Commit Graph

4541 Commits

Author SHA1 Message Date
Todd C. Miller
428511ca66 ssl_cipher_process_rulestr: don't read outside rule_str buffer
If rule_str ended in a "-", "l" was incremented one byte past the
end of the buffer.  This resulted in an out-of-bounds read when "l"
is dereferenced at the end of the loop.  It is safest to just return
early in this case since the condition occurs inside a nested loop.

CLA: trivial

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19166)
2022-10-26 12:46:53 +02:00
Richard Levitte
e251e7ba1c Fix 32-bit Windows issues related to QUIC Wire functions
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19345)
2022-10-25 13:25:00 +02:00
Richard Levitte
44bc72a0f2 Fix 32-bit Windows issues related to QUIC_STREAM
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19345)
2022-10-25 13:25:00 +02:00
Richard Levitte
5506fbeafb Fix 32-bit Windows issues related to QUIC_ACKM / QUIC_CC
The re-occuring surprise is that in Win32, size_t is 32 bits...
Fixed by changing size_t to uint64_t in QUIC_CC

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19345)
2022-10-25 13:25:00 +02:00
Richard Levitte
4ccb89bba7 Fix definitions of SHUT_RD and SHUT_WR
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19345)
2022-10-25 13:25:00 +02:00
Matt Caswell
50bed93a76 Fix test_tls13_encryption()
This test was disabled during the record write record layer refactor.
We can now enable it again.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19470)
2022-10-25 11:42:11 +01:00
Daniel Fiala
7ccccb26d6 Fix coverity 1516101 deadcode
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19464)
2022-10-24 09:51:00 +11:00
Tomas Mraz
a8086e6bfc stack: Do not add error if pop/shift/value accesses outside of the stack
This partially reverts commit 30eba7f359.
This is legitimate use of the stack functions and no error
should be reported apart from the NULL return value.

Fixes #19389

Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19400)
2022-10-21 18:02:35 +02:00
Todd Short
d06d5d6b68 Fix coverity 1516094 uninit
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19440)
2022-10-21 10:33:40 +11:00
Todd Short
5e569f0a2e Fix coverity 1516093 tainted scalar
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19440)
2022-10-21 10:33:40 +11:00
Matt Caswell
cd6e89b6b6 Move freeing of BIOs as late as possible
Calling SSL_free() will call BIO_free_all() on the rbio and wbio. We
keep references to the rbio and wbio inside the record layer object.
References to that object are held directly, as well as in fragment
retransmission queues. We need to ensure all record layer objects are
cleaned up before we call BIO_free_all() on rbio/wbio - otherwise the
"top" BIO may not have its reference count drop to 0 when BIO_free_all()
is called. This means that the rest of the BIOs in the chain don't get
freed and a memory leak can occur.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19424)
2022-10-20 14:39:33 +01:00
Matt Caswell
b92fc4ae18 Remove some redundant code
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19424)
2022-10-20 14:39:33 +01:00
Matt Caswell
e158ada6a7 Remove the old buffer management code
We no longer use the old buffer management code now that it has all been
moved to the new record layer.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19424)
2022-10-20 14:39:33 +01:00
Matt Caswell
faa3e66c27 Remove some TODO(RECLAYER) comments now that DTLS has been moved
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19424)
2022-10-20 14:39:33 +01:00
Matt Caswell
43dfa5a931 Remove dtls_write_records
The dtls_write_records function, after the previous series of commits,
was functionally equivalent to tls_write_records_default - so it can be
removed completely.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19424)
2022-10-20 14:39:33 +01:00
Matt Caswell
421386e392 Move sequence increment to post encryption processing
This change make dtls_write_records virtuall the same as
tls_write_records_default, which will enable us to merge them in a
subsequent commit.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19424)
2022-10-20 14:39:33 +01:00
Matt Caswell
3abc0d3e85 Remove supurious set of the record type
We already set the record type on the SSL3_RECORD structure. We don't
need to do it again (inconsistently).

