mirror of
https://github.com/ossrs/srs.git
synced 2025-03-09 15:49:59 +00:00
AppleM1: Update openssl to v1.1.1l
This commit is contained in:
parent
1fe12b8e8c
commit
b787656eea
990 changed files with 13406 additions and 18710 deletions
6
trunk/3rdparty/openssl-1.1-fit/ssl/bio_ssl.c
vendored
6
trunk/3rdparty/openssl-1.1-fit/ssl/bio_ssl.c
vendored
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -14,7 +14,7 @@
|
|||
#include <openssl/crypto.h>
|
||||
#include "internal/bio.h"
|
||||
#include <openssl/err.h>
|
||||
#include "ssl_locl.h"
|
||||
#include "ssl_local.h"
|
||||
|
||||
static int ssl_write(BIO *h, const char *buf, size_t size, size_t *written);
|
||||
static int ssl_read(BIO *b, char *buf, size_t size, size_t *readbytes);
|
||||
|
@ -284,6 +284,7 @@ static long ssl_ctrl(BIO *b, int cmd, long num, void *ptr)
|
|||
ssl_free(b);
|
||||
if (!ssl_new(b))
|
||||
return 0;
|
||||
bs = BIO_get_data(b);
|
||||
}
|
||||
BIO_set_shutdown(b, num);
|
||||
ssl = (SSL *)ptr;
|
||||
|
@ -450,6 +451,7 @@ BIO *BIO_new_ssl_connect(SSL_CTX *ctx)
|
|||
goto err;
|
||||
return ret;
|
||||
err:
|
||||
BIO_free(ssl);
|
||||
BIO_free(con);
|
||||
#endif
|
||||
return NULL;
|
||||
|
|
16
trunk/3rdparty/openssl-1.1-fit/ssl/d1_lib.c
vendored
16
trunk/3rdparty/openssl-1.1-fit/ssl/d1_lib.c
vendored
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2005-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2005-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -11,7 +11,7 @@
|
|||
#include <stdio.h>
|
||||
#include <openssl/objects.h>
|
||||
#include <openssl/rand.h>
|
||||
#include "ssl_locl.h"
|
||||
#include "ssl_local.h"
|
||||
|
||||
static void get_current_time(struct timeval *t);
|
||||
static int dtls1_handshake_write(SSL *s);
|
||||
|
@ -142,10 +142,11 @@ void dtls1_free(SSL *s)
|
|||
|
||||
ssl3_free(s);
|
||||
|
||||
dtls1_clear_queues(s);
|
||||
|
||||
pqueue_free(s->d1->buffered_messages);
|
||||
pqueue_free(s->d1->sent_messages);
|
||||
if (s->d1 != NULL) {
|
||||
dtls1_clear_queues(s);
|
||||
pqueue_free(s->d1->buffered_messages);
|
||||
pqueue_free(s->d1->sent_messages);
|
||||
}
|
||||
|
||||
OPENSSL_free(s->d1);
|
||||
s->d1 = NULL;
|
||||
|
@ -341,12 +342,11 @@ int dtls1_is_timer_expired(SSL *s)
|
|||
return 1;
|
||||
}
|
||||
|
||||
void dtls1_double_timeout(SSL *s)
|
||||
static void dtls1_double_timeout(SSL *s)
|
||||
{
|
||||
s->d1->timeout_duration_us *= 2;
|
||||
if (s->d1->timeout_duration_us > 60000000)
|
||||
s->d1->timeout_duration_us = 60000000;
|
||||
dtls1_start_timer(s);
|
||||
}
|
||||
|
||||
void dtls1_stop_timer(SSL *s)
|
||||
|
|
7
trunk/3rdparty/openssl-1.1-fit/ssl/d1_msg.c
vendored
7
trunk/3rdparty/openssl-1.1-fit/ssl/d1_msg.c
vendored
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2005-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -7,7 +7,7 @@
|
|||
* https://www.openssl.org/source/license.html
|
||||
*/
|
||||
|
||||
#include "ssl_locl.h"
|
||||
#include "ssl_local.h"
|
||||
|
||||
int dtls1_write_app_data_bytes(SSL *s, int type, const void *buf_, size_t len,
|
||||
size_t *written)
|
||||
|
@ -52,8 +52,7 @@ int dtls1_dispatch_alert(SSL *s)
|
|||
s->s3->alert_dispatch = 1;
|
||||
/* fprintf( stderr, "not done with alert\n" ); */
|
||||
} else {
|
||||
if (s->s3->send_alert[0] == SSL3_AL_FATAL)
|
||||
(void)BIO_flush(s->wbio);
|
||||
(void)BIO_flush(s->wbio);
|
||||
|
||||
if (s->msg_callback)
|
||||
s->msg_callback(1, s->version, SSL3_RT_ALERT, s->s3->send_alert,
|
||||
|
|
2
trunk/3rdparty/openssl-1.1-fit/ssl/d1_srtp.c
vendored
2
trunk/3rdparty/openssl-1.1-fit/ssl/d1_srtp.c
vendored
|
@ -15,7 +15,7 @@
|
|||
|
||||
#include <stdio.h>
|
||||
#include <openssl/objects.h>
|
||||
#include "ssl_locl.h"
|
||||
#include "ssl_local.h"
|
||||
|
||||
#ifndef OPENSSL_NO_SRTP
|
||||
|
||||
|
|
2
trunk/3rdparty/openssl-1.1-fit/ssl/methods.c
vendored
2
trunk/3rdparty/openssl-1.1-fit/ssl/methods.c
vendored
|
@ -9,7 +9,7 @@
|
|||
|
||||
#include <stdio.h>
|
||||
#include <openssl/objects.h>
|
||||
#include "ssl_locl.h"
|
||||
#include "ssl_local.h"
|
||||
|
||||
/*-
|
||||
* TLS/SSLv3 methods
|
||||
|
|
2
trunk/3rdparty/openssl-1.1-fit/ssl/packet.c
vendored
2
trunk/3rdparty/openssl-1.1-fit/ssl/packet.c
vendored
|
@ -8,7 +8,7 @@
|
|||
*/
|
||||
|
||||
#include "internal/cryptlib.h"
|
||||
#include "packet_locl.h"
|
||||
#include "packet_local.h"
|
||||
#include <openssl/sslerr.h>
|
||||
|
||||
#define DEFAULT_BUF_SIZE 256
|
||||
|
|
|
@ -7,8 +7,8 @@
|
|||
* https://www.openssl.org/source/license.html
|
||||
*/
|
||||
|
||||
#ifndef HEADER_PACKET_LOCL_H
|
||||
# define HEADER_PACKET_LOCL_H
|
||||
#ifndef OSSL_SSL_PACKET_LOCAL_H
|
||||
# define OSSL_SSL_PACKET_LOCAL_H
|
||||
|
||||
# include <string.h>
|
||||
# include <openssl/bn.h>
|
||||
|
@ -871,4 +871,4 @@ unsigned char *WPACKET_get_curr(WPACKET *pkt);
|
|||
/* Release resources in a WPACKET if a failure has occurred. */
|
||||
void WPACKET_cleanup(WPACKET *pkt);
|
||||
|
||||
#endif /* HEADER_PACKET_LOCL_H */
|
||||
#endif /* OSSL_SSL_PACKET_LOCAL_H */
|
2
trunk/3rdparty/openssl-1.1-fit/ssl/pqueue.c
vendored
2
trunk/3rdparty/openssl-1.1-fit/ssl/pqueue.c
vendored
|
@ -7,7 +7,7 @@
|
|||
* https://www.openssl.org/source/license.html
|
||||
*/
|
||||
|
||||
#include "ssl_locl.h"
|
||||
#include "ssl_local.h"
|
||||
#include <openssl/bn.h>
|
||||
|
||||
struct pqueue_st {
|
||||
|
|
|
@ -12,7 +12,7 @@ of these components is defined by:
|
|||
3) A set of accessor macros
|
||||
|
||||
All struct definitions are in record.h. The functions and macros are either
|
||||
defined in record.h or record_locl.h dependent on whether they are intended to
|
||||
defined in record.h or record_local.h dependent on whether they are intended to
|
||||
be private to the record layer, or whether they form part of the API to the rest
|
||||
of libssl.
|
||||
|
||||
|
@ -55,7 +55,7 @@ Conceptually it looks like this:
|
|||
|| rec_layer_d1.c ||
|
||||
||____________________||
|
||||
|______________________|
|
||||
record_locl.h ^ ^ ^
|
||||
record_local.h ^ ^ ^
|
||||
_________________| | |_________________
|
||||
| | |
|
||||
_____V_________ ______V________ _______V________
|
||||
|
|
|
@ -7,8 +7,8 @@
|
|||
* https://www.openssl.org/source/license.html
|
||||
*/
|
||||
|
||||
#include "../ssl_locl.h"
|
||||
#include "record_locl.h"
|
||||
#include "../ssl_local.h"
|
||||
#include "record_local.h"
|
||||
|
||||
/* mod 128 saturating subtract of two 64-bit values in big-endian order */
|
||||
static int satsub64be(const unsigned char *v1, const unsigned char *v2)
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2005-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2005-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -9,11 +9,11 @@
|
|||
|
||||
#include <stdio.h>
|
||||
#include <errno.h>
|
||||
#include "../ssl_locl.h"
|
||||
#include "../ssl_local.h"
|
||||
#include <openssl/evp.h>
|
||||
#include <openssl/buffer.h>
|
||||
#include "record_locl.h"
|
||||
#include "../packet_locl.h"
|
||||
#include "record_local.h"
|
||||
#include "../packet_local.h"
|
||||
#include "internal/cryptlib.h"
|
||||
|
||||
int DTLS_RECORD_LAYER_new(RECORD_LAYER *rl)
|
||||
|
@ -46,6 +46,9 @@ int DTLS_RECORD_LAYER_new(RECORD_LAYER *rl)
|
|||
|
||||
void DTLS_RECORD_LAYER_free(RECORD_LAYER *rl)
|
||||
{
|
||||
if (rl->d == NULL)
|
||||
return;
|
||||
|
||||
DTLS_RECORD_LAYER_clear(rl);
|
||||
pqueue_free(rl->d->unprocessed_rcds.q);
|
||||
pqueue_free(rl->d->processed_rcds.q);
|
||||
|
@ -808,8 +811,8 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf,
|
|||
wb = &s->rlayer.wbuf[0];
|
||||
|
||||
/*
|
||||
* first check if there is a SSL3_BUFFER still being written out. This
|
||||
* will happen with non blocking IO
|
||||
* DTLS writes whole datagrams, so there can't be anything left in
|
||||
* the buffer.
|
||||
*/
|
||||
if (!ossl_assert(SSL3_BUFFER_get_left(wb) == 0)) {
|
||||
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_DTLS1_WRITE,
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -10,15 +10,15 @@
|
|||
#include <stdio.h>
|
||||
#include <limits.h>
|
||||
#include <errno.h>
|
||||
#include "../ssl_locl.h"
|
||||
#include "../ssl_local.h"
|
||||
#include <openssl/evp.h>
|
||||
#include <openssl/buffer.h>
|
||||
#include <openssl/rand.h>
|
||||
#include "record_locl.h"
|
||||
#include "../packet_locl.h"
|
||||
#include "record_local.h"
|
||||
#include "../packet_local.h"
|
||||
|
||||
#if defined(OPENSSL_SMALL_FOOTPRINT) || \
|
||||
!( defined(AES_ASM) && ( \
|
||||
!( defined(AESNI_ASM) && ( \
|
||||
defined(__x86_64) || defined(__x86_64__) || \
|
||||
defined(_M_AMD64) || defined(_M_X64) ) \
|
||||
)
|
||||
|
@ -172,9 +172,9 @@ int ssl3_read_n(SSL *s, size_t n, size_t max, int extend, int clearold,
|
|||
/*
|
||||
* If extend == 0, obtain new n-byte packet; if extend == 1, increase
|
||||
* packet by another n bytes. The packet will be in the sub-array of
|
||||
* s->s3->rbuf.buf specified by s->packet and s->packet_length. (If
|
||||
* s->rlayer.read_ahead is set, 'max' bytes may be stored in rbuf [plus
|
||||
* s->packet_length bytes if extend == 1].)
|
||||
* s->rlayer.rbuf.buf specified by s->rlayer.packet and
|
||||
* s->rlayer.packet_length. (If s->rlayer.read_ahead is set, 'max' bytes may
|
||||
* be stored in rbuf [plus s->rlayer.packet_length bytes if extend == 1].)
|
||||
* if clearold == 1, move the packet to the start of the buffer; if
|
||||
* clearold == 0 then leave any old packets where they were
|
||||
*/
|
||||
|
@ -373,6 +373,13 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, size_t len,
|
|||
|
||||
s->rlayer.wnum = 0;
|
||||
|
||||
/*
|
||||
* If we are supposed to be sending a KeyUpdate then go into init unless we
|
||||
* have writes pending - in which case we should finish doing that first.
|
||||
*/
|
||||
if (wb->left == 0 && s->key_update != SSL_KEY_UPDATE_NONE)
|
||||
ossl_statem_set_in_init(s, 1);
|
||||
|
||||
/*
|
||||
* When writing early data on the server side we could be "in_init" in
|
||||
* between receiving the EoED and the CF - but we don't want to handle those
|
||||
|
@ -628,8 +635,9 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, size_t len,
|
|||
*/
|
||||
s->s3->empty_fragment_done = 0;
|
||||
|
||||
if ((i == (int)n) && s->mode & SSL_MODE_RELEASE_BUFFERS &&
|
||||
!SSL_IS_DTLS(s))
|
||||
if (tmpwrit == n
|
||||
&& (s->mode & SSL_MODE_RELEASE_BUFFERS) != 0
|
||||
&& !SSL_IS_DTLS(s))
|
||||
ssl3_release_write_buffer(s);
|
||||
|
||||
*written = tot + tmpwrit;
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -7,8 +7,8 @@
|
|||
* https://www.openssl.org/source/license.html
|
||||
*/
|
||||
|
||||
#include "../ssl_locl.h"
|
||||
#include "record_locl.h"
|
||||
#include "../ssl_local.h"
|
||||
#include "record_local.h"
|
||||
|
||||
void SSL3_BUFFER_set_data(SSL3_BUFFER *b, const unsigned char *d, size_t n)
|
||||
{
|
||||
|
@ -74,7 +74,6 @@ int ssl3_setup_read_buffer(SSL *s)
|
|||
b->len = len;
|
||||
}
|
||||
|
||||
RECORD_LAYER_set_packet(&s->rlayer, &(b->buf[0]));
|
||||
return 1;
|
||||
}
|
||||
|
||||
|
@ -94,7 +93,7 @@ int ssl3_setup_write_buffer(SSL *s, size_t numwpipes, size_t len)
|
|||
headerlen = SSL3_RT_HEADER_LENGTH;
|
||||
|
||||
#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0
|
||||
align = (-SSL3_RT_HEADER_LENGTH) & (SSL3_ALIGN_PAYLOAD - 1);
|
||||
align = SSL3_ALIGN_PAYLOAD - 1;
|
||||
#endif
|
||||
|
||||
len = ssl_get_max_send_fragment(s)
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -7,10 +7,10 @@
|
|||
* https://www.openssl.org/source/license.html
|
||||
*/
|
||||
|
||||
#include "../ssl_locl.h"
|
||||
#include "internal/constant_time_locl.h"
|
||||
#include "../ssl_local.h"
|
||||
#include "internal/constant_time.h"
|
||||
#include <openssl/rand.h>
|
||||
#include "record_locl.h"
|
||||
#include "record_local.h"
|
||||
#include "internal/cryptlib.h"
|
||||
|
||||
static const unsigned char ssl3_pad_1[48] = {
|
||||
|
@ -405,7 +405,7 @@ int ssl3_get_record(SSL *s)
|
|||
more = thisrr->length;
|
||||
}
|
||||
if (more > 0) {
|
||||
/* now s->packet_length == SSL3_RT_HEADER_LENGTH */
|
||||
/* now s->rlayer.packet_length == SSL3_RT_HEADER_LENGTH */
|
||||
|
||||
rret = ssl3_read_n(s, more, more, 1, 0, &n);
|
||||
if (rret <= 0)
|
||||
|
@ -416,9 +416,9 @@ int ssl3_get_record(SSL *s)
|
|||
RECORD_LAYER_set_rstate(&s->rlayer, SSL_ST_READ_HEADER);
|
||||
|
||||
/*
|
||||
* At this point, s->packet_length == SSL3_RT_HEADER_LENGTH
|
||||
* + thisrr->length, or s->packet_length == SSL2_RT_HEADER_LENGTH
|
||||
* + thisrr->length and we have that many bytes in s->packet
|
||||
* At this point, s->rlayer.packet_length == SSL3_RT_HEADER_LENGTH
|
||||
* + thisrr->length, or s->rlayer.packet_length == SSL2_RT_HEADER_LENGTH
|
||||
* + thisrr->length and we have that many bytes in s->rlayer.packet
|
||||
*/
|
||||
if (thisrr->rec_version == SSL2_VERSION) {
|
||||
thisrr->input =
|
||||
|
@ -429,11 +429,11 @@ int ssl3_get_record(SSL *s)
|
|||
}
|
||||
|
||||
/*
|
||||
* ok, we can now read from 's->packet' data into 'thisrr' thisrr->input
|
||||
* points at thisrr->length bytes, which need to be copied into
|
||||
* thisrr->data by either the decryption or by the decompression When
|
||||
* the data is 'copied' into the thisrr->data buffer, thisrr->input will
|
||||
* be pointed at the new buffer
|
||||
* ok, we can now read from 's->rlayer.packet' data into 'thisrr'.
|
||||
* thisrr->input points at thisrr->length bytes, which need to be copied
|
||||
* into thisrr->data by either the decryption or by the decompression.
|
||||
* When the data is 'copied' into the thisrr->data buffer,
|
||||
* thisrr->input will be updated to point at the new buffer
|
||||
*/
|
||||
|
||||
/*
|
||||
|
@ -559,7 +559,7 @@ int ssl3_get_record(SSL *s)
|
|||
RECORD_LAYER_reset_read_sequence(&s->rlayer);
|
||||
return 1;
|
||||
}
|
||||
SSLfatal(s, SSL_AD_DECRYPTION_FAILED, SSL_F_SSL3_GET_RECORD,
|
||||
SSLfatal(s, SSL_AD_BAD_RECORD_MAC, SSL_F_SSL3_GET_RECORD,
|
||||
SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
|
||||
return -1;
|
||||
}
|
||||
|
@ -837,7 +837,7 @@ int ssl3_do_compress(SSL *ssl, SSL3_RECORD *wr)
|
|||
* SSLfatal() for internal errors, but not otherwise.
|
||||
*
|
||||
* Returns:
|
||||
* 0: (in non-constant time) if the record is publically invalid (i.e. too
|
||||
* 0: (in non-constant time) if the record is publicly invalid (i.e. too
|
||||
* short etc).
|
||||
* 1: if the record's padding is valid / the encryption was successful.
|
||||
* -1: if the record's padding is invalid or, if sending, an internal error
|
||||
|
@ -928,7 +928,7 @@ int ssl3_enc(SSL *s, SSL3_RECORD *inrecs, size_t n_recs, int sending)
|
|||
* internal errors, but not otherwise.
|
||||
*
|
||||
* Returns:
|
||||
* 0: (in non-constant time) if the record is publically invalid (i.e. too
|
||||
* 0: (in non-constant time) if the record is publicly invalid (i.e. too
|
||||
* short etc).
|
||||
* 1: if the record's padding is valid / the encryption was successful.
|
||||
* -1: if the record's padding/AEAD-authenticator is invalid or, if sending,
|
||||
|
@ -1075,7 +1075,7 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending)
|
|||
} else if ((bs != 1) && sending) {
|
||||
padnum = bs - (reclen[ctr] % bs);
|
||||
|
||||
/* Add weird padding of upto 256 bytes */
|
||||
/* Add weird padding of up to 256 bytes */
|
||||
|
||||
if (padnum > MAX_PADDING) {
|
||||
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_ENC,
|
||||
|
@ -1610,21 +1610,22 @@ int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap)
|
|||
int imac_size;
|
||||
size_t mac_size;
|
||||
unsigned char md[EVP_MAX_MD_SIZE];
|
||||
size_t max_plain_length = SSL3_RT_MAX_PLAIN_LENGTH;
|
||||
|
||||
rr = RECORD_LAYER_get_rrec(&s->rlayer);
|
||||
sess = s->session;
|
||||
|
||||
/*
|
||||
* At this point, s->packet_length == SSL3_RT_HEADER_LNGTH + rr->length,
|
||||
* and we have that many bytes in s->packet
|
||||
* At this point, s->rlayer.packet_length == SSL3_RT_HEADER_LNGTH + rr->length,
|
||||
* and we have that many bytes in s->rlayer.packet
|
||||
*/
|
||||
rr->input = &(RECORD_LAYER_get_packet(&s->rlayer)[DTLS1_RT_HEADER_LENGTH]);
|
||||
|
||||
/*
|
||||
* ok, we can now read from 's->packet' data into 'rr' rr->input points
|
||||
* at rr->length bytes, which need to be copied into rr->data by either
|
||||
* the decryption or by the decompression When the data is 'copied' into
|
||||
* the rr->data buffer, rr->input will be pointed at the new buffer
|
||||
* ok, we can now read from 's->rlayer.packet' data into 'rr'. rr->input
|
||||
* points at rr->length bytes, which need to be copied into rr->data by
|
||||
* either the decryption or by the decompression. When the data is 'copied'
|
||||
* into the rr->data buffer, rr->input will be pointed at the new buffer
|
||||
*/
|
||||
|
||||
/*
|
||||
|
@ -1669,7 +1670,7 @@ int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap)
|
|||
enc_err = s->method->ssl3_enc->enc(s, rr, 1, 0);
|
||||
/*-
|
||||
* enc_err is:
|
||||
* 0: (in non-constant time) if the record is publically invalid.
|
||||
* 0: (in non-constant time) if the record is publicly invalid.
|
||||
* 1: if the padding is valid
|
||||
* -1: if the padding is invalid
|
||||
*/
|
||||
|
@ -1782,7 +1783,12 @@ int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap)
|
|||
}
|
||||
}
|
||||
|
||||
if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH) {
|
||||
/* use current Max Fragment Length setting if applicable */
|
||||
if (s->session != NULL && USE_MAX_FRAGMENT_LENGTH_EXT(s->session))
|
||||
max_plain_length = GET_MAX_FRAGMENT_LENGTH(s->session);
|
||||
|
||||
/* send overflow if the plaintext is too long now it has passed MAC */
|
||||
if (rr->length > max_plain_length) {
|
||||
SSLfatal(s, SSL_AD_RECORD_OVERFLOW, SSL_F_DTLS1_PROCESS_RECORD,
|
||||
SSL_R_DATA_LENGTH_TOO_LONG);
|
||||
return 0;
|
||||
|
@ -1926,7 +1932,7 @@ int dtls1_get_record(SSL *s)
|
|||
|
||||
/* If received packet overflows own-client Max Fragment Length setting */
|
||||
if (s->session != NULL && USE_MAX_FRAGMENT_LENGTH_EXT(s->session)
|
||||
&& rr->length > GET_MAX_FRAGMENT_LENGTH(s->session)) {
|
||||
&& rr->length > GET_MAX_FRAGMENT_LENGTH(s->session) + SSL3_RT_MAX_ENCRYPTED_OVERHEAD) {
|
||||
/* record too long, silently discard it */
|
||||
rr->length = 0;
|
||||
rr->read = 1;
|
||||
|
@ -1941,7 +1947,7 @@ int dtls1_get_record(SSL *s)
|
|||
|
||||
if (rr->length >
|
||||
RECORD_LAYER_get_packet_length(&s->rlayer) - DTLS1_RT_HEADER_LENGTH) {
|
||||
/* now s->packet_length == DTLS1_RT_HEADER_LENGTH */
|
||||
/* now s->rlayer.packet_length == DTLS1_RT_HEADER_LENGTH */
|
||||
more = rr->length;
|
||||
rret = ssl3_read_n(s, more, more, 1, 1, &n);
|
||||
/* this packet contained a partial record, dump it */
|
||||
|
@ -1957,7 +1963,7 @@ int dtls1_get_record(SSL *s)
|
|||
}
|
||||
|
||||
/*
|
||||
* now n == rr->length, and s->packet_length ==
|
||||
* now n == rr->length, and s->rlayer.packet_length ==
|
||||
* DTLS1_RT_HEADER_LENGTH + rr->length
|
||||
*/
|
||||
}
|
||||
|
|
|
@ -7,8 +7,8 @@
|
|||
* https://www.openssl.org/source/license.html
|
||||
*/
|
||||
|
||||
#include "../ssl_locl.h"
|
||||
#include "record_locl.h"
|
||||
#include "../ssl_local.h"
|
||||
#include "record_local.h"
|
||||
#include "internal/cryptlib.h"
|
||||
|
||||
/*-
|
||||
|
@ -16,7 +16,7 @@
|
|||
* internal errors, but not otherwise.
|
||||
*
|
||||
* Returns:
|
||||
* 0: (in non-constant time) if the record is publically invalid (i.e. too
|
||||
* 0: (in non-constant time) if the record is publicly invalid (i.e. too
|
||||
* short etc).
|
||||
* 1: if the record encryption was successful.
