aboutsummaryrefslogtreecommitdiffstats
path: root/ssl
diff options
context:
space:
mode:
Diffstat (limited to 'ssl')
-rw-r--r--ssl/Makefile2
-rw-r--r--ssl/bad_dtls_test.c2
-rw-r--r--ssl/d1_lib.c4
-rw-r--r--ssl/d1_pkt.c31
-rw-r--r--ssl/fatalerrtest.c6
-rw-r--r--ssl/kssl.c17
-rw-r--r--ssl/s23_srvr.c4
-rw-r--r--ssl/s2_clnt.c6
-rw-r--r--ssl/s2_enc.c2
-rw-r--r--ssl/s2_lib.c8
-rw-r--r--ssl/s2_srvr.c8
-rw-r--r--ssl/s3_clnt.c24
-rw-r--r--ssl/s3_lib.c8
-rw-r--r--ssl/s3_pkt.c38
-rw-r--r--ssl/s3_srvr.c4
-rw-r--r--ssl/ssl_cert.c10
-rw-r--r--ssl/ssl_lib.c6
-rw-r--r--ssl/ssl_sess.c8
-rw-r--r--ssl/ssltest.c22
-rw-r--r--ssl/t1_enc.c10
-rw-r--r--ssl/t1_lib.c27
-rw-r--r--ssl/t1_trce.c6
22 files changed, 151 insertions, 102 deletions
diff --git a/ssl/Makefile b/ssl/Makefile
index 7866a3ccd77b..b0a4ee8577c8 100644
--- a/ssl/Makefile
+++ b/ssl/Makefile
@@ -269,7 +269,7 @@ d1_srvr.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
d1_srvr.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
d1_srvr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h d1_srvr.c
d1_srvr.o: ssl_locl.h
-kssl.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+kssl.o: ../crypto/o_time.h ../include/openssl/asn1.h ../include/openssl/bio.h
kssl.o: ../include/openssl/buffer.h ../include/openssl/comp.h
kssl.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h
kssl.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
diff --git a/ssl/bad_dtls_test.c b/ssl/bad_dtls_test.c
index 34af37d9a9f4..ff754e1e497b 100644
--- a/ssl/bad_dtls_test.c
+++ b/ssl/bad_dtls_test.c
@@ -19,7 +19,7 @@
* Note that unlike other SSL tests, we don't test against our own SSL
* server method. Firstly because we don't have one; we *only* support
* DTLS1_BAD_VER as a client. And secondly because even if that were
- * fixed up it's the wrong thing to test against — because if changes
+ * fixed up it's the wrong thing to test against - because if changes
* are made in generic DTLS code which don't take DTLS1_BAD_VER into
* account, there's plenty of scope for making those changes such that
* they break *both* the client and the server in the same way.
diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c
index debd4fd5dcca..95b5033d3d33 100644
--- a/ssl/d1_lib.c
+++ b/ssl/d1_lib.c
@@ -126,9 +126,9 @@ int dtls1_new(SSL *s)
if (!ssl3_new(s))
return (0);
- if ((d1 = OPENSSL_malloc(sizeof *d1)) == NULL)
+ if ((d1 = OPENSSL_malloc(sizeof(*d1))) == NULL)
return (0);
- memset(d1, 0, sizeof *d1);
+ memset(d1, 0, sizeof(*d1));
/* d1->handshake_epoch=0; */
diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c
index 10586fee5408..f5deddf7706a 100644
--- a/ssl/d1_pkt.c
+++ b/ssl/d1_pkt.c
@@ -4,7 +4,7 @@
* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
*/
/* ====================================================================
- * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -706,8 +706,11 @@ int dtls1_get_record(SSL *s)
n2s(p, rr->length);
- /* Lets check version */
- if (!s->first_packet) {
+ /*
+ * Lets check the version. We tolerate alerts that don't have the exact
+ * version number (e.g. because of protocol version errors)
+ */
+ if (!s->first_packet && rr->type != SSL3_RT_ALERT) {
if (version != s->version) {
/* unexpected version, silently discard */
rr->length = 0;
@@ -1061,7 +1064,7 @@ int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
unsigned int *dest_len = NULL;
if (rr->type == SSL3_RT_HANDSHAKE) {
- dest_maxlen = sizeof s->d1->handshake_fragment;
+ dest_maxlen = sizeof(s->d1->handshake_fragment);
dest = s->d1->handshake_fragment;
dest_len = &s->d1->handshake_fragment_len;
} else if (rr->type == SSL3_RT_ALERT) {
@@ -1202,6 +1205,24 @@ int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
goto start;
}
+ /*
+ * If we are a server and get a client hello when renegotiation isn't
+ * allowed send back a no renegotiation alert and carry on.
