diff options
| author | Bodo Moeller <bodo@openssl.org> | 2014-10-15 04:04:55 +0200 |
|---|---|---|
| committer | Bodo Moeller <bodo@openssl.org> | 2014-10-15 04:04:55 +0200 |
| commit | a46c705214004358c8e7b1b5c3eb1c45615d3b21 (patch) | |
| tree | 7af6623db9e229b55dedf2c7f7d809891e64664f | |
| parent | dc7bca8bccbfe31d28a2be5e0ae8f220de8b5109 (diff) | |
Support TLS_FALLBACK_SCSV.
Reviewed-by: Rich Salz <rsalz@openssl.org>
| -rw-r--r-- | CHANGES | 6 | ||||
| -rw-r--r-- | Makefile.org | 686 | ||||
| -rw-r--r-- | apps/s_client.c | 10 | ||||
| -rw-r--r-- | crypto/err/openssl.ec | 1 | ||||
| -rw-r--r-- | ssl/d1_lib.c | 19 | ||||
| -rw-r--r-- | ssl/dtls1.h | 6 | ||||
| -rw-r--r-- | ssl/s23_clnt.c | 3 | ||||
| -rw-r--r-- | ssl/s23_srvr.c | 3 | ||||
| -rw-r--r-- | ssl/s2_lib.c | 4 | ||||
| -rw-r--r-- | ssl/s3_enc.c | 2 | ||||
| -rw-r--r-- | ssl/s3_lib.c | 28 | ||||
| -rw-r--r-- | ssl/ssl.h | 10 | ||||
| -rw-r--r-- | ssl/ssl3.h | 7 | ||||
| -rw-r--r-- | ssl/ssl_err.c | 2 | ||||
| -rw-r--r-- | ssl/ssl_lib.c | 63 | ||||
| -rw-r--r-- | ssl/t1_enc.c | 1 | ||||
| -rw-r--r-- | ssl/tls1.h | 15 |
17 files changed, 152 insertions, 714 deletions
@@ -4,6 +4,12 @@ Changes between 1.0.1i and 1.0.2 [xx XXX xxxx] + *) Add support for TLS_FALLBACK_SCSV. + Client applications doing fallback retries should call + SSL_set_mode(s, SSL_MODE_SEND_FALLBACK_SCSV). + (CVE-2014-3566) + [Adam Langley, Bodo Moeller] + *) Accelerated NIST P-256 elliptic curve implementation for x86_64 (other platforms pending). [Shay Gueron (Intel Corp), Andy Polyakov] diff --git a/Makefile.org b/Makefile.org deleted file mode 100644 index b7a3f96c9f..0000000000 --- a/Makefile.org +++ /dev/null @@ -1,686 +0,0 @@ -## -## Makefile for OpenSSL -## - -VERSION= -MAJOR= -MINOR= -SHLIB_VERSION_NUMBER= -SHLIB_VERSION_HISTORY= -SHLIB_MAJOR= -SHLIB_MINOR= -SHLIB_EXT= -PLATFORM=dist -OPTIONS= -CONFIGURE_ARGS= -SHLIB_TARGET= - -# HERE indicates where this Makefile lives. This can be used to indicate -# where sub-Makefiles are expected to be. Currently has very limited usage, -# and should probably not be bothered with at all. -HERE=. - -# INSTALL_PREFIX is for package builders so that they can configure -# for, say, /usr/ and yet have everything installed to /tmp/somedir/usr/. -# Normally it is left empty. -INSTALL_PREFIX= -INSTALLTOP=/usr/local/ssl - -# Do not edit this manually. Use Configure --openssldir=DIR do change this! -OPENSSLDIR=/usr/local/ssl - -# NO_IDEA - Define to build without the IDEA algorithm -# NO_RC4 - Define to build without the RC4 algorithm -# NO_RC2 - Define to build without the RC2 algorithm -# THREADS - Define when building with threads, you will probably also need any -# system defines as well, i.e. _REENTERANT for Solaris 2.