Commit Graph

4307 Commits

Author SHA1 Message Date
Phus Lu
13a53fbf13 add SSL_get0_iana_groups() & SSL_client_hello_get_extension_order()
The function/macro allow user get groups/extensions without memory allcations.
So we could calculate the ssl fignerprint(ja3) in low cost.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16910)
2022-02-03 13:45:41 +01:00
yangyangtiantianlonglong
7c7c3561eb Update the comment on ssl3_write_pending()
The struct s->s3 has been modified.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17611)
2022-02-01 17:49:14 +01:00
yangyangtiantianlonglong
b375a8ac9b Revert dropped usage of var thiswr in do_ssl3_write()
The var 'thiswr' is an unwanted modification,
it was submitted in #5253.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17610)
2022-02-01 17:47:08 +01:00
yangyangtiantianlonglong
a829d53a14 apps: Add option -no_ems to s_client/s_server apps
The option SSL_OP_NO_EXTENDED_MASTER_SECRET was added in #3910.
And it is valid for versions below (D)TLS 1.2.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17597)
2022-01-28 15:32:58 +01:00
Pauli
acce055778 ssl: better support TSAN operations
For platforms that do not have native TSAN support, locking needs to be used
instead.  This adds the locking.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17489)
2022-01-19 21:51:47 +11:00
Pauli
1e3317278e ssl: replace ;; with ; as statement separator
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17528)
2022-01-18 15:10:38 +11:00
Dmytro Podgornyi
d73a7a3a71 ssl/t1_enc: Fix kTLS RX offload path
During counting of the unprocessed records, return code is treated in a
wrong way. This forces kTLS RX path to be skipped in case of presence
of unprocessed records.

CLA: trivial

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17492)
2022-01-17 13:15:56 +11:00
yangyangtiantianlonglong
e1c122711e Delete unused param about get_construct_message_f
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17385)
2022-01-09 13:16:48 +11:00
Kan
81b741f689 Update alert to common protocol
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/17161)
2022-01-08 10:18:26 +01:00
Peiwei Hu
10481d3384 Fix: some patches related to error exiting
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17417)
2022-01-07 21:11:37 +11:00
xkernel
7b1264baab fix the return check of EVP_PKEY_CTX_ctrl() in 5 spots
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17413)
2022-01-07 09:49:08 +01:00
xkernel
949e4f79d2 properly free the resource from EVP_MD_CTX_new() at ssl3_record.c:1413
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17415)
2022-01-07 09:47:59 +01:00
xkernel
1b87116a0c properly free the resource from CRYPTO_malloc
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17412)
2022-01-06 12:01:10 +01:00
Dimitris Apostolou
e304aa87b3 Fix typos
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17392)
2022-01-05 12:37:20 +01:00
Dr. David von Oheimb
79b2a2f2ee add OSSL_STACK_OF_X509_free() for commonly used pattern
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17307)
2021-12-21 12:11:49 +01:00
Matt Caswell
c1c1bb7c5e Fix invalid handling of verify errors in libssl
In the event that X509_verify() returned an internal error result then
libssl would mishandle this and set rwstate to SSL_RETRY_VERIFY. This
subsequently causes SSL_get_error() to return SSL_ERROR_WANT_RETRY_VERIFY.
That return code is supposed to only ever be returned if an application
is using an app verify callback to complete replace the use of
X509_verify(). Applications may not be written to expect that return code
and could therefore crash (or misbehave in some other way) as a result.

CVE-2021-4044

Reviewed-by: Tomas Mraz <tomas@openssl.org>
2021-12-14 13:48:34 +00:00
Matt Caswell
e819b57273 Don't free the EVP_PKEY on error in set0_tmp_dh_pkey() functions
We should not be freeing the caller's key in the event of error.

Fixes #17196

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17209)
2021-12-07 12:16:50 +00:00
Dmitry Belyavskiy
d724da6938 No EtM for GOST ciphers in TLS 1.2
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17150)
2021-11-29 16:26:15 +01:00
olszomal
6cb814de6f Don't include any TLSv1.3 ciphersuites that are disabled
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16925)
2021-11-29 12:17:30 +10:00
Bernd Edlinger
0a10825a00 Enable brainpool curves for TLS1.3
See the recently assigned brainpool code points at:
https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7485)
2021-11-26 06:45:19 +01:00
Dr. David von Oheimb
af16097feb Move more general parts of internal/cryptlib.h to new internal/common.h
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15847)
2021-11-17 15:48:37 +01:00
Dr. David von Oheimb
2ff286c26c Add and use HAS_PREFIX() and CHECK_AND_SKIP_PREFIX() for checking if string has literal prefix
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15847)
2021-11-17 15:48:34 +01:00
Peiwei Hu
e3f0362407 BIO_read_filename: fix return check
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17033)
2021-11-16 17:34:11 +01:00
Peiwei Hu
c9007bda79 RAND_bytes_ex: fix return check
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17032)
2021-11-16 20:01:13 +10:00
Matt Caswell
07f620e3ac Reset the rwstate before calling ASYNC_start_job()
If an async job pauses while processing a TLS connection then the
rwstate gets set to SSL_ASYNC_PAUSED. When resuming the job we should
reset the rwstate back to SSL_NOTHING. In fact we can do this
unconditionally since if we're about to call ASYNC_start_job() then either
we are about to start the async job for the first time (in which case the
rwstate should already by SSL_NOTHING), or we are restarting it after a
pause (in which case reseting it to SSL_NOTHING is the correct action).

