378 | 1380 | SSL_F_TLS_PARSE_STOC_EC_PT_FORMATS, ERR_R_INTERNAL_ERROR); |
1379 | 1381 | return 0; |
1491 | 1493 | s->ext.scts_len = (uint16_t)size; |
1492 | 1494 | if (size > 0) { |
1493 | 1495 | s->ext.scts = OPENSSL_malloc(size); |
1494 | if (s->ext.scts == NULL | |
1495 | || !PACKET_copy_bytes(pkt, s->ext.scts, size)) { | |
1496 | if (s->ext.scts == NULL) { | |
1497 | s->ext.scts_len = 0; | |
1498 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_SCT, | |
1499 | ERR_R_MALLOC_FAILURE); | |
1500 | return 0; | |
1501 | } | |
1502 | if (!PACKET_copy_bytes(pkt, s->ext.scts, size)) { | |
1496 | 1503 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_SCT, |
1497 | 1504 | ERR_R_INTERNAL_ERROR); |
1498 | 1505 | return 0; |
1591 | 1598 | OPENSSL_free(s->ext.npn); |
1592 | 1599 | s->ext.npn = OPENSSL_malloc(selected_len); |
1593 | 1600 | if (s->ext.npn == NULL) { |
1601 | s->ext.npn_len = 0; | |
1594 | 1602 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_NPN, |
1595 | 1603 | ERR_R_INTERNAL_ERROR); |
1596 | 1604 | return 0; |
1631 | 1639 | OPENSSL_free(s->s3->alpn_selected); |
1632 | 1640 | s->s3->alpn_selected = OPENSSL_malloc(len); |
1633 | 1641 | if (s->s3->alpn_selected == NULL) { |
1642 | s->s3->alpn_selected_len = 0; | |
1634 | 1643 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_ALPN, |
1635 | 1644 | ERR_R_INTERNAL_ERROR); |
1636 | 1645 | return 0; |
1662 | 1671 | s->session->ext.alpn_selected = |
1663 | 1672 | OPENSSL_memdup(s->s3->alpn_selected, s->s3->alpn_selected_len); |
1664 | 1673 | if (s->session->ext.alpn_selected == NULL) { |
1674 | s->session->ext.alpn_selected_len = 0; | |
1665 | 1675 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_ALPN, |
1666 | 1676 | ERR_R_INTERNAL_ERROR); |
1667 | 1677 | return 0; |
2461 | 2461 | s->s3->tmp.ctype_len = 0; |
2462 | 2462 | OPENSSL_free(s->pha_context); |
2463 | 2463 | s->pha_context = NULL; |
2464 | s->pha_context_len = 0; | |
2464 | 2465 | |
2465 | 2466 | if (!PACKET_get_length_prefixed_1(pkt, &reqctx) || |
2466 | 2467 | !PACKET_memdup(&reqctx, &s->pha_context, &s->pha_context_len)) { |
2770 | 2771 | } |
2771 | 2772 | s->ext.ocsp.resp = OPENSSL_malloc(resplen); |
2772 | 2773 | if (s->ext.ocsp.resp == NULL) { |
2774 | s->ext.ocsp.resp_len = 0; | |
2773 | 2775 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CERT_STATUS_BODY, |
2774 | 2776 | ERR_R_MALLOC_FAILURE); |
2775 | 2777 | return 0; |
2776 | 2778 | } |
2779 | s->ext.ocsp.resp_len = resplen; | |
2777 | 2780 | if (!PACKET_copy_bytes(pkt, s->ext.ocsp.resp, resplen)) { |
2778 | 2781 | SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CERT_STATUS_BODY, |
2779 | 2782 | SSL_R_LENGTH_MISMATCH); |
2780 | 2783 | return 0; |
2781 | 2784 | } |
2782 | s->ext.ocsp.resp_len = resplen; | |
2783 | 2785 | |
2784 | 2786 | return 1; |
2785 | 2787 | } |
2904 | 2906 | if (psklen > PSK_MAX_PSK_LEN) { |
2905 | 2907 | SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, |
2906 | 2908 | SSL_F_TLS_CONSTRUCT_CKE_PSK_PREAMBLE, ERR_R_INTERNAL_ERROR); |
2909 | psklen = PSK_MAX_PSK_LEN; /* Avoid overrunning the array on cleanse */ | |
2907 | 2910 | goto err; |
2908 | 2911 | } else if (psklen == 0) { |
2909 | 2912 | SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, |
