From 2d6ef07fa3e464c542bb729af4a6b4bd0464f5d9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Mr=C3=A1z?= Date: Thu, 7 Jan 2010 22:43:57 +0000 Subject: [PATCH] - upstream fix compression handling on session resumption - various null checks and other small fixes from upstream - upstream changes for the renegotiation info according to the latest draft --- openssl-1.0.0-beta4-backports2.patch | 334 +++++++++++ openssl-1.0.0-beta4-dtls-ipv6.patch | 17 +- openssl-1.0.0-beta4-dtls-reneg.patch | 571 +++++++++++++++++++ openssl-1.0.0-beta4-reneg-scsv.patch | 793 +++++++++++++++++++++++++++ openssl-1.0.0-beta4-tls-comp.patch | 193 +++++++ openssl.spec | 21 +- 6 files changed, 1918 insertions(+), 11 deletions(-) create mode 100644 openssl-1.0.0-beta4-backports2.patch create mode 100644 openssl-1.0.0-beta4-dtls-reneg.patch create mode 100644 openssl-1.0.0-beta4-reneg-scsv.patch create mode 100644 openssl-1.0.0-beta4-tls-comp.patch diff --git a/openssl-1.0.0-beta4-backports2.patch b/openssl-1.0.0-beta4-backports2.patch new file mode 100644 index 0000000..cce04d3 --- /dev/null +++ b/openssl-1.0.0-beta4-backports2.patch @@ -0,0 +1,334 @@ +diff -up openssl-1.0.0-beta4/apps/ca.c.backports2 openssl-1.0.0-beta4/apps/ca.c +--- openssl-1.0.0-beta4/apps/ca.c.backports2 2009-10-04 18:43:21.000000000 +0200 ++++ openssl-1.0.0-beta4/apps/ca.c 2010-01-07 23:16:08.000000000 +0100 +@@ -215,7 +215,6 @@ static int certify_spkac(X509 **xret, ch + char *startdate, char *enddate, long days, char *ext_sect, + CONF *conf, int verbose, unsigned long certopt, + unsigned long nameopt, int default_op, int ext_copy); +-static int fix_data(int nid, int *type); + static void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext); + static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, + STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial,char *subj,unsigned long chtype, int multirdn, +@@ -2334,25 +2333,9 @@ static int certify_spkac(X509 **xret, ch + continue; + } + +- /* +- if ((nid == NID_pkcs9_emailAddress) && (email_dn == 0)) +- continue; +- */ +- +- j=ASN1_PRINTABLE_type((unsigned char *)buf,-1); +- if (fix_data(nid, &j) == 0) +- { +- BIO_printf(bio_err, +- "invalid characters in string %s\n",buf); +- goto err; +- } +- +- if ((ne=X509_NAME_ENTRY_create_by_NID(&ne,nid,j, +- (unsigned char *)buf, +- strlen(buf))) == NULL) ++ if (!X509_NAME_add_entry_by_NID(n, nid, chtype, ++ (unsigned char *)buf, -1, -1, 0)) + goto err; +- +- if (!X509_NAME_add_entry(n,ne,-1, 0)) goto err; + } + if (spki == NULL) + { +@@ -2395,21 +2378,6 @@ err: + return(ok); + } + +-static int fix_data(int nid, int *type) +- { +- if (nid == NID_pkcs9_emailAddress) +- *type=V_ASN1_IA5STRING; +- if ((nid == NID_commonName) && (*type == V_ASN1_IA5STRING)) +- *type=V_ASN1_T61STRING; +- if ((nid == NID_pkcs9_challengePassword) && (*type == V_ASN1_IA5STRING)) +- *type=V_ASN1_T61STRING; +- if ((nid == NID_pkcs9_unstructuredName) && (*type == V_ASN1_T61STRING)) +- return(0); +- if (nid == NID_pkcs9_unstructuredName) +- *type=V_ASN1_IA5STRING; +- return(1); +- } +- + static int check_time_format(const char *str) + { + return ASN1_TIME_set_string(NULL, str); +diff -up openssl-1.0.0-beta4/crypto/asn1/ameth_lib.c.backports2 openssl-1.0.0-beta4/crypto/asn1/ameth_lib.c +--- openssl-1.0.0-beta4/crypto/asn1/ameth_lib.c.backports2 2008-11-12 04:57:49.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/asn1/ameth_lib.c 2010-01-07 23:16:08.000000000 +0100 +@@ -301,6 +301,8 @@ EVP_PKEY_ASN1_METHOD* EVP_PKEY_asn1_new( + if (!ameth->info) + goto err; + } ++ else ++ ameth->info = NULL; + + if (pem_str) + { +@@ -308,6 +310,8 @@ EVP_PKEY_ASN1_METHOD* EVP_PKEY_asn1_new( + if (!ameth->pem_str) + goto err; + } ++ else ++ ameth->pem_str = NULL; + + ameth->pub_decode = 0; + ameth->pub_encode = 0; +diff -up openssl-1.0.0-beta4/crypto/bio/b_sock.c.backports2 openssl-1.0.0-beta4/crypto/bio/b_sock.c +--- openssl-1.0.0-beta4/crypto/bio/b_sock.c.backports2 2010-01-07 23:16:08.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/bio/b_sock.c 2010-01-07 23:16:08.000000000 +0100 +@@ -595,7 +595,7 @@ int BIO_get_accept_socket(char *host, in + struct sockaddr_in6 sa_in6; + #endif + } server,client; +- int s=INVALID_SOCKET,cs; ++ int s=INVALID_SOCKET,cs,addrlen; + unsigned char ip[4]; + unsigned short port; + char *str=NULL,*e; +@@ -666,8 +666,10 @@ int BIO_get_accept_socket(char *host, in + + if ((*p_getaddrinfo.f)(h,p,&hint,&res)) break; + +- memcpy(&server, res->ai_addr, +- res->ai_addrlen<=sizeof(server)?res->ai_addrlen:sizeof(server)); ++ addrlen = res->ai_addrlen<=sizeof(server) ? ++ res->ai_addrlen : ++ sizeof(server); ++ memcpy(&server, res->ai_addr, addrlen); + + (*p_freeaddrinfo.f)(res); + goto again; +@@ -679,6 +681,7 @@ int BIO_get_accept_socket(char *host, in + memset((char *)&server,0,sizeof(server)); + server.sa_in.sin_family=AF_INET; + server.sa_in.sin_port=htons(port); ++ addrlen = sizeof(server.sa_in); + + if (h == NULL || strcmp(h,"*") == 0) + server.sa_in.sin_addr.s_addr=INADDR_ANY; +@@ -712,7 +715,7 @@ again: + bind_mode=BIO_BIND_NORMAL; + } + #endif +- if (bind(s,&server.sa,sizeof(server)) == -1) ++ if (bind(s,&server.sa,addrlen) == -1) + { + #ifdef SO_REUSEADDR + err_num=get_last_socket_error(); +@@ -740,7 +743,7 @@ again: + if (cs != INVALID_SOCKET) + { + int ii; +- ii=connect(cs,&client.sa,sizeof(client)); ++ ii=connect(cs,&client.sa,addrlen); + closesocket(cs); + if (ii == INVALID_SOCKET) + { +diff -up openssl-1.0.0-beta4/crypto/bio/bss_dgram.c.backports2 openssl-1.0.0-beta4/crypto/bio/bss_dgram.c +--- openssl-1.0.0-beta4/crypto/bio/bss_dgram.c.backports2 2010-01-07 23:16:08.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/bio/bss_dgram.c 2010-01-07 23:16:08.000000000 +0100 +@@ -335,11 +335,21 @@ static int dgram_write(BIO *b, const cha + if ( data->connected ) + ret=writesocket(b->num,in,inl); + else ++ { ++ int peerlen = sizeof(data->peer); ++ ++ if (data->peer.sa.sa_family == AF_INET) ++ peerlen = sizeof(data->peer.sa_in); ++#if OPENSSL_USE_IVP6 ++ else if (data->peer.sa.sa_family == AF_INET6) ++ peerlen = sizeof(data->peer.sa_in6); ++#endif + #if defined(NETWARE_CLIB) && defined(NETWARE_BSDSOCK) +- ret=sendto(b->num, (char *)in, inl, 0, &data->peer.sa, sizeof(data->peer)); ++ ret=sendto(b->num, (char *)in, inl, 0, &data->peer.sa, peerlen); + #else +- ret=sendto(b->num, in, inl, 0, &data->peer.sa, sizeof(data->peer)); ++ ret=sendto(b->num, in, inl, 0, &data->peer.sa, peerlen); + #endif ++ } + + BIO_clear_retry_flags(b); + if (ret <= 0) +diff -up openssl-1.0.0-beta4/crypto/bn/bn_mul.c.backports2 openssl-1.0.0-beta4/crypto/bn/bn_mul.c +--- openssl-1.0.0-beta4/crypto/bn/bn_mul.c.backports2 2009-06-17 13:47:54.000000000 +0200 ++++ openssl-1.0.0-beta4/crypto/bn/bn_mul.c 2010-01-07 23:16:08.000000000 +0100 +@@ -1032,15 +1032,15 @@ int BN_mul(BIGNUM *r, const BIGNUM *a, c + goto err; + if (al > j || bl > j) + { +- bn_wexpand(t,k*4); +- bn_wexpand(rr,k*4); ++ if (bn_wexpand(t,k*4) == NULL) goto err; ++ if (bn_wexpand(rr,k*4) == NULL) goto err; + bn_mul_part_recursive(rr->d,a->d,b->d, + j,al-j,bl-j,t->d); + } + else /* al <= j || bl <= j */ + { +- bn_wexpand(t,k*2); +- bn_wexpand(rr,k*2); ++ if (bn_wexpand(t,k*2) == NULL) goto err; ++ if (bn_wexpand(rr,k*2) == NULL) goto err; + bn_mul_recursive(rr->d,a->d,b->d, + j,al-j,bl-j,t->d); + } +diff -up openssl-1.0.0-beta4/crypto/dsa/dsa_pmeth.c.backports2 openssl-1.0.0-beta4/crypto/dsa/dsa_pmeth.c +--- openssl-1.0.0-beta4/crypto/dsa/dsa_pmeth.c.backports2 2009-09-02 17:51:28.000000000 +0200 ++++ openssl-1.0.0-beta4/crypto/dsa/dsa_pmeth.c 2010-01-07 23:16:08.000000000 +0100 +@@ -132,7 +132,7 @@ static int pkey_dsa_sign(EVP_PKEY_CTX *c + + ret = DSA_sign(type, tbs, tbslen, sig, &sltmp, dsa); + +- if (ret < 0) ++ if (ret <= 0) + return ret; + *siglen = sltmp; + return 1; +diff -up openssl-1.0.0-beta4/crypto/evp/digest.c.backports2 openssl-1.0.0-beta4/crypto/evp/digest.c +--- openssl-1.0.0-beta4/crypto/evp/digest.c.backports2 2010-01-07 23:16:07.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/evp/digest.c 2010-01-07 23:16:08.000000000 +0100 +@@ -127,7 +127,8 @@ EVP_MD_CTX *EVP_MD_CTX_create(void) + { + EVP_MD_CTX *ctx=OPENSSL_malloc(sizeof *ctx); + +- EVP_MD_CTX_init(ctx); ++ if (ctx) ++ EVP_MD_CTX_init(ctx); + + return ctx; + } +@@ -256,6 +257,12 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, c + { + ctx->update = type->update; + ctx->md_data=OPENSSL_malloc(type->ctx_size); ++ if (ctx->md_data == NULL) ++ { ++ EVPerr(EVP_F_EVP_DIGESTINIT_EX, ++ ERR_R_MALLOC_FAILURE); ++ return 0; ++ } + } + } + #ifndef OPENSSL_NO_ENGINE +@@ -346,8 +353,17 @@ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, + + if (in->md_data && out->digest->ctx_size) + { +- if (tmp_buf) out->md_data = tmp_buf; +- else out->md_data=OPENSSL_malloc(out->digest->ctx_size); ++ if (tmp_buf) ++ out->md_data = tmp_buf; ++ else ++ { ++ out->md_data=OPENSSL_malloc(out->digest->ctx_size); ++ if (!out->md_data) ++ { ++ EVPerr(EVP_F_EVP_MD_CTX_COPY_EX,ERR_R_MALLOC_FAILURE); ++ return 0; ++ } ++ } + memcpy(out->md_data,in->md_data,out->digest->ctx_size); + } + +diff -up openssl-1.0.0-beta4/crypto/evp/evp_err.c.backports2 openssl-1.0.0-beta4/crypto/evp/evp_err.c +--- openssl-1.0.0-beta4/crypto/evp/evp_err.c.backports2 2010-01-07 23:16:07.