Merge in the latest changes from 0.9.6d-stable.

This commit is contained in:
Richard Levitte
2002-04-17 07:02:47 +00:00
parent 7525ac5aba
commit c1fb6557e5
16 changed files with 349 additions and 79 deletions

24
CHANGES
View File

@@ -4,6 +4,30 @@
Changes between 0.9.6c and 0.9.6d [XX xxx XXXX] Changes between 0.9.6c and 0.9.6d [XX xxx XXXX]
*) Fix BASE64 decode (EVP_DecodeUpdate) for data with CR/LF ended lines:
an end-of-file condition would erronously be flagged, when the CRLF
was just at the end of a processed block. The bug was discovered when
processing data through a buffering memory BIO handing the data to a
BASE64-decoding BIO. Bug fund and patch submitted by Pavel Tsekov
<ptsekov@syntrex.com> and Nedelcho Stanev.
[Lutz Jaenicke]
*) Implement a countermeasure against a vulnerability recently found
in CBC ciphersuites in SSL 3.0/TLS 1.0: Send an empty fragment
before application data chunks to avoid the use of known IVs
with data potentially chosen by the attacker.
[Bodo Moeller]
*) Fix length checks in ssl3_get_client_hello().
[Bodo Moeller]
*) TLS/SSL library bugfix: use s->s3->in_read_app_data differently
to prevent ssl3_read_internal() from incorrectly assuming that
ssl3_read_bytes() found application data while handshake
processing was enabled when in fact s->s3->in_read_app_data was
merely automatically cleared during the initial handshake.
[Bodo Moeller; problem pointed out by Arne Ansper <arne@ats.cyber.ee>]
*) Fix object definitions for Private and Enterprise: they were not *) Fix object definitions for Private and Enterprise: they were not
recognized in their shortname (=lowercase) representation. Extend recognized in their shortname (=lowercase) representation. Extend
obj_dat.pl to issue an error when using undefined keywords instead obj_dat.pl to issue an error when using undefined keywords instead

5
NEWS
View File

@@ -5,6 +5,11 @@
This file gives a brief overview of the major changes between each OpenSSL This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file. release. For more details please read the CHANGES file.
Changes between OpenSSL 0.9.6c and OpenSSL 0.9.6d:
o Various SSL/TLS library bugfixes.
o Fix DH parameter generation for 'non-standard' generators.
Changes between OpenSSL 0.9.6b and OpenSSL 0.9.6c: Changes between OpenSSL 0.9.6b and OpenSSL 0.9.6c:
o Various SSL/TLS library bugfixes. o Various SSL/TLS library bugfixes.

View File

@@ -481,9 +481,9 @@ int MAIN(int argc, char **argv)
} else if(operation == SMIME_VERIFY) { } else if(operation == SMIME_VERIFY) {
STACK_OF(X509) *signers; STACK_OF(X509) *signers;
if(PKCS7_verify(p7, other, store, indata, out, flags)) { if(PKCS7_verify(p7, other, store, indata, out, flags)) {
BIO_printf(bio_err, "Verification Successful\n"); BIO_printf(bio_err, "Verification successful\n");
} else { } else {
BIO_printf(bio_err, "Verification Failure\n"); BIO_printf(bio_err, "Verification failure\n");
goto end; goto end;
} }
signers = PKCS7_get0_signers(p7, other, flags); signers = PKCS7_get0_signers(p7, other, flags);

View File

@@ -277,6 +277,13 @@ int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
eof++; eof++;
} }
if (v == B64_CR)
{
ln = 0;
if (exp_nl)
continue;
}
/* eoln */ /* eoln */
if (v == B64_EOLN) if (v == B64_EOLN)
{ {