3349 | 3352 | err: |
3350 | 3353 | OPENSSL_clear_free(s->s3->tmp.pms, s->s3->tmp.pmslen); |
3351 | 3354 | s->s3->tmp.pms = NULL; |
3355 | s->s3->tmp.pmslen = 0; | |
3352 | 3356 | #ifndef OPENSSL_NO_PSK |
3353 | 3357 | OPENSSL_clear_free(s->s3->tmp.psk, s->s3->tmp.psklen); |
3354 | 3358 | s->s3->tmp.psk = NULL; |
3359 | s->s3->tmp.psklen = 0; | |
3355 | 3360 | #endif |
3356 | 3361 | return 0; |
3357 | 3362 | } |
3426 | 3431 | err: |
3427 | 3432 | OPENSSL_clear_free(pms, pmslen); |
3428 | 3433 | s->s3->tmp.pms = NULL; |
3434 | s->s3->tmp.pmslen = 0; | |
3429 | 3435 | return 0; |
3430 | 3436 | } |
3431 | 3437 |
0 | 0 | /* |
1 | * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved |
3 | 3 | * Copyright 2005 Nokia. All rights reserved. |
4 | 4 | * |
2177 | 2177 | OPENSSL_free(s->s3->alpn_selected); |
2178 | 2178 | s->s3->alpn_selected = OPENSSL_memdup(selected, selected_len); |
2179 | 2179 | if (s->s3->alpn_selected == NULL) { |
2180 | s->s3->alpn_selected_len = 0; | |
2180 | 2181 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_HANDLE_ALPN, |
2181 | 2182 | ERR_R_INTERNAL_ERROR); |
2182 | 2183 | return 0; |
2852 | 2853 | if (s->post_handshake_auth == SSL_PHA_REQUEST_PENDING) { |
2853 | 2854 | OPENSSL_free(s->pha_context); |
2854 | 2855 | s->pha_context_len = 32; |
2855 | if ((s->pha_context = OPENSSL_malloc(s->pha_context_len)) == NULL | |
2856 | || RAND_bytes(s->pha_context, s->pha_context_len) <= 0 | |
2857 | || !WPACKET_sub_memcpy_u8(pkt, s->pha_context, s->pha_context_len)) { | |
2856 | if ((s->pha_context = OPENSSL_malloc(s->pha_context_len)) == NULL) { | |
2857 | s->pha_context_len = 0; | |
2858 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, | |
2859 | SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST, | |
2860 | ERR_R_INTERNAL_ERROR); | |
2861 | return 0; | |
2862 | } | |
2863 | if (RAND_bytes(s->pha_context, s->pha_context_len) <= 0 | |
2864 | || !WPACKET_sub_memcpy_u8(pkt, s->pha_context, | |
2865 | s->pha_context_len)) { | |
2858 | 2866 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, |
2859 | 2867 | SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST, |
2860 | 2868 | ERR_R_INTERNAL_ERROR); |
2968 | 2976 | OPENSSL_cleanse(psk, psklen); |
2969 | 2977 | |
2970 | 2978 | if (s->s3->tmp.psk == NULL) { |
2979 | s->s3->tmp.psklen = 0; | |
2971 | 2980 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, |
2972 | 2981 | SSL_F_TLS_PROCESS_CKE_PSK_PREAMBLE, ERR_R_MALLOC_FAILURE); |
2973 | 2982 | return 0; |
3507 | 3516 | #ifndef OPENSSL_NO_PSK |
3508 | 3517 | OPENSSL_clear_free(s->s3->tmp.psk, s->s3->tmp.psklen); |
3509 | 3518 | s->s3->tmp.psk = NULL; |
3519 | s->s3->tmp.psklen = 0; | |
3510 | 3520 | #endif |
3511 | 3521 | return MSG_PROCESS_ERROR; |
3512 | 3522 | } |
4116 | 4126 | s->session->ext.alpn_selected = |
4117 | 4127 | OPENSSL_memdup(s->s3->alpn_selected, s->s3->alpn_selected_len); |
4118 | 4128 | if (s->session->ext.alpn_selected == NULL) { |
4129 | s->session->ext.alpn_selected_len = 0; | |
4119 | 4130 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, |
4120 | 4131 | SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET, |
4121 | 4132 | ERR_R_MALLOC_FAILURE); |
0 | 0 | #! /usr/bin/env perl |
