diff options
author | Ricardo Cerqueira <cyanogenmod@cerqueira.org> | 2014-06-20 00:49:30 +0100 |
---|---|---|
committer | Ricardo Cerqueira <cyanogenmod@cerqueira.org> | 2014-06-20 00:50:38 +0100 |
commit | 5c72597140cefa9efff107072606ccdc3ffb84a0 (patch) | |
tree | 860a5c9147deb6e6a58d960b996f80e0212b3d0b | |
parent | d51d9f34e392c62976388bb34d0d94fbb11d3486 (diff) | |
parent | dd1da36b0baa39942f0aef42c4712ef0ad628a83 (diff) | |
download | replicant_openssl-5c72597140cefa9efff107072606ccdc3ffb84a0.zip replicant_openssl-5c72597140cefa9efff107072606ccdc3ffb84a0.tar.gz replicant_openssl-5c72597140cefa9efff107072606ccdc3ffb84a0.tar.bz2 |
Merge tag 'android-4.4.4_r1' into HEAD
Android 4.4.4 Release 1
Change-Id: Ic9cc24af8c3b38bca4d44235245888a4761e144e
-rw-r--r-- | include/openssl/ssl.h | 1 | ||||
-rw-r--r-- | include/openssl/ssl3.h | 3 | ||||
-rw-r--r-- | openssl.config | 9 | ||||
-rw-r--r-- | patches/early_ccs.patch | 100 | ||||
-rw-r--r-- | ssl/d1_both.c | 30 | ||||
-rw-r--r-- | ssl/s3_clnt.c | 1 | ||||
-rw-r--r-- | ssl/s3_pkt.c | 11 | ||||
-rw-r--r-- | ssl/s3_srvr.c | 4 | ||||
-rw-r--r-- | ssl/ssl.h | 1 | ||||
-rw-r--r-- | ssl/ssl3.h | 3 | ||||
-rw-r--r-- | ssl/ssl_err.c | 1 | ||||
-rw-r--r-- | ssl/t1_lib.c | 14 |
12 files changed, 142 insertions, 36 deletions
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index dac9c3e..35eb044 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -2685,6 +2685,7 @@ void ERR_load_SSL_strings(void); #define SSL_R_WRONG_VERSION_NUMBER 267 #define SSL_R_X509_LIB 268 #define SSL_R_X509_VERIFICATION_SETUP_PROBLEMS 269 +#define SSL_R_UNEXPECTED_CCS 388 #ifdef __cplusplus } diff --git a/include/openssl/ssl3.h b/include/openssl/ssl3.h index d63663b..48bacf0 100644 --- a/include/openssl/ssl3.h +++ b/include/openssl/ssl3.h @@ -388,6 +388,9 @@ typedef struct ssl3_buffer_st #define TLS1_FLAGS_TLS_PADDING_BUG 0x0008 #define TLS1_FLAGS_SKIP_CERT_VERIFY 0x0010 #define TLS1_FLAGS_KEEP_HANDSHAKE 0x0020 +/* SSL3_FLAGS_CCS_OK indicates that a ChangeCipherSpec record is acceptable at + * this point in the handshake. If this flag is not set then received CCS + * records will cause a fatal error for the connection. */ #define SSL3_FLAGS_CCS_OK 0x0080 /* SSL3_FLAGS_SGC_RESTART_DONE is set when we diff --git a/openssl.config b/openssl.config index 00e4ff9..acc2a6e 100644 --- a/openssl.config +++ b/openssl.config @@ -993,6 +993,7 @@ eng_dyn_dirs.patch \ fix_clang_build.patch \ tls12_digests.patch \ alpn.patch \ +early_ccs.patch \ " OPENSSL_PATCHES_progs_SOURCES="\ @@ -1068,3 +1069,11 @@ ssl/t1_lib.c \ ssl/tls1.h \ " +OPENSSL_PATCHES_early_ccs_SOURCES="\ +ssl/s3_clnt.c \ +ssl/s3_pkt.c \ +ssl/s3_srvr.c \ +ssl/ssl.h \ +ssl/ssl3.h \ +ssl/ssl_err.c \ +" diff --git a/patches/early_ccs.patch b/patches/early_ccs.patch new file mode 100644 index 0000000..d4c31e6 --- /dev/null +++ b/patches/early_ccs.patch @@ -0,0 +1,100 @@ +--- openssl-1.0.1e.orig/ssl/s3_clnt.c ++++ openssl-1.0.1e/ssl/s3_clnt.c +@@ -606,7 +606,7 @@ int ssl3_connect(SSL *s) + + case SSL3_ST_CR_FINISHED_A: + case SSL3_ST_CR_FINISHED_B: +- ++ s->s3->flags |= SSL3_FLAGS_CCS_OK; + ret=ssl3_get_finished(s,SSL3_ST_CR_FINISHED_A, + SSL3_ST_CR_FINISHED_B); + if (ret <= 0) goto end; +@@ -915,6 +916,7 @@ + SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT); + goto f_err; + } ++ s->s3->flags |= SSL3_FLAGS_CCS_OK; + s->hit=1; + } + else /* a miss or crap from the other end */ +--- openssl-1.0.1e.orig/ssl/s3_pkt.c ++++ openssl-1.0.1e/ssl/s3_pkt.c +@@ -1297,6 +1297,13 @@ start: + goto f_err; + } + ++ if (!(s->s3->flags & SSL3_FLAGS_CCS_OK)) ++ { ++ al=SSL_AD_UNEXPECTED_MESSAGE; ++ SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_UNEXPECTED_CCS); ++ goto f_err; ++ } ++ + rr->length=0; + + if (s->msg_callback) +@@ -1431,7 +1438,12 @@ int ssl3_do_change_cipher_spec(SSL *s) + + if (s->s3->tmp.key_block == NULL) + { +- if (s->session == NULL) ++ if (s->session->master_key_length == 0) ++ { ++ SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC,SSL_R_UNEXPECTED_CCS); ++ return (0); ++ } ++ if (s->session == NULL) + { + /* might happen if dtls1_read_bytes() calls this */ + SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC,SSL_R_CCS_RECEIVED_EARLY); +--- openssl-1.0.1e.orig/ssl/s3_srvr.c ++++ openssl-1.0.1e/ssl/s3_srvr.c +@@ -670,6 +670,7 @@ int ssl3_accept(SSL *s) + case SSL3_ST_SR_CERT_VRFY_B: + + /* we should decide if we expected this one */ ++ s->s3->flags |= SSL3_FLAGS_CCS_OK; + ret=ssl3_get_cert_verify(s); + if (ret <= 0) goto end; + +@@ -687,6 +688,7 @@ int ssl3_accept(SSL *s) + channel_id = s->s3->tlsext_channel_id_valid; + #endif + ++ s->s3->flags |= SSL3_FLAGS_CCS_OK; + if (next_proto_neg) + s->state=SSL3_ST_SR_NEXT_PROTO_A; + else if (channel_id) +--- openssl-1.0.1e.orig/ssl/ssl.h ++++ openssl-1.0.1e/ssl/ssl.h +@@ -2640,6 +2640,7 @@ void ERR_load_SSL_strings(void); + #define SSL_R_WRONG_VERSION_NUMBER 267 + #define SSL_R_X509_LIB 268 + #define SSL_R_X509_VERIFICATION_SETUP_PROBLEMS 269 ++#define SSL_R_UNEXPECTED_CCS 388 + + #ifdef __cplusplus + } +--- openssl-1.0.1e.orig/ssl/ssl3.h ++++ openssl-1.0.1e/ssl/ssl3.h +@@ -388,6 +388,10 @@ typedef struct ssl3_buffer_st + #define TLS1_FLAGS_TLS_PADDING_BUG 0x0008 + #define TLS1_FLAGS_SKIP_CERT_VERIFY 0x0010 + #define TLS1_FLAGS_KEEP_HANDSHAKE 0x0020 ++/* SSL3_FLAGS_CCS_OK indicates that a ChangeCipherSpec record is acceptable at ++ * this point in the handshake. If this flag is not set then received CCS ++ * records will cause a fatal error for the connection. */ ++#define SSL3_FLAGS_CCS_OK 0x0080 + + /* SSL3_FLAGS_SGC_RESTART_DONE is set when we + * restart a handshake because of MS SGC and so prevents us +--- openssl-1.0.1e.orig/ssl/ssl_err.c ++++ openssl-1.0.1e/ssl/ssl_err.c +@@ -604,6 +604,7 @@ static ERR_STRING_DATA SSL_str_reasons[] + {ERR_REASON(SSL_R_WRONG_VERSION_NUMBER) ,"wrong version number"}, + {ERR_REASON(SSL_R_X509_LIB) ,"x509 lib"}, + {ERR_REASON(SSL_R_X509_VERIFICATION_SETUP_PROBLEMS),"x509 verification setup problems"}, ++{ERR_REASON(SSL_R_UNEXPECTED_CCS),"unexpected CCS"}, + {0,NULL} + }; + diff --git a/ssl/d1_both.c b/ssl/d1_both.c index 7b88727..b4d52d7 100644 --- a/ssl/d1_both.c +++ b/ssl/d1_both.c @@ -786,7 +786,6 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok) int i,al; struct hm_header_st msg_hdr; - redo: /* see if we have the required fragment already */ if ((frag_len = dtls1_retrieve_buffered_fragment(s,max,ok)) || *ok) { @@ -845,7 +844,8 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok) s->msg_callback_arg); s->init_num = 0; - goto redo; + return dtls1_get_message_fragment(s, st1, stn, + max, ok); } else /* Incorrectly formated Hello request */ { @@ -1461,36 +1461,26 @@ dtls1_process_heartbeat(SSL *s) unsigned int payload; unsigned int padding = 16; /* Use minimum padding */ - if (s->msg_callback) - s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT, - &s->s3->rrec.data[0], s->s3->rrec.length, - s, s->msg_callback_arg); - /* Read type and payload length first */ - if (1 + 2 + 16 > s->s3->rrec.length) - return 0; /* silently discard */ hbtype = *p++; n2s(p, payload); - if (1 + 2 + payload + 16 > s->s3->rrec.length) - return 0; /* silently discard per RFC 6520 sec. 4 */ pl = p; + if (s->msg_callback) + s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT, + &s->s3->rrec.data[0], s->s3->rrec.length, + s, s->msg_callback_arg); + if (hbtype == TLS1_HB_REQUEST) { unsigned char *buffer, *bp; - unsigned int write_length = 1 /* heartbeat type */ + - 2 /* heartbeat length */ + - payload + padding; int r; - if (write_length > SSL3_RT_MAX_PLAIN_LENGTH) - return 0; - /* Allocate memory for the response, size is 1 byte * message type, plus 2 bytes payload length, plus * payload, plus padding */ - buffer = OPENSSL_malloc(write_length); + buffer = OPENSSL_malloc(1 + 2 + payload + padding); bp = buffer; /* Enter response type, length and copy payload */ @@ -1501,11 +1491,11 @@ dtls1_process_heartbeat(SSL *s) /* Random padding */ RAND_pseudo_bytes(bp, padding); - r = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, write_length); + r = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, 3 + payload + padding); if (r >= 0 && s->msg_callback) s->msg_callback(1, s->version, TLS1_RT_HEARTBEAT, - buffer, write_length, + buffer, 3 + payload + padding, s, s->msg_callback_arg); OPENSSL_free(buffer); diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 1c4f4db..9eabfd8 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -606,7 +606,6 @@ int ssl3_connect(SSL *s) case SSL3_ST_CR_FINISHED_A: case SSL3_ST_CR_FINISHED_B: - s->s3->flags |= SSL3_FLAGS_CCS_OK; ret=ssl3_get_finished(s,SSL3_ST_CR_FINISHED_A, SSL3_ST_CR_FINISHED_B); diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c index 31ce0e3..8f0daf3 100644 --- a/ssl/s3_pkt.c +++ b/ssl/s3_pkt.c @@ -1300,12 +1300,10 @@ start: if (!(s->s3->flags & SSL3_FLAGS_CCS_OK)) { al=SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_CCS_RECEIVED_EARLY); + SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_UNEXPECTED_CCS); goto f_err; } - s->s3->flags &= ~SSL3_FLAGS_CCS_OK; - rr->length=0; if (s->msg_callback) @@ -1440,7 +1438,12 @@ int ssl3_do_change_cipher_spec(SSL *s) if (s->s3->tmp.key_block == NULL) { - if (s->session == NULL || s->session->master_key_length == 0) + if (s->session->master_key_length == 0) + { + SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC,SSL_R_UNEXPECTED_CCS); + return (0); + } + if (s->session == NULL) { /* might happen if dtls1_read_bytes() calls this */ SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC,SSL_R_CCS_RECEIVED_EARLY); diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index f76b49c..8a18833 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -669,8 +669,8 @@ int ssl3_accept(SSL *s) case SSL3_ST_SR_CERT_VRFY_A: case SSL3_ST_SR_CERT_VRFY_B: - s->s3->flags |= SSL3_FLAGS_CCS_OK; /* we should decide if we expected this one */ + s->s3->flags |= SSL3_FLAGS_CCS_OK; ret=ssl3_get_cert_verify(s); if (ret <= 0) goto end; @@ -688,6 +688,7 @@ int ssl3_accept(SSL *s) channel_id = s->s3->tlsext_channel_id_valid; #endif + s->s3->flags |= SSL3_FLAGS_CCS_OK; if (next_proto_neg) s->state=SSL3_ST_SR_NEXT_PROTO_A; else if (channel_id) @@ -722,7 +723,6 @@ int ssl3_accept(SSL *s) case SSL3_ST_SR_FINISHED_A: case SSL3_ST_SR_FINISHED_B: - s->s3->flags |= SSL3_FLAGS_CCS_OK; ret=ssl3_get_finished(s,SSL3_ST_SR_FINISHED_A, SSL3_ST_SR_FINISHED_B); if (ret <= 0) goto end; @@ -2685,6 +2685,7 @@ void ERR_load_SSL_strings(void); #define SSL_R_WRONG_VERSION_NUMBER 267 #define SSL_R_X509_LIB 268 #define SSL_R_X509_VERIFICATION_SETUP_PROBLEMS 269 +#define SSL_R_UNEXPECTED_CCS 388 #ifdef __cplusplus } @@ -388,6 +388,9 @@ typedef struct ssl3_buffer_st #define TLS1_FLAGS_TLS_PADDING_BUG 0x0008 #define TLS1_FLAGS_SKIP_CERT_VERIFY 0x0010 #define TLS1_FLAGS_KEEP_HANDSHAKE 0x0020 +/* SSL3_FLAGS_CCS_OK indicates that a ChangeCipherSpec record is acceptable at + * this point in the handshake. If this flag is not set then received CCS + * records will cause a fatal error for the connection. */ #define SSL3_FLAGS_CCS_OK 0x0080 /* SSL3_FLAGS_SGC_RESTART_DONE is set when we diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c index c40c718..bddd794 100644 --- a/ssl/ssl_err.c +++ b/ssl/ssl_err.c @@ -604,6 +604,7 @@ static ERR_STRING_DATA SSL_str_reasons[]= {ERR_REASON(SSL_R_WRONG_VERSION_NUMBER) ,"wrong version number"}, {ERR_REASON(SSL_R_X509_LIB) ,"x509 lib"}, {ERR_REASON(SSL_R_X509_VERIFICATION_SETUP_PROBLEMS),"x509 verification setup problems"}, +{ERR_REASON(SSL_R_UNEXPECTED_CCS),"unexpected CCS"}, {0,NULL} }; diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 4e12d3c..f170056 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -2647,20 +2647,16 @@ tls1_process_heartbeat(SSL *s) unsigned int payload; unsigned int padding = 16; /* Use minimum padding */ - if (s->msg_callback) - s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT, - &s->s3->rrec.data[0], s->s3->rrec.length, - s, s->msg_callback_arg); - /* Read type and payload length first */ - if (1 + 2 + 16 > s->s3->rrec.length) - return 0; /* silently discard */ hbtype = *p++; n2s(p, payload); - if (1 + 2 + payload + 16 > s->s3->rrec.length) - return 0; /* silently discard per RFC 6520 sec. 4 */ pl = p; + if (s->msg_callback) + s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT, + &s->s3->rrec.data[0], s->s3->rrec.length, + s, s->msg_callback_arg); + if (hbtype == TLS1_HB_REQUEST) { unsigned char *buffer, *bp; |