- new upstream release

This commit is contained in:
Tomáš Mráz 2010-01-21 08:12:12 +00:00
parent 79249339a7
commit ae5568515b
20 changed files with 431 additions and 3117 deletions

View File

@ -1 +1 @@
openssl-1.0.0-beta4-usa.tar.bz2 openssl-1.0.0-beta5-usa.tar.bz2

View File

@ -1,45 +0,0 @@
diff -up openssl-1.0.0-beta4/crypto/asn1/d2i_pu.c.backports openssl-1.0.0-beta4/crypto/asn1/d2i_pu.c
--- openssl-1.0.0-beta4/crypto/asn1/d2i_pu.c.backports 2008-11-12 04:57:49.000000000 +0100
+++ openssl-1.0.0-beta4/crypto/asn1/d2i_pu.c 2009-11-18 14:11:14.000000000 +0100
@@ -87,9 +87,13 @@ EVP_PKEY *d2i_PublicKey(int type, EVP_PK
}
else ret= *a;
- ret->save_type=type;
- ret->type=EVP_PKEY_type(type);
- switch (ret->type)
+ if (!EVP_PKEY_set_type(ret, type))
+ {
+ ASN1err(ASN1_F_D2I_PUBLICKEY,ERR_R_EVP_LIB);
+ goto err;
+ }
+
+ switch (EVP_PKEY_id(ret))
{
#ifndef OPENSSL_NO_RSA
case EVP_PKEY_RSA:
diff -up openssl-1.0.0-beta4/crypto/evp/p_lib.c.backports openssl-1.0.0-beta4/crypto/evp/p_lib.c
--- openssl-1.0.0-beta4/crypto/evp/p_lib.c.backports 2006-07-04 22:27:44.000000000 +0200
+++ openssl-1.0.0-beta4/crypto/evp/p_lib.c 2009-11-18 14:11:26.000000000 +0100
@@ -220,7 +220,10 @@ static int pkey_set_type(EVP_PKEY *pkey,
#ifndef OPENSSL_NO_ENGINE
/* If we have an ENGINE release it */
if (pkey->engine)
+ {
ENGINE_finish(pkey->engine);
+ pkey->engine = NULL;
+ }
#endif
}
if (str)
diff -up openssl-1.0.0-beta4/crypto/x509/x509_vfy.c.backports openssl-1.0.0-beta4/crypto/x509/x509_vfy.c
--- openssl-1.0.0-beta4/crypto/x509/x509_vfy.c.backports 2009-10-31 20:21:47.000000000 +0100
+++ openssl-1.0.0-beta4/crypto/x509/x509_vfy.c 2009-11-18 14:11:31.000000000 +0100
@@ -1727,6 +1727,7 @@ int X509_cmp_time(const ASN1_TIME *ctm,
offset= -offset;
}
atm.type=ctm->type;
+ atm.flags = 0;
atm.length=sizeof(buff2);
atm.data=(unsigned char *)buff2;

View File

@ -1,334 +0,0 @@
diff -up openssl-1.0.0-beta4/apps/ca.c.backports2 openssl-1.0.0-beta4/apps/ca.c
--- openssl-1.0.0-beta4/apps/ca.c.backports2 2009-10-04 18:43:21.000000000 +0200
+++ openssl-1.0.0-beta4/apps/ca.c 2010-01-07 23:16:08.000000000 +0100
@@ -215,7 +215,6 @@ static int certify_spkac(X509 **xret, ch
char *startdate, char *enddate, long days, char *ext_sect,
CONF *conf, int verbose, unsigned long certopt,
unsigned long nameopt, int default_op, int ext_copy);
-static int fix_data(int nid, int *type);
static void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext);
static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial,char *subj,unsigned long chtype, int multirdn,
@@ -2334,25 +2333,9 @@ static int certify_spkac(X509 **xret, ch
continue;
}
- /*
- if ((nid == NID_pkcs9_emailAddress) && (email_dn == 0))
- continue;
- */
-
- j=ASN1_PRINTABLE_type((unsigned char *)buf,-1);
- if (fix_data(nid, &j) == 0)
- {
- BIO_printf(bio_err,
- "invalid characters in string %s\n",buf);
- goto err;
- }
-
- if ((ne=X509_NAME_ENTRY_create_by_NID(&ne,nid,j,
- (unsigned char *)buf,
- strlen(buf))) == NULL)
+ if (!X509_NAME_add_entry_by_NID(n, nid, chtype,
+ (unsigned char *)buf, -1, -1, 0))
goto err;
-
- if (!X509_NAME_add_entry(n,ne,-1, 0)) goto err;
}
if (spki == NULL)
{
@@ -2395,21 +2378,6 @@ err:
return(ok);
}
-static int fix_data(int nid, int *type)
- {
- if (nid == NID_pkcs9_emailAddress)
- *type=V_ASN1_IA5STRING;
- if ((nid == NID_commonName) && (*type == V_ASN1_IA5STRING))
- *type=V_ASN1_T61STRING;
- if ((nid == NID_pkcs9_challengePassword) && (*type == V_ASN1_IA5STRING))
- *type=V_ASN1_T61STRING;
- if ((nid == NID_pkcs9_unstructuredName) && (*type == V_ASN1_T61STRING))
- return(0);
- if (nid == NID_pkcs9_unstructuredName)
- *type=V_ASN1_IA5STRING;
- return(1);
- }
-
static int check_time_format(const char *str)
{
return ASN1_TIME_set_string(NULL, str);
diff -up openssl-1.0.0-beta4/crypto/asn1/ameth_lib.c.backports2 openssl-1.0.0-beta4/crypto/asn1/ameth_lib.c
--- openssl-1.0.0-beta4/crypto/asn1/ameth_lib.c.backports2 2008-11-12 04:57:49.000000000 +0100
+++ openssl-1.0.0-beta4/crypto/asn1/ameth_lib.c 2010-01-07 23:16:08.000000000 +0100
@@ -301,6 +301,8 @@ EVP_PKEY_ASN1_METHOD* EVP_PKEY_asn1_new(
if (!ameth->info)
goto err;
}
+ else
+ ameth->info = NULL;
if (pem_str)
{
@@ -308,6 +310,8 @@ EVP_PKEY_ASN1_METHOD* EVP_PKEY_asn1_new(
if (!ameth->pem_str)
goto err;
}
+ else
+ ameth->pem_str = NULL;
ameth->pub_decode = 0;
ameth->pub_encode = 0;
diff -up openssl-1.0.0-beta4/crypto/bio/b_sock.c.backports2 openssl-1.0.0-beta4/crypto/bio/b_sock.c
--- openssl-1.0.0-beta4/crypto/bio/b_sock.c.backports2 2010-01-07 23:16:08.000000000 +0100
+++ openssl-1.0.0-beta4/crypto/bio/b_sock.c 2010-01-07 23:16:08.000000000 +0100
@@ -595,7 +595,7 @@ int BIO_get_accept_socket(char *host, in
struct sockaddr_in6 sa_in6;
#endif
} server,client;
- int s=INVALID_SOCKET,cs;
+ int s=INVALID_SOCKET,cs,addrlen;
unsigned char ip[4];
unsigned short port;
char *str=NULL,*e;
@@ -666,8 +666,10 @@ int BIO_get_accept_socket(char *host, in
if ((*p_getaddrinfo.f)(h,p,&hint,&res)) break;
- memcpy(&server, res->ai_addr,
- res->ai_addrlen<=sizeof(server)?res->ai_addrlen:sizeof(server));
+ addrlen = res->ai_addrlen<=sizeof(server) ?
+ res->ai_addrlen :
+ sizeof(server);
+ memcpy(&server, res->ai_addr, addrlen);
(*p_freeaddrinfo.f)(res);
goto again;
@@ -679,6 +681,7 @@ int BIO_get_accept_socket(char *host, in
memset((char *)&server,0,sizeof(server));
server.sa_in.sin_family=AF_INET;
server.sa_in.sin_port=htons(port);
+ addrlen = sizeof(server.sa_in);
if (h == NULL || strcmp(h,"*") == 0)
server.sa_in.sin_addr.s_addr=INADDR_ANY;
@@ -712,7 +715,7 @@ again:
bind_mode=BIO_BIND_NORMAL;
}
#endif
- if (bind(s,&server.sa,sizeof(server)) == -1)
+ if (bind(s,&server.sa,addrlen) == -1)
{
#ifdef SO_REUSEADDR
err_num=get_last_socket_error();
@@ -740,7 +743,7 @@ again:
if (cs != INVALID_SOCKET)
{
int ii;
- ii=connect(cs,&client.sa,sizeof(client));
+ ii=connect(cs,&client.sa,addrlen);
closesocket(cs);
if (ii == INVALID_SOCKET)
{
diff -up openssl-1.0.0-beta4/crypto/bio/bss_dgram.c.backports2 openssl-1.0.0-beta4/crypto/bio/bss_dgram.c
--- openssl-1.0.0-beta4/crypto/bio/bss_dgram.c.backports2 2010-01-07 23:16:08.000000000 +0100
+++ openssl-1.0.0-beta4/crypto/bio/bss_dgram.c 2010-01-07 23:16:08.000000000 +0100
@@ -335,11 +335,21 @@ static int dgram_write(BIO *b, const cha
if ( data->connected )
ret=writesocket(b->num,in,inl);
else
+ {
+ int peerlen = sizeof(data->peer);
+
+ if (data->peer.sa.sa_family == AF_INET)
+ peerlen = sizeof(data->peer.sa_in);
+#if OPENSSL_USE_IVP6
+ else if (data->peer.sa.sa_family == AF_INET6)
+ peerlen = sizeof(data->peer.sa_in6);
+#endif
#if defined(NETWARE_CLIB) && defined(NETWARE_BSDSOCK)
- ret=sendto(b->num, (char *)in, inl, 0, &data->peer.sa, sizeof(data->peer));
+ ret=sendto(b->num, (char *)in, inl, 0, &data->peer.sa, peerlen);
#else
- ret=sendto(b->num, in, inl, 0, &data->peer.sa, sizeof(data->peer));
+ ret=sendto(b->num, in, inl, 0, &data->peer.sa, peerlen);
#endif
+ }
BIO_clear_retry_flags(b);
if (ret <= 0)
diff -up openssl-1.0.0-beta4/crypto/bn/bn_mul.c.backports2 openssl-1.0.0-beta4/crypto/bn/bn_mul.c
--- openssl-1.0.0-beta4/crypto/bn/bn_mul.c.backports2 2009-06-17 13:47:54.000000000 +0200
+++ openssl-1.0.0-beta4/crypto/bn/bn_mul.c 2010-01-07 23:16:08.000000000 +0100
@@ -1032,15 +1032,15 @@ int BN_mul(BIGNUM *r, const BIGNUM *a, c
goto err;
if (al > j || bl > j)
{
- bn_wexpand(t,k*4);
- bn_wexpand(rr,k*4);
+ if (bn_wexpand(t,k*4) == NULL) goto err;
+ if (bn_wexpand(rr,k*4) == NULL) goto err;
bn_mul_part_recursive(rr->d,a->d,b->d,
j,al-j,bl-j,t->d);
}
else /* al <= j || bl <= j */
{
- bn_wexpand(t,k*2);
- bn_wexpand(rr,k*2);
+ if (bn_wexpand(t,k*2) == NULL) goto err;
+ if (bn_wexpand(rr,k*2) == NULL) goto err;
bn_mul_recursive(rr->d,a->d,b->d,
j,al-j,bl-j,t->d);
}
diff -up openssl-1.0.0-beta4/crypto/dsa/dsa_pmeth.c.backports2 openssl-1.0.0-beta4/crypto/dsa/dsa_pmeth.c
--- openssl-1.0.0-beta4/crypto/dsa/dsa_pmeth.c.backports2 2009-09-02 17:51:28.000000000 +0200
+++ openssl-1.0.0-beta4/crypto/dsa/dsa_pmeth.c 2010-01-07 23:16:08.000000000 +0100
@@ -132,7 +132,7 @@ static int pkey_dsa_sign(EVP_PKEY_CTX *c
ret = DSA_sign(type, tbs, tbslen, sig, &sltmp, dsa);
- if (ret < 0)
+ if (ret <= 0)
return ret;
*siglen = sltmp;
return 1;
diff -up openssl-1.0.0-beta4/crypto/evp/digest.c.backports2 openssl-1.0.0-beta4/crypto/evp/digest.c
--- openssl-1.0.0-beta4/crypto/evp/digest.c.backports2 2010-01-07 23:16:07.000000000 +0100
+++ openssl-1.0.0-beta4/crypto/evp/digest.c 2010-01-07 23:16:08.000000000 +0100
@@ -127,7 +127,8 @@ EVP_MD_CTX *EVP_MD_CTX_create(void)
{
EVP_MD_CTX *ctx=OPENSSL_malloc(sizeof *ctx);
- EVP_MD_CTX_init(ctx);
+ if (ctx)
+ EVP_MD_CTX_init(ctx);
return ctx;
}
@@ -256,6 +257,12 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, c
{
ctx->update = type->update;
ctx->md_data=OPENSSL_malloc(type->ctx_size);
+ if (ctx->md_data == NULL)
+ {
+ EVPerr(EVP_F_EVP_DIGESTINIT_EX,
+ ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
}
}
#ifndef OPENSSL_NO_ENGINE
@@ -346,8 +353,17 @@ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out,
if (in->md_data && out->digest->ctx_size)
{
- if (tmp_buf) out->md_data = tmp_buf;
- else out->md_data=OPENSSL_malloc(out->digest->ctx_size);
+ if (tmp_buf)
+ out->md_data = tmp_buf;
+ else
+ {
+ out->md_data=OPENSSL_malloc(out->digest->ctx_size);
+ if (!out->md_data)
+ {
+ EVPerr(EVP_F_EVP_MD_CTX_COPY_EX,ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ }
memcpy(out->md_data,in->md_data,out->digest->ctx_size);
}
diff -up openssl-1.0.0-beta4/crypto/evp/evp_err.c.backports2 openssl-1.0.0-beta4/crypto/evp/evp_err.c
--- openssl-1.0.0-beta4/crypto/evp/evp_err.c.backports2 2010-01-07 23:16:07.000000000 +0100
+++ openssl-1.0.0-beta4/crypto/evp/evp_err.c 2010-01-07 23:16:08.000000000 +0100
@@ -186,6 +186,8 @@ static ERR_STRING_DATA EVP_str_reasons[]
{ERR_REASON(EVP_R_PRIVATE_KEY_DECODE_ERROR),"private key decode error"},
{ERR_REASON(EVP_R_PRIVATE_KEY_ENCODE_ERROR),"private key encode error"},
{ERR_REASON(EVP_R_PUBLIC_KEY_NOT_RSA) ,"public key not rsa"},
+{ERR_REASON(EVP_R_UNKNOWN_CIPHER) ,"unknown cipher"},
+{ERR_REASON(EVP_R_UNKNOWN_DIGEST) ,"unknown digest"},
{ERR_REASON(EVP_R_UNKNOWN_PBE_ALGORITHM) ,"unknown pbe algorithm"},
{ERR_REASON(EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS),"unsuported number of rounds"},
{ERR_REASON(EVP_R_UNSUPPORTED_ALGORITHM) ,"unsupported algorithm"},
diff -up openssl-1.0.0-beta4/crypto/evp/evp.h.backports2 openssl-1.0.0-beta4/crypto/evp/evp.h
--- openssl-1.0.0-beta4/crypto/evp/evp.h.backports2 2010-01-07 23:16:07.000000000 +0100
+++ openssl-1.0.0-beta4/crypto/evp/evp.h 2010-01-07 23:16:08.000000000 +0100
@@ -1275,6 +1275,8 @@ void ERR_load_EVP_strings(void);
#define EVP_R_PRIVATE_KEY_DECODE_ERROR 145
#define EVP_R_PRIVATE_KEY_ENCODE_ERROR 146
#define EVP_R_PUBLIC_KEY_NOT_RSA 106
+#define EVP_R_UNKNOWN_CIPHER 160
+#define EVP_R_UNKNOWN_DIGEST 161
#define EVP_R_UNKNOWN_PBE_ALGORITHM 121
#define EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS 135
#define EVP_R_UNSUPPORTED_ALGORITHM 156
diff -up openssl-1.0.0-beta4/crypto/evp/evp_pbe.c.backports2 openssl-1.0.0-beta4/crypto/evp/evp_pbe.c
--- openssl-1.0.0-beta4/crypto/evp/evp_pbe.c.backports2 2008-11-05 19:38:57.000000000 +0100
+++ openssl-1.0.0-beta4/crypto/evp/evp_pbe.c 2010-01-07 23:17:15.000000000 +0100
@@ -174,12 +174,26 @@ int EVP_PBE_CipherInit(ASN1_OBJECT *pbe_
if (cipher_nid == -1)
cipher = NULL;
else
+ {
cipher = EVP_get_cipherbynid(cipher_nid);
+ if (!cipher)
+ {
+ EVPerr(EVP_F_EVP_PBE_CIPHERINIT,EVP_R_UNKNOWN_CIPHER);
+ return 0;
+ }
+ }
if (md_nid == -1)
md = NULL;
else
+ {
md = EVP_get_digestbynid(md_nid);
+ if (!md)
+ {
+ EVPerr(EVP_F_EVP_PBE_CIPHERINIT,EVP_R_UNKNOWN_DIGEST);
+ return 0;
+ }
+ }
if (!keygen(ctx, pass, passlen, param, cipher, md, en_de))
{
diff -up openssl-1.0.0-beta4/crypto/rsa/rsa_lib.c.backports2 openssl-1.0.0-beta4/crypto/rsa/rsa_lib.c
--- openssl-1.0.0-beta4/crypto/rsa/rsa_lib.c.backports2 2010-01-07 23:16:07.000000000 +0100
+++ openssl-1.0.0-beta4/crypto/rsa/rsa_lib.c 2010-01-07 23:16:08.000000000 +0100
@@ -208,7 +208,16 @@ RSA *RSA_new_method(ENGINE *engine)
ret->mt_blinding=NULL;
ret->bignum_data=NULL;
ret->flags=ret->meth->flags;
- CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data);
+ if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data))
+ {
+#ifndef OPENSSL_NO_ENGINE
+ if (ret->engine)
+ ENGINE_finish(ret->engine);
+#endif
+ OPENSSL_free(ret);
+ return(NULL);
+ }
+
if ((ret->meth->init != NULL) && !ret->meth->init(ret))
{
#ifndef OPENSSL_NO_ENGINE
diff -up openssl-1.0.0-beta4/crypto/x509/x509_lu.c.backports2 openssl-1.0.0-beta4/crypto/x509/x509_lu.c
--- openssl-1.0.0-beta4/crypto/x509/x509_lu.c.backports2 2009-10-18 16:42:27.000000000 +0200
+++ openssl-1.0.0-beta4/crypto/x509/x509_lu.c 2010-01-07 23:16:08.000000000 +0100
@@ -200,7 +200,13 @@ X509_STORE *X509_STORE_new(void)
ret->lookup_crls = 0;
ret->cleanup = 0;
- CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE, ret, &ret->ex_data);
+ if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE, ret, &ret->ex_data))
+ {
+ sk_X509_OBJECT_free(ret->objs);
+ OPENSSL_free(ret);
+ return NULL;
+ }
+
ret->references=1;
return ret;
}