[34] -# TERMIO - Define the termio terminal subsystem, needed if sgtty is missing. -# TERMIOS - Define the termios terminal subsystem, Silicon Graphics. -# LONGCRYPT - Define to use HPUX 10.x's long password modification to crypt(3). -# DEVRANDOM - Give this the value of the 'random device' if your OS supports -# one. 32 bytes will be read from this when the random -# number generator is initalised. -# SSL_FORBID_ENULL - define if you want the server to be not able to use the -# NULL encryption ciphers. -# -# LOCK_DEBUG - turns on lots of lock debug output :-) -# REF_CHECK - turn on some xyz_free() assertions. -# REF_PRINT - prints some stuff on structure free. -# CRYPTO_MDEBUG - turns on my 'memory leak' detecting stuff -# MFUNC - Make all Malloc/Free/Realloc calls call -# CRYPTO_malloc/CRYPTO_free/CRYPTO_realloc which can be setup to -# call application defined callbacks via CRYPTO_set_mem_functions() -# MD5_ASM needs to be defined to use the x86 assembler for MD5 -# SHA1_ASM needs to be defined to use the x86 assembler for SHA1 -# RMD160_ASM needs to be defined to use the x86 assembler for RIPEMD160 -# Do not define B_ENDIAN or L_ENDIAN if 'unsigned long' == 8. It must -# equal 4. -# PKCS1_CHECK - pkcs1 tests. - -CC= cc -CFLAG= -O -DEPFLAG= -PEX_LIBS= -EX_LIBS= -EXE_EXT= -ARFLAGS= -AR=ar $(ARFLAGS) r -RANLIB= ranlib -NM= nm -PERL= perl -TAR= tar -TARFLAGS= --no-recursion -MAKEDEPPROG=makedepend -LIBDIR=lib - -# We let the C compiler driver to take care of .s files. This is done in -# order to be excused from maintaining a separate set of architecture -# dependent assembler flags. E.g. if you throw -mcpu=ultrasparc at SPARC -# gcc, then the driver will automatically translate it to -xarch=v8plus -# and pass it down to assembler. -AS=$(CC) -c -ASFLAG=$(CFLAG) - -# For x86 assembler: Set PROCESSOR to 386 if you want to support -# the 80386. -PROCESSOR= - -# CPUID module collects small commonly used assembler snippets -CPUID_OBJ= -BN_ASM= bn_asm.o -EC_ASM= -DES_ENC= des_enc.o fcrypt_b.o -AES_ENC= aes_core.o aes_cbc.o -BF_ENC= bf_enc.o -CAST_ENC= c_enc.o -RC4_ENC= rc4_enc.o -RC5_ENC= rc5_enc.o -MD5_ASM_OBJ= -SHA1_ASM_OBJ= -RMD160_ASM_OBJ= -WP_ASM_OBJ= -CMLL_ENC= -MODES_ASM_OBJ= -ENGINES_ASM_OBJ= -PERLASM_SCHEME= - -# KRB5 stuff -KRB5_INCLUDES= -LIBKRB5= - -# Zlib stuff -ZLIB_INCLUDE= -LIBZLIB= - -# TOP level FIPS install directory. -FIPSDIR= - -# This is the location of fipscanister.o and friends. -# The FIPS module build will place it $(INSTALLTOP)/lib -# but since $(INSTALLTOP) can only take the default value -# when the module is built it will be in /usr/local/ssl/lib -# $(INSTALLTOP) for this build may be different so hard -# code the path. - -FIPSLIBDIR= - -# The location of the library which contains fipscanister.o -# normally it will be libcrypto unless fipsdso is set in which -# case it will be libfips. If not compiling in FIPS mode at all -# this is empty making it a useful test for a FIPS compile. - -FIPSCANLIB= - -# Shared library base address. Currently only used on