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/evp/evp_err.c 2010-01-07 23:16:08.000000000 +0100 +@@ -186,6 +186,8 @@ static ERR_STRING_DATA EVP_str_reasons[] + {ERR_REASON(EVP_R_PRIVATE_KEY_DECODE_ERROR),"private key decode error"}, + {ERR_REASON(EVP_R_PRIVATE_KEY_ENCODE_ERROR),"private key encode error"}, + {ERR_REASON(EVP_R_PUBLIC_KEY_NOT_RSA) ,"public key not rsa"}, ++{ERR_REASON(EVP_R_UNKNOWN_CIPHER) ,"unknown cipher"}, ++{ERR_REASON(EVP_R_UNKNOWN_DIGEST) ,"unknown digest"}, + {ERR_REASON(EVP_R_UNKNOWN_PBE_ALGORITHM) ,"unknown pbe algorithm"}, + {ERR_REASON(EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS),"unsuported number of rounds"}, + {ERR_REASON(EVP_R_UNSUPPORTED_ALGORITHM) ,"unsupported algorithm"}, +diff -up openssl-1.0.0-beta4/crypto/evp/evp.h.backports2 openssl-1.0.0-beta4/crypto/evp/evp.h +--- openssl-1.0.0-beta4/crypto/evp/evp.h.backports2 2010-01-07 23:16:07.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/evp/evp.h 2010-01-07 23:16:08.000000000 +0100 +@@ -1275,6 +1275,8 @@ void ERR_load_EVP_strings(void); + #define EVP_R_PRIVATE_KEY_DECODE_ERROR 145 + #define EVP_R_PRIVATE_KEY_ENCODE_ERROR 146 + #define EVP_R_PUBLIC_KEY_NOT_RSA 106 ++#define EVP_R_UNKNOWN_CIPHER 160 ++#define EVP_R_UNKNOWN_DIGEST 161 + #define EVP_R_UNKNOWN_PBE_ALGORITHM 121 + #define EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS 135 + #define EVP_R_UNSUPPORTED_ALGORITHM 156 +diff -up openssl-1.0.0-beta4/crypto/evp/evp_pbe.c.backports2 openssl-1.0.0-beta4/crypto/evp/evp_pbe.c +--- openssl-1.0.0-beta4/crypto/evp/evp_pbe.c.backports2 2008-11-05 19:38:57.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/evp/evp_pbe.c 2010-01-07 23:17:15.000000000 +0100 +@@ -174,12 +174,26 @@ int EVP_PBE_CipherInit(ASN1_OBJECT *pbe_ + if (cipher_nid == -1) + cipher = NULL; + else ++ { + cipher = EVP_get_cipherbynid(cipher_nid); ++ if (!cipher) ++ { ++ EVPerr(EVP_F_EVP_PBE_CIPHERINIT,EVP_R_UNKNOWN_CIPHER); ++ return 0; ++ } ++ } + + if (md_nid == -1) + md = NULL; + else ++ { + md = EVP_get_digestbynid(md_nid); ++ if (!md) ++ { ++ EVPerr(EVP_F_EVP_PBE_CIPHERINIT,EVP_R_UNKNOWN_DIGEST); ++ return 0; ++ } ++ } + + if (!keygen(ctx, pass, passlen, param, cipher, md, en_de)) + { +diff -up openssl-1.0.0-beta4/crypto/rsa/rsa_lib.c.backports2 openssl-1.0.0-beta4/crypto/rsa/rsa_lib.c +--- openssl-1.0.0-beta4/crypto/rsa/rsa_lib.c.backports2 2010-01-07 23:16:07.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/rsa/rsa_lib.c 2010-01-07 23:16:08.000000000 +0100 +@@ -208,7 +208,16 @@ RSA *RSA_new_method(ENGINE *engine) + ret->mt_blinding=NULL; + ret->bignum_data=NULL; + ret->flags=ret->meth->flags; +- CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data); ++ if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data)) ++ { ++#ifndef OPENSSL_NO_ENGINE ++ if (ret->engine) ++ ENGINE_finish(ret->engine); ++#endif ++ OPENSSL_free(ret); ++ return(NULL); ++ } ++ + if ((ret->meth->init != NULL) && !ret->meth->init(ret)) + { + #ifndef OPENSSL_NO_ENGINE +diff -up openssl-1.0.0-beta4/crypto/x509/x509_lu.c.backports2 openssl-1.0.0-beta4/crypto/x509/x509_lu.c +--- openssl-1.0.0-beta4/crypto/x509/x509_lu.c.backports2 2009-10-18 16:42:27.000000000 +0200 ++++ openssl-1.0.0-beta4/crypto/x509/x509_lu.c 2010-01-07 23:16:08.000000000 +0100 +@@ -200,7 +200,13 @@ X509_STORE *X509_STORE_new(void) + ret->lookup_crls = 0; + ret->cleanup = 0; + +- CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE, ret, &ret->ex_data); ++ if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE, ret, &ret->ex_data)) ++ { ++ sk_X509_OBJECT_free(ret->objs); ++ OPENSSL_free(ret); ++ return NULL; ++ } ++ + ret->references=1; + return ret; + } diff --git a/openssl-1.0.0-beta4-dtls-ipv6.patch b/openssl-1.0.0-beta4-dtls-ipv6.patch index 1173f1a..ff9d330 100644 --- a/openssl-1.0.0-beta4-dtls-ipv6.patch +++ b/openssl-1.0.0-beta4-dtls-ipv6.patch @@ -13,7 +13,7 @@ diff -up openssl-1.0.0-beta4/crypto/bio/b_sock.c.dtls-ipv6 openssl-1.0.0-beta4/c { diff -up openssl-1.0.0-beta4/crypto/bio/bss_dgram.c.dtls-ipv6 openssl-1.0.0-beta4/crypto/bio/bss_dgram.c --- openssl-1.0.0-beta4/crypto/bio/bss_dgram.c.dtls-ipv6 2009-10-15 19:41:44.000000000 +0200 -+++ openssl-1.0.0-beta4/crypto/bio/bss_dgram.c 2009-11-23 08:50:45.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/bio/bss_dgram.c 2010-01-07 17:31:00.000000000 +0100 @@ -108,11 +108,13 @@ static BIO_METHOD methods_dgramp= typedef struct bio_dgram_data_st @@ -135,7 +135,7 @@ diff -up openssl-1.0.0-beta4/crypto/bio/bss_dgram.c.dtls-ipv6 openssl-1.0.0-beta #if 0 } #endif -@@ -537,41 +543,60 @@ static long dgram_ctrl(BIO *b, int cmd, +@@ -537,41 +543,62 @@ static long dgram_ctrl(BIO *b, int cmd, if ( to != NULL) { data->connected = 1; @@ -170,12 +170,12 @@ diff -up openssl-1.0.0-beta4/crypto/bio/bss_dgram.c.dtls-ipv6 openssl-1.0.0-beta } break; case BIO_CTRL_DGRAM_GET_PEER: - to = (struct sockaddr *) ptr; +- to = (struct sockaddr *) ptr; - -+ switch (to->sa_family) ++ switch (data->peer.sa.sa_family) + { + case AF_INET: -+ memcpy(to,&data->peer,(ret=sizeof(data->peer.sa_in))); ++ ret=sizeof(data->peer.sa_in); + break; #if OPENSSL_USE_IPV6 - memcpy(to, &(data->peer), sizeof(struct sockaddr_storage)); @@ -185,13 +185,16 @@ diff -up openssl-1.0.0-beta4/crypto/bio/bss_dgram.c.dtls-ipv6 openssl-1.0.0-beta - ret = sizeof(struct sockaddr_in); -#endif + case AF_INET6: -+ memcpy(to,&data->peer,(ret=sizeof(data->peer.sa_in6))); ++ ret=sizeof(data->peer.sa_in6); + break; +#endif + default: -+ memcpy(to,&data->peer,(ret=sizeof(data->peer.sa))); ++ ret=sizeof(data->peer.sa); + break; + } ++ if (num==0 || num>ret) ++ num=ret; ++ memcpy(ptr,&data->peer,(ret=num)); break; case BIO_CTRL_DGRAM_SET_PEER: to = (struct sockaddr *) ptr; diff --git a/openssl-1.0.0-beta4-dtls-reneg.patch b/openssl-1.0.0-beta4-dtls-reneg.patch new file mode 100644 index 0000000..79165f1 --- /dev/null +++ b/openssl-1.0.0-beta4-dtls-reneg.patch @@ -0,0 +1,571 @@ +diff -up openssl-1.0.0-beta4/ssl/d1_both.c.dtls-reneg openssl-1.0.0-beta4/ssl/d1_both.c +--- openssl-1.0.0-beta4/ssl/d1_both.c.dtls-reneg 2009-11-02 14:37:17.000000000 +0100 ++++ openssl-1.0.0-beta4/ssl/d1_both.c 2010-01-07 17:35:19.000000000 +0100 +@@ -764,6 +764,24 @@ int dtls1_send_finished(SSL *s, int a, i + p+=i; + l=i; + ++ /* Copy the finished so we can use it for ++ * renegotiation checks ++ */ ++ if(s->type == SSL_ST_CONNECT) ++ { ++ OPENSSL_assert(i <= EVP_MAX_MD_SIZE); ++ memcpy(s->s3->previous_client_finished, ++ s->s3->tmp.finish_md, i); ++ s->s3->previous_client_finished_len=i; ++ } ++ else ++ { ++ OPENSSL_assert(i <= EVP_MAX_MD_SIZE); ++ memcpy(s->s3->previous_server_finished, ++ s->s3->tmp.finish_md, i); ++ s->s3->previous_server_finished_len=i; ++ } ++ + #ifdef OPENSSL_SYS_WIN16 + /* MSVC 1.5 does not clear the top bytes of the word unless + * I do this. +diff -up openssl-1.0.0-beta4/ssl/d1_clnt.c.dtls-reneg openssl-1.0.0-beta4/ssl/d1_clnt.c +--- openssl-1.0.0-beta4/ssl/d1_clnt.c.dtls-reneg 2009-07-24 13:52:32.000000000 +0200 ++++ openssl-1.0.0-beta4/ssl/d1_clnt.c 2010-01-07 17:44:55.000000000 +0100 +@@ -286,16 +286,44 @@ int dtls1_connect(SSL *s) + + case SSL3_ST_CR_CERT_A: + case SSL3_ST_CR_CERT_B: ++#ifndef OPENSSL_NO_TLSEXT ++ ret=ssl3_check_finished(s); ++ if (ret <= 0) goto end; ++ if (ret == 2) ++ { ++ s->hit = 1; ++ if (s->tlsext_ticket_expected) ++ s->state=SSL3_ST_CR_SESSION_TICKET_A; ++ else ++ s->state=SSL3_ST_CR_FINISHED_A; ++ s->init_num=0; ++ break; ++ } ++#endif + /* Check if it is anon DH or PSK */ + if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) && + !