generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

PACKETize and clean up ssl_bytes_to_cipher_list.

Browse Source 
Fix alerts.

Reviewed-by: Matt Caswell <matt@openssl.org>
This commit is contained in:
Emilia Kasper 2015-10-01 12:53:08 +02:00
parent b3e2272c59
commit 38a3cbfbf7
1 changed files with 64 additions and 60 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

120
ssl/s3_srvr.c
View File

@ -164,8 +164,10 @@
#include <openssl/bn.h> #include <openssl/bn.h>
#include <openssl/md5.h> #include <openssl/md5.h>
static STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s, unsigned char *p, static STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,
int num, STACK_OF(SSL_CIPHER) **skp, int sslv2format); PACKET *cipher_suites,
STACK_OF(SSL_CIPHER) **skp,
int sslv2format, int *al);
#ifndef OPENSSL_NO_SRP #ifndef OPENSSL_NO_SRP
@ -1208,20 +1210,11 @@ int ssl3_get_client_hello(SSL *s)
} }
} }
if (PACKET_remaining(&cipher_suites) == 0) { if (ssl_bytes_to_cipher_list(s, &cipher_suites, &(ciphers),
/* we need at least one cipher */ is_v2_record, &al) == NULL) {
al = SSL_AD_ILLEGAL_PARAMETER;
SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_NO_CIPHERS_SPECIFIED);
goto f_err; goto f_err;
} }
if (ssl_bytes_to_cipher_list(s, PACKET_data(&cipher_suites),
PACKET_remaining(&cipher_suites),
&(ciphers), is_v2_record) == NULL) {
/* TODO(openssl-team): make this alert correctly. */
goto err;
}
/* If it is a hit, check that the cipher is in the list */ /* If it is a hit, check that the cipher is in the list */
if (s->hit) { if (s->hit) {
j = 0; j = 0;
@ -3452,32 +3445,49 @@ err:
#define SSLV2_CIPHER_LEN 3 #define SSLV2_CIPHER_LEN 3
STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s, unsigned char *p, STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,
int num, PACKET *cipher_suites,
STACK_OF(SSL_CIPHER) **skp, STACK_OF(SSL_CIPHER) **skp,
int sslv2format) int sslv2format, int *al
)
{ {
const SSL_CIPHER *c; const SSL_CIPHER *c;
STACK_OF(SSL_CIPHER) *sk; STACK_OF(SSL_CIPHER) *sk;
int i, n; int n;
/* 3 = SSLV2_CIPHER_LEN > TLS_CIPHER_LEN = 2. */
unsigned char cipher[SSLV2_CIPHER_LEN];
/*
* Can this ever happen?
* This method used to check for s->s3, but did so inconsistently.
*/
if (s->s3 == NULL) {
*al = SSL_AD_INTERNAL_ERROR;
return NULL;
}
if (s->s3)
s->s3->send_connection_binding = 0; s->s3->send_connection_binding = 0;
if(sslv2format) { n = sslv2format ? SSLV2_CIPHER_LEN : TLS_CIPHER_LEN;
n = SSLV2_CIPHER_LEN;
} else { if (PACKET_remaining(cipher_suites) == 0) {
n = TLS_CIPHER_LEN; SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, SSL_R_NO_CIPHERS_SPECIFIED);
*al = SSL_AD_ILLEGAL_PARAMETER;
return NULL;
} }
if (n == 0 || (num % n) != 0) {
if (PACKET_remaining(cipher_suites) % n != 0) {
SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,
SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST); SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
return (NULL); *al = SSL_AD_DECODE_ERROR;
return NULL;
} }
if ((skp == NULL) || (*skp == NULL)) { if ((skp == NULL) || (*skp == NULL)) {
sk = sk_SSL_CIPHER_new_null(); /* change perhaps later */ sk = sk_SSL_CIPHER_new_null(); /* change perhaps later */
if(sk == NULL) { if(sk == NULL) {
SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, ERR_R_MALLOC_FAILURE); SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, ERR_R_MALLOC_FAILURE);
*al = SSL_AD_INTERNAL_ERROR;
return NULL; return NULL;
} }
} else { } else {
@ -3485,28 +3495,33 @@ STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s, unsigned char *p,
sk_SSL_CIPHER_zero(sk); sk_SSL_CIPHER_zero(sk);
} }
OPENSSL_free(s->s3->tmp.ciphers_raw); if (!PACKET_memdup(cipher_suites, &s->s3->tmp.ciphers_raw,
s->s3->tmp.ciphers_raw = BUF_memdup(p, num); &s->s3->tmp.ciphers_rawlen)) {
if (s->s3->tmp.ciphers_raw == NULL) { *al = SSL_AD_INTERNAL_ERROR;
SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, ERR_R_MALLOC_FAILURE);
goto err; goto err;
} }
s->s3->tmp.ciphers_rawlen = (size_t)num;
for (i = 0; i < num; i += n) { while (PACKET_copy_bytes(cipher_suites, cipher, n)) {
/*
* We only support SSLv2 format ciphers in SSLv3+ using a
* SSLv2 backward compatible ClientHello. In this case the first
* byte is always 0 for SSLv3 compatible ciphers. Anything else
* is an SSLv2 cipher and we ignore it
*/
if (sslv2format && cipher[0] != '\0')
continue;
/* Check for TLS_EMPTY_RENEGOTIATION_INFO_SCSV */ /* Check for TLS_EMPTY_RENEGOTIATION_INFO_SCSV */
if (s->s3 && (n != 3 || !p[0]) && if ((cipher[n - 2] == ((SSL3_CK_SCSV >> 8) & 0xff)) &&
(p[n - 2] == ((SSL3_CK_SCSV >> 8) & 0xff)) && (cipher[n - 1] == (SSL3_CK_SCSV & 0xff))) {
(p[n - 1] == (SSL3_CK_SCSV & 0xff))) {
/* SCSV fatal if renegotiating */ /* SCSV fatal if renegotiating */
if (s->renegotiate) { if (s->renegotiate) {
SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,
SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING); SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING);
ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); *al = SSL_AD_HANDSHAKE_FAILURE;
goto err; goto err;
} }
s->s3->send_connection_binding = 1; s->s3->send_connection_binding = 1;
p += n;
#ifdef OPENSSL_RI_DEBUG #ifdef OPENSSL_RI_DEBUG
fprintf(stderr, "SCSV received by server\n"); fprintf(stderr, "SCSV received by server\n");
#endif #endif
@ -3514,9 +3529,8 @@ STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s, unsigned char *p,
} }
/* Check for TLS_FALLBACK_SCSV */ /* Check for TLS_FALLBACK_SCSV */
if ((n != 3 || !p[0]) && if ((cipher[n - 2] == ((SSL3_CK_FALLBACK_SCSV >> 8) & 0xff)) &&
(p[n - 2] == ((SSL3_CK_FALLBACK_SCSV >> 8) & 0xff)) && (cipher[n - 1] == (SSL3_CK_FALLBACK_SCSV & 0xff))) {
(p[n - 1] == (SSL3_CK_FALLBACK_SCSV & 0xff))) {
/* /*
* The SCSV indicates that the client previously tried a higher * The SCSV indicates that the client previously tried a higher
* version. Fail if the current version is an unexpected * version. Fail if the current version is an unexpected
@ -3525,37 +3539,27 @@ STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s, unsigned char *p,
if (!SSL_ctrl(s, SSL_CTRL_CHECK_PROTO_VERSION, 0, NULL)) { if (!SSL_ctrl(s, SSL_CTRL_CHECK_PROTO_VERSION, 0, NULL)) {
SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,
SSL_R_INAPPROPRIATE_FALLBACK); SSL_R_INAPPROPRIATE_FALLBACK);
if (s->s3) *al = SSL_AD_INAPPROPRIATE_FALLBACK;
ssl3_send_alert(s, SSL3_AL_FATAL,
SSL_AD_INAPPROPRIATE_FALLBACK);
goto err; goto err;
} }
p += n;
continue; continue;
} }
if(sslv2format) { /* For SSLv2-compat, ignore leading 0-byte. */
/* c = ssl_get_cipher_by_char(s, sslv2format ? &cipher[1] : cipher);
* We only support SSLv2 format ciphers in SSLv3+ using a
* SSLv2 backward compatible ClientHello. In this case the first
* byte is always 0 for SSLv3 compatible ciphers. Anything else
* is an SSLv2 cipher and we ignore it
*/
if(p[0] == 0)
c = ssl_get_cipher_by_char(s, &p[1]);
else
c = NULL;
} else {
c = ssl_get_cipher_by_char(s, p);
}
p += n;
if (c != NULL) { if (c != NULL) {
if (!sk_SSL_CIPHER_push(sk, c)) { if (!sk_SSL_CIPHER_push(sk, c)) {
SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, ERR_R_MALLOC_FAILURE); SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, ERR_R_MALLOC_FAILURE);
*al = SSL_AD_INTERNAL_ERROR;
goto err; goto err;
} }
} }
} }
if (PACKET_remaining(cipher_suites) > 0) {
*al = SSL_AD_INTERNAL_ERROR;
SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, ERR_R_INTERNAL_ERROR);
goto err;
}
if (skp != NULL) if (skp != NULL)
*skp = sk; *skp = sk;
@ -3563,5 +3567,5 @@ STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s, unsigned char *p,
err: err:
if ((skp == NULL) || (*skp == NULL)) if ((skp == NULL) || (*skp == NULL))
sk_SSL_CIPHER_free(sk); sk_SSL_CIPHER_free(sk);
return (NULL); return NULL;
} }