+ */
+ if (s->server
+ && SSL_is_init_finished(s)
+ && !s->s3->send_connection_binding
+ && s->d1->handshake_fragment_len >= DTLS1_HM_HEADER_LENGTH
+ && s->d1->handshake_fragment[0] == SSL3_MT_CLIENT_HELLO
+ && s->s3->previous_client_finished_len != 0
+ && (s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION) == 0) {
+ s->d1->handshake_fragment_len = 0;
+ rr->length = 0;
+ ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_NO_RENEGOTIATION);
+ goto start;
+ }
+
+
if (s->d1->alert_fragment_len >= DTLS1_AL_HEADER_LENGTH) {
int alert_level = s->d1->alert_fragment[0];
int alert_descr = s->d1->alert_fragment[1];
@@ -1286,7 +1307,7 @@ int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
s->s3->fatal_alert = alert_descr;
SSLerr(SSL_F_DTLS1_READ_BYTES,
SSL_AD_REASON_OFFSET + alert_descr);
- BIO_snprintf(tmp, sizeof tmp, "%d", alert_descr);
+ BIO_snprintf(tmp, sizeof(tmp), "%d", alert_descr);
ERR_add_error_data(2, "SSL alert number ", tmp);
s->shutdown |= SSL_RECEIVED_SHUTDOWN;
SSL_CTX_remove_session(s->session_ctx, s->session);
diff --git a/ssl/fatalerrtest.c b/ssl/fatalerrtest.c
index 0288c33fa2eb..f9d66e27b30c 100644
--- a/ssl/fatalerrtest.c
+++ b/ssl/fatalerrtest.c
@@ -13,8 +13,8 @@
int main(int argc, char *argv[])
{
- SSL_CTX *sctx, *cctx;
- SSL *sssl, *cssl;
+ SSL_CTX *sctx = NULL, *cctx = NULL;
+ SSL *sssl = NULL, *cssl = NULL;
const char *msg = "Dummy";
BIO *err = NULL, *wbio = NULL;
int ret = 1, len;
@@ -76,7 +76,7 @@ int main(int argc, char *argv[])
}
/* SSL_read()/SSL_write should fail because of a previous fatal error */
- if ((len = SSL_read(sssl, buf, sizeof(buf - 1))) > 0) {
+ if ((len = SSL_read(sssl, buf, sizeof(buf) - 1)) > 0) {
buf[len] = '\0';
printf("Unexpected success reading data: %s\n", buf);
goto err;
diff --git a/ssl/kssl.c b/ssl/kssl.c
index f2839bdcd7f5..18e5f1dcc2b0 100644
--- a/ssl/kssl.c
+++ b/ssl/kssl.c
@@ -4,7 +4,7 @@
* 2000.
*/
/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 2000-2018 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -78,6 +78,7 @@
#include <openssl/evp.h>
#include <openssl/objects.h>
#include <openssl/krb5_asn.h>
+#include "o_time.h"
#include "kssl_lcl.h"
#ifndef OPENSSL_NO_KRB5
@@ -2026,6 +2027,8 @@ krb5_error_code kssl_check_authent(
int outl, unencbufsize;
struct tm tm_time, *tm_l, *tm_g;
time_t now, tl, tg, tr, tz_offset;
+ struct tm gmt_result = {0};
+ struct tm lt_result = {0};
EVP_CIPHER_CTX_init(&ciph_ctx);
*atimep = 0;
@@ -2082,7 +2085,7 @@ krb5_error_code kssl_check_authent(
}
# endif
enc = kssl_map_enc(enctype);
- memset(iv, 0, sizeof iv); /* per RFC 1510 */
+ memset(iv, 0, sizeof(iv)); /* per RFC 1510 */
if (enc == NULL) {
/*
@@ -2140,9 +2143,17 @@ krb5_error_code kssl_check_authent(
if (k_gmtime(auth->ctime, &tm_time) &&
((tr = mktime(&tm_time)) != (time_t)(-1))) {
now = time(&now);
+ tm_g = OPENSSL_gmtime(&now, &gmt_result);
+
+# if defined(OPENSSL_THREADS) && !defined(OPENSSL_SYS_WIN32) && \
+ !defined(OPENSSL_SYS_OS2) && !defined(OPENSSL_SYS_SUNOS) && \
+ (!defined(OPENSSL_SYS_VMS) || defined(localtime_r))
+ tm_l = localtime_r(&now, &lt_result);
+# else
tm_l = localtime(&now);
+# endif
+
tl = mktime(tm_l);
- tm_g = gmtime(&now);