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) + { + ret=ssl3_get_server_certificate(s); + if (ret <= 0) goto end; ++#ifndef OPENSSL_NO_TLSEXT ++ if (s->tlsext_status_expected) ++ s->state=SSL3_ST_CR_CERT_STATUS_A; ++ else ++ s->state=SSL3_ST_CR_KEY_EXCH_A; ++ } ++ else ++ { ++ skip = 1; ++ s->state=SSL3_ST_CR_KEY_EXCH_A; ++ } ++#else + } + else + skip=1; ++ + s->state=SSL3_ST_CR_KEY_EXCH_A; ++#endif + s->init_num=0; + break; + +@@ -437,11 +465,36 @@ int dtls1_connect(SSL *s) + } + else + { ++#ifndef OPENSSL_NO_TLSEXT ++ /* Allow NewSessionTicket if ticket expected */ ++ if (s->tlsext_ticket_expected) ++ s->s3->tmp.next_state=SSL3_ST_CR_SESSION_TICKET_A; ++ else ++#endif ++ + s->s3->tmp.next_state=SSL3_ST_CR_FINISHED_A; + } + s->init_num=0; + break; + ++#ifndef OPENSSL_NO_TLSEXT ++ case SSL3_ST_CR_SESSION_TICKET_A: ++ case SSL3_ST_CR_SESSION_TICKET_B: ++ ret=ssl3_get_new_session_ticket(s); ++ if (ret <= 0) goto end; ++ s->state=SSL3_ST_CR_FINISHED_A; ++ s->init_num=0; ++ break; ++ ++ case SSL3_ST_CR_CERT_STATUS_A: ++ case SSL3_ST_CR_CERT_STATUS_B: ++ ret=ssl3_get_cert_status(s); ++ if (ret <= 0) goto end; ++ s->state=SSL3_ST_CR_KEY_EXCH_A; ++ s->init_num=0; ++ break; ++#endif ++ + case SSL3_ST_CR_FINISHED_A: + case SSL3_ST_CR_FINISHED_B: + s->d1->change_cipher_spec_ok = 1; +@@ -554,8 +607,14 @@ int dtls1_client_hello(SSL *s) + buf=(unsigned char *)s->init_buf->data; + if (s->state == SSL3_ST_CW_CLNT_HELLO_A) + { ++ SSL_SESSION *sess = s->session; + if ((s->session == NULL) || + (s->session->ssl_version != s->version) || ++#ifdef OPENSSL_NO_TLSEXT ++ !sess->session_id_length || ++#else ++ (!sess->session_id_length && !sess->tlsext_tick) || ++#endif + (s->session->not_resumable)) + { + if (!ssl_get_new_session(s,0)) +@@ -635,7 +694,15 @@ int dtls1_client_hello(SSL *s) + *(p++)=comp->id; + } + *(p++)=0; /* Add the NULL method */ +- ++ ++#ifndef OPENSSL_NO_TLSEXT ++ if ((p = ssl_add_clienthello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) ++ { ++ SSLerr(SSL_F_SSL3_CLIENT_HELLO,ERR_R_INTERNAL_ERROR); ++ goto err; ++ } ++#endif ++ + l=(p-d); + d=buf; + +diff -up openssl-1.0.0-beta4/ssl/d1_lib.c.dtls-reneg openssl-1.0.0-beta4/ssl/d1_lib.c +diff -up openssl-1.0.0-beta4/ssl/d1_srvr.c.dtls-reneg openssl-1.0.0-beta4/ssl/d1_srvr.c +--- openssl-1.0.0-beta4/ssl/d1_srvr.c.dtls-reneg 2009-09-09 19:05:42.000000000 +0200 ++++ openssl-1.0.0-beta4/ssl/d1_srvr.c 2010-01-07 17:44:55.000000000 +0100 +@@ -305,8 +305,18 @@ int dtls1_accept(SSL *s) + ret=dtls1_send_server_hello(s); + if (ret <= 0) goto end; + ++#ifndef OPENSSL_NO_TLSEXT + if (s->hit) +- s->state=SSL3_ST_SW_CHANGE_A; ++ { ++ if (s->tlsext_ticket_expected) ++ s->state=SSL3_ST_SW_SESSION_TICKET_A; ++ else ++ s->state=SSL3_ST_SW_CHANGE_A; ++ } ++#else ++ if (s->hit) ++ s->state=SSL3_ST_SW_CHANGE_A; ++#endif + else + s->state=SSL3_ST_SW_CERT_A; + s->init_num=0; +@@ -321,10 +331,24 @@ int dtls1_accept(SSL *s) + dtls1_start_timer(s); + ret=dtls1_send_server_certificate(s); + if (ret <= 0) goto end; ++#ifndef OPENSSL_NO_TLSEXT ++ if (s->tlsext_status_expected) ++ s->state=SSL3_ST_SW_CERT_STATUS_A; ++ else ++ s->state=SSL3_ST_SW_KEY_EXCH_A; ++ } ++ else ++ { ++ skip = 1; ++ s->state=SSL3_ST_SW_KEY_EXCH_A; ++ } ++#else + } + else + skip=1; ++ + s->state=SSL3_ST_SW_KEY_EXCH_A; ++#endif + s->init_num=0; + break; + +@@ -519,11 +543,34 @@ int dtls1_accept(SSL *s) + dtls1_stop_timer(s); + if (s->hit) + s->state=SSL_ST_OK; ++#ifndef OPENSSL_NO_TLSEXT ++ else if (s->tlsext_ticket_expected) ++ s->state=SSL3_ST_SW_SESSION_TICKET_A; ++#endif + else + s->state=SSL3_ST_SW_CHANGE_A; + s->init_num=0; + break; + ++#ifndef OPENSSL_NO_TLSEXT ++ case SSL3_ST_SW_SESSION_TICKET_A: ++ case SSL3_ST_SW_SESSION_TICKET_B: ++ ret=dtls1_send_newsession_ticket(s); ++ if (ret <= 0) goto end; ++ s->state=SSL3_ST_SW_CHANGE_A; ++ s->init_num=0; ++ break; ++ ++ case SSL3_ST_SW_CERT_STATUS_A: ++ case SSL3_ST_SW_CERT_STATUS_B: ++ ret=ssl3_send_cert_status(s); ++ if (ret <= 0) goto end; ++ s->state=SSL3_ST_SW_KEY_EXCH_A; ++ s->init_num=0; ++ break; ++ ++#endif ++ + case SSL3_ST_SW_CHANGE_A: + case SSL3_ST_SW_CHANGE_B: + +@@ -749,6 +796,8 @@ int dtls1_send_server_hello(SSL *s) + p+=sl; + + /* put the cipher */ ++ if (s->s3->tmp.new_cipher == NULL) ++ return -1; + i=ssl3_put_cipher_by_char(s->s3->tmp.new_cipher,p); + p+=i; + +@@ -762,6 +811,14 @@ int dtls1_send_server_hello(SSL *s) + *(p++)=s->s3->tmp.new_compression->id; + #endif + ++#ifndef OPENSSL_NO_TLSEXT ++ if ((p = ssl_add_serverhello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) ++ { ++ SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO,ERR_R_INTERNAL_ERROR); ++ return -1; ++ } ++#endif ++ + /* do the header */ + l=(p-d); + d=buf; +@@ -1384,3 +1441,114 @@ int dtls1_send_server_certificate(SSL *s + /* SSL3_ST_SW_CERT_B */ + return(dtls1_do_write(s,SSL3_RT_HANDSHAKE)); + } ++ ++#ifndef OPENSSL_NO_TLSEXT ++int dtls1_send_newsession_ticket(SSL *s) ++ { ++ if (s->state == SSL3_ST_SW_SESSION_TICKET_A) ++ { ++ unsigned char *p, *senc, *macstart; ++ int len, slen; ++ unsigned int hlen, msg_len; ++ EVP_CIPHER_CTX ctx; ++ HMAC_CTX hctx; ++ SSL_CTX *tctx = s->initial_ctx; ++ unsigned char iv[EVP_MAX_IV_LENGTH]; ++ unsigned char key_name[16]; ++ ++ /* get session encoding length */ ++ slen = i2d_SSL_SESSION(s->session, NULL); ++ /* Some length values are 16 bits, so forget it if session is ++ * too long ++ */ ++ if (slen > 0xFF00) ++ return -1; ++ /* Grow buffer if need be: the length calculation is as ++ * follows 12 (DTLS handshake message header) + ++ * 4 (ticket lifetime hint) + 2 (ticket length) + ++ * 16 (key name) + max_iv_len (iv length) + ++ * session_length + max_enc_block_size (max encrypted session ++ * length) + max_md_size (HMAC). ++ */ ++ if (!BUF_MEM_grow(s->init_buf, ++ DTLS1_HM_HEADER_LENGTH + 22 + EVP_MAX_IV_LENGTH + ++ EVP_MAX_BLOCK_LENGTH + EVP_MAX_MD_SIZE + slen)) ++ return -1; ++ senc = OPENSSL_malloc(slen); ++ if (!senc) ++ return -1; ++ p = senc; ++ i2d_SSL_SESSION(s->session, &p); ++ ++ p=(unsigned char *)&(s->init_buf->data[DTLS1_HM_HEADER_LENGTH]); ++ EVP_CIPHER_CTX_init(&ctx); ++ HMAC_CTX_init(&hctx); ++ /* Initialize HMAC and cipher contexts. If callback present ++ * it does all the work otherwise use generated values ++ * from parent ctx. ++ */ ++ if (tctx->tlsext_ticket_key_cb) ++ { ++ if (tctx->tlsext_ticket_key_cb(s, key_name, iv, &ctx, ++ &hctx, 1) < 0) ++ { ++ OPENSSL_free(senc); ++ return -1; ++ } ++ } ++ else ++ { ++ RAND_pseudo_bytes(iv, 16); ++ EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, ++ tctx->tlsext_tick_aes_key, iv); ++ HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16, ++ tlsext_tick_md(), NULL); ++ memcpy(key_name, tctx->tlsext_tick_key_name, 16); ++ } ++ l2n(s->session->tlsext_tick_lifetime_hint, p); ++ /* Skip ticket length for now */ ++ p += 2; ++ /* Output key name */ ++ macstart = p; ++ memcpy(p, key_name, 16); ++ p += 16; ++ /* output IV */ ++ memcpy(p, iv, EVP_CIPHER_CTX_iv_length(&ctx)); ++ p += EVP_CIPHER_CTX_iv_length(&ctx); ++ /* Encrypt session data */ ++ EVP_EncryptUpdate(&ctx, p, &len, senc, slen); ++ p += len; ++ EVP_EncryptFinal(&ctx, p, &len); ++ p += len; ++ EVP_CIPHER_CTX_cleanup(&ctx); ++ ++ HMAC_Update(&hctx, macstart, p - macstart); ++ HMAC_Final(&hctx, p, &hlen); ++ HMAC_CTX_cleanup(&hctx); ++ ++ p += hlen; ++ /* Now write out lengths: p points to end of data written */ ++ /* Total length */ ++ len = p - (unsigned char *)&(s->init_buf->data[DTLS1_HM_HEADER_LENGTH]); ++ p=(unsigned char *)&(s->init_buf->data[DTLS1_HM_HEADER_LENGTH]) + 4; ++ s2n(len - 18, p); /* Ticket length */ ++ ++ /* number of bytes to write */ ++ s->init_num= len; ++ s->state=SSL3_ST_SW_SESSION_TICKET_B; ++ s->init_off=0; ++ OPENSSL_free(senc); ++ ++ /* XDTLS: set message header ? */ ++ msg_len = s->init_num - DTLS1_HM_HEADER_LENGTH; ++ dtls1_set_message_header(s, (void *)s->init_buf->data, ++ SSL3_MT_NEWSESSION_TICKET, msg_len, 0, msg_len); ++ ++ /* buffer the message to handle re-xmits */ ++ dtls1_buffer_message(s, 0); ++ } ++ ++ /* SSL3_ST_SW_SESSION_TICKET_B */ ++ return(dtls1_do_write(s,SSL3_RT_HANDSHAKE)); ++ } ++#endif +diff -up openssl-1.0.0-beta4/ssl/ssl_locl.h.dtls-reneg openssl-1.0.0-beta4/ssl/ssl_locl.h +--- openssl-1.0.0-beta4/ssl/ssl_locl.h.dtls-reneg 2009-11-23 08:36:03.000000000 +0100 ++++ openssl-1.0.0-beta4/ssl/ssl_locl.h 2010-01-07 17:44:55.000000000 +0100 +@@ -933,7 +933,7 @@ void dtls1_start_timer(SSL *s); + void dtls1_stop_timer(SSL *s); + int dtls1_is_timer_expired(SSL *s); + void dtls1_double_timeout(SSL *s); +- ++int dtls1_send_newsession_ticket(SSL *s); + + /* some client-only functions */ + int ssl3_client_hello(SSL *s); +@@ -949,6 +949,9 @@ int ssl3_send_client_key_exchange(SSL *s + int ssl3_get_key_exchange(SSL *s); + int ssl3_get_server_certificate(SSL *s); + int ssl3_check_cert_and_algorithm(SSL *s); ++#ifndef OPENSSL_NO_TLSEXT ++int ssl3_check_finished(SSL *s); ++#endif + + int dtls1_client_hello(SSL *s); + int dtls1_send_client_certificate(SSL *s); +@@ -1030,6 +1033,7 @@ int ssl_prepare_clienthello_tlsext(SSL * + int ssl_prepare_serverhello_tlsext(SSL *s); + int ssl_check_clienthello_tlsext(SSL *s); + int ssl_check_serverhello_tlsext(SSL *s); ++ + #ifdef OPENSSL_NO_SHA256 + #define tlsext_tick_md EVP_sha1 + #else +diff -up openssl-1.0.0-beta4/ssl/s3_clnt.c.dtls-reneg openssl-1.0.0-beta4/ssl/s3_clnt.c +--- openssl-1.0.0-beta4/ssl/s3_clnt.c.dtls-reneg 2009-11-23 08:36:04.000000000 +0100 ++++ openssl-1.0.0-beta4/ssl/s3_clnt.c 2010-01-07 17:44:55.000000000 +0100 +@@ -170,9 +170,6 @@ + + static const SSL_METHOD *ssl3_get_client_method(int ver); + static int ca_dn_cmp(const X509_NAME * const *a,const X509_NAME * const *b); +-#ifndef OPENSSL_NO_TLSEXT +-static int ssl3_check_finished(SSL *s); +-#endif + + static const SSL_METHOD *ssl3_get_client_method(int ver) + { +@@ -1827,6 +1824,7 @@ int ssl3_get_new_session_ticket(SSL *s) + SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,SSL_R_LENGTH_MISMATCH); + goto f_err; + } ++ + p=d=(unsigned char *)s->init_msg; + n2l(p, s->session->tlsext_tick_lifetime_hint); + n2s(p, ticklen); +@@ -2991,7 +2989,7 @@ err: + */ + + #ifndef OPENSSL_NO_TLSEXT +-static int ssl3_check_finished(SSL *s) ++int ssl3_check_finished(SSL *s) + { + int ok; + long n; +diff -up openssl-1.0.0-beta4/ssl/t1_lib.c.dtls-reneg openssl-1.0.0-beta4/ssl/t1_lib.c +--- openssl-1.0.0-beta4/ssl/t1_lib.c.dtls-reneg 2009-11-23 08:36:04.000000000 +0100 ++++ openssl-1.0.0-beta4/ssl/t1_lib.c 2010-01-07 17:44:55.000000000 +0100 +@@ -340,7 +340,8 @@ unsigned char *ssl_add_clienthello_tlsex + } + + #ifndef OPENSSL_NO_EC +- if (s->tlsext_ecpointformatlist != NULL) ++ if (s->tlsext_ecpointformatlist != NULL && ++ s->version != DTLS1_VERSION) + { + /* Add TLS extension ECPointFormats to the ClientHello message */ + long lenmax; +@@ -359,7 +360,8 @@ unsigned char *ssl_add_clienthello_tlsex + memcpy(ret, s->tlsext_ecpointformatlist, s->tlsext_ecpointformatlist_length); + ret+=s->tlsext_ecpointformatlist_length; + } +- if (s->tlsext_ellipticcurvelist != NULL) ++ if (s->tlsext_ellipticcurvelist != NULL && ++ s->version != DTLS1_VERSION) + { + /* Add TLS extension EllipticCurves to the ClientHello message */ + long lenmax; +@@ -423,7 +425,8 @@ unsigned char *ssl_add_clienthello_tlsex + skip_ext: + + #ifdef TLSEXT_TYPE_opaque_prf_input +- if (s->s3->client_opaque_prf_input != NULL) ++ if (s->s3->client_opaque_prf_input != NULL && ++ s->version != DTLS1_VERSION) + { + size_t col = s->s3->client_opaque_prf_input_len; + +@@ -440,7 +443,8 @@ unsigned char *ssl_add_clienthello_tlsex + } + #endif + +- if (s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp) ++ if (s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp && ++ s->version != DTLS1_VERSION) + { + int i; + long extlen, idlen, itmp; +@@ -515,7 +519,7 @@ unsigned char *ssl_add_serverhello_tlsex + s2n(0,ret); + } + +- if(s->s3->send_connection_binding) ++ if(s->s3->send_connection_binding) + { + int el; + +@@ -540,7 +544,8 @@ unsigned char *ssl_add_serverhello_tlsex + } + + #ifndef OPENSSL_NO_EC +- if (s->tlsext_ecpointformatlist != NULL) ++ if (s->tlsext_ecpointformatlist != NULL && ++ s->version != DTLS1_VERSION) + { + /* Add TLS extension ECPointFormats to the ServerHello message */ + long lenmax; +@@ -579,7 +584,8 @@ unsigned char *ssl_add_serverhello_tlsex + } + + #ifdef TLSEXT_TYPE_opaque_prf_input +- if (s->s3->server_opaque_prf_input != NULL) ++ if (s->s3->server_opaque_prf_input != NULL && ++ s->version != DTLS1_VERSION) + { + size_t sol = s->s3->server_opaque_prf_input_len; + +@@ -757,7 +763,8 @@ int ssl_parse_clienthello_tlsext(SSL *s, + } + + #ifndef OPENSSL_NO_EC +- else if (type == TLSEXT_TYPE_ec_point_formats) ++ else if (type == TLSEXT_TYPE_ec_point_formats && ++ s->version != DTLS1_VERSION) + { + unsigned char *sdata = data; + int ecpointformatlist_length = *(sdata++); +@@ -784,7 +791,8 @@ int ssl_parse_clienthello_tlsext(SSL *s, + fprintf(stderr,"\n"); + #endif + } +- else if (type == TLSEXT_TYPE_elliptic_curves) ++ else if (type == TLSEXT_TYPE_elliptic_curves && ++ s->version != DTLS1_VERSION) + { + unsigned char *sdata = data; + int ellipticcurvelist_length = (*(sdata++) << 8); +@@ -814,7 +822,8 @@ int ssl_parse_clienthello_tlsext(SSL *s, + } + #endif /* OPENSSL_NO_EC */ + #ifdef TLSEXT_TYPE_opaque_prf_input +- else if (type == TLSEXT_TYPE_opaque_prf_input) ++ else if (type == TLSEXT_TYPE_opaque_prf_input && ++ s->version != DTLS1_VERSION) + { + unsigned char *sdata = data; + +@@ -858,8 +867,8 @@ int ssl_parse_clienthello_tlsext(SSL *s, + return 0; + renegotiate_seen = 1; + } +- else if (type == TLSEXT_TYPE_status_request +- && s->ctx->tlsext_status_cb) ++ else if (type == TLSEXT_TYPE_status_request && ++ s->version != DTLS1_VERSION && s->ctx->tlsext_status_cb) + { + + if (size < 5) +@@ -1027,7 +1036,8 @@ int ssl_parse_serverhello_tlsext(SSL *s, + } + + #ifndef OPENSSL_NO_EC +- else if (type == TLSEXT_TYPE_ec_point_formats) ++ else if (type == TLSEXT_TYPE_ec_point_formats && ++ s->version != DTLS1_VERSION) + { + unsigned char *sdata = data; + int ecpointformatlist_length = *(sdata++); +@@ -1073,7 +1083,8 @@ int ssl_parse_serverhello_tlsext(SSL *s, + s->tlsext_ticket_expected = 1; + } + #ifdef TLSEXT_TYPE_opaque_prf_input +- else if (type == TLSEXT_TYPE_opaque_prf_input) ++ else if (type == TLSEXT_TYPE_opaque_prf_input && ++ s->version != DTLS1_VERSION) + { + unsigned char *sdata = data; + +@@ -1103,7 +1114,8 @@ int ssl_parse_serverhello_tlsext(SSL *s, + } + } + #endif +- else if (type == TLSEXT_TYPE_status_request) ++ else if (type == TLSEXT_TYPE_status_request && ++ s->version != DTLS1_VERSION) + { + /* MUST be empty and only sent if we've requested + * a status request message. diff --git a/openssl-1.0.0-beta4-reneg-scsv.patch b/openssl-1.0.0-beta4-reneg-scsv.patch new file mode 100644 index 0000000..a50d71f --- /dev/null +++ b/openssl-1.0.0-beta4-reneg-scsv.patch @@ -0,0 +1,793 @@ +diff -up openssl-1.0.0-beta4/apps/s_client.c.scsv openssl-1.0.0-beta4/apps/s_client.c +--- openssl-1.0.0-beta4/apps/s_client.c.scsv 2010-01-07 23:37:39.000000000 +0100 ++++ openssl-1.0.0-beta4/apps/s_client.c 2010-01-07 23:37:39.000000000 +0100 +@@ -382,7 +382,7 @@ int MAIN(int, char **); + + int MAIN(int argc, char **argv) + { +- int off=0; ++ unsigned int off=0, clr=0; + SSL *con=NULL; + int s,k,width,state=0; + char *cbuf=NULL,*sbuf=NULL,*mbuf=NULL; +@@ -660,6 +660,10 @@ int MAIN(int argc, char **argv) + off|=SSL_OP_CIPHER_SERVER_PREFERENCE; + else if (strcmp(*argv,"-legacy_renegotiation") == 0) + off|=SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION; ++ else if (strcmp(*argv,"-legacy_server_connect") == 0) ++ { off|=SSL_OP_LEGACY_SERVER_CONNECT; } ++ else if (strcmp(*argv,"-no_legacy_server_connect") == 0) ++ { clr|=SSL_OP_LEGACY_SERVER_CONNECT; } + else if (strcmp(*argv,"-cipher") == 0) + { + if (--argc < 1) goto bad; +@@ -870,6 +874,9 @@ bad: + SSL_CTX_set_options(ctx,SSL_OP_ALL|off); + else + SSL_CTX_set_options(ctx,off); ++ ++ if (clr) ++ SSL_CTX_clear_options(ctx, clr); + /* DTLS: partial reads end up discarding unread UDP bytes :-( + * Setting read ahead solves this problem. + */ +@@ -1725,6 +1732,8 @@ static void print_stuff(BIO *bio, SSL *s + EVP_PKEY_bits(pktmp)); + EVP_PKEY_free(pktmp); + } ++ BIO_printf(bio, "Secure Renegotiation IS%s supported\n", ++ SSL_get_secure_renegotiation_support(s) ? "" : " NOT"); + #ifndef OPENSSL_NO_COMP + comp=SSL_get_current_compression(s); + expansion=SSL_get_current_expansion(s); +diff -up openssl-1.0.0-beta4/apps/s_server.c.scsv openssl-1.0.0-beta4/apps/s_server.c +--- openssl-1.0.0-beta4/apps/s_server.c.scsv 2010-01-07 23:37:39.000000000 +0100 ++++ openssl-1.0.0-beta4/apps/s_server.c 2010-01-07 23:37:39.000000000 +0100 +@@ -2212,6 +2212,8 @@ static int init_ssl_connection(SSL *con) + con->kssl_ctx->client_princ); + } + #endif /* OPENSSL_NO_KRB5 */ ++ BIO_printf(bio_s_out, "Secure Renegotiation IS%s supported\n", ++ SSL_get_secure_renegotiation_support(con) ? "" : " NOT"); + return(1); + } + +diff -up openssl-1.0.0-beta4/doc/ssl/SSL_CTX_set_options.pod.scsv openssl-1.0.0-beta4/doc/ssl/SSL_CTX_set_options.pod +--- openssl-1.0.0-beta4/doc/ssl/SSL_CTX_set_options.pod.scsv 2007-08-24 00:49:13.000000000 +0200 ++++ openssl-1.0.0-beta4/doc/ssl/SSL_CTX_set_options.pod 2010-01-07 23:37:39.000000000 +0100 +@@ -2,7 +2,7 @@ + + =head1 NAME + +-SSL_CTX_set_options, SSL_set_options, SSL_CTX_get_options, SSL_get_options - manipulate SSL engine options ++SSL_CTX_set_options, SSL_set_options, SSL_CTX_clear_options, SSL_clear_options, SSL_CTX_get_options, SSL_get_options, SSL_get_secure_renegotiation_support - manipulate SSL options + + =head1 SYNOPSIS + +@@ -11,26 +11,41 @@ SSL_CTX_set_options, SSL_set_options, SS + long SSL_CTX_set_options(SSL_CTX *ctx, long options); + long SSL_set_options(SSL *ssl, long options); + ++ long SSL_CTX_clear_options(SSL_CTX *ctx, long options); ++ long SSL_clear_options(SSL *ssl, long options); ++ + long SSL_CTX_get_options(SSL_CTX *ctx); + long SSL_get_options(SSL *ssl); + ++ long SSL_get_secure_renegotiation_support(SSL *ssl); ++ + =head1 DESCRIPTION + ++Note: all these functions are implemented using macros. ++ + SSL_CTX_set_options() adds the options set via bitmask in B to B. + Options already set before are not cleared! + + SSL_set_options() adds the options set via bitmask in B to B. + Options already set before are not cleared! + ++SSL_CTX_clear_options() clears the options set via bitmask in B ++to B. ++ ++SSL_clear_options() clears the options set via bitmask in B to B. ++ + SSL_CTX_get_options() returns the options set for B. + + SSL_get_options() returns the options set for B. + ++SSL_get_secure_renegotiation_support() indicates whether the peer supports ++secure renegotiation. ++ + =head1 NOTES + + The behaviour of the SSL library can be changed by setting several options. + The options are coded as bitmasks and can be combined by a logical B +-operation (|). Options can only be added but can