View File

@ -1,56 +0,0 @@
diff -up openssl-1.0.0-beta4/crypto/md5/asm/md5-x86_64.pl.binutils openssl-1.0.0-beta4/crypto/md5/asm/md5-x86_64.pl
--- openssl-1.0.0-beta4/crypto/md5/asm/md5-x86_64.pl.binutils 2009-11-12 15:17:29.000000000 +0100
+++ openssl-1.0.0-beta4/crypto/md5/asm/md5-x86_64.pl 2009-11-12 17:26:08.000000000 +0100
@@ -19,6 +19,7 @@ my $code;
sub round1_step
{
my ($pos, $dst, $x, $y, $z, $k_next, $T_i, $s) = @_;
+ $T_i = unpack("l",pack("l", hex($T_i))); # convert to 32-bit signed decimal
$code .= " mov 0*4(%rsi), %r10d /* (NEXT STEP) X[0] */\n" if ($pos == -1);
$code .= " mov %edx, %r11d /* (NEXT STEP) z' = %edx */\n" if ($pos == -1);
$code .= <<EOF;
@@ -43,6 +44,7 @@ EOF
sub round2_step
{
my ($pos, $dst, $x, $y, $z, $k_next, $T_i, $s) = @_;
+ $T_i = unpack("l",pack("l", hex($T_i))); # convert to 32-bit signed decimal
$code .= " mov 1*4(%rsi), %r10d /* (NEXT STEP) X[1] */\n" if ($pos == -1);
$code .= " mov %edx, %r11d /* (NEXT STEP) z' = %edx */\n" if ($pos == -1);
$code .= " mov %edx, %r12d /* (NEXT STEP) z' = %edx */\n" if ($pos == -1);
@@ -69,6 +71,7 @@ EOF
sub round3_step
{
my ($pos, $dst, $x, $y, $z, $k_next, $T_i, $s) = @_;
+ $T_i = unpack("l",pack("l", hex($T_i))); # convert to 32-bit signed decimal
$code .= " mov 5*4(%rsi), %r10d /* (NEXT STEP) X[5] */\n" if ($pos == -1);
$code .= " mov %ecx, %r11d /* (NEXT STEP) y' = %ecx */\n" if ($pos == -1);
$code .= <<EOF;
@@ -91,6 +94,7 @@ EOF
sub round4_step
{
my ($pos, $dst, $x, $y, $z, $k_next, $T_i, $s) = @_;
+ $T_i = unpack("l",pack("l", hex($T_i))); # convert to 32-bit signed decimal
$code .= " mov 0*4(%rsi), %r10d /* (NEXT STEP) X[0] */\n" if ($pos == -1);
$code .= " mov \$0xffffffff, %r11d\n" if ($pos == -1);
$code .= " xor %edx, %r11d /* (NEXT STEP) not z' = not %edx*/\n"
diff -up openssl-1.0.0-beta4/crypto/sha/asm/sha1-x86_64.pl.binutils openssl-1.0.0-beta4/crypto/sha/asm/sha1-x86_64.pl
--- openssl-1.0.0-beta4/crypto/sha/asm/sha1-x86_64.pl.binutils 2009-11-12 15:17:29.000000000 +0100
+++ openssl-1.0.0-beta4/crypto/sha/asm/sha1-x86_64.pl 2009-11-12 17:24:18.000000000 +0100
@@ -150,7 +150,7 @@ ___
sub BODY_20_39 {
my ($i,$a,$b,$c,$d,$e,$f)=@_;
my $j=$i+1;
-my $K=($i<40)?0x6ed9eba1:0xca62c1d6;
+my $K=($i<40)?0x6ed9eba1:-0x359d3e2a;
$code.=<<___ if ($i<79);
lea $K($xi,$e),$f
mov `4*($j%16)`(%rsp),$xi
@@ -187,7 +187,7 @@ sub BODY_40_59 {
my ($i,$a,$b,$c,$d,$e,$f)=@_;
my $j=$i+1;
$code.=<<___;
- lea 0x8f1bbcdc($xi,$e),$f
+ lea -0x70e44324($xi,$e),$f
mov `4*($j%16)`(%rsp),$xi
mov $b,$t0
mov $b,$t1

View File

@ -1,35 +0,0 @@
Do not enforce the renegotiation extension on the client - too many broken servers remain.
diff -up openssl-1.0.0-beta4/ssl/t1_lib.c.client-reneg openssl-1.0.0-beta4/ssl/t1_lib.c
--- openssl-1.0.0-beta4/ssl/t1_lib.c.client-reneg 2009-11-12 15:17:29.000000000 +0100
+++ openssl-1.0.0-beta4/ssl/t1_lib.c 2009-11-18 14:04:19.000000000 +0100
@@ -985,6 +985,7 @@ int ssl_parse_serverhello_tlsext(SSL *s,
if (data >= (d+n-2))
{
+#if 0
/* Because the client does not see any renegotiation during an
attack, we must enforce this on all server hellos, even the
first */
@@ -994,6 +995,7 @@ int ssl_parse_serverhello_tlsext(SSL *s,
*al = SSL_AD_ILLEGAL_PARAMETER; /* is this the right alert? */
return 0;
}
+#endif
return 1;
}
@@ -1126,12 +1128,14 @@ int ssl_parse_serverhello_tlsext(SSL *s,
return 0;
}
+#if 0
if (!renegotiate_seen
&& !(s->ctx->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION))
{
*al = SSL_AD_ILLEGAL_PARAMETER; /* is this the right alert? */
return 0;
}
+#endif
if (!s->hit && tlsext_servername == 1)
{

View File

@ -1,49 +0,0 @@
Modify compression code so it frees up structures without using the
ex_data callbacks. This works around a problem where some applications
call CRYPTO_free_all_ex_data() before application exit (e.g. when
restarting) then use compression (e.g. SSL with compression) later.
This results in significant per-connection memory leaks and
has caused some security issues including CVE-2008-1678 and
CVE-2009-4355.
[Steve Henson]
diff -up openssl-1.0.0-beta4/crypto/comp/c_zlib.c.compleak openssl-1.0.0-beta4/crypto/comp/c_zlib.c
--- openssl-1.0.0-beta4/crypto/comp/c_zlib.c.compleak 2008-12-13 18:19:40.000000000 +0100
+++ openssl-1.0.0-beta4/crypto/comp/c_zlib.c 2010-01-13 22:06:20.000000000 +0100
@@ -136,15 +136,6 @@ struct zlib_state
static int zlib_stateful_ex_idx = -1;
-static void zlib_stateful_free_ex_data(void *obj, void *item,
- CRYPTO_EX_DATA *ad, int ind,long argl, void *argp)
- {
- struct zlib_state *state = (struct zlib_state *)item;
- inflateEnd(&state->istream);
- deflateEnd(&state->ostream);
- OPENSSL_free(state);
- }
-
static int zlib_stateful_init(COMP_CTX *ctx)
{
int err;
@@ -188,6 +179,12 @@ static int zlib_stateful_init(COMP_CTX *
static void zlib_stateful_finish(COMP_CTX *ctx)
{
+ struct zlib_state *state =
+ (struct zlib_state *)CRYPTO_get_ex_data(&ctx->ex_data,
+ zlib_stateful_ex_idx);
+ inflateEnd(&state->istream);
+ deflateEnd(&state->ostream);
+ OPENSSL_free(state);
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_COMP,ctx,&ctx->ex_data);
}
@@ -402,7 +399,7 @@ COMP_METHOD *COMP_zlib(void)
if (zlib_stateful_ex_idx == -1)
zlib_stateful_ex_idx =
CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_COMP,
- 0,NULL,NULL,NULL,zlib_stateful_free_ex_data);
+ 0,NULL,NULL,NULL,NULL);
CRYPTO_w_unlock(CRYPTO_LOCK_COMP);
if (zlib_stateful_ex_idx == -1)
goto err;

View File

@ -1,222 +0,0 @@
diff -up openssl-1.0.0-beta4/crypto/bio/b_sock.c.dtls-ipv6 openssl-1.0.0-beta4/crypto/bio/b_sock.c
--- openssl-1.0.0-beta4/crypto/bio/b_sock.c.dtls-ipv6 2009-11-09 15:09:53.000000000 +0100
+++ openssl-1.0.0-beta4/crypto/bio/b_sock.c 2009-11-23 08:50:45.000000000 +0100
@@ -822,7 +822,8 @@ int BIO_accept(int sock, char **addr)
if (sizeof(sa.len.i)!=sizeof(sa.len.s) && sa.len.i==0)
{
OPENSSL_assert(sa.len.s<=sizeof(sa.from));
- sa.len.i = (unsigned int)sa.len.s;
+ sa.len.i = (int)sa.len.s;
+ /* use sa.len.i from this point */
}
if (ret == INVALID_SOCKET)
{
diff -up openssl-1.0.0-beta4/crypto/bio/bss_dgram.c.dtls-ipv6 openssl-1.0.0-beta4/crypto/bio/bss_dgram.c
--- openssl-1.0.0-beta4/crypto/bio/bss_dgram.c.dtls-ipv6 2009-10-15 19:41:44.000000000 +0200
+++ openssl-1.0.0-beta4/crypto/bio/bss_dgram.c 2010-01-07 17:31:00.000000000 +0100
@@ -108,11 +108,13 @@ static BIO_METHOD methods_dgramp=
typedef struct bio_dgram_data_st
{
+ union {
+ struct sockaddr sa;
+ struct sockaddr_in sa_in;
#if OPENSSL_USE_IPV6
- struct sockaddr_storage peer;
-#else
- struct sockaddr_in peer;
+ struct sockaddr_in6 sa_in6;
#endif
+ } peer;
unsigned int connected;
unsigned int _errno;
unsigned int mtu;
@@ -278,28 +280,38 @@ static int dgram_read(BIO *b, char *out,
int ret=0;
bio_dgram_data *data = (bio_dgram_data *)b->ptr;
+ struct {
+ /*
+ * See commentary in b_sock.c. <appro>
+ */
+ union { size_t s; int i; } len;
+ union {
+ struct sockaddr sa;
+ struct sockaddr_in sa_in;
#if OPENSSL_USE_IPV6
- struct sockaddr_storage peer;
-#else
- struct sockaddr_in peer;
+ struct sockaddr_in6 sa_in6;
#endif
- int peerlen = sizeof(peer);
+ } peer;
+ } sa;
+
+ sa.len.s=0;
+ sa.len.i=sizeof(sa.peer);
if (out != NULL)
{
clear_socket_error();
- memset(&peer, 0x00, peerlen);
- /* Last arg in recvfrom is signed on some platforms and
- * unsigned on others. It is of type socklen_t on some
- * but this is not universal. Cast to (void *) to avoid
- * compiler warnings.
- */
+ memset(&sa.peer, 0x00, sizeof(sa.peer));
dgram_adjust_rcv_timeout(b);
- ret=recvfrom(b->num,out,outl,0,(struct sockaddr *)&peer,(void *)&peerlen);
+ ret=recvfrom(b->num,out,outl,0,&sa.peer.sa,(void *)&sa.len);
+ if (sizeof(sa.len.i)!=sizeof(sa.len.s) && sa.len.i==0)
+ {
+ OPENSSL_assert(sa.len.s<=sizeof(sa.peer));
+ sa.len.i = (int)sa.len.s;
+ }
dgram_reset_rcv_timeout(b);
if ( ! data->connected && ret >= 0)
- BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, &peer);
+ BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, &sa.peer);
BIO_clear_retry_flags(b);
if (ret < 0)
@@ -323,25 +335,10 @@ static int dgram_write(BIO *b, const cha
if ( data->connected )
ret=writesocket(b->num,in,inl);
else
-#if OPENSSL_USE_IPV6
- if (data->peer.ss_family == AF_INET)
#if defined(NETWARE_CLIB) && defined(NETWARE_BSDSOCK)
- ret=sendto(b->num, (char *)in, inl, 0, (const struct sockaddr *)&data->peer, sizeof(struct sockaddr_in));
+ ret=sendto(b->num, (char *)in, inl, 0, &data->peer.sa, sizeof(data->peer));
#else
- ret=sendto(b->num, in, inl, 0, (const struct sockaddr *)&data->peer, sizeof(struct sockaddr_in));
-#endif
- else
-#if defined(NETWARE_CLIB) && defined(NETWARE_BSDSOCK)
- ret=sendto(b->num, (char *)in, inl, 0, (const struct sockaddr *)&data->peer, sizeof(struct sockaddr_in6));
-#else
- ret=sendto(b->num, in, inl, 0, (const struct sockaddr *)&data->peer, sizeof(struct sockaddr_in6));
-#endif
-#else
-#if defined(NETWARE_CLIB) && defined(NETWARE_BSDSOCK)
- ret=sendto(b->num, (char *)in, inl, 0, (const struct sockaddr *)&data->peer, sizeof(struct sockaddr_in));
-#else
- ret=sendto(b->num, in, inl, 0, (const struct sockaddr *)&data->peer, sizeof(struct sockaddr_in));
-#endif
+ ret=sendto(b->num, in, inl, 0, &data->peer.sa, sizeof(data->peer));
#endif
BIO_clear_retry_flags(b);
@@ -428,11 +425,20 @@ static long dgram_ctrl(BIO *b, int cmd,
else
{
#endif
+ switch (to->sa_family)
+ {
+ case AF_INET:
+ memcpy(&data->peer,to,sizeof(data->peer.sa_in));
+ break;
#if OPENSSL_USE_IPV6
- memcpy(&(data->peer),to, sizeof(struct sockaddr_storage));
-#else
- memcpy(&(data->peer),to, sizeof(struct sockaddr_in));
-#endif
+ case AF_INET6:
+ memcpy(&data->peer,to,sizeof(data->peer.sa_in6));
+ break;
+#endif
+ default:
+ memcpy(&data->peer,to,sizeof(data->peer.sa));
+ break;
+ }
#if 0
}
#endif
@@ -537,41 +543,62 @@ static long dgram_ctrl(BIO *b, int cmd,
if ( to != NULL)
{
data->connected = 1;
+ switch (to->sa_family)
+ {
+ case AF_INET:
+ memcpy(&data->peer,to,sizeof(data->peer.sa_in));
+ break;
#if OPENSSL_USE_IPV6
- memcpy(&(data->peer),to, sizeof(struct sockaddr_storage));
-#else
- memcpy(&(data->peer),to, sizeof(struct sockaddr_in));
-#endif
+ case AF_INET6:
+ memcpy(&data->peer,to,sizeof(data->peer.sa_in6));
+ break;
+#endif
+ default:
+ memcpy(&data->peer,to,sizeof(data->peer.sa));
+ break;
+ }
}
else
{
data->connected = 0;
-#if OPENSSL_USE_IPV6
- memset(&(data->peer), 0x00, sizeof(struct sockaddr_storage));
-#else
- memset(&(data->peer), 0x00, sizeof(struct sockaddr_in));
-#endif
+ memset(&(data->peer), 0x00, sizeof(data->peer));
}
break;
case BIO_CTRL_DGRAM_GET_PEER:
- to = (struct sockaddr *) ptr;
-
+ switch (data->peer.sa.sa_family)
+ {
+ case AF_INET:
+ ret=sizeof(data->peer.sa_in);
+ break;
#if OPENSSL_USE_IPV6
- memcpy(to, &(data->peer), sizeof(struct sockaddr_storage));
- ret = sizeof(struct sockaddr_storage);
-#else
- memcpy(to, &(data->peer), sizeof(struct sockaddr_in));
- ret = sizeof(struct sockaddr_in);
-#endif
+ case AF_INET6:
+ ret=sizeof(data->peer.sa_in6);
+ break;
+#endif
+ default:
+ ret=sizeof(data->peer.sa);
+ break;
+ }
+ if (num==0 || num>ret)
+ num=ret;
+ memcpy(ptr,&data->peer,(ret=num));
break;
case BIO_CTRL_DGRAM_SET_PEER:
to = (struct sockaddr *) ptr;
-
+ switch (to->sa_family)
+ {
+ case AF_INET:
+ memcpy(&data->peer,to,sizeof(data->peer.sa_in));
+ break;
#if OPENSSL_USE_IPV6
- memcpy(&(data->peer), to, sizeof(struct sockaddr_storage));
-#else
- memcpy(&(data->peer), to, sizeof(struct sockaddr_in));
-#endif
+ case AF_INET6:
+ memcpy(&data->peer,to,sizeof(data->peer.sa_in6));
+ break;
+#endif
+ default:
+ memcpy(&data->peer,to,sizeof(data->peer.sa));
+ break;
+ }
break;
case BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT:
memcpy(&(data->next_timeout), ptr, sizeof(struct timeval));