|
||||
* -1: if the record's AEAD-authenticator is invalid or, if sending,
|
||||
|
|
4
trunk/3rdparty/openssl-1.1-fit/ssl/s3_cbc.c
vendored
4
trunk/3rdparty/openssl-1.1-fit/ssl/s3_cbc.c
vendored
|
@ -7,8 +7,8 @@
|
|||
* https://www.openssl.org/source/license.html
|
||||
*/
|
||||
|
||||
#include "internal/constant_time_locl.h"
|
||||
#include "ssl_locl.h"
|
||||
#include "internal/constant_time.h"
|
||||
#include "ssl_local.h"
|
||||
#include "internal/cryptlib.h"
|
||||
|
||||
#include <openssl/md5.h>
|
||||
|
|
2
trunk/3rdparty/openssl-1.1-fit/ssl/s3_enc.c
vendored
2
trunk/3rdparty/openssl-1.1-fit/ssl/s3_enc.c
vendored
|
@ -9,7 +9,7 @@
|
|||
*/
|
||||
|
||||
#include <stdio.h>
|
||||
#include "ssl_locl.h"
|
||||
#include "ssl_local.h"
|
||||
#include <openssl/evp.h>
|
||||
#include <openssl/md5.h>
|
||||
#include "internal/cryptlib.h"
|
||||
|
|
44
trunk/3rdparty/openssl-1.1-fit/ssl/s3_lib.c
vendored
44
trunk/3rdparty/openssl-1.1-fit/ssl/s3_lib.c
vendored
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
|
||||
* Copyright 2005 Nokia. All rights reserved.
|
||||
*
|
||||
|
@ -12,7 +12,7 @@
|
|||
#include <stdio.h>
|
||||
#include <openssl/objects.h>
|
||||
#include "internal/nelem.h"
|
||||
#include "ssl_locl.h"
|
||||
#include "ssl_local.h"
|
||||
#include <openssl/md5.h>
|
||||
#include <openssl/dh.h>
|
||||
#include <openssl/rand.h>
|
||||
|
@ -3567,6 +3567,7 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
|
|||
|
||||
case SSL_CTRL_GET_CHAIN_CERTS:
|
||||
*(STACK_OF(X509) **)parg = s->cert->key->chain;
|
||||
ret = 1;
|
||||
break;
|
||||
|
||||
case SSL_CTRL_SELECT_CURRENT_CERT:
|
||||
|
@ -3601,8 +3602,8 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
|
|||
|
||||
if (!s->session)
|
||||
return 0;
|
||||
clist = s->session->ext.supportedgroups;
|
||||
clistlen = s->session->ext.supportedgroups_len;
|
||||
clist = s->ext.peer_supportedgroups;
|
||||
clistlen = s->ext.peer_supportedgroups_len;
|
||||
if (parg) {
|
||||
size_t i;
|
||||
int *cptr = parg;
|
||||
|
@ -3716,13 +3717,12 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
|
|||
#ifndef OPENSSL_NO_EC
|
||||
case SSL_CTRL_GET_EC_POINT_FORMATS:
|
||||
{
|
||||
SSL_SESSION *sess = s->session;
|
||||
const unsigned char **pformat = parg;
|
||||
|
||||
if (sess == NULL || sess->ext.ecpointformats == NULL)
|
||||
if (s->ext.peer_ecpointformats == NULL)
|
||||
return 0;
|
||||
*pformat = sess->ext.ecpointformats;
|
||||
return (int)sess->ext.ecpointformats_len;
|
||||
*pformat = s->ext.peer_ecpointformats;
|
||||
return (int)s->ext.peer_ecpointformats_len;
|
||||
}
|
||||
#endif
|
||||
|
||||
|
@ -4072,9 +4072,10 @@ const SSL_CIPHER *ssl3_get_cipher_by_id(uint32_t id)
|
|||
|
||||
const SSL_CIPHER *ssl3_get_cipher_by_std_name(const char *stdname)
|
||||
{
|
||||
SSL_CIPHER *c = NULL, *tbl;
|
||||
SSL_CIPHER *alltabs[] = {tls13_ciphers, ssl3_ciphers};
|
||||
size_t i, j, tblsize[] = {TLS13_NUM_CIPHERS, SSL3_NUM_CIPHERS};
|
||||
SSL_CIPHER *tbl;
|
||||
SSL_CIPHER *alltabs[] = {tls13_ciphers, ssl3_ciphers, ssl3_scsvs};
|
||||
size_t i, j, tblsize[] = {TLS13_NUM_CIPHERS, SSL3_NUM_CIPHERS,
|
||||
SSL3_NUM_SCSVS};
|
||||
|
||||
/* this is not efficient, necessary to optimize this? */
|
||||
for (j = 0; j < OSSL_NELEM(alltabs); j++) {
|
||||
|
@ -4082,21 +4083,11 @@ const SSL_CIPHER *ssl3_get_cipher_by_std_name(const char *stdname)
|
|||
if (tbl->stdname == NULL)
|
||||
continue;
|
||||
if (strcmp(stdname, tbl->stdname) == 0) {
|
||||
c = tbl;
|
||||
break;
|
||||
return tbl;
|
||||
}
|
||||
}
|
||||
}
|
||||
if (c == NULL) {
|
||||
tbl = ssl3_scsvs;
|
||||
for (i = 0; i < SSL3_NUM_SCSVS; i++, tbl++) {
|
||||
if (strcmp(stdname, tbl->stdname) == 0) {
|
||||
c = tbl;
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
return c;
|
||||
return NULL;
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -4638,8 +4629,9 @@ int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen,
|
|||
|
||||
OPENSSL_clear_free(s->s3->tmp.psk, psklen);
|
||||
s->s3->tmp.psk = NULL;
|
||||
s->s3->tmp.psklen = 0;
|
||||
if (!s->method->ssl3_enc->generate_master_secret(s,
|
||||
s->session->master_key,pskpms, pskpmslen,
|
||||
s->session->master_key, pskpms, pskpmslen,
|
||||
&s->session->master_key_length)) {
|
||||
OPENSSL_clear_free(pskpms, pskpmslen);
|
||||
/* SSLfatal() already called */
|
||||
|
@ -4667,8 +4659,10 @@ int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen,
|
|||
else
|
||||
OPENSSL_cleanse(pms, pmslen);
|
||||
}
|
||||
if (s->server == 0)
|
||||
if (s->server == 0) {
|
||||
s->s3->tmp.pms = NULL;
|
||||
s->s3->tmp.pmslen = 0;
|
||||
}
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
|
6
trunk/3rdparty/openssl-1.1-fit/ssl/s3_msg.c
vendored
6
trunk/3rdparty/openssl-1.1-fit/ssl/s3_msg.c
vendored
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -7,7 +7,7 @@
|
|||
* https://www.openssl.org/source/license.html
|
||||
*/
|
||||
|
||||
#include "ssl_locl.h"
|
||||
#include "ssl_local.h"
|
||||
|
||||
int ssl3_do_change_cipher_spec(SSL *s)
|
||||
{
|
||||
|
@ -48,6 +48,8 @@ int ssl3_send_alert(SSL *s, int level, int desc)
|
|||
* protocol_version alerts */
|
||||
if (desc < 0)
|
||||
return -1;
|
||||
if (s->shutdown & SSL_SENT_SHUTDOWN && desc != SSL_AD_CLOSE_NOTIFY)
|
||||
return -1;
|
||||
/* If a fatal one, remove from cache */
|
||||
if ((level == SSL3_AL_FATAL) && (s->session != NULL))
|
||||
SSL_CTX_remove_session(s->session_ctx, s->session);
|
||||
|
|
|
@ -10,7 +10,7 @@
|
|||
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include "ssl_locl.h"
|
||||
#include "ssl_local.h"
|
||||
#include <openssl/asn1t.h>
|
||||
#include <openssl/x509.h>
|
||||
|
||||
|
|
68
trunk/3rdparty/openssl-1.1-fit/ssl/ssl_cert.c
vendored
68
trunk/3rdparty/openssl-1.1-fit/ssl/ssl_cert.c
vendored
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
|
@ -20,7 +20,7 @@
|
|||
#include <openssl/bn.h>
|
||||
#include <openssl/crypto.h>
|
||||
#include "internal/refcount.h"
|
||||
#include "ssl_locl.h"
|
||||
#include "ssl_local.h"
|
||||
#include "ssl_cert_table.h"
|
||||
#include "internal/thread_once.h"
|
||||
|
||||
|
@ -154,8 +154,6 @@ CERT *ssl_cert_dup(CERT *cert)
|
|||
ret->client_sigalgslen = cert->client_sigalgslen;
|
||||
} else
|
||||
ret->client_sigalgs = NULL;
|
||||
/* Shared sigalgs also NULL */
|
||||
ret->shared_sigalgs = NULL;
|
||||
/* Copy any custom client certificate types */
|
||||
if (cert->ctype) {
|
||||
ret->ctype = OPENSSL_memdup(cert->ctype, cert->ctype_len);
|
||||
|
@ -240,7 +238,6 @@ void ssl_cert_free(CERT *c)
|
|||
ssl_cert_clear_certs(c);
|
||||
OPENSSL_free(c->conf_sigalgs);
|
||||
OPENSSL_free(c->client_sigalgs);
|
||||
OPENSSL_free(c->shared_sigalgs);
|
||||
OPENSSL_free(c->ctype);
|
||||
X509_STORE_free(c->verify_store);
|
||||
X509_STORE_free(c->chain_store);
|
||||
|
@ -604,14 +601,6 @@ static unsigned long xname_hash(const X509_NAME *a)
|
|||
return X509_NAME_hash((X509_NAME *)a);
|
||||
}
|
||||
|
||||
/**
|
||||
* Load CA certs from a file into a ::STACK. Note that it is somewhat misnamed;
|
||||
* it doesn't really have anything to do with clients (except that a common use
|
||||
* for a stack of CAs is to send it to the client). Actually, it doesn't have
|
||||
* much to do with CAs, either, since it will load any old cert.
|
||||
* \param file the file containing one or more certs.
|
||||
* \return a ::STACK containing the certs.
|
||||
*/
|
||||
STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file)
|
||||
{
|
||||
BIO *in = BIO_new(BIO_s_file());
|
||||
|
@ -669,15 +658,6 @@ STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file)
|
|||
return ret;
|
||||
}
|
||||
|
||||
/**
|
||||
* Add a file of certs to a stack.
|
||||
* \param stack the stack to add to.
|
||||
* \param file the file to add from. All certs in this file that are not
|
||||
* already in the stack will be added.
|
||||
* \return 1 for success, 0 for failure. Note that in the case of failure some
|
||||
* certs may have been added to \c stack.
|
||||
*/
|
||||
|
||||
int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
|
||||
const char *file)
|
||||
{
|
||||
|
@ -728,17 +708,6 @@ int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
|
|||
return ret;
|
||||
}
|
||||
|
||||
/**
|
||||
* Add a directory of certs to a stack.
|
||||
* \param stack the stack to append to.
|
||||
* \param dir the directory to append from. All files in this directory will be
|
||||
* examined as potential certs. Any that are acceptable to
|
||||
* SSL_add_dir_cert_subjects_to_stack() that are not already in the stack will be
|
||||
* included.
|
||||
* \return 1 for success, 0 for failure. Note that in the case of failure some
|
||||
* certs may have been added to \c stack.
|
||||
*/
|
||||
|
||||
int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
|
||||
const char *dir)
|
||||
{
|
||||
|
@ -907,18 +876,36 @@ int ssl_cert_set_cert_store(CERT *c, X509_STORE *store, int chain, int ref)
|
|||
return 1;
|
||||
}
|
||||
|
||||
int ssl_get_security_level_bits(const SSL *s, const SSL_CTX *ctx, int *levelp)
|
||||
{
|
||||
int level;
|
||||
static const int minbits_table[5 + 1] = { 0, 80, 112, 128, 192, 256 };
|
||||
|
||||
if (ctx != NULL)
|
||||
level = SSL_CTX_get_security_level(ctx);
|
||||
else
|
||||
level = SSL_get_security_level(s);
|
||||
|
||||
if (level > 5)
|
||||
level = 5;
|
||||
else if (level < 0)
|
||||
level = 0;
|
||||
|
||||
if (levelp != NULL)
|
||||
*levelp = level;
|
||||
|
||||
return minbits_table[level];
|
||||
}
|
||||
|
||||
static int ssl_security_default_callback(const SSL *s, const SSL_CTX *ctx,
|
||||
int op, int bits, int nid, void *other,
|
||||
void *ex)
|
||||
{
|
||||
int level, minbits;
|
||||
static const int minbits_table[5] = { 80, 112, 128, 192, 256 };
|
||||
if (ctx)
|
||||
level = SSL_CTX_get_security_level(ctx);
|
||||
else
|
||||
level = SSL_get_security_level(s);
|
||||
|
||||
if (level <= 0) {
|
||||
minbits = ssl_get_security_level_bits(s, ctx, &level);
|
||||
|
||||
if (level == 0) {
|
||||
/*
|
||||
* No EDH keys weaker than 1024-bits even at level 0, otherwise,
|
||||
* anything goes.
|
||||
|
@ -927,9 +914,6 @@ static int ssl_security_default_callback(const SSL *s, const SSL_CTX *ctx,
|
|||
return 0;
|
||||
return 1;
|
||||
}
|
||||
if (level > 5)
|
||||
level = 5;
|
||||
minbits = minbits_table[level - 1];
|
||||
switch (op) {
|
||||
case SSL_SECOP_CIPHER_SUPPORTED:
|
||||
case SSL_SECOP_CIPHER_SHARED:
|
||||
|
|
17
trunk/3rdparty/openssl-1.1-fit/ssl/ssl_ciph.c
vendored
17
trunk/3rdparty/openssl-1.1-fit/ssl/ssl_ciph.c
vendored
|
@ -17,7 +17,7 @@
|
|||
#include <openssl/crypto.h>
|
||||
#include <openssl/conf.h>
|
||||
#include "internal/nelem.h"
|
||||
#include "ssl_locl.h"
|
||||
#include "ssl_local.h"
|
||||
#include "internal/thread_once.h"
|
||||
#include "internal/cryptlib.h"
|
||||
|
||||
|
@ -92,7 +92,7 @@ static CRYPTO_ONCE ssl_load_builtin_comp_once = CRYPTO_ONCE_STATIC_INIT;
|
|||
|
||||
/*
|
||||
* Constant SSL_MAX_DIGEST equal to size of digests array should be defined
|
||||
* in the ssl_locl.h
|
||||
* in the ssl_local.h
|
||||
*/
|
||||
|
||||
#define SSL_MD_NUM_IDX SSL_MAX_DIGEST
|
||||
|
@ -1377,24 +1377,25 @@ int SSL_CTX_set_ciphersuites(SSL_CTX *ctx, const char *str)
|
|||
{
|
||||
int ret = set_ciphersuites(&(ctx->tls13_ciphersuites), str);
|
||||
|
||||
if (ret && ctx->cipher_list != NULL) {
|
||||
/* We already have a cipher_list, so we need to update it */
|
||||
if (ret && ctx->cipher_list != NULL)
|
||||
return update_cipher_list(&ctx->cipher_list, &ctx->cipher_list_by_id,
|
||||
ctx->tls13_ciphersuites);
|
||||
}
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
int SSL_set_ciphersuites(SSL *s, const char *str)
|
||||
{
|
||||
STACK_OF(SSL_CIPHER) *cipher_list;
|
||||
int ret = set_ciphersuites(&(s->tls13_ciphersuites), str);
|
||||
|
||||
if (ret && s->cipher_list != NULL) {
|
||||
/* We already have a cipher_list, so we need to update it */
|
||||
if (s->cipher_list == NULL) {
|
||||
if ((cipher_list = SSL_get_ciphers(s)) != NULL)
|
||||
s->cipher_list = sk_SSL_CIPHER_dup(cipher_list);
|
||||
}
|
||||
if (ret && s->cipher_list != NULL)
|
||||
return update_cipher_list(&s->cipher_list, &s->cipher_list_by_id,
|
||||
s->tls13_ciphersuites);
|
||||
}
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
|
11
trunk/3rdparty/openssl-1.1-fit/ssl/ssl_conf.c
vendored
11
trunk/3rdparty/openssl-1.1-fit/ssl/ssl_conf.c
vendored
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2012-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2012-2020 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -8,7 +8,7 @@
|
|||
*/
|
||||
|
||||
#include <stdio.h>
|
||||
#include "ssl_locl.h"
|
||||
#include "ssl_local.h"
|
||||
#include <openssl/conf.h>
|
||||
#include <openssl/objects.h>
|
||||
#include <openssl/dh.h>
|
||||
|
@ -305,6 +305,13 @@ static int protocol_from_string(const char *value)
|
|||
const char *name;
|
||||
int version;
|
||||
};
|
||||
/*
|
||||
* Note: To avoid breaking previously valid configurations, we must retain
|
||||
* legacy entries in this table even if the underlying protocol is no
|
||||
* longer supported. This also means that the constants SSL3_VERSION, ...
|
||||
* need to be retained indefinitely. This table can only grow, never
|
||||
* shrink.
|
||||
*/
|
||||
static const struct protocol_versions versions[] = {
|
||||
{"None", 0},
|
||||
{"SSLv3", SSL3_VERSION},
|
||||
|
|
7
trunk/3rdparty/openssl-1.1-fit/ssl/ssl_err.c
vendored
7
trunk/3rdparty/openssl-1.1-fit/ssl/ssl_err.c
vendored
|
@ -1,6 +1,6 @@
|
|||
/*
|
||||
* Generated by util/mkerr.pl DO NOT EDIT
|
||||
* Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -85,6 +85,7 @@ static const ERR_STRING_DATA SSL_str_functs[] = {
|
|||
{ERR_PACK(ERR_LIB_SSL, SSL_F_FINAL_KEY_SHARE, 0), "final_key_share"},
|
||||
{ERR_PACK(ERR_LIB_SSL, SSL_F_FINAL_MAXFRAGMENTLEN, 0),
|
||||
"final_maxfragmentlen"},
|
||||
{ERR_PACK(ERR_LIB_SSL, SSL_F_FINAL_PSK, 0), "final_psk"},
|
||||
{ERR_PACK(ERR_LIB_SSL, SSL_F_FINAL_RENEGOTIATE, 0), "final_renegotiate"},
|
||||
{ERR_PACK(ERR_LIB_SSL, SSL_F_FINAL_SERVER_NAME, 0), "final_server_name"},
|
||||
{ERR_PACK(ERR_LIB_SSL, SSL_F_FINAL_SIG_ALGS, 0), "final_sig_algs"},
|
||||
|
@ -948,6 +949,8 @@ static const ERR_STRING_DATA SSL_str_reasons[] = {
|
|||
"missing ecdsa signing cert"},
|
||||
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_FATAL), "missing fatal"},
|
||||
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_PARAMETERS), "missing parameters"},
|
||||
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_PSK_KEX_MODES_EXTENSION),
|
||||
"missing psk kex modes extension"},
|
||||
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_RSA_CERTIFICATE),
|
||||
"missing rsa certificate"},
|
||||
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_RSA_ENCRYPTING_CERT),
|
||||
|
@ -1018,6 +1021,8 @@ static const ERR_STRING_DATA SSL_str_reasons[] = {
|
|||
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NULL_SSL_CTX), "null ssl ctx"},
|
||||
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NULL_SSL_METHOD_PASSED),
|
||||
"null ssl method passed"},
|
||||
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_OCSP_CALLBACK_FAILURE),
|
||||
"ocsp callback failure"},
|
||||
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED),
|
||||
"old session cipher not returned"},
|
||||
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED),
|
||||
|
|
|
@ -12,7 +12,7 @@
|
|||
#include "internal/err.h"
|
||||
#include <openssl/crypto.h>
|
||||
#include <openssl/evp.h>
|
||||
#include "ssl_locl.h"
|
||||
#include "ssl_local.h"
|
||||
#include "internal/thread_once.h"
|
||||
|
||||
static int stopped;
|
||||
|
|
208
trunk/3rdparty/openssl-1.1-fit/ssl/ssl_lib.c
vendored
208
trunk/3rdparty/openssl-1.1-fit/ssl/ssl_lib.c
vendored
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
|
||||
* Copyright 2005 Nokia. All rights reserved.
|
||||
*
|
||||
|
@ -10,7 +10,7 @@
|
|||
*/
|
||||
|
||||
#include <stdio.h>
|
||||
#include "ssl_locl.h"
|
||||
#include "ssl_local.h"
|
||||
#include <openssl/objects.h>
|
||||
#include <openssl/x509v3.h>
|
||||
#include <openssl/rand.h>
|
||||
|
@ -628,6 +628,11 @@ int SSL_clear(SSL *s)
|
|||
/* Clear the verification result peername */
|
||||
X509_VERIFY_PARAM_move_peername(s->param, NULL);
|
||||
|
||||
/* Clear any shared connection state */
|
||||
OPENSSL_free(s->shared_sigalgs);
|
||||
s->shared_sigalgs = NULL;
|
||||
s->shared_sigalgslen = 0;
|
||||
|
||||
/*
|
||||
* Check to see if we were changed into a different method, if so, revert
|
||||
* back.
|
||||
|
@ -774,8 +779,10 @@ SSL *SSL_new(SSL_CTX *ctx)
|
|||
s->ext.ecpointformats =
|
||||
OPENSSL_memdup(ctx->ext.ecpointformats,
|
||||
ctx->ext.ecpointformats_len);
|
||||
if (!s->ext.ecpointformats)
|
||||
if (!s->ext.ecpointformats) {
|
||||
s->ext.ecpointformats_len = 0;
|
||||
goto err;
|
||||
}
|
||||
s->ext.ecpointformats_len =
|
||||
ctx->ext.ecpointformats_len;
|
||||
}
|
||||
|
@ -784,8 +791,10 @@ SSL *SSL_new(SSL_CTX *ctx)
|
|||
OPENSSL_memdup(ctx->ext.supportedgroups,
|
||||
ctx->ext.supportedgroups_len
|
||||
* sizeof(*ctx->ext.supportedgroups));
|
||||
if (!s->ext.supportedgroups)
|
||||
if (!s->ext.supportedgroups) {
|
||||
s->ext.supportedgroups_len = 0;
|
||||
goto err;
|
||||
}
|
||||
s->ext.supportedgroups_len = ctx->ext.supportedgroups_len;
|
||||
}
|
||||
#endif
|
||||
|
@ -795,8 +804,10 @@ SSL *SSL_new(SSL_CTX *ctx)
|
|||
|
||||
if (s->ctx->ext.alpn) {
|
||||
s->ext.alpn = OPENSSL_malloc(s->ctx->ext.alpn_len);
|
||||
if (s->ext.alpn == NULL)
|
||||
if (s->ext.alpn == NULL) {
|
||||
s->ext.alpn_len = 0;
|
||||
goto err;
|
||||
}
|
||||
memcpy(s->ext.alpn, s->ctx->ext.alpn, s->ctx->ext.alpn_len);
|
||||
s->ext.alpn_len = s->ctx->ext.alpn_len;
|
||||
}
|
||||
|
@ -867,7 +878,7 @@ int SSL_up_ref(SSL *s)
|
|||
int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx,
|
||||
unsigned int sid_ctx_len)
|
||||
{
|
||||
if (sid_ctx_len > sizeof(ctx->sid_ctx)) {
|
||||
if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) {
|
||||
SSLerr(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT,
|
||||
SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
|
||||
return 0;
|
||||
|
@ -1160,6 +1171,7 @@ void SSL_free(SSL *s)
|
|||
sk_SSL_CIPHER_free(s->cipher_list);
|
||||
sk_SSL_CIPHER_free(s->cipher_list_by_id);
|
||||
sk_SSL_CIPHER_free(s->tls13_ciphersuites);
|
||||
sk_SSL_CIPHER_free(s->peer_ciphers);
|
||||
|
||||
/* Make the next call work :-) */
|
||||
if (s->session != NULL) {
|
||||
|
@ -1172,13 +1184,16 @@ void SSL_free(SSL *s)
|
|||
clear_ciphers(s);
|
||||
|
||||
ssl_cert_free(s->cert);
|
||||
OPENSSL_free(s->shared_sigalgs);
|
||||
/* Free up if allocated */
|
||||
|
||||
OPENSSL_free(s->ext.hostname);
|
||||
SSL_CTX_free(s->session_ctx);
|
||||
#ifndef OPENSSL_NO_EC
|
||||
OPENSSL_free(s->ext.ecpointformats);
|
||||
OPENSSL_free(s->ext.peer_ecpointformats);
|
||||
OPENSSL_free(s->ext.supportedgroups);
|
||||
OPENSSL_free(s->ext.peer_supportedgroups);
|
||||
#endif /* OPENSSL_NO_EC */
|
||||
sk_X509_EXTENSION_pop_free(s->ext.ocsp.exts, X509_EXTENSION_free);
|
||||
#ifndef OPENSSL_NO_OCSP
|
||||
|
@ -1191,6 +1206,8 @@ void SSL_free(SSL *s)
|
|||
OPENSSL_free(s->ext.ocsp.resp);
|
||||
OPENSSL_free(s->ext.alpn);
|
||||
OPENSSL_free(s->ext.tls13_cookie);
|
||||
if (s->clienthello != NULL)
|
||||
OPENSSL_free(s->clienthello->pre_proc_exts);
|
||||
OPENSSL_free(s->clienthello);
|
||||
OPENSSL_free(s->pha_context);
|
||||
EVP_MD_CTX_free(s->pha_dgst);
|
||||
|
@ -2102,6 +2119,11 @@ int SSL_key_update(SSL *s, int updatetype)
|
|||
return 0;
|
||||
}
|
||||
|
||||
if (RECORD_LAYER_write_pending(&s->rlayer)) {
|
||||
SSLerr(SSL_F_SSL_KEY_UPDATE, SSL_R_BAD_WRITE_RETRY);
|
||||
return 0;
|
||||
}
|
||||
|
||||
ossl_statem_set_in_init(s, 1);
|
||||
s->key_update = updatetype;
|
||||
return 1;
|
||||
|
@ -2437,9 +2459,9 @@ STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s)
|
|||
|
||||
STACK_OF(SSL_CIPHER) *SSL_get_client_ciphers(const SSL *s)
|
||||
{
|
||||
if ((s == NULL) || (s->session == NULL) || !s->server)
|
||||
if ((s == NULL) || !s->server)
|
||||
return NULL;
|
||||
return s->session->ciphers;
|
||||
return s->peer_ciphers;
|
||||
}
|
||||
|
||||
STACK_OF(SSL_CIPHER) *SSL_get1_supported_ciphers(SSL *s)
|
||||
|
@ -2578,13 +2600,12 @@ char *SSL_get_shared_ciphers(const SSL *s, char *buf, int size)
|
|||
int i;
|
||||
|
||||
if (!s->server
|
||||
|| s->session == NULL
|
||||
|| s->session->ciphers == NULL
|
||||
|| s->peer_ciphers == NULL
|
||||
|| size < 2)
|
||||
return NULL;
|
||||
|
||||
p = buf;
|
||||
clntsk = s->session->ciphers;
|
||||
clntsk = s->peer_ciphers;
|
||||
srvrsk = SSL_get_ciphers(s);
|
||||
if (clntsk == NULL || srvrsk == NULL)
|
||||
return NULL;
|
||||
|
@ -2615,31 +2636,85 @@ char *SSL_get_shared_ciphers(const SSL *s, char *buf, int size)
|
|||
return buf;
|
||||
}
|
||||
|
||||
/** return a servername extension value if provided in Client Hello, or NULL.