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19424)
2022-10-20 14:39:33 +01:00
Matt Caswell
bed07b1875 Consolidate sequence counter incrementing code
The sequence counter was incremented in numerous different ways in
numerous different locations. We introduce a single function to do this
inside the record layer.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19424)
2022-10-20 14:39:33 +01:00
Matt Caswell
4f428e86d8 Ensure the record layer is responsible for calculating record overheads
Don't calculate the potential record layer expansion outside of the
record layer. We move some code that was doing that into the record
layer.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19424)
2022-10-20 14:39:33 +01:00
Matt Caswell
b9e37f8f57 Convert dtls_write_records to use standard record layer functions
We have standard functions for most of the work that dtls_write_records
does - so we convert it to use those functions instead.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19424)
2022-10-20 14:39:33 +01:00
Matt Caswell
248a9bf21a Start using WPACKET in the dtls write records code
Previously this was writing to the buffers directly. We use the safer
WPACKET instead

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19424)
2022-10-20 14:39:33 +01:00
Matt Caswell
602ee1f672 Use common tls_write_records() even for DTLS
In practice this just means have a DTLS specific write_records that the
common tls_write_records() just calls. We also replace the use of
ssl3_write_pending() with tls_retry_write_records().

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19424)
2022-10-20 14:39:32 +01:00
Matt Caswell
4cdd198ec2 Convert dtls_write_records() to return the correct return values
We now use standard record layer return values for this function. We
also convert the code to use RLAYERfatal instead of SSLfatal.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19424)
2022-10-20 14:39:32 +01:00
Matt Caswell
bf04cbfafe Use record layer buffers for DTLS rather than the buffers in s->rlayer
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19424)
2022-10-20 14:39:32 +01:00
Matt Caswell
fc938db6cc Move dlts_write_records() function in the record layer
At the this stage we just move the code and don't restructure it to do it
the record layer way yet.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19424)
2022-10-20 14:39:32 +01:00
Matt Caswell
88bf978eb1 Create a dlts_write_records() function
In preparation for moving the DTLS code to use the new write record layer
architecture we first restructure the code to create a dtls_write_records()
function that mirrors the functionality that the record layer will provide.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19424)
2022-10-20 14:39:32 +01:00
Matt Caswell
22d6e8547f Remove create_empty_fragment from do_dtls1_write()
do_dtls1_write() was never called with a value for create_empty_fragment
that was ever non-zero - so this is dead code and can be removed. The
equivalent code in the TLS processing is used for TLS1.0/SSLv3 to protect
against known IV weaknesses because those protocol versions do not have
an explicit IV. However DTLS1.0 is based on TLSv1.1 and *does* have an
explicit IV - so this is not useful there.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19424)
2022-10-20 14:39:32 +01:00
Todd Short
72620ac791 Add for_comp flag when retrieving certs for compression
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18186)
2022-10-18 09:30:22 -04:00
Todd Short
7e3cacac94 Update COMP_METHOD
size_t-ify the COMP_METHOD structure and functions.
Get rid of the non-functional COMP_METHODS and return NULL instead.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18186)
2022-10-18 09:30:22 -04:00
Todd Short
b67cb09f8d Add support for compressed certificates (RFC8879)
* Compressed Certificate extension (server/client)
* Server certificates (send/receive)
* Client certificate (send/receive)

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18186)
2022-10-18 09:30:22 -04:00
slontis
846975f367 Fix sctp compile errors
Fixes #19371

running config with 'enable-sctp' gave compiler errors.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19398)
2022-10-18 12:19:23 +01:00
Matt Caswell
247b8e5252 Ensure that the key share group is allowed for our protocol version
We should never send or accept a key share group that is not in the
supported groups list or a group that isn't suitable for use in TLSv1.3

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/19317)
2022-10-12 15:55:58 +01:00
Matt Caswell
f78c51995e Fix a return value in tls_default_read_n
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19343)
2022-10-12 15:53:31 +01:00
Matt Caswell
ace3819506 Introduce a step to prepare the BIO before writing
This removes some KTLS specific code from tls_retry_write_records().