View File

@@ -645,6 +645,8 @@ int OBJ_create(char *oid, char *sn, char *ln)
return(0); return(0);
} }
i=a2d_ASN1_OBJECT(buf,i,oid,-1); i=a2d_ASN1_OBJECT(buf,i,oid,-1);
if (i == 0)
goto err;
op=(ASN1_OBJECT *)ASN1_OBJECT_create(OBJ_new_nid(1),buf,i,sn,ln); op=(ASN1_OBJECT *)ASN1_OBJECT_create(OBJ_new_nid(1),buf,i,sn,ln);
if (op == NULL) if (op == NULL)
goto err; goto err;

View File

@@ -49,7 +49,7 @@ with a leading '-' for negative numbers, to the B<BIO> or B<FILE>
B<fp>. B<fp>.
BN_bn2mpi() and BN_mpi2bn() convert B<BIGNUM>s from and to a format BN_bn2mpi() and BN_mpi2bn() convert B<BIGNUM>s from and to a format
that consists of the number's length in bytes represented as a 3-byte that consists of the number's length in bytes represented as a 4-byte
big-endian number, and the number itself in big-endian format, where big-endian number, and the number itself in big-endian format, where
the most significant bit signals a negative number (the representation the most significant bit signals a negative number (the representation
of numbers with the MSB set is prefixed with null byte). of numbers with the MSB set is prefixed with null byte).

View File

@@ -19,7 +19,7 @@ be seeded prior to calling RSA_generate_key().
The modulus size will be B<num> bits, and the public exponent will be The modulus size will be B<num> bits, and the public exponent will be
B<e>. Key sizes with B<num> E<lt> 1024 should be considered insecure. B<e>. Key sizes with B<num> E<lt> 1024 should be considered insecure.
The exponent is an odd number, typically 3 or 65535. The exponent is an odd number, typically 3, 17 or 65537.
A callback function may be used to provide feedback about the A callback function may be used to provide feedback about the
progress of the key generation. If B<callback> is not B<NULL>, it progress of the key generation. If B<callback> is not B<NULL>, it

View File

@@ -1,12 +1,12 @@
# Makefile.hpux-cc # Makefile.hpux-cc
major=1 major=0.9.6d
slib=libssl slib=libssl
sh_slib=$(slib).so.$(major) sh_slib=$(slib).sl.$(major)
clib=libcrypto clib=libcrypto
sh_clib=$(clib).so.$(major) sh_clib=$(clib).sl.$(major)
all : $(clib).sl $(slib).sl all : $(clib).sl $(slib).sl
@@ -20,31 +20,14 @@ $(slib)_pic.a : $(slib).a
cp -p $? $@ cp -p $? $@
$(sh_clib) : $(clib)_pic.a $(sh_clib) : $(clib)_pic.a
echo "collecting all object files for $@" ld -b -s -z +h $@ -o $@ -Fl $(clib)_pic.a -ldld -lc
find . -name \*.o -print > allobjs
for obj in `ar t $(clib)_pic.a`; \
do \
grep /$$obj allobjs; \
done >objlist
echo "linking $@"
ld -b -s -z +h $@ -o $@ `cat objlist` -lc
rm allobjs objlist
$(clib).sl : $(sh_clib) $(clib).sl : $(sh_clib)
rm -f $@ rm -f $@
ln -s $? $@ ln -s $? $@
$(sh_slib) : $(slib)_pic.a $(clib).sl $(sh_slib) : $(slib)_pic.a $(clib).sl
echo "collecting all object files for $@" ld -b -s -z +h $@ -o $@ -Fl $(slib)_pic.a -ldld -lc
find . -name \*.o -print > allobjs
for obj in `ar t $(slib)_pic.a`; \
do \
grep /$$obj allobjs; \
done >objlist
echo "linking $@"
ld -b -s -z +h $@ +b /usr/local/ssl/lib:/usr/lib -o $@ `cat objlist` \
-L. -lcrypto -lc
rm -f allobjs objlist
$(slib).sl : $(sh_slib) $(slib).sl : $(sh_slib)
rm -f $@ rm -f $@