tg = mktime(tm_g);
tz_offset = tg - tl;
diff --git a/ssl/s23_srvr.c b/ssl/s23_srvr.c
index d3f6db15ccee..d2017e7cf086 100644
--- a/ssl/s23_srvr.c
+++ b/ssl/s23_srvr.c
@@ -268,8 +268,8 @@ int ssl23_get_client_hello(SSL *s)
if (!ssl3_setup_buffers(s))
goto err;
- n = ssl23_read_bytes(s, sizeof buf_space);
- if (n != sizeof buf_space)
+ n = ssl23_read_bytes(s, sizeof(buf_space));
+ if (n != sizeof(buf_space))
return (n); /* n == -1 || n == 0 */
p = s->packet;
diff --git a/ssl/s2_clnt.c b/ssl/s2_clnt.c
index 20de1a82178f..3a8345ba2f81 100644
--- a/ssl/s2_clnt.c
+++ b/ssl/s2_clnt.c
@@ -523,7 +523,7 @@ static int get_server_hello(SSL *s)
}
s->s2->conn_id_length = s->s2->tmp.conn_id_length;
- if (s->s2->conn_id_length > sizeof s->s2->conn_id) {
+ if (s->s2->conn_id_length > sizeof(s->s2->conn_id)) {
ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
SSLerr(SSL_F_GET_SERVER_HELLO, SSL_R_SSL2_CONNECTION_ID_TOO_LONG);
return -1;
@@ -708,7 +708,7 @@ static int client_finished(SSL *s)
if (s->state == SSL2_ST_SEND_CLIENT_FINISHED_A) {
p = (unsigned char *)s->init_buf->data;
*(p++) = SSL2_MT_CLIENT_FINISHED;
- if (s->s2->conn_id_length > sizeof s->s2->conn_id) {
+ if (s->s2->conn_id_length > sizeof(s->s2->conn_id)) {
SSLerr(SSL_F_CLIENT_FINISHED, ERR_R_INTERNAL_ERROR);
return -1;
}
@@ -981,7 +981,7 @@ static int get_server_finished(SSL *s)
} else {
if (!(s->options & SSL_OP_MICROSOFT_SESS_ID_BUG)) {
if ((s->session->session_id_length >
- sizeof s->session->session_id)
+ sizeof(s->session->session_id))
|| (0 !=
memcmp(buf + 1, s->session->session_id,
(unsigned int)s->session->session_id_length))) {
diff --git a/ssl/s2_enc.c b/ssl/s2_enc.c
index 23eef72aa43b..0115d2069ce2 100644
--- a/ssl/s2_enc.c
+++ b/ssl/s2_enc.c
@@ -99,7 +99,7 @@ int ssl2_enc_init(SSL *s, int client)
num = c->key_len;
s->s2->key_material_length = num * 2;
- OPENSSL_assert(s->s2->key_material_length <= sizeof s->s2->key_material);
+ OPENSSL_assert(s->s2->key_material_length <= sizeof(s->s2->key_material));
if (ssl2_generate_key_material(s) <= 0)
return 0;
diff --git a/ssl/s2_lib.c b/ssl/s2_lib.c
index cc1360307b94..f03fe69f1e78 100644
--- a/ssl/s2_lib.c
+++ b/ssl/s2_lib.c
@@ -326,9 +326,9 @@ int ssl2_new(SSL *s)
{
SSL2_STATE *s2;
- if ((s2 = OPENSSL_malloc(sizeof *s2)) == NULL)
+ if ((s2 = OPENSSL_malloc(sizeof(*s2))) == NULL)
goto err;
- memset(s2, 0, sizeof *s2);
+ memset(s2, 0, sizeof(*s2));
# if SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER + 3 > SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER + 2
# error "assertion failed"
@@ -371,7 +371,7 @@ void ssl2_free(SSL *s)
OPENSSL_free(s2->rbuf);
if (s2->wbuf != NULL)
OPENSSL_free(s2->wbuf);
- OPENSSL_cleanse(s2, sizeof *s2);
+ OPENSSL_cleanse(s2, sizeof(*s2));
OPENSSL_free(s2);
s->s2 = NULL;
}
@@ -386,7 +386,7 @@ void ssl2_clear(SSL *s)
rbuf = s2->rbuf;
wbuf = s2->wbuf;
- memset(s2, 0, sizeof *s2);
+ memset(s2, 0, sizeof(*s2));
s2->rbuf = rbuf;
s2->wbuf = wbuf;
diff --git a/ssl/s2_srvr.c b/ssl/s2_srvr.c
index d3b243c27e02..c30161109c44 100644
--- a/ssl/s2_srvr.c
+++ b/ssl/s2_srvr.c
@@ -724,7 +724,7 @@ static int get_client_hello(SSL *s)
p += s->s2->tmp.session_id_length;