|
||||
* So far, only host_name types are defined (RFC 3546).
|
||||
/**
|
||||
* Return the requested servername (SNI) value. Note that the behaviour varies
|
||||
* depending on:
|
||||
* - whether this is called by the client or the server,
|
||||
* - if we are before or during/after the handshake,
|
||||
* - if a resumption or normal handshake is being attempted/has occurred
|
||||
* - whether we have negotiated TLSv1.2 (or below) or TLSv1.3
|
||||
*
|
||||
* Note that only the host_name type is defined (RFC 3546).
|
||||
*/
|
||||
|
||||
const char *SSL_get_servername(const SSL *s, const int type)
|
||||
{
|
||||
/*
|
||||
* If we don't know if we are the client or the server yet then we assume
|
||||
* client.
|
||||
*/
|
||||
int server = s->handshake_func == NULL ? 0 : s->server;
|
||||
if (type != TLSEXT_NAMETYPE_host_name)
|
||||
return NULL;
|
||||
|
||||
/*
|
||||
* SNI is not negotiated in pre-TLS-1.3 resumption flows, so fake up an
|
||||
* SNI value to return if we are resuming/resumed. N.B. that we still
|
||||
* call the relevant callbacks for such resumption flows, and callbacks
|
||||
* might error out if there is not a SNI value available.
|
||||
*/
|
||||
if (s->hit)
|
||||
return s->session->ext.hostname;
|
||||
if (server) {
|
||||
/**
|
||||
* Server side
|
||||
* In TLSv1.3 on the server SNI is not associated with the session
|
||||
* but in TLSv1.2 or below it is.
|
||||
*
|
||||
* Before the handshake:
|
||||
* - return NULL
|
||||
*
|
||||
* During/after the handshake (TLSv1.2 or below resumption occurred):
|
||||
* - If a servername was accepted by the server in the original
|
||||
* handshake then it will return that servername, or NULL otherwise.
|
||||
*
|
||||
* During/after the handshake (TLSv1.2 or below resumption did not occur):
|
||||
* - The function will return the servername requested by the client in
|
||||
* this handshake or NULL if none was requested.
|
||||
*/
|
||||
if (s->hit && !SSL_IS_TLS13(s))
|
||||
return s->session->ext.hostname;
|
||||
} else {
|
||||
/**
|
||||
* Client side
|
||||
*
|
||||
* Before the handshake:
|
||||
* - If a servername has been set via a call to
|
||||
* SSL_set_tlsext_host_name() then it will return that servername
|
||||
* - If one has not been set, but a TLSv1.2 resumption is being
|
||||
* attempted and the session from the original handshake had a
|
||||
* servername accepted by the server then it will return that
|
||||
* servername
|
||||
* - Otherwise it returns NULL
|
||||
*
|
||||
* During/after the handshake (TLSv1.2 or below resumption occurred):
|
||||
* - If the session from the original handshake had a servername accepted
|
||||
* by the server then it will return that servername.
|
||||
* - Otherwise it returns the servername set via
|
||||
* SSL_set_tlsext_host_name() (or NULL if it was not called).
|
||||
*
|
||||
* During/after the handshake (TLSv1.2 or below resumption did not occur):
|
||||
* - It will return the servername set via SSL_set_tlsext_host_name()
|
||||
* (or NULL if it was not called).
|
||||
*/
|
||||
if (SSL_in_before(s)) {
|
||||
if (s->ext.hostname == NULL
|
||||
&& s->session != NULL
|
||||
&& s->session->ssl_version != TLS1_3_VERSION)
|
||||
return s->session->ext.hostname;
|
||||
} else {
|
||||
if (!SSL_IS_TLS13(s) && s->hit && s->session->ext.hostname != NULL)
|
||||
return s->session->ext.hostname;
|
||||
}
|
||||
}
|
||||
|
||||
return s->ext.hostname;
|
||||
}
|
||||
|
||||
int SSL_get_servername_type(const SSL *s)
|
||||
{
|
||||
if (s->session
|
||||
&& (!s->ext.hostname ? s->session->
|
||||
ext.hostname : s->ext.hostname))
|
||||
if (SSL_get_servername(s, TLSEXT_NAMETYPE_host_name) != NULL)
|
||||
return TLSEXT_NAMETYPE_host_name;
|
||||
return -1;
|
||||
}
|
||||
|
@ -2759,6 +2834,19 @@ void SSL_CTX_set_npn_select_cb(SSL_CTX *ctx,
|
|||
}
|
||||
#endif
|
||||
|
||||
static int alpn_value_ok(const unsigned char *protos, unsigned int protos_len)
|
||||
{
|
||||
unsigned int idx;
|
||||
|
||||
if (protos_len < 2 || protos == NULL)
|
||||
return 0;
|
||||
|
||||
for (idx = 0; idx < protos_len; idx += protos[idx] + 1) {
|
||||
if (protos[idx] == 0)
|
||||
return 0;
|
||||
}
|
||||
return idx == protos_len;
|
||||
}
|
||||
/*
|
||||
* SSL_CTX_set_alpn_protos sets the ALPN protocol list on |ctx| to |protos|.
|
||||
* |protos| must be in wire-format (i.e. a series of non-empty, 8-bit
|
||||
|
@ -2767,12 +2855,25 @@ void SSL_CTX_set_npn_select_cb(SSL_CTX *ctx,
|
|||
int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos,
|
||||
unsigned int protos_len)
|
||||
{
|
||||
OPENSSL_free(ctx->ext.alpn);
|
||||
ctx->ext.alpn = OPENSSL_memdup(protos, protos_len);
|
||||
if (ctx->ext.alpn == NULL) {
|
||||
unsigned char *alpn;
|
||||
|
||||
if (protos_len == 0 || protos == NULL) {
|
||||
OPENSSL_free(ctx->ext.alpn);
|
||||
ctx->ext.alpn = NULL;
|
||||
ctx->ext.alpn_len = 0;
|
||||
return 0;
|
||||
}
|
||||
/* Not valid per RFC */
|
||||
if (!alpn_value_ok(protos, protos_len))
|
||||
return 1;
|
||||
|
||||
alpn = OPENSSL_memdup(protos, protos_len);
|
||||
if (alpn == NULL) {
|
||||
SSLerr(SSL_F_SSL_CTX_SET_ALPN_PROTOS, ERR_R_MALLOC_FAILURE);
|
||||
return 1;
|
||||
}
|
||||
OPENSSL_free(ctx->ext.alpn);
|
||||
ctx->ext.alpn = alpn;
|
||||
ctx->ext.alpn_len = protos_len;
|
||||
|
||||
return 0;
|
||||
|
@ -2786,12 +2887,25 @@ int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos,
|
|||
int SSL_set_alpn_protos(SSL *ssl, const unsigned char *protos,
|
||||
unsigned int protos_len)
|
||||
{
|
||||
OPENSSL_free(ssl->ext.alpn);
|
||||
ssl->ext.alpn = OPENSSL_memdup(protos, protos_len);
|
||||
if (ssl->ext.alpn == NULL) {
|
||||
unsigned char *alpn;
|
||||
|
||||
if (protos_len == 0 || protos == NULL) {
|
||||
OPENSSL_free(ssl->ext.alpn);
|
||||
ssl->ext.alpn = NULL;
|
||||
ssl->ext.alpn_len = 0;
|
||||
return 0;
|
||||
}
|
||||
/* Not valid per RFC */
|
||||
if (!alpn_value_ok(protos, protos_len))
|
||||
return 1;
|
||||
|
||||
alpn = OPENSSL_memdup(protos, protos_len);
|
||||
if (alpn == NULL) {
|
||||
SSLerr(SSL_F_SSL_SET_ALPN_PROTOS, ERR_R_MALLOC_FAILURE);
|
||||
return 1;
|
||||
}
|
||||
OPENSSL_free(ssl->ext.alpn);
|
||||
ssl->ext.alpn = alpn;
|
||||
ssl->ext.alpn_len = protos_len;
|
||||
|
||||
return 0;
|
||||
|
@ -2833,7 +2947,8 @@ int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen,
|
|||
const unsigned char *context, size_t contextlen,
|
||||
int use_context)
|
||||
{
|
||||
if (s->version < TLS1_VERSION && s->version != DTLS1_BAD_VER)
|
||||
if (s->session == NULL
|
||||
|| (s->version < TLS1_VERSION && s->version != DTLS1_BAD_VER))
|
||||
return -1;
|
||||
|
||||
return s->method->ssl3_enc->export_keying_material(s, out, olen, label,
|
||||
|
@ -3762,6 +3877,8 @@ SSL *SSL_dup(SSL *s)
|
|||
goto err;
|
||||
ret->version = s->version;
|
||||
ret->options = s->options;
|
||||
ret->min_proto_version = s->min_proto_version;
|
||||
ret->max_proto_version = s->max_proto_version;
|
||||
ret->mode = s->mode;
|
||||
SSL_set_max_cert_list(ret, SSL_get_max_cert_list(s));
|
||||
SSL_set_read_ahead(ret, SSL_get_read_ahead(s));
|
||||
|
@ -3777,21 +3894,6 @@ SSL *SSL_dup(SSL *s)
|
|||
if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL, &ret->ex_data, &s->ex_data))
|
||||
goto err;
|
||||
|
||||
/* setup rbio, and wbio */
|
||||
if (s->rbio != NULL) {
|
||||
if (!BIO_dup_state(s->rbio, (char *)&ret->rbio))
|
||||
goto err;
|
||||
}
|
||||
if (s->wbio != NULL) {
|
||||
if (s->wbio != s->rbio) {
|
||||
if (!BIO_dup_state(s->wbio, (char *)&ret->wbio))
|
||||
goto err;
|
||||
} else {
|
||||
BIO_up_ref(ret->rbio);
|
||||
ret->wbio = ret->rbio;
|
||||
}
|
||||
}
|
||||
|
||||
ret->server = s->server;
|
||||
if (s->handshake_func) {
|
||||
if (s->server)
|
||||
|
@ -4460,8 +4562,11 @@ int ssl_handshake_hash(SSL *s, unsigned char *out, size_t outlen,
|
|||
}
|
||||
|
||||
ctx = EVP_MD_CTX_new();
|
||||
if (ctx == NULL)
|
||||
if (ctx == NULL) {
|
||||
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_HANDSHAKE_HASH,
|
||||
ERR_R_INTERNAL_ERROR);
|
||||
goto err;
|
||||
}
|
||||
|
||||
if (!EVP_MD_CTX_copy_ex(ctx, hdgst)
|
||||
|| EVP_DigestFinal_ex(ctx, out, NULL) <= 0) {
|
||||
|
@ -4478,7 +4583,7 @@ int ssl_handshake_hash(SSL *s, unsigned char *out, size_t outlen,
|
|||
return ret;
|
||||
}
|
||||
|
||||
int SSL_session_reused(SSL *s)
|
||||
int SSL_session_reused(const SSL *s)
|
||||
{
|
||||
return s->hit;
|
||||
}
|
||||
|
@ -5070,6 +5175,11 @@ int SSL_client_hello_get1_extensions_present(SSL *s, int **out, size_t *outlen)
|
|||
if (ext->present)
|
||||
num++;
|
||||
}
|
||||
if (num == 0) {
|
||||
*out = NULL;
|
||||
*outlen = 0;
|
||||
return 1;
|
||||
}
|
||||
if ((present = OPENSSL_malloc(sizeof(*present) * num)) == NULL) {
|
||||
SSLerr(SSL_F_SSL_CLIENT_HELLO_GET1_EXTENSIONS_PRESENT,
|
||||
ERR_R_MALLOC_FAILURE);
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
|
||||
* Copyright 2005 Nokia. All rights reserved.
|
||||
*
|
||||
|
@ -9,8 +9,8 @@
|
|||
* https://www.openssl.org/source/license.html
|
||||
*/
|
||||
|
||||
#ifndef HEADER_SSL_LOCL_H
|
||||
# define HEADER_SSL_LOCL_H
|
||||
#ifndef OSSL_SSL_LOCAL_H
|
||||
# define OSSL_SSL_LOCAL_H
|
||||
|
||||
# include "e_os.h" /* struct timeval for DTLS */
|
||||
# include <stdlib.h>
|
||||
|
@ -30,7 +30,7 @@
|
|||
# include <openssl/ct.h>
|
||||
# include "record/record.h"
|
||||
# include "statem/statem.h"
|
||||
# include "packet_locl.h"
|
||||
# include "packet_local.h"
|
||||
# include "internal/dane.h"
|
||||
# include "internal/refcount.h"
|
||||
# include "internal/tsan_assist.h"
|
||||
|
@ -537,7 +537,6 @@ struct ssl_session_st {
|
|||
int not_resumable;
|
||||
/* This is the cert and type for the other end. */
|
||||
X509 *peer;
|
||||
int peer_type;
|
||||
/* Certificate chain peer sent. */
|
||||
STACK_OF(X509) *peer_chain;
|
||||
/*
|
||||
|
@ -552,7 +551,6 @@ struct ssl_session_st {
|
|||
const SSL_CIPHER *cipher;
|
||||
unsigned long cipher_id; /* when ASN.1 loaded, this needs to be used to
|
||||
* load the 'cipher' structure */
|
||||
STACK_OF(SSL_CIPHER) *ciphers; /* ciphers offered by the client */
|
||||
CRYPTO_EX_DATA ex_data; /* application specific data */
|
||||
/*
|
||||
* These are used to make removal of session-ids more efficient and to
|
||||
|
@ -562,19 +560,12 @@ struct ssl_session_st {
|
|||
|
||||
struct {
|
||||
char *hostname;
|
||||
# ifndef OPENSSL_NO_EC
|
||||
size_t ecpointformats_len;
|
||||
unsigned char *ecpointformats; /* peer's list */
|
||||
# endif /* OPENSSL_NO_EC */
|
||||
size_t supportedgroups_len;
|
||||
uint16_t *supportedgroups; /* peer's list */
|
||||
/* RFC4507 info */
|
||||
/* RFC4507 info */
|
||||
unsigned char *tick; /* Session ticket */
|
||||
size_t ticklen; /* Session ticket length */
|
||||
/* Session lifetime hint in seconds */
|
||||
unsigned long tick_lifetime_hint;
|
||||
uint32_t tick_age_add;
|
||||
int tick_identity;
|
||||
/* Max number of bytes that can be sent as early data */
|
||||
uint32_t max_early_data;
|
||||
/* The ALPN protocol selected for this session */
|
||||
|
@ -1138,6 +1129,7 @@ struct ssl_st {
|
|||
/* Per connection DANE state */
|
||||
SSL_DANE dane;
|
||||
/* crypto */
|
||||
STACK_OF(SSL_CIPHER) *peer_ciphers;
|
||||
STACK_OF(SSL_CIPHER) *cipher_list;
|
||||
STACK_OF(SSL_CIPHER) *cipher_list_by_id;
|
||||
/* TLSv1.3 specific ciphersuites */
|
||||
|
@ -1301,10 +1293,19 @@ struct ssl_st {
|
|||
size_t ecpointformats_len;
|
||||
/* our list */
|
||||
unsigned char *ecpointformats;
|
||||
|
||||
size_t peer_ecpointformats_len;
|
||||
/* peer's list */
|
||||
unsigned char *peer_ecpointformats;
|
||||
# endif /* OPENSSL_NO_EC */
|
||||
size_t supportedgroups_len;
|
||||
/* our list */
|
||||
uint16_t *supportedgroups;
|
||||
|
||||
size_t peer_supportedgroups_len;
|
||||
/* peer's list */
|
||||
uint16_t *peer_supportedgroups;
|
||||
|
||||
/* TLS Session Ticket extension override */
|
||||
TLS_SESSION_TICKET_EXT *session_ticket;
|
||||
/* TLS Session Ticket extension callback */
|
||||
|
@ -1356,6 +1357,13 @@ struct ssl_st {
|
|||
* as this extension is optional on server side.
|
||||
*/
|
||||
uint8_t max_fragment_len_mode;
|
||||
|
||||
/*
|
||||
* On the client side the number of ticket identities we sent in the
|
||||
* ClientHello. On the server side the identity of the ticket we
|
||||
* selected.
|
||||
*/
|
||||
int tick_identity;
|
||||
} ext;
|
||||
|
||||
/*
|
||||
|
@ -1453,7 +1461,6 @@ struct ssl_st {
|
|||
size_t block_padding;
|
||||
|
||||
CRYPTO_RWLOCK *lock;
|
||||
RAND_DRBG *drbg;
|
||||
|
||||
/* The number of TLS1.3 tickets to automatically send */
|
||||
size_t num_tickets;
|
||||
|
@ -1465,6 +1472,13 @@ struct ssl_st {
|
|||
/* Callback to determine if early_data is acceptable or not */
|
||||
SSL_allow_early_data_cb_fn allow_early_data_cb;
|
||||
void *allow_early_data_cb_data;
|
||||
|
||||
/*
|
||||
* Signature algorithms shared by client and server: cached because these
|
||||
* are used most often.
|
||||
*/
|
||||
const struct sigalg_lookup_st **shared_sigalgs;
|
||||
size_t shared_sigalgslen;
|
||||
};
|
||||
|
||||
/*
|
||||
|
@ -1509,7 +1523,7 @@ typedef struct cert_pkey_st CERT_PKEY;
|
|||
* CERT_PKEY entries
|
||||
*/
|
||||
typedef struct {
|
||||
int nid; /* NID of pubic key algorithm */
|
||||
int nid; /* NID of public key algorithm */
|
||||
uint32_t amask; /* authmask corresponding to key type */
|
||||
} SSL_CERT_LOOKUP;
|
||||
|
||||
|
@ -1898,12 +1912,6 @@ typedef struct cert_st {
|
|||
uint16_t *client_sigalgs;
|
||||
/* Size of above array */
|
||||
size_t client_sigalgslen;
|
||||
/*
|
||||
* Signature algorithms shared by client and server: cached because these
|
||||
* are used most often.
|
||||
*/
|
||||
const SIGALG_LOOKUP **shared_sigalgs;
|
||||
size_t shared_sigalgslen;
|
||||
/*
|
||||
* Certificate setup callback: if set is called whenever a certificate
|
||||
* may be required (client or server). the callback can then examine any
|
||||
|
@ -2052,9 +2060,6 @@ typedef enum downgrade_en {
|
|||
#define TLSEXT_KEX_MODE_FLAG_KE 1
|
||||
#define TLSEXT_KEX_MODE_FLAG_KE_DHE 2
|
||||
|
||||
/* An invalid index into the TLSv1.3 PSK identities */
|
||||
#define TLSEXT_PSK_BAD_IDENTITY -1
|
||||
|
||||
#define SSL_USE_PSS(s) (s->s3->tmp.peer_sigalg != NULL && \
|
||||
s->s3->tmp.peer_sigalg->sig == EVP_PKEY_RSA_PSS)
|
||||
|
||||
|
@ -2237,8 +2242,8 @@ static ossl_inline int ssl_has_cert(const SSL *s, int idx)
|
|||
static ossl_inline void tls1_get_peer_groups(SSL *s, const uint16_t **pgroups,
|
||||
size_t *pgroupslen)
|
||||
{
|
||||
*pgroups = s->session->ext.supportedgroups;
|
||||
*pgroupslen = s->session->ext.supportedgroups_len;
|
||||
*pgroups = s->ext.peer_supportedgroups;
|
||||
*pgroupslen = s->ext.peer_supportedgroups_len;
|
||||
}
|
||||
|
||||
# ifndef OPENSSL_UNIT_TEST
|
||||
|
@ -2300,6 +2305,7 @@ __owur int ssl_cert_set_cert_store(CERT *c, X509_STORE *store, int chain,
|
|||
__owur int ssl_security(const SSL *s, int op, int bits, int nid, void *other);
|
||||
__owur int ssl_ctx_security(const SSL_CTX *ctx, int op, int bits, int nid,
|
||||
void *other);
|
||||
int ssl_get_security_level_bits(const SSL *s, const SSL_CTX *ctx, int *levelp);
|
||||
|
||||
__owur int ssl_cert_lookup_by_nid(int nid, size_t *pidx);
|
||||
__owur const SSL_CERT_LOOKUP *ssl_cert_lookup_by_pkey(const EVP_PKEY *pk,
|
||||
|
@ -2421,7 +2427,6 @@ __owur int dtls1_handle_timeout(SSL *s);
|
|||
void dtls1_start_timer(SSL *s);
|
||||
void dtls1_stop_timer(SSL *s);
|
||||
__owur int dtls1_is_timer_expired(SSL *s);
|
||||
void dtls1_double_timeout(SSL *s);
|
||||
__owur int dtls_raw_hello_verify_request(WPACKET *pkt, unsigned char *cookie,
|
||||
size_t cookie_len);
|
||||
__owur size_t dtls1_min_mtu(SSL *s);
|
||||
|
@ -2575,7 +2580,7 @@ __owur int tls_check_sigalg_curve(const SSL *s, int curve);
|
|||
# endif
|
||||
__owur int tls12_check_peer_sigalg(SSL *s, uint16_t, EVP_PKEY *pkey);
|
||||
__owur int ssl_set_client_disabled(SSL *s);
|
||||
__owur int ssl_cipher_disabled(SSL *s, const SSL_CIPHER *c, int op, int echde);
|
||||
__owur int ssl_cipher_disabled(const SSL *s, const SSL_CIPHER *c, int op, int echde);
|
||||
|
||||
__owur int ssl_handshake_hash(SSL *s, unsigned char *out, size_t outlen,
|
||||
size_t *hashlen);
|
|
@ -10,7 +10,7 @@
|
|||
#include <stdio.h>
|
||||
#include <openssl/conf.h>
|
||||
#include <openssl/ssl.h>
|
||||
#include "ssl_locl.h"
|
||||
#include "ssl_local.h"
|
||||
#include "internal/sslconf.h"
|
||||
|
||||
/* SSL library configuration module. */
|
||||
|
|
32
trunk/3rdparty/openssl-1.1-fit/ssl/ssl_rsa.c
vendored
32
trunk/3rdparty/openssl-1.1-fit/ssl/ssl_rsa.c
vendored
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -8,8 +8,8 @@
|
|||
*/
|
||||
|
||||
#include <stdio.h>
|
||||
#include "ssl_locl.h"
|
||||
#include "packet_locl.h"
|
||||
#include "ssl_local.h"
|
||||
#include "packet_local.h"
|
||||
#include <openssl/bio.h>
|
||||
#include <openssl/objects.h>
|
||||
#include <openssl/evp.h>
|
||||
|
@ -148,15 +148,6 @@ static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey)
|
|||
EVP_PKEY_copy_parameters(pktmp, pkey);
|
||||
ERR_clear_error();
|
||||
|
||||
#ifndef OPENSSL_NO_RSA
|
||||
/*
|
||||
* Don't check the public/private key, this is mostly for smart
|
||||
* cards.
|
||||
*/
|
||||
if (EVP_PKEY_id(pkey) == EVP_PKEY_RSA
|
||||
&& RSA_flags(EVP_PKEY_get0_RSA(pkey)) & RSA_METHOD_FLAG_NO_CHECK) ;
|
||||
else
|
||||
#endif
|
||||
if (!X509_check_private_key(c->pkeys[i].x509, pkey)) {
|
||||
X509_free(c->pkeys[i].x509);
|
||||
c->pkeys[i].x509 = NULL;
|
||||
|
@ -342,16 +333,6 @@ static int ssl_set_cert(CERT *c, X509 *x)
|
|||
EVP_PKEY_copy_parameters(pkey, c->pkeys[i].privatekey);
|
||||
ERR_clear_error();
|
||||
|
||||
#ifndef OPENSSL_NO_RSA
|
||||
/*
|
||||
* Don't check the public/private key, this is mostly for smart
|
||||
* cards.