View File

@ -1,571 +0,0 @@
diff -up openssl-1.0.0-beta4/ssl/d1_both.c.dtls-reneg openssl-1.0.0-beta4/ssl/d1_both.c
--- openssl-1.0.0-beta4/ssl/d1_both.c.dtls-reneg 2009-11-02 14:37:17.000000000 +0100
+++ openssl-1.0.0-beta4/ssl/d1_both.c 2010-01-07 17:35:19.000000000 +0100
@@ -764,6 +764,24 @@ int dtls1_send_finished(SSL *s, int a, i
p+=i;
l=i;
+ /* Copy the finished so we can use it for
+ * renegotiation checks
+ */
+ if(s->type == SSL_ST_CONNECT)
+ {
+ OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
+ memcpy(s->s3->previous_client_finished,
+ s->s3->tmp.finish_md, i);
+ s->s3->previous_client_finished_len=i;
+ }
+ else
+ {
+ OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
+ memcpy(s->s3->previous_server_finished,
+ s->s3->tmp.finish_md, i);
+ s->s3->previous_server_finished_len=i;
+ }
+
#ifdef OPENSSL_SYS_WIN16
/* MSVC 1.5 does not clear the top bytes of the word unless
* I do this.
diff -up openssl-1.0.0-beta4/ssl/d1_clnt.c.dtls-reneg openssl-1.0.0-beta4/ssl/d1_clnt.c
--- openssl-1.0.0-beta4/ssl/d1_clnt.c.dtls-reneg 2009-07-24 13:52:32.000000000 +0200
+++ openssl-1.0.0-beta4/ssl/d1_clnt.c 2010-01-07 17:44:55.000000000 +0100
@@ -286,16 +286,44 @@ int dtls1_connect(SSL *s)
case SSL3_ST_CR_CERT_A:
case SSL3_ST_CR_CERT_B:
+#ifndef OPENSSL_NO_TLSEXT
+ ret=ssl3_check_finished(s);
+ if (ret <= 0) goto end;
+ if (ret == 2)
+ {
+ s->hit = 1;
+ if (s->tlsext_ticket_expected)
+ s->state=SSL3_ST_CR_SESSION_TICKET_A;
+ else
+ s->state=SSL3_ST_CR_FINISHED_A;
+ s->init_num=0;
+ break;
+ }
+#endif
/* Check if it is anon DH or PSK */
if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) &&
!(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK))
{
ret=ssl3_get_server_certificate(s);
if (ret <= 0) goto end;
+#ifndef OPENSSL_NO_TLSEXT
+ if (s->tlsext_status_expected)
+ s->state=SSL3_ST_CR_CERT_STATUS_A;
+ else
+ s->state=SSL3_ST_CR_KEY_EXCH_A;
+ }
+ else
+ {
+ skip = 1;
+ s->state=SSL3_ST_CR_KEY_EXCH_A;
+ }
+#else
}
else
skip=1;
+
s->state=SSL3_ST_CR_KEY_EXCH_A;
+#endif
s->init_num=0;
break;
@@ -437,11 +465,36 @@ int dtls1_connect(SSL *s)
}
else
{
+#ifndef OPENSSL_NO_TLSEXT
+ /* Allow NewSessionTicket if ticket expected */
+ if (s->tlsext_ticket_expected)
+ s->s3->tmp.next_state=SSL3_ST_CR_SESSION_TICKET_A;
+ else
+#endif
+
s->s3->tmp.next_state=SSL3_ST_CR_FINISHED_A;
}
s->init_num=0;
break;
+#ifndef OPENSSL_NO_TLSEXT
+ case SSL3_ST_CR_SESSION_TICKET_A:
+ case SSL3_ST_CR_SESSION_TICKET_B:
+ ret=ssl3_get_new_session_ticket(s);
+ if (ret <= 0) goto end;
+ s->state=SSL3_ST_CR_FINISHED_A;
+ s->init_num=0;
+ break;
+
+ case SSL3_ST_CR_CERT_STATUS_A:
+ case SSL3_ST_CR_CERT_STATUS_B:
+ ret=ssl3_get_cert_status(s);
+ if (ret <= 0) goto end;
+ s->state=SSL3_ST_CR_KEY_EXCH_A;
+ s->init_num=0;
+ break;
+#endif
+
case SSL3_ST_CR_FINISHED_A:
case SSL3_ST_CR_FINISHED_B:
s->d1->change_cipher_spec_ok = 1;
@@ -554,8 +607,14 @@ int dtls1_client_hello(SSL *s)
buf=(unsigned char *)s->init_buf->data;
if (s->state == SSL3_ST_CW_CLNT_HELLO_A)
{
+ SSL_SESSION *sess = s->session;
if ((s->session == NULL) ||
(s->session->ssl_version != s->version) ||
+#ifdef OPENSSL_NO_TLSEXT
+ !sess->session_id_length ||
+#else
+ (!sess->session_id_length && !sess->tlsext_tick) ||
+#endif
(s->session->not_resumable))
{
if (!ssl_get_new_session(s,0))
@@ -635,7 +694,15 @@ int dtls1_client_hello(SSL *s)
*(p++)=comp->id;
}
*(p++)=0; /* Add the NULL method */
-
+
+#ifndef OPENSSL_NO_TLSEXT
+ if ((p = ssl_add_clienthello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL)
+ {
+ SSLerr(SSL_F_SSL3_CLIENT_HELLO,ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+#endif
+
l=(p-d);
d=buf;
diff -up openssl-1.0.0-beta4/ssl/d1_lib.c.dtls-reneg openssl-1.0.0-beta4/ssl/d1_lib.c
diff -up openssl-1.0.0-beta4/ssl/d1_srvr.c.dtls-reneg openssl-1.0.0-beta4/ssl/d1_srvr.c
--- openssl-1.0.0-beta4/ssl/d1_srvr.c.dtls-reneg 2009-09-09 19:05:42.000000000 +0200
+++ openssl-1.0.0-beta4/ssl/d1_srvr.c 2010-01-07 17:44:55.000000000 +0100
@@ -305,8 +305,18 @@ int dtls1_accept(SSL *s)
ret=dtls1_send_server_hello(s);
if (ret <= 0) goto end;
+#ifndef OPENSSL_NO_TLSEXT
if (s->hit)
- s->state=SSL3_ST_SW_CHANGE_A;
+ {
+ if (s->tlsext_ticket_expected)
+ s->state=SSL3_ST_SW_SESSION_TICKET_A;
+ else
+ s->state=SSL3_ST_SW_CHANGE_A;
+ }
+#else
+ if (s->hit)
+ s->state=SSL3_ST_SW_CHANGE_A;
+#endif
else
s->state=SSL3_ST_SW_CERT_A;
s->init_num=0;
@@ -321,10 +331,24 @@ int dtls1_accept(SSL *s)
dtls1_start_timer(s);
ret=dtls1_send_server_certificate(s);
if (ret <= 0) goto end;
+#ifndef OPENSSL_NO_TLSEXT
+ if (s->tlsext_status_expected)
+ s->state=SSL3_ST_SW_CERT_STATUS_A;
+ else
+ s->state=SSL3_ST_SW_KEY_EXCH_A;
+ }
+ else
+ {
+ skip = 1;
+ s->state=SSL3_ST_SW_KEY_EXCH_A;
+ }
+#else
}
else
skip=1;
+
s->state=SSL3_ST_SW_KEY_EXCH_A;
+#endif
s->init_num=0;
break;
@@ -519,11 +543,34 @@ int dtls1_accept(SSL *s)
dtls1_stop_timer(s);
if (s->hit)
s->state=SSL_ST_OK;
+#ifndef OPENSSL_NO_TLSEXT
+ else if (s->tlsext_ticket_expected)
+ s->state=SSL3_ST_SW_SESSION_TICKET_A;
+#endif
else
s->state=SSL3_ST_SW_CHANGE_A;
s->init_num=0;
break;
+#ifndef OPENSSL_NO_TLSEXT
+ case SSL3_ST_SW_SESSION_TICKET_A:
+ case SSL3_ST_SW_SESSION_TICKET_B:
+ ret=dtls1_send_newsession_ticket(s);
+ if (ret <= 0) goto end;
+ s->state=SSL3_ST_SW_CHANGE_A;
+ s->init_num=0;
+ break;
+
+ case SSL3_ST_SW_CERT_STATUS_A:
+ case SSL3_ST_SW_CERT_STATUS_B:
+ ret=ssl3_send_cert_status(s);
+ if (ret <= 0) goto end;
+ s->state=SSL3_ST_SW_KEY_EXCH_A;
+ s->init_num=0;
+ break;
+
+#endif
+
case SSL3_ST_SW_CHANGE_A:
case SSL3_ST_SW_CHANGE_B:
@@ -749,6 +796,8 @@ int dtls1_send_server_hello(SSL *s)
p+=sl;
/* put the cipher */
+ if (s->s3->tmp.new_cipher == NULL)
+ return -1;
i=ssl3_put_cipher_by_char(s->s3->tmp.new_cipher,p);
p+=i;
@@ -762,6 +811,14 @@ int dtls1_send_server_hello(SSL *s)
*(p++)=s->s3->tmp.new_compression->id;
#endif
+#ifndef OPENSSL_NO_TLSEXT
+ if ((p = ssl_add_serverhello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL)
+ {
+ SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO,ERR_R_INTERNAL_ERROR);
+ return -1;
+ }
+#endif
+
/* do the header */
l=(p-d);
d=buf;
@@ -1384,3 +1441,114 @@ int dtls1_send_server_certificate(SSL *s
/* SSL3_ST_SW_CERT_B */
return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
}
+
+#ifndef OPENSSL_NO_TLSEXT
+int dtls1_send_newsession_ticket(SSL *s)
+ {
+ if (s->state == SSL3_ST_SW_SESSION_TICKET_A)
+ {
+ unsigned char *p, *senc, *macstart;
+ int len, slen;
+ unsigned int hlen, msg_len;
+ EVP_CIPHER_CTX ctx;
+ HMAC_CTX hctx;
+ SSL_CTX *tctx = s->initial_ctx;
+ unsigned char iv[EVP_MAX_IV_LENGTH];
+ unsigned char key_name[16];
+
+ /* get session encoding length */
+ slen = i2d_SSL_SESSION(s->session, NULL);
+ /* Some length values are 16 bits, so forget it if session is
+ * too long
+ */
+ if (slen > 0xFF00)
+ return -1;
+ /* Grow buffer if need be: the length calculation is as
+ * follows 12 (DTLS handshake message header) +
+ * 4 (ticket lifetime hint) + 2 (ticket length) +
+ * 16 (key name) + max_iv_len (iv length) +
+ * session_length + max_enc_block_size (max encrypted session
+ * length) + max_md_size (HMAC).
+ */
+ if (!BUF_MEM_grow(s->init_buf,
+ DTLS1_HM_HEADER_LENGTH + 22 + EVP_MAX_IV_LENGTH +
+ EVP_MAX_BLOCK_LENGTH + EVP_MAX_MD_SIZE + slen))
+ return -1;
+ senc = OPENSSL_malloc(slen);
+ if (!senc)
+ return -1;
+ p = senc;
+ i2d_SSL_SESSION(s->session, &p);
+
+ p=(unsigned char *)&(s->init_buf->data[DTLS1_HM_HEADER_LENGTH]);
+ EVP_CIPHER_CTX_init(&ctx);
+ HMAC_CTX_init(&hctx);
+ /* Initialize HMAC and cipher contexts. If callback present
+ * it does all the work otherwise use generated values
+ * from parent ctx.
+ */
+ if (tctx->tlsext_ticket_key_cb)
+ {
+ if (tctx->tlsext_ticket_key_cb(s, key_name, iv, &ctx,
+ &hctx, 1) < 0)
+ {
+ OPENSSL_free(senc);
+ return -1;
+ }
+ }
+ else
+ {
+ RAND_pseudo_bytes(iv, 16);
+ EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL,
+ tctx->tlsext_tick_aes_key, iv);
+ HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16,
+ tlsext_tick_md(), NULL);
+ memcpy(key_name, tctx->tlsext_tick_key_name, 16);
+ }
+ l2n(s->session->tlsext_tick_lifetime_hint, p);
+ /* Skip ticket length for now */
+ p += 2;
+ /* Output key name */
+ macstart = p;
+ memcpy(p, key_name, 16);
+ p += 16;
+ /* output IV */
+ memcpy(p, iv, EVP_CIPHER_CTX_iv_length(&ctx));
+ p += EVP_CIPHER_CTX_iv_length(&ctx);
+ /* Encrypt session data */
+ EVP_EncryptUpdate(&ctx, p, &len, senc, slen);
+ p += len;
+ EVP_EncryptFinal(&ctx, p, &len);
+ p += len;
+ EVP_CIPHER_CTX_cleanup(&ctx);
+
+ HMAC_Update(&hctx, macstart, p - macstart);
+ HMAC_Final(&hctx, p, &hlen);
+ HMAC_CTX_cleanup(&hctx);
+
+ p += hlen;
+ /* Now write out lengths: p points to end of data written */
+ /* Total length */
+ len = p - (unsigned char *)&(s->init_buf->data[DTLS1_HM_HEADER_LENGTH]);
+ p=(unsigned char *)&(s->init_buf->data[DTLS1_HM_HEADER_LENGTH]) + 4;
+ s2n(len - 18, p); /* Ticket length */
+
+ /* number of bytes to write */
+ s->init_num= len;
+ s->state=SSL3_ST_SW_SESSION_TICKET_B;
+ s->init_off=0;
+ OPENSSL_free(senc);
+
+ /* XDTLS: set message header ? */
+ msg_len = s->init_num - DTLS1_HM_HEADER_LENGTH;
+ dtls1_set_message_header(s, (void *)s->init_buf->data,
+ SSL3_MT_NEWSESSION_TICKET, msg_len, 0, msg_len);
+
+ /* buffer the message to handle re-xmits */
+ dtls1_buffer_message(s, 0);
+ }
+
+ /* SSL3_ST_SW_SESSION_TICKET_B */
+ return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
+ }
+#endif
diff -up openssl-1.0.0-beta4/ssl/ssl_locl.h.dtls-reneg openssl-1.0.0-beta4/ssl/ssl_locl.h
--- openssl-1.0.0-beta4/ssl/ssl_locl.h.dtls-reneg 2009-11-23 08:36:03.000000000 +0100
+++ openssl-1.0.0-beta4/ssl/ssl_locl.h 2010-01-07 17:44:55.000000000 +0100
@@ -933,7 +933,7 @@ void dtls1_start_timer(SSL *s);
void dtls1_stop_timer(SSL *s);
int dtls1_is_timer_expired(SSL *s);
void dtls1_double_timeout(SSL *s);
-
+int dtls1_send_newsession_ticket(SSL *s);
/* some client-only functions */
int ssl3_client_hello(SSL *s);
@@ -949,6 +949,9 @@ int ssl3_send_client_key_exchange(SSL *s
int ssl3_get_key_exchange(SSL *s);
int ssl3_get_server_certificate(SSL *s);
int ssl3_check_cert_and_algorithm(SSL *s);
+#ifndef OPENSSL_NO_TLSEXT
+int ssl3_check_finished(SSL *s);
+#endif
int dtls1_client_hello(SSL *s);
int dtls1_send_client_certificate(SSL *s);
@@ -1030,6 +1033,7 @@ int ssl_prepare_clienthello_tlsext(SSL *
int ssl_prepare_serverhello_tlsext(SSL *s);
int ssl_check_clienthello_tlsext(SSL *s);
int ssl_check_serverhello_tlsext(SSL *s);
+
#ifdef OPENSSL_NO_SHA256
#define tlsext_tick_md EVP_sha1
#else
diff -up openssl-1.0.0-beta4/ssl/s3_clnt.c.dtls-reneg openssl-1.0.0-beta4/ssl/s3_clnt.c
--- openssl-1.0.0-beta4/ssl/s3_clnt.c.dtls-reneg 2009-11-23 08:36:04.000000000 +0100
+++ openssl-1.0.0-beta4/ssl/s3_clnt.c 2010-01-07 17:44:55.000000000 +0100
@@ -170,9 +170,6 @@
static const SSL_METHOD *ssl3_get_client_method(int ver);
static int ca_dn_cmp(const X509_NAME * const *a,const X509_NAME * const *b);
-#ifndef OPENSSL_NO_TLSEXT
-static int ssl3_check_finished(SSL *s);
-#endif
static const SSL_METHOD *ssl3_get_client_method(int ver)
{
@@ -1827,6 +1824,7 @@ int ssl3_get_new_session_ticket(SSL *s)
SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,SSL_R_LENGTH_MISMATCH);
goto f_err;
}
+
p=d=(unsigned char *)s->init_msg;
n2l(p, s->session->tlsext_tick_lifetime_hint);
n2s(p, ticklen);
@@ -2991,7 +2989,7 @@ err:
*/
#ifndef OPENSSL_NO_TLSEXT
-static int ssl3_check_finished(SSL *s)
+int ssl3_check_finished(SSL *s)
{
int ok;
long n;
diff -up openssl-1.0.0-beta4/ssl/t1_lib.c.dtls-reneg openssl-1.0.0-beta4/ssl/t1_lib.c
--- openssl-1.0.0-beta4/ssl/t1_lib.c.dtls-reneg 2009-11-23 08:36:04.000000000 +0100
+++ openssl-1.0.0-beta4/ssl/t1_lib.c 2010-01-07 17:44:55.000000000 +0100
@@ -340,7 +340,8 @@ unsigned char *ssl_add_clienthello_tlsex
}
#ifndef OPENSSL_NO_EC
- if (s->tlsext_ecpointformatlist != NULL)
+ if (s->tlsext_ecpointformatlist != NULL &&
+ s->version != DTLS1_VERSION)
{
/* Add TLS extension ECPointFormats to the ClientHello message */
long lenmax;
@@ -359,7 +360,8 @@ unsigned char *ssl_add_clienthello_tlsex
memcpy(ret, s->tlsext_ecpointformatlist, s->tlsext_ecpointformatlist_length);
ret+=s->tlsext_ecpointformatlist_length;
}
- if (s->tlsext_ellipticcurvelist != NULL)
+ if (s->tlsext_ellipticcurvelist != NULL &&
+ s->version != DTLS1_VERSION)
{
/* Add TLS extension EllipticCurves to the ClientHello message */
long lenmax;
@@ -423,7 +425,8 @@ unsigned char *ssl_add_clienthello_tlsex
skip_ext:
#ifdef TLSEXT_TYPE_opaque_prf_input
- if (s->s3->client_opaque_prf_input != NULL)
+ if (s->s3->client_opaque_prf_input != NULL &&
+ s->version != DTLS1_VERSION)
{
size_t col = s->s3->client_opaque_prf_input_len;
@@ -440,7 +443,8 @@ unsigned char *ssl_add_clienthello_tlsex
}
#endif
- if (s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp)
+ if (s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp &&
+ s->version != DTLS1_VERSION)
{
int i;
long extlen, idlen, itmp;
@@ -515,7 +519,7 @@ unsigned char *ssl_add_serverhello_tlsex
s2n(0,ret);
}
- if(s->s3->send_connection_binding)
+ if(s->s3->send_connection_binding)
{
int el;
@@ -540,7 +544,8 @@ unsigned char *ssl_add_serverhello_tlsex
}
#ifndef OPENSSL_NO_EC
- if (s->tlsext_ecpointformatlist != NULL)
+ if (s->tlsext_ecpointformatlist != NULL &&
+ s->version != DTLS1_VERSION)
{
/* Add TLS extension ECPointFormats to the ServerHello message */
long lenmax;
@@ -579,7 +584,8 @@ unsigned char *ssl_add_serverhello_tlsex
}
#ifdef TLSEXT_TYPE_opaque_prf_input
- if (s->s3->server_opaque_prf_input != NULL)
+ if (s->s3->server_opaque_prf_input != NULL &&
+ s->version != DTLS1_VERSION)
{
size_t sol = s->s3->server_opaque_prf_input_len;
@@ -757,7 +763,8 @@ int ssl_parse_clienthello_tlsext(SSL *s,
}
#ifndef OPENSSL_NO_EC
- else if (type == TLSEXT_TYPE_ec_point_formats)
+ else if (type == TLSEXT_TYPE_ec_point_formats &&
+ s->version != DTLS1_VERSION)
{
unsigned char *sdata = data;
int ecpointformatlist_length = *(sdata++);
@@ -784,7 +791,8 @@ int ssl_parse_clienthello_tlsext(SSL *s,
fprintf(stderr,"\n");
#endif
}
- else if (type == TLSEXT_TYPE_elliptic_curves)
+ else if (type == TLSEXT_TYPE_elliptic_curves &&
+ s->version != DTLS1_VERSION)
{
unsigned char *sdata = data;
int ellipticcurvelist_length = (*(sdata++) << 8);
@@ -814,7 +822,8 @@ int ssl_parse_clienthello_tlsext(SSL *s,
}
#endif /* OPENSSL_NO_EC */
#ifdef TLSEXT_TYPE_opaque_prf_input
- else if (type == TLSEXT_TYPE_opaque_prf_input)
+ else if (type == TLSEXT_TYPE_opaque_prf_input &&
+ s->version != DTLS1_VERSION)
{
unsigned char *sdata = data;
@@ -858,8 +867,8 @@ int ssl_parse_clienthello_tlsext(SSL *s,
return 0;
renegotiate_seen = 1;
}
- else if (type == TLSEXT_TYPE_status_request
- && s->ctx->tlsext_status_cb)
+ else if (type == TLSEXT_TYPE_status_request &&
+ s->version != DTLS1_VERSION && s->ctx->tlsext_status_cb)
{
if (size < 5)
@@ -1027,7 +1036,8 @@ int ssl_parse_serverhello_tlsext(SSL *s,
}
#ifndef OPENSSL_NO_EC
- else if (type == TLSEXT_TYPE_ec_point_formats)
+ else if (type == TLSEXT_TYPE_ec_point_formats &&
+ s->version != DTLS1_VERSION)
{
unsigned char *sdata = data;
int ecpointformatlist_length = *(sdata++);
@@ -1073,7 +1083,8 @@ int ssl_parse_serverhello_tlsext(SSL *s,
s->tlsext_ticket_expected = 1;
}
#ifdef TLSEXT_TYPE_opaque_prf_input
- else if (type == TLSEXT_TYPE_opaque_prf_input)
+ else if (type == TLSEXT_TYPE_opaque_prf_input &&
+ s->version != DTLS1_VERSION)
{
unsigned char *sdata = data;
@@ -1103,7 +1114,8 @@ int ssl_parse_serverhello_tlsext(SSL *s,
}
}
#endif
- else if (type == TLSEXT_TYPE_status_request)
+ else if (type == TLSEXT_TYPE_status_request &&
+ s->version != DTLS1_VERSION)
{
/* MUST be empty and only sent if we've requested
* a status request message.