View File

@@ -20,7 +20,9 @@
# WARNING: At high optimization levels, HP's ANSI-C compiler can chew up # WARNING: At high optimization levels, HP's ANSI-C compiler can chew up
# large amounts of memory and CPU time. Make sure to have at least # large amounts of memory and CPU time. Make sure to have at least
# 128MB of RAM available and that your kernel is configured to allow # 128MB of RAM available and that your kernel is configured to allow
# at least 128MB data size (maxdsiz parameter). # at least 128MB data size (maxdsiz parameter which can be obtained
# by multiplying 'echo maxdsiz/D | adb -k /stand/vmunix /dev/kmem'
# by 'getconf PAGE_SIZE').
# The installation process can take several hours, even on fast # The installation process can take several hours, even on fast
# machines. +O4 optimization of the libcrypto.sl shared library may # machines. +O4 optimization of the libcrypto.sl shared library may
# take 1 hour on a C200 (200MHz PA8200 CPU), +O3 compilation of # take 1 hour on a C200 (200MHz PA8200 CPU), +O3 compilation of
@@ -40,7 +42,7 @@ SITEFLAGS="+DAportable +w1"
MYFLAGS="-D_REENTRANT +Oall $SITEFLAGS" MYFLAGS="-D_REENTRANT +Oall $SITEFLAGS"
# Configure for pic and build the static pic libraries # Configure for pic and build the static pic libraries
perl5 Configure hpux-parisc-cc-o4 +z ${MYFLAGS} perl5 Configure no-shared hpux-parisc-cc-o4 +Z ${MYFLAGS}
make clean make clean
make DIRS="crypto ssl" make DIRS="crypto ssl"
# Rename the static pic libs and build dynamic libraries from them # Rename the static pic libs and build dynamic libraries from them
@@ -58,21 +60,21 @@ mkdir /usr/local
mkdir /usr/local/ssl mkdir /usr/local/ssl
mkdir /usr/local/ssl/lib mkdir /usr/local/ssl/lib
chmod 444 lib*_pic.a chmod 444 lib*_pic.a
chmod 555 lib*.so.1 chmod 555 lib*.sl.0.9.6d
cp -p lib*_pic.a lib*.so.1 /usr/local/ssl/lib cp -p lib*_pic.a lib*.sl.0.9.6d /usr/local/ssl/lib
(cd /usr/local/ssl/lib ; ln -sf libcrypto.so.1 libcrypto.sl ; ln -sf libssl.so.1 libssl.sl) (cd /usr/local/ssl/lib ; ln -sf libcrypto.sl.0.9.6d libcrypto.sl ; ln -sf libssl.sl.0.9.6d libssl.sl)
# Reconfigure without pic to compile the executables. Unfortunately, while # Reconfigure without pic to compile the executables. Unfortunately, while
# performing this task we have to recompile the library components, even # performing this task we have to recompile the library components, even
# though we use the already installed shared libs anyway. # though we use the already installed shared libs anyway.
# #
perl5 Configure hpux-parisc-cc-o4 ${MYFLAGS} perl5 Configure no-shared hpux-parisc-cc-o4 ${MYFLAGS}
make clean make clean
# Hack the Makefiles to pick up the dynamic libraries during linking # Hack the Makefiles to pick up the dynamic libraries during linking
# #
sed 's/^PEX_LIBS=.*$/PEX_LIBS=-L\/usr\/local\/ssl\/lib -Wl,+b,\/usr\/local\/ssl\/lib:\/usr\/lib/' Makefile.ssl >xxx; mv xxx Makefile.ssl sed 's/^PEX_LIBS=.*$/PEX_LIBS=-L\/usr\/local\/ssl\/lib/' Makefile.ssl >xxx; mv xxx Makefile.ssl
sed 's/-L\.\.//' apps/Makefile.ssl >xxx; mv xxx apps/Makefile.ssl sed 's/-L\.\.//' apps/Makefile.ssl >xxx; mv xxx apps/Makefile.ssl
sed 's/-L\.\.//' test/Makefile.ssl >xxx; mv xxx test/Makefile.ssl sed 's/-L\.\.//' test/Makefile.ssl >xxx; mv xxx test/Makefile.ssl
# Build the static libs and the executables in one make. # Build the static libs and the executables in one make.
@@ -83,7 +85,7 @@ make install
# Finally build the static libs with +O3. This time we only need the libraries, # Finally build the static libs with +O3. This time we only need the libraries,
# once created, they are simply copied into place. # once created, they are simply copied into place.
# #
perl5 Configure hpux-parisc-cc ${MYFLAGS} perl5 Configure no-shared hpux-parisc-cc ${MYFLAGS}
make clean make clean
make DIRS="crypto ssl" make DIRS="crypto ssl"
chmod 644 libcrypto.a libssl.a chmod 644 libcrypto.a libssl.a