/* challenge */
- if (s->s2->challenge_length > sizeof s->s2->challenge) {
+ if (s->s2->challenge_length > sizeof(s->s2->challenge)) {
ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
SSLerr(SSL_F_GET_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
return -1;
@@ -872,7 +872,7 @@ static int get_client_finished(SSL *s)
}
/* SSL2_ST_GET_CLIENT_FINISHED_B */
- if (s->s2->conn_id_length > sizeof s->s2->conn_id) {
+ if (s->s2->conn_id_length > sizeof(s->s2->conn_id)) {
ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
SSLerr(SSL_F_GET_CLIENT_FINISHED, ERR_R_INTERNAL_ERROR);
return -1;
@@ -903,7 +903,7 @@ static int server_verify(SSL *s)
if (s->state == SSL2_ST_SEND_SERVER_VERIFY_A) {
p = (unsigned char *)s->init_buf->data;
*(p++) = SSL2_MT_SERVER_VERIFY;
- if (s->s2->challenge_length > sizeof s->s2->challenge) {
+ if (s->s2->challenge_length > sizeof(s->s2->challenge)) {
SSLerr(SSL_F_SERVER_VERIFY, ERR_R_INTERNAL_ERROR);
return -1;
}
@@ -925,7 +925,7 @@ static int server_finish(SSL *s)
p = (unsigned char *)s->init_buf->data;
*(p++) = SSL2_MT_SERVER_FINISHED;
- if (s->session->session_id_length > sizeof s->session->session_id) {
+ if (s->session->session_id_length > sizeof(s->session->session_id)) {
SSLerr(SSL_F_SERVER_FINISH, ERR_R_INTERNAL_ERROR);
return -1;
}
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index 5b8b2da59f54..bd0929d0e50e 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -984,7 +984,7 @@ int ssl3_get_server_hello(SSL *s)
/* get the session-id */
j = *(p++);
- if ((j > sizeof s->session->session_id) || (j > SSL3_SESSION_ID_SIZE)) {
+ if ((j > sizeof(s->session->session_id)) || (j > SSL3_SESSION_ID_SIZE)) {
al = SSL_AD_ILLEGAL_PARAMETER;
SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_SSL3_SESSION_ID_TOO_LONG);
goto f_err;
@@ -2561,16 +2561,16 @@ int ssl3_send_client_key_exchange(SSL *s)
tmp_buf[0] = s->client_version >> 8;
tmp_buf[1] = s->client_version & 0xff;
- if (RAND_bytes(&(tmp_buf[2]), sizeof tmp_buf - 2) <= 0)
+ if (RAND_bytes(&(tmp_buf[2]), sizeof(tmp_buf) - 2) <= 0)
goto err;
- s->session->master_key_length = sizeof tmp_buf;
+ s->session->master_key_length = sizeof(tmp_buf);
q = p;
/* Fix buf for TLS and beyond */
if (s->version > SSL3_VERSION)
p += 2;
- n = RSA_public_encrypt(sizeof tmp_buf,
+ n = RSA_public_encrypt(sizeof(tmp_buf),
tmp_buf, p, rsa, RSA_PKCS1_PADDING);
# ifdef PKCS1_CHECK
if (s->options & SSL_OP_PKCS1_CHECK_1)
@@ -2595,8 +2595,8 @@ int ssl3_send_client_key_exchange(SSL *s)
s->
session->master_key,
tmp_buf,
- sizeof tmp_buf);
- OPENSSL_cleanse(tmp_buf, sizeof tmp_buf);
+ sizeof(tmp_buf));
+ OPENSSL_cleanse(tmp_buf, sizeof(tmp_buf));
}
#endif
#ifndef OPENSSL_NO_KRB5
@@ -2688,7 +2688,7 @@ int ssl3_send_client_key_exchange(SSL *s)
tmp_buf[0] = s->client_version >> 8;
tmp_buf[1] = s->client_version & 0xff;
- if (RAND_bytes(&(tmp_buf[2]), sizeof tmp_buf - 2) <= 0)
+ if (RAND_bytes(&(tmp_buf[2]), sizeof(tmp_buf) - 2) <= 0)
goto err;
/*-
@@ -2699,13 +2699,13 @@ int ssl3_send_client_key_exchange(SSL *s)
* EVP_EncryptInit_ex(&ciph_ctx,NULL, key,iv);
*/
- memset(iv, 0, sizeof iv); /* per RFC 1510 */
+ memset(iv, 0, sizeof(iv)); /* per RFC 1510 */