|
||||
*/
|
||||
if (EVP_PKEY_id(c->pkeys[i].privatekey) == EVP_PKEY_RSA
|
||||
&& RSA_flags(EVP_PKEY_get0_RSA(c->pkeys[i].privatekey)) &
|
||||
RSA_METHOD_FLAG_NO_CHECK) ;
|
||||
else
|
||||
#endif /* OPENSSL_NO_RSA */
|
||||
if (!X509_check_private_key(x, c->pkeys[i].privatekey)) {
|
||||
/*
|
||||
* don't fail for a cert/key mismatch, just free current private
|
||||
|
@ -1082,13 +1063,6 @@ static int ssl_set_cert_and_key(SSL *ssl, SSL_CTX *ctx, X509 *x509, EVP_PKEY *pr
|
|||
EVP_PKEY_copy_parameters(pubkey, privatekey);
|
||||
} /* else both have parameters */
|
||||
|
||||
/* Copied from ssl_set_cert/pkey */
|
||||
#ifndef OPENSSL_NO_RSA
|
||||
if ((EVP_PKEY_id(privatekey) == EVP_PKEY_RSA) &&
|
||||
((RSA_flags(EVP_PKEY_get0_RSA(privatekey)) & RSA_METHOD_FLAG_NO_CHECK)))
|
||||
/* no-op */ ;
|
||||
else
|
||||
#endif
|
||||
/* check that key <-> cert match */
|
||||
if (EVP_PKEY_cmp(pubkey, privatekey) != 1) {
|
||||
SSLerr(SSL_F_SSL_SET_CERT_AND_KEY, SSL_R_PRIVATE_KEY_MISMATCH);
|
||||
|
|
45
trunk/3rdparty/openssl-1.1-fit/ssl/ssl_sess.c
vendored
45
trunk/3rdparty/openssl-1.1-fit/ssl/ssl_sess.c
vendored
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2005 Nokia. All rights reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
|
@ -13,8 +13,8 @@
|
|||
#include <openssl/engine.h>
|
||||
#include "internal/refcount.h"
|
||||
#include "internal/cryptlib.h"
|
||||
#include "ssl_locl.h"
|
||||
#include "statem/statem_locl.h"
|
||||
#include "ssl_local.h"
|
||||
#include "statem/statem_local.h"
|
||||
|
||||
static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s);
|
||||
static void SSL_SESSION_list_add(SSL_CTX *ctx, SSL_SESSION *s);
|
||||
|
@ -107,7 +107,7 @@ SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket)
|
|||
{
|
||||
SSL_SESSION *dest;
|
||||
|
||||
dest = OPENSSL_malloc(sizeof(*src));
|
||||
dest = OPENSSL_malloc(sizeof(*dest));
|
||||
if (dest == NULL) {
|
||||
goto err;
|
||||
}
|
||||
|
@ -121,12 +121,7 @@ SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket)
|
|||
dest->psk_identity_hint = NULL;
|
||||
dest->psk_identity = NULL;
|
||||
#endif
|
||||
dest->ciphers = NULL;
|
||||
dest->ext.hostname = NULL;
|
||||
#ifndef OPENSSL_NO_EC
|
||||
dest->ext.ecpointformats = NULL;
|
||||
dest->ext.supportedgroups = NULL;
|
||||
#endif
|
||||
dest->ext.tick = NULL;
|
||||
dest->ext.alpn_selected = NULL;
|
||||
#ifndef OPENSSL_NO_SRP
|
||||
|
@ -176,12 +171,6 @@ SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket)
|
|||
}
|
||||
#endif
|
||||
|
||||
if (src->ciphers != NULL) {
|
||||
dest->ciphers = sk_SSL_CIPHER_dup(src->ciphers);
|
||||
if (dest->ciphers == NULL)
|
||||
goto err;
|
||||
}
|
||||
|
||||
if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL_SESSION,
|
||||
&dest->ex_data, &src->ex_data)) {
|
||||
goto err;
|
||||
|
@ -193,23 +182,6 @@ SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket)
|
|||
goto err;
|
||||
}
|
||||
}
|
||||
#ifndef OPENSSL_NO_EC
|
||||
if (src->ext.ecpointformats) {
|
||||
dest->ext.ecpointformats =
|
||||
OPENSSL_memdup(src->ext.ecpointformats,
|
||||
src->ext.ecpointformats_len);
|
||||
if (dest->ext.ecpointformats == NULL)
|
||||
goto err;
|
||||
}
|
||||
if (src->ext.supportedgroups) {
|
||||
dest->ext.supportedgroups =
|
||||
OPENSSL_memdup(src->ext.supportedgroups,
|
||||
src->ext.supportedgroups_len
|
||||
* sizeof(*src->ext.supportedgroups));
|
||||
if (dest->ext.supportedgroups == NULL)
|
||||
goto err;
|
||||
}
|
||||
#endif
|
||||
|
||||
if (ticket != 0 && src->ext.tick != NULL) {
|
||||
dest->ext.tick =
|
||||
|
@ -790,17 +762,8 @@ void SSL_SESSION_free(SSL_SESSION *ss)
|
|||
OPENSSL_cleanse(ss->session_id, sizeof(ss->session_id));
|
||||
X509_free(ss->peer);
|
||||
sk_X509_pop_free(ss->peer_chain, X509_free);
|
||||
sk_SSL_CIPHER_free(ss->ciphers);
|
||||
OPENSSL_free(ss->ext.hostname);
|
||||
OPENSSL_free(ss->ext.tick);
|
||||
#ifndef OPENSSL_NO_EC
|
||||
OPENSSL_free(ss->ext.ecpointformats);
|
||||
ss->ext.ecpointformats = NULL;
|
||||
ss->ext.ecpointformats_len = 0;
|
||||
OPENSSL_free(ss->ext.supportedgroups);
|
||||
ss->ext.supportedgroups = NULL;
|
||||
ss->ext.supportedgroups_len = 0;
|
||||
#endif /* OPENSSL_NO_EC */
|
||||
#ifndef OPENSSL_NO_PSK
|
||||
OPENSSL_free(ss->psk_identity_hint);
|
||||
OPENSSL_free(ss->psk_identity);
|
||||
|
|
|
@ -9,7 +9,7 @@
|
|||
*/
|
||||
|
||||
#include <stdio.h>
|
||||
#include "ssl_locl.h"
|
||||
#include "ssl_local.h"
|
||||
|
||||
const char *SSL_state_string_long(const SSL *s)
|
||||
{
|
||||
|
|
2
trunk/3rdparty/openssl-1.1-fit/ssl/ssl_txt.c
vendored
2
trunk/3rdparty/openssl-1.1-fit/ssl/ssl_txt.c
vendored
|
@ -10,7 +10,7 @@
|
|||
|
||||
#include <stdio.h>
|
||||
#include <openssl/buffer.h>
|
||||
#include "ssl_locl.h"
|
||||
#include "ssl_local.h"
|
||||
|
||||
#ifndef OPENSSL_NO_STDIO
|
||||
int SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *x)
|
||||
|
|
|
@ -7,7 +7,7 @@
|
|||
* https://www.openssl.org/source/license.html
|
||||
*/
|
||||
|
||||
#include "ssl_locl.h"
|
||||
#include "ssl_local.h"
|
||||
|
||||
#ifndef OPENSSL_NO_UNIT_TEST
|
||||
|
||||
|
|
|
@ -40,7 +40,7 @@ Conceptually the state machine component is designed as follows:
|
|||
| |
|
||||
| Core state machine code |
|
||||
|____________________________|
|
||||
statem_locl.h ^ ^
|
||||
statem_local.h ^ ^
|
||||
_________| |_______
|
||||
| |
|
||||
_____________|____________ _____________|____________
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -10,14 +10,15 @@
|
|||
#include <string.h>
|
||||
#include "internal/nelem.h"
|
||||
#include "internal/cryptlib.h"
|
||||
#include "../ssl_locl.h"
|
||||
#include "statem_locl.h"
|
||||
#include "../ssl_local.h"
|
||||
#include "statem_local.h"
|
||||
#include "internal/cryptlib.h"
|
||||
|
||||
static int final_renegotiate(SSL *s, unsigned int context, int sent);
|
||||
static int init_server_name(SSL *s, unsigned int context);
|
||||
static int final_server_name(SSL *s, unsigned int context, int sent);
|
||||
#ifndef OPENSSL_NO_EC
|
||||
static int init_ec_point_formats(SSL *s, unsigned int context);
|
||||
static int final_ec_pt_formats(SSL *s, unsigned int context, int sent);
|
||||
#endif
|
||||
static int init_session_ticket(SSL *s, unsigned int context);
|
||||
|
@ -56,6 +57,7 @@ static int final_sig_algs(SSL *s, unsigned int context, int sent);
|
|||
static int final_early_data(SSL *s, unsigned int context, int sent);
|
||||
static int final_maxfragmentlen(SSL *s, unsigned int context, int sent);
|
||||
static int init_post_handshake_auth(SSL *s, unsigned int context);
|
||||
static int final_psk(SSL *s, unsigned int context, int sent);
|
||||
|
||||
/* Structure to define a built-in extension */
|
||||
typedef struct extensions_definition_st {
|
||||
|
@ -94,7 +96,7 @@ typedef struct extensions_definition_st {
|
|||
/*
|
||||
* Definitions of all built-in extensions. NOTE: Changes in the number or order
|
||||
* of these extensions should be mirrored with equivalent changes to the
|
||||
* indexes ( TLSEXT_IDX_* ) defined in ssl_locl.h.
|
||||
* indexes ( TLSEXT_IDX_* ) defined in ssl_local.h.
|
||||
* Each extension has an initialiser, a client and
|
||||
* server side parser and a finaliser. The initialiser is called (if the
|
||||
* extension is relevant to the given context) even if we did not see the
|
||||
|
@ -158,7 +160,7 @@ static const EXTENSION_DEFINITION ext_defs[] = {
|
|||
TLSEXT_TYPE_ec_point_formats,
|
||||
SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO
|
||||
| SSL_EXT_TLS1_2_AND_BELOW_ONLY,
|
||||
NULL, tls_parse_ctos_ec_pt_formats, tls_parse_stoc_ec_pt_formats,
|
||||
init_ec_point_formats, tls_parse_ctos_ec_pt_formats, tls_parse_stoc_ec_pt_formats,
|
||||
tls_construct_stoc_ec_pt_formats, tls_construct_ctos_ec_pt_formats,
|
||||
final_ec_pt_formats
|
||||
},
|
||||
|
@ -336,6 +338,8 @@ static const EXTENSION_DEFINITION ext_defs[] = {
|
|||
tls_construct_stoc_key_share, tls_construct_ctos_key_share,
|
||||
final_key_share
|
||||
},
|
||||
#else
|
||||
INVALID_EXTENSION,
|
||||
#endif
|
||||
{
|
||||
/* Must be after key_share */
|
||||
|
@ -387,7 +391,7 @@ static const EXTENSION_DEFINITION ext_defs[] = {
|
|||
SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_SERVER_HELLO
|
||||
| SSL_EXT_TLS_IMPLEMENTATION_ONLY | SSL_EXT_TLS1_3_ONLY,
|
||||
NULL, tls_parse_ctos_psk, tls_parse_stoc_psk, tls_construct_stoc_psk,
|
||||
tls_construct_ctos_psk, NULL
|
||||
tls_construct_ctos_psk, final_psk
|
||||
}
|
||||
};
|
||||
|
||||
|
@ -949,8 +953,7 @@ static int final_server_name(SSL *s, unsigned int context, int sent)
|
|||
* was successful.
|
||||
*/
|
||||
if (s->server) {
|
||||
/* TODO(OpenSSL1.2) revisit !sent case */
|
||||
if (sent && ret == SSL_TLSEXT_ERR_OK && (!s->hit || SSL_IS_TLS13(s))) {
|
||||
if (sent && ret == SSL_TLSEXT_ERR_OK && !s->hit) {
|
||||
/* Only store the hostname in the session if we accepted it. */
|
||||
OPENSSL_free(s->session->ext.hostname);
|
||||
s->session->ext.hostname = OPENSSL_strdup(s->ext.hostname);
|
||||
|
@ -967,7 +970,8 @@ static int final_server_name(SSL *s, unsigned int context, int sent)
|
|||
* context, to avoid the confusing situation of having sess_accept_good
|
||||
* exceed sess_accept (zero) for the new context.
|
||||
*/
|
||||
if (SSL_IS_FIRST_HANDSHAKE(s) && s->ctx != s->session_ctx) {
|
||||
if (SSL_IS_FIRST_HANDSHAKE(s) && s->ctx != s->session_ctx
|
||||
&& s->hello_retry_request == SSL_HRR_NONE) {
|
||||
tsan_counter(&s->ctx->stats.sess_accept);
|
||||
tsan_decr(&s->session_ctx->stats.sess_accept);
|
||||
}
|
||||
|
@ -989,7 +993,6 @@ static int final_server_name(SSL *s, unsigned int context, int sent)
|
|||
ss->ext.ticklen = 0;
|
||||
ss->ext.tick_lifetime_hint = 0;
|
||||
ss->ext.tick_age_add = 0;
|
||||
ss->ext.tick_identity = 0;
|
||||
if (!ssl_generate_session_id(s, ss)) {
|
||||
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_FINAL_SERVER_NAME,
|
||||
ERR_R_INTERNAL_ERROR);
|
||||
|
@ -1012,6 +1015,7 @@ static int final_server_name(SSL *s, unsigned int context, int sent)
|
|||
/* TLSv1.3 doesn't have warning alerts so we suppress this */
|
||||
if (!SSL_IS_TLS13(s))
|
||||
ssl3_send_alert(s, SSL3_AL_WARNING, altmp);
|
||||
s->servername_done = 0;
|
||||
return 1;
|
||||
|
||||
case SSL_TLSEXT_ERR_NOACK:
|
||||
|
@ -1024,6 +1028,15 @@ static int final_server_name(SSL *s, unsigned int context, int sent)
|
|||
}
|
||||
|
||||
#ifndef OPENSSL_NO_EC
|
||||
static int init_ec_point_formats(SSL *s, unsigned int context)
|
||||
{
|
||||
OPENSSL_free(s->ext.peer_ecpointformats);
|
||||
s->ext.peer_ecpointformats = NULL;
|
||||
s->ext.peer_ecpointformats_len = 0;
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
static int final_ec_pt_formats(SSL *s, unsigned int context, int sent)
|
||||
{
|
||||
unsigned long alg_k, alg_a;
|
||||
|
@ -1041,18 +1054,18 @@ static int final_ec_pt_formats(SSL *s, unsigned int context, int sent)
|
|||
*/
|
||||
if (s->ext.ecpointformats != NULL
|
||||
&& s->ext.ecpointformats_len > 0
|
||||
&& s->session->ext.ecpointformats != NULL
|
||||
&& s->session->ext.ecpointformats_len > 0
|
||||
&& s->ext.peer_ecpointformats != NULL
|
||||
&& s->ext.peer_ecpointformats_len > 0
|
||||
&& ((alg_k & SSL_kECDHE) || (alg_a & SSL_aECDSA))) {
|
||||
/* we are using an ECC cipher */
|
||||
size_t i;
|
||||
unsigned char *list = s->session->ext.ecpointformats;
|
||||
unsigned char *list = s->ext.peer_ecpointformats;
|
||||
|
||||
for (i = 0; i < s->session->ext.ecpointformats_len; i++) {
|
||||
for (i = 0; i < s->ext.peer_ecpointformats_len; i++) {
|
||||
if (*list++ == TLSEXT_ECPOINTFORMAT_uncompressed)
|
||||
break;
|
||||
}
|
||||
if (i == s->session->ext.ecpointformats_len) {
|
||||
if (i == s->ext.peer_ecpointformats_len) {
|
||||
SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_FINAL_EC_PT_FORMATS,
|
||||
SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST);
|
||||
return 0;
|
||||
|
@ -1137,6 +1150,7 @@ static int init_sig_algs(SSL *s, unsigned int context)
|
|||
/* Clear any signature algorithms extension received */
|
||||
OPENSSL_free(s->s3->tmp.peer_sigalgs);
|
||||
s->s3->tmp.peer_sigalgs = NULL;
|
||||
s->s3->tmp.peer_sigalgslen = 0;
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
@ -1146,6 +1160,7 @@ static int init_sig_algs_cert(SSL *s, unsigned int context)
|
|||
/* Clear any signature algorithms extension received */
|
||||
OPENSSL_free(s->s3->tmp.peer_cert_sigalgs);
|
||||
s->s3->tmp.peer_cert_sigalgs = NULL;
|
||||
s->s3->tmp.peer_cert_sigalgslen = 0;
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
@ -1169,14 +1184,26 @@ static int init_etm(SSL *s, unsigned int context)
|
|||
|
||||
static int init_ems(SSL *s, unsigned int context)
|
||||
{
|
||||
if (!s->server)
|
||||
if (s->s3->flags & TLS1_FLAGS_RECEIVED_EXTMS) {
|
||||
s->s3->flags &= ~TLS1_FLAGS_RECEIVED_EXTMS;
|
||||
s->s3->flags |= TLS1_FLAGS_REQUIRED_EXTMS;
|
||||
}
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
static int final_ems(SSL *s, unsigned int context, int sent)
|
||||
{
|
||||
/*
|
||||
* Check extended master secret extension is not dropped on
|
||||
* renegotiation.
|
||||
*/
|
||||
if (!(s->s3->flags & TLS1_FLAGS_RECEIVED_EXTMS)
|
||||
&& (s->s3->flags & TLS1_FLAGS_REQUIRED_EXTMS)) {
|
||||
SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_FINAL_EMS,
|
||||
SSL_R_INCONSISTENT_EXTMS);
|
||||
return 0;
|
||||
}
|
||||
if (!s->server && s->hit) {
|
||||
/*
|
||||
* Check extended master secret extension is consistent with
|
||||
|
@ -1449,8 +1476,13 @@ int tls_psk_do_binder(SSL *s, const EVP_MD *md, const unsigned char *msgstart,
|
|||
unsigned char hash[EVP_MAX_MD_SIZE], binderkey[EVP_MAX_MD_SIZE];
|
||||
unsigned char finishedkey[EVP_MAX_MD_SIZE], tmpbinder[EVP_MAX_MD_SIZE];
|
||||
unsigned char *early_secret;
|
||||
#ifdef CHARSET_EBCDIC
|
||||
static const unsigned char resumption_label[] = { 0x72, 0x65, 0x73, 0x20, 0x62, 0x69, 0x6E, 0x64, 0x65, 0x72, 0x00 };
|
||||
static const unsigned char external_label[] = { 0x65, 0x78, 0x74, 0x20, 0x62, 0x69, 0x6E, 0x64, 0x65, 0x72, 0x00 };
|
||||
#else
|
||||
static const unsigned char resumption_label[] = "res binder";
|
||||
static const unsigned char external_label[] = "ext binder";
|
||||
#endif
|
||||
const unsigned char *label;
|
||||
size_t bindersize, labelsize, hashsize;
|
||||
int hashsizei = EVP_MD_size(md);
|
||||
|
@ -1646,13 +1678,12 @@ static int final_early_data(SSL *s, unsigned int context, int sent)
|
|||
|
||||
if (s->max_early_data == 0
|
||||
|| !s->hit
|
||||
|| s->session->ext.tick_identity != 0
|
||||
|| s->early_data_state != SSL_EARLY_DATA_ACCEPTING
|
||||
|| !s->ext.early_data_ok
|
||||
|| s->hello_retry_request != SSL_HRR_NONE
|
||||
|| (s->ctx->allow_early_data_cb != NULL
|
||||
&& !s->ctx->allow_early_data_cb(s,
|
||||
s->ctx->allow_early_data_cb_data))) {
|
||||
|| (s->allow_early_data_cb != NULL
|
||||
&& !s->allow_early_data_cb(s,
|
||||
s->allow_early_data_cb_data))) {
|
||||
s->ext.early_data = SSL_EARLY_DATA_REJECTED;
|
||||
} else {
|
||||
s->ext.early_data = SSL_EARLY_DATA_ACCEPTED;
|
||||
|
@ -1698,3 +1729,19 @@ static int init_post_handshake_auth(SSL *s, unsigned int context)
|
|||
|
||||
return 1;
|
||||
}
|
||||
|
||||
/*
|
||||
* If clients offer "pre_shared_key" without a "psk_key_exchange_modes"
|
||||
* extension, servers MUST abort the handshake.
|
||||
*/
|
||||
static int final_psk(SSL *s, unsigned int context, int sent)
|
||||
{
|
||||
if (s->server && sent && s->clienthello != NULL
|
||||
&& !s->clienthello->pre_proc_exts[TLSEXT_IDX_psk_kex_modes].present) {
|
||||
SSLfatal(s, TLS13_AD_MISSING_EXTENSION, SSL_F_FINAL_PSK,
|
||||
SSL_R_MISSING_PSK_KEX_MODES_EXTENSION);
|
||||
return 0;
|
||||
}
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -8,9 +8,9 @@
|
|||
*/
|
||||
|
||||
#include <openssl/ocsp.h>
|
||||
#include "../ssl_locl.h"
|
||||
#include "../ssl_local.h"
|
||||
#include "internal/cryptlib.h"
|
||||
#include "statem_locl.h"
|
||||
#include "statem_local.h"
|
||||
|
||||
EXT_RETURN tls_construct_ctos_renegotiate(SSL *s, WPACKET *pkt,
|
||||
unsigned int context, X509 *x,
|
||||
|
@ -816,6 +816,7 @@ EXT_RETURN tls_construct_ctos_early_data(SSL *s, WPACKET *pkt,
|
|||
OPENSSL_free(s->psksession_id);
|
||||
s->psksession_id = OPENSSL_memdup(id, idlen);
|
||||
if (s->psksession_id == NULL) {
|
||||
s->psksession_id_len = 0;
|
||||
SSLfatal(s, SSL_AD_INTERNAL_ERROR,
|
||||
SSL_F_TLS_CONSTRUCT_CTOS_EARLY_DATA, ERR_R_INTERNAL_ERROR);
|
||||
return EXT_RETURN_FAIL;
|
||||
|
@ -993,7 +994,7 @@ EXT_RETURN tls_construct_ctos_psk(SSL *s, WPACKET *pkt, unsigned int context,
|
|||
const EVP_MD *handmd = NULL, *mdres = NULL, *mdpsk = NULL;
|
||||
int dores = 0;
|
||||
|
||||
s->session->ext.tick_identity = TLSEXT_PSK_BAD_IDENTITY;
|
||||
s->ext.tick_identity = 0;
|
||||
|
||||
/*
|
||||
* Note: At this stage of the code we only support adding a single
|
||||
|
@ -1083,6 +1084,7 @@ EXT_RETURN tls_construct_ctos_psk(SSL *s, WPACKET *pkt, unsigned int context,
|
|||
agems += s->session->ext.tick_age_add;
|
||||
|
||||
reshashsize = EVP_MD_size(mdres);
|
||||
s->ext.tick_identity++;
|
||||
dores = 1;
|
||||
}
|
||||
|
||||
|
@ -1142,6 +1144,7 @@ EXT_RETURN tls_construct_ctos_psk(SSL *s, WPACKET *pkt, unsigned int context,
|
|||
ERR_R_INTERNAL_ERROR);
|
||||
return EXT_RETURN_FAIL;
|
||||
}
|
||||
s->ext.tick_identity++;
|
||||
}
|
||||
|
||||
if (!WPACKET_close(pkt)
|
||||
|
@ -1180,11 +1183,6 @@ EXT_RETURN tls_construct_ctos_psk(SSL *s, WPACKET *pkt, unsigned int context,
|
|||
return EXT_RETURN_FAIL;
|
||||
}
|
||||
|
||||
if (dores)
|
||||
s->session->ext.tick_identity = 0;
|
||||
if (s->psksession != NULL)
|
||||
s->psksession->ext.tick_identity = (dores ? 1 : 0);
|
||||
|
||||
return EXT_RETURN_SENT;
|
||||
#else
|
||||
return EXT_RETURN_NOT_SENT;
|
||||
|
@ -1374,19 +1372,20 @@ int tls_parse_stoc_ec_pt_formats(SSL *s, PACKET *pkt, unsigned int context,
|
|||
return 0;
|
||||
}
|
||||
|
||||
s->session->ext.ecpointformats_len = 0;
|
||||
OPENSSL_free(s->session->ext.ecpointformats);
|
||||
s->session->ext.ecpointformats = OPENSSL_malloc(ecpointformats_len);
|
||||
if (s->session->ext.ecpointformats == NULL) {
|
||||
s->ext.peer_ecpointformats_len = 0;
|
||||
OPENSSL_free(s->ext.peer_ecpointformats);
|
||||
s->ext.peer_ecpointformats = OPENSSL_malloc(ecpointformats_len);
|
||||
if (s->ext.peer_ecpointformats == NULL) {
|
||||
s->ext.peer_ecpointformats_len = 0;
|
||||
SSLfatal(s, SSL_AD_INTERNAL_ERROR,
|
||||
SSL_F_TLS_PARSE_STOC_EC_PT_FORMATS, ERR_R_INTERNAL_ERROR);
|
||||
return 0;
|
||||
}
|
||||
|
||||
s->session->ext.ecpointformats_len = ecpointformats_len;
|
||||
s->ext.peer_ecpointformats_len = ecpointformats_len;
|
||||
|
||||
if (!PACKET_copy_bytes(&ecptformatlist,
|
||||
s->session->ext.ecpointformats,
|
||||
s->ext.peer_ecpointformats,
|
||||
ecpointformats_len)) {
|
||||
SSLfatal(s, SSL_AD_INTERNAL_ERROR,
|
||||
SSL_F_TLS_PARSE_STOC_EC_PT_FORMATS, ERR_R_INTERNAL_ERROR);
|
||||
|
@ -1495,8 +1494,13 @@ int tls_parse_stoc_sct(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
|
|||
s->ext.scts_len = (uint16_t)size;
|
||||
if (size > 0) {
|
||||
s->ext.scts = OPENSSL_malloc(size);
|
||||
if (s->ext.scts == NULL
|
||||
|| !PACKET_copy_bytes(pkt, s->ext.scts, size)) {
|
||||
if (s->ext.scts == NULL) {
|
||||
s->ext.scts_len = 0;
|
||||
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_SCT,
|
||||
ERR_R_MALLOC_FAILURE);
|
||||
return 0;
|
||||
}
|
||||
if (!PACKET_copy_bytes(pkt, s->ext.scts, size)) {
|
||||
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_SCT,
|
||||
ERR_R_INTERNAL_ERROR);
|
||||
return 0;
|
||||
|
@ -1595,6 +1599,7 @@ int tls_parse_stoc_npn(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
|
|||
OPENSSL_free(s->ext.npn);
|
||||
s->ext.npn = OPENSSL_malloc(selected_len);
|
||||
if (s->ext.npn == NULL) {
|
||||
s->ext.npn_len = 0;
|
||||
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_NPN,
|
||||
ERR_R_INTERNAL_ERROR);
|
||||
return 0;
|
||||
|
@ -1635,6 +1640,7 @@ int tls_parse_stoc_alpn(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
|
|||
OPENSSL_free(s->s3->alpn_selected);
|
||||
s->s3->alpn_selected = OPENSSL_malloc(len);
|
||||
if (s->s3->alpn_selected == NULL) {
|
||||
s->s3->alpn_selected_len = 0;
|
||||
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_ALPN,
|
||||
ERR_R_INTERNAL_ERROR);
|
||||
return 0;
|
||||
|
@ -1666,6 +1672,7 @@ int tls_parse_stoc_alpn(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
|
|||
s->session->ext.alpn_selected =
|
||||
OPENSSL_memdup(s->s3->alpn_selected, s->s3->alpn_selected_len);
|
||||
if (s->session->ext.alpn_selected == NULL) {
|
||||
s->session->ext.alpn_selected_len = 0;
|
||||
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_ALPN,
|
||||
ERR_R_INTERNAL_ERROR);
|
||||
return 0;
|
||||
|
@ -1861,8 +1868,8 @@ int tls_parse_stoc_key_share(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
|
|||
return 0;
|
||||
}
|
||||
|
||||
skey = ssl_generate_pkey(ckey);
|
||||
if (skey == NULL) {
|
||||
skey = EVP_PKEY_new();
|
||||
if (skey == NULL || EVP_PKEY_copy_parameters(skey, ckey) <= 0) {
|
||||
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_KEY_SHARE,
|
||||
ERR_R_MALLOC_FAILURE);
|
||||
return 0;
|
||||
|
@ -1927,8 +1934,7 @@ int tls_parse_stoc_early_data(SSL *s, PACKET *pkt, unsigned int context,
|
|||
}
|
||||
|
||||
if (!s->ext.early_data_ok
|
||||
|| !s->hit
|
||||
|| s->session->ext.tick_identity != 0) {
|
||||
|| !s->hit) {
|
||||
/*
|
||||
* If we get here then we didn't send early data, or we didn't resume
|
||||
* using the first identity, or the SNI/ALPN is not consistent so the
|
||||
|
@ -1956,17 +1962,28 @@ int tls_parse_stoc_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
|
|||
return 0;
|
||||
}
|
||||
|
||||
if (s->session->ext.tick_identity == (int)identity) {
|
||||
if (identity >= (unsigned int)s->ext.tick_identity) {
|
||||
SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PARSE_STOC_PSK,
|
||||
SSL_R_BAD_PSK_IDENTITY);
|
||||
return 0;
|
||||
}
|
||||
|
||||
/*
|
||||
* Session resumption tickets are always sent before PSK tickets. If the
|
||||
* ticket index is 0 then it must be for a session resumption ticket if we
|
||||
* sent two tickets, or if we didn't send a PSK ticket.
