Fix CVE-2014-0221

[openssl.git] / ssl / s3_lib.c

diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 75d716e88f055bf43234e1bade9010355a565856..c4ef2738d7b11b77af88e8d2fd8a29a125590640 100644 (file)
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -1081,7 +1081,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_aRSA,
        SSL_eNULL,
        SSL_SHA256,
-       SSL_SSLV3,
+       SSL_TLSV1_2,
        SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS,
        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        0,
@@ -1097,7 +1097,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_aRSA,
        SSL_AES128,
        SSL_SHA256,
-       SSL_TLSV1,
+       SSL_TLSV1_2,
        SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        128,
@@ -1113,7 +1113,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_aRSA,
        SSL_AES256,
        SSL_SHA256,
-       SSL_TLSV1,
+       SSL_TLSV1_2,
        SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        256,
@@ -1125,11 +1125,11 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        0, /* not implemented (non-ephemeral DH) */
        TLS1_TXT_DH_DSS_WITH_AES_128_SHA256,
        TLS1_CK_DH_DSS_WITH_AES_128_SHA256,
-       SSL_kDHr,
+       SSL_kDHd,
        SSL_aDH,
        SSL_AES128,
        SSL_SHA256,
-       SSL_TLSV1,
+       SSL_TLSV1_2,
        SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        128,
@@ -1145,7 +1145,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_aDH,
        SSL_AES128,
        SSL_SHA256,
-       SSL_TLSV1,
+       SSL_TLSV1_2,
        SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        128,
@@ -1161,7 +1161,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_aDSS,
        SSL_AES128,
        SSL_SHA256,
-       SSL_TLSV1,
+       SSL_TLSV1_2,
        SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        128,
@@ -1395,7 +1395,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_aRSA,
        SSL_AES128,
        SSL_SHA256,
-       SSL_TLSV1,
+       SSL_TLSV1_2,
        SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        128,
@@ -1407,11 +1407,11 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        0, /* not implemented (non-ephemeral DH) */
        TLS1_TXT_DH_DSS_WITH_AES_256_SHA256,
        TLS1_CK_DH_DSS_WITH_AES_256_SHA256,
-       SSL_kDHr,
+       SSL_kDHd,
        SSL_aDH,
        SSL_AES256,
        SSL_SHA256,
-       SSL_TLSV1,
+       SSL_TLSV1_2,
        SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        256,
@@ -1427,7 +1427,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_aDH,
        SSL_AES256,
        SSL_SHA256,
-       SSL_TLSV1,
+       SSL_TLSV1_2,
        SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        256,
@@ -1443,7 +1443,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_aDSS,
        SSL_AES256,
        SSL_SHA256,
-       SSL_TLSV1,
+       SSL_TLSV1_2,
        SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        256,
@@ -1459,7 +1459,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_aRSA,
        SSL_AES256,
        SSL_SHA256,
-       SSL_TLSV1,
+       SSL_TLSV1_2,
        SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        256,
@@ -1475,7 +1475,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_aNULL,
        SSL_AES128,
        SSL_SHA256,
-       SSL_TLSV1,
+       SSL_TLSV1_2,
        SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        128,
@@ -1491,7 +1491,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_aNULL,
        SSL_AES256,
        SSL_SHA256,
-       SSL_TLSV1,
+       SSL_TLSV1_2,
        SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        256,
@@ -1683,7 +1683,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_3DES,
        SSL_SHA1,
        SSL_TLSV1,
-       SSL_NOT_EXP|SSL_HIGH,
+       SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        168,
        168,
@@ -1699,7 +1699,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_AES128,
        SSL_SHA1,
        SSL_TLSV1,
-       SSL_NOT_EXP|SSL_HIGH,
+       SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        128,
        128,
@@ -1715,7 +1715,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_AES256,
        SSL_SHA1,
        SSL_TLSV1,
-       SSL_NOT_EXP|SSL_HIGH,
+       SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        256,
        256,
@@ -1958,7 +1958,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        0,
        TLS1_TXT_DH_DSS_WITH_AES_128_GCM_SHA256,
        TLS1_CK_DH_DSS_WITH_AES_128_GCM_SHA256,
-       SSL_kDHr,
+       SSL_kDHd,
        SSL_aDH,
        SSL_AES128GCM,
        SSL_AEAD,
@@ -1974,7 +1974,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        0,
        TLS1_TXT_DH_DSS_WITH_AES_256_GCM_SHA384,
        TLS1_CK_DH_DSS_WITH_AES_256_GCM_SHA384,
-       SSL_kDHr,
+       SSL_kDHd,
        SSL_aDH,
        SSL_AES256GCM,
        SSL_AEAD,
@@ -2669,7 +2669,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        1,
        TLS1_TXT_ECDH_RSA_WITH_AES_128_SHA256,
        TLS1_CK_ECDH_RSA_WITH_AES_128_SHA256,
-       SSL_kECDHe,
+       SSL_kECDHr,
        SSL_aECDH,
        SSL_AES128,
        SSL_SHA256,
@@ -2685,7 +2685,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        1,
        TLS1_TXT_ECDH_RSA_WITH_AES_256_SHA384,
        TLS1_CK_ECDH_RSA_WITH_AES_256_SHA384,
-       SSL_kECDHe,
+       SSL_kECDHr,
        SSL_aECDH,
        SSL_AES256,
        SSL_SHA384,
@@ -2799,7 +2799,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        1,
        TLS1_TXT_ECDH_RSA_WITH_AES_128_GCM_SHA256,
        TLS1_CK_ECDH_RSA_WITH_AES_128_GCM_SHA256,
-       SSL_kECDHe,
+       SSL_kECDHr,
        SSL_aECDH,
        SSL_AES128GCM,
        SSL_AEAD,
@@ -2815,7 +2815,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        1,
        TLS1_TXT_ECDH_RSA_WITH_AES_256_GCM_SHA384,
        TLS1_CK_ECDH_RSA_WITH_AES_256_GCM_SHA384,
-       SSL_kECDHe,
+       SSL_kECDHr,
        SSL_aECDH,
        SSL_AES256GCM,
        SSL_AEAD,
@@ -3037,6 +3037,11 @@ void ssl3_clear(SSL *s)
                s->s3->tmp.ecdh = NULL;
                }
 #endif
+#ifndef OPENSSL_NO_TLSEXT
+#ifndef OPENSSL_NO_EC
+       s->s3->is_probably_safari = 0;
+#endif /* !OPENSSL_NO_EC */
+#endif /* !OPENSSL_NO_TLSEXT */
 