EVP_EncryptInit_ex(&ciph_ctx, enc, NULL, kssl_ctx->key, iv);
EVP_EncryptUpdate(&ciph_ctx, epms, &outl, tmp_buf,
- sizeof tmp_buf);
+ sizeof(tmp_buf));
EVP_EncryptFinal_ex(&ciph_ctx, &(epms[outl]), &padl);
outl += padl;
- if (outl > (int)sizeof epms) {
+ if (outl > (int)sizeof(epms)) {
SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
ERR_R_INTERNAL_ERROR);
goto err;
@@ -2723,9 +2723,9 @@ int ssl3_send_client_key_exchange(SSL *s)
s->
session->master_key,
tmp_buf,
- sizeof tmp_buf);
+ sizeof(tmp_buf));
- OPENSSL_cleanse(tmp_buf, sizeof tmp_buf);
+ OPENSSL_cleanse(tmp_buf, sizeof(tmp_buf));
OPENSSL_cleanse(epms, outl);
}
#endif
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 1014a3fce16f..7e27dae35b0c 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -3018,9 +3018,9 @@ int ssl3_new(SSL *s)
{
SSL3_STATE *s3;
- if ((s3 = OPENSSL_malloc(sizeof *s3)) == NULL)
+ if ((s3 = OPENSSL_malloc(sizeof(*s3))) == NULL)
goto err;
- memset(s3, 0, sizeof *s3);
+ memset(s3, 0, sizeof(*s3));
memset(s3->rrec.seq_num, 0, sizeof(s3->rrec.seq_num));
memset(s3->wrec.seq_num, 0, sizeof(s3->wrec.seq_num));
@@ -3078,7 +3078,7 @@ void ssl3_free(SSL *s)
#ifndef OPENSSL_NO_SRP
SSL_SRP_CTX_free(s);
#endif
- OPENSSL_cleanse(s->s3, sizeof *s->s3);
+ OPENSSL_cleanse(s->s3, sizeof(*s->s3));
OPENSSL_free(s->s3);
s->s3 = NULL;
}
@@ -3142,7 +3142,7 @@ void ssl3_clear(SSL *s)
s->s3->alpn_selected = NULL;
}
#endif
- memset(s->s3, 0, sizeof *s->s3);
+ memset(s->s3, 0, sizeof(*s->s3));
s->s3->rbuf.buf = rp;
s->s3->wbuf.buf = wp;
s->s3->rbuf.len = rlen;
diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
index b91456843041..6527df8ce228 100644
--- a/ssl/s3_pkt.c
+++ b/ssl/s3_pkt.c
@@ -56,7 +56,7 @@
* [including the GNU Public Licence.]
*/
/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -1096,10 +1096,9 @@ int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
int i;
SSL3_BUFFER *wb = &(s->s3->wbuf);
-/* XXXX */
if ((s->s3->wpend_tot > (int)len)
- || ((s->s3->wpend_buf != buf) &&
- !(s->mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER))
+ || (!(s->mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER)
+ && (s->s3->wpend_buf != buf))
|| (s->s3->wpend_type != type)) {
SSLerr(SSL_F_SSL3_WRITE_PENDING, SSL_R_BAD_WRITE_RETRY);
return (-1);
@@ -1314,11 +1313,11 @@ int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
unsigned int *dest_len = NULL;
if (rr->type == SSL3_RT_HANDSHAKE) {
- dest_maxlen = sizeof s->s3->handshake_fragment;
+ dest_maxlen = sizeof(s->s3->handshake_fragment);
dest = s->s3->handshake_fragment;
dest_len = &s->s3->handshake_fragment_len;
} else if (rr->type == SSL3_RT_ALERT) {
- dest_maxlen = sizeof s->s3->alert_fragment;
+ dest_maxlen = sizeof(s->s3->alert_fragment);
dest = s->s3->alert_fragment;
dest_len = &s->s3->alert_fragment_len;
}
@@ -1421,26 +1420,25 @@ int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
*/
goto start;
}
+
/*
* If we are a server and get a client hello when renegotiation isn't
- * allowed send back a no renegotiation alert and carry on. WARNING:
- * experimental code, needs reviewing (steve)
+ * allowed send back a no renegotiation alert and carry on.