View File

@@ -56,7 +56,7 @@
* [including the GNU Public Licence.] * [including the GNU Public Licence.]
*/ */
/* ==================================================================== /* ====================================================================
* Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
* *
* Redistribution and use in source and binary forms, with or without * Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions * modification, are permitted provided that the following conditions
@@ -572,6 +572,7 @@ int ssl3_setup_buffers(SSL *s)
{ {
unsigned char *p; unsigned char *p;
unsigned int extra; unsigned int extra;
size_t len;
if (s->s3->rbuf.buf == NULL) if (s->s3->rbuf.buf == NULL)
{ {
@@ -579,18 +580,21 @@ int ssl3_setup_buffers(SSL *s)
extra=SSL3_RT_MAX_EXTRA; extra=SSL3_RT_MAX_EXTRA;
else else
extra=0; extra=0;
if ((p=OPENSSL_malloc(SSL3_RT_MAX_PACKET_SIZE+extra)) len = SSL3_RT_MAX_PACKET_SIZE + extra;
== NULL) if ((p=OPENSSL_malloc(len)) == NULL)
goto err; goto err;
s->s3->rbuf.buf=p; s->s3->rbuf.buf = p;
s->s3->rbuf_len = len;
} }
if (s->s3->wbuf.buf == NULL) if (s->s3->wbuf.buf == NULL)
{ {
if ((p=OPENSSL_malloc(SSL3_RT_MAX_PACKET_SIZE)) len = SSL3_RT_MAX_PACKET_SIZE;
== NULL) len += SSL3_RT_HEADER_LENGTH + 256; /* extra space for empty fragment */
if ((p=OPENSSL_malloc(len)) == NULL)
goto err; goto err;
s->s3->wbuf.buf=p; s->s3->wbuf.buf = p;
s->s3->wbuf_len = len;
} }
s->packet= &(s->s3->rbuf.buf[0]); s->packet= &(s->s3->rbuf.buf[0]);
return(1); return(1);

View File

@@ -55,6 +55,59 @@
* copied and put under another distribution licence * copied and put under another distribution licence
* [including the GNU Public Licence.] * [including the GNU Public Licence.]
*/ */
/* ====================================================================
* Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#include <stdio.h> #include <stdio.h>
#include <openssl/md5.h> #include <openssl/md5.h>
@@ -308,6 +361,14 @@ int ssl3_setup_key_block(SSL *s)
ssl3_generate_key_block(s,p,num); ssl3_generate_key_block(s,p,num);
/* enable vulnerability countermeasure for CBC ciphers with
* known-IV problem (http://www.openssl.org/~bodo/tls-cbc.txt) */
s->s3->need_empty_fragments = 1;
#ifndef NO_RC4
if ((s->session->cipher != NULL) && ((s->session->cipher->algorithms & SSL_ENC_MASK) == SSL_RC4))
s->s3->need_empty_fragments = 0;
#endif
return(1); return(1);
err: err:
SSLerr(SSL_F_SSL3_SETUP_KEY_BLOCK,ERR_R_MALLOC_FAILURE); SSLerr(SSL_F_SSL3_SETUP_KEY_BLOCK,ERR_R_MALLOC_FAILURE);