        rp = s->s3->rbuf.buf;
        wp = s->s3->wbuf.buf;
@@ -3589,7 +3594,7 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
                ctx->srp_ctx.login = NULL;
                if (parg == NULL)
                        break;
-               if (strlen((char *)parg) > 254)
+               if (strlen((const char *)parg) > 255 || strlen((const char *)parg) < 1)
                        {
                        SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_SRP_USERNAME);
                        return 0;
@@ -4016,6 +4021,13 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
                ii=sk_SSL_CIPHER_find(allow,c);
                if (ii >= 0)
                        {
+#if !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_TLSEXT)
+                       if ((alg_k & SSL_kEECDH) && (alg_a & SSL_aECDSA) && s->s3->is_probably_safari)
+                               {
+                               if (!ret) ret=sk_SSL_CIPHER_value(allow,ii);
+                               continue;
+                               }
+#endif
                        ret=sk_SSL_CIPHER_value(allow,ii);
                        break;
                        }
@@ -4274,7 +4286,7 @@ need to go to SSL_ST_ACCEPT.
 long ssl_get_algorithm2(SSL *s)
        {
        long alg2 = s->s3->tmp.new_cipher->algorithm2;
-       if (TLS1_get_version(s) >= TLS1_2_VERSION &&
+       if (s->method->version == TLS1_2_VERSION &&
            alg2 == (SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF))
                return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256;
        return alg2;