|
||||
*/
|
||||
if (identity == 0 && (s->psksession == NULL || s->ext.tick_identity == 2)) {
|
||||
s->hit = 1;
|
||||
SSL_SESSION_free(s->psksession);
|
||||
s->psksession = NULL;
|
||||
return 1;
|
||||
}
|
||||
|
||||
if (s->psksession == NULL
|
||||
|| s->psksession->ext.tick_identity != (int)identity) {
|
||||
SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PARSE_STOC_PSK,
|
||||
SSL_R_BAD_PSK_IDENTITY);
|
||||
if (s->psksession == NULL) {
|
||||
/* Should never happen */
|
||||
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_PSK,
|
||||
ERR_R_INTERNAL_ERROR);
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
@ -1985,6 +2002,9 @@ int tls_parse_stoc_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
|
|||
s->session = s->psksession;
|
||||
s->psksession = NULL;
|
||||
s->hit = 1;
|
||||
/* Early data is only allowed if we used the first ticket */
|
||||
if (identity != 0)
|
||||
s->ext.early_data_ok = 0;
|
||||
#endif
|
||||
|
||||
return 1;
|
||||
|
|
|
@ -10,9 +10,9 @@
|
|||
/* Custom extension utility functions */
|
||||
|
||||
#include <openssl/ct.h>
|
||||
#include "../ssl_locl.h"
|
||||
#include "../ssl_local.h"
|
||||
#include "internal/cryptlib.h"
|
||||
#include "statem_locl.h"
|
||||
#include "statem_local.h"
|
||||
|
||||
typedef struct {
|
||||
void *add_arg;
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -8,8 +8,8 @@
|
|||
*/
|
||||
|
||||
#include <openssl/ocsp.h>
|
||||
#include "../ssl_locl.h"
|
||||
#include "statem_locl.h"
|
||||
#include "../ssl_local.h"
|
||||
#include "statem_local.h"
|
||||
#include "internal/cryptlib.h"
|
||||
|
||||
#define COOKIE_STATE_FORMAT_VERSION 0
|
||||
|
@ -127,6 +127,10 @@ int tls_parse_ctos_server_name(SSL *s, PACKET *pkt, unsigned int context,
|
|||
return 0;
|
||||
}
|
||||
|
||||
/*
|
||||
* In TLSv1.2 and below the SNI is associated with the session. In TLSv1.3
|
||||
* we always use the SNI value from the handshake.
|
||||
*/
|
||||
if (!s->hit || SSL_IS_TLS13(s)) {
|
||||
if (PACKET_remaining(&hostname) > TLSEXT_MAXLEN_host_name) {
|
||||
SSLfatal(s, SSL_AD_UNRECOGNIZED_NAME,
|
||||
|
@ -155,8 +159,12 @@ int tls_parse_ctos_server_name(SSL *s, PACKET *pkt, unsigned int context,
|
|||
}
|
||||
|
||||
s->servername_done = 1;
|
||||
}
|
||||
if (s->hit) {
|
||||
} else {
|
||||
/*
|
||||
* In TLSv1.2 and below we should check if the SNI is consistent between
|
||||
* the initial handshake and the resumption. In TLSv1.3 SNI is not
|
||||
* associated with the session.
|
||||
*/
|
||||
/*
|
||||
* TODO(openssl-team): if the SNI doesn't match, we MUST
|
||||
* fall back to a full handshake.
|
||||
|
@ -164,9 +172,6 @@ int tls_parse_ctos_server_name(SSL *s, PACKET *pkt, unsigned int context,
|
|||
s->servername_done = (s->session->ext.hostname != NULL)
|
||||
&& PACKET_equal(&hostname, s->session->ext.hostname,
|
||||
strlen(s->session->ext.hostname));
|
||||
|
||||
if (!s->servername_done && s->session->ext.hostname != NULL)
|
||||
s->ext.early_data_ok = 0;
|
||||
}
|
||||
|
||||
return 1;
|
||||
|
@ -254,8 +259,8 @@ int tls_parse_ctos_ec_pt_formats(SSL *s, PACKET *pkt, unsigned int context,
|
|||
|
||||
if (!s->hit) {
|
||||
if (!PACKET_memdup(&ec_point_format_list,
|
||||
&s->session->ext.ecpointformats,
|
||||
&s->session->ext.ecpointformats_len)) {
|
||||
&s->ext.peer_ecpointformats,
|
||||
&s->ext.peer_ecpointformats_len)) {
|
||||
SSLfatal(s, SSL_AD_INTERNAL_ERROR,
|
||||
SSL_F_TLS_PARSE_CTOS_EC_PT_FORMATS, ERR_R_INTERNAL_ERROR);
|
||||
return 0;
|
||||
|
@ -962,12 +967,12 @@ int tls_parse_ctos_supported_groups(SSL *s, PACKET *pkt, unsigned int context,
|
|||
}
|
||||
|
||||
if (!s->hit || SSL_IS_TLS13(s)) {
|
||||
OPENSSL_free(s->session->ext.supportedgroups);
|
||||
s->session->ext.supportedgroups = NULL;
|
||||
s->session->ext.supportedgroups_len = 0;
|
||||
OPENSSL_free(s->ext.peer_supportedgroups);
|
||||
s->ext.peer_supportedgroups = NULL;
|
||||
s->ext.peer_supportedgroups_len = 0;
|
||||
if (!tls1_save_u16(&supported_groups_list,
|
||||
&s->session->ext.supportedgroups,
|
||||
&s->session->ext.supportedgroups_len)) {
|
||||
&s->ext.peer_supportedgroups,
|
||||
&s->ext.peer_supportedgroups_len)) {
|
||||
SSLfatal(s, SSL_AD_INTERNAL_ERROR,
|
||||
SSL_F_TLS_PARSE_CTOS_SUPPORTED_GROUPS,
|
||||
ERR_R_INTERNAL_ERROR);
|
||||
|
@ -1146,7 +1151,7 @@ int tls_parse_ctos_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
|
|||
if (sesstmp == NULL) {
|
||||
SSLfatal(s, SSL_AD_INTERNAL_ERROR,
|
||||
SSL_F_TLS_PARSE_CTOS_PSK, ERR_R_INTERNAL_ERROR);
|
||||
return 0;
|
||||
goto err;
|
||||
}
|
||||
SSL_SESSION_free(sess);
|
||||
sess = sesstmp;
|
||||
|
@ -1274,7 +1279,7 @@ int tls_parse_ctos_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
|
|||
goto err;
|
||||
}
|
||||
|
||||
sess->ext.tick_identity = id;
|
||||
s->ext.tick_identity = id;
|
||||
|
||||
SSL_SESSION_free(s->session);
|
||||
s->session = sess;
|
||||
|
@ -1330,8 +1335,14 @@ EXT_RETURN tls_construct_stoc_server_name(SSL *s, WPACKET *pkt,
|
|||
unsigned int context, X509 *x,
|
||||
size_t chainidx)
|
||||
{
|
||||
if (s->hit || s->servername_done != 1
|
||||
|| s->ext.hostname == NULL)
|
||||
if (s->servername_done != 1)
|
||||
return EXT_RETURN_NOT_SENT;
|
||||
|
||||
/*
|
||||
* Prior to TLSv1.3 we ignore any SNI in the current handshake if resuming.
|
||||
* We just use the servername from the initial handshake.
|
||||
*/
|
||||
if (s->hit && !SSL_IS_TLS13(s))
|
||||
return EXT_RETURN_NOT_SENT;
|
||||
|
||||
if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_server_name)
|
||||
|
@ -1376,7 +1387,7 @@ EXT_RETURN tls_construct_stoc_ec_pt_formats(SSL *s, WPACKET *pkt,
|
|||
unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
|
||||
unsigned long alg_a = s->s3->tmp.new_cipher->algorithm_auth;
|
||||
int using_ecc = ((alg_k & SSL_kECDHE) || (alg_a & SSL_aECDSA))
|
||||
&& (s->session->ext.ecpointformats != NULL);
|
||||
&& (s->ext.peer_ecpointformats != NULL);
|
||||
const unsigned char *plist;
|
||||
size_t plistlen;
|
||||
|
||||
|
@ -1487,6 +1498,10 @@ EXT_RETURN tls_construct_stoc_status_request(SSL *s, WPACKET *pkt,
|
|||
unsigned int context, X509 *x,
|
||||
size_t chainidx)
|
||||
{
|
||||
/* We don't currently support this extension inside a CertificateRequest */
|
||||
if (context == SSL_EXT_TLS1_3_CERTIFICATE_REQUEST)
|
||||
return EXT_RETURN_NOT_SENT;
|
||||
|
||||
if (!s->ext.status_expected)
|
||||
return EXT_RETURN_NOT_SENT;
|
||||
|
||||
|
@ -1699,6 +1714,13 @@ EXT_RETURN tls_construct_stoc_key_share(SSL *s, WPACKET *pkt,
|
|||
}
|
||||
return EXT_RETURN_NOT_SENT;
|
||||
}
|
||||
if (s->hit && (s->ext.psk_kex_mode & TLSEXT_KEX_MODE_FLAG_KE_DHE) == 0) {
|
||||
/*
|
||||
* PSK ('hit') and explicitly not doing DHE (if the client sent the
|
||||
* DHE option we always take it); don't send key share.
|
||||
*/
|
||||
return EXT_RETURN_NOT_SENT;
|
||||
}
|
||||
|
||||
if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_key_share)
|
||||
|| !WPACKET_start_sub_packet_u16(pkt)
|
||||
|
@ -1948,7 +1970,7 @@ EXT_RETURN tls_construct_stoc_psk(SSL *s, WPACKET *pkt, unsigned int context,
|
|||
|
||||
if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_psk)
|
||||
|| !WPACKET_start_sub_packet_u16(pkt)
|
||||
|| !WPACKET_put_bytes_u16(pkt, s->session->ext.tick_identity)
|
||||
|| !WPACKET_put_bytes_u16(pkt, s->ext.tick_identity)
|
||||
|| !WPACKET_close(pkt)) {
|
||||
SSLfatal(s, SSL_AD_INTERNAL_ERROR,
|
||||
SSL_F_TLS_CONSTRUCT_STOC_PSK, ERR_R_INTERNAL_ERROR);
|
||||
|
|
|
@ -9,8 +9,8 @@
|
|||
|
||||
#include "internal/cryptlib.h"
|
||||
#include <openssl/rand.h>
|
||||
#include "../ssl_locl.h"
|
||||
#include "statem_locl.h"
|
||||
#include "../ssl_local.h"
|
||||
#include "statem_local.h"
|
||||
#include <assert.h>
|
||||
|
||||
/*
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
|
||||
* Copyright 2005 Nokia. All rights reserved.
|
||||
*
|
||||
|
@ -12,8 +12,8 @@
|
|||
#include <stdio.h>
|
||||
#include <time.h>
|
||||
#include <assert.h>
|
||||
#include "../ssl_locl.h"
|
||||
#include "statem_locl.h"
|
||||
#include "../ssl_local.h"
|
||||
#include "statem_local.h"
|
||||
#include <openssl/buffer.h>
|
||||
#include <openssl/rand.h>
|
||||
#include <openssl/objects.h>
|
||||
|
@ -473,12 +473,6 @@ static WRITE_TRAN ossl_statem_client13_write_transition(SSL *s)
|
|||
return WRITE_TRAN_CONTINUE;
|
||||
|
||||
case TLS_ST_CR_KEY_UPDATE:
|
||||
if (s->key_update != SSL_KEY_UPDATE_NONE) {
|
||||
st->hand_state = TLS_ST_CW_KEY_UPDATE;
|
||||
return WRITE_TRAN_CONTINUE;
|
||||
}
|
||||
/* Fall through */
|
||||
|
||||
case TLS_ST_CW_KEY_UPDATE:
|
||||
case TLS_ST_CR_SESSION_TICKET:
|
||||
case TLS_ST_CW_FINISHED:
|
||||
|
@ -1007,7 +1001,8 @@ size_t ossl_statem_client_max_message_size(SSL *s)
|
|||
return CCS_MAX_LENGTH;
|
||||
|
||||
case TLS_ST_CR_SESSION_TICKET:
|
||||
return SSL3_RT_MAX_PLAIN_LENGTH;
|
||||
return (SSL_IS_TLS13(s)) ? SESSION_TICKET_MAX_LENGTH_TLS13
|
||||
: SESSION_TICKET_MAX_LENGTH_TLS12;
|
||||
|
||||
case TLS_ST_CR_FINISHED:
|
||||
return FINISHED_MAX_LENGTH;
|
||||
|
@ -1613,10 +1608,7 @@ MSG_PROCESS_RETURN tls_process_server_hello(SSL *s, PACKET *pkt)
|
|||
* so the PAC-based session secret is always preserved. It'll be
|
||||
* overwritten if the server refuses resumption.
|
||||
*/
|
||||
if (s->session->session_id_length > 0
|
||||
|| (SSL_IS_TLS13(s)
|
||||
&& s->session->ext.tick_identity
|
||||
!= TLSEXT_PSK_BAD_IDENTITY)) {
|
||||
if (s->session->session_id_length > 0) {
|
||||
tsan_counter(&s->session_ctx->stats.sess_miss);
|
||||
if (!ssl_get_new_session(s, 0)) {
|
||||
/* SSLfatal() already called */
|
||||
|
@ -1969,7 +1961,6 @@ MSG_PROCESS_RETURN tls_process_server_certificate(SSL *s, PACKET *pkt)
|
|||
goto err;
|
||||
}
|
||||
}
|
||||
s->session->peer_type = certidx;
|
||||
|
||||
X509_free(s->session->peer);
|
||||
X509_up_ref(x);
|
||||
|
@ -2154,17 +2145,19 @@ static int tls_process_ske_dhe(SSL *s, PACKET *pkt, EVP_PKEY **pkey)
|
|||
}
|
||||
bnpub_key = NULL;
|
||||
|
||||
if (!ssl_security(s, SSL_SECOP_TMP_DH, DH_security_bits(dh), 0, dh)) {
|
||||
SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_TLS_PROCESS_SKE_DHE,
|
||||
SSL_R_DH_KEY_TOO_SMALL);
|
||||
goto err;
|
||||
}
|
||||
|
||||
if (EVP_PKEY_assign_DH(peer_tmp, dh) == 0) {
|
||||
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_SKE_DHE,
|
||||
ERR_R_EVP_LIB);
|
||||
goto err;
|
||||
}
|
||||
dh = NULL;
|
||||
|
||||
if (!ssl_security(s, SSL_SECOP_TMP_DH, EVP_PKEY_security_bits(peer_tmp),
|
||||
0, peer_tmp)) {
|
||||
SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_TLS_PROCESS_SKE_DHE,
|
||||
SSL_R_DH_KEY_TOO_SMALL);
|
||||
goto err;
|
||||
}
|
||||
|
||||
s->s3->peer_tmp = peer_tmp;
|
||||
|
||||
|
@ -2470,6 +2463,7 @@ MSG_PROCESS_RETURN tls_process_certificate_request(SSL *s, PACKET *pkt)
|
|||
s->s3->tmp.ctype_len = 0;
|
||||
OPENSSL_free(s->pha_context);
|
||||
s->pha_context = NULL;
|
||||
s->pha_context_len = 0;
|
||||
|
||||
if (!PACKET_get_length_prefixed_1(pkt, &reqctx) ||
|
||||
!PACKET_memdup(&reqctx, &s->pha_context, &s->pha_context_len)) {
|
||||
|
@ -2779,16 +2773,17 @@ int tls_process_cert_status_body(SSL *s, PACKET *pkt)
|
|||
}
|
||||
s->ext.ocsp.resp = OPENSSL_malloc(resplen);
|
||||
if (s->ext.ocsp.resp == NULL) {
|
||||
s->ext.ocsp.resp_len = 0;
|
||||
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CERT_STATUS_BODY,
|
||||
ERR_R_MALLOC_FAILURE);
|
||||
return 0;
|
||||
}
|
||||
s->ext.ocsp.resp_len = resplen;
|
||||
if (!PACKET_copy_bytes(pkt, s->ext.ocsp.resp, resplen)) {
|
||||
SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CERT_STATUS_BODY,
|
||||
SSL_R_LENGTH_MISMATCH);
|
||||
return 0;
|
||||
}
|
||||
s->ext.ocsp.resp_len = resplen;
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
@ -2839,7 +2834,7 @@ int tls_process_initial_server_flight(SSL *s)
|
|||
if (ret < 0) {
|
||||
SSLfatal(s, SSL_AD_INTERNAL_ERROR,
|
||||
SSL_F_TLS_PROCESS_INITIAL_SERVER_FLIGHT,
|
||||
ERR_R_MALLOC_FAILURE);
|
||||
SSL_R_OCSP_CALLBACK_FAILURE);
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
|
@ -2913,6 +2908,7 @@ static int tls_construct_cke_psk_preamble(SSL *s, WPACKET *pkt)
|
|||
if (psklen > PSK_MAX_PSK_LEN) {
|
||||
SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
|
||||
SSL_F_TLS_CONSTRUCT_CKE_PSK_PREAMBLE, ERR_R_INTERNAL_ERROR);
|
||||
psklen = PSK_MAX_PSK_LEN; /* Avoid overrunning the array on cleanse */
|
||||
goto err;
|
||||
} else if (psklen == 0) {
|
||||
SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
|
||||
|
@ -3358,9 +3354,11 @@ int tls_construct_client_key_exchange(SSL *s, WPACKET *pkt)
|
|||
err:
|
||||
OPENSSL_clear_free(s->s3->tmp.pms, s->s3->tmp.pmslen);
|
||||
s->s3->tmp.pms = NULL;
|
||||
s->s3->tmp.pmslen = 0;
|
||||
#ifndef OPENSSL_NO_PSK
|
||||
OPENSSL_clear_free(s->s3->tmp.psk, s->s3->tmp.psklen);
|
||||
s->s3->tmp.psk = NULL;
|
||||
s->s3->tmp.psklen = 0;
|
||||
#endif
|
||||
return 0;
|
||||
}
|
||||
|
@ -3435,6 +3433,7 @@ int tls_client_key_exchange_post_work(SSL *s)
|
|||
err:
|
||||
OPENSSL_clear_free(pms, pmslen);
|
||||
s->s3->tmp.pms = NULL;
|
||||
s->s3->tmp.pmslen = 0;
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
|
|
@ -10,8 +10,8 @@
|
|||
#include <limits.h>
|
||||
#include <string.h>
|
||||
#include <stdio.h>
|
||||
#include "../ssl_locl.h"
|
||||
#include "statem_locl.h"
|
||||
#include "../ssl_local.h"
|
||||
#include "statem_local.h"
|
||||
#include "internal/cryptlib.h"
|
||||
#include <openssl/buffer.h>
|
||||
#include <openssl/objects.h>
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
|
@ -11,8 +11,8 @@
|
|||
#include <limits.h>
|
||||
#include <string.h>
|
||||
#include <stdio.h>
|
||||
#include "../ssl_locl.h"
|
||||
#include "statem_locl.h"
|
||||
#include "../ssl_local.h"
|
||||
#include "statem_local.h"
|
||||
#include "internal/cryptlib.h"
|
||||
#include <openssl/buffer.h>
|
||||
#include <openssl/objects.h>
|
||||
|
@ -168,9 +168,19 @@ int tls_setup_handshake(SSL *s)
|
|||
static int get_cert_verify_tbs_data(SSL *s, unsigned char *tls13tbs,
|
||||
void **hdata, size_t *hdatalen)
|
||||
{
|
||||
static const char *servercontext = "TLS 1.3, server CertificateVerify";
|
||||
static const char *clientcontext = "TLS 1.3, client CertificateVerify";
|
||||
|
||||
#ifdef CHARSET_EBCDIC
|
||||
static const char servercontext[] = { 0x54, 0x4c, 0x53, 0x20, 0x31, 0x2e,
|
||||
0x33, 0x2c, 0x20, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x43, 0x65,
|
||||
0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x56, 0x65, 0x72,
|
||||
0x69, 0x66, 0x79, 0x00 };
|
||||
static const char clientcontext[] = { 0x54, 0x4c, 0x53, 0x20, 0x31, 0x2e,
|
||||
0x33, 0x2c, 0x20, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x20, 0x43, 0x65,
|
||||
0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x56, 0x65, 0x72,
|
||||
0x69, 0x66, 0x79, 0x00 };
|
||||
#else
|
||||
static const char servercontext[] = "TLS 1.3, server CertificateVerify";
|
||||
static const char clientcontext[] = "TLS 1.3, client CertificateVerify";
|
||||
#endif
|
||||
if (SSL_IS_TLS13(s)) {
|
||||
size_t hashlen;
|
||||
|
||||
|
@ -645,12 +655,9 @@ MSG_PROCESS_RETURN tls_process_key_update(SSL *s, PACKET *pkt)
|
|||
/*
|
||||
* If we get a request for us to update our sending keys too then, we need
|
||||
* to additionally send a KeyUpdate message. However that message should
|
||||
* not also request an update (otherwise we get into an infinite loop). We
|
||||
* ignore a request for us to update our sending keys too if we already
|
||||
* sent close_notify.
|
||||
* not also request an update (otherwise we get into an infinite loop).
|
||||
*/
|
||||
if (updatetype == SSL_KEY_UPDATE_REQUESTED
|
||||
&& (s->shutdown & SSL_SENT_SHUTDOWN) == 0)
|
||||
if (updatetype == SSL_KEY_UPDATE_REQUESTED)
|
||||
s->key_update = SSL_KEY_UPDATE_NOT_REQUESTED;
|
||||
|
||||
if (!tls13_update_key(s, 0)) {
|
||||
|
@ -837,9 +844,11 @@ MSG_PROCESS_RETURN tls_process_finished(SSL *s, PACKET *pkt)
|
|||
return MSG_PROCESS_ERROR;
|
||||
}
|
||||
} else {
|
||||
/* TLS 1.3 gets the secret size from the handshake md */
|
||||
size_t dummy;
|
||||
if (!s->method->ssl3_enc->generate_master_secret(s,
|
||||
s->master_secret, s->handshake_secret, 0,
|
||||
&s->session->master_key_length)) {
|
||||
&dummy)) {
|
||||
/* SSLfatal() already called */
|
||||
return MSG_PROCESS_ERROR;
|
||||
}
|
||||
|
@ -1026,14 +1035,25 @@ WORK_STATE tls_finish_handshake(SSL *s, WORK_STATE wst, int clearbufs, int stop)
|
|||
int cleanuphand = s->statem.cleanuphand;
|
||||
|
||||
if (clearbufs) {
|
||||
if (!SSL_IS_DTLS(s)) {
|
||||
if (!SSL_IS_DTLS(s)
|
||||
#ifndef OPENSSL_NO_SCTP
|
||||
/*
|
||||
* We don't do this in DTLS because we may still need the init_buf
|
||||
* RFC6083: SCTP provides a reliable and in-sequence transport service for DTLS
|
||||
* messages that require it. Therefore, DTLS procedures for retransmissions
|
||||
* MUST NOT be used.
|
||||
* Hence the init_buf can be cleared when DTLS over SCTP as transport is used.