View File

@ -1,93 +0,0 @@
Better error reporting for unsafe renegotiation.
diff -up openssl-1.0.0-beta4/ssl/ssl_err.c.reneg-err openssl-1.0.0-beta4/ssl/ssl_err.c
--- openssl-1.0.0-beta4/ssl/ssl_err.c.reneg-err 2009-11-09 19:45:42.000000000 +0100
+++ openssl-1.0.0-beta4/ssl/ssl_err.c 2009-11-20 17:56:57.000000000 +0100
@@ -226,7 +226,9 @@ static ERR_STRING_DATA SSL_str_functs[]=
{ERR_FUNC(SSL_F_SSL_LOAD_CLIENT_CA_FILE), "SSL_load_client_CA_file"},
{ERR_FUNC(SSL_F_SSL_NEW), "SSL_new"},
{ERR_FUNC(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT), "SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT"},
+{ERR_FUNC(SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT), "SSL_PARSE_CLIENTHELLO_TLSEXT"},
{ERR_FUNC(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT), "SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT"},
+{ERR_FUNC(SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT), "SSL_PARSE_SERVERHELLO_TLSEXT"},
{ERR_FUNC(SSL_F_SSL_PEEK), "SSL_peek"},
{ERR_FUNC(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT), "SSL_PREPARE_CLIENTHELLO_TLSEXT"},
{ERR_FUNC(SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT), "SSL_PREPARE_SERVERHELLO_TLSEXT"},
@@ -526,6 +528,7 @@ static ERR_STRING_DATA SSL_str_reasons[]
{ERR_REASON(SSL_R_UNKNOWN_REMOTE_ERROR_TYPE),"unknown remote error type"},
{ERR_REASON(SSL_R_UNKNOWN_SSL_VERSION) ,"unknown ssl version"},
{ERR_REASON(SSL_R_UNKNOWN_STATE) ,"unknown state"},
+{ERR_REASON(SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED),"unsafe legacy renegotiation disabled"},
{ERR_REASON(SSL_R_UNSUPPORTED_CIPHER) ,"unsupported cipher"},
{ERR_REASON(SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM),"unsupported compression algorithm"},
{ERR_REASON(SSL_R_UNSUPPORTED_DIGEST_TYPE),"unsupported digest type"},
diff -up openssl-1.0.0-beta4/ssl/ssl.h.reneg-err openssl-1.0.0-beta4/ssl/ssl.h
--- openssl-1.0.0-beta4/ssl/ssl.h.reneg-err 2009-11-12 15:17:29.000000000 +0100
+++ openssl-1.0.0-beta4/ssl/ssl.h 2009-11-20 17:56:57.000000000 +0100
@@ -1934,7 +1934,9 @@ void ERR_load_SSL_strings(void);
#define SSL_F_SSL_LOAD_CLIENT_CA_FILE 185
#define SSL_F_SSL_NEW 186
#define SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT 300
+#define SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT 302
#define SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT 301
+#define SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT 303
#define SSL_F_SSL_PEEK 270
#define SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT 281
#define SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT 282
@@ -2231,6 +2233,7 @@ void ERR_load_SSL_strings(void);
#define SSL_R_UNKNOWN_REMOTE_ERROR_TYPE 253
#define SSL_R_UNKNOWN_SSL_VERSION 254
#define SSL_R_UNKNOWN_STATE 255
+#define SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED 338
#define SSL_R_UNSUPPORTED_CIPHER 256
#define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM 257
#define SSL_R_UNSUPPORTED_DIGEST_TYPE 326
diff -up openssl-1.0.0-beta4/ssl/s23_srvr.c.reneg-err openssl-1.0.0-beta4/ssl/s23_srvr.c
--- openssl-1.0.0-beta4/ssl/s23_srvr.c.reneg-err 2009-11-12 15:17:29.000000000 +0100
+++ openssl-1.0.0-beta4/ssl/s23_srvr.c 2009-11-20 17:57:23.000000000 +0100
@@ -497,6 +497,11 @@ int ssl23_get_client_hello(SSL *s)
SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNSUPPORTED_PROTOCOL);
goto err;
#else
+ if (!(s->ctx->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION))
+ {
+ SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
+ goto err;
+ }
/* we are talking sslv2 */
/* we need to clean up the SSLv3/TLSv1 setup and put in the
* sslv2 stuff. */
diff -up openssl-1.0.0-beta4/ssl/t1_lib.c.reneg-err openssl-1.0.0-beta4/ssl/t1_lib.c
--- openssl-1.0.0-beta4/ssl/t1_lib.c.reneg-err 2009-11-18 14:04:19.000000000 +0100
+++ openssl-1.0.0-beta4/ssl/t1_lib.c 2009-11-20 17:56:57.000000000 +0100
@@ -636,6 +636,7 @@ int ssl_parse_clienthello_tlsext(SSL *s,
{
/* We should always see one extension: the renegotiate extension */
*al = SSL_AD_ILLEGAL_PARAMETER; /* is this the right alert? */
+ SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT, SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
return 0;
}
return 1;
@@ -965,6 +966,7 @@ int ssl_parse_clienthello_tlsext(SSL *s,
if (s->new_session && !renegotiate_seen
&& !(s->ctx->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION))
{
+ SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT, SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
*al = SSL_AD_ILLEGAL_PARAMETER; /* is this the right alert? */
return 0;
}
@@ -993,6 +995,7 @@ int ssl_parse_serverhello_tlsext(SSL *s,
{
/* We should always see one extension: the renegotiate extension */
*al = SSL_AD_ILLEGAL_PARAMETER; /* is this the right alert? */
+ SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT, SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
return 0;
}
#endif
@@ -1133,6 +1136,7 @@ int ssl_parse_serverhello_tlsext(SSL *s,
&& !(s->ctx->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION))
{
*al = SSL_AD_ILLEGAL_PARAMETER; /* is this the right alert? */
+ SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT, SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
return 0;
}
#endif