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19343)
2022-10-12 15:53:31 +01:00
Matt Caswell
5bc226ab32 Remove ktls specific code from tls_setup_write_buffers
The KTLS code no longer calls this function so this is not necessary.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19343)
2022-10-12 15:53:31 +01:00
Matt Caswell
2a354d5463 Add a post encryption processing step
For example in this we add the MAC if we are doing encrypt-then-mac.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19343)
2022-10-12 15:53:31 +01:00
Matt Caswell
757ef3bab0 Add a prepare for encryption step
This applies any mac that might be necessary, ensures that we have
enough space in the WPACKET to perform the encryption and sets up the
SSL3_RECORD ready for that encryption.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19343)
2022-10-12 15:53:31 +01:00
Matt Caswell
2582de2590 Move record padding out of tls_common.c
Only tls13_meth.c needs to handle adding record padding. All other
*_meth.c files can ignore it.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19343)
2022-10-12 15:53:31 +01:00
Matt Caswell
b6f7519bc4 Don't check whether we are using KTLS before calling the cipher function
The KTLS cipher function is a no-op so it doesn't matter if we call it.
We shouldn't special case KTLS in tls_common.c

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19343)
2022-10-12 15:53:31 +01:00
Matt Caswell
aca70ca81c Defer record header preparation to the protocol methods
We introduce a new function to prepare the record header. KTLS has its own
version since this is done by the kernel.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19343)
2022-10-12 15:53:31 +01:00
Matt Caswell
7ca61d63e9 Abstract out the record type processing
Remove TLSv1.3 specific processing of the record type out of tls_common.c
and into tls13_meth.c

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19343)
2022-10-12 15:53:31 +01:00
Matt Caswell
91fe8ff02a Defer write buffer and WPACKET allocation/initialisation to protocol code
We move some protocol specific code for write buffer and WPACKET allocation
and initialisation out of tls_common.c and into the protocol specific files.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19343)
2022-10-12 15:53:31 +01:00
Matt Caswell
f93c0f5464 Remove an old TODO from the code
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19343)
2022-10-12 15:53:31 +01:00
Matt Caswell
435d88d708 Use the configured max_send_fragment value in the write record layer
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19343)
2022-10-12 15:53:31 +01:00
Matt Caswell
4bf610bdce Remove enc_write_state
This field was used to track whether a cipher ctx was valid for writing
or not, and also whether we should write out plaintext alerts. With the new
record layer design we no longer need to track whether a cipher ctx is valid
since the whole record layer will be aborted if it is not. Also we have a
different mechanism for tracking whether we should write out plaintext
alerts. Therefore this field is removed from the SSL object.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19343)
2022-10-12 15:53:31 +01:00
Matt Caswell
2f6e24eb5b Remove some unneeded usage of the SSL_CONNECTION object
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19343)
2022-10-12 15:53:31 +01:00
Matt Caswell
bfda3aeec5 Remove most of the DTLS special casing from the write record code
Most of this was unnecessary anyway since DTLS isn't using these codepaths.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19343)
2022-10-12 15:53:31 +01:00
Matt Caswell
2c50d7fb06 Convert the TLSv1.3 crypto code to the new write record layer
We also clean up some of the KTLS code while we are doing it now that all
users of KTLS have been moved to the new write record layer.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19343)
2022-10-12 15:53:31 +01:00
FdaSilvaYY
9929c81702 apps & al : Fix various typos, repeated words, align some spelling to LDP.
Mostly revamped from #16712
- fall thru -> fall through
- time stamp -> timestamp
- host name -> hostname
- ipv6 -> IPv6

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19059)
2022-10-12 16:55:28 +11:00
Matt Caswell
c9ee6e3646 Reimplement brainpool TLSv1.3 support group support
Create new TLS_GROUP_ENTRY values for these groups.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/19315)
2022-10-07 10:01:48 +01:00