X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=ssl%2Fstatem%2Fstatem_clnt.c;h=8ca47370cf6a0a877468008065a89250b52d3aa3;hp=62488826075b5328369afb09d4d9f0a63127036a;hb=786b4df402ce57e375012401a02ad7a6696b90c2;hpb=7f6b466b2cca843dd9d12fd547489100327beb3e diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index 6248882607..8ca47370cf 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -1571,6 +1571,13 @@ static MSG_PROCESS_RETURN tls_process_hello_retry_request(SSL *s, PACKET *pkt) s->hello_retry_request = 1; + /* + * If we were sending early_data then the enc_write_ctx is now invalid and + * should not be used. + */ + EVP_CIPHER_CTX_free(s->enc_write_ctx); + s->enc_write_ctx = NULL; + /* This will fail if it doesn't choose TLSv1.3+ */ errorcode = ssl_choose_client_version(s, sversion, 0, &al); if (errorcode != 0) { @@ -1608,7 +1615,11 @@ static MSG_PROCESS_RETURN tls_process_hello_retry_request(SSL *s, PACKET *pkt) OPENSSL_free(extensions); extensions = NULL; - if (s->ext.tls13_cookie_len == 0 && s->s3->tmp.pkey != NULL) { + if (s->ext.tls13_cookie_len == 0 +#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH) + && s->s3->tmp.pkey != NULL +#endif + ) { /* * We didn't receive a cookie or a new key_share so the next * ClientHello will not change @@ -1651,7 +1662,8 @@ static MSG_PROCESS_RETURN tls_process_hello_retry_request(SSL *s, PACKET *pkt) MSG_PROCESS_RETURN tls_process_server_certificate(SSL *s, PACKET *pkt) { - int al, i, ret = MSG_PROCESS_ERROR; + int al, i; + MSG_PROCESS_RETURN ret = MSG_PROCESS_ERROR; unsigned long cert_list_len, cert_len; X509 *x = NULL; const unsigned char *certstart, *certbytes; @@ -1761,9 +1773,6 @@ MSG_PROCESS_RETURN tls_process_server_certificate(SSL *s, PACKET *pkt) */ x = sk_X509_value(sk, 0); sk = NULL; - /* - * VRS 19990621: possible memory leak; sk=null ==> !sk_pop_free() @end - */ pkey = X509_get0_pubkey(x); @@ -2029,9 +2038,6 @@ static int tls_process_ske_ecdhe(SSL *s, PACKET *pkt, EVP_PKEY **pkey, int *al) #ifndef OPENSSL_NO_EC PACKET encoded_pt; const unsigned char *ecparams; - int curve_nid; - unsigned int curve_flags; - EVP_PKEY_CTX *pctx = NULL; /* * Extract elliptic curve parameters and the server's ephemeral ECDH @@ -2053,41 +2059,13 @@ static int tls_process_ske_ecdhe(SSL *s, PACKET *pkt, EVP_PKEY **pkey, int *al) return 0; } - curve_nid = tls1_ec_curve_id2nid(*(ecparams + 2), &curve_flags); - - if (curve_nid == 0) { + if ((s->s3->peer_tmp = ssl_generate_param_group(ecparams[2])) == NULL) { *al = SSL_AD_INTERNAL_ERROR; SSLerr(SSL_F_TLS_PROCESS_SKE_ECDHE, SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS); return 0; } - if ((curve_flags & TLS_CURVE_TYPE) == TLS_CURVE_CUSTOM) { - EVP_PKEY *key = EVP_PKEY_new(); - - if (key == NULL || !EVP_PKEY_set_type(key, curve_nid)) { - *al = SSL_AD_INTERNAL_ERROR; - SSLerr(SSL_F_TLS_PROCESS_SKE_ECDHE, ERR_R_EVP_LIB); - EVP_PKEY_free(key); - return 0; - } - s->s3->peer_tmp = key; - } else { - /* Set up EVP_PKEY with named curve as parameters */ - pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL); - if (pctx == NULL - || EVP_PKEY_paramgen_init(pctx) <= 0 - || EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, curve_nid) <= 0 - || EVP_PKEY_paramgen(pctx, &s->s3->peer_tmp) <= 0) { - *al = SSL_AD_INTERNAL_ERROR; - SSLerr(SSL_F_TLS_PROCESS_SKE_ECDHE, ERR_R_EVP_LIB); - EVP_PKEY_CTX_free(pctx); - return 0; - } - EVP_PKEY_CTX_free(pctx); - pctx = NULL; - } - if (!PACKET_get_length_prefixed_1(pkt, &encoded_pt)) { *al = SSL_AD_DECODE_ERROR; SSLerr(SSL_F_TLS_PROCESS_SKE_ECDHE, SSL_R_LENGTH_MISMATCH); @@ -2307,7 +2285,7 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt) MSG_PROCESS_RETURN tls_process_certificate_request(SSL *s, PACKET *pkt) { - int ret = MSG_PROCESS_ERROR; + MSG_PROCESS_RETURN ret = MSG_PROCESS_ERROR; int al = SSL_AD_DECODE_ERROR; size_t i; @@ -2422,7 +2400,6 @@ MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL *s, PACKET *pkt) || (SSL_IS_TLS13(s) && (!PACKET_get_net_4(pkt, &age_add) || !PACKET_get_length_prefixed_1(pkt, &nonce) - || PACKET_remaining(&nonce) == 0 || !PACKET_memdup(&nonce, &s->session->ext.tick_nonce, &s->session->ext.tick_nonce_len))) || !PACKET_get_net_2(pkt, &ticklen) @@ -2456,6 +2433,12 @@ MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL *s, PACKET *pkt) * We reused an existing session, so we need to replace it with a new * one */ + if ((new_sess = ssl_session_dup(s->session, 0)) == 0) { + al = SSL_AD_INTERNAL_ERROR; + SSLerr(SSL_F_TLS_PROCESS_NEW_SESSION_TICKET, ERR_R_MALLOC_FAILURE); + goto f_err; + } + if (i & SSL_SESS_CACHE_CLIENT) { /* * Remove the old session from the cache. We carry on if this fails @@ -2463,12 +2446,6 @@ MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL *s, PACKET *pkt) SSL_CTX_remove_session(s->session_ctx, s->session); } - if ((new_sess = ssl_session_dup(s->session, 0)) == 0) { - al = SSL_AD_INTERNAL_ERROR; - SSLerr(SSL_F_TLS_PROCESS_NEW_SESSION_TICKET, ERR_R_MALLOC_FAILURE); - goto f_err; - } - SSL_SESSION_free(s->session); s->session = new_sess; } @@ -2810,7 +2787,7 @@ static int tls_construct_cke_rsa(SSL *s, WPACKET *pkt, int *al) pms[0] = s->client_version >> 8; pms[1] = s->client_version & 0xff; /* TODO(size_t): Convert this function */ - if (RAND_bytes(pms + 2, (int)(pmslen - 2)) <= 0) { + if (ssl_randbytes(s, pms + 2, (int)(pmslen - 2)) <= 0) { goto err; } @@ -3000,7 +2977,7 @@ static int tls_construct_cke_gost(SSL *s, WPACKET *pkt, int *al) /* Generate session key * TODO(size_t): Convert this function */ - || RAND_bytes(pms, (int)pmslen) <= 0) { + || ssl_randbytes(s, pms, (int)pmslen) <= 0) { *al = SSL_AD_INTERNAL_ERROR; SSLerr(SSL_F_TLS_CONSTRUCT_CKE_GOST, ERR_R_INTERNAL_ERROR); goto err; @@ -3240,7 +3217,7 @@ WORK_STATE tls_prepare_client_certificate(SSL *s, WORK_STATE wst) if (i == 0) { ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR); ossl_statem_set_error(s); - return 0; + return WORK_ERROR; } s->rwstate = SSL_NOTHING; } @@ -3286,7 +3263,7 @@ WORK_STATE tls_prepare_client_certificate(SSL *s, WORK_STATE wst) if (!ssl3_digest_cached_records(s, 0)) { ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR); ossl_statem_set_error(s); - return 0; + return WORK_ERROR; } } } @@ -3335,62 +3312,39 @@ int tls_construct_client_certificate(SSL *s, WPACKET *pkt) return 0; } -#define has_bits(i,m) (((i)&(m)) == (m)) - int ssl3_check_cert_and_algorithm(SSL *s) { - int i; -#ifndef OPENSSL_NO_EC - int idx; -#endif + const SSL_CERT_LOOKUP *clu; + size_t idx; long alg_k, alg_a; - EVP_PKEY *pkey = NULL; int al = SSL_AD_HANDSHAKE_FAILURE; alg_k = s->s3->tmp.new_cipher->algorithm_mkey; alg_a = s->s3->tmp.new_cipher->algorithm_auth; /* we don't have a certificate */ - if ((alg_a & SSL_aNULL) || (alg_k & SSL_kPSK)) - return (1); + if (!