View File

@ -1,793 +0,0 @@
diff -up openssl-1.0.0-beta4/apps/s_client.c.scsv openssl-1.0.0-beta4/apps/s_client.c
--- openssl-1.0.0-beta4/apps/s_client.c.scsv 2010-01-07 23:37:39.000000000 +0100
+++ openssl-1.0.0-beta4/apps/s_client.c 2010-01-07 23:37:39.000000000 +0100
@@ -382,7 +382,7 @@ int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
- int off=0;
+ unsigned int off=0, clr=0;
SSL *con=NULL;
int s,k,width,state=0;
char *cbuf=NULL,*sbuf=NULL,*mbuf=NULL;
@@ -660,6 +660,10 @@ int MAIN(int argc, char **argv)
off|=SSL_OP_CIPHER_SERVER_PREFERENCE;
else if (strcmp(*argv,"-legacy_renegotiation") == 0)
off|=SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION;
+ else if (strcmp(*argv,"-legacy_server_connect") == 0)
+ { off|=SSL_OP_LEGACY_SERVER_CONNECT; }
+ else if (strcmp(*argv,"-no_legacy_server_connect") == 0)
+ { clr|=SSL_OP_LEGACY_SERVER_CONNECT; }
else if (strcmp(*argv,"-cipher") == 0)
{
if (--argc < 1) goto bad;
@@ -870,6 +874,9 @@ bad:
SSL_CTX_set_options(ctx,SSL_OP_ALL|off);
else
SSL_CTX_set_options(ctx,off);
+
+ if (clr)
+ SSL_CTX_clear_options(ctx, clr);
/* DTLS: partial reads end up discarding unread UDP bytes :-(
* Setting read ahead solves this problem.
*/
@@ -1725,6 +1732,8 @@ static void print_stuff(BIO *bio, SSL *s
EVP_PKEY_bits(pktmp));
EVP_PKEY_free(pktmp);
}
+ BIO_printf(bio, "Secure Renegotiation IS%s supported\n",
+ SSL_get_secure_renegotiation_support(s) ? "" : " NOT");
#ifndef OPENSSL_NO_COMP
comp=SSL_get_current_compression(s);
expansion=SSL_get_current_expansion(s);
diff -up openssl-1.0.0-beta4/apps/s_server.c.scsv openssl-1.0.0-beta4/apps/s_server.c
--- openssl-1.0.0-beta4/apps/s_server.c.scsv 2010-01-07 23:37:39.000000000 +0100
+++ openssl-1.0.0-beta4/apps/s_server.c 2010-01-07 23:37:39.000000000 +0100
@@ -2212,6 +2212,8 @@ static int init_ssl_connection(SSL *con)
con->kssl_ctx->client_princ);
}
#endif /* OPENSSL_NO_KRB5 */
+ BIO_printf(bio_s_out, "Secure Renegotiation IS%s supported\n",
+ SSL_get_secure_renegotiation_support(con) ? "" : " NOT");
return(1);
}
diff -up openssl-1.0.0-beta4/doc/ssl/SSL_CTX_set_options.pod.scsv openssl-1.0.0-beta4/doc/ssl/SSL_CTX_set_options.pod
--- openssl-1.0.0-beta4/doc/ssl/SSL_CTX_set_options.pod.scsv 2007-08-24 00:49:13.000000000 +0200
+++ openssl-1.0.0-beta4/doc/ssl/SSL_CTX_set_options.pod 2010-01-07 23:37:39.000000000 +0100
@@ -2,7 +2,7 @@
=head1 NAME
-SSL_CTX_set_options, SSL_set_options, SSL_CTX_get_options, SSL_get_options - manipulate SSL engine options
+SSL_CTX_set_options, SSL_set_options, SSL_CTX_clear_options, SSL_clear_options, SSL_CTX_get_options, SSL_get_options, SSL_get_secure_renegotiation_support - manipulate SSL options
=head1 SYNOPSIS
@@ -11,26 +11,41 @@ SSL_CTX_set_options, SSL_set_options, SS
long SSL_CTX_set_options(SSL_CTX *ctx, long options);
long SSL_set_options(SSL *ssl, long options);
+ long SSL_CTX_clear_options(SSL_CTX *ctx, long options);
+ long SSL_clear_options(SSL *ssl, long options);
+
long SSL_CTX_get_options(SSL_CTX *ctx);
long SSL_get_options(SSL *ssl);
+ long SSL_get_secure_renegotiation_support(SSL *ssl);
+
=head1 DESCRIPTION
+Note: all these functions are implemented using macros.
+
SSL_CTX_set_options() adds the options set via bitmask in B<options> to B<ctx>.
Options already set before are not cleared!
SSL_set_options() adds the options set via bitmask in B<options> to B<ssl>.
Options already set before are not cleared!
+SSL_CTX_clear_options() clears the options set via bitmask in B<options>
+to B<ctx>.
+
+SSL_clear_options() clears the options set via bitmask in B<options> to B<ssl>.
+
SSL_CTX_get_options() returns the options set for B<ctx>.
SSL_get_options() returns the options set for B<ssl>.
+SSL_get_secure_renegotiation_support() indicates whether the peer supports
+secure renegotiation.
+
=head1 NOTES
The behaviour of the SSL library can be changed by setting several options.
The options are coded as bitmasks and can be combined by a logical B<or>
-operation (|). Options can only be added but can never be reset.
+operation (|).
SSL_CTX_set_options() and SSL_set_options() affect the (external)
protocol behaviour of the SSL library. The (internal) behaviour of
@@ -199,7 +214,7 @@ Do not use the TLSv1 protocol.
When performing renegotiation as a server, always start a new session
(i.e., session resumption requests are only accepted in the initial
-handshake). This option is not needed for clients.
+handshake). This option is not needed for clients.
=item SSL_OP_NO_TICKET
@@ -209,15 +224,63 @@ of RFC4507bis tickets for stateless sess
If this option is set this functionality is disabled and tickets will
not be used by clients or servers.
+=item SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION
+
+See the B<SECURE RENEGOTIATION> section for a discussion of the purpose of
+this option
+
=back
+=head1 SECURE RENEGOTIATION
+
+OpenSSL 0.9.8m and later always attempts to use secure renegotiation as
+described in draft-ietf-tls-renegotiation (FIXME: replace by RFC). This
+counters a prefix attack described in the draft and elsewhere (FIXME: need full
+reference).
+
+This attack has far reaching consequences which application writers should be
+aware of. In the description below an implementation supporting secure
+renegotiation is referred to as I<patched>. A server not supporting secure
+renegotiation is referred to as I<unpatched>.
+
+If an unpatched client attempts to connect to a patched OpenSSL server then
+the attempt will succeed but renegotiation is not permitted. As required
+by the standard a B<no_renegotiation> alert is sent back to the client if
+the TLS v1.0 protocol is used. If SSLv3.0 is used then renegotiation results
+in a fatal B<handshake_failed> alert.
+
+If a patched OpenSSL client attempts to connect to an unpatched server
+then the connection will fail because it is not possible to determine
+whether an attack is taking place.
+
+If the option B<SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION> is set then the
+above restrictions are relaxed. Renegotiation is permissible and initial
+connections to unpatched servers will succeed.
+
+This option should be used with caution because it leaves both clients and
+servers vulnerable. However unpatched servers and clients are likely to be
+around for some time and refusing to connect to unpatched servers or denying
+renegotion altogether may be unacceptable. So applications may be forced to
+tolerate unsafe renegotiation for the immediate future.
+
+The function SSL_get_secure_renegotiation_support() indicates whether the peer
+supports secure renegotiation.
+
+The deprecated SSLv2 protocol does not support secure renegotiation at all.
+
=head1 RETURN VALUES
SSL_CTX_set_options() and SSL_set_options() return the new options bitmask
after adding B<options>.
+SSL_CTX_clear_options() and SSL_clear_options() return the new options bitmask
+after clearing B<options>.
+
SSL_CTX_get_options() and SSL_get_options() return the current bitmask.
+SSL_get_secure_renegotiation_support() returns 1 is the peer supports
+secure renegotiation and 0 if it does not.
+
=head1 SEE ALSO
L<ssl(3)|ssl(3)>, L<SSL_new(3)|SSL_new(3)>, L<SSL_clear(3)|SSL_clear(3)>,
@@ -240,4 +303,10 @@ Versions up to OpenSSL 0.9.6c do not inc
can be disabled with this option (in OpenSSL 0.9.6d, it was always
enabled).
+SSL_CTX_clear_options() and SSL_clear_options() were first added in OpenSSL
+0.9.8m.
+
+B<SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION> was first added in OpenSSL
+0.9.8m.
+
=cut
diff -up openssl-1.0.0-beta4/ssl/d1_clnt.c.scsv openssl-1.0.0-beta4/ssl/d1_clnt.c
--- openssl-1.0.0-beta4/ssl/d1_clnt.c.scsv 2010-01-07 23:37:39.000000000 +0100
+++ openssl-1.0.0-beta4/ssl/d1_clnt.c 2010-01-07 23:37:39.000000000 +0100
@@ -698,7 +698,7 @@ int dtls1_client_hello(SSL *s)
#ifndef OPENSSL_NO_TLSEXT
if ((p = ssl_add_clienthello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL)
{
- SSLerr(SSL_F_SSL3_CLIENT_HELLO,ERR_R_INTERNAL_ERROR);
+ SSLerr(SSL_F_DTLS1_CLIENT_HELLO,ERR_R_INTERNAL_ERROR);
goto err;
}
#endif
diff -up openssl-1.0.0-beta4/ssl/d1_srvr.c.scsv openssl-1.0.0-beta4/ssl/d1_srvr.c
--- openssl-1.0.0-beta4/ssl/d1_srvr.c.scsv 2010-01-07 23:37:39.000000000 +0100
+++ openssl-1.0.0-beta4/ssl/d1_srvr.c 2010-01-07 23:37:39.000000000 +0100
@@ -814,7 +814,7 @@ int dtls1_send_server_hello(SSL *s)
#ifndef OPENSSL_NO_TLSEXT
if ((p = ssl_add_serverhello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL)
{
- SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO,ERR_R_INTERNAL_ERROR);
+ SSLerr(SSL_F_DTLS1_SEND_SERVER_HELLO,ERR_R_INTERNAL_ERROR);
return -1;
}
#endif
diff -up openssl-1.0.0-beta4/ssl/ssl_err.c.scsv openssl-1.0.0-beta4/ssl/ssl_err.c
--- openssl-1.0.0-beta4/ssl/ssl_err.c.scsv 2010-01-07 23:37:39.000000000 +0100
+++ openssl-1.0.0-beta4/ssl/ssl_err.c 2010-01-07 23:37:39.000000000 +0100
@@ -414,6 +414,7 @@ static ERR_STRING_DATA SSL_str_reasons[]
{ERR_REASON(SSL_R_NO_PRIVATE_KEY_ASSIGNED),"no private key assigned"},
{ERR_REASON(SSL_R_NO_PROTOCOLS_AVAILABLE),"no protocols available"},
{ERR_REASON(SSL_R_NO_PUBLICKEY) ,"no publickey"},
+{ERR_REASON(SSL_R_NO_RENEGOTIATION) ,"no renegotiation"},
{ERR_REASON(SSL_R_NO_REQUIRED_DIGEST) ,"digest requred for handshake isn't computed"},
{ERR_REASON(SSL_R_NO_SHARED_CIPHER) ,"no shared cipher"},
{ERR_REASON(SSL_R_NO_VERIFY_CALLBACK) ,"no verify callback"},
@@ -453,6 +454,7 @@ static ERR_STRING_DATA SSL_str_reasons[]
{ERR_REASON(SSL_R_REUSE_CERT_LENGTH_NOT_ZERO),"reuse cert length not zero"},
{ERR_REASON(SSL_R_REUSE_CERT_TYPE_NOT_ZERO),"reuse cert type not zero"},
{ERR_REASON(SSL_R_REUSE_CIPHER_LIST_NOT_ZERO),"reuse cipher list not zero"},
+{ERR_REASON(SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING),"scsv received when renegotiating"},
{ERR_REASON(SSL_R_SERVERHELLO_TLSEXT) ,"serverhello tlsext"},
{ERR_REASON(SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED),"session id context uninitialized"},
{ERR_REASON(SSL_R_SHORT_READ) ,"short read"},
diff -up openssl-1.0.0-beta4/ssl/ssl.h.scsv openssl-1.0.0-beta4/ssl/ssl.h
--- openssl-1.0.0-beta4/ssl/ssl.h.scsv 2010-01-07 23:37:39.000000000 +0100
+++ openssl-1.0.0-beta4/ssl/ssl.h 2010-01-07 23:37:39.000000000 +0100
@@ -511,6 +511,8 @@ typedef struct ssl_session_st
#define SSL_OP_MICROSOFT_SESS_ID_BUG 0x00000001L
#define SSL_OP_NETSCAPE_CHALLENGE_BUG 0x00000002L
+/* Allow initial connection to servers that don't support RI */
+#define SSL_OP_LEGACY_SERVER_CONNECT 0x00000004L
#define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x00000008L /* can break some security expectations */
#define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x00000010L
#define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020L
@@ -518,7 +520,6 @@ typedef struct ssl_session_st
#define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x00000080L
#define SSL_OP_TLS_D5_BUG 0x00000100L
#define SSL_OP_TLS_BLOCK_PADDING_BUG 0x00000200L
-#define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 0x00000400L
/* Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added
* in OpenSSL 0.9.6d. Usually (depending on the application protocol)
@@ -544,6 +545,8 @@ typedef struct ssl_session_st
#define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 0x00010000L
/* Don't use compression even if supported */
#define SSL_OP_NO_COMPRESSION 0x00020000L
+/* Permit unsafe legacy renegotiation */
+#define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 0x00040000L
/* If set, always create a new key when using tmp_ecdh parameters */
#define SSL_OP_SINGLE_ECDH_USE 0x00080000L
/* If set, always create a new key when using tmp_dh parameters */
@@ -599,17 +602,25 @@ typedef struct ssl_session_st
#define SSL_CTX_set_options(ctx,op) \
SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,(op),NULL)
+#define SSL_CTX_clear_options(ctx,op) \
+ SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_OPTIONS,(op),NULL)
#define SSL_CTX_get_options(ctx) \
SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,0,NULL)
#define SSL_set_options(ssl,op) \
SSL_ctrl((ssl),SSL_CTRL_OPTIONS,(op),NULL)
+#define SSL_clear_options(ssl,op) \
+ SSL_ctrl((ssl),SSL_CTRL_CLEAR_OPTIONS,(op),NULL)
#define SSL_get_options(ssl) \
SSL_ctrl((ssl),SSL_CTRL_OPTIONS,0,NULL)
#define SSL_CTX_set_mode(ctx,op) \
SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,(op),NULL)
+#define SSL_CTX_clear_mode(ctx,op) \
+ SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_MODE,(op),NULL)
#define SSL_CTX_get_mode(ctx) \
SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,0,NULL)
+#define SSL_clear_mode(ssl,op) \
+ SSL_ctrl((ssl),SSL_CTRL_CLEAR_MODE,(op),NULL)
#define SSL_set_mode(ssl,op) \
SSL_ctrl((ssl),SSL_CTRL_MODE,(op),NULL)
#define SSL_get_mode(ssl) \
@@ -617,6 +628,8 @@ typedef struct ssl_session_st
#define SSL_set_mtu(ssl, mtu) \
SSL_ctrl((ssl),SSL_CTRL_SET_MTU,(mtu),NULL)
+#define SSL_get_secure_renegotiation_support(ssl) \
+ SSL_ctrl((ssl), SSL_CTRL_GET_RI_SUPPORT, 0, NULL)
void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg));
void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg));
@@ -1389,6 +1402,10 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
#define DTLS_CTRL_HANDLE_TIMEOUT 74
#define DTLS_CTRL_LISTEN 75
+#define SSL_CTRL_GET_RI_SUPPORT 76
+#define SSL_CTRL_CLEAR_OPTIONS 77
+#define SSL_CTRL_CLEAR_MODE 78
+
#define DTLSv1_get_timeout(ssl, arg) \
SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg)
#define DTLSv1_handle_timeout(ssl) \
@@ -2119,6 +2136,7 @@ void ERR_load_SSL_strings(void);
#define SSL_R_NO_PRIVATE_KEY_ASSIGNED 190
#define SSL_R_NO_PROTOCOLS_AVAILABLE 191
#define SSL_R_NO_PUBLICKEY 192
+#define SSL_R_NO_RENEGOTIATION 339
#define SSL_R_NO_REQUIRED_DIGEST 324
#define SSL_R_NO_SHARED_CIPHER 193
#define SSL_R_NO_VERIFY_CALLBACK 194
@@ -2158,6 +2176,7 @@ void ERR_load_SSL_strings(void);
#define SSL_R_REUSE_CERT_LENGTH_NOT_ZERO 216
#define SSL_R_REUSE_CERT_TYPE_NOT_ZERO 217
#define SSL_R_REUSE_CIPHER_LIST_NOT_ZERO 218
+#define SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING 345
#define SSL_R_SERVERHELLO_TLSEXT 275
#define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED 277
#define SSL_R_SHORT_READ 219
diff -up openssl-1.0.0-beta4/ssl/ssl_lib.c.scsv openssl-1.0.0-beta4/ssl/ssl_lib.c
--- openssl-1.0.0-beta4/ssl/ssl_lib.c.scsv 2010-01-07 23:37:39.000000000 +0100
+++ openssl-1.0.0-beta4/ssl/ssl_lib.c 2010-01-07 23:38:08.000000000 +0100
@@ -1041,8 +1041,12 @@ long SSL_ctrl(SSL *s,int cmd,long larg,v
case SSL_CTRL_OPTIONS:
return(s->options|=larg);
+ case SSL_CTRL_CLEAR_OPTIONS:
+ return(s->options&=~larg);
case SSL_CTRL_MODE:
return(s->mode|=larg);
+ case SSL_CTRL_CLEAR_MODE:
+ return(s->mode &=~larg);
case SSL_CTRL_GET_MAX_CERT_LIST:
return(s->max_cert_list);
case SSL_CTRL_SET_MAX_CERT_LIST:
@@ -1062,6 +1066,10 @@ long SSL_ctrl(SSL *s,int cmd,long larg,v
return 0;
s->max_send_fragment = larg;
return 1;
+ case SSL_CTRL_GET_RI_SUPPORT:
+ if (s->s3)
+ return s->s3->send_connection_binding;
+ else return 0;
default:
return(s->method->ssl_ctrl(s,cmd,larg,parg));
}
@@ -1148,8 +1156,12 @@ long SSL_CTX_ctrl(SSL_CTX *ctx,int cmd,l
return(ctx->stats.sess_cache_full);
case SSL_CTRL_OPTIONS:
return(ctx->options|=larg);
+ case SSL_CTRL_CLEAR_OPTIONS:
+ return(ctx->options&=~larg);
case SSL_CTRL_MODE:
return(ctx->mode|=larg);
+ case SSL_CTRL_CLEAR_MODE:
+ return(ctx->mode&=~larg);
case SSL_CTRL_SET_MAX_SEND_FRAGMENT:
if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH)
return 0;
@@ -1357,6 +1369,22 @@ int ssl_cipher_list_to_bytes(SSL *s,STAC
j = put_cb ? put_cb(c,p) : ssl_put_cipher_by_char(s,c,p);
p+=j;
}
+ /* If p == q, no ciphers and caller indicates an error. Otherwise
+ * add SCSV if not renegotiating.
+ */
+ if (p != q && !s->new_session)
+ {
+ static SSL_CIPHER scsv =
+ {
+ 0, NULL, SSL3_CK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0
+ };
+ j = put_cb ? put_cb(&scsv,p) : ssl_put_cipher_by_char(s,&scsv,p);
+ p+=j;
+#ifdef OPENSSL_RI_DEBUG
+ fprintf(stderr, "SCSV sent by client\n");
+#endif
+ }
+
return(p-q);
}
@@ -1366,6 +1394,8 @@ STACK_OF(SSL_CIPHER) *ssl_bytes_to_ciphe
const SSL_CIPHER *c;
STACK_OF(SSL_CIPHER) *sk;
int i,n;
+ if (s->s3)
+ s->s3->send_connection_binding = 0;
n=ssl_put_cipher_by_char(s,NULL,NULL);
if ((num%n) != 0)
@@ -1383,6 +1413,26 @@ STACK_OF(SSL_CIPHER) *ssl_bytes_to_ciphe
for (i=0; i<num; i+=n)
{
+ /* Check for SCSV */
+ if (s->s3 && (n != 3 || !p[0]) &&
+ (p[n-2] == ((SSL3_CK_SCSV >> 8) & 0xff)) &&
+ (p[n-1] == (SSL3_CK_SCSV & 0xff)))
+ {
+ /* SCSV fatal if renegotiating */
+ if (s->new_session)
+ {
+ SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING);
+ ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE);
+ goto err;
+ }
+ s->s3->send_connection_binding = 1;
+ p += n;
+#ifdef OPENSSL_RI_DEBUG
+ fprintf(stderr, "SCSV received by server\n");
+#endif
+ continue;
+ }
+
c=ssl_get_cipher_by_char(s,p);
p+=n;
if (c != NULL)
@@ -1642,6 +1692,10 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m
}
#endif
#endif
+ /* Default is to connect to non-RI servers. When RI is more widely
+ * deployed might change this.
+ */
+ ret->options = SSL_OP_LEGACY_SERVER_CONNECT;
return(ret);
err:
diff -up openssl-1.0.0-beta4/ssl/ssl3.h.scsv openssl-1.0.0-beta4/ssl/ssl3.h
--- openssl-1.0.0-beta4/ssl/ssl3.h.scsv 2010-01-07 23:37:38.000000000 +0100
+++ openssl-1.0.0-beta4/ssl/ssl3.h 2010-01-07 23:37:39.000000000 +0100
@@ -128,6 +128,9 @@
extern "C" {
#endif
+/* Signalling cipher suite value: from draft-ietf-tls-renegotiation-03.txt */
+#define SSL3_CK_SCSV 0x030000FF
+
#define SSL3_CK_RSA_NULL_MD5 0x03000001
#define SSL3_CK_RSA_NULL_SHA 0x03000002
#define SSL3_CK_RSA_RC4_40_MD5 0x03000003
diff -up openssl-1.0.0-beta4/ssl/s3_clnt.c.scsv openssl-1.0.0-beta4/ssl/s3_clnt.c
--- openssl-1.0.0-beta4/ssl/s3_clnt.c.scsv 2010-01-07 23:37:39.000000000 +0100
+++ openssl-1.0.0-beta4/ssl/s3_clnt.c 2010-01-07 23:37:39.000000000 +0100
@@ -916,7 +916,7 @@ int ssl3_get_server_hello(SSL *s)
#ifndef OPENSSL_NO_TLSEXT
/* TLS extensions*/
- if (s->version > SSL3_VERSION)
+ if (s->version >= SSL3_VERSION)
{
if (!ssl_parse_serverhello_tlsext(s,&p,d,n, &al))
{
diff -up openssl-1.0.0-beta4/ssl/s3_pkt.c.scsv openssl-1.0.0-beta4/ssl/s3_pkt.c
--- openssl-1.0.0-beta4/ssl/s3_pkt.c.scsv 2009-07-14 17:28:44.000000000 +0200
+++ openssl-1.0.0-beta4/ssl/s3_pkt.c 2010-01-07 23:37:39.000000000 +0100
@@ -1120,7 +1120,25 @@ start:
* now try again to obtain the (application) data we were asked for */
goto start;
}
-
+ /* If we are a server and get a client hello when renegotiation isn't
+ * allowed send back a no renegotiation alert and carry on.
+ * WARNING: experimental code, needs reviewing (steve)
+ */
+ if (s->server &&
+ SSL_is_init_finished(s) &&
+ !s->s3->send_connection_binding &&
+ (s->version > SSL3_VERSION) &&
+ (s->s3->handshake_fragment_len >= 4) &&
+ (s->s3->handshake_fragment[0] == SSL3_MT_CLIENT_HELLO) &&
+ (s->session != NULL) && (s->session->cipher != NULL) &&
+ !(s->ctx->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION))
+
+ {
+ /*s->s3->handshake_fragment_len = 0;*/
+ rr->length = 0;
+ ssl3_send_alert(s,SSL3_AL_WARNING, SSL_AD_NO_RENEGOTIATION);
+ goto start;
+ }
if (s->s3->alert_fragment_len >= 2)
{
int alert_level = s->s3->alert_fragment[0];
@@ -1150,6 +1168,21 @@ start:
s->shutdown |= SSL_RECEIVED_SHUTDOWN;
return(0);
}
+ /* This is a warning but we receive it if we requested
+ * renegotiation and the peer denied it. Terminate with
+ * a fatal alert because if application tried to
+ * renegotiatie it presumably had a good reason and
+ * expects it to succeed.
+ *
+ * In future we might have a renegotiation where we
+ * don't care if the peer refused it where we carry on.
+ */
+ else if (alert_descr == SSL_AD_NO_RENEGOTIATION)
+ {
+ al = SSL_AD_HANDSHAKE_FAILURE;
+ SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_NO_RENEGOTIATION);
+ goto f_err;
+ }
}
else if (alert_level == 2) /* fatal */
{
diff -up openssl-1.0.0-beta4/ssl/s3_srvr.c.scsv openssl-1.0.0-beta4/ssl/s3_srvr.c
--- openssl-1.0.0-beta4/ssl/s3_srvr.c.scsv 2010-01-07 23:37:39.000000000 +0100
+++ openssl-1.0.0-beta4/ssl/s3_srvr.c 2010-01-07 23:37:39.000000000 +0100
@@ -1015,7 +1015,7 @@ int ssl3_get_client_hello(SSL *s)
#ifndef OPENSSL_NO_TLSEXT
/* TLS extensions*/
- if (s->version > SSL3_VERSION)
+ if (s->version >= SSL3_VERSION)
{
if (!ssl_parse_clienthello_tlsext(s,&p,d,n, &al))
{
diff -up openssl-1.0.0-beta4/ssl/t1_lib.c.scsv openssl-1.0.0-beta4/ssl/t1_lib.c
--- openssl-1.0.0-beta4/ssl/t1_lib.c.scsv 2010-01-07 23:37:39.000000000 +0100
+++ openssl-1.0.0-beta4/ssl/t1_lib.c 2010-01-07 23:38:08.000000000 +0100
@@ -275,8 +275,9 @@ unsigned char *ssl_add_clienthello_tlsex
int extdatalen=0;
unsigned char *ret = p;
- /* don't add extensions for SSLv3 */
- if (s->client_version == SSL3_VERSION)
+ /* don't add extensions for SSLv3 unless doing secure renegotiation */
+ if (s->client_version == SSL3_VERSION
+ && !s->s3->send_connection_binding)
return p;
ret+=2;
@@ -315,8 +316,9 @@ unsigned char *ssl_add_clienthello_tlsex
ret+=size_str;
}
- /* Add the renegotiation option: TODOEKR switch */
- {
+ /* Add RI if renegotiating */
+ if (s->new_session)
+ {
int el;
if(!ssl_add_clienthello_renegotiate_ext(s, 0, &el, 0))
@@ -504,8 +506,8 @@ unsigned char *ssl_add_serverhello_tlsex
int extdatalen=0;
unsigned char *ret = p;
- /* don't add extensions for SSLv3 */
- if (s->version == SSL3_VERSION)
+ /* don't add extensions for SSLv3, unless doing secure renegotiation */
+ if (s->version == SSL3_VERSION && !s->s3->send_connection_binding)
return p;
ret+=2;
@@ -633,24 +635,13 @@ int ssl_parse_clienthello_tlsext(SSL *s,
s->servername_done = 0;
s->tlsext_status_type = -1;
- s->s3->send_connection_binding = 0;
if (data >= (d+n-2))
- {
- if (s->new_session
- && !(s->ctx->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION))
- {
- /* We should always see one extension: the renegotiate extension */
- *al = SSL_AD_ILLEGAL_PARAMETER; /* is this the right alert? */
- SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT, SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
- return 0;
- }
- return 1;
- }
+ goto ri_check;
n2s(data,len);
if (data > (d+n-len))
- return 1;
+ goto ri_check;
while (data <= (d+n-4))
{
@@ -658,7 +649,7 @@ int ssl_parse_clienthello_tlsext(SSL *s,
n2s(data,size);
if (data+size > (d+n))
- return 1;
+ goto ri_check;
#if 0
fprintf(stderr,"Received extension type %d size %d\n",type,size);
#endif
@@ -971,17 +962,22 @@ int ssl_parse_clienthello_tlsext(SSL *s,
/* session ticket processed earlier */
data+=size;
}
-
- if (s->new_session && !renegotiate_seen
- && !(s->ctx->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION))
- {
- SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT, SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
- *al = SSL_AD_ILLEGAL_PARAMETER; /* is this the right alert? */
- return 0;
- }
-
*p = data;
+
+ ri_check:
+
+ /* Need RI if renegotiating */
+
+ if (!renegotiate_seen && s->new_session &&
+ !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION))
+ {
+ *al = SSL_AD_HANDSHAKE_FAILURE;
+ SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT,
+ SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
+ return 0;
+ }
+
return 1;
}
@@ -995,21 +991,7 @@ int ssl_parse_serverhello_tlsext(SSL *s,
int renegotiate_seen = 0;
if (data >= (d+n-2))
- {
-#if 0
- /* Because the client does not see any renegotiation during an
- attack, we must enforce this on all server hellos, even the
- first */
- if (!(s->ctx->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION))
- {
- /* We should always see one extension: the renegotiate extension */
- *al = SSL_AD_ILLEGAL_PARAMETER; /* is this the right alert? */
- SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT, SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
- return 0;
- }
-#endif
- return 1;
- }
+ goto ri_check;
n2s(data,len);
@@ -1019,7 +1001,7 @@ int ssl_parse_serverhello_tlsext(SSL *s,
n2s(data,size);
if (data+size > (d+n))
- return 1;
+ goto ri_check;
if (s->tlsext_debug_cb)
s->tlsext_debug_cb(s, 1, type, data, size,
@@ -1143,16 +1125,6 @@ int ssl_parse_serverhello_tlsext(SSL *s,
return 0;
}
-#if 0
- if (!renegotiate_seen
- && !(s->ctx->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION))
- {
- *al = SSL_AD_ILLEGAL_PARAMETER; /* is this the right alert? */
- SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT, SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
- return 0;
- }
-#endif
-
if (!s->hit && tlsext_servername == 1)
{
if (s->tlsext_hostname)
@@ -1175,6 +1147,26 @@ int ssl_parse_serverhello_tlsext(SSL *s,
}
*p = data;
+
+ ri_check:
+
+ /* Determine if we need to see RI. Strictly speaking if we want to
+ * avoid an attack we should *always* see RI even on initial server
+ * hello because the client doesn't see any renegotiation during an
+ * attack. However this would mean we could not connect to any server
+ * which doesn't support RI so for the immediate future tolerate RI
+ * absence on initial connect only.
+ */
+ if (!renegotiate_seen &&
+ (s->new_session || !(s->options & SSL_OP_LEGACY_SERVER_CONNECT))
+ && !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION))
+ {
+ *al = SSL_AD_HANDSHAKE_FAILURE;
+ SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT,
+ SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
+ return 0;
+ }
+
return 1;
}
diff -up openssl-1.0.0-beta4/ssl/t1_reneg.c.scsv openssl-1.0.0-beta4/ssl/t1_reneg.c
--- openssl-1.0.0-beta4/ssl/t1_reneg.c.scsv 2009-11-09 19:45:42.000000000 +0100
+++ openssl-1.0.0-beta4/ssl/t1_reneg.c 2010-01-07 23:37:39.000000000 +0100
@@ -130,10 +130,15 @@ int ssl_add_clienthello_renegotiate_ext(
memcpy(p, s->s3->previous_client_finished,
s->s3->previous_client_finished_len);
+#ifdef OPENSSL_RI_DEBUG
+ fprintf(stderr, "%s RI extension sent by client\n",
+ s->s3->previous_client_finished_len ? "Non-empty" : "Empty");
+#endif
}
*len=s->s3->previous_client_finished_len + 1;
-
+
+
return 1;
}
@@ -166,7 +171,7 @@ int ssl_parse_clienthello_renegotiate_ex
if(ilen != s->s3->previous_client_finished_len)
{
SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_MISMATCH);
- *al=SSL_AD_ILLEGAL_PARAMETER;
+ *al=SSL_AD_HANDSHAKE_FAILURE;
return 0;
}
@@ -174,9 +179,13 @@ int ssl_parse_clienthello_renegotiate_ex
s->s3->previous_client_finished_len))
{
SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_MISMATCH);
- *al=SSL_AD_ILLEGAL_PARAMETER;
+ *al=SSL_AD_HANDSHAKE_FAILURE;
return 0;
}
+#ifdef OPENSSL_RI_DEBUG
+ fprintf(stderr, "%s RI extension received by server\n",
+ ilen ? "Non-empty" : "Empty");
+#endif
s->s3->send_connection_binding=1;
@@ -206,6 +215,10 @@ int ssl_add_serverhello_renegotiate_ext(
memcpy(p, s->s3->previous_server_finished,
s->s3->previous_server_finished_len);
+#ifdef OPENSSL_RI_DEBUG
+ fprintf(stderr, "%s RI extension sent by server\n",
+ s->s3->previous_client_finished_len ? "Non-empty" : "Empty");
+#endif
}
*len=s->s3->previous_client_finished_len
@@ -249,7 +262,7 @@ int ssl_parse_serverhello_renegotiate_ex
if(ilen != expected_len)
{
SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_MISMATCH);
- *al=SSL_AD_ILLEGAL_PARAMETER;
+ *al=SSL_AD_HANDSHAKE_FAILURE;
return 0;
}
@@ -257,7 +270,7 @@ int ssl_parse_serverhello_renegotiate_ex
s->s3->previous_client_finished_len))
{
SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_MISMATCH);
- *al=SSL_AD_ILLEGAL_PARAMETER;
+ *al=SSL_AD_HANDSHAKE_FAILURE;
return 0;
}
d += s->s3->previous_client_finished_len;
@@ -269,6 +282,11 @@ int ssl_parse_serverhello_renegotiate_ex
*al=SSL_AD_ILLEGAL_PARAMETER;
return 0;
}
+#ifdef OPENSSL_RI_DEBUG
+ fprintf(stderr, "%s RI extension received by client\n",
+ ilen ? "Non-empty" : "Empty");
+#endif
+ s->s3->send_connection_binding=1;
return 1;
}