View File

@@ -740,6 +740,7 @@ void ssl3_free(SSL *s)
void ssl3_clear(SSL *s) void ssl3_clear(SSL *s)
{ {
unsigned char *rp,*wp; unsigned char *rp,*wp;
size_t rlen, wlen;
ssl3_cleanup_key_block(s); ssl3_cleanup_key_block(s);
if (s->s3->tmp.ca_names != NULL) if (s->s3->tmp.ca_names != NULL)
@@ -755,12 +756,16 @@ void ssl3_clear(SSL *s)
DH_free(s->s3->tmp.dh); DH_free(s->s3->tmp.dh);
#endif #endif
rp=s->s3->rbuf.buf; rp = s->s3->rbuf.buf;
wp=s->s3->wbuf.buf; wp = s->s3->wbuf.buf;
rlen = s->s3->rbuf_len;
wlen = s->s3->wbuf_len;
memset(s->s3,0,sizeof *s->s3); memset(s->s3,0,sizeof *s->s3);
if (rp != NULL) s->s3->rbuf.buf=rp; s->s3->rbuf.buf = rp;
if (wp != NULL) s->s3->wbuf.buf=wp; s->s3->wbuf.buf = wp;
s->s3->rbuf_len = rlen;
s->s3->wbuf_len = wlen;
ssl_free_wbio_buffer(s); ssl_free_wbio_buffer(s);
@@ -1315,13 +1320,12 @@ static int ssl3_read_internal(SSL *s, void *buf, int len, int peek)
if (s->s3->renegotiate) ssl3_renegotiate_check(s); if (s->s3->renegotiate) ssl3_renegotiate_check(s);
s->s3->in_read_app_data=1; s->s3->in_read_app_data=1;
ret=ssl3_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek); ret=ssl3_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek);
if ((ret == -1) && (s->s3->in_read_app_data == 0)) if ((ret == -1) && (s->s3->in_read_app_data == 2))
{ {
/* ssl3_read_bytes decided to call s->handshake_func, which /* ssl3_read_bytes decided to call s->handshake_func, which
* called ssl3_read_bytes to read handshake data. * called ssl3_read_bytes to read handshake data.
* However, ssl3_read_bytes actually found application data * However, ssl3_read_bytes actually found application data
* and thinks that application data makes sense here (signalled * and thinks that application data makes sense here; so disable
* by resetting 'in_read_app_data', strangely); so disable
* handshake processing and try to read application data again. */ * handshake processing and try to read application data again. */
s->in_handshake++; s->in_handshake++;
ret=ssl3_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek); ret=ssl3_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek);