Fixes #16809

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17013)
2021-11-15 14:37:08 +00:00
Pauli
ed5b26ce0b Add return value NULL checks that were missing
Issues located by Brian Carpenter of Geeknik's Farm.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17007)
2021-11-12 19:53:02 +10:00
Tianjia Zhang
ff3e4508bd KTLS: use EVP_CIPHER_is_a instead of nid
Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
(Merged from https://github.com/openssl/openssl/pull/16963)
2021-11-08 17:40:01 +08:00
Bernd Edlinger
3a069c1b0b Fix a memory leak in ssl_create_cipher_list
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16954)
2021-11-04 16:54:34 +01:00
Bernd Edlinger
b3c34401c0 Fix a memory leak in tls_parse_stoc_key_share
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16956)
2021-11-04 16:45:04 +01:00
x2018
1287dabd0b fix some code with obvious wrong coding style
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16918)
2021-10-28 13:10:46 +10:00
x2018
963eb12dbd free the Post-Handshake Auth digest when there is an error saving the digest
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16917)
2021-10-27 11:07:04 +02:00
Matt Caswell
cbb862fbaa New extensions can be sent in a certificate request
Normally we expect a client to send new  extensions in the ClientHello,
which may be echoed back by the server in subsequent messages. However the
server can also send a new extension in the certificate request message to
be echoed back in a certificate message

Fixes #16632

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16634)
2021-10-11 11:04:53 +01:00
Bernd Edlinger
64da15c40d Replace the AES-128-CBC-HMAC-SHA1 cipher in e_ossltest.c
This replaces the AES-128-CBC-HMAC-SHA1 cipher with a
non-encrypting version for use the test suite.

[extended tests]

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16693)
2021-10-06 15:18:10 +02:00
Dr. David von Oheimb
dce910af3b Fix ssl_free() and thus BIO_free() to respect BIO_NOCLOSE
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16688)
2021-10-04 10:55:39 +02:00
Erik Lax
d1b26ddbf6 Allow cipher strings to be given using its standard name
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16179)
2021-09-30 12:20:01 +02:00
Tianjia Zhang
105af0ad92 ssl: Correct comment for ssl3_read_bytes()
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16680)
2021-09-28 18:13:53 +10:00
Tianjia Zhang
8b6a7da304 ssl: Correct filename in README
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16671)
2021-09-27 09:39:17 +10:00
Pauli
e07102220a tls/ccm8: reduce the cipher strength for CCM8 ciphers to 64 bits
This is the length of the tag they use and should be considered an upper bound
on their strength.

This lowers their security strength to level 0.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16652)
2021-09-24 17:38:39 +10:00
Pauli
56ffcce492 doc: document the change to the security level of CCM8 cipher suites
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16652)
2021-09-24 17:38:23 +10:00
Pauli
1a473d1cc6 tls: reduce the strength of CCM_8 ciphers due to their short IV.
Fixes #16154

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16652)
2021-09-24 17:38:23 +10:00
slontis
c3b5fa4ab7 Change TLS RC4 cipher strength check to be data driven.
This is a same pattern as used in PR #16652

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16656)
2021-09-23 14:17:33 +02:00
Richard Levitte
a8d9bd8114 Update copyright year
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16534)

(cherry picked from commit 54d987b92c)
2021-09-07 13:35:43 +02:00
Daniel Bevenius
1b9e467887 Fix indentation of tls13_hkdf_expand parameters
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16489)
2021-09-03 08:55:29 +10:00
Tomas Mraz
72a509f94f Make the -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION pass tests
Fixes #16428

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/16433)
2021-08-31 12:20:12 +02:00
Bernd Edlinger
562d4cd3c3 Fix the array size of dtlsseq in tls1_enc
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16385)
2021-08-25 16:53:24 +02:00
Todd Short
e0f69c3598 Fix state name abbreviation
The TRSCV state abbrev was used for two states:
* TLS_ST_CR_CERT_VRFY
* TLS_ST_SW_CERT_VRFY

The second one is wrong because it's a write operation.
The state for TLS_ST_SW_CERT_VRFY should be "TWSCV"

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16327)
2021-08-19 08:24:16 +10:00
Todd Short
0449702abc Fix potential double-free
The `sk` variable is assigned to `s->session->peer_chain`.
If `ssl3_digest_cached_records()` were to fail, then `sk` would still be
non-NULL, and subsequently freed on the error return. When the session
is freed, it will then attempt to free `s->session->peer_chain`,
resulting in a double-free (of `sk`).

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16309)
2021-08-16 12:56:53 +02:00
Dmitry Belyavskiy
b4f1b7b658 Omitted signature_algorithms extension alerts updated
Fixes #15484

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16217)
2021-08-11 09:47:47 +02:00
Pauli
f7d998a206 tls/prov: move the TLS 1.3 KDF code to providers
This function needs to be power up tested as part of the FIPS validation and
thus it needs to be inside the provider boundary.  This is realised by
introducing a new KDF "TLS13-KDF" which does the required massaging of
parameters but is otherwise functionally equivalent to HKDF.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/16203)
2021-08-05 15:43:59 +10:00
yangyangtiantianlonglong
b5557666bd Fix dtls timeout dead code
Delete dtls timeout dead code in dtls1_handle_timeout

Fix: #15559

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/16151)
2021-07-29 10:08:07 -07:00