never be reset. ++operation (|). + + SSL_CTX_set_options() and SSL_set_options() affect the (external) + protocol behaviour of the SSL library. The (internal) behaviour of +@@ -199,7 +214,7 @@ Do not use the TLSv1 protocol. + + When performing renegotiation as a server, always start a new session + (i.e., session resumption requests are only accepted in the initial +-handshake). This option is not needed for clients. ++handshake). This option is not needed for clients. + + =item SSL_OP_NO_TICKET + +@@ -209,15 +224,63 @@ of RFC4507bis tickets for stateless sess + If this option is set this functionality is disabled and tickets will + not be used by clients or servers. + ++=item SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION ++ ++See the B section for a discussion of the purpose of ++this option ++ + =back + ++=head1 SECURE RENEGOTIATION ++ ++OpenSSL 0.9.8m and later always attempts to use secure renegotiation as ++described in draft-ietf-tls-renegotiation (FIXME: replace by RFC). This ++counters a prefix attack described in the draft and elsewhere (FIXME: need full ++reference). ++ ++This attack has far reaching consequences which application writers should be ++aware of. In the description below an implementation supporting secure ++renegotiation is referred to as I. A server not supporting secure ++renegotiation is referred to as I. ++ ++If an unpatched client attempts to connect to a patched OpenSSL server then ++the attempt will succeed but renegotiation is not permitted. As required ++by the standard a B alert is sent back to the client if ++the TLS v1.0 protocol is used. If SSLv3.0 is used then renegotiation results ++in a fatal B alert. ++ ++If a patched OpenSSL client attempts to connect to an unpatched server ++then the connection will fail because it is not possible to determine ++whether an attack is taking place. ++ ++If the option B is set then the ++above restrictions are relaxed. Renegotiation is permissible and initial ++connections to unpatched servers will succeed. ++ ++This option should be used with caution because it leaves both clients and ++servers vulnerable. However unpatched servers and clients are likely to be ++around for some time and refusing to connect to unpatched servers or denying ++renegotion altogether may be unacceptable. So applications may be forced to ++tolerate unsafe renegotiation for the immediate future. ++ ++The function SSL_get_secure_renegotiation_support() indicates whether the peer ++supports secure renegotiation. ++ ++The deprecated SSLv2 protocol does not support secure renegotiation at all. ++ + =head1 RETURN VALUES + + SSL_CTX_set_options() and SSL_set_options() return the new options bitmask + after adding B. + ++SSL_CTX_clear_options() and SSL_clear_options() return the new options bitmask ++after clearing B. ++ + SSL_CTX_get_options() and SSL_get_options() return the current bitmask. + ++SSL_get_secure_renegotiation_support() returns 1 is the peer supports ++secure renegotiation and 0 if it does not. ++ + =head1 SEE ALSO + + L, L, L, +@@ -240,4 +303,10 @@ Versions up to OpenSSL 0.9.6c do not inc + can be disabled with this option (in OpenSSL 0.9.6d, it was always + enabled). + ++SSL_CTX_clear_options() and SSL_clear_options() were first added in OpenSSL ++0.9.8m. ++ ++B was first added in OpenSSL ++0.9.8m. ++ + =cut +diff -up openssl-1.0.0-beta4/ssl/d1_clnt.c.scsv openssl-1.0.0-beta4/ssl/d1_clnt.c +--- openssl-1.0.0-beta4/ssl/d1_clnt.c.scsv 2010-01-07 23:37:39.000000000 +0100 ++++ openssl-1.0.0-beta4/ssl/d1_clnt.c 2010-01-07 23:37:39.000000000 +0100 +@@ -698,7 +698,7 @@ int dtls1_client_hello(SSL *s) + #ifndef OPENSSL_NO_TLSEXT + if ((p = ssl_add_clienthello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) + { +- SSLerr(SSL_F_SSL3_CLIENT_HELLO,ERR_R_INTERNAL_ERROR); ++ SSLerr(SSL_F_DTLS1_CLIENT_HELLO,ERR_R_INTERNAL_ERROR); + goto err; + } + #endif +diff -up openssl-1.0.0-beta4/ssl/d1_srvr.c.scsv openssl-1.0.0-beta4/ssl/d1_srvr.c +--- openssl-1.0.0-beta4/ssl/d1_srvr.c.scsv 2010-01-07 23:37:39.000000000 +0100 ++++ openssl-1.0.0-beta4/ssl/d1_srvr.c 2010-01-07 23:37:39.000000000 +0100 +@@ -814,7 +814,7 @@ int dtls1_send_server_hello(SSL *s) + #ifndef OPENSSL_NO_TLSEXT + if ((p = ssl_add_serverhello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) + { +- SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO,ERR_R_INTERNAL_ERROR); ++ SSLerr(SSL_F_DTLS1_SEND_SERVER_HELLO,ERR_R_INTERNAL_ERROR); + return -1; + } + #endif +diff -up openssl-1.0.0-beta4/ssl/ssl_err.c.scsv openssl-1.0.0-beta4/ssl/ssl_err.c +--- openssl-1.0.0-beta4/ssl/ssl_err.c.scsv 2010-01-07 23:37:39.000000000 +0100 ++++ openssl-1.0.0-beta4/ssl/ssl_err.c 2010-01-07 23:37:39.000000000 +0100 +@@ -414,6 +414,7 @@ static ERR_STRING_DATA SSL_str_reasons[] + {ERR_REASON(SSL_R_NO_PRIVATE_KEY_ASSIGNED),"no private key assigned"}, + {ERR_REASON(SSL_R_NO_PROTOCOLS_AVAILABLE),"no protocols available"}, + {ERR_REASON(SSL_R_NO_PUBLICKEY) ,"no publickey"}, ++{ERR_REASON(SSL_R_NO_RENEGOTIATION) ,"no renegotiation"}, + {ERR_REASON(SSL_R_NO_REQUIRED_DIGEST) ,"digest requred for handshake isn't computed"}, + {ERR_REASON(SSL_R_NO_SHARED_CIPHER) ,"no shared cipher"}, + {ERR_REASON(SSL_R_NO_VERIFY_CALLBACK) ,"no verify callback"}, +@@ -453,6 +454,7 @@ static ERR_STRING_DATA SSL_str_reasons[] + {ERR_REASON(SSL_R_REUSE_CERT_LENGTH_NOT_ZERO),"reuse cert length not zero"}, + {ERR_REASON(SSL_R_REUSE_CERT_TYPE_NOT_ZERO),"reuse cert type not zero"}, + {ERR_REASON(SSL_R_REUSE_CIPHER_LIST_NOT_ZERO),"reuse cipher list not zero"}, ++{ERR_REASON(SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING),"scsv received when renegotiating"}, + {ERR_REASON(SSL_R_SERVERHELLO_TLSEXT) ,"serverhello tlsext"}, + {ERR_REASON(SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED),"session id context uninitialized"}, + {ERR_REASON(SSL_R_SHORT_READ) ,"short read"}, +diff -up openssl-1.0.0-beta4/ssl/ssl.h.scsv openssl-1.0.0-beta4/ssl/ssl.h +--- openssl-1.0.0-beta4/ssl/ssl.h.scsv 2010-01-07 23:37:39.000000000 +0100 ++++ openssl-1.0.0-beta4/ssl/ssl.h 2010-01-07 23:37:39.000000000 +0100 +@@ -511,6 +511,8 @@ typedef struct ssl_session_st + + #define SSL_OP_MICROSOFT_SESS_ID_BUG 0x00000001L + #define SSL_OP_NETSCAPE_CHALLENGE_BUG 0x00000002L ++/* Allow initial connection to servers that don't support RI */ ++#define SSL_OP_LEGACY_SERVER_CONNECT 0x00000004L + #define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x00000008L /* can break some security expectations */ + #define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x00000010L + #define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020L +@@ -518,7 +520,6 @@ typedef struct ssl_session_st + #define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x00000080L + #define SSL_OP_TLS_D5_BUG 0x00000100L + #define SSL_OP_TLS_BLOCK_PADDING_BUG 0x00000200L +-#define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 0x00000400L + + /* Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added + * in OpenSSL 0.9.6d. Usually (depending on the application protocol) +@@ -544,6 +545,8 @@ typedef struct ssl_session_st + #define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 0x00010000L + /* Don't use compression even if supported */ + #define SSL_OP_NO_COMPRESSION 0x00020000L ++/* Permit unsafe legacy renegotiation */ ++#define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 0x00040000L + /* If set, always create a new key when using tmp_ecdh parameters */ + #define SSL_OP_SINGLE_ECDH_USE 0x00080000L + /* If set, always create a new key when using tmp_dh parameters */ +@@ -599,17 +602,25 @@ typedef struct ssl_session_st + + #define SSL_CTX_set_options(ctx,op) \ + SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,(op),NULL) ++#define SSL_CTX_clear_options(ctx,op) \ ++ SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_OPTIONS,(op),NULL) + #define SSL_CTX_get_options(ctx) \ + SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,0,NULL) + #define SSL_set_options(ssl,op) \ + SSL_ctrl((ssl),SSL_CTRL_OPTIONS,(op),NULL) ++#define SSL_clear_options(ssl,op) \ ++ SSL_ctrl((ssl),SSL_CTRL_CLEAR_OPTIONS,(op),NULL) + #define SSL_get_options(ssl) \ + SSL_ctrl((ssl),SSL_CTRL_OPTIONS,0,NULL) + + #define SSL_CTX_set_mode(ctx,op) \ + SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,(op),NULL) ++#define SSL_CTX_clear_mode(ctx,op) \ ++ SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_MODE,(op),NULL) + #define SSL_CTX_get_mode(ctx) \ + SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,0,NULL) ++#define SSL_clear_mode(ssl,op) \ ++ SSL_ctrl((ssl),SSL_CTRL_CLEAR_MODE,(op),NULL) + #define SSL_set_mode(ssl,op) \ + SSL_ctrl((ssl),SSL_CTRL_MODE,(op),NULL) + #define SSL_get_mode(ssl) \ +@@ -617,6 +628,8 @@ typedef struct ssl_session_st + #define SSL_set_mtu(ssl, mtu) \ + SSL_ctrl((ssl),SSL_CTRL_SET_MTU,(mtu),NULL) + ++#define SSL_get_secure_renegotiation_support(ssl) \ ++ SSL_ctrl((ssl), SSL_CTRL_GET_RI_SUPPORT, 