*/
- if (s->server &&
- SSL_is_init_finished(s) &&
- !s->s3->send_connection_binding &&
- (s->version > SSL3_VERSION) &&
- (s->s3->handshake_fragment_len >= 4) &&
- (s->s3->handshake_fragment[0] == SSL3_MT_CLIENT_HELLO) &&
- (s->session != NULL) && (s->session->cipher != NULL) &&
- !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) {
- /*
- * s->s3->handshake_fragment_len = 0;
- */
+ if (s->server
+ && SSL_is_init_finished(s)
+ && !s->s3->send_connection_binding
+ && s->version > SSL3_VERSION
+ && s->s3->handshake_fragment_len >= SSL3_HM_HEADER_LENGTH
+ && s->s3->handshake_fragment[0] == SSL3_MT_CLIENT_HELLO
+ && s->s3->previous_client_finished_len != 0
+ && (s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION) == 0) {
+ s->s3->handshake_fragment_len = 0;
rr->length = 0;
ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_NO_RENEGOTIATION);
goto start;
}
+
if (s->s3->alert_fragment_len >= 2) {
int alert_level = s->s3->alert_fragment[0];
int alert_descr = s->s3->alert_fragment[1];
@@ -1498,7 +1496,7 @@ int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
s->rwstate = SSL_NOTHING;
s->s3->fatal_alert = alert_descr;
SSLerr(SSL_F_SSL3_READ_BYTES, SSL_AD_REASON_OFFSET + alert_descr);
- BIO_snprintf(tmp, sizeof tmp, "%d", alert_descr);
+ BIO_snprintf(tmp, sizeof(tmp), "%d", alert_descr);
ERR_add_error_data(2, "SSL alert number ", tmp);
s->shutdown |= SSL_RECEIVED_SHUTDOWN;
SSL_CTX_remove_session(s->session_ctx, s->session);
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index 0fb4845d44fa..96d973cd02bb 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -2510,7 +2510,7 @@ int ssl3_get_client_key_exchange(SSL *s)
/*
* Note that the length is checked again below, ** after decryption
*/
- if (enc_pms.length > sizeof pms) {
+ if (enc_pms.length > sizeof(pms)) {
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
SSL_R_DATA_LENGTH_TOO_LONG);
goto err;
@@ -2563,7 +2563,7 @@ int ssl3_get_client_key_exchange(SSL *s)
if (enc == NULL)
goto err;
- memset(iv, 0, sizeof iv); /* per RFC 1510 */
+ memset(iv, 0, sizeof(iv)); /* per RFC 1510 */
if (!EVP_DecryptInit_ex(&ciph_ctx, enc, NULL, kssl_ctx->key, iv)) {
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index 155728d03772..363d2b2d6044 100644
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -636,13 +636,13 @@ SESS_CERT *ssl_sess_cert_new(void)
{
SESS_CERT *ret;
- ret = OPENSSL_malloc(sizeof *ret);
+ ret = OPENSSL_malloc(sizeof(*ret));
if (ret == NULL) {
SSLerr(SSL_F_SSL_SESS_CERT_NEW, ERR_R_MALLOC_FAILURE);
return NULL;
}
- memset(ret, 0, sizeof *ret);
+ memset(ret, 0, sizeof(*ret));
ret->peer_key = &(ret->peer_pkeys[SSL_PKEY_RSA_ENC]);
ret->references = 1;
@@ -1018,15 +1018,15 @@ int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
char buf[1024];
int r;
- if (strlen(dir) + strlen(filename) + 2 > sizeof buf) {
+ if (strlen(dir) + strlen(filename) + 2 > sizeof(buf)) {
SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK,
SSL_R_PATH_TOO_LONG);
goto err;
}
#ifdef OPENSSL_SYS_VMS
- r = BIO_snprintf(buf, sizeof buf, "%s%s", dir, filename);
+ r = BIO_snprintf(buf, sizeof(buf), "%s%s", dir, filename);
#else
- r = BIO_snprintf(buf, sizeof buf, "%s/%s", dir, filename);
+ r = BIO_snprintf(buf, sizeof(buf), "%s/%s", dir, filename);
#endif
if (r <= 0 || r >= (int)sizeof(buf))
goto err;
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 3539f4b8d20a..3a6c1b14d4a5 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -343,7 +343,7 @@ SSL *SSL_new(SSL_CTX *ctx)
s->verify_depth = ctx->verify_depth;
#endif
s->sid_ctx_length = ctx->sid_ctx_length;
- OPENSSL_assert(s->sid_ctx_length <= sizeof s->sid_ctx);
+ OPENSSL_assert(s->sid_ctx_length <= sizeof(s->sid_ctx));
memcpy(&s->sid_ctx, &ctx->sid_ctx, sizeof(s->sid_ctx));
s->verify_callback = ctx->default_verify_callback;
s->generate_session_id = ctx->generate_session_id;
@@ -437,7 +437,7 @@ SSL *SSL_new(SSL_CTX *ctx)
int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx,
unsigned int sid_ctx_len)
{
- if (sid_ctx_len > sizeof ctx->sid_ctx) {