Windows. -# - -BASEADDR= - -DIRS= crypto ssl engines apps test tools -ENGDIRS= ccgost -SHLIBDIRS= crypto ssl - -# dirs in crypto to build -SDIRS= \ - objects \ - md2 md4 md5 sha mdc2 hmac ripemd whrlpool \ - des aes rc2 rc4 rc5 idea bf cast camellia seed modes \ - bn ec rsa dsa ecdsa dh ecdh dso engine \ - buffer bio stack lhash rand err \ - evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 \ - cms pqueue ts jpake srp store cmac -# keep in mind that the above list is adjusted by ./Configure -# according to no-xxx arguments... - -# tests to perform. "alltests" is a special word indicating that all tests -# should be performed. -TESTS = alltests - -MAKEFILE= Makefile - -MANDIR=$(OPENSSLDIR)/man -MAN1=1 -MAN3=3 -MANSUFFIX= -HTMLSUFFIX=html -HTMLDIR=$(OPENSSLDIR)/html -SHELL=/bin/sh - -TOP= . -ONEDIRS=out tmp -EDIRS= times doc bugs util include certs ms shlib mt demos perl sf dep VMS -WDIRS= windows -LIBS= libcrypto.a libssl.a -SHARED_CRYPTO=libcrypto$(SHLIB_EXT) -SHARED_SSL=libssl$(SHLIB_EXT) -SHARED_LIBS= -SHARED_LIBS_LINK_EXTS= -SHARED_LDFLAGS= - -GENERAL= Makefile -BASENAME= openssl -NAME= $(BASENAME)-$(VERSION) -TARFILE= $(NAME).tar -WTARFILE= $(NAME)-win.tar -EXHEADER= e_os2.h -HEADER= e_os.h - -all: Makefile build_all openssl.pc libssl.pc libcrypto.pc - -# as we stick to -e, CLEARENV ensures that local variables in lower -# Makefiles remain local and variable. $${VAR+VAR} is tribute to Korn -# shell, which [annoyingly enough] terminates unset with error if VAR -# is not present:-( TOP= && unset TOP is tribute to HP-UX /bin/sh, -# which terminates unset with error if no variable was present:-( -CLEARENV= TOP= && unset TOP $${LIB+LIB} $${LIBS+LIBS} \ - $${INCLUDE+INCLUDE} $${INCLUDES+INCLUDES} \ - $${DIR+DIR} $${DIRS+DIRS} $${SRC+SRC} \ - $${LIBSRC+LIBSRC} $${LIBOBJ+LIBOBJ} $${ALL+ALL} \ - $${EXHEADER+EXHEADER} $${HEADER+HEADER} \ - $${GENERAL+GENERAL} $${CFLAGS+CFLAGS} \ - $${ASFLAGS+ASFLAGS} $${AFLAGS+AFLAGS} \ - $${LDCMD+LDCMD} $${LDFLAGS+LDFLAGS} $${SCRIPTS+SCRIPTS} \ - $${SHAREDCMD+SHAREDCMD} $${SHAREDFLAGS+SHAREDFLAGS} \ - $${SHARED_LIB+SHARED_LIB} $${LIBEXTRAS+LIBEXTRAS} - -BUILDENV= PLATFORM='$(PLATFORM)' PROCESSOR='$(PROCESSOR)' \ - CC='$(CC)' CFLAG='$(CFLAG)' \ - AS='$(CC)' ASFLAG='$(CFLAG) -c' \ - AR='$(AR)' NM='$(NM)' RANLIB='$(RANLIB)' \ - CROSS_COMPILE='$(CROSS_COMPILE)' \ - PERL='$(PERL)' ENGDIRS='$(ENGDIRS)' \ - SDIRS='$(SDIRS)' LIBRPATH='$(INSTALLTOP)/$(LIBDIR)' \ - INSTALL_PREFIX='$(INSTALL_PREFIX)' \ - INSTALLTOP='$(INSTALLTOP)' OPENSSLDIR='$(OPENSSLDIR)' \ - LIBDIR='$(LIBDIR)' \ - MAKEDEPEND='$$$${TOP}/util/domd $$$${TOP} -MD $(MAKEDEPPROG)' \ - DEPFLAG='-DOPENSSL_NO_DEPRECATED $(DEPFLAG)' \ - MAKEDEPPROG='$(MAKEDEPPROG)' \ - SHARED_LDFLAGS='$(SHARED_LDFLAGS)' \ - KRB5_INCLUDES='$(KRB5_INCLUDES)' LIBKRB5='$(LIBKRB5)' \ - ZLIB_INCLUDE='$(ZLIB_INCLUDE)' LIBZLIB='$(LIBZLIB)' \ - EXE_EXT='$(EXE_EXT)' SHARED_LIBS='$(SHARED_LIBS)' \ - SHLIB_EXT='$(SHLIB_EXT)' SHLIB_TARGET='$(SHLIB_TARGET)' \ - PEX_LIBS='$(PEX_LIBS)' EX_LIBS='$(EX_LIBS)' \ - CPUID_OBJ='$(CPUID_OBJ)' BN_ASM='$(BN_ASM)' \ - EC_ASM='$(EC_ASM)' DES_ENC='$(DES_ENC)' \ - AES_ENC='$(AES_ENC)' CMLL_ENC='$(CMLL_ENC)' \ - BF_ENC='$(BF_ENC)' CAST_ENC='$(CAST_ENC)' \ - RC4_ENC='$(RC4_ENC)' RC5_ENC='$(RC5_ENC)' \ - SHA1_ASM_OBJ='$(SHA1_ASM_OBJ)' \ - MD5_ASM_OBJ='$(MD5_ASM_OBJ)' \ - RMD160_ASM_OBJ='$(RMD160_ASM_OBJ)' \ - WP_ASM_OBJ='$(WP_ASM_OBJ)' \ - MODES_ASM_OBJ='$(MODES_ASM_OBJ)' \ - ENGINES_ASM_OBJ='$(ENGINES_ASM_OBJ)' \ - PERLASM_SCHEME='$(PERLASM_SCHEME)' \ - FIPSLIBDIR='${FIPSLIBDIR}' \ - FIPSDIR='${FIPSDIR}' \ - FIPSCANLIB="$${FIPSCANLIB:-$(FIPSCANLIB)}" \ - THIS=$${THIS:-$@} MAKEFILE=Makefile MAKEOVERRIDES= -# MAKEOVERRIDES= effectively "equalizes" GNU-ish and SysV-ish make flavors, -# which in turn eliminates ambiguities in variable treatment with -e. - -# BUILD_CMD is a generic macro to build a given target in a given -# subdirectory. The target must be given through the shell variable -# `target' and the subdirectory to build in must be given through `dir'. -# This macro shouldn't be used directly, use RECURSIVE_BUILD_CMD or -# BUILD_ONE_CMD instead. -# -# BUILD_ONE_CMD is a macro to build a given target in a given -# subdirectory if that subdirectory is part of $(DIRS). It requires -# exactly the same shell variables as BUILD_CMD. -# -# RECURSIVE_BUILD_CMD is a macro to build a given target in all -# subdirectories defined in $(DIRS). It requires that the target -# is given through the shell variable `target'. -BUILD_CMD= if [ -d "$$dir" ]; then \ - ( cd $$dir && echo "making $$target in $$dir..." && \ - $(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. DIR=$$dir $$target \ - ) || exit 1; \ - fi -RECURSIVE_BUILD_CMD=for dir in $(DIRS); do $(BUILD_CMD); done -BUILD_ONE_CMD=\ - if expr " $(DIRS) " : ".* $$dir " >/dev/null 2>&1; then \ - $(BUILD_CMD); \ - fi - -reflect: - @[ -n "$(THIS)" ] && $(CLEARENV) && $(MAKE) $(THIS) -e $(BUILDENV) - -sub_all: build_all -build_all: build_libs build_apps build_tests build_tools - -build_libs: build_crypto build_ssl build_engines - -build_crypto: - @dir=crypto; target=all; $(BUILD_ONE_CMD) -build_ssl: - @dir=ssl; target=all; $(BUILD_ONE_CMD) -build_engines: - @dir=engines; target=all; $(BUILD_ONE_CMD) -build_apps: - @dir=apps; target=all; $(BUILD_ONE_CMD) -build_tests: - @dir=test; target=all; $(BUILD_ONE_CMD) -build_tools: - @dir=tools; target=all; $(BUILD_ONE_CMD) - -all_testapps: build_libs build_testapps -build_testapps: - @dir=crypto; target=testapps; $(BUILD_ONE_CMD) - -fips_premain_dso$(EXE_EXT): libcrypto.a - [ -z "$(FIPSCANLIB)" ] || $(CC) $(CFLAG) -Iinclude \ - -DFINGERPRINT_PREMAIN_DSO_LOAD -o $@ \ - $(FIPSLIBDIR)fips_premain.c $(FIPSLIBDIR)fipscanister.o \ - libcrypto.a $(EX_LIBS) - -libcrypto$(SHLIB_EXT): libcrypto.a