1 | # Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. | |
1 | # Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | # |
3 | 3 | # Licensed under the OpenSSL license (the "License"). You may not use |
4 | 4 | # this file except in compliance with the License. You can obtain a copy |
37 | 37 | $proxy->clientflags("-no_tls1_3"); |
38 | 38 | $proxy->reneg(1); |
39 | 39 | $proxy->start() or plan skip_all => "Unable to start up Proxy for tests"; |
40 | plan tests => 3; | |
40 | plan tests => 4; | |
41 | 41 | ok(TLSProxy::Message->success(), "Basic renegotiation"); |
42 | 42 | |
43 | 43 | #Test 2: Client does not send the Reneg SCSV. Reneg should fail |
76 | 76 | "Check ClientHello version is the same"); |
77 | 77 | } |
78 | 78 | |
79 | SKIP: { | |
80 | skip "TLSv1.2 disabled", 1 | |
81 | if disabled("tls1_2"); | |
82 | ||
83 | #Test 4: Test for CVE-2021-3449. client_sig_algs instead of sig_algs in | |
84 | # resumption ClientHello | |
85 | $proxy->clear(); | |
86 | $proxy->filter(\&sigalgs_filter); | |
87 | $proxy->clientflags("-tls1_2"); | |
88 | $proxy->reneg(1); | |
89 | $proxy->start(); | |
90 | ok(TLSProxy::Message->fail(), "client_sig_algs instead of sig_algs"); | |
91 | } | |
92 | ||
79 | 93 | sub reneg_filter |
80 | 94 | { |
81 | 95 | my $proxy = shift; |
95 | 109 | } |
96 | 110 | } |
97 | 111 | } |
112 | ||
113 | sub sigalgs_filter | |
114 | { | |
115 | my $proxy = shift; | |
116 | my $cnt = 0; | |
117 | ||
118 | # We're only interested in the second ClientHello message | |
119 | foreach my $message (@{$proxy->message_list}) { | |
120 | if ($message->mt == TLSProxy::Message::MT_CLIENT_HELLO) { | |
121 | next if ($cnt++ == 0); | |
122 | ||
123 | my $sigs = pack "C10", 0x00, 0x08, | |
124 | # rsa_pkcs_sha{256,384,512,1} | |
125 | 0x04, 0x01, 0x05, 0x01, 0x06, 0x01, 0x02, 0x01; | |
126 | $message->set_extension(TLSProxy::Message::EXT_SIG_ALGS_CERT, $sigs); | |
127 | $message->delete_extension(TLSProxy::Message::EXT_SIG_ALGS); | |
128 | $message->repack(); | |
129 | } | |
130 | } | |
131 | } |
0 | 0 | /* |
1 | * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the OpenSSL license (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
303 | 303 | static int test_rsa_oaep(int idx) |
304 | 304 | { |
305 | 305 | int ret = 0; |
306 | RSA *key; | |
306 | RSA *key = NULL; | |
307 | 307 | unsigned char ptext[256]; |
308 | 308 | unsigned char ctext[256]; |
309 | 309 | static unsigned char ptext_ex[] = "\x54\x85\x9b\x34\x2c\x49\xea\x2a"; |
139 | 139 | |
140 | 140 | i = X509_verify_cert(sctx); |
141 | 141 | |
142 | if (i == 0 && X509_STORE_CTX_get_error(sctx) == X509_V_ERR_INVALID_CA) { | |
142 | if (i != 0 || X509_STORE_CTX_get_error(sctx) != X509_V_ERR_INVALID_CA) | |
143 | goto err; | |
144 | ||
145 | /* repeat with X509_V_FLAG_X509_STRICT */ | |
146 | X509_STORE_CTX_cleanup(sctx); | |
147 | X509_STORE_set_flags(store, X509_V_FLAG_X509_STRICT); | |
148 | ||
149 | if (!X509_STORE_CTX_init(sctx, store, x, untrusted)) | |
150 | goto err; | |
151 | ||
152 | i = X509_verify_cert(sctx); | |
153 | ||
154 | if (i == 0 && X509_STORE_CTX_get_error(sctx) == X509_V_ERR_INVALID_CA) | |
143 | 155 | /* This is the result we were expecting: Test passed */ |