0, NULL) + + void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)); + void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)); +@@ -1389,6 +1402,10 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) + #define DTLS_CTRL_HANDLE_TIMEOUT 74 + #define DTLS_CTRL_LISTEN 75 + ++#define SSL_CTRL_GET_RI_SUPPORT 76 ++#define SSL_CTRL_CLEAR_OPTIONS 77 ++#define SSL_CTRL_CLEAR_MODE 78 ++ + #define DTLSv1_get_timeout(ssl, arg) \ + SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg) + #define DTLSv1_handle_timeout(ssl) \ +@@ -2119,6 +2136,7 @@ void ERR_load_SSL_strings(void); + #define SSL_R_NO_PRIVATE_KEY_ASSIGNED 190 + #define SSL_R_NO_PROTOCOLS_AVAILABLE 191 + #define SSL_R_NO_PUBLICKEY 192 ++#define SSL_R_NO_RENEGOTIATION 339 + #define SSL_R_NO_REQUIRED_DIGEST 324 + #define SSL_R_NO_SHARED_CIPHER 193 + #define SSL_R_NO_VERIFY_CALLBACK 194 +@@ -2158,6 +2176,7 @@ void ERR_load_SSL_strings(void); + #define SSL_R_REUSE_CERT_LENGTH_NOT_ZERO 216 + #define SSL_R_REUSE_CERT_TYPE_NOT_ZERO 217 + #define SSL_R_REUSE_CIPHER_LIST_NOT_ZERO 218 ++#define SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING 345 + #define SSL_R_SERVERHELLO_TLSEXT 275 + #define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED 277 + #define SSL_R_SHORT_READ 219 +diff -up openssl-1.0.0-beta4/ssl/ssl_lib.c.scsv openssl-1.0.0-beta4/ssl/ssl_lib.c +--- openssl-1.0.0-beta4/ssl/ssl_lib.c.scsv 2010-01-07 23:37:39.000000000 +0100 ++++ openssl-1.0.0-beta4/ssl/ssl_lib.c 2010-01-07 23:38:08.000000000 +0100 +@@ -1041,8 +1041,12 @@ long SSL_ctrl(SSL *s,int cmd,long larg,v + + case SSL_CTRL_OPTIONS: + return(s->options|=larg); ++ case SSL_CTRL_CLEAR_OPTIONS: ++ return(s->options&=~larg); + case SSL_CTRL_MODE: + return(s->mode|=larg); ++ case SSL_CTRL_CLEAR_MODE: ++ return(s->mode &=~larg); + case SSL_CTRL_GET_MAX_CERT_LIST: + return(s->max_cert_list); + case SSL_CTRL_SET_MAX_CERT_LIST: +@@ -1062,6 +1066,10 @@ long SSL_ctrl(SSL *s,int cmd,long larg,v + return 0; + s->max_send_fragment = larg; + return 1; ++ case SSL_CTRL_GET_RI_SUPPORT: ++ if (s->s3) ++ return s->s3->send_connection_binding; ++ else return 0; + default: + return(s->method->ssl_ctrl(s,cmd,larg,parg)); + } +@@ -1148,8 +1156,12 @@ long SSL_CTX_ctrl(SSL_CTX *ctx,int cmd,l + return(ctx->stats.sess_cache_full); + case SSL_CTRL_OPTIONS: + return(ctx->options|=larg); ++ case SSL_CTRL_CLEAR_OPTIONS: ++ return(ctx->options&=~larg); + case SSL_CTRL_MODE: + return(ctx->mode|=larg); ++ case SSL_CTRL_CLEAR_MODE: ++ return(ctx->mode&=~larg); + case SSL_CTRL_SET_MAX_SEND_FRAGMENT: + if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH) + return 0; +@@ -1357,6 +1369,22 @@ int ssl_cipher_list_to_bytes(SSL *s,STAC + j = put_cb ? put_cb(c,p) : ssl_put_cipher_by_char(s,c,p); + p+=j; + } ++ /* If p == q, no ciphers and caller indicates an error. Otherwise ++ * add SCSV if not renegotiating. ++ */ ++ if (p != q && !s->new_session) ++ { ++ static SSL_CIPHER scsv = ++ { ++ 0, NULL, SSL3_CK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0 ++ }; ++ j = put_cb ? put_cb(&scsv,p) : ssl_put_cipher_by_char(s,&scsv,p); ++ p+=j; ++#ifdef OPENSSL_RI_DEBUG ++ fprintf(stderr, "SCSV sent by client\n"); ++#endif ++ } ++ + return(p-q); + } + +@@ -1366,6 +1394,8 @@ STACK_OF(SSL_CIPHER) *ssl_bytes_to_ciphe + const SSL_CIPHER *c; + STACK_OF(SSL_CIPHER) *sk; + int i,n; ++ if (s->s3) ++ s->s3->send_connection_binding = 0; + + n=ssl_put_cipher_by_char(s,NULL,NULL); + if ((num%n) != 0) +@@ -1383,6 +1413,26 @@ STACK_OF(SSL_CIPHER) *ssl_bytes_to_ciphe + + for (i=0; is3 && (n != 3 || !p[0]) && ++ (p[n-2] == ((SSL3_CK_SCSV >> 8) & 0xff)) && ++ (p[n-1] == (SSL3_CK_SCSV & 0xff))) ++ { ++ /* SCSV fatal if renegotiating */ ++ if (s->new_session) ++ { ++ SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING); ++ ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE); ++ goto err; ++ } ++ s->s3->send_connection_binding = 1; ++ p += n; ++#ifdef OPENSSL_RI_DEBUG ++ fprintf(stderr, "SCSV received by server\n"); ++#endif ++ continue; ++ } ++ + c=ssl_get_cipher_by_char(s,p); + p+=n; + if (c != NULL) +@@ -1642,6 +1692,10 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m + } + #endif + #endif ++ /* Default is to connect to non-RI servers. When RI is more widely ++ * deployed might change this. ++ */ ++ ret->options = SSL_OP_LEGACY_SERVER_CONNECT; + + return(ret); + err: +diff -up openssl-1.0.0-beta4/ssl/ssl3.h.scsv openssl-1.0.0-beta4/ssl/ssl3.h +--- openssl-1.0.0-beta4/ssl/ssl3.h.scsv 2010-01-07 23:37:38.000000000 +0100 ++++ openssl-1.0.0-beta4/ssl/ssl3.h 2010-01-07 23:37:39.000000000 +0100 +@@ -128,6 +128,9 @@ + extern "C" { + #endif + ++/* Signalling cipher suite value: from draft-ietf-tls-renegotiation-03.txt */ ++#define SSL3_CK_SCSV 0x030000FF ++ + #define SSL3_CK_RSA_NULL_MD5 0x03000001 + #define SSL3_CK_RSA_NULL_SHA 0x03000002 + #define SSL3_CK_RSA_RC4_40_MD5 0x03000003 +diff -up openssl-1.0.0-beta4/ssl/s3_clnt.c.scsv openssl-1.0.0-beta4/ssl/s3_clnt.c +--- openssl-1.0.0-beta4/ssl/s3_clnt.c.scsv 2010-01-07 23:37:39.000000000 +0100 ++++ openssl-1.0.0-beta4/ssl/s3_clnt.c 2010-01-07 23:37:39.000000000 +0100 +@@ -916,7 +916,7 @@ int ssl3_get_server_hello(SSL *s) + + #ifndef OPENSSL_NO_TLSEXT + /* TLS extensions*/ +- if (s->version > SSL3_VERSION) ++ if (s->version >= SSL3_VERSION) + { + if (!ssl_parse_serverhello_tlsext(s,&p,d,n, &al)) + { +diff -up openssl-1.0.0-beta4/ssl/s3_pkt.c.scsv openssl-1.0.0-beta4/ssl/s3_pkt.c +--- openssl-1.0.0-beta4/ssl/s3_pkt.c.scsv 2009-07-14 17:28:44.000000000 +0200 ++++ openssl-1.0.0-beta4/ssl/s3_pkt.c 2010-01-07 23:37:39.000000000 +0100 +@@ -1120,7 +1120,25 @@ start: + * now try again to obtain the (application) data we were asked for */ + goto start; + } +- ++ /* If we are a server and get a client hello when renegotiation isn't ++ * allowed send back a no renegotiation alert and carry on. ++ * WARNING: experimental code, needs reviewing (steve) ++ */ ++ if (s->server && ++ SSL_is_init_finished(s) && ++ !s->s3->send_connection_binding && ++ (s->version > SSL3_VERSION) && ++ (s->s3->handshake_fragment_len >= 4) && ++ (s->s3->handshake_fragment[0] == SSL3_MT_CLIENT_HELLO) && ++ (s->session != NULL) && (s->session->cipher != NULL) && ++ !(s->ctx->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) ++ ++ { ++ /*s->s3->handshake_fragment_len = 0;*/ ++ rr->length = 0; ++ ssl3_send_alert(s,SSL3_AL_WARNING, SSL_AD_NO_RENEGOTIATION); ++ goto start; ++ } + if (s->s3->alert_fragment_len >= 2) + { + int alert_level = s->s3->alert_fragment[0]; +@@ -1150,6 +1168,21 @@ start: + s->shutdown |= SSL_RECEIVED_SHUTDOWN; + return(0); + } ++ /* This is a warning but we receive it if we requested ++ * renegotiation and the peer denied it. Terminate with ++ * a fatal alert because if application tried to ++ * renegotiatie it presumably had a good reason and ++ * expects it to succeed. ++ * ++ * In future we might have a renegotiation where we ++ * don't care if the peer refused it where we carry on. ++ */ ++ else if (alert_descr == SSL_AD_NO_RENEGOTIATION) ++ { ++ al = SSL_AD_HANDSHAKE_FAILURE; ++ SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_NO_RENEGOTIATION); ++ goto f_err; ++ } + } + else if (alert_level == 2) /* fatal */ + { +diff -up openssl-1.0.0-beta4/ssl/s3_srvr.c.scsv openssl-1.0.0-beta4/ssl/s3_srvr.c +--- openssl-1.0.0-beta4/ssl/s3_srvr.c.scsv 2010-01-07 23:37:39.000000000 +0100 ++++ openssl-1.0.0-beta4/ssl/s3_srvr.c 2010-01-07 23:37:39.000000000 +0100 +@@ -1015,7 +1015,7 @@ int ssl3_get_client_hello(SSL *s) + + #ifndef OPENSSL_NO_TLSEXT + /* TLS extensions*/ +- if (s->version > SSL3_VERSION) ++ if (s->version >= SSL3_VERSION) + { + if (!ssl_parse_clienthello_tlsext(s,&p,d,n, &al)) + { +diff -up openssl-1.0.0-beta4/ssl/t1_lib.c.scsv openssl-1.0.0-beta4/ssl/t1_lib.c +--- openssl-1.0.0-beta4/ssl/t1_lib.c.scsv 2010-01-07 23:37:39.000000000 +0100 ++++ openssl-1.0.0-beta4/ssl/t1_lib.c 2010-01-07 23:38:08.000000000 +0100 +@@ -275,8 +275,9 @@ unsigned char *ssl_add_clienthello_tlsex + int extdatalen=0; + unsigned char *ret = p; + +- /* don't add extensions for SSLv3 */ +- if (s->client_version == SSL3_VERSION) ++ /* don't add extensions for SSLv3 unless doing secure renegotiation */ ++ if (s->client_version == SSL3_VERSION ++ && !s->s3->send_connection_binding) + return p; + + ret+=2; +@@ -315,8 +316,9 @@ unsigned char *ssl_add_clienthello_tlsex + ret+=size_str; + } + +- /* Add the renegotiation option: TODOEKR switch */ +- { ++ /* Add RI if renegotiating */ ++ if (s->new_session) ++ { + int el; + + if(!ssl_add_clienthello_renegotiate_ext(s, 0, &el, 0)) +@@ -504,8 +506,8 @@ unsigned char *ssl_add_serverhello_tlsex + int extdatalen=0; + unsigned char *ret = p; + +- /* don't add extensions for SSLv3 */ +- if (s->version == SSL3_VERSION) ++ /* don't add extensions for SSLv3, unless doing secure renegotiation */ ++ if (s->version == SSL3_VERSION && !s->s3->send_connection_binding) + return p; + + ret+=2; +@@ -633,24 +635,13 @@ int ssl_parse_clienthello_tlsext(SSL *s, + + s->servername_done = 0; + s->tlsext_status_type = -1; +- s->s3->send_connection_binding = 0; + + if (data >= (d+n-2)) +- { +- if (s->new_session +- && !