fips_premain_dso$(EXE_EXT) - @if [ "$(SHLIB_TARGET)" != "" ]; then \ - if [ "$(FIPSCANLIB)" = "libcrypto" ]; then \ - FIPSLD_LIBCRYPTO=libcrypto.a ; \ - FIPSLD_CC="$(CC)"; CC=$(FIPSDIR)/bin/fipsld; \ - export CC FIPSLD_CC FIPSLD_LIBCRYPTO; \ - fi; \ - $(MAKE) -e SHLIBDIRS=crypto CC="$${CC:-$(CC)}" build-shared && \ - (touch -c fips_premain_dso$(EXE_EXT) || :); \ - else \ - echo "There's no support for shared libraries on this platform" >&2; \ - exit 1; \ - fi - -libssl$(SHLIB_EXT): libcrypto$(SHLIB_EXT) libssl.a - @if [ "$(SHLIB_TARGET)" != "" ]; then \ - $(MAKE) SHLIBDIRS=ssl SHLIBDEPS='-lcrypto' build-shared; \ - else \ - echo "There's no support for shared libraries on this platform" >&2; \ - exit 1; \ - fi - -clean-shared: - @set -e; for i in $(SHLIBDIRS); do \ - if [ -n "$(SHARED_LIBS_LINK_EXTS)" ]; then \ - tmp="$(SHARED_LIBS_LINK_EXTS)"; \ - for j in $${tmp:-x}; do \ - ( set -x; rm -f lib$$i$$j ); \ - done; \ - fi; \ - ( set -x; rm -f lib$$i$(SHLIB_EXT) ); \ - if expr "$(PLATFORM)" : "Cygwin" >/dev/null; then \ - ( set -x; rm -f cyg$$i$(SHLIB_EXT) lib$$i$(SHLIB_EXT).a ); \ - fi; \ - done - -link-shared: - @ set -e; for i in $(SHLIBDIRS); do \ - $(MAKE) -f $(HERE)/Makefile.shared -e $(BUILDENV) \ - LIBNAME=$$i LIBVERSION=$(SHLIB_MAJOR).$(SHLIB_MINOR) \ - LIBCOMPATVERSIONS=";$(SHLIB_VERSION_HISTORY)" \ - symlink.$(SHLIB_TARGET); \ - libs="$$libs -l$$i"; \ - done - -build-shared: do_$(SHLIB_TARGET) link-shared - -do_$(SHLIB_TARGET): - @ set -e; libs='-L. $(SHLIBDEPS)'; for i in $(SHLIBDIRS); do \ - if [ "$$i" = "ssl" -a -n "$(LIBKRB5)" ]; then \ - libs="$(LIBKRB5) $$libs"; \ - fi; \ - $(CLEARENV) && $(MAKE) -f Makefile.shared -e $(BUILDENV) \ - LIBNAME=$$i LIBVERSION=$(SHLIB_MAJOR).$(SHLIB_MINOR) \ - LIBCOMPATVERSIONS=";$(SHLIB_VERSION_HISTORY)" \ - LIBDEPS="$$libs $(EX_LIBS)" \ - link_a.$(SHLIB_TARGET); \ - libs="-l$$i $$libs"; \ - done - -libcrypto.pc: Makefile - @ ( echo 'prefix=$(INSTALLTOP)'; \ - echo 'exec_prefix=$${prefix}'; \ - echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \ - echo 'includedir=$${prefix}/include'; \ - echo ''; \ - echo 'Name: OpenSSL-libcrypto'; \ - echo 'Description: OpenSSL cryptography library'; \ - echo 'Version: '$(VERSION); \ - echo 'Requires: '; \ - echo 'Libs: -L$${libdir} -lcrypto'; \ - echo 'Libs.private: $(EX_LIBS)'; \ - echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > libcrypto.pc - -libssl.pc: Makefile - @ ( echo 'prefix=$(INSTALLTOP)'; \ - echo 'exec_prefix=$${prefix}'; \ - echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \ - echo 'includedir=$${prefix}/include'; \ - echo ''; \ - echo 'Name: OpenSSL-libssl'; \ - echo 'Description: Secure Sockets Layer and cryptography libraries'; \ - echo 'Version: '$(VERSION); \ - echo 'Requires.private: libcrypto'; \ - echo 'Libs: -L$${libdir} -lssl'; \ - echo 'Libs.private: $(EX_LIBS)'; \ - echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > libssl.pc - -openssl.pc: Makefile - @ ( echo 'prefix=$(INSTALLTOP)'; \ - echo 'exec_prefix=$${prefix}'; \ - echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \ - echo 'includedir=$${prefix}/include'; \ - echo ''; \ - echo 'Name: OpenSSL'; \ - echo 'Description: Secure Sockets Layer and cryptography libraries and tools'; \ - echo 'Version: '$(VERSION); \ - echo 'Requires: libssl libcrypto' ) > openssl.pc - -Makefile: Makefile.org Configure config - @echo "Makefile is older than Makefile.org, Configure or config." - @echo "Reconfigure the source tree (via './config' or 'perl Configure'), please." - @false - -libclean: - rm -f *.map *.so *.so.* *.dylib *.dll engines/*.so engines/*.dll engines/*.dylib *.a engines/*.a */lib */*/lib - -clean: libclean - rm -f shlib/*.o *.o core a.out fluff rehash.time testlog make.log cctest cctest.c - @set -e; target=clean; $(RECURSIVE_BUILD_CMD) - rm -f $(LIBS) - rm -f openssl.pc libssl.pc libcrypto.pc - rm -f speed.* .pure - rm -f $(TARFILE) - @set -e; for i in $(ONEDIRS) ;\ - do \ - rm -fr $$i/*; \ - done - -makefile.one: files - $(PERL) util/mk1mf.pl >makefile.one; \ - sh util/do_ms.sh - -files: - $(PERL) $(TOP)/util/files.pl Makefile > $(TOP)/MINFO - @set -e; target=files; $(RECURSIVE_BUILD_CMD) - -links: - @$(PERL) $(TOP)/util/mkdir-p.pl include/openssl - @$(PERL) $(TOP)/util/mklink.pl include/openssl $(EXHEADER) - @set -e; target=links; $(RECURSIVE_BUILD_CMD) - -gentests: - @(cd test && echo "generating dummy tests (if needed)..." && \ - $(CLEARENV) && $(MAKE) -e $(BUILDENV) TESTS='$(TESTS)' OPENSSL_DEBUG_MEMORY=on generate ); - -dclean: - rm -rf *.bak include/openssl certs/.0 - @set -e; target=dclean; $(RECURSIVE_BUILD_CMD) - -rehash: rehash.time -rehash.time: certs apps - @if [ -z "$(CROSS_COMPILE)" ]; then \ - (OPENSSL="`pwd`/util/opensslwrap.sh"; \ - [ -x "apps/openssl.exe" ] && OPENSSL="apps/openssl.exe" || :; \ - OPENSSL_DEBUG_MEMORY=on; \ - export OPENSSL OPENSSL_DEBUG_MEMORY; \ - $(PERL) tools/c_rehash certs/demo) && \ - touch rehash.time; \ - else :; fi - -test: tests - -tests: rehash - @(cd test && echo "testing..." && \ - $(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. TESTS='$(TESTS)' OPENSSL_DEBUG_MEMORY=on OPENSSL_CONF=../apps/openssl.cnf tests ); - OPENSSL_CONF=apps/openssl.cnf util/opensslwrap.sh version -a - -report: - @$(PERL) util/selftest.pl - -depend: - @set -e; target=depend; $(RECURSIVE_BUILD_CMD) - -lint: - @set -e; target=lint; $(RECURSIVE_BUILD_CMD) - -tags: - rm -f TAGS - find . -name '[^.]*.