View File

@ -1,237 +0,0 @@
diff -up openssl-1.0.0-beta4/apps/s_cb.c.reneg openssl-1.0.0-beta4/apps/s_cb.c
--- openssl-1.0.0-beta4/apps/s_cb.c.reneg 2009-10-15 20:48:47.000000000 +0200
+++ openssl-1.0.0-beta4/apps/s_cb.c 2009-11-12 15:02:30.000000000 +0100
@@ -669,6 +669,10 @@ void MS_CALLBACK tlsext_cb(SSL *s, int c
extname = "server ticket";
break;
+ case TLSEXT_TYPE_renegotiate:
+ extname = "renegotiate";
+ break;
+
#ifdef TLSEXT_TYPE_opaque_prf_input
case TLSEXT_TYPE_opaque_prf_input:
extname = "opaque PRF input";
diff -up openssl-1.0.0-beta4/apps/s_client.c.reneg openssl-1.0.0-beta4/apps/s_client.c
--- openssl-1.0.0-beta4/apps/s_client.c.reneg 2009-11-12 14:57:48.000000000 +0100
+++ openssl-1.0.0-beta4/apps/s_client.c 2009-11-12 15:01:48.000000000 +0100
@@ -343,6 +343,7 @@ static void sc_usage(void)
BIO_printf(bio_err," -status - request certificate status from server\n");
BIO_printf(bio_err," -no_ticket - disable use of RFC4507bis session tickets\n");
#endif
+ BIO_printf(bio_err," -legacy_renegotiation - enable use of legacy renegotiation (dangerous)\n");
}
#ifndef OPENSSL_NO_TLSEXT
@@ -657,6 +658,8 @@ int MAIN(int argc, char **argv)
#endif
else if (strcmp(*argv,"-serverpref") == 0)
off|=SSL_OP_CIPHER_SERVER_PREFERENCE;
+ else if (strcmp(*argv,"-legacy_renegotiation") == 0)
+ off|=SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION;
else if (strcmp(*argv,"-cipher") == 0)
{
if (--argc < 1) goto bad;
diff -up openssl-1.0.0-beta4/apps/s_server.c.reneg openssl-1.0.0-beta4/apps/s_server.c
--- openssl-1.0.0-beta4/apps/s_server.c.reneg 2009-11-12 14:57:48.000000000 +0100
+++ openssl-1.0.0-beta4/apps/s_server.c 2009-11-12 15:01:48.000000000 +0100
@@ -491,6 +491,7 @@ static void sv_usage(void)
BIO_printf(bio_err," not specified (default is %s)\n",TEST_CERT2);
BIO_printf(bio_err," -tlsextdebug - hex dump of all TLS extensions received\n");
BIO_printf(bio_err," -no_ticket - disable use of RFC4507bis session tickets\n");
+ BIO_printf(bio_err," -legacy_renegotiation - enable use of legacy renegotiation (dangerous)\n");
#endif
}
@@ -1013,6 +1014,8 @@ int MAIN(int argc, char *argv[])
verify_return_error = 1;
else if (strcmp(*argv,"-serverpref") == 0)
{ off|=SSL_OP_CIPHER_SERVER_PREFERENCE; }
+ else if (strcmp(*argv,"-legacy_renegotiation") == 0)
+ off|=SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION;
else if (strcmp(*argv,"-cipher") == 0)
{
if (--argc < 1) goto bad;
diff -up openssl-1.0.0-beta4/ssl/tls1.h.reneg openssl-1.0.0-beta4/ssl/tls1.h
--- openssl-1.0.0-beta4/ssl/tls1.h.reneg 2009-11-12 14:57:47.000000000 +0100
+++ openssl-1.0.0-beta4/ssl/tls1.h 2009-11-12 15:02:30.000000000 +0100
@@ -201,6 +201,9 @@ extern "C" {
# define TLSEXT_TYPE_opaque_prf_input ?? */
#endif
+/* Temporary extension type */
+#define TLSEXT_TYPE_renegotiate 0xff01
+
/* NameType value from RFC 3546 */
#define TLSEXT_NAMETYPE_host_name 0
/* status request value from RFC 3546 */
diff -up openssl-1.0.0-beta4/ssl/t1_lib.c.reneg openssl-1.0.0-beta4/ssl/t1_lib.c
--- openssl-1.0.0-beta4/ssl/t1_lib.c.reneg 2009-11-08 15:36:32.000000000 +0100
+++ openssl-1.0.0-beta4/ssl/t1_lib.c 2009-11-12 15:02:30.000000000 +0100
@@ -315,6 +315,30 @@ unsigned char *ssl_add_clienthello_tlsex
ret+=size_str;
}
+ /* Add the renegotiation option: TODOEKR switch */
+ {
+ int el;
+
+ if(!ssl_add_clienthello_renegotiate_ext(s, 0, &el, 0))
+ {
+ SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
+ return NULL;
+ }
+
+ if((limit - p - 4 - el) < 0) return NULL;
+
+ s2n(TLSEXT_TYPE_renegotiate,ret);
+ s2n(el,ret);
+
+ if(!ssl_add_clienthello_renegotiate_ext(s, ret, &el, el))
+ {
+ SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
+ return NULL;
+ }
+
+ ret += el;
+ }
+
#ifndef OPENSSL_NO_EC
if (s->tlsext_ecpointformatlist != NULL)
{
@@ -490,6 +514,31 @@ unsigned char *ssl_add_serverhello_tlsex
s2n(TLSEXT_TYPE_server_name,ret);
s2n(0,ret);
}
+
+ if(s->s3->send_connection_binding)
+ {
+ int el;
+
+ if(!ssl_add_serverhello_renegotiate_ext(s, 0, &el, 0))
+ {
+ SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
+ return NULL;
+ }
+
+ if((limit - p - 4 - el) < 0) return NULL;
+
+ s2n(TLSEXT_TYPE_renegotiate,ret);
+ s2n(el,ret);
+
+ if(!ssl_add_serverhello_renegotiate_ext(s, ret, &el, el))
+ {
+ SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
+ return NULL;
+ }
+
+ ret += el;
+ }
+
#ifndef OPENSSL_NO_EC
if (s->tlsext_ecpointformatlist != NULL)
{
@@ -574,11 +623,23 @@ int ssl_parse_clienthello_tlsext(SSL *s,
unsigned short size;
unsigned short len;
unsigned char *data = *p;
+ int renegotiate_seen = 0;
+
s->servername_done = 0;
s->tlsext_status_type = -1;
+ s->s3->send_connection_binding = 0;
if (data >= (d+n-2))
+ {
+ if (s->new_session
+ && !(s->ctx->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION))
+ {
+ /* We should always see one extension: the renegotiate extension */
+ *al = SSL_AD_ILLEGAL_PARAMETER; /* is this the right alert? */
+ return 0;
+ }
return 1;
+ }
n2s(data,len);
if (data > (d+n-len))
@@ -790,6 +851,12 @@ int ssl_parse_clienthello_tlsext(SSL *s,
return 0;
}
}
+ else if (type == TLSEXT_TYPE_renegotiate)
+ {
+ if(!ssl_parse_clienthello_renegotiate_ext(s, data, size, al))
+ return 0;
+ renegotiate_seen = 1;
+ }
else if (type == TLSEXT_TYPE_status_request
&& s->ctx->tlsext_status_cb)
{
@@ -894,6 +961,14 @@ int ssl_parse_clienthello_tlsext(SSL *s,
/* session ticket processed earlier */
data+=size;
}
+
+ if (s->new_session && !renegotiate_seen
+ && !(s->ctx->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION))
+ {
+ *al = SSL_AD_ILLEGAL_PARAMETER; /* is this the right alert? */
+ return 0;
+ }
+
*p = data;
return 1;
@@ -905,11 +980,22 @@ int ssl_parse_serverhello_tlsext(SSL *s,
unsigned short size;
unsigned short len;
unsigned char *data = *p;
-
int tlsext_servername = 0;
+ int renegotiate_seen = 0;
if (data >= (d+n-2))
+ {
+ /* Because the client does not see any renegotiation during an
+ attack, we must enforce this on all server hellos, even the
+ first */
+ if (!(s->ctx->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION))
+ {
+ /* We should always see one extension: the renegotiate extension */
+ *al = SSL_AD_ILLEGAL_PARAMETER; /* is this the right alert? */
+ return 0;
+ }
return 1;
+ }
n2s(data,len);
@@ -1025,7 +1111,12 @@ int ssl_parse_serverhello_tlsext(SSL *s,
/* Set flag to expect CertificateStatus message */
s->tlsext_status_expected = 1;
}
-
+ else if (type == TLSEXT_TYPE_renegotiate)
+ {
+ if(!ssl_parse_serverhello_renegotiate_ext(s, data, size, al))
+ return 0;
+ renegotiate_seen = 1;
+ }
data+=size;
}
@@ -1035,6 +1126,13 @@ int ssl_parse_serverhello_tlsext(SSL *s,
return 0;
}
+ if (!renegotiate_seen
+ && !(s->ctx->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION))
+ {
+ *al = SSL_AD_ILLEGAL_PARAMETER; /* is this the right alert? */
+ return 0;
+ }
+
if (!s->hit && tlsext_servername == 1)
{
if (s->tlsext_hostname)