|
||||
*/
|
||||
|| BIO_dgram_is_sctp(SSL_get_wbio(s))
|
||||
#endif
|
||||
) {
|
||||
/*
|
||||
* We don't do this in DTLS over UDP because we may still need the init_buf
|
||||
* in case there are any unexpected retransmits
|
||||
*/
|
||||
BUF_MEM_free(s->init_buf);
|
||||
s->init_buf = NULL;
|
||||
}
|
||||
|
||||
if (!ssl_free_wbio_buffer(s)) {
|
||||
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_FINISH_HANDSHAKE,
|
||||
ERR_R_INTERNAL_ERROR);
|
||||
|
@ -1321,6 +1341,7 @@ int tls_get_message_body(SSL *s, size_t *len)
|
|||
static const X509ERR2ALERT x509table[] = {
|
||||
{X509_V_ERR_APPLICATION_VERIFICATION, SSL_AD_HANDSHAKE_FAILURE},
|
||||
{X509_V_ERR_CA_KEY_TOO_SMALL, SSL_AD_BAD_CERTIFICATE},
|
||||
{X509_V_ERR_EC_KEY_EXPLICIT_PARAMS, SSL_AD_BAD_CERTIFICATE},
|
||||
{X509_V_ERR_CA_MD_TOO_WEAK, SSL_AD_BAD_CERTIFICATE},
|
||||
{X509_V_ERR_CERT_CHAIN_TOO_LONG, SSL_AD_UNKNOWN_CA},
|
||||
{X509_V_ERR_CERT_HAS_EXPIRED, SSL_AD_CERTIFICATE_EXPIRED},
|
||||
|
@ -1483,8 +1504,8 @@ static int ssl_method_error(const SSL *s, const SSL_METHOD *method)
|
|||
|
||||
/*
|
||||
* Only called by servers. Returns 1 if the server has a TLSv1.3 capable
|
||||
* certificate type, or has PSK or a certificate callback configured. Otherwise
|
||||
* returns 0.
|
||||
* certificate type, or has PSK or a certificate callback configured, or has
|
||||
* a servername callback configured. Otherwise returns 0.
|
||||
*/
|
||||
static int is_tls13_capable(const SSL *s)
|
||||
{
|
||||
|
@ -1494,6 +1515,17 @@ static int is_tls13_capable(const SSL *s)
|
|||
EC_KEY *eckey;
|
||||
#endif
|
||||
|
||||
if (!ossl_assert(s->ctx != NULL) || !ossl_assert(s->session_ctx != NULL))
|
||||
return 0;
|
||||
|
||||
/*
|
||||
* A servername callback can change the available certs, so if a servername
|
||||
* cb is set then we just assume TLSv1.3 will be ok
|
||||
*/
|
||||
if (s->ctx->ext.servername_cb != NULL
|
||||
|| s->session_ctx->ext.servername_cb != NULL)
|
||||
return 1;
|
||||
|
||||
#ifndef OPENSSL_NO_PSK
|
||||
if (s->psk_server_callback != NULL)
|
||||
return 1;
|
||||
|
@ -1636,11 +1668,22 @@ int ssl_check_version_downgrade(SSL *s)
|
|||
*/
|
||||
int ssl_set_version_bound(int method_version, int version, int *bound)
|
||||
{
|
||||
int valid_tls;
|
||||
int valid_dtls;
|
||||
|
||||
if (version == 0) {
|
||||
*bound = version;
|
||||
return 1;
|
||||
}
|
||||
|
||||
valid_tls = version >= SSL3_VERSION && version <= TLS_MAX_VERSION;
|
||||
valid_dtls =
|
||||
DTLS_VERSION_LE(version, DTLS_MAX_VERSION) &&
|
||||
DTLS_VERSION_GE(version, DTLS1_BAD_VER);
|
||||
|
||||
if (!valid_tls && !valid_dtls)
|
||||
return 0;
|
||||
|
||||
/*-
|
||||
* Restrict TLS methods to TLS protocol versions.
|
||||
* Restrict DTLS methods to DTLS protocol versions.
|
||||
|
@ -1651,31 +1694,24 @@ int ssl_set_version_bound(int method_version, int version, int *bound)
|
|||
* configurations. If the MIN (supported) version ever rises, the user's
|
||||
* "floor" remains valid even if no longer available. We don't expect the
|
||||
* MAX ceiling to ever get lower, so making that variable makes sense.
|
||||
*
|
||||
* We ignore attempts to set bounds on version-inflexible methods,
|
||||
* returning success.
|
||||
*/
|
||||
switch (method_version) {
|
||||
default:
|
||||
/*
|
||||
* XXX For fixed version methods, should we always fail and not set any
|
||||
* bounds, always succeed and not set any bounds, or set the bounds and
|
||||
* arrange to fail later if they are not met? At present fixed-version
|
||||
* methods are not subject to controls that disable individual protocol
|
||||
* versions.
|
||||
*/
|
||||
return 0;
|
||||
break;
|
||||
|
||||
case TLS_ANY_VERSION:
|
||||
if (version < SSL3_VERSION || version > TLS_MAX_VERSION)
|
||||
return 0;
|
||||
if (valid_tls)
|
||||
*bound = version;
|
||||
break;
|
||||
|
||||
case DTLS_ANY_VERSION:
|
||||
if (DTLS_VERSION_GT(version, DTLS_MAX_VERSION) ||
|
||||
DTLS_VERSION_LT(version, DTLS1_BAD_VER))
|
||||
return 0;
|
||||
if (valid_dtls)
|
||||
*bound = version;
|
||||
break;
|
||||
}
|
||||
|
||||
*bound = version;
|
||||
return 1;
|
||||
}
|
||||
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -22,6 +22,8 @@
|
|||
#define SERVER_HELLO_MAX_LENGTH 20000
|
||||
#define HELLO_RETRY_REQUEST_MAX_LENGTH 20000
|
||||
#define ENCRYPTED_EXTENSIONS_MAX_LENGTH 20000
|
||||
#define SESSION_TICKET_MAX_LENGTH_TLS13 131338
|
||||
#define SESSION_TICKET_MAX_LENGTH_TLS12 65541
|
||||
#define SERVER_KEY_EXCH_MAX_LENGTH 102400
|
||||
#define SERVER_HELLO_DONE_MAX_LENGTH 0
|
||||
#define KEY_UPDATE_MAX_LENGTH 1
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
|
||||
* Copyright 2005 Nokia. All rights reserved.
|
||||
*
|
||||
|
@ -10,9 +10,9 @@
|
|||
*/
|
||||
|
||||
#include <stdio.h>
|
||||
#include "../ssl_locl.h"
|
||||
#include "statem_locl.h"
|
||||
#include "internal/constant_time_locl.h"
|
||||
#include "../ssl_local.h"
|
||||
#include "statem_local.h"
|
||||
#include "internal/constant_time.h"
|
||||
#include "internal/cryptlib.h"
|
||||
#include <openssl/buffer.h>
|
||||
#include <openssl/rand.h>
|
||||
|
@ -23,9 +23,24 @@
|
|||
#include <openssl/dh.h>
|
||||
#include <openssl/bn.h>
|
||||
#include <openssl/md5.h>
|
||||
#include <openssl/asn1t.h>
|
||||
|
||||
#define TICKET_NONCE_SIZE 8
|
||||
|
||||
typedef struct {
|
||||
ASN1_TYPE *kxBlob;
|
||||
ASN1_TYPE *opaqueBlob;
|
||||
} GOST_KX_MESSAGE;
|
||||
|
||||
DECLARE_ASN1_FUNCTIONS(GOST_KX_MESSAGE)
|
||||
|
||||
ASN1_SEQUENCE(GOST_KX_MESSAGE) = {
|
||||
ASN1_SIMPLE(GOST_KX_MESSAGE, kxBlob, ASN1_ANY),
|
||||
ASN1_OPT(GOST_KX_MESSAGE, opaqueBlob, ASN1_ANY),
|
||||
} ASN1_SEQUENCE_END(GOST_KX_MESSAGE)
|
||||
|
||||
IMPLEMENT_ASN1_FUNCTIONS(GOST_KX_MESSAGE)
|
||||
|
||||
static int tls_construct_encrypted_extensions(SSL *s, WPACKET *pkt);
|
||||
|
||||
/*
|
||||
|
@ -502,12 +517,6 @@ static WRITE_TRAN ossl_statem_server13_write_transition(SSL *s)
|
|||
return WRITE_TRAN_CONTINUE;
|
||||
|
||||
case TLS_ST_SR_KEY_UPDATE:
|
||||
if (s->key_update != SSL_KEY_UPDATE_NONE) {
|
||||
st->hand_state = TLS_ST_SW_KEY_UPDATE;
|
||||
return WRITE_TRAN_CONTINUE;
|
||||
}
|
||||
/* Fall through */
|
||||
|
||||
case TLS_ST_SW_KEY_UPDATE:
|
||||
st->hand_state = TLS_ST_OK;
|
||||
return WRITE_TRAN_CONTINUE;
|
||||
|
@ -734,7 +743,15 @@ WORK_STATE ossl_statem_server_pre_work(SSL *s, WORK_STATE wst)
|
|||
case TLS_ST_SW_CHANGE:
|
||||
if (SSL_IS_TLS13(s))
|
||||
break;
|
||||
s->session->cipher = s->s3->tmp.new_cipher;
|
||||
/* Writes to s->session are only safe for initial handshakes */
|
||||
if (s->session->cipher == NULL) {
|
||||
s->session->cipher = s->s3->tmp.new_cipher;
|
||||
} else if (s->session->cipher != s->s3->tmp.new_cipher) {
|
||||
SSLfatal(s, SSL_AD_INTERNAL_ERROR,
|
||||
SSL_F_OSSL_STATEM_SERVER_PRE_WORK,
|
||||
ERR_R_INTERNAL_ERROR);
|
||||
return WORK_ERROR;
|
||||
}
|
||||
if (!s->method->ssl3_enc->setup_key_block(s)) {
|
||||
/* SSLfatal() already called */
|
||||
return WORK_ERROR;
|
||||
|
@ -774,6 +791,10 @@ static ossl_inline int conn_is_closed(void)
|
|||
#if defined(ECONNRESET)
|
||||
case ECONNRESET:
|
||||
return 1;
|
||||
#endif
|
||||
#if defined(WSAECONNRESET)
|
||||
case WSAECONNRESET:
|
||||
return 1;
|
||||
#endif
|
||||
default:
|
||||
return 0;
|
||||
|
@ -934,9 +955,11 @@ WORK_STATE ossl_statem_server_post_work(SSL *s, WORK_STATE wst)
|
|||
}
|
||||
#endif
|
||||
if (SSL_IS_TLS13(s)) {
|
||||
/* TLS 1.3 gets the secret size from the handshake md */
|
||||
size_t dummy;
|
||||
if (!s->method->ssl3_enc->generate_master_secret(s,
|
||||
s->master_secret, s->handshake_secret, 0,
|
||||
&s->session->master_key_length)
|
||||
&dummy)
|
||||
|| !s->method->ssl3_enc->change_cipher_state(s,
|
||||
SSL3_CC_APPLICATION | SSL3_CHANGE_CIPHER_SERVER_WRITE))
|
||||
/* SSLfatal() already called */
|
||||
|
@ -1923,14 +1946,14 @@ static int tls_early_post_process_client_hello(SSL *s)
|
|||
&& master_key_length > 0) {
|
||||
s->session->master_key_length = master_key_length;
|
||||
s->hit = 1;
|
||||
s->session->ciphers = ciphers;
|
||||
s->peer_ciphers = ciphers;
|
||||
s->session->verify_result = X509_V_OK;
|
||||
|
||||
ciphers = NULL;
|
||||
|
||||
/* check if some cipher was preferred by call back */
|
||||
if (pref_cipher == NULL)
|
||||
pref_cipher = ssl3_choose_cipher(s, s->session->ciphers,
|
||||
pref_cipher = ssl3_choose_cipher(s, s->peer_ciphers,
|
||||
SSL_get_ciphers(s));
|
||||
if (pref_cipher == NULL) {
|
||||
SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
|
||||
|
@ -1941,9 +1964,9 @@ static int tls_early_post_process_client_hello(SSL *s)
|
|||
|
||||
s->session->cipher = pref_cipher;
|
||||
sk_SSL_CIPHER_free(s->cipher_list);
|
||||
s->cipher_list = sk_SSL_CIPHER_dup(s->session->ciphers);
|
||||
s->cipher_list = sk_SSL_CIPHER_dup(s->peer_ciphers);
|
||||
sk_SSL_CIPHER_free(s->cipher_list_by_id);
|
||||
s->cipher_list_by_id = sk_SSL_CIPHER_dup(s->session->ciphers);
|
||||
s->cipher_list_by_id = sk_SSL_CIPHER_dup(s->peer_ciphers);
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -2043,12 +2066,12 @@ static int tls_early_post_process_client_hello(SSL *s)
|
|||
#endif
|
||||
|
||||
/*
|
||||
* Given s->session->ciphers and SSL_get_ciphers, we must pick a cipher
|
||||
* Given s->peer_ciphers and SSL_get_ciphers, we must pick a cipher
|
||||
*/
|
||||
|
||||
if (!s->hit || SSL_IS_TLS13(s)) {
|
||||
sk_SSL_CIPHER_free(s->session->ciphers);
|
||||
s->session->ciphers = ciphers;
|
||||
sk_SSL_CIPHER_free(s->peer_ciphers);
|
||||
s->peer_ciphers = ciphers;
|
||||
if (ciphers == NULL) {
|
||||
SSLfatal(s, SSL_AD_INTERNAL_ERROR,
|
||||
SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO,
|
||||
|
@ -2064,6 +2087,10 @@ static int tls_early_post_process_client_hello(SSL *s)
|
|||
#else
|
||||
s->session->compress_meth = (comp == NULL) ? 0 : comp->id;
|
||||
#endif
|
||||
if (!tls1_set_server_sigalgs(s)) {
|
||||
/* SSLfatal() already called */
|
||||
goto err;
|
||||
}
|
||||
}
|
||||
|
||||
sk_SSL_CIPHER_free(ciphers);
|
||||
|
@ -2151,6 +2178,7 @@ int tls_handle_alpn(SSL *s)
|
|||
OPENSSL_free(s->s3->alpn_selected);
|
||||
s->s3->alpn_selected = OPENSSL_memdup(selected, selected_len);
|
||||
if (s->s3->alpn_selected == NULL) {
|
||||
s->s3->alpn_selected_len = 0;
|
||||
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_HANDLE_ALPN,
|
||||
ERR_R_INTERNAL_ERROR);
|
||||
return 0;
|
||||
|
@ -2231,31 +2259,25 @@ WORK_STATE tls_post_process_client_hello(SSL *s, WORK_STATE wst)
|
|||
if (wst == WORK_MORE_B) {
|
||||
if (!s->hit || SSL_IS_TLS13(s)) {
|
||||
/* Let cert callback update server certificates if required */
|
||||
if (!s->hit) {
|
||||
if (s->cert->cert_cb != NULL) {
|
||||
int rv = s->cert->cert_cb(s, s->cert->cert_cb_arg);
|
||||
if (rv == 0) {
|
||||
SSLfatal(s, SSL_AD_INTERNAL_ERROR,
|
||||
SSL_F_TLS_POST_PROCESS_CLIENT_HELLO,
|
||||
SSL_R_CERT_CB_ERROR);
|
||||
goto err;
|
||||
}
|
||||
if (rv < 0) {
|
||||
s->rwstate = SSL_X509_LOOKUP;
|
||||
return WORK_MORE_B;
|
||||
}
|
||||
s->rwstate = SSL_NOTHING;
|
||||
}
|
||||
if (!tls1_set_server_sigalgs(s)) {
|
||||
/* SSLfatal already called */
|
||||
if (!s->hit && s->cert->cert_cb != NULL) {
|
||||
int rv = s->cert->cert_cb(s, s->cert->cert_cb_arg);
|
||||
if (rv == 0) {
|
||||
SSLfatal(s, SSL_AD_INTERNAL_ERROR,
|
||||
SSL_F_TLS_POST_PROCESS_CLIENT_HELLO,
|
||||
SSL_R_CERT_CB_ERROR);
|
||||
goto err;
|
||||
}
|
||||
if (rv < 0) {
|
||||
s->rwstate = SSL_X509_LOOKUP;
|
||||
return WORK_MORE_B;
|
||||
}
|
||||
s->rwstate = SSL_NOTHING;
|
||||
}
|
||||
|
||||
/* In TLSv1.3 we selected the ciphersuite before resumption */
|
||||
if (!SSL_IS_TLS13(s)) {
|
||||
cipher =
|
||||
ssl3_choose_cipher(s, s->session->ciphers, SSL_get_ciphers(s));
|
||||
ssl3_choose_cipher(s, s->peer_ciphers, SSL_get_ciphers(s));
|
||||
|
||||
if (cipher == NULL) {
|
||||
SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
|
||||
|
@ -2556,7 +2578,7 @@ int tls_construct_server_key_exchange(SSL *s, WPACKET *pkt)
|
|||
|
||||
s->s3->tmp.pkey = ssl_generate_pkey(pkdhp);
|
||||
if (s->s3->tmp.pkey == NULL) {
|
||||
/* SSLfatal() already called */
|
||||
SSLfatal(s, SSL_AD_INTERNAL_ERROR, 0, ERR_R_INTERNAL_ERROR);
|
||||
goto err;
|
||||
}
|
||||
|
||||
|
@ -2832,9 +2854,16 @@ int tls_construct_certificate_request(SSL *s, WPACKET *pkt)
|
|||
if (s->post_handshake_auth == SSL_PHA_REQUEST_PENDING) {
|
||||
OPENSSL_free(s->pha_context);
|
||||
s->pha_context_len = 32;
|
||||
if ((s->pha_context = OPENSSL_malloc(s->pha_context_len)) == NULL
|
||||
|| RAND_bytes(s->pha_context, s->pha_context_len) <= 0
|
||||
|| !WPACKET_sub_memcpy_u8(pkt, s->pha_context, s->pha_context_len)) {
|
||||
if ((s->pha_context = OPENSSL_malloc(s->pha_context_len)) == NULL) {
|
||||
s->pha_context_len = 0;
|
||||
SSLfatal(s, SSL_AD_INTERNAL_ERROR,
|
||||
SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST,
|
||||
ERR_R_INTERNAL_ERROR);
|
||||
return 0;
|
||||
}
|
||||
if (RAND_bytes(s->pha_context, s->pha_context_len) <= 0
|
||||
|| !WPACKET_sub_memcpy_u8(pkt, s->pha_context,
|
||||
s->pha_context_len)) {
|
||||
SSLfatal(s, SSL_AD_INTERNAL_ERROR,
|
||||
SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST,
|
||||
ERR_R_INTERNAL_ERROR);
|
||||
|
@ -2948,6 +2977,7 @@ static int tls_process_cke_psk_preamble(SSL *s, PACKET *pkt)
|
|||
OPENSSL_cleanse(psk, psklen);
|
||||
|
||||
if (s->s3->tmp.psk == NULL) {
|
||||
s->s3->tmp.psklen = 0;
|
||||
SSLfatal(s, SSL_AD_INTERNAL_ERROR,
|
||||
SSL_F_TLS_PROCESS_CKE_PSK_PREAMBLE, ERR_R_MALLOC_FAILURE);
|
||||
return 0;
|
||||
|
@ -3324,9 +3354,9 @@ static int tls_process_cke_gost(SSL *s, PACKET *pkt)
|
|||
const unsigned char *start;
|
||||
size_t outlen = 32, inlen;
|
||||
unsigned long alg_a;
|
||||
unsigned int asn1id, asn1len;
|
||||
GOST_KX_MESSAGE *pKX = NULL;
|
||||
const unsigned char *ptr;
|
||||
int ret = 0;
|
||||
PACKET encdata;
|
||||
|
||||
/* Get our certificate private key */
|
||||
alg_a = s->s3->tmp.new_cipher->algorithm_auth;
|
||||
|
@ -3367,42 +3397,33 @@ static int tls_process_cke_gost(SSL *s, PACKET *pkt)
|
|||
if (EVP_PKEY_derive_set_peer(pkey_ctx, client_pub_pkey) <= 0)
|
||||
ERR_clear_error();
|
||||
}
|
||||
/* Decrypt session key */
|
||||
if (!PACKET_get_1(pkt, &asn1id)
|
||||
|| asn1id != (V_ASN1_SEQUENCE | V_ASN1_CONSTRUCTED)
|
||||
|| !PACKET_peek_1(pkt, &asn1len)) {
|
||||
SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CKE_GOST,
|
||||
SSL_R_DECRYPTION_FAILED);
|
||||
goto err;
|
||||
}
|
||||
if (asn1len == 0x81) {
|
||||
/*
|
||||
* Long form length. Should only be one byte of length. Anything else
|
||||
* isn't supported.
|
||||
* We did a successful peek before so this shouldn't fail
|
||||
*/
|
||||
if (!PACKET_forward(pkt, 1)) {
|
||||
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_GOST,
|
||||
SSL_R_DECRYPTION_FAILED);
|
||||
goto err;
|
||||
}
|
||||
} else if (asn1len >= 0x80) {
|
||||
/*
|
||||
* Indefinite length, or more than one long form length bytes. We don't
|
||||
* support it
|
||||
*/
|
||||
SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CKE_GOST,
|
||||
SSL_R_DECRYPTION_FAILED);
|
||||
goto err;
|
||||
} /* else short form length */
|
||||
|
||||
if (!PACKET_as_length_prefixed_1(pkt, &encdata)) {
|
||||
SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CKE_GOST,
|
||||
ptr = PACKET_data(pkt);
|
||||
/* Some implementations provide extra data in the opaqueBlob
|
||||
* We have nothing to do with this blob so we just skip it */
|
||||
pKX = d2i_GOST_KX_MESSAGE(NULL, &ptr, PACKET_remaining(pkt));
|
||||
if (pKX == NULL
|
||||
|| pKX->kxBlob == NULL
|
||||
|| ASN1_TYPE_get(pKX->kxBlob) != V_ASN1_SEQUENCE) {
|
||||
SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CKE_GOST,
|
||||
SSL_R_DECRYPTION_FAILED);
|
||||
goto err;
|
||||
}
|
||||
|
||||
if (!PACKET_forward(pkt, ptr - PACKET_data(pkt))) {
|
||||
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_GOST,
|
||||
SSL_R_DECRYPTION_FAILED);
|
||||
goto err;
|
||||
}
|
||||
inlen = PACKET_remaining(&encdata);
|
||||
start = PACKET_data(&encdata);
|
||||
|
||||
if (PACKET_remaining(pkt) != 0) {
|
||||
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_GOST,
|
||||
SSL_R_DECRYPTION_FAILED);
|
||||
goto err;
|
||||
}
|
||||
|
||||
inlen = pKX->kxBlob->value.sequence->length;
|
||||
start = pKX->kxBlob->value.sequence->data;
|
||||
|
||||
if (EVP_PKEY_decrypt(pkey_ctx, premaster_secret, &outlen, start,
|
||||
inlen) <= 0) {
|
||||
|
@ -3424,6 +3445,7 @@ static int tls_process_cke_gost(SSL *s, PACKET *pkt)
|
|||
ret = 1;
|
||||
err:
|
||||
EVP_PKEY_CTX_free(pkey_ctx);
|
||||
GOST_KX_MESSAGE_free(pKX);
|
||||
return ret;
|
||||
#else
|
||||
/* Should never happen */
|
||||
|
@ -3495,6 +3517,7 @@ MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt)
|
|||
#ifndef OPENSSL_NO_PSK
|
||||
OPENSSL_clear_free(s->s3->tmp.psk, s->s3->tmp.psklen);
|
||||
s->s3->tmp.psk = NULL;
|
||||
s->s3->tmp.psklen = 0;
|
||||
#endif
|
||||
return MSG_PROCESS_ERROR;
|
||||
}
|
||||
|
@ -3730,6 +3753,7 @@ MSG_PROCESS_RETURN tls_process_client_certificate(SSL *s, PACKET *pkt)
|
|||
|
||||
sk_X509_pop_free(s->session->peer_chain, X509_free);
|
||||
s->session->peer_chain = sk;
|
||||
sk = NULL;
|
||||
|
||||
/*
|
||||
* Freeze the handshake buffer. For <TLS1.3 we do this after the CKE
|
||||
|
@ -3744,7 +3768,6 @@ MSG_PROCESS_RETURN tls_process_client_certificate(SSL *s, PACKET *pkt)
|
|||
* Inconsistency alert: cert_chain does *not* include the peer's own
|
||||
* certificate, while we do include it in statem_clnt.c
|
||||
*/
|
||||
sk = NULL;
|
||||
|
||||
/* Save the current hash state for when we receive the CertificateVerify */
|
||||
if (SSL_IS_TLS13(s)) {
|
||||
|
@ -4104,6 +4127,7 @@ int tls_construct_new_session_ticket(SSL *s, WPACKET *pkt)
|
|||
s->session->ext.alpn_selected =
|
||||
OPENSSL_memdup(s->s3->alpn_selected, s->s3->alpn_selected_len);
|
||||
if (s->session->ext.alpn_selected == NULL) {
|
||||
s->session->ext.alpn_selected_len = 0;
|
||||
SSLfatal(s, SSL_AD_INTERNAL_ERROR,
|
||||
SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET,
|
||||
ERR_R_MALLOC_FAILURE);
|
||||
|
@ -4115,9 +4139,12 @@ int tls_construct_new_session_ticket(SSL *s, WPACKET *pkt)
|
|||
}
|
||||
|
||||
if (tctx->generate_ticket_cb != NULL &&
|
||||
tctx->generate_ticket_cb(s, tctx->ticket_cb_data) == 0)
|
||||
tctx->generate_ticket_cb(s, tctx->ticket_cb_data) == 0) {
|
||||
SSLfatal(s, SSL_AD_INTERNAL_ERROR,
|
||||
SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET,
|
||||
ERR_R_INTERNAL_ERROR);
|
||||
goto err;
|
||||
|
||||
}
|
||||
/*
|
||||
* If we are using anti-replay protection then we behave as if
|
||||
* SSL_OP_NO_TICKET is set - we are caching tickets anyway so there
|
||||
|
|
4
trunk/3rdparty/openssl-1.1-fit/ssl/t1_enc.c
vendored
4
trunk/3rdparty/openssl-1.1-fit/ssl/t1_enc.c
vendored
|
@ -9,7 +9,7 @@
|
|||
*/
|
||||
|
||||
#include <stdio.h>
|
||||
#include "ssl_locl.h"
|
||||
#include "ssl_local.h"
|
||||
#include <openssl/comp.h>
|
||||
#include <openssl/evp.h>
|
||||
#include <openssl/kdf.h>
|
||||
|
@ -466,7 +466,7 @@ int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
|
|||
unsigned char hash[EVP_MAX_MD_SIZE * 2];
|
||||
size_t hashlen;
|
||||
/*
|
||||
* Digest cached records keeping record buffer (if present): this wont
|
||||
* Digest cached records keeping record buffer (if present): this won't
|
||||
* affect client auth because we're freezing the buffer at the same
|
||||
* point (after client key exchange and before certificate verify)
|
||||
*/
|
||||
|
|
455
trunk/3rdparty/openssl-1.1-fit/ssl/t1_lib.c
vendored
455
trunk/3rdparty/openssl-1.1-fit/ssl/t1_lib.c
vendored
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -18,9 +18,12 @@
|
|||
#include <openssl/dh.h>
|
||||
#include <openssl/bn.h>
|
||||
#include "internal/nelem.h"
|
||||
#include "ssl_locl.h"
|
||||
#include "ssl_local.h"
|
||||
#include <openssl/ct.h>
|
||||
|
||||
static const SIGALG_LOOKUP *find_sig_alg(SSL *s, X509 *x, EVP_PKEY *pkey);
|
||||
static int tls12_sigalg_allowed(const SSL *s, int op, const SIGALG_LOOKUP *lu);
|
||||
|
||||
SSL3_ENC_METHOD const TLSv1_enc_data = {
|
||||
tls1_enc,
|
||||
tls1_mac,
|
||||
|
@ -465,11 +468,11 @@ static int tls1_check_pkey_comp(SSL *s, EVP_PKEY *pkey)
|
|||
* If point formats extension present check it, otherwise everything is
|
||||
* supported (see RFC4492).