[ch]' | xargs etags -a - -errors: - $(PERL) util/ck_errf.pl -strict */*.c */*/*.c - $(PERL) util/mkerr.pl -recurse -write - (cd engines; $(MAKE) PERL=$(PERL) errors) - -stacks: - $(PERL) util/mkstack.pl -write - -util/libeay.num:: - $(PERL) util/mkdef.pl crypto update - -util/ssleay.num:: - $(PERL) util/mkdef.pl ssl update - -crypto/objects/obj_dat.h: crypto/objects/obj_dat.pl crypto/objects/obj_mac.h - $(PERL) crypto/objects/obj_dat.pl crypto/objects/obj_mac.h crypto/objects/obj_dat.h -crypto/objects/obj_mac.h: crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num - $(PERL) crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num crypto/objects/obj_mac.h -crypto/objects/obj_xref.h: crypto/objects/objxref.pl crypto/objects/obj_xref.txt crypto/objects/obj_mac.num - $(PERL) crypto/objects/objxref.pl crypto/objects/obj_mac.num crypto/objects/obj_xref.txt >crypto/objects/obj_xref.h - -apps/openssl-vms.cnf: apps/openssl.cnf - $(PERL) VMS/VMSify-conf.pl < apps/openssl.cnf > apps/openssl-vms.cnf - -crypto/bn/bn_prime.h: crypto/bn/bn_prime.pl - $(PERL) crypto/bn/bn_prime.pl >crypto/bn/bn_prime.h - - -TABLE: Configure - (echo 'Output of `Configure TABLE'"':"; \ - $(PERL) Configure TABLE) > TABLE - -update: errors stacks util/libeay.num util/ssleay.num crypto/objects/obj_dat.h crypto/objects/obj_xref.h apps/openssl-vms.cnf crypto/bn/bn_prime.h TABLE depend - -# Build distribution tar-file. As the list of files returned by "find" is -# pretty long, on several platforms a "too many arguments" error or similar -# would occur. Therefore the list of files is temporarily stored into a file -# and read directly, requiring GNU-Tar. Call "make TAR=gtar dist" if the normal -# tar does not support the --files-from option. -tar: - find . -type d -print | xargs chmod 755 - find . -type f -print | xargs chmod a+r - find . -type f -perm -0100 -print | xargs chmod a+x - find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE | sort > ../$(TARFILE).list; \ - $(TAR) $(TARFLAGS) --files-from ../$(TARFILE).list -cvf - | \ - tardy --user_number=0 --user_name=openssl \ - --group_number=0 --group_name=openssl \ - --prefix=openssl-$(VERSION) - |\ - gzip --best >../$(TARFILE).gz; \ - rm -f ../$(TARFILE).list; \ - ls -l ../$(TARFILE).gz - -tar-snap: - @$(TAR) $(TARFLAGS) -cvf - \ - `find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE \! -name '*.o' \! -name '*.a' \! -name '*.so' \! -name '*.so.*' \! -name 'openssl' \! -name '*test' \! -name '.#*' \! -name '*~' | sort` |\ - tardy --user_number=0 --user_name=openssl \ - --group_number=0 --group_name=openssl \ - --prefix=openssl-$(VERSION) - > ../$(TARFILE);\ - ls -l ../$(TARFILE) - -dist: - $(PERL) Configure dist - @$(MAKE) dist_pem_h - @$(MAKE) SDIRS='$(SDIRS)' clean - @$(MAKE) TAR='$(TAR)' TARFLAGS='$(TARFLAGS)' tar - -dist_pem_h: - (cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean) - -install: all install_docs install_sw - -install_sw: - @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \ - $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \ - $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines \ - $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig \ - $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl \ - $(INSTALL