View File

@@ -56,7 +56,7 @@
* [including the GNU Public Licence.] * [including the GNU Public Licence.]
*/ */
/* ==================================================================== /* ====================================================================
* Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
* *
* Redistribution and use in source and binary forms, with or without * Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions * modification, are permitted provided that the following conditions
@@ -117,7 +117,7 @@
#include "ssl_locl.h" #include "ssl_locl.h"
static int do_ssl3_write(SSL *s, int type, const unsigned char *buf, static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
unsigned int len); unsigned int len, int create_empty_fragment);
static int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, static int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
unsigned int len); unsigned int len);
static int ssl3_get_record(SSL *s); static int ssl3_get_record(SSL *s);
@@ -162,9 +162,7 @@ static int ssl3_read_n(SSL *s, int n, int max, int extend)
{ {
/* avoid buffer overflow */ /* avoid buffer overflow */
int max_max = SSL3_RT_MAX_PACKET_SIZE - s->packet_length; int max_max = s->s3->rbuf_len - s->packet_length;
if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER)
max_max += SSL3_RT_MAX_EXTRA;
if (max > max_max) if (max > max_max)
max = max_max; max = max_max;
} }
@@ -247,14 +245,20 @@ static int ssl3_get_record(SSL *s)
extra=SSL3_RT_MAX_EXTRA; extra=SSL3_RT_MAX_EXTRA;
else else
extra=0; extra=0;
if (extra != (s->s3->rbuf_len - SSL3_RT_MAX_PACKET_SIZE))
{
/* actually likely an application error: SLS_OP_MICROSOFT_BIG_SSLV3_BUFFER
* set after ssl3_setup_buffers() was done */
SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_INTERNAL_ERROR);
return -1;
}
again: again:
/* check if we have the header */ /* check if we have the header */
if ( (s->rstate != SSL_ST_READ_BODY) || if ( (s->rstate != SSL_ST_READ_BODY) ||
(s->packet_length < SSL3_RT_HEADER_LENGTH)) (s->packet_length < SSL3_RT_HEADER_LENGTH))
{ {
n=ssl3_read_n(s,SSL3_RT_HEADER_LENGTH, n=ssl3_read_n(s, SSL3_RT_HEADER_LENGTH, s->s3->rbuf_len, 0);
SSL3_RT_MAX_PACKET_SIZE,0);
if (n <= 0) return(n); /* error or non-blocking */ if (n <= 0) return(n); /* error or non-blocking */
s->rstate=SSL_ST_READ_BODY; s->rstate=SSL_ST_READ_BODY;
@@ -509,7 +513,7 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len)
if (i == 0) if (i == 0)
{ {
SSLerr(SSL_F_SSL3_WRITE_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE); SSLerr(SSL_F_SSL3_WRITE_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE);
return(-1); return -1;
} }
} }
@@ -521,18 +525,22 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len)
else else
nw=n; nw=n;
i=do_ssl3_write(s,type,&(buf[tot]),nw); i=do_ssl3_write(s, type, &(buf[tot]), nw, 0);
if (i <= 0) if (i <= 0)
{ {
s->s3->wnum=tot; s->s3->wnum=tot;
return(i); return i;
} }
if ((i == (int)n) || if ((i == (int)n) ||
(type == SSL3_RT_APPLICATION_DATA && (type == SSL3_RT_APPLICATION_DATA &&
(s->mode & SSL_MODE_ENABLE_PARTIAL_WRITE))) (s->mode & SSL_MODE_ENABLE_PARTIAL_WRITE)))
{ {
return(tot+i); /* next chunk of data should get another prepended empty fragment
* in ciphersuites with known-IV weakness: */
s->s3->empty_fragment_done = 0;
return tot+i;
} }
n-=i; n-=i;
@@ -541,15 +549,16 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len)
} }
static int do_ssl3_write(SSL *s, int type, const unsigned char *buf, static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
unsigned int len) unsigned int len, int create_empty_fragment)
{ {
unsigned char *p,*plen; unsigned char *p,*plen;
int i,mac_size,clear=0; int i,mac_size,clear=0;
int prefix_len = 0;