144 | 156 | ret = 1; |
145 | } | |
157 | ||
146 | 158 | err: |
147 | 159 | X509_STORE_CTX_free(sctx); |
148 | 160 | X509_free(x); |
0 | 0 | #!{- $config{HASHBANGPERL} -} |
1 | 1 | |
2 | 2 | # {- join("\n# ", @autowarntext) -} |
3 | # Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved. | |
3 | # Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. | |
4 | 4 | # |
5 | 5 | # Licensed under the OpenSSL license (the "License"). You may not use |
6 | 6 | # this file except in compliance with the License. You can obtain a copy |
160 | 160 | |
161 | 161 | sub link_hash_cert { |
162 | 162 | my $fname = $_[0]; |
163 | $fname =~ s/'/'\\''/g; | |
163 | $fname =~ s/\"/\\\"/g; | |
164 | 164 | my ($hash, $fprint) = `"$openssl" x509 $x509hash -fingerprint -noout -in "$fname"`; |
165 | 165 | chomp $hash; |
166 | 166 | chomp $fprint; |
0 | # Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. | |
0 | # Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. | |
1 | 1 | # |
2 | 2 | # Licensed under the OpenSSL license (the "License"). You may not use |
3 | 3 | # this file except in compliance with the License. You can obtain a copy |
447 | 447 | } |
448 | 448 | |
449 | 449 | #Update all the underlying records with the modified data from this message |
450 | #Note: Only supports re-encrypting for TLSv1.3 | |
450 | #Note: Only supports TLSv1.3 and ETM encryption | |
451 | 451 | sub repack |
452 | 452 | { |
453 | 453 | my $self = shift; |
489 | 489 | # (If a length override is ever needed to construct invalid packets, |
490 | 490 | # use an explicit override field instead.) |
491 | 491 | $rec->decrypt_len(length($rec->decrypt_data)); |
492 | $rec->len($rec->len + length($msgdata) - $old_length); | |
493 | # Only support re-encryption for TLSv1.3. | |
494 | if (TLSProxy::Proxy->is_tls13() && $rec->encrypted()) { | |
495 | #Add content type (1 byte) and 16 tag bytes | |
496 | $rec->data($rec->decrypt_data | |
497 | .pack("C", TLSProxy::Record::RT_HANDSHAKE).("\0"x16)); | |
492 | # Only support re-encryption for TLSv1.3 and ETM. | |
493 | if ($rec->encrypted()) { | |
494 | if (TLSProxy::Proxy->is_tls13()) { | |
495 | #Add content type (1 byte) and 16 tag bytes | |
496 | $rec->data($rec->decrypt_data | |
497 | .pack("C", TLSProxy::Record::RT_HANDSHAKE).("\0"x16)); | |
498 | } elsif ($rec->etm()) { | |
499 | my $data = $rec->decrypt_data; | |
500 | #Add padding | |
501 | my $padval = length($data) % 16; | |
502 | $padval = 15 - $padval; | |
503 | for (0..$padval) { | |
504 | $data .= pack("C", $padval); | |
505 | } | |
506 | ||
507 | #Add MAC. Assumed to be 20 bytes | |
508 | foreach my $macval (0..19) { | |
509 | $data .= pack("C", $macval); | |
510 | } | |
511 | ||
512 | if ($rec->version() >= TLSProxy::Record::VERS_TLS_1_1) { | |
513 | #Explicit IV | |
514 | $data = ("\0"x16).$data; | |
515 | } | |
516 | $rec->data($data); | |
517 | } else { | |
518 | die "Unsupported encryption: No ETM"; | |
519 | } | |
498 | 520 | } else { |
499 | 521 | $rec->data($rec->decrypt_data); |
500 | 522 | } |
523 | $rec->len(length($rec->data)); | |
501 | 524 | |
502 | 525 | #Update the fragment len in case we changed it above |
503 | 526 | ${$self->message_frag_lens}[0] = length($msgdata) |