(s->ctx->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) +- { +- /* We should always see one extension: the renegotiate extension */ +- *al = SSL_AD_ILLEGAL_PARAMETER; /* is this the right alert? */ +- SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT, SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED); +- return 0; +- } +- return 1; +- } ++ goto ri_check; + n2s(data,len); + + if (data > (d+n-len)) +- return 1; ++ goto ri_check; + + while (data <= (d+n-4)) + { +@@ -658,7 +649,7 @@ int ssl_parse_clienthello_tlsext(SSL *s, + n2s(data,size); + + if (data+size > (d+n)) +- return 1; ++ goto ri_check; + #if 0 + fprintf(stderr,"Received extension type %d size %d\n",type,size); + #endif +@@ -971,17 +962,22 @@ int ssl_parse_clienthello_tlsext(SSL *s, + /* session ticket processed earlier */ + data+=size; + } +- +- if (s->new_session && !renegotiate_seen +- && !(s->ctx->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) +- { +- SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT, SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED); +- *al = SSL_AD_ILLEGAL_PARAMETER; /* is this the right alert? */ +- return 0; +- } +- + + *p = data; ++ ++ ri_check: ++ ++ /* Need RI if renegotiating */ ++ ++ if (!renegotiate_seen && s->new_session && ++ !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) ++ { ++ *al = SSL_AD_HANDSHAKE_FAILURE; ++ SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT, ++ SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED); ++ return 0; ++ } ++ + return 1; + } + +@@ -995,21 +991,7 @@ int ssl_parse_serverhello_tlsext(SSL *s, + int renegotiate_seen = 0; + + if (data >= (d+n-2)) +- { +-#if 0 +- /* Because the client does not see any renegotiation during an +- attack, we must enforce this on all server hellos, even the +- first */ +- if (!(s->ctx->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) +- { +- /* We should always see one extension: the renegotiate extension */ +- *al = SSL_AD_ILLEGAL_PARAMETER; /* is this the right alert? */ +- SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT, SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED); +- return 0; +- } +-#endif +- return 1; +- } ++ goto ri_check; + + n2s(data,len); + +@@ -1019,7 +1001,7 @@ int ssl_parse_serverhello_tlsext(SSL *s, + n2s(data,size); + + if (data+size > (d+n)) +- return 1; ++ goto ri_check; + + if (s->tlsext_debug_cb) + s->tlsext_debug_cb(s, 1, type, data, size, +@@ -1143,16 +1125,6 @@ int ssl_parse_serverhello_tlsext(SSL *s, + return 0; + } + +-#if 0 +- if (!renegotiate_seen +- && !(s->ctx->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) +- { +- *al = SSL_AD_ILLEGAL_PARAMETER; /* is this the right alert? */ +- SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT, SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED); +- return 0; +- } +-#endif +- + if (!s->hit && tlsext_servername == 1) + { + if (s->tlsext_hostname) +@@ -1175,6 +1147,26 @@ int ssl_parse_serverhello_tlsext(SSL *s, + } + + *p = data; ++ ++ ri_check: ++ ++ /* Determine if we need to see RI. Strictly speaking if we want to ++ * avoid an attack we should *always* see RI even on initial server ++ * hello because the client doesn't see any renegotiation during an ++ * attack. However this would mean we could not connect to any server ++ * which doesn't support RI so for the immediate future tolerate RI ++ * absence on initial connect only. ++ */ ++ if (!renegotiate_seen && ++ (s->new_session || !(s->options & SSL_OP_LEGACY_SERVER_CONNECT)) ++ && !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) ++ { ++ *al = SSL_AD_HANDSHAKE_FAILURE; ++ SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT, ++ SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED); ++ return 0; ++ } ++ + return 1; + } + +diff -up openssl-1.0.0-beta4/ssl/t1_reneg.c.scsv openssl-1.0.0-beta4/ssl/t1_reneg.c +--- openssl-1.0.0-beta4/ssl/t1_reneg.c.scsv 2009-11-09 19:45:42.000000000 +0100 ++++ openssl-1.0.0-beta4/ssl/t1_reneg.c 2010-01-07 23:37:39.000000000 +0100 +@@ -130,10 +130,15 @@ int ssl_add_clienthello_renegotiate_ext( + + memcpy(p, s->s3->previous_client_finished, + s->s3->previous_client_finished_len); ++#ifdef OPENSSL_RI_DEBUG ++ fprintf(stderr, "%s RI extension sent by client\n", ++ s->s3->previous_client_finished_len ? "Non-empty" : "Empty"); ++#endif + } + + *len=s->s3->previous_client_finished_len + 1; +- ++ ++ + return 1; + } + +@@ -166,7 +171,7 @@ int ssl_parse_clienthello_renegotiate_ex + if(ilen != s->s3->previous_client_finished_len) + { + SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_MISMATCH); +- *al=SSL_AD_ILLEGAL_PARAMETER; ++ *al=SSL_AD_HANDSHAKE_FAILURE; + return 0; + } + +@@ -174,9 +179,13 @@ int ssl_parse_clienthello_renegotiate_ex + s->s3->previous_client_finished_len)) + { + SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_MISMATCH); +- *al=SSL_AD_ILLEGAL_PARAMETER; ++ *al=SSL_AD_HANDSHAKE_FAILURE; + return 0; + } ++#ifdef OPENSSL_RI_DEBUG ++ fprintf(stderr, "%s RI extension received by server\n", ++ ilen ? "Non-empty" : "Empty"); ++#endif + + s->s3->send_connection_binding=1; + +@@ -206,6 +215,10 @@ int ssl_add_serverhello_renegotiate_ext( + + memcpy(p, s->s3->previous_server_finished, + s->s3->previous_server_finished_len); ++#ifdef OPENSSL_RI_DEBUG ++ fprintf(stderr, "%s RI extension sent by server\n", ++ s->s3->previous_client_finished_len ? "Non-empty" : "Empty"); ++#endif + } + + *len=s->s3->previous_client_finished_len +@@ -249,7 +262,7 @@ int ssl_parse_serverhello_renegotiate_ex + if(ilen != expected_len) + { + SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_MISMATCH); +- *al=SSL_AD_ILLEGAL_PARAMETER; ++ *al=SSL_AD_HANDSHAKE_FAILURE; + return 0; + } + +@@ -257,7 +270,7 @@ int ssl_parse_serverhello_renegotiate_ex + s->s3->previous_client_finished_len)) + { + SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_MISMATCH); +- *al=SSL_AD_ILLEGAL_PARAMETER; ++ *al=SSL_AD_HANDSHAKE_FAILURE; + return 0; + } + d += s->s3->previous_client_finished_len; +@@ -269,6 +282,11 @@ int ssl_parse_serverhello_renegotiate_ex + *al=SSL_AD_ILLEGAL_PARAMETER; + return 0; + } ++#ifdef OPENSSL_RI_DEBUG ++ fprintf(stderr, "%s RI extension received by client\n", ++ ilen ? "Non-empty" : "Empty"); ++#endif ++ s->s3->send_connection_binding=1; + + return 1; + } diff --git a/openssl-1.0.0-beta4-tls-comp.patch b/openssl-1.0.0-beta4-tls-comp.patch new file mode 100644 index 0000000..d5c25c5 --- /dev/null +++ b/openssl-1.0.0-beta4-tls-comp.patch @@ -0,0 +1,193 @@ +diff -up openssl-1.0.0-beta4/ssl/ssl_err.c.tls-comp openssl-1.0.0-beta4/ssl/ssl_err.c +--- openssl-1.0.0-beta4/ssl/ssl_err.c.tls-comp 2010-01-07 18:45:46.000000000 +0100 ++++ openssl-1.0.0-beta4/ssl/ssl_err.c 2010-01-07 22:46:10.000000000 +0100 +@@ -329,6 +329,7 @@ static ERR_STRING_DATA SSL_str_reasons[] + {ERR_REASON(SSL_R_CIPHER_TABLE_SRC_ERROR),"cipher table src error"}, + {ERR_REASON(SSL_R_CLIENTHELLO_TLSEXT) ,"clienthello tlsext"}, + {ERR_REASON(SSL_R_COMPRESSED_LENGTH_TOO_LONG),"compressed length too long"}, ++{ERR_REASON(SSL_R_COMPRESSION_DISABLED) ,"compression disabled"}, + {ERR_REASON(SSL_R_COMPRESSION_FAILURE) ,"compression failure"}, + {ERR_REASON(SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE),"compression id not within private range"}, + {ERR_REASON(SSL_R_COMPRESSION_LIBRARY_ERROR),"compression library error"}, +@@ -357,8 +358,10 @@ static ERR_STRING_DATA SSL_str_reasons[] + {ERR_REASON(SSL_R_HTTPS_PROXY_REQUEST) ,"https proxy request"}, + {ERR_REASON(SSL_R_HTTP_REQUEST) ,"http request"}, + {ERR_REASON(SSL_R_ILLEGAL_PADDING) ,"illegal padding"}, ++{ERR_REASON(SSL_R_INCONSISTENT_COMPRESSION),"inconsistent compression"}, + {ERR_REASON(SSL_R_INVALID_CHALLENGE_LENGTH),"invalid challenge length"}, + {ERR_REASON(SSL_R_INVALID_COMMAND) ,"invalid command"}, ++{ERR_REASON(SSL_R_INVALID_COMPRESSION_ALGORITHM),"invalid compression algorithm"}, + {ERR_REASON(SSL_R_INVALID_PURPOSE) ,"invalid purpose"}, + {ERR_REASON(SSL_R_INVALID_STATUS_RESPONSE),"invalid status response"}, + {ERR_REASON(SSL_R_INVALID_TICKET_KEYS_LENGTH),"invalid ticket keys length"}, +@@ -421,6 +424,7 @@ static ERR_STRING_DATA SSL_str_reasons[] + {ERR_REASON(SSL_R_NULL_SSL_CTX) ,"null ssl ctx"}, + {ERR_REASON(SSL_R_NULL_SSL_METHOD_PASSED),"null ssl method passed"}, + {ERR_REASON(SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED),"old session cipher not returned"}, ++{ERR_REASON(SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED),"old session compression algorithm not returned"}, + {ERR_REASON(SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE),"only tls allowed in fips mode"}, + {ERR_REASON(SSL_R_OPAQUE_PRF_INPUT_TOO_LONG),"opaque PRF input too long"}, + {ERR_REASON(SSL_R_PACKET_LENGTH_TOO_LONG),"packet length too long"}, +@@ -451,6 +455,7 @@ static ERR_STRING_DATA SSL_str_reasons[] + {ERR_REASON(SSL_R_RENEGOTIATION_ENCODING_ERR),"renegotiation encoding err"}, + {ERR_REASON(SSL_R_RENEGOTIATION_MISMATCH),"renegotiation mismatch"}, + {ERR_REASON(SSL_R_REQUIRED_CIPHER_MISSING),"required cipher missing"}, ++{ERR_REASON(SSL_R_REQUIRED_COMPRESSSION_ALGORITHM_MISSING),"required compresssion algorithm missing"}, + {ERR_REASON(SSL_R_REUSE_CERT_LENGTH_NOT_ZERO),"reuse cert length not zero"}, + {ERR_REASON(SSL_R_REUSE_CERT_TYPE_NOT_ZERO),"reuse cert type not zero"}, + {ERR_REASON(SSL_R_REUSE_CIPHER_LIST_NOT_ZERO),"reuse cipher list not zero"}, +diff -up openssl-1.0.0-beta4/ssl/ssl.h.tls-comp openssl-1.0.0-beta4/ssl/ssl.h +--- openssl-1.0.0-beta4/ssl/ssl.h.tls-comp 2010-01-07 18:45:46.000000000 +0100 ++++ openssl-1.0.0-beta4/ssl/ssl.h 2010-01-07 22:47:07.000000000 +0100 +@@ -485,7 +485,7 @@ typedef struct ssl_session_st + long timeout; + long time; + +- int compress_meth; /* Need to lookup the method */ ++ unsigned int compress_meth; /* Need to lookup the method */ + + const SSL_CIPHER *cipher; + unsigned long cipher_id; /* when ASN.1 loaded, this +@@ -2051,6 +2051,7 @@ void ERR_load_SSL_strings(void); + #define SSL_R_CIPHER_TABLE_SRC_ERROR 139 + #define SSL_R_CLIENTHELLO_TLSEXT 226 + #define SSL_R_COMPRESSED_LENGTH_TOO_LONG 140 ++#define SSL_R_COMPRESSION_DISABLED 343 + #define SSL_R_COMPRESSION_FAILURE 141 + #define SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE 307 + #define SSL_R_COMPRESSION_LIBRARY_ERROR 142 +@@ -2079,8 +2080,10 @@ void ERR_load_SSL_strings(void); + #define SSL_R_HTTPS_PROXY_REQUEST 155 + #define SSL_R_HTTP_REQUEST 156 + #define SSL_R_ILLEGAL_PADDING 283 ++#define SSL_R_INCONSISTENT_COMPRESSION 340 + #define SSL_R_INVALID_CHALLENGE_LENGTH 158 + #define SSL_R_INVALID_COMMAND 280 ++#define SSL_R_INVALID_COMPRESSION_ALGORITHM 341 + #define SSL_R_INVALID_PURPOSE 278 + #define SSL_R_INVALID_STATUS_RESPONSE 328 + #define SSL_R_INVALID_TICKET_KEYS_LENGTH 325 +@@ -2143,6 +2146,7 @@ void ERR_load_SSL_strings(void); + #define SSL_R_NULL_SSL_CTX 195 + #define SSL_R_NULL_SSL_METHOD_PASSED 196 + #define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED 197 ++#define SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED 344 + #define SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE 297 + #define SSL_R_OPAQUE_PRF_INPUT_TOO_LONG 327 + #define SSL_R_PACKET_LENGTH_TOO_LONG 198 +@@ -2173,6 +2177,7 @@ void ERR_load_SSL_strings(void); + #define SSL_R_RENEGOTIATION_ENCODING_ERR 336 + #define SSL_R_RENEGOTIATION_MISMATCH 337 + #define SSL_R_REQUIRED_CIPHER_MISSING 215 ++#define SSL_R_REQUIRED_COMPRESSSION_ALGORITHM_MISSING 342 + #define SSL_R_REUSE_CERT_LENGTH_NOT_ZERO 216 + #define SSL_R_REUSE_CERT_TYPE_NOT_ZERO 217 + #define SSL_R_REUSE_CIPHER_LIST_NOT_ZERO 218 +diff -up openssl-1.0.0-beta4/ssl/s3_clnt.c.tls-comp openssl-1.0.0-beta4/ssl/s3_clnt.c +--- openssl-1.0.0-beta4/ssl/s3_clnt.c.tls-comp 2010-01-07 17:53:12.000000000 +0100 ++++ openssl-1.0.0-beta4/ssl/s3_clnt.c 2010-01-07 22:47:07.000000000 +0100 +@@ -895,10 +895,31 @@ int ssl3_get_server_hello(SSL *s) + SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM); + goto f_err; + } ++ /* If compression is disabled we'd better not try to resume a session ++ * using compression. ++ */ ++ if (s->session->compress_meth != 0) ++ { ++ al=SSL_AD_INTERNAL_ERROR; ++ SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_INCONSISTENT_COMPRESSION); ++ goto f_err; ++ } + #else + j= *(p++); +- if ((j == 0) || (s->options & SSL_OP_NO_COMPRESSION)) ++ if (s->hit && j != s->session->compress_meth) ++ { ++ al=SSL_AD_ILLEGAL_PARAMETER; ++ SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED); ++ goto f_err; ++ } ++ if (j == 0) + comp=NULL; ++ else if (s->options & SSL_OP_NO_COMPRESSION) ++ { ++ al=SSL_AD_ILLEGAL_PARAMETER; ++ SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_COMPRESSION_DISABLED); ++ goto f_err; ++ } + else + comp=ssl3_comp_find(s->ctx->comp_methods,j); + +diff -up openssl-1.0.0-beta4/ssl/s3_srvr.c.tls-comp openssl-1.0.0-beta4/ssl/s3_srvr.c +--- openssl-1.0.0-beta4/ssl/s3_srvr.c.tls-comp 2010-01-07 17:53:12.000000000 +0100 ++++ openssl-1.0.0-beta4/ssl/s3_srvr.c 2010-01-07 22:46:10.000000000 +0100 +@@ -1088,7 +1088,50 @@ int ssl3_get_client_hello(SSL *s) + * algorithms from the client, starting at q. */ + s->s3->tmp.new_compression=NULL; + #ifndef OPENSSL_NO_COMP +- if (!(s->options & SSL_OP_NO_COMPRESSION) && s->ctx->comp_methods) ++ /* This only happens if we have a cache hit */ ++ if (s->session->compress_meth != 0) ++ { ++ int m, comp_id = s->session->compress_meth; ++ /* Perform sanity checks on resumed compression algorithm */ ++ /* Can't disable compression */ ++ if (s->options & SSL_OP_NO_COMPRESSION) ++ { ++ al=SSL_AD_INTERNAL_ERROR; ++ SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_INCONSISTENT_COMPRESSION); ++ goto f_err; ++ } ++ /* Look for resumed compression method */ ++ for (m = 0; m < sk_SSL_COMP_num(s->ctx->comp_methods); m++) ++ { ++ comp=sk_SSL_COMP_value(s->ctx->comp_methods,m); ++ if (comp_id == comp->id) ++ { ++ s->s3->tmp.new_compression=comp; ++ break; ++ } ++ } ++ if (s->s3->tmp.new_compression == NULL) ++ { ++ al=SSL_AD_INTERNAL_ERROR; ++ SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_INVALID_COMPRESSION_ALGORITHM); ++ goto f_err; ++ } ++ /* Look for resumed method in compression list */ ++ for (m = 0; m < i; m++) ++ { ++ if (q[m] == comp_id) ++ break; ++ } ++ if (m >= i) ++ { ++ al=SSL_AD_ILLEGAL_PARAMETER; ++ SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_REQUIRED_COMPRESSSION_ALGORITHM_MISSING); ++ goto f_err; ++ } ++ } ++ else if (s->hit) ++ comp = NULL; ++ else if (!(s->options & SSL_OP_NO_COMPRESSION) && s->ctx->comp_methods) + { /* See if we have a match */ + int m,nn,o,v,done=0; + +@@ -1112,6 +1155,16 @@ int ssl3_get_client_hello(SSL *s) + else + comp=NULL; + } ++#else ++ /* If compression is disabled we'd better not try to resume a session ++ * using compression. ++ */ ++ if (s->session->compress_meth != 0) ++ { ++ al=SSL_AD_INTERNAL_ERROR; ++ SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_INCONSISTENT_COMPRESSION); ++ goto f_err; ++ } + #endif + + /* Given s->session->ciphers and SSL_get_ciphers, we must diff --git a/openssl.spec b/openssl.spec index 2729e7e..49af8f2 100644 --- a/openssl.spec +++ b/openssl.spec @@ -23,7 +23,7 @@ Summary: A general purpose cryptography library with TLS implementation Name: openssl Version: 1.0.0 -Release: 0.16.%{beta}%{?dist} +Release: 0.17.%{beta}%{?dist} # We remove certain patented algorithms from the openssl source tarball # with the hobble-openssl script which is included below. Source: openssl-%{version}-%{beta}-usa.tar.bz2 @@ -68,6 +68,10 @@ Patch61: openssl-1.0.0-beta4-client-reneg.patch Patch62: openssl-1.0.0-beta4-backports.patch Patch63: openssl-1.0.0-beta4-reneg-err.patch Patch64: openssl-1.0.0-beta4-dtls-ipv6.patch +Patch65: openssl-1.0.0-beta4-dtls-reneg.patch +Patch66: openssl-1.0.0-beta4-backports2.patch +Patch67: openssl-1.0.0-beta4-reneg-scsv.patch +Patch68: openssl-1.0.0-beta4-tls-comp.patch License: OpenSSL Group: System Environment/Libraries @@ -152,6 +156,10 @@ from other formats to the formats used by the OpenSSL toolkit. %patch62 -p1 -b .backports %patch63 -p1 -b .reneg-err %patch64 -p1 -b .dtls-ipv6 +%patch65 -p1 -b .dtls-reneg +%patch66 -p1 -b .backports2 +%patch67 -p1 -b .scsv +%patch68 -p1 -b .tls-comp # Modify the various perl scripts to reference perl in the right location. perl util/perlpath.pl `dirname %{__perl}` @@ -160,7 +168,7 @@ perl util/perlpath.pl `dirname %{__perl}` touch Makefile make TABLE PERL=%{__perl} -%build +%build # Figure out which flags we want to use. # default sslarch=%{_os}-%{_arch} @@ -347,7 +355,7 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.* %clean [ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT -%files +%files %defattr(-,root,root) %doc FAQ LICENSE CHANGES NEWS INSTALL README %doc doc/c-indentation.el doc/openssl.txt @@ -400,6 +408,11 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.* %postun -p /sbin/ldconfig %changelog +* Thu Jan 7 2010 Tomas Mraz 1.0.0-0.17.beta4 +- upstream fix compression handling on session resumption +- various null checks and other small fixes from upstream +- upstream changes for the renegotiation info according to the latest draft + * Mon Nov 23 2009 Tomas Mraz 1.0.0-0.16.beta4 - fix non-fips mingw build (patch by Kalev Lember) - add IPV6 fix for DTLS @@ -419,7 +432,7 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.* openssh and possibly other dependencies with too strict version check * Thu Nov 12 2009 Tomas Mraz 1.0.0-0.11.beta4 -- update to new upstream version, no soname bump needed +- update to new upstream version, no soname bump needed - fix CVE-2009-3555 - note that the fix is bypassed if SSL_OP_ALL is used so the compatibility with unfixed clients is not broken. The protocol extension is also not final.