SSL3_RECORD *wr; SSL3_RECORD *wr;
SSL3_BUFFER *wb; SSL3_BUFFER *wb;
SSL_SESSION *sess; SSL_SESSION *sess;
/* first check is there is a SSL3_RECORD still being written /* first check if there is a SSL3_BUFFER still being written
* out. This will happen with non blocking IO */ * out. This will happen with non blocking IO */
if (s->s3->wbuf.left != 0) if (s->s3->wbuf.left != 0)
return(ssl3_write_pending(s,type,buf,len)); return(ssl3_write_pending(s,type,buf,len));
@@ -563,7 +572,8 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
/* if it went, fall through and send more stuff */ /* if it went, fall through and send more stuff */
} }
if (len == 0) return(len); if (len == 0 && !create_empty_fragment)
return 0;
wr= &(s->s3->wrec); wr= &(s->s3->wrec);
wb= &(s->s3->wbuf); wb= &(s->s3->wbuf);
@@ -579,16 +589,44 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
else else
mac_size=EVP_MD_size(s->write_hash); mac_size=EVP_MD_size(s->write_hash);
p=wb->buf; /* 'create_empty_fragment' is true only when this function calls itself */
if (!clear && !create_empty_fragment && !s->s3->empty_fragment_done)
{
/* countermeasure against known-IV weakness in CBC ciphersuites
* (see http://www.openssl.org/~bodo/tls-cbc.txt) */
if (s->s3->need_empty_fragments && type == SSL3_RT_APPLICATION_DATA)
{
/* recursive function call with 'create_empty_fragment' set;
* this prepares and buffers the data for an empty fragment
* (these 'prefix_len' bytes are sent out later
* together with the actual payload) */
prefix_len = do_ssl3_write(s, type, buf, 0, 1);
if (prefix_len <= 0)
goto err;
if (s->s3->wbuf_len < prefix_len + SSL3_RT_MAX_PACKET_SIZE)
{
/* insufficient space */
SSLerr(SSL_F_DO_SSL3_WRITE, SSL_R_INTERNAL_ERROR);
goto err;
}
}
s->s3->empty_fragment_done = 1;
}
p = wb->buf + prefix_len;
/* write the header */ /* write the header */
*(p++)=type&0xff; *(p++)=type&0xff;
wr->type=type; wr->type=type;
*(p++)=(s->version>>8); *(p++)=(s->version>>8);
*(p++)=s->version&0xff; *(p++)=s->version&0xff;
/* record where we are to write out packet length */ /* field where we are to write out packet length */
plen=p; plen=p;
p+=2; p+=2;
@@ -639,19 +677,28 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
wr->type=type; /* not needed but helps for debugging */ wr->type=type; /* not needed but helps for debugging */
wr->length+=SSL3_RT_HEADER_LENGTH; wr->length+=SSL3_RT_HEADER_LENGTH;
/* Now lets setup wb */ if (create_empty_fragment)
wb->left=wr->length; {
wb->offset=0; /* we are in a recursive call;
* just return the length, don't write out anything here
*/
return wr->length;
}
/* now let's set up wb */
wb->left = prefix_len + wr->length;
wb->offset = 0;
/* memorize arguments so that ssl3_write_pending can detect bad write retries later */
s->s3->wpend_tot=len; s->s3->wpend_tot=len;
s->s3->wpend_buf=buf; s->s3->wpend_buf=buf;
s->s3->wpend_type=type; s->s3->wpend_type=type;
s->s3->wpend_ret=len; s->s3->wpend_ret=len;
/* we now just need to write the buffer */ /* we now just need to write the buffer */
return(ssl3_write_pending(s,type,buf,len)); return ssl3_write_pending(s,type,buf,len);
err: err:
return(-1); return -1;
} }
/* if s->s3->wbuf.left != 0, we need to call this */ /* if s->s3->wbuf.left != 0, we need to call this */
@@ -1114,7 +1161,7 @@ start:
) )
)) ))
{ {
s->s3->in_read_app_data=0; s->s3->in_read_app_data=2;
return(-1); return(-1);
} }
else else
@@ -1200,7 +1247,7 @@ int ssl3_dispatch_alert(SSL *s)
void (*cb)()=NULL; void (*cb)()=NULL;
s->s3->alert_dispatch=0; s->s3->alert_dispatch=0;
i=do_ssl3_write(s,SSL3_RT_ALERT,&s->s3->send_alert[0],2); i = do_ssl3_write(s, SSL3_RT_ALERT, &s->s3->send_alert[0], 2, 0);
if (i <= 0) if (i <= 0)
{ {
s->s3->alert_dispatch=1; s->s3->alert_dispatch=1;