|
||||
*/
|
||||
if (s->session->ext.ecpointformats == NULL)
|
||||
if (s->ext.peer_ecpointformats == NULL)
|
||||
return 1;
|
||||
|
||||
for (i = 0; i < s->session->ext.ecpointformats_len; i++) {
|
||||
if (s->session->ext.ecpointformats[i] == comp_id)
|
||||
for (i = 0; i < s->ext.peer_ecpointformats_len; i++) {
|
||||
if (s->ext.peer_ecpointformats[i] == comp_id)
|
||||
return 1;
|
||||
}
|
||||
return 0;
|
||||
|
@ -578,7 +581,6 @@ static int tls1_check_cert_param(SSL *s, X509 *x, int check_ee_md)
|
|||
if (check_ee_md && tls1_suiteb(s)) {
|
||||
int check_md;
|
||||
size_t i;
|
||||
CERT *c = s->cert;
|
||||
|
||||
/* Check to see we have necessary signing algorithm */
|
||||
if (group_id == TLSEXT_curve_P_256)
|
||||
|
@ -587,8 +589,8 @@ static int tls1_check_cert_param(SSL *s, X509 *x, int check_ee_md)
|
|||
check_md = NID_ecdsa_with_SHA384;
|
||||
else
|
||||
return 0; /* Should never happen */
|
||||
for (i = 0; i < c->shared_sigalgslen; i++) {
|
||||
if (check_md == c->shared_sigalgs[i]->sigandhash)
|
||||
for (i = 0; i < s->shared_sigalgslen; i++) {
|
||||
if (check_md == s->shared_sigalgs[i]->sigandhash)
|
||||
return 1;;
|
||||
}
|
||||
return 0;
|
||||
|
@ -848,8 +850,11 @@ static int rsa_pss_check_min_key_size(const RSA *rsa, const SIGALG_LOOKUP *lu)
|
|||
}
|
||||
|
||||
/*
|
||||
* Return a signature algorithm for TLS < 1.2 where the signature type
|
||||
* is fixed by the certificate type.
|
||||
* Returns a signature algorithm when the peer did not send a list of supported
|
||||
* signature algorithms. The signature algorithm is fixed for the certificate
|
||||
* type. |idx| is a certificate type index (SSL_PKEY_*). When |idx| is -1 the
|
||||
* certificate type from |s| will be used.
|
||||
* Returns the signature algorithm to use, or NULL on error.
|
||||
*/
|
||||
static const SIGALG_LOOKUP *tls1_get_legacy_sigalg(const SSL *s, int idx)
|
||||
{
|
||||
|
@ -892,8 +897,12 @@ static const SIGALG_LOOKUP *tls1_get_legacy_sigalg(const SSL *s, int idx)
|
|||
|
||||
if (!tls1_lookup_md(lu, NULL))
|
||||
return NULL;
|
||||
if (!tls12_sigalg_allowed(s, SSL_SECOP_SIGALG_SUPPORTED, lu))
|
||||
return NULL;
|
||||
return lu;
|
||||
}
|
||||
if (!tls12_sigalg_allowed(s, SSL_SECOP_SIGALG_SUPPORTED, &legacy_rsa_sigalg))
|
||||
return NULL;
|
||||
return &legacy_rsa_sigalg;
|
||||
}
|
||||
/* Set peer sigalg based key type */
|
||||
|
@ -982,6 +991,31 @@ int tls_check_sigalg_curve(const SSL *s, int curve)
|
|||
}
|
||||
#endif
|
||||
|
||||
/*
|
||||
* Return the number of security bits for the signature algorithm, or 0 on
|
||||
* error.
|
||||
*/
|
||||
static int sigalg_security_bits(const SIGALG_LOOKUP *lu)
|
||||
{
|
||||
const EVP_MD *md = NULL;
|
||||
int secbits = 0;
|
||||
|
||||
if (!tls1_lookup_md(lu, &md))
|
||||
return 0;
|
||||
if (md != NULL)
|
||||
{
|
||||
/* Security bits: half digest bits */
|
||||
secbits = EVP_MD_size(md) * 4;
|
||||
} else {
|
||||
/* Values from https://tools.ietf.org/html/rfc8032#section-8.5 */
|
||||
if (lu->sigalg == TLSEXT_SIGALG_ed25519)
|
||||
secbits = 128;
|
||||
else if (lu->sigalg == TLSEXT_SIGALG_ed448)
|
||||
secbits = 224;
|
||||
}
|
||||
return secbits;
|
||||
}
|
||||
|
||||
/*
|
||||
* Check signature algorithm is consistent with sent supported signature
|
||||
* algorithms and if so set relevant digest and signature scheme in
|
||||
|
@ -995,6 +1029,7 @@ int tls12_check_peer_sigalg(SSL *s, uint16_t sig, EVP_PKEY *pkey)
|
|||
size_t sent_sigslen, i, cidx;
|
||||
int pkeyid = EVP_PKEY_id(pkey);
|
||||
const SIGALG_LOOKUP *lu;
|
||||
int secbits = 0;
|
||||
|
||||
/* Should never happen */
|
||||
if (pkeyid == -1)
|
||||
|
@ -1096,20 +1131,20 @@ int tls12_check_peer_sigalg(SSL *s, uint16_t sig, EVP_PKEY *pkey)
|
|||
SSL_R_UNKNOWN_DIGEST);
|
||||
return 0;
|
||||
}
|
||||
if (md != NULL) {
|
||||
/*
|
||||
* Make sure security callback allows algorithm. For historical
|
||||
* reasons we have to pass the sigalg as a two byte char array.
|
||||
*/
|
||||
sigalgstr[0] = (sig >> 8) & 0xff;
|
||||
sigalgstr[1] = sig & 0xff;
|
||||
if (!ssl_security(s, SSL_SECOP_SIGALG_CHECK,
|
||||
EVP_MD_size(md) * 4, EVP_MD_type(md),
|
||||
(void *)sigalgstr)) {
|
||||
SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_TLS12_CHECK_PEER_SIGALG,
|
||||
SSL_R_WRONG_SIGNATURE_TYPE);
|
||||
return 0;
|
||||
}
|
||||
/*
|
||||
* Make sure security callback allows algorithm. For historical
|
||||
* reasons we have to pass the sigalg as a two byte char array.
|
||||
*/
|
||||
sigalgstr[0] = (sig >> 8) & 0xff;
|
||||
sigalgstr[1] = sig & 0xff;
|
||||
secbits = sigalg_security_bits(lu);
|
||||
if (secbits == 0 ||
|
||||
!ssl_security(s, SSL_SECOP_SIGALG_CHECK, secbits,
|
||||
md != NULL ? EVP_MD_type(md) : NID_undef,
|
||||
(void *)sigalgstr)) {
|
||||
SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_TLS12_CHECK_PEER_SIGALG,
|
||||
SSL_R_WRONG_SIGNATURE_TYPE);
|
||||
return 0;
|
||||
}
|
||||
/* Store the sigalg the peer uses */
|
||||
s->s3->tmp.peer_sigalg = lu;
|
||||
|
@ -1175,7 +1210,7 @@ int ssl_set_client_disabled(SSL *s)
|
|||
*
|
||||
* Returns 1 when it's disabled, 0 when enabled.
|
||||
*/
|
||||
int ssl_cipher_disabled(SSL *s, const SSL_CIPHER *c, int op, int ecdhe)
|
||||
int ssl_cipher_disabled(const SSL *s, const SSL_CIPHER *c, int op, int ecdhe)
|
||||
{
|
||||
if (c->algorithm_mkey & s->s3->tmp.mask_k
|
||||
|| c->algorithm_auth & s->s3->tmp.mask_a)
|
||||
|
@ -1215,9 +1250,9 @@ int tls1_set_server_sigalgs(SSL *s)
|
|||
size_t i;
|
||||
|
||||
/* Clear any shared signature algorithms */
|
||||
OPENSSL_free(s->cert->shared_sigalgs);
|
||||
s->cert->shared_sigalgs = NULL;
|
||||
s->cert->shared_sigalgslen = 0;
|
||||
OPENSSL_free(s->shared_sigalgs);
|
||||
s->shared_sigalgs = NULL;
|
||||
s->shared_sigalgslen = 0;
|
||||
/* Clear certificate validity flags */
|
||||
for (i = 0; i < SSL_PKEY_NUM; i++)
|
||||
s->s3->tmp.valid_flags[i] = 0;
|
||||
|
@ -1252,7 +1287,7 @@ int tls1_set_server_sigalgs(SSL *s)
|
|||
SSL_F_TLS1_SET_SERVER_SIGALGS, ERR_R_INTERNAL_ERROR);
|
||||
return 0;
|
||||
}
|
||||
if (s->cert->shared_sigalgs != NULL)
|
||||
if (s->shared_sigalgs != NULL)
|
||||
return 1;
|
||||
|
||||
/* Fatal error if no shared signature algorithms */
|
||||
|
@ -1555,7 +1590,7 @@ SSL_TICKET_STATUS tls_decrypt_ticket(SSL *s, const unsigned char *etick,
|
|||
}
|
||||
|
||||
/* Check to see if a signature algorithm is allowed */
|
||||
static int tls12_sigalg_allowed(SSL *s, int op, const SIGALG_LOOKUP *lu)
|
||||
static int tls12_sigalg_allowed(const SSL *s, int op, const SIGALG_LOOKUP *lu)
|
||||
{
|
||||
unsigned char sigalgstr[2];
|
||||
int secbits;
|
||||
|
@ -1616,11 +1651,8 @@ static int tls12_sigalg_allowed(SSL *s, int op, const SIGALG_LOOKUP *lu)
|
|||
}
|
||||
}
|
||||
|
||||
if (lu->hash == NID_undef)
|
||||
return 1;
|
||||
/* Security bits: half digest bits */
|
||||
secbits = EVP_MD_size(ssl_md(lu->hash_idx)) * 4;
|
||||
/* Finally see if security callback allows it */
|
||||
secbits = sigalg_security_bits(lu);
|
||||
sigalgstr[0] = (lu->sigalg >> 8) & 0xff;
|
||||
sigalgstr[1] = lu->sigalg & 0xff;
|
||||
return ssl_security(s, op, secbits, lu->hash, (void *)sigalgstr);
|
||||
|
@ -1724,9 +1756,9 @@ static int tls1_set_shared_sigalgs(SSL *s)
|
|||
CERT *c = s->cert;
|
||||
unsigned int is_suiteb = tls1_suiteb(s);
|
||||
|
||||
OPENSSL_free(c->shared_sigalgs);
|
||||
c->shared_sigalgs = NULL;
|
||||
c->shared_sigalgslen = 0;
|
||||
OPENSSL_free(s->shared_sigalgs);
|
||||
s->shared_sigalgs = NULL;
|
||||
s->shared_sigalgslen = 0;
|
||||
/* If client use client signature algorithms if not NULL */
|
||||
if (!s->server && c->client_sigalgs && !is_suiteb) {
|
||||
conf = c->client_sigalgs;
|
||||
|
@ -1757,8 +1789,8 @@ static int tls1_set_shared_sigalgs(SSL *s)
|
|||
} else {
|
||||
salgs = NULL;
|
||||
}
|
||||
c->shared_sigalgs = salgs;
|
||||
c->shared_sigalgslen = nmatch;
|
||||
s->shared_sigalgs = salgs;
|
||||
s->shared_sigalgslen = nmatch;
|
||||
return 1;
|
||||
}
|
||||
|
||||
|
@ -1819,7 +1851,6 @@ int tls1_process_sigalgs(SSL *s)
|
|||
{
|
||||
size_t i;
|
||||
uint32_t *pvalid = s->s3->tmp.valid_flags;
|
||||
CERT *c = s->cert;
|
||||
|
||||
if (!tls1_set_shared_sigalgs(s))
|
||||
return 0;
|
||||
|
@ -1827,8 +1858,8 @@ int tls1_process_sigalgs(SSL *s)
|
|||
for (i = 0; i < SSL_PKEY_NUM; i++)
|
||||
pvalid[i] = 0;
|
||||
|
||||
for (i = 0; i < c->shared_sigalgslen; i++) {
|
||||
const SIGALG_LOOKUP *sigptr = c->shared_sigalgs[i];
|
||||
for (i = 0; i < s->shared_sigalgslen; i++) {
|
||||
const SIGALG_LOOKUP *sigptr = s->shared_sigalgs[i];
|
||||
int idx = sigptr->sig_idx;
|
||||
|
||||
/* Ignore PKCS1 based sig algs in TLSv1.3 */
|
||||
|
@ -1875,12 +1906,12 @@ int SSL_get_shared_sigalgs(SSL *s, int idx,
|
|||
unsigned char *rsig, unsigned char *rhash)
|
||||
{
|
||||
const SIGALG_LOOKUP *shsigalgs;
|
||||
if (s->cert->shared_sigalgs == NULL
|
||||
if (s->shared_sigalgs == NULL
|
||||
|| idx < 0
|
||||
|| idx >= (int)s->cert->shared_sigalgslen
|
||||
|| s->cert->shared_sigalgslen > INT_MAX)
|
||||
|| idx >= (int)s->shared_sigalgslen
|
||||
|| s->shared_sigalgslen > INT_MAX)
|
||||
return 0;
|
||||
shsigalgs = s->cert->shared_sigalgs[idx];
|
||||
shsigalgs = s->shared_sigalgs[idx];
|
||||
if (phash != NULL)
|
||||
*phash = shsigalgs->hash;
|
||||
if (psign != NULL)
|
||||
|
@ -1891,7 +1922,7 @@ int SSL_get_shared_sigalgs(SSL *s, int idx,
|
|||
*rsig = (unsigned char)(shsigalgs->sigalg & 0xff);
|
||||
if (rhash != NULL)
|
||||
*rhash = (unsigned char)((shsigalgs->sigalg >> 8) & 0xff);
|
||||
return (int)s->cert->shared_sigalgslen;
|
||||
return (int)s->shared_sigalgslen;
|
||||
}
|
||||
|
||||
/* Maximum possible number of unique entries in sigalgs array */
|
||||
|
@ -2072,18 +2103,36 @@ int tls1_set_sigalgs(CERT *c, const int *psig_nids, size_t salglen, int client)
|
|||
return 0;
|
||||
}
|
||||
|
||||
static int tls1_check_sig_alg(CERT *c, X509 *x, int default_nid)
|
||||
static int tls1_check_sig_alg(SSL *s, X509 *x, int default_nid)
|
||||
{
|
||||
int sig_nid;
|
||||
int sig_nid, use_pc_sigalgs = 0;
|
||||
size_t i;
|
||||
const SIGALG_LOOKUP *sigalg;
|
||||
size_t sigalgslen;
|
||||
if (default_nid == -1)
|
||||
return 1;
|
||||
sig_nid = X509_get_signature_nid(x);
|
||||
if (default_nid)
|
||||
return sig_nid == default_nid ? 1 : 0;
|
||||
for (i = 0; i < c->shared_sigalgslen; i++)
|
||||
if (sig_nid == c->shared_sigalgs[i]->sigandhash)
|
||||
|
||||
if (SSL_IS_TLS13(s) && s->s3->tmp.peer_cert_sigalgs != NULL) {
|
||||
/*
|
||||
* If we're in TLSv1.3 then we only get here if we're checking the
|
||||
* chain. If the peer has specified peer_cert_sigalgs then we use them
|
||||
* otherwise we default to normal sigalgs.
|
||||
*/
|
||||
sigalgslen = s->s3->tmp.peer_cert_sigalgslen;
|
||||
use_pc_sigalgs = 1;
|
||||
} else {
|
||||
sigalgslen = s->shared_sigalgslen;
|
||||
}
|
||||
for (i = 0; i < sigalgslen; i++) {
|
||||
sigalg = use_pc_sigalgs
|
||||
? tls1_lookup_sigalg(s->s3->tmp.peer_cert_sigalgs[i])
|
||||
: s->shared_sigalgs[i];
|
||||
if (sigalg != NULL && sig_nid == sigalg->sigandhash)
|
||||
return 1;
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
@ -2240,14 +2289,21 @@ int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain,
|
|||
}
|
||||
}
|
||||
/* Check signature algorithm of each cert in chain */
|
||||
if (!tls1_check_sig_alg(c, x, default_nid)) {
|
||||
if (SSL_IS_TLS13(s)) {
|
||||
/*
|
||||
* We only get here if the application has called SSL_check_chain(),
|
||||
* so check_flags is always set.
|
||||
*/
|
||||
if (find_sig_alg(s, x, pk) != NULL)
|
||||
rv |= CERT_PKEY_EE_SIGNATURE;
|
||||
} else if (!tls1_check_sig_alg(s, x, default_nid)) {
|
||||
if (!check_flags)
|
||||
goto end;
|
||||
} else
|
||||
rv |= CERT_PKEY_EE_SIGNATURE;
|
||||
rv |= CERT_PKEY_CA_SIGNATURE;
|
||||
for (i = 0; i < sk_X509_num(chain); i++) {
|
||||
if (!tls1_check_sig_alg(c, sk_X509_value(chain, i), default_nid)) {
|
||||
if (!tls1_check_sig_alg(s, sk_X509_value(chain, i), default_nid)) {
|
||||
if (check_flags) {
|
||||
rv &= ~CERT_PKEY_CA_SIGNATURE;
|
||||
break;
|
||||
|
@ -2383,46 +2439,55 @@ int SSL_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain)
|
|||
#ifndef OPENSSL_NO_DH
|
||||
DH *ssl_get_auto_dh(SSL *s)
|
||||
{
|
||||
int dh_secbits = 80;
|
||||
if (s->cert->dh_tmp_auto == 2)
|
||||
return DH_get_1024_160();
|
||||
if (s->s3->tmp.new_cipher->algorithm_auth & (SSL_aNULL | SSL_aPSK)) {
|
||||
if (s->s3->tmp.new_cipher->strength_bits == 256)
|
||||
dh_secbits = 128;
|
||||
else
|
||||
dh_secbits = 80;
|
||||
} else {
|
||||
if (s->s3->tmp.cert == NULL)
|
||||
return NULL;
|
||||
dh_secbits = EVP_PKEY_security_bits(s->s3->tmp.cert->privatekey);
|
||||
DH *dhp = NULL;
|
||||
BIGNUM *p = NULL, *g = NULL;
|
||||
int dh_secbits = 80, sec_level_bits;
|
||||
|
||||
if (s->cert->dh_tmp_auto != 2) {
|
||||
if (s->s3->tmp.new_cipher->algorithm_auth & (SSL_aNULL | SSL_aPSK)) {
|
||||
if (s->s3->tmp.new_cipher->strength_bits == 256)
|
||||
dh_secbits = 128;
|
||||
else
|
||||
dh_secbits = 80;
|
||||
} else {
|
||||
if (s->s3->tmp.cert == NULL)
|
||||
return NULL;
|
||||
dh_secbits = EVP_PKEY_security_bits(s->s3->tmp.cert->privatekey);
|
||||
}
|
||||
}
|
||||
|
||||
if (dh_secbits >= 128) {
|
||||
DH *dhp = DH_new();
|
||||
BIGNUM *p, *g;
|
||||
if (dhp == NULL)
|
||||
return NULL;
|
||||
g = BN_new();
|
||||
if (g == NULL || !BN_set_word(g, 2)) {
|
||||
DH_free(dhp);
|
||||
BN_free(g);
|
||||
return NULL;
|
||||
}
|
||||
if (dh_secbits >= 192)
|
||||
p = BN_get_rfc3526_prime_8192(NULL);
|
||||
else
|
||||
p = BN_get_rfc3526_prime_3072(NULL);
|
||||
if (p == NULL || !DH_set0_pqg(dhp, p, NULL, g)) {
|
||||
DH_free(dhp);
|
||||
BN_free(p);
|
||||
BN_free(g);
|
||||
return NULL;
|
||||
}
|
||||
return dhp;
|
||||
dhp = DH_new();
|
||||
if (dhp == NULL)
|
||||
return NULL;
|
||||
g = BN_new();
|
||||
if (g == NULL || !BN_set_word(g, 2)) {
|
||||
DH_free(dhp);
|
||||
BN_free(g);
|
||||
return NULL;
|
||||
}
|
||||
if (dh_secbits >= 112)
|
||||
return DH_get_2048_224();
|
||||
return DH_get_1024_160();
|
||||
|
||||
/* Do not pick a prime that is too weak for the current security level */
|
||||
sec_level_bits = ssl_get_security_level_bits(s, NULL, NULL);
|
||||
if (dh_secbits < sec_level_bits)
|
||||
dh_secbits = sec_level_bits;
|
||||
|
||||
if (dh_secbits >= 192)
|
||||
p = BN_get_rfc3526_prime_8192(NULL);
|
||||
else if (dh_secbits >= 152)
|
||||
p = BN_get_rfc3526_prime_4096(NULL);
|
||||
else if (dh_secbits >= 128)
|
||||
p = BN_get_rfc3526_prime_3072(NULL);
|
||||
else if (dh_secbits >= 112)
|
||||
p = BN_get_rfc3526_prime_2048(NULL);
|
||||
else
|
||||
p = BN_get_rfc2409_prime_1024(NULL);
|
||||
if (p == NULL || !DH_set0_pqg(dhp, p, NULL, g)) {
|
||||
DH_free(dhp);
|
||||
BN_free(p);
|
||||
BN_free(g);
|
||||
return NULL;
|
||||
}
|
||||
return dhp;
|
||||
}
|
||||
#endif
|
||||
|
||||
|
@ -2528,44 +2593,33 @@ static int tls12_get_cert_sigalg_idx(const SSL *s, const SIGALG_LOOKUP *lu)
|
|||
}
|
||||
|
||||
/*
|
||||
* Returns true if |s| has a usable certificate configured for use
|
||||
* with signature scheme |sig|.
|
||||
* "Usable" includes a check for presence as well as applying
|
||||
* the signature_algorithm_cert restrictions sent by the peer (if any).
|
||||
* Returns false if no usable certificate is found.
|
||||
* Checks the given cert against signature_algorithm_cert restrictions sent by
|
||||
* the peer (if any) as well as whether the hash from the sigalg is usable with
|
||||
* the key.
|
||||
* Returns true if the cert is usable and false otherwise.