View File

@ -1,193 +0,0 @@
diff -up openssl-1.0.0-beta4/ssl/ssl_err.c.tls-comp openssl-1.0.0-beta4/ssl/ssl_err.c
--- openssl-1.0.0-beta4/ssl/ssl_err.c.tls-comp 2010-01-07 18:45:46.000000000 +0100
+++ openssl-1.0.0-beta4/ssl/ssl_err.c 2010-01-07 22:46:10.000000000 +0100
@@ -329,6 +329,7 @@ static ERR_STRING_DATA SSL_str_reasons[]
{ERR_REASON(SSL_R_CIPHER_TABLE_SRC_ERROR),"cipher table src error"},
{ERR_REASON(SSL_R_CLIENTHELLO_TLSEXT) ,"clienthello tlsext"},
{ERR_REASON(SSL_R_COMPRESSED_LENGTH_TOO_LONG),"compressed length too long"},
+{ERR_REASON(SSL_R_COMPRESSION_DISABLED) ,"compression disabled"},
{ERR_REASON(SSL_R_COMPRESSION_FAILURE) ,"compression failure"},
{ERR_REASON(SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE),"compression id not within private range"},
{ERR_REASON(SSL_R_COMPRESSION_LIBRARY_ERROR),"compression library error"},
@@ -357,8 +358,10 @@ static ERR_STRING_DATA SSL_str_reasons[]
{ERR_REASON(SSL_R_HTTPS_PROXY_REQUEST) ,"https proxy request"},
{ERR_REASON(SSL_R_HTTP_REQUEST) ,"http request"},
{ERR_REASON(SSL_R_ILLEGAL_PADDING) ,"illegal padding"},
+{ERR_REASON(SSL_R_INCONSISTENT_COMPRESSION),"inconsistent compression"},
{ERR_REASON(SSL_R_INVALID_CHALLENGE_LENGTH),"invalid challenge length"},
{ERR_REASON(SSL_R_INVALID_COMMAND) ,"invalid command"},
+{ERR_REASON(SSL_R_INVALID_COMPRESSION_ALGORITHM),"invalid compression algorithm"},
{ERR_REASON(SSL_R_INVALID_PURPOSE) ,"invalid purpose"},
{ERR_REASON(SSL_R_INVALID_STATUS_RESPONSE),"invalid status response"},
{ERR_REASON(SSL_R_INVALID_TICKET_KEYS_LENGTH),"invalid ticket keys length"},
@@ -421,6 +424,7 @@ static ERR_STRING_DATA SSL_str_reasons[]
{ERR_REASON(SSL_R_NULL_SSL_CTX) ,"null ssl ctx"},
{ERR_REASON(SSL_R_NULL_SSL_METHOD_PASSED),"null ssl method passed"},
{ERR_REASON(SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED),"old session cipher not returned"},
+{ERR_REASON(SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED),"old session compression algorithm not returned"},
{ERR_REASON(SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE),"only tls allowed in fips mode"},
{ERR_REASON(SSL_R_OPAQUE_PRF_INPUT_TOO_LONG),"opaque PRF input too long"},
{ERR_REASON(SSL_R_PACKET_LENGTH_TOO_LONG),"packet length too long"},
@@ -451,6 +455,7 @@ static ERR_STRING_DATA SSL_str_reasons[]
{ERR_REASON(SSL_R_RENEGOTIATION_ENCODING_ERR),"renegotiation encoding err"},
{ERR_REASON(SSL_R_RENEGOTIATION_MISMATCH),"renegotiation mismatch"},
{ERR_REASON(SSL_R_REQUIRED_CIPHER_MISSING),"required cipher missing"},
+{ERR_REASON(SSL_R_REQUIRED_COMPRESSSION_ALGORITHM_MISSING),"required compresssion algorithm missing"},
{ERR_REASON(SSL_R_REUSE_CERT_LENGTH_NOT_ZERO),"reuse cert length not zero"},
{ERR_REASON(SSL_R_REUSE_CERT_TYPE_NOT_ZERO),"reuse cert type not zero"},
{ERR_REASON(SSL_R_REUSE_CIPHER_LIST_NOT_ZERO),"reuse cipher list not zero"},
diff -up openssl-1.0.0-beta4/ssl/ssl.h.tls-comp openssl-1.0.0-beta4/ssl/ssl.h
--- openssl-1.0.0-beta4/ssl/ssl.h.tls-comp 2010-01-07 18:45:46.000000000 +0100
+++ openssl-1.0.0-beta4/ssl/ssl.h 2010-01-07 22:47:07.000000000 +0100
@@ -485,7 +485,7 @@ typedef struct ssl_session_st
long timeout;
long time;
- int compress_meth; /* Need to lookup the method */
+ unsigned int compress_meth; /* Need to lookup the method */
const SSL_CIPHER *cipher;
unsigned long cipher_id; /* when ASN.1 loaded, this
@@ -2051,6 +2051,7 @@ void ERR_load_SSL_strings(void);
#define SSL_R_CIPHER_TABLE_SRC_ERROR 139
#define SSL_R_CLIENTHELLO_TLSEXT 226
#define SSL_R_COMPRESSED_LENGTH_TOO_LONG 140
+#define SSL_R_COMPRESSION_DISABLED 343
#define SSL_R_COMPRESSION_FAILURE 141
#define SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE 307
#define SSL_R_COMPRESSION_LIBRARY_ERROR 142
@@ -2079,8 +2080,10 @@ void ERR_load_SSL_strings(void);
#define SSL_R_HTTPS_PROXY_REQUEST 155
#define SSL_R_HTTP_REQUEST 156
#define SSL_R_ILLEGAL_PADDING 283
+#define SSL_R_INCONSISTENT_COMPRESSION 340
#define SSL_R_INVALID_CHALLENGE_LENGTH 158
#define SSL_R_INVALID_COMMAND 280
+#define SSL_R_INVALID_COMPRESSION_ALGORITHM 341
#define SSL_R_INVALID_PURPOSE 278
#define SSL_R_INVALID_STATUS_RESPONSE 328
#define SSL_R_INVALID_TICKET_KEYS_LENGTH 325
@@ -2143,6 +2146,7 @@ void ERR_load_SSL_strings(void);
#define SSL_R_NULL_SSL_CTX 195
#define SSL_R_NULL_SSL_METHOD_PASSED 196
#define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED 197
+#define SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED 344
#define SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE 297
#define SSL_R_OPAQUE_PRF_INPUT_TOO_LONG 327
#define SSL_R_PACKET_LENGTH_TOO_LONG 198
@@ -2173,6 +2177,7 @@ void ERR_load_SSL_strings(void);
#define SSL_R_RENEGOTIATION_ENCODING_ERR 336
#define SSL_R_RENEGOTIATION_MISMATCH 337
#define SSL_R_REQUIRED_CIPHER_MISSING 215
+#define SSL_R_REQUIRED_COMPRESSSION_ALGORITHM_MISSING 342
#define SSL_R_REUSE_CERT_LENGTH_NOT_ZERO 216
#define SSL_R_REUSE_CERT_TYPE_NOT_ZERO 217
#define SSL_R_REUSE_CIPHER_LIST_NOT_ZERO 218
diff -up openssl-1.0.0-beta4/ssl/s3_clnt.c.tls-comp openssl-1.0.0-beta4/ssl/s3_clnt.c
--- openssl-1.0.0-beta4/ssl/s3_clnt.c.tls-comp 2010-01-07 17:53:12.000000000 +0100
+++ openssl-1.0.0-beta4/ssl/s3_clnt.c 2010-01-07 22:47:07.000000000 +0100
@@ -895,10 +895,31 @@ int ssl3_get_server_hello(SSL *s)
SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
goto f_err;
}
+ /* If compression is disabled we'd better not try to resume a session
+ * using compression.
+ */
+ if (s->session->compress_meth != 0)
+ {
+ al=SSL_AD_INTERNAL_ERROR;
+ SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_INCONSISTENT_COMPRESSION);
+ goto f_err;
+ }
#else
j= *(p++);
- if ((j == 0) || (s->options & SSL_OP_NO_COMPRESSION))
+ if (s->hit && j != s->session->compress_meth)
+ {
+ al=SSL_AD_ILLEGAL_PARAMETER;
+ SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED);
+ goto f_err;
+ }
+ if (j == 0)
comp=NULL;
+ else if (s->options & SSL_OP_NO_COMPRESSION)
+ {
+ al=SSL_AD_ILLEGAL_PARAMETER;
+ SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_COMPRESSION_DISABLED);
+ goto f_err;
+ }
else
comp=ssl3_comp_find(s->ctx->comp_methods,j);
diff -up openssl-1.0.0-beta4/ssl/s3_srvr.c.tls-comp openssl-1.0.0-beta4/ssl/s3_srvr.c
--- openssl-1.0.0-beta4/ssl/s3_srvr.c.tls-comp 2010-01-07 17:53:12.000000000 +0100
+++ openssl-1.0.0-beta4/ssl/s3_srvr.c 2010-01-07 22:46:10.000000000 +0100
@@ -1088,7 +1088,50 @@ int ssl3_get_client_hello(SSL *s)
* algorithms from the client, starting at q. */
s->s3->tmp.new_compression=NULL;
#ifndef OPENSSL_NO_COMP
- if (!(s->options & SSL_OP_NO_COMPRESSION) && s->ctx->comp_methods)
+ /* This only happens if we have a cache hit */
+ if (s->session->compress_meth != 0)
+ {
+ int m, comp_id = s->session->compress_meth;
+ /* Perform sanity checks on resumed compression algorithm */
+ /* Can't disable compression */
+ if (s->options & SSL_OP_NO_COMPRESSION)
+ {
+ al=SSL_AD_INTERNAL_ERROR;
+ SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_INCONSISTENT_COMPRESSION);
+ goto f_err;
+ }
+ /* Look for resumed compression method */
+ for (m = 0; m < sk_SSL_COMP_num(s->ctx->comp_methods); m++)
+ {
+ comp=sk_SSL_COMP_value(s->ctx->comp_methods,m);
+ if (comp_id == comp->id)
+ {
+ s->s3->tmp.new_compression=comp;
+ break;
+ }
+ }
+ if (s->s3->tmp.new_compression == NULL)
+ {
+ al=SSL_AD_INTERNAL_ERROR;
+ SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_INVALID_COMPRESSION_ALGORITHM);
+ goto f_err;
+ }
+ /* Look for resumed method in compression list */
+ for (m = 0; m < i; m++)
+ {
+ if (q[m] == comp_id)
+ break;
+ }
+ if (m >= i)
+ {
+ al=SSL_AD_ILLEGAL_PARAMETER;
+ SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_REQUIRED_COMPRESSSION_ALGORITHM_MISSING);
+ goto f_err;
+ }
+ }
+ else if (s->hit)
+ comp = NULL;
+ else if (!(s->options & SSL_OP_NO_COMPRESSION) && s->ctx->comp_methods)
{ /* See if we have a match */
int m,nn,o,v,done=0;
@@ -1112,6 +1155,16 @@ int ssl3_get_client_hello(SSL *s)
else
comp=NULL;
}
+#else
+ /* If compression is disabled we'd better not try to resume a session
+ * using compression.
+ */
+ if (s->session->compress_meth != 0)
+ {
+ al=SSL_AD_INTERNAL_ERROR;
+ SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_INCONSISTENT_COMPRESSION);
+ goto f_err;
+ }
#endif
/* Given s->session->ciphers and SSL_get_ciphers, we must

View File

@ -1,27 +0,0 @@
Fix handling of future TLS versions.
diff -up openssl-1.0.0-beta4/ssl/s23_srvr.c.tlsver openssl-1.0.0-beta4/ssl/s23_srvr.c
--- openssl-1.0.0-beta4/ssl/s23_srvr.c.tlsver 2010-01-12 22:20:15.000000000 +0100
+++ openssl-1.0.0-beta4/ssl/s23_srvr.c 2010-01-13 22:02:47.000000000 +0100
@@ -315,7 +315,7 @@ int ssl23_get_client_hello(SSL *s)
(p[1] == SSL3_VERSION_MAJOR) &&
(p[5] == SSL3_MT_CLIENT_HELLO) &&
((p[3] == 0 && p[4] < 5 /* silly record length? */)
- || (p[9] == p[1])))
+ || (p[9] >= p[1])))
{
/*
* SSLv3 or tls1 header
@@ -339,6 +339,13 @@ int ssl23_get_client_hello(SSL *s)
v[1] = TLS1_VERSION_MINOR;
#endif
}
+ /* if major version number > 3 set minor to a value
+ * which will use the highest version 3 we support.
+ * If TLS 2.0 ever appears we will need to revise
+ * this....
+ */
+ else if (p[9] > SSL3_VERSION_MAJOR)
+ v[1]=0xff;
else
v[1]=p[10]; /* minor version according to client_version */
if (v[1] >= TLS1_VERSION_MINOR)

View File

@ -1,16 +1,16 @@
diff -up openssl-1.0.0-beta3/ssl/ssl.h.cipher-change openssl-1.0.0-beta3/ssl/ssl.h diff -up openssl-1.0.0-beta5/ssl/ssl.h.cipher-change openssl-1.0.0-beta5/ssl/ssl.h
--- openssl-1.0.0-beta3/ssl/ssl.h.cipher-change 2009-08-05 18:22:45.000000000 +0200 --- openssl-1.0.0-beta5/ssl/ssl.h.cipher-change 2010-01-20 18:12:07.000000000 +0100
+++ openssl-1.0.0-beta3/ssl/ssl.h 2009-08-05 18:27:32.000000000 +0200 +++ openssl-1.0.0-beta5/ssl/ssl.h 2010-01-20 18:13:04.000000000 +0100
@@ -511,7 +511,7 @@ typedef struct ssl_session_st @@ -513,7 +513,7 @@ typedef struct ssl_session_st
#define SSL_OP_MICROSOFT_SESS_ID_BUG 0x00000001L
#define SSL_OP_NETSCAPE_CHALLENGE_BUG 0x00000002L #define SSL_OP_NETSCAPE_CHALLENGE_BUG 0x00000002L
/* Allow initial connection to servers that don't support RI */
#define SSL_OP_LEGACY_SERVER_CONNECT 0x00000004L
-#define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x00000008L -#define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x00000008L
+#define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x00000008L /* can break some security expectations */ +#define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x00000008L /* can break some security expectations */
#define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x00000010L #define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x00000010L
#define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020L #define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020L
#define SSL_OP_MSIE_SSLV2_RSA_PADDING 0x00000040L /* no effect since 0.9.7h and 0.9.8b */ #define SSL_OP_MSIE_SSLV2_RSA_PADDING 0x00000040L /* no effect since 0.9.7h and 0.9.8b */
@@ -528,7 +528,7 @@ typedef struct ssl_session_st @@ -530,7 +530,7 @@ typedef struct ssl_session_st
/* SSL_OP_ALL: various bug workarounds that should be rather harmless. /* SSL_OP_ALL: various bug workarounds that should be rather harmless.
* This used to be 0x000FFFFFL before 0.9.7. */ * This used to be 0x000FFFFFL before 0.9.7. */