View File

@@ -711,7 +711,7 @@ static int ssl3_get_client_hello(SSL *s)
SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_NO_CIPHERS_SPECIFIED); SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_NO_CIPHERS_SPECIFIED);
goto f_err; goto f_err;
} }
if ((i+p) > (d+n)) if ((p+i) >= (d+n))
{ {
/* not enough data */ /* not enough data */
al=SSL_AD_DECODE_ERROR; al=SSL_AD_DECODE_ERROR;
@@ -768,6 +768,13 @@ static int ssl3_get_client_hello(SSL *s)
/* compression */ /* compression */
i= *(p++); i= *(p++);
if ((p+i) > (d+n))
{
/* not enough data */
al=SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_LENGTH_MISMATCH);
goto f_err;
}
q=p; q=p;
for (j=0; j<i; j++) for (j=0; j<i; j++)
{ {
@@ -815,7 +822,7 @@ static int ssl3_get_client_hello(SSL *s)
/* TLS does not mind if there is extra stuff */ /* TLS does not mind if there is extra stuff */
if (s->version == SSL3_VERSION) if (s->version == SSL3_VERSION)
{ {
if (p > (d+n)) if (p < (d+n))
{ {
/* wrong number of bytes, /* wrong number of bytes,
* there could be more to follow */ * there could be more to follow */

View File

@@ -55,6 +55,59 @@
* copied and put under another distribution licence * copied and put under another distribution licence
* [including the GNU Public Licence.] * [including the GNU Public Licence.]
*/ */
/* ====================================================================
* Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#ifndef HEADER_SSL3_H #ifndef HEADER_SSL3_H
#define HEADER_SSL3_H #define HEADER_SSL3_H
@@ -201,10 +254,13 @@ typedef struct ssl3_record_st
typedef struct ssl3_buffer_st typedef struct ssl3_buffer_st
{ {
unsigned char *buf; /* SSL3_RT_MAX_PACKET_SIZE bytes (more if unsigned char *buf; /* at least SSL3_RT_MAX_PACKET_SIZE bytes,
* SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER is set) */ * see ssl3_setup_buffers() */
int offset; /* where to 'copy from' */ #if 0 /* put directly into SSL3_STATE for best possible binary compatibility within 0.9.6 series */
int left; /* how many bytes left */ size_t len; /* buffer size */
#endif
int offset; /* where to 'copy from' */
int left; /* how many bytes left */
} SSL3_BUFFER; } SSL3_BUFFER;
#define SSL3_CT_RSA_SIGN 1 #define SSL3_CT_RSA_SIGN 1
@@ -321,6 +377,13 @@ typedef struct ssl3_state_st
int cert_request; int cert_request;
} tmp; } tmp;
/* flags for countermeasure against known-IV weakness */
int need_empty_fragments;
int empty_fragment_done;
size_t rbuf_len; /* substitute for rbuf.len */
size_t wbuf_len; /* substitute for wbuf.len */
} SSL3_STATE; } SSL3_STATE;
/* SSLv3 */ /* SSLv3 */

View File

@@ -55,6 +55,59 @@
* copied and put under another distribution licence * copied and put under another distribution licence
* [including the GNU Public Licence.] * [including the GNU Public Licence.]
*/ */
/* ====================================================================
* Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#include <stdio.h> #include <stdio.h>
#include <openssl/comp.h> #include <openssl/comp.h>
@@ -380,6 +433,14 @@ printf("\nkey block\n");
{ int z; for (z=0; z<num; z++) printf("%02X%c",p1[z],((z+1)%16)?' ':'\n'); } { int z; for (z=0; z<num; z++) printf("%02X%c",p1[z],((z+1)%16)?' ':'\n'); }
#endif #endif
/* enable vulnerability countermeasure for CBC ciphers with
* known-IV problem (http://www.openssl.org/~bodo/tls-cbc.txt) */
s->s3->need_empty_fragments = 1;
#ifndef NO_RC4
if ((s->session->cipher != NULL) && ((s->session->cipher->algorithms & SSL_ENC_MASK) == SSL_RC4))
s->s3->need_empty_fragments = 0;
#endif
return(1); return(1);
err: err:
SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK,ERR_R_MALLOC_FAILURE); SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK,ERR_R_MALLOC_FAILURE);