|
||||
*/
|
||||
static int has_usable_cert(SSL *s, const SIGALG_LOOKUP *sig, int idx)
|
||||
static int check_cert_usable(SSL *s, const SIGALG_LOOKUP *sig, X509 *x,
|
||||
EVP_PKEY *pkey)
|
||||
{
|
||||
const SIGALG_LOOKUP *lu;
|
||||
int mdnid, pknid, default_mdnid;
|
||||
int mandatory_md = 0;
|
||||
size_t i;
|
||||
|
||||
/* TLS 1.2 callers can override lu->sig_idx, but not TLS 1.3 callers. */
|
||||
if (idx == -1)
|
||||
idx = sig->sig_idx;
|
||||
if (!ssl_has_cert(s, idx))
|
||||
return 0;
|
||||
/* If the EVP_PKEY reports a mandatory digest, allow nothing else. */
|
||||
ERR_set_mark();
|
||||
switch (EVP_PKEY_get_default_digest_nid(s->cert->pkeys[idx].privatekey,
|
||||
&default_mdnid)) {
|
||||
case 2:
|
||||
mandatory_md = 1;
|
||||
break;
|
||||
case 1:
|
||||
break;
|
||||
default: /* If it didn't report a mandatory NID, for whatever reasons,
|
||||
* just clear the error and allow all hashes to be used. */
|
||||
ERR_pop_to_mark();
|
||||
}
|
||||
if (EVP_PKEY_get_default_digest_nid(pkey, &default_mdnid) == 2 &&
|
||||
sig->hash != default_mdnid)
|
||||
return 0;
|
||||
|
||||
/* If it didn't report a mandatory NID, for whatever reasons,
|
||||
* just clear the error and allow all hashes to be used. */
|
||||
ERR_pop_to_mark();
|
||||
|
||||
if (s->s3->tmp.peer_cert_sigalgs != NULL) {
|
||||
for (i = 0; i < s->s3->tmp.peer_cert_sigalgslen; i++) {
|
||||
lu = tls1_lookup_sigalg(s->s3->tmp.peer_cert_sigalgs[i]);
|
||||
if (lu == NULL
|
||||
|| !X509_get_signature_info(s->cert->pkeys[idx].x509, &mdnid,
|
||||
&pknid, NULL, NULL)
|
||||
|| (mandatory_md && mdnid != default_mdnid))
|
||||
|| !X509_get_signature_info(x, &mdnid, &pknid, NULL, NULL))
|
||||
continue;
|
||||
/*
|
||||
* TODO this does not differentiate between the
|
||||
|
@ -2578,7 +2632,104 @@ static int has_usable_cert(SSL *s, const SIGALG_LOOKUP *sig, int idx)
|
|||
}
|
||||
return 0;
|
||||
}
|
||||
return !mandatory_md || sig->hash == default_mdnid;
|
||||
return 1;
|
||||
}
|
||||
|
||||
/*
|
||||
* Returns true if |s| has a usable certificate configured for use
|
||||
* with signature scheme |sig|.
|
||||
* "Usable" includes a check for presence as well as applying
|
||||
* the signature_algorithm_cert restrictions sent by the peer (if any).
|
||||
* Returns false if no usable certificate is found.
|
||||
*/
|
||||
static int has_usable_cert(SSL *s, const SIGALG_LOOKUP *sig, int idx)
|
||||
{
|
||||
/* TLS 1.2 callers can override sig->sig_idx, but not TLS 1.3 callers. */
|
||||
if (idx == -1)
|
||||
idx = sig->sig_idx;
|
||||
if (!ssl_has_cert(s, idx))
|
||||
return 0;
|
||||
|
||||
return check_cert_usable(s, sig, s->cert->pkeys[idx].x509,
|
||||
s->cert->pkeys[idx].privatekey);
|
||||
}
|
||||
|
||||
/*
|
||||
* Returns true if the supplied cert |x| and key |pkey| is usable with the
|
||||
* specified signature scheme |sig|, or false otherwise.
|
||||
*/
|
||||
static int is_cert_usable(SSL *s, const SIGALG_LOOKUP *sig, X509 *x,
|
||||
EVP_PKEY *pkey)
|
||||
{
|
||||
size_t idx;
|
||||
|
||||
if (ssl_cert_lookup_by_pkey(pkey, &idx) == NULL)
|
||||
return 0;
|
||||
|
||||
/* Check the key is consistent with the sig alg */
|
||||
if ((int)idx != sig->sig_idx)
|
||||
return 0;
|
||||
|
||||
return check_cert_usable(s, sig, x, pkey);
|
||||
}
|
||||
|
||||
/*
|
||||
* Find a signature scheme that works with the supplied certificate |x| and key
|
||||
* |pkey|. |x| and |pkey| may be NULL in which case we additionally look at our
|
||||
* available certs/keys to find one that works.
|
||||
*/
|
||||
static const SIGALG_LOOKUP *find_sig_alg(SSL *s, X509 *x, EVP_PKEY *pkey)
|
||||
{
|
||||
const SIGALG_LOOKUP *lu = NULL;
|
||||
size_t i;
|
||||
#ifndef OPENSSL_NO_EC
|
||||
int curve = -1;
|
||||
#endif
|
||||
EVP_PKEY *tmppkey;
|
||||
|
||||
/* Look for a shared sigalgs matching possible certificates */
|
||||
for (i = 0; i < s->shared_sigalgslen; i++) {
|
||||
lu = s->shared_sigalgs[i];
|
||||
|
||||
/* Skip SHA1, SHA224, DSA and RSA if not PSS */
|
||||
if (lu->hash == NID_sha1
|
||||
|| lu->hash == NID_sha224
|
||||
|| lu->sig == EVP_PKEY_DSA
|
||||
|| lu->sig == EVP_PKEY_RSA)
|
||||
continue;
|
||||
/* Check that we have a cert, and signature_algorithms_cert */
|
||||
if (!tls1_lookup_md(lu, NULL))
|
||||
continue;
|
||||
if ((pkey == NULL && !has_usable_cert(s, lu, -1))
|
||||
|| (pkey != NULL && !is_cert_usable(s, lu, x, pkey)))
|
||||
continue;
|
||||
|
||||
tmppkey = (pkey != NULL) ? pkey
|
||||
: s->cert->pkeys[lu->sig_idx].privatekey;
|
||||
|
||||
if (lu->sig == EVP_PKEY_EC) {
|
||||
#ifndef OPENSSL_NO_EC
|
||||
if (curve == -1) {
|
||||
EC_KEY *ec = EVP_PKEY_get0_EC_KEY(tmppkey);
|
||||
curve = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec));
|
||||
}
|
||||
if (lu->curve != NID_undef && curve != lu->curve)
|
||||
continue;
|
||||
#else
|
||||
continue;
|
||||
#endif
|
||||
} else if (lu->sig == EVP_PKEY_RSA_PSS) {
|
||||
/* validate that key is large enough for the signature algorithm */
|
||||
if (!rsa_pss_check_min_key_size(EVP_PKEY_get0(tmppkey), lu))
|
||||
continue;
|
||||
}
|
||||
break;
|
||||
}
|
||||
|
||||
if (i == s->shared_sigalgslen)
|
||||
return NULL;
|
||||
|
||||
return lu;
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -2601,48 +2752,8 @@ int tls_choose_sigalg(SSL *s, int fatalerrs)
|
|||
s->s3->tmp.sigalg = NULL;
|
||||
|
||||
if (SSL_IS_TLS13(s)) {
|
||||
size_t i;
|
||||
#ifndef OPENSSL_NO_EC
|
||||
int curve = -1;
|
||||
#endif
|
||||
|
||||
/* Look for a certificate matching shared sigalgs */
|
||||
for (i = 0; i < s->cert->shared_sigalgslen; i++) {
|
||||
lu = s->cert->shared_sigalgs[i];
|
||||
sig_idx = -1;
|
||||
|
||||
/* Skip SHA1, SHA224, DSA and RSA if not PSS */
|
||||
if (lu->hash == NID_sha1
|
||||
|| lu->hash == NID_sha224
|
||||
|| lu->sig == EVP_PKEY_DSA
|
||||
|| lu->sig == EVP_PKEY_RSA)
|
||||
continue;
|
||||
/* Check that we have a cert, and signature_algorithms_cert */
|
||||
if (!tls1_lookup_md(lu, NULL) || !has_usable_cert(s, lu, -1))
|
||||
continue;
|
||||
if (lu->sig == EVP_PKEY_EC) {
|
||||
#ifndef OPENSSL_NO_EC
|
||||
if (curve == -1) {
|
||||
EC_KEY *ec = EVP_PKEY_get0_EC_KEY(s->cert->pkeys[SSL_PKEY_ECC].privatekey);
|
||||
|
||||
curve = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec));
|
||||
}
|
||||
if (lu->curve != NID_undef && curve != lu->curve)
|
||||
continue;
|
||||
#else
|
||||
continue;
|
||||
#endif
|
||||
} else if (lu->sig == EVP_PKEY_RSA_PSS) {
|
||||
/* validate that key is large enough for the signature algorithm */
|
||||
EVP_PKEY *pkey;
|
||||
|
||||
pkey = s->cert->pkeys[lu->sig_idx].privatekey;
|
||||
if (!rsa_pss_check_min_key_size(EVP_PKEY_get0(pkey), lu))
|
||||
continue;
|
||||
}
|
||||
break;
|
||||
}
|
||||
if (i == s->cert->shared_sigalgslen) {
|
||||
lu = find_sig_alg(s, NULL, NULL);
|
||||
if (lu == NULL) {
|
||||
if (!fatalerrs)
|
||||
return 1;
|
||||
SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_TLS_CHOOSE_SIGALG,
|
||||
|
@ -2675,8 +2786,8 @@ int tls_choose_sigalg(SSL *s, int fatalerrs)
|
|||
* Find highest preference signature algorithm matching
|
||||
* cert type
|
||||
*/
|
||||
for (i = 0; i < s->cert->shared_sigalgslen; i++) {
|
||||
lu = s->cert->shared_sigalgs[i];
|
||||
for (i = 0; i < s->shared_sigalgslen; i++) {
|
||||
lu = s->shared_sigalgs[i];
|
||||
|
||||
if (s->server) {
|
||||
if ((sig_idx = tls12_get_cert_sigalg_idx(s, lu)) == -1)
|
||||
|
@ -2703,7 +2814,27 @@ int tls_choose_sigalg(SSL *s, int fatalerrs)
|
|||
#endif
|
||||
break;
|
||||
}
|
||||
if (i == s->cert->shared_sigalgslen) {
|
||||
#ifndef OPENSSL_NO_GOST
|
||||
/*
|
||||
* Some Windows-based implementations do not send GOST algorithms indication
|
||||
* in supported_algorithms extension, so when we have GOST-based ciphersuite,
|
||||
* we have to assume GOST support.
|
||||
*/
|
||||
if (i == s->shared_sigalgslen && s->s3->tmp.new_cipher->algorithm_auth & (SSL_aGOST01 | SSL_aGOST12)) {
|
||||
if ((lu = tls1_get_legacy_sigalg(s, -1)) == NULL) {
|
||||
if (!fatalerrs)
|
||||
return 1;
|
||||
SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
|
||||
SSL_F_TLS_CHOOSE_SIGALG,
|
||||
SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM);
|
||||
return 0;
|
||||
} else {
|
||||
i = 0;
|
||||
sig_idx = lu->sig_idx;
|
||||
}
|
||||
}
|
||||
#endif
|
||||
if (i == s->shared_sigalgslen) {
|
||||
if (!fatalerrs)
|
||||
return 1;
|
||||
SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
|
||||
|
|
30
trunk/3rdparty/openssl-1.1-fit/ssl/t1_trce.c
vendored
30
trunk/3rdparty/openssl-1.1-fit/ssl/t1_trce.c
vendored
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2012-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2012-2020 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -7,7 +7,7 @@
|
|||
* https://www.openssl.org/source/license.html
|
||||
*/
|
||||
|
||||
#include "ssl_locl.h"
|
||||
#include "ssl_local.h"
|
||||
|
||||
#ifndef OPENSSL_NO_SSL_TRACE
|
||||
|
||||
|
@ -656,7 +656,10 @@ static int ssl_print_random(BIO *bio, int indent,
|
|||
|
||||
if (*pmsglen < 32)
|
||||
return 0;
|
||||
tm = (p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3];
|
||||
tm = ((unsigned int)p[0] << 24)
|
||||
| ((unsigned int)p[1] << 16)
|
||||
| ((unsigned int)p[2] << 8)
|
||||
| (unsigned int)p[3];
|
||||
p += 4;
|
||||
BIO_indent(bio, indent, 80);
|
||||
BIO_puts(bio, "Random:\n");
|
||||
|
@ -864,8 +867,10 @@ static int ssl_print_extension(BIO *bio, int indent, int server,
|
|||
break;
|
||||
if (extlen != 4)
|
||||
return 0;
|
||||
max_early_data = (ext[0] << 24) | (ext[1] << 16) | (ext[2] << 8)
|
||||
| ext[3];
|
||||
max_early_data = ((unsigned int)ext[0] << 24)
|
||||
| ((unsigned int)ext[1] << 16)
|
||||
| ((unsigned int)ext[2] << 8)
|
||||
| (unsigned int)ext[3];
|
||||
BIO_indent(bio, indent + 2, 80);
|
||||
BIO_printf(bio, "max_early_data=%u\n", max_early_data);
|
||||
break;
|
||||
|
@ -1246,8 +1251,9 @@ static int ssl_print_certificates(BIO *bio, const SSL *ssl, int server,
|
|||
while (clen > 0) {
|
||||
if (!ssl_print_certificate(bio, indent + 2, &msg, &clen))
|
||||
return 0;
|
||||
if (!ssl_print_extensions(bio, indent + 2, server, SSL3_MT_CERTIFICATE,
|
||||
&msg, &clen))
|
||||
if (SSL_IS_TLS13(ssl)
|
||||
&& !ssl_print_extensions(bio, indent + 2, server,
|
||||
SSL3_MT_CERTIFICATE, &msg, &clen))
|
||||
return 0;
|
||||
|
||||
}
|
||||
|
@ -1355,7 +1361,10 @@ static int ssl_print_ticket(BIO *bio, int indent, const SSL *ssl,
|
|||
}
|
||||
if (msglen < 4)
|
||||
return 0;
|
||||
tick_life = (msg[0] << 24) | (msg[1] << 16) | (msg[2] << 8) | msg[3];
|
||||
tick_life = ((unsigned int)msg[0] << 24)
|
||||
| ((unsigned int)msg[1] << 16)
|
||||
| ((unsigned int)msg[2] << 8)
|
||||
| (unsigned int)msg[3];
|
||||
msglen -= 4;
|
||||
msg += 4;
|
||||
BIO_indent(bio, indent + 2, 80);
|
||||
|
@ -1366,7 +1375,10 @@ static int ssl_print_ticket(BIO *bio, int indent, const SSL *ssl,
|
|||
if (msglen < 4)
|
||||
return 0;
|
||||
ticket_age_add =
|
||||
(msg[0] << 24) | (msg[1] << 16) | (msg[2] << 8) | msg[3];
|
||||
((unsigned int)msg[0] << 24)
|
||||
| ((unsigned int)msg[1] << 16)
|
||||
| ((unsigned int)msg[2] << 8)
|
||||
| (unsigned int)msg[3];
|
||||
msglen -= 4;
|
||||
msg += 4;
|
||||
BIO_indent(bio, indent + 2, 80);
|
||||
|
|
70
trunk/3rdparty/openssl-1.1-fit/ssl/tls13_enc.c
vendored
70
trunk/3rdparty/openssl-1.1-fit/ssl/tls13_enc.c
vendored
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -8,7 +8,7 @@
|
|||
*/
|
||||
|
||||
#include <stdlib.h>
|
||||
#include "ssl_locl.h"
|
||||
#include "ssl_local.h"
|
||||
#include "internal/cryptlib.h"
|
||||
#include <openssl/evp.h>
|
||||
#include <openssl/kdf.h>
|
||||
|
@ -30,7 +30,11 @@ int tls13_hkdf_expand(SSL *s, const EVP_MD *md, const unsigned char *secret,
|
|||
const unsigned char *data, size_t datalen,
|
||||
unsigned char *out, size_t outlen, int fatal)
|
||||
{
|
||||
#ifdef CHARSET_EBCDIC
|
||||
static const unsigned char label_prefix[] = { 0x74, 0x6C, 0x73, 0x31, 0x33, 0x20, 0x00 };
|
||||
#else
|
||||
static const unsigned char label_prefix[] = "tls13 ";
|
||||
#endif
|
||||
EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL);
|
||||
int ret;
|
||||
size_t hkdflabellen;
|
||||
|
@ -40,7 +44,7 @@ int tls13_hkdf_expand(SSL *s, const EVP_MD *md, const unsigned char *secret,
|
|||
* prefix and label + bytes for the label itself + 1 byte length of hash
|
||||
* + bytes for the hash itself
|
||||
*/
|
||||
unsigned char hkdflabel[sizeof(uint16_t) + sizeof(uint8_t) +
|
||||
unsigned char hkdflabel[sizeof(uint16_t) + sizeof(uint8_t)
|
||||
+ (sizeof(label_prefix) - 1) + TLS13_MAX_LABEL_LEN
|
||||
+ 1 + EVP_MAX_MD_SIZE];
|
||||
WPACKET pkt;
|
||||
|
@ -112,7 +116,11 @@ int tls13_hkdf_expand(SSL *s, const EVP_MD *md, const unsigned char *secret,
|
|||
int tls13_derive_key(SSL *s, const EVP_MD *md, const unsigned char *secret,
|
||||
unsigned char *key, size_t keylen)
|
||||
{
|
||||
static const unsigned char keylabel[] = "key";
|
||||
#ifdef CHARSET_EBCDIC
|
||||
static const unsigned char keylabel[] ={ 0x6B, 0x65, 0x79, 0x00 };
|
||||
#else
|
||||
static const unsigned char keylabel[] = "key";
|
||||
#endif
|
||||
|
||||
return tls13_hkdf_expand(s, md, secret, keylabel, sizeof(keylabel) - 1,
|
||||
NULL, 0, key, keylen, 1);
|
||||
|
@ -125,7 +133,11 @@ int tls13_derive_key(SSL *s, const EVP_MD *md, const unsigned char *secret,
|
|||
int tls13_derive_iv(SSL *s, const EVP_MD *md, const unsigned char *secret,
|
||||
unsigned char *iv, size_t ivlen)
|
||||
{
|
||||
static const unsigned char ivlabel[] = "iv";
|
||||
#ifdef CHARSET_EBCDIC
|
||||
static const unsigned char ivlabel[] = { 0x69, 0x76, 0x00 };
|
||||
#else
|
||||
static const unsigned char ivlabel[] = "iv";
|
||||
#endif
|
||||
|
||||
return tls13_hkdf_expand(s, md, secret, ivlabel, sizeof(ivlabel) - 1,
|
||||
NULL, 0, iv, ivlen, 1);
|
||||
|
@ -135,7 +147,11 @@ int tls13_derive_finishedkey(SSL *s, const EVP_MD *md,
|
|||
const unsigned char *secret,
|
||||
unsigned char *fin, size_t finlen)
|
||||
{
|
||||
static const unsigned char finishedlabel[] = "finished";
|
||||
#ifdef CHARSET_EBCDIC
|
||||
static const unsigned char finishedlabel[] = { 0x66, 0x69, 0x6E, 0x69, 0x73, 0x68, 0x65, 0x64, 0x00 };
|
||||
#else
|
||||
static const unsigned char finishedlabel[] = "finished";
|
||||
#endif
|
||||
|
||||
return tls13_hkdf_expand(s, md, secret, finishedlabel,
|
||||
sizeof(finishedlabel) - 1, NULL, 0, fin, finlen, 1);
|
||||
|
@ -156,7 +172,11 @@ int tls13_generate_secret(SSL *s, const EVP_MD *md,
|
|||
int mdleni;
|
||||
int ret;
|
||||
EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL);
|
||||
#ifdef CHARSET_EBCDIC
|
||||
static const char derived_secret_label[] = { 0x64, 0x65, 0x72, 0x69, 0x76, 0x65, 0x64, 0x00 };
|
||||
#else
|
||||
static const char derived_secret_label[] = "derived";
|
||||
#endif
|
||||
unsigned char preextractsec[EVP_MAX_MD_SIZE];
|
||||
|
||||
if (pctx == NULL) {
|
||||
|
@ -370,11 +390,18 @@ static int derive_secret_key_and_iv(SSL *s, int sending, const EVP_MD *md,
|
|||
uint32_t algenc;
|
||||
|
||||
ivlen = EVP_CCM_TLS_IV_LEN;
|
||||
if (s->s3->tmp.new_cipher == NULL) {
|
||||
if (s->s3->tmp.new_cipher != NULL) {
|
||||
algenc = s->s3->tmp.new_cipher->algorithm_enc;
|
||||
} else if (s->session->cipher != NULL) {
|
||||
/* We've not selected a cipher yet - we must be doing early data */
|
||||
algenc = s->session->cipher->algorithm_enc;
|
||||
} else if (s->psksession != NULL && s->psksession->cipher != NULL) {
|
||||
/* We must be doing early data with out-of-band PSK */
|
||||
algenc = s->psksession->cipher->algorithm_enc;
|
||||
} else {
|
||||
algenc = s->s3->tmp.new_cipher->algorithm_enc;
|
||||
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DERIVE_SECRET_KEY_AND_IV,
|
||||
ERR_R_EVP_LIB);
|
||||
goto err;
|
||||
}
|
||||
if (algenc & (SSL_AES128CCM8 | SSL_AES256CCM8))
|
||||
taglen = EVP_CCM8_TLS_TAG_LEN;
|
||||
|
@ -409,6 +436,16 @@ static int derive_secret_key_and_iv(SSL *s, int sending, const EVP_MD *md,
|
|||
|
||||
int tls13_change_cipher_state(SSL *s, int which)
|
||||
{
|
||||
#ifdef CHARSET_EBCDIC
|
||||
static const unsigned char client_early_traffic[] = {0x63, 0x20, 0x65, 0x20, /*traffic*/0x74, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x00};
|
||||
static const unsigned char client_handshake_traffic[] = {0x63, 0x20, 0x68, 0x73, 0x20, /*traffic*/0x74, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x00};
|
||||
static const unsigned char client_application_traffic[] = {0x63, 0x20, 0x61, 0x70, 0x20, /*traffic*/0x74, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x00};
|
||||
static const unsigned char server_handshake_traffic[] = {0x73, 0x20, 0x68, 0x73, 0x20, /*traffic*/0x74, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x00};
|
||||
static const unsigned char server_application_traffic[] = {0x73, 0x20, 0x61, 0x70, 0x20, /*traffic*/0x74, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x00};
|
||||
static const unsigned char exporter_master_secret[] = {0x65, 0x78, 0x70, 0x20, /* master*/ 0x6D, 0x61, 0x73, 0x74, 0x65, 0x72, 0x00};
|
||||
static const unsigned char resumption_master_secret[] = {0x72, 0x65, 0x73, 0x20, /* master*/ 0x6D, 0x61, 0x73, 0x74, 0x65, 0x72, 0x00};
|
||||
static const unsigned char early_exporter_master_secret[] = {0x65, 0x20, 0x65, 0x78, 0x70, 0x20, /* master*/ 0x6D, 0x61, 0x73, 0x74, 0x65, 0x72, 0x00};
|
||||
#else
|
||||
static const unsigned char client_early_traffic[] = "c e traffic";
|
||||
static const unsigned char client_handshake_traffic[] = "c hs traffic";
|
||||
static const unsigned char client_application_traffic[] = "c ap traffic";
|
||||
|
@ -417,6 +454,7 @@ int tls13_change_cipher_state(SSL *s, int which)
|
|||
static const unsigned char exporter_master_secret[] = "exp master";
|
||||
static const unsigned char resumption_master_secret[] = "res master";
|
||||
static const unsigned char early_exporter_master_secret[] = "e exp master";
|
||||
#endif
|
||||
unsigned char *iv;
|
||||
unsigned char secret[EVP_MAX_MD_SIZE];
|
||||
unsigned char hashval[EVP_MAX_MD_SIZE];
|
||||
|
@ -684,7 +722,11 @@ int tls13_change_cipher_state(SSL *s, int which)
|
|||
|
||||
int tls13_update_key(SSL *s, int sending)
|
||||
{
|
||||
static const unsigned char application_traffic[] = "traffic upd";
|
||||
#ifdef CHARSET_EBCDIC
|
||||
static const unsigned char application_traffic[] = { 0x74, 0x72 ,0x61 ,0x66 ,0x66 ,0x69 ,0x63 ,0x20 ,0x75 ,0x70 ,0x64, 0x00};
|
||||
#else
|
||||
static const unsigned char application_traffic[] = "traffic upd";
|
||||
#endif
|
||||
const EVP_MD *md = ssl_handshake_md(s);
|
||||
size_t hashlen = EVP_MD_size(md);
|
||||
unsigned char *insecret, *iv;
|
||||
|
@ -741,7 +783,11 @@ int tls13_export_keying_material(SSL *s, unsigned char *out, size_t olen,
|
|||
size_t contextlen, int use_context)
|
||||
{
|
||||
unsigned char exportsecret[EVP_MAX_MD_SIZE];
|
||||
#ifdef CHARSET_EBCDIC
|
||||
static const unsigned char exporterlabel[] = {0x65, 0x78, 0x70, 0x6F, 0x72, 0x74, 0x65, 0x72, 0x00};
|
||||
#else
|
||||
static const unsigned char exporterlabel[] = "exporter";
|
||||
#endif
|
||||
unsigned char hash[EVP_MAX_MD_SIZE], data[EVP_MAX_MD_SIZE];
|
||||
const EVP_MD *md = ssl_handshake_md(s);
|
||||
EVP_MD_CTX *ctx = EVP_MD_CTX_new();
|
||||
|
@ -778,7 +824,11 @@ int tls13_export_keying_material_early(SSL *s, unsigned char *out, size_t olen,
|
|||
const unsigned char *context,
|
||||
size_t contextlen)
|
||||
{
|
||||
static const unsigned char exporterlabel[] = "exporter";
|
||||
#ifdef CHARSET_EBCDIC
|
||||
static const unsigned char exporterlabel[] = {0x65, 0x78, 0x70, 0x6F, 0x72, 0x74, 0x65, 0x72, 0x00};
|
||||
#else
|
||||
static const unsigned char exporterlabel[] = "exporter";
|
||||
#endif
|
||||
unsigned char exportsecret[EVP_MAX_MD_SIZE];
|
||||
unsigned char hash[EVP_MAX_MD_SIZE], data[EVP_MAX_MD_SIZE];
|
||||
const EVP_MD *md;
|
||||
|
|
2
trunk/3rdparty/openssl-1.1-fit/ssl/tls_srp.c
vendored
2
trunk/3rdparty/openssl-1.1-fit/ssl/tls_srp.c
vendored
|
@ -14,7 +14,7 @@
|
|||
#include <openssl/crypto.h>
|
||||
#include <openssl/rand.h>
|
||||
#include <openssl/err.h>
|
||||
#include "ssl_locl.h"
|
||||
#include "ssl_local.h"
|
||||
|
||||
#ifndef OPENSSL_NO_SRP
|
||||
# include <openssl/srp.h>
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue