ag/cpython-source-deps
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Import OpenSSL 1.0.2p

Browse Source
This commit is contained in:
Steve Dower
2018-08-14 08:51:39 -07:00
parent 4933cd8231
commit 4b1c388f4d
157 changed files with 2471 additions and 1482 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
ssl/d1_both.c
View File

@@ -4,7 +4,7 @@
* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
*/
/* ====================================================================
* Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
* Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -656,7 +656,8 @@ static int dtls1_retrieve_buffered_fragment(SSL *s, long max, int *ok)
al = dtls1_preprocess_fragment(s, &frag->msg_header, max);
if (al == 0) { /* no alert */
/* al will be 0 if no alert */
if (al == 0 && frag->msg_header.frag_len > 0) {
unsigned char *p =
(unsigned char *)s->init_buf->data + DTLS1_HM_HEADER_LENGTH;
memcpy(&p[frag->msg_header.frag_off], frag->fragment,

12
ssl/s3_lib.c
View File

@@ -56,7 +56,7 @@
* [including the GNU Public Licence.]
*/
/* ====================================================================
* Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
* Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -4228,8 +4228,13 @@ int ssl3_get_req_cert_type(SSL *s, unsigned char *p)
#ifndef OPENSSL_NO_ECDSA
int have_ecdsa_sign = 0;
#endif
#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_ECDH)
int nostrict = 1;
#endif
#if !defined(OPENSSL_NO_GOST) || !defined(OPENSSL_NO_DH) || \
!defined(OPENSSL_NO_ECDH)
unsigned long alg_k;
#endif
/* If we have custom certificate types set, use them */
if (s->cert->ctypes) {
@@ -4238,8 +4243,10 @@ int ssl3_get_req_cert_type(SSL *s, unsigned char *p)
}
/* get configured sigalgs */
siglen = tls12_get_psigalgs(s, 1, &sig);
#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_ECDH)
if (s->cert->cert_flags & SSL_CERT_FLAGS_CHECK_TLS_STRICT)
nostrict = 0;
#endif
for (i = 0; i < siglen; i += 2, sig += 2) {
switch (sig[1]) {
case TLSEXT_signature_rsa:
@@ -4257,7 +4264,10 @@ int ssl3_get_req_cert_type(SSL *s, unsigned char *p)
}
}
#if !defined(OPENSSL_NO_GOST) || !defined(OPENSSL_NO_DH) || \
!defined(OPENSSL_NO_ECDH)
alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
#endif
#ifndef OPENSSL_NO_GOST
if (s->version >= TLS1_VERSION) {

26
ssl/s3_srvr.c
View File

@@ -56,7 +56,7 @@
* [including the GNU Public Licence.]
*/
/* ====================================================================
* Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
* Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -1959,11 +1959,12 @@ int ssl3_send_server_key_exchange(SSL *s)
#ifndef OPENSSL_NO_PSK
if (type & SSL_kPSK) {
size_t len = strlen(s->ctx->psk_identity_hint);
/* copy PSK identity hint */
s2n(strlen(s->ctx->psk_identity_hint), p);
strncpy((char *)p, s->ctx->psk_identity_hint,
strlen(s->ctx->psk_identity_hint));
p += strlen(s->ctx->psk_identity_hint);
s2n(len, p);
memcpy(p, s->ctx->psk_identity_hint, len);
p += len;
}
#endif
@@ -2090,6 +2091,11 @@ int ssl3_send_certificate_request(SSL *s)
if (SSL_USE_SIGALGS(s)) {
const unsigned char *psigs;
nl = tls12_get_psigalgs(s, 1, &psigs);
if (nl > SSL_MAX_2_BYTE_LEN) {
SSLerr(SSL_F_SSL3_SEND_CERTIFICATE_REQUEST,
SSL_R_LENGTH_TOO_LONG);
goto err;
}
s2n(nl, p);
memcpy(p, psigs, nl);
p += nl;
@@ -2106,6 +2112,11 @@ int ssl3_send_certificate_request(SSL *s)
for (i = 0; i < sk_X509_NAME_num(sk); i++) {
name = sk_X509_NAME_value(sk, i);
j = i2d_X509_NAME(name, NULL);
if (j > SSL_MAX_2_BYTE_LEN) {
SSLerr(SSL_F_SSL3_SEND_CERTIFICATE_REQUEST,
SSL_R_LENGTH_TOO_LONG);
goto err;
}
if (!BUF_MEM_grow_clean
(buf, SSL_HM_HEADER_LENGTH(s) + n + j + 2)) {
SSLerr(SSL_F_SSL3_SEND_CERTIFICATE_REQUEST,
@@ -2127,6 +2138,11 @@ int ssl3_send_certificate_request(SSL *s)
n += j;
nl += j;
}
if (nl > SSL_MAX_2_BYTE_LEN) {
SSLerr(SSL_F_SSL3_SEND_CERTIFICATE_REQUEST,
SSL_R_LENGTH_TOO_LONG);
goto err;
}
}
}
/* else no CA names */

7
ssl/ssl.h
View File

@@ -56,7 +56,7 @@
* [including the GNU Public Licence.]
*/
/* ====================================================================
* Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
* Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -548,7 +548,7 @@ struct ssl_session_st {
const SSL_CIPHER *cipher;
unsigned long cipher_id; /* when ASN.1 loaded, this needs to be used
* to load the 'cipher' structure */
STACK_OF(SSL_CIPHER) *ciphers; /* shared ciphers? */
STACK_OF(SSL_CIPHER) *ciphers; /* ciphers offered by the client */
CRYPTO_EX_DATA ex_data; /* application specific data */
/*
* These are used to make removal of session-ids more efficient and to
@@ -2149,7 +2149,7 @@ int SSL_get_fd(const SSL *s);
int SSL_get_rfd(const SSL *s);
int SSL_get_wfd(const SSL *s);
const char *SSL_get_cipher_list(const SSL *s, int n);
char *SSL_get_shared_ciphers(const SSL *s, char *buf, int len);
char *SSL_get_shared_ciphers(const SSL *s, char *buf, int size);
int SSL_get_read_ahead(const SSL *s);
int SSL_pending(const SSL *s);
# ifndef OPENSSL_NO_SOCK
@@ -2954,6 +2954,7 @@ void ERR_load_SSL_strings(void);
# define SSL_R_KRB5_S_TKT_NYV 294
# define SSL_R_KRB5_S_TKT_SKEW 295
# define SSL_R_LENGTH_MISMATCH 159
# define SSL_R_LENGTH_TOO_LONG 404
# define SSL_R_LENGTH_TOO_SHORT 160
# define SSL_R_LIBRARY_BUG 274
# define SSL_R_LIBRARY_HAS_NO_CIPHERS 161

37
ssl/ssl_lib.c
View File

@@ -58,7 +58,7 @@
* [including the GNU Public Licence.]
*/
/* ====================================================================
* Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
* Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -1404,28 +1404,37 @@ int SSL_set_cipher_list(SSL *s, const char *str)
}
/* works well for SSLv2, not so good for SSLv3 */
char *SSL_get_shared_ciphers(const SSL *s, char *buf, int len)
char *SSL_get_shared_ciphers(const SSL *s, char *buf, int size)
{
char *p;
STACK_OF(SSL_CIPHER) *sk;
STACK_OF(SSL_CIPHER) *clntsk, *srvrsk;
SSL_CIPHER *c;
int i;
if ((s->session == NULL) || (s->session->ciphers == NULL) || (len < 2))
return (NULL);
p = buf;
sk = s->session->ciphers;
if (sk_SSL_CIPHER_num(sk) == 0)
if (!s->server
|| s->session == NULL
|| s->session->ciphers == NULL
|| size < 2)
return NULL;
for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) {
p = buf;
clntsk = s->session->ciphers;
srvrsk = SSL_get_ciphers(s);
if (clntsk == NULL || srvrsk == NULL)
return NULL;
if (sk_SSL_CIPHER_num(clntsk) == 0 || sk_SSL_CIPHER_num(srvrsk) == 0)
return NULL;
for (i = 0; i < sk_SSL_CIPHER_num(clntsk); i++) {
int n;
c = sk_SSL_CIPHER_value(sk, i);
c = sk_SSL_CIPHER_value(clntsk, i);
if (sk_SSL_CIPHER_find(srvrsk, c) < 0)
continue;
n = strlen(c->name);
if (n + 1 > len) {
if (n + 1 > size) {
if (p != buf)
--p;
*p = '\0';
@@ -1434,7 +1443,7 @@ char *SSL_get_shared_ciphers(const SSL *s, char *buf, int len)
strcpy(p, c->name);
p += n;
*(p++) = ':';
len -= n + 1;
size -= n + 1;
}
p[-1] = '\0';
return (buf);

4
ssl/ssl_locl.h
View File

@@ -56,7 +56,7 @@
* [including the GNU Public Licence.]
*/
/* ====================================================================
* Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
* Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -259,6 +259,8 @@
c[1]=(unsigned char)(((l)>> 8)&0xff), \
c[2]=(unsigned char)(((l) )&0xff)),c+=3)
# define SSL_MAX_2_BYTE_LEN (0xffff)
/* LOCAL STUFF */
# define SSL_DECRYPT 0

5
ssl/t1_lib.c
View File

@@ -2408,8 +2408,7 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p,
goto err;
if (!tls1_save_sigalgs(s, data, dsize))
goto err;
} else if (type == TLSEXT_TYPE_status_request) {
} else if (type == TLSEXT_TYPE_status_request && !s->hit) {
if (size < 5)
goto err;
@@ -3166,7 +3165,7 @@ int tls1_set_server_sigalgs(SSL *s)
if (!s->cert->shared_sigalgs) {
SSLerr(SSL_F_TLS1_SET_SERVER_SIGALGS,
SSL_R_NO_SHARED_SIGATURE_ALGORITHMS);
al = SSL_AD_ILLEGAL_PARAMETER;
al = SSL_AD_HANDSHAKE_FAILURE;
goto err;
}
} else

16
ssl/t1_trce.c
View File

@@ -4,7 +4,7 @@
* project.
*/
/* ====================================================================
* Copyright (c) 2012 The OpenSSL Project. All rights reserved.
* Copyright (c) 2012-2018 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -645,6 +645,8 @@ static int ssl_print_extensions(BIO *bio, int indent, int server,
BIO_puts(bio, "No Extensions\n");
return 1;
}
if (msglen < 2)
return 0;
extslen = (msg[0] << 8) | msg[1];
if (extslen != msglen - 2)
return 0;
@@ -1021,6 +1023,8 @@ static int ssl_print_cert_request(BIO *bio, int indent, SSL *s,
msglen -= xlen + 2;
skip_sig:
if (msglen < 2)
return 0;
xlen = (msg[0] << 8) | msg[1];
BIO_indent(bio, indent, 80);
if (msglen < xlen + 2)
@@ -1209,7 +1213,15 @@ void SSL_trace(int write_p, int version, int content_type,
switch (content_type) {
case SSL3_RT_HEADER:
{
int hvers = msg[1] << 8 | msg[2];
int hvers;
/* avoid overlapping with length at the end of buffer */
if (msglen < (SSL_IS_DTLS(ssl) ? 13 : 5)) {
BIO_puts(bio, write_p ? "Sent" : "Received");
ssl_print_hex(bio, 0, " too short message", msg, msglen);
break;
}
hvers = msg[1] << 8 | msg[2];
BIO_puts(bio, write_p ? "Sent" : "Received");
BIO_printf(bio, " Record\nHeader:\n Version = %s (0x%x)\n",
ssl_trace_str(hvers, ssl_version_tbl), hvers);