aboutsummaryrefslogtreecommitdiffstats
path: root/ssl/statem
diff options
context:
space:
mode:
authorJung-uk Kim <jkim@FreeBSD.org>2020-09-22 14:27:08 +0000
committerJung-uk Kim <jkim@FreeBSD.org>2020-09-22 14:27:08 +0000
commit92f02b3b0f21350e7c92a16ca9b594ad7682c717 (patch)
tree00444fe1520f87a0f22770b5c0be936737fb2179 /ssl/statem
parent65aa3028e51cba07879f3dc4608949c5c6b9fcc0 (diff)
downloadsrc-92f02b3b0f21350e7c92a16ca9b594ad7682c717.tar.gz
src-92f02b3b0f21350e7c92a16ca9b594ad7682c717.zip
Import OpenSSL 1.1.1h.vendor/openssl/1.1.1h
Notes
Notes: svn path=/vendor-crypto/openssl/dist/; revision=365997 svn path=/vendor-crypto/openssl/1.1.1h/; revision=365998; tag=vendor/openssl/1.1.1h
Diffstat (limited to 'ssl/statem')
-rw-r--r--ssl/statem/extensions.c14
-rw-r--r--ssl/statem/extensions_srvr.c2
-rw-r--r--ssl/statem/statem_lib.c35
3 files changed, 34 insertions, 17 deletions
diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c
index 4ef8b417b820..c785ab785d38 100644
--- a/ssl/statem/extensions.c
+++ b/ssl/statem/extensions.c
@@ -1168,14 +1168,26 @@ static int init_etm(SSL *s, unsigned int context)
static int init_ems(SSL *s, unsigned int context)
{
- if (!s->server)
+ if (s->s3->flags & TLS1_FLAGS_RECEIVED_EXTMS) {
s->s3->flags &= ~TLS1_FLAGS_RECEIVED_EXTMS;
+ s->s3->flags |= TLS1_FLAGS_REQUIRED_EXTMS;
+ }
return 1;
}
static int final_ems(SSL *s, unsigned int context, int sent)
{
+ /*
+ * Check extended master secret extension is not dropped on
+ * renegotiation.
+ */
+ if (!(s->s3->flags & TLS1_FLAGS_RECEIVED_EXTMS)
+ && (s->s3->flags & TLS1_FLAGS_REQUIRED_EXTMS)) {
+ SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_FINAL_EMS,
+ SSL_R_INCONSISTENT_EXTMS);
+ return 0;
+ }
if (!s->server && s->hit) {
/*
* Check extended master secret extension is consistent with
diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c
index 3b07c6b940f4..3c7395c0eb26 100644
--- a/ssl/statem/extensions_srvr.c
+++ b/ssl/statem/extensions_srvr.c
@@ -1151,7 +1151,7 @@ int tls_parse_ctos_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
if (sesstmp == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR,
SSL_F_TLS_PARSE_CTOS_PSK, ERR_R_INTERNAL_ERROR);
- return 0;
+ goto err;
}
SSL_SESSION_free(sess);
sess = sesstmp;
diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c
index 43d6fd5de941..364f77f08a4e 100644
--- a/ssl/statem/statem_lib.c
+++ b/ssl/statem/statem_lib.c
@@ -1341,6 +1341,7 @@ int tls_get_message_body(SSL *s, size_t *len)
static const X509ERR2ALERT x509table[] = {
{X509_V_ERR_APPLICATION_VERIFICATION, SSL_AD_HANDSHAKE_FAILURE},
{X509_V_ERR_CA_KEY_TOO_SMALL, SSL_AD_BAD_CERTIFICATE},
+ {X509_V_ERR_EC_KEY_EXPLICIT_PARAMS, SSL_AD_BAD_CERTIFICATE},
{X509_V_ERR_CA_MD_TOO_WEAK, SSL_AD_BAD_CERTIFICATE},
{X509_V_ERR_CERT_CHAIN_TOO_LONG, SSL_AD_UNKNOWN_CA},
{X509_V_ERR_CERT_HAS_EXPIRED, SSL_AD_CERTIFICATE_EXPIRED},
@@ -1656,11 +1657,22 @@ int ssl_check_version_downgrade(SSL *s)
*/
int ssl_set_version_bound(int method_version, int version, int *bound)
{
+ int valid_tls;
+ int valid_dtls;
+
if (version == 0) {
*bound = version;
return 1;
}
+ valid_tls = version >= SSL3_VERSION && version <= TLS_MAX_VERSION;
+ valid_dtls =
+ DTLS_VERSION_LE(version, DTLS_MAX_VERSION) &&
+ DTLS_VERSION_GE(version, DTLS1_BAD_VER);
+
+ if (!valid_tls && !valid_dtls)
+ return 0;
+
/*-
* Restrict TLS methods to TLS protocol versions.
* Restrict DTLS methods to DTLS protocol versions.
@@ -1671,31 +1683,24 @@ int ssl_set_version_bound(int method_version, int version, int *bound)
* configurations. If the MIN (supported) version ever rises, the user's
* "floor" remains valid even if no longer available. We don't expect the
* MAX ceiling to ever get lower, so making that variable makes sense.
+ *
+ * We ignore attempts to set bounds on version-inflexible methods,
+ * returning success.
*/
switch (method_version) {
default:
- /*
- * XXX For fixed version methods, should we always fail and not set any
- * bounds, always succeed and not set any bounds, or set the bounds and
- * arrange to fail later if they are not met? At present fixed-version
- * methods are not subject to controls that disable individual protocol
- * versions.
- */
- return 0;
+ break;
case TLS_ANY_VERSION:
- if (version < SSL3_VERSION || version > TLS_MAX_VERSION)
- return 0;
+ if (valid_tls)
+ *bound = version;
break;
case DTLS_ANY_VERSION:
- if (DTLS_VERSION_GT(version, DTLS_MAX_VERSION) ||
- DTLS_VERSION_LT(version, DTLS1_BAD_VER))
- return 0;
+ if (valid_dtls)
+ *bound = version;
break;
}
-
- *bound = version;
return 1;
}