(alg_a & SSL_aCERT)) + return 1; /* This is the passed certificate */ + clu = ssl_cert_lookup_by_pkey(X509_get0_pubkey(s->session->peer), &idx); -#ifndef OPENSSL_NO_EC - idx = s->session->peer_type; - if (idx == SSL_PKEY_ECC || idx == SSL_PKEY_ED25519) { - if (ssl_check_srvr_ecc_cert_and_alg(s->session->peer, s) == 0) { - /* check failed */ - SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_BAD_ECC_CERT); - goto f_err; - } else { - return 1; - } - } else if (alg_a & SSL_aECDSA) { - SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, - SSL_R_MISSING_ECDSA_SIGNING_CERT); + /* Check certificate is recognised and suitable for cipher */ + if (clu == NULL || (alg_a & clu->amask) == 0) { + SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_MISSING_SIGNING_CERT); goto f_err; } -#endif - pkey = X509_get0_pubkey(s->session->peer); - i = X509_certificate_type(s->session->peer, pkey); - /* Check that we have a certificate if we require one */ - if ((alg_a & SSL_aRSA) && !has_bits(i, EVP_PK_RSA | EVP_PKT_SIGN)) { - SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, - SSL_R_MISSING_RSA_SIGNING_CERT); - goto f_err; - } -#ifndef OPENSSL_NO_DSA - else if ((alg_a & SSL_aDSS) && !has_bits(i, EVP_PK_DSA | EVP_PKT_SIGN)) { - SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, - SSL_R_MISSING_DSA_SIGNING_CERT); +#ifndef OPENSSL_NO_EC + if (clu->amask & SSL_aECDSA) { + if (ssl_check_srvr_ecc_cert_and_alg(s->session->peer, s)) + return 1; + SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_BAD_ECC_CERT); goto f_err; } #endif #ifndef OPENSSL_NO_RSA - if (alg_k & (SSL_kRSA | SSL_kRSAPSK) && - !has_bits(i, EVP_PK_RSA | EVP_PKT_ENC)) { + if (alg_k & (SSL_kRSA | SSL_kRSAPSK) && idx != SSL_PKEY_RSA) { SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_MISSING_RSA_ENCRYPTING_CERT); goto f_err; @@ -3404,10 +3358,10 @@ int ssl3_check_cert_and_algorithm(SSL *s) } #endif - return (1); + return 1; f_err: ssl3_send_alert(s, SSL3_AL_FATAL, al); - return (0); + return 0; } #ifndef OPENSSL_NO_NEXTPROTONEG @@ -3585,7 +3539,7 @@ int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, WPACKET *pkt) if (totlen != 0) { if (empty_reneg_info_scsv) { static SSL_CIPHER scsv = { - 0, NULL, SSL3_CK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0 + 0, NULL, NULL, SSL3_CK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0 }; if (!s->method->put_cipher_by_char(&scsv, pkt, &len)) { SSLerr(SSL_F_SSL_CIPHER_LIST_TO_BYTES, ERR_R_INTERNAL_ERROR); @@ -3594,7 +3548,7 @@ int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, WPACKET *pkt) } if (s->mode & SSL_MODE_SEND_FALLBACK_SCSV) { static SSL_CIPHER scsv = { - 0, NULL, SSL3_CK_FALLBACK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0 + 0, NULL, NULL, SSL3_CK_FALLBACK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0 }; if (!s->method->put_cipher_by_char(&scsv, pkt, &len)) { SSLerr(SSL_F_SSL_CIPHER_LIST_TO_BYTES, ERR_R_INTERNAL_ERROR);