View File

@ -1,6 +1,6 @@
diff -up openssl-1.0.0-beta4/Configure.enginesdir openssl-1.0.0-beta4/Configure diff -up openssl-1.0.0-beta5/Configure.enginesdir openssl-1.0.0-beta5/Configure
--- openssl-1.0.0-beta4/Configure.enginesdir 2009-11-12 12:17:59.000000000 +0100 --- openssl-1.0.0-beta5/Configure.enginesdir 2010-01-20 18:07:05.000000000 +0100
+++ openssl-1.0.0-beta4/Configure 2009-11-12 12:19:45.000000000 +0100 +++ openssl-1.0.0-beta5/Configure 2010-01-20 18:10:48.000000000 +0100
@@ -622,6 +622,7 @@ my $idx_multilib = $idx++; @@ -622,6 +622,7 @@ my $idx_multilib = $idx++;
my $prefix=""; my $prefix="";
my $libdir=""; my $libdir="";
@ -20,7 +20,7 @@ diff -up openssl-1.0.0-beta4/Configure.enginesdir openssl-1.0.0-beta4/Configure
elsif (/^--install.prefix=(.*)$/) elsif (/^--install.prefix=(.*)$/)
{ {
$install_prefix=$1; $install_prefix=$1;
@@ -1055,7 +1060,7 @@ chop $prefix if $prefix =~ /.\/$/; @@ -1053,7 +1058,7 @@ chop $prefix if $prefix =~ /.\/$/;
$openssldir=$prefix . "/ssl" if $openssldir eq ""; $openssldir=$prefix . "/ssl" if $openssldir eq "";
$openssldir=$prefix . "/" . $openssldir if $openssldir !~ /(^\/|^[a-zA-Z]:[\\\/])/; $openssldir=$prefix . "/" . $openssldir if $openssldir !~ /(^\/|^[a-zA-Z]:[\\\/])/;
@ -29,18 +29,18 @@ diff -up openssl-1.0.0-beta4/Configure.enginesdir openssl-1.0.0-beta4/Configure
print "IsMK1MF=$IsMK1MF\n"; print "IsMK1MF=$IsMK1MF\n";
@@ -1676,7 +1681,7 @@ while (<IN>) @@ -1673,7 +1678,7 @@ while (<IN>)
# $foo is to become "$prefix/lib$multilib/engines"; }
# as Makefile.org and engines/Makefile are adapted for elsif (/^#define\s+ENGINESDIR/)
# $multilib suffix. {
- my $foo = "$prefix/lib/engines"; - my $foo = "$prefix/$libdir/engines";
+ my $foo = "$enginesdir"; + my $foo = "$enginesdir";
$foo =~ s/\\/\\\\/g; $foo =~ s/\\/\\\\/g;
print OUT "#define ENGINESDIR \"$foo\"\n"; print OUT "#define ENGINESDIR \"$foo\"\n";
} }
diff -up openssl-1.0.0-beta4/engines/Makefile.enginesdir openssl-1.0.0-beta4/engines/Makefile diff -up openssl-1.0.0-beta5/engines/Makefile.enginesdir openssl-1.0.0-beta5/engines/Makefile
--- openssl-1.0.0-beta4/engines/Makefile.enginesdir 2009-11-10 02:52:52.000000000 +0100 --- openssl-1.0.0-beta5/engines/Makefile.enginesdir 2010-01-16 21:06:09.000000000 +0100
+++ openssl-1.0.0-beta4/engines/Makefile 2009-11-12 12:23:06.000000000 +0100 +++ openssl-1.0.0-beta5/engines/Makefile 2010-01-20 18:07:05.000000000 +0100
@@ -124,7 +124,7 @@ install: @@ -124,7 +124,7 @@ install:
sfx=".so"; \ sfx=".so"; \
cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \ cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \

View File

@ -1,7 +1,7 @@
diff -up openssl-0.9.8j/README.warning openssl-0.9.8j/README diff -up openssl-1.0.0-beta5/README.warning openssl-1.0.0-beta5/README
--- openssl-0.9.8j/README.warning 2009-01-07 11:50:53.000000000 +0100 --- openssl-1.0.0-beta5/README.warning 2010-01-20 16:00:47.000000000 +0100
+++ openssl-0.9.8j/README 2009-01-14 17:43:02.000000000 +0100 +++ openssl-1.0.0-beta5/README 2010-01-21 09:06:11.000000000 +0100
@@ -5,6 +5,31 @@ @@ -5,6 +5,35 @@
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
All rights reserved. All rights reserved.
@ -15,9 +15,15 @@ diff -up openssl-0.9.8j/README.warning openssl-0.9.8j/README
+ +
+ This version also contains a few differences from the upstream code + This version also contains a few differences from the upstream code
+ some of which are: + some of which are:
+ * The FIPS integrity verification check is implemented differently + * There are added changes forward ported from the upstream OpenSSL
+ from the upstream FIPS validated OpenSSL module. It verifies + 0.9.8 FIPS branch however the FIPS integrity verification check
+ HMAC-SHA256 checksum of the whole libcrypto shared library. + is implemented differently from the upstream FIPS validated OpenSSL
+ module. It verifies HMAC-SHA256 checksum of the whole shared
+ libraries. For this reason the changes are ported to files in the
+ crypto directory and not in a separate fips subdirectory. Also
+ note that the FIPS integrity verification check requires unmodified
+ libcrypto and libssl shared library files which means that it will
+ fail if these files are modified for example by prelink.
+ * The module respects the kernel FIPS flag /proc/sys/crypto/fips and + * The module respects the kernel FIPS flag /proc/sys/crypto/fips and
+ tries to initialize the FIPS mode if it is set to 1 aborting if the + tries to initialize the FIPS mode if it is set to 1 aborting if the
+ FIPS mode could not be initialized. It is also possible to force the + FIPS mode could not be initialized. It is also possible to force the
@ -27,8 +33,6 @@ diff -up openssl-0.9.8j/README.warning openssl-0.9.8j/README
+ will not automatically load the built in compression method ZLIB + will not automatically load the built in compression method ZLIB
+ when initialized. Applications can still explicitely ask for ZLIB + when initialized. Applications can still explicitely ask for ZLIB
+ compression method. + compression method.
+ * There is added a support for EAP-FAST through TLS extension. This code
+ is backported from OpenSSL upstream development branch.
+ +
DESCRIPTION DESCRIPTION
----------- -----------

View File

@ -1,14 +1,14 @@
We have to keep the beta status on 3 as some applications (OpenSSH) incorrectly insist We have to keep the beta status on 3 as some applications (OpenSSH) incorrectly insist
on having the same beta status of OpenSSL library as they were built against. on having the same beta status of OpenSSL library as they were built against.
diff -up openssl-1.0.0-beta4/crypto/opensslv.h.version openssl-1.0.0-beta4/crypto/opensslv.h diff -up openssl-1.0.0-beta5/crypto/opensslv.h.version openssl-1.0.0-beta5/crypto/opensslv.h
--- openssl-1.0.0-beta4/crypto/opensslv.h.version 2009-11-12 15:17:28.000000000 +0100 --- openssl-1.0.0-beta5/crypto/opensslv.h.version 2010-01-20 18:16:43.000000000 +0100
+++ openssl-1.0.0-beta4/crypto/opensslv.h 2009-11-13 12:39:08.000000000 +0100 +++ openssl-1.0.0-beta5/crypto/opensslv.h 2010-01-20 20:20:23.000000000 +0100
@@ -25,7 +25,7 @@ @@ -25,7 +25,7 @@
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
* major minor fix final patch/beta) * major minor fix final patch/beta)
*/ */
-#define OPENSSL_VERSION_NUMBER 0x10000004L -#define OPENSSL_VERSION_NUMBER 0x10000005L
+#define OPENSSL_VERSION_NUMBER 0x10000003L +#define OPENSSL_VERSION_NUMBER 0x10000003L
#ifdef OPENSSL_FIPS #ifdef OPENSSL_FIPS
#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.0-fips-beta4 10 Nov 2009" #define OPENSSL_VERSION_TEXT "OpenSSL 1.0.0-fips-beta5 20 Jan 2010"
#else #else

View File

@ -11,7 +11,7 @@
# 1.0.0 soversion = 10 # 1.0.0 soversion = 10
%define soversion 10 %define soversion 10
%define beta beta4 %define beta beta5
# Number of threads to spawn when testing some threading fixes. # Number of threads to spawn when testing some threading fixes.
%define thread_test_threads %{?threads:%{threads}}%{!?threads:1} %define thread_test_threads %{?threads:%{threads}}%{!?threads:1}
@ -23,7 +23,7 @@
Summary: A general purpose cryptography library with TLS implementation Summary: A general purpose cryptography library with TLS implementation
Name: openssl Name: openssl
Version: 1.0.0 Version: 1.0.0
Release: 0.19.%{beta}%{?dist} Release: 0.20.%{beta}%{?dist}
# We remove certain patented algorithms from the openssl source tarball # We remove certain patented algorithms from the openssl source tarball
# with the hobble-openssl script which is included below. # with the hobble-openssl script which is included below.
Source: openssl-%{version}-%{beta}-usa.tar.bz2 Source: openssl-%{version}-%{beta}-usa.tar.bz2
@ -38,43 +38,30 @@ Source11: README.FIPS
Patch0: openssl-1.0.0-beta4-redhat.patch Patch0: openssl-1.0.0-beta4-redhat.patch
Patch1: openssl-1.0.0-beta3-defaults.patch Patch1: openssl-1.0.0-beta3-defaults.patch
Patch3: openssl-1.0.0-beta3-soversion.patch Patch3: openssl-1.0.0-beta3-soversion.patch
Patch4: openssl-1.0.0-beta4-enginesdir.patch Patch4: openssl-1.0.0-beta5-enginesdir.patch
Patch5: openssl-0.9.8a-no-rpath.patch Patch5: openssl-0.9.8a-no-rpath.patch
Patch6: openssl-0.9.8b-test-use-localhost.patch Patch6: openssl-0.9.8b-test-use-localhost.patch
# Bug fixes # Bug fixes
Patch23: openssl-1.0.0-beta4-default-paths.patch Patch23: openssl-1.0.0-beta4-default-paths.patch
Patch24: openssl-1.0.0-beta4-binutils.patch Patch24: openssl-0.9.8j-bad-mime.patch
# Functionality changes # Functionality changes
Patch32: openssl-0.9.8g-ia64.patch Patch32: openssl-0.9.8g-ia64.patch
Patch33: openssl-1.0.0-beta4-ca-dir.patch Patch33: openssl-1.0.0-beta4-ca-dir.patch
Patch34: openssl-0.9.6-x509.patch Patch34: openssl-0.9.6-x509.patch
Patch35: openssl-0.9.8j-version-add-engines.patch Patch35: openssl-0.9.8j-version-add-engines.patch
Patch38: openssl-1.0.0-beta3-cipher-change.patch Patch38: openssl-1.0.0-beta5-cipher-change.patch
Patch39: openssl-1.0.0-beta3-ipv6-apps.patch Patch39: openssl-1.0.0-beta3-ipv6-apps.patch
Patch40: openssl-1.0.0-beta4-fips.patch Patch40: openssl-1.0.0-beta5-fips.patch
Patch41: openssl-1.0.0-beta3-fipscheck.patch Patch41: openssl-1.0.0-beta3-fipscheck.patch
Patch43: openssl-1.0.0-beta3-fipsmode.patch Patch43: openssl-1.0.0-beta3-fipsmode.patch
Patch44: openssl-1.0.0-beta3-fipsrng.patch Patch44: openssl-1.0.0-beta3-fipsrng.patch
Patch45: openssl-0.9.8j-env-nozlib.patch Patch45: openssl-0.9.8j-env-nozlib.patch
Patch47: openssl-0.9.8j-readme-warning.patch Patch47: openssl-1.0.0-beta5-readme-warning.patch
Patch48: openssl-0.9.8j-bad-mime.patch
Patch49: openssl-1.0.0-beta4-algo-doc.patch Patch49: openssl-1.0.0-beta4-algo-doc.patch
Patch50: openssl-1.0.0-beta4-dtls1-abi.patch Patch50: openssl-1.0.0-beta4-dtls1-abi.patch
Patch51: openssl-1.0.0-beta4-version.patch Patch51: openssl-1.0.0-beta5-version.patch
Patch52: openssl-1.0.0-beta4-aesni.patch
# Backported fixes including security fixes # Backported fixes including security fixes
Patch60: openssl-1.0.0-beta4-reneg.patch
# This one is not backported but has to be applied after reneg patch
Patch61: openssl-1.0.0-beta4-client-reneg.patch
Patch62: openssl-1.0.0-beta4-backports.patch
Patch63: openssl-1.0.0-beta4-reneg-err.patch
Patch64: openssl-1.0.0-beta4-dtls-ipv6.patch
Patch65: openssl-1.0.0-beta4-dtls-reneg.patch
Patch66: openssl-1.0.0-beta4-backports2.patch
Patch67: openssl-1.0.0-beta4-reneg-scsv.patch
Patch68: openssl-1.0.0-beta4-tls-comp.patch
Patch69: openssl-1.0.0-beta4-aesni.patch
Patch70: openssl-1.0.0-beta4-tlsver.patch
Patch71: openssl-1.0.0-beta4-cve-2009-4355.patch
License: OpenSSL License: OpenSSL
Group: System Environment/Libraries Group: System Environment/Libraries
@ -135,7 +122,7 @@ from other formats to the formats used by the OpenSSL toolkit.
%patch6 -p1 -b .use-localhost %patch6 -p1 -b .use-localhost
%patch23 -p1 -b .default-paths %patch23 -p1 -b .default-paths
%patch24 -p1 -b .binutils %patch24 -p1 -b .bad-mime
%patch32 -p1 -b .ia64 %patch32 -p1 -b .ia64
%patch33 -p1 -b .ca-dir %patch33 -p1 -b .ca-dir
@ -149,23 +136,10 @@ from other formats to the formats used by the OpenSSL toolkit.
%patch44 -p1 -b .fipsrng %patch44 -p1 -b .fipsrng
%patch45 -p1 -b .env-nozlib %patch45 -p1 -b .env-nozlib
%patch47 -p1 -b .warning %patch47 -p1 -b .warning
%patch48 -p1 -b .bad-mime
%patch49 -p1 -b .algo-doc %patch49 -p1 -b .algo-doc
%patch50 -p1 -b .dtls1-abi %patch50 -p1 -b .dtls1-abi
%patch51 -p1 -b .version %patch51 -p1 -b .version
%patch52 -p1 -b .aesni
%patch60 -p1 -b .reneg
%patch61 -p1 -b .client-reneg
%patch62 -p1 -b .backports
%patch63 -p1 -b .reneg-err
%patch64 -p1 -b .dtls-ipv6
%patch65 -p1 -b .dtls-reneg
%patch66 -p1 -b .backports2
%patch67 -p1 -b .scsv
%patch68 -p1 -b .tls-comp
%patch69 -p1 -b .aesni
%patch70 -p1 -b .tlsver
%patch71 -p1 -b .compleak
# Modify the various perl scripts to reference perl in the right location. # Modify the various perl scripts to reference perl in the right location.
perl util/perlpath.pl `dirname %{__perl}` perl util/perlpath.pl `dirname %{__perl}`
@ -264,12 +238,9 @@ make -C test apps tests
install -d $RPM_BUILD_ROOT{%{_bindir},%{_includedir},%{_libdir},%{_mandir},%{_libdir}/openssl} install -d $RPM_BUILD_ROOT{%{_bindir},%{_includedir},%{_libdir},%{_mandir},%{_libdir}/openssl}
make INSTALL_PREFIX=$RPM_BUILD_ROOT install make INSTALL_PREFIX=$RPM_BUILD_ROOT install
make INSTALL_PREFIX=$RPM_BUILD_ROOT install_docs make INSTALL_PREFIX=$RPM_BUILD_ROOT install_docs
# OpenSSL install doesn't use correct _libdir on 64 bit archs mv $RPM_BUILD_ROOT%{_libdir}/engines $RPM_BUILD_ROOT%{_libdir}/openssl
[ "%{_libdir}" != /usr/lib ] && mv $RPM_BUILD_ROOT/usr/lib/lib*.so.%{soversion} $RPM_BUILD_ROOT%{_libdir}/
mv $RPM_BUILD_ROOT/usr/lib/engines $RPM_BUILD_ROOT%{_libdir}/openssl
mv $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/man/* $RPM_BUILD_ROOT%{_mandir}/ mv $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/man/* $RPM_BUILD_ROOT%{_mandir}/
rmdir $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/man rmdir $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/man
mv $RPM_BUILD_ROOT/usr/lib/* $RPM_BUILD_ROOT%{_libdir}/ || :
rename so.%{soversion} so.%{version} $RPM_BUILD_ROOT%{_libdir}/*.so.%{soversion} rename so.%{soversion} so.%{version} $RPM_BUILD_ROOT%{_libdir}/*.so.%{soversion}
for lib in $RPM_BUILD_ROOT%{_libdir}/*.so.%{version} ; do for lib in $RPM_BUILD_ROOT%{_libdir}/*.so.%{version} ; do
chmod 755 ${lib} chmod 755 ${lib}
@ -414,6 +385,9 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.*
%postun -p /sbin/ldconfig %postun -p /sbin/ldconfig
%changelog %changelog
* Wed Jan 20 2010 Tomas Mraz <tmraz@redhat.com> 1.0.0-0.20.beta5
- new upstream release
* Thu Jan 14 2010 Tomas Mraz <tmraz@redhat.com> 1.0.0-0.19.beta4 * Thu Jan 14 2010 Tomas Mraz <tmraz@redhat.com> 1.0.0-0.19.beta4
- fix CVE-2009-4355 - leak in applications incorrectly calling - fix CVE-2009-4355 - leak in applications incorrectly calling
CRYPTO_free_all_ex_data() before application exit (#546707) CRYPTO_free_all_ex_data() before application exit (#546707)

View File

@ -1 +1 @@
1fc0e41c230d0698f834413dfba864ad openssl-1.0.0-beta4-usa.tar.bz2 531160d84017cb52e3c23b52cca0d5cf openssl-1.0.0-beta5-usa.tar.bz2