+ if (sid_ctx_len > sizeof(ctx->sid_ctx)) {
SSLerr(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT,
SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
return 0;
@@ -490,7 +490,7 @@ int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id,
*/
SSL_SESSION r, *p;
- if (id_len > sizeof r.session_id)
+ if (id_len > sizeof(r.session_id))
return 0;
r.ssl_version = ssl->version;
diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
index 23dd3e7a01c3..6a5ad5374bec 100644
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@@ -529,7 +529,7 @@ int ssl_get_new_session(SSL *s, int session)
ss->session_id_length = 0;
}
- if (s->sid_ctx_length > sizeof ss->sid_ctx) {
+ if (s->sid_ctx_length > sizeof(ss->sid_ctx)) {
SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_INTERNAL_ERROR);
SSL_SESSION_free(ss);
return 0;
@@ -870,9 +870,9 @@ void SSL_SESSION_free(SSL_SESSION *ss)
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data);
- OPENSSL_cleanse(ss->key_arg, sizeof ss->key_arg);
- OPENSSL_cleanse(ss->master_key, sizeof ss->master_key);
- OPENSSL_cleanse(ss->session_id, sizeof ss->session_id);
+ OPENSSL_cleanse(ss->key_arg, sizeof(ss->key_arg));
+ OPENSSL_cleanse(ss->master_key, sizeof(ss->master_key));
+ OPENSSL_cleanse(ss->session_id, sizeof(ss->session_id));
if (ss->sess_cert != NULL)
ssl_sess_cert_free(ss->sess_cert);
if (ss->peer != NULL)
diff --git a/ssl/ssltest.c b/ssl/ssltest.c
index f6a8f195eeb7..b861e4956937 100644
--- a/ssl/ssltest.c
+++ b/ssl/ssltest.c
@@ -1102,7 +1102,7 @@ int main(int argc, char *argv[])
}
CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
- RAND_seed(rnd_seed, sizeof rnd_seed);
+ RAND_seed(rnd_seed, sizeof(rnd_seed));
bio_stdout = BIO_new_fp(stdout, BIO_NOCLOSE | BIO_FP_TEXT);
@@ -1673,9 +1673,9 @@ int main(int argc, char *argv[])
{
int session_id_context = 0;
SSL_CTX_set_session_id_context(s_ctx, (void *)&session_id_context,
- sizeof session_id_context);
+ sizeof(session_id_context));
SSL_CTX_set_session_id_context(s_ctx2, (void *)&session_id_context,
- sizeof session_id_context);
+ sizeof(session_id_context));
}
/* Use PSK only if PSK key is given */
@@ -1861,9 +1861,9 @@ int main(int argc, char *argv[])
if (c_ssl && c_ssl->kssl_ctx) {
char localhost[MAXHOSTNAMELEN + 2];
- if (gethostname(localhost, sizeof localhost - 1) == 0) {
- localhost[sizeof localhost - 1] = '\0';
- if (strlen(localhost) == sizeof localhost - 1) {
+ if (gethostname(localhost, sizeof(localhost) - 1) == 0) {
+ localhost[sizeof(localhost) - 1] = '\0';
+ if (strlen(localhost) == sizeof(localhost) - 1) {
BIO_printf(bio_err, "localhost name too long\n");
goto end;
}
@@ -2041,8 +2041,8 @@ int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count,
if (cw_num > 0) {
/* Write to server. */
- if (cw_num > (long)sizeof cbuf)
- i = sizeof cbuf;
+ if (cw_num > (long)sizeof(cbuf))
+ i = sizeof(cbuf);
else
i = (int)cw_num;
r = BIO_write(c_ssl_bio, cbuf, i);
@@ -2118,8 +2118,8 @@ int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count,
if (sw_num > 0) {
/* Write to client. */
- if (sw_num > (long)sizeof sbuf)
- i = sizeof sbuf;
+ if (sw_num > (long)sizeof(sbuf))
+ i = sizeof(sbuf);
else
i = (int)sw_num;
r = BIO_write(s_ssl_bio, sbuf, i);
@@ -2630,7 +2630,7 @@ static int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx)
char *s, buf[256];
s = X509_NAME_oneline(X509_get_subject_name(ctx->current_cert), buf,
- sizeof buf);
+ sizeof(buf));
if (s != NULL) {
if (ok)
fprintf(stderr, "depth=%d %s\n", ctx->error_depth, buf);
diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
index b6d1ee95a521..50491ff62ff4 100644
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@@ -972,7 +972,7 @@ int tls1_final_finish_mac(SSL *s,
int hashsize = EVP_MD_size(md);
EVP_MD_CTX *hdgst = s->s3->handshake_dgst[idx];
if (!hdgst || hashsize < 0
- || hashsize > (int)(sizeof buf - (size_t)(q - buf))) {
+ || hashsize > (int)(sizeof(buf) - (size_t)(q - buf))) {
/*
* internal error: 'buf' is too small for this cipersuite!
*/
@@ -990,7 +990,7 @@ int tls1_final_finish_mac(SSL *s,
if (!tls1_PRF(ssl_get_algorithm2(s),
str, slen, buf, (int)(q - buf), NULL, 0, NULL, 0, NULL, 0,
s->session->master_key, s->session->master_key_length,
- out, buf2, sizeof buf2))
+ out, buf2, sizeof(buf2)))
err = 1;
EVP_MD_CTX_cleanup(&ctx);
@@ -999,7 +999,7 @@ int tls1_final_finish_mac(SSL *s,
if (err)
return 0;
else
- return sizeof buf2;
+ return sizeof(buf2);
}
int tls1_mac(SSL *ssl, unsigned char *md, int send)
@@ -1165,8 +1165,8 @@ int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
s->s3->client_random, SSL3_RANDOM_SIZE,
co, col,
s->s3->server_random, SSL3_RANDOM_SIZE,
- so, sol, p, len, s->session->master_key, buff, sizeof buff);
- OPENSSL_cleanse(buff, sizeof buff);
+ so, sol, p, len, s->session->master_key, buff, sizeof(buff));
+ OPENSSL_cleanse(buff, sizeof(buff));
#ifdef SSL_DEBUG
fprintf(stderr, "Premaster Secret:\n");
BIO_dump_fp(stderr, (char *)p, len);
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 1a4387b78eb9..75c2f4154dfe 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -56,7 +56,7 @@
* [including the GNU Public Licence.]
*/
/* ====================================================================
- * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -2284,8 +2284,12 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p,
# ifndef OPENSSL_NO_EC
else if (type == TLSEXT_TYPE_ec_point_formats) {
unsigned char *sdata = data;
- int ecpointformatlist_length = *(sdata++);
+ int ecpointformatlist_length;
+ if (size == 0)
+ goto err;
+
+ ecpointformatlist_length = *(sdata++);
if (ecpointformatlist_length != size - 1 ||
ecpointformatlist_length < 1)
goto err;
@@ -2711,8 +2715,14 @@ static int ssl_scan_serverhello_tlsext(SSL *s, unsigned char **p,
# ifndef OPENSSL_NO_EC
else if (type == TLSEXT_TYPE_ec_point_formats) {
unsigned char *sdata = data;
- int ecpointformatlist_length = *(sdata++);
+ int ecpointformatlist_length;
+
+ if (size == 0) {
+ *al = TLS1_AD_DECODE_ERROR;
+ return 0;
+ }
+ ecpointformatlist_length = *(sdata++);
if (ecpointformatlist_length != size - 1) {
*al = TLS1_AD_DECODE_ERROR;
return 0;
@@ -3505,6 +3515,10 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick,
EVP_CIPHER_CTX ctx;
SSL_CTX *tctx = s->initial_ctx;
+ /* Need at least keyname + iv */
+ if (eticklen < 16 + EVP_MAX_IV_LENGTH)
+ return 2;
+
/* Initialize session ticket encryption and HMAC contexts */
HMAC_CTX_init(&hctx);
EVP_CIPHER_CTX_init(&ctx);
@@ -3513,9 +3527,12 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick,
int rv = tctx->tlsext_ticket_key_cb(s, nctick, nctick + 16,
&ctx, &hctx, 0);
if (rv < 0)
- return -1;
- if (rv == 0)
+ goto err;
+ if (rv == 0) {
+ HMAC_CTX_cleanup(&hctx);
+ EVP_CIPHER_CTX_cleanup(&ctx);
return 2;
+ }
if (rv == 2)
renew_ticket = 1;
} else {
diff --git a/ssl/t1_trce.c b/ssl/t1_trce.c
index c5e21df77a6b..dc62df8f94cf 100644
--- a/ssl/t1_trce.c
+++ b/ssl/t1_trce.c
@@ -1247,13 +1247,15 @@ void SSL_trace(int write_p, int version, int content_type,
break;
case SSL3_RT_ALERT:
- if (msglen != 2)
+ if (msglen != 2) {
BIO_puts(bio, " Illegal Alert Length\n");
- else {
+ } else {
BIO_printf(bio, " Level=%s(%d), description=%s(%d)\n",
SSL_alert_type_string_long(msg[0] << 8),
msg[0], SSL_alert_desc_string_long(msg[1]), msg[1]);
}
+ break;
+
case TLS1_RT_HEARTBEAT:
ssl_print_heartbeat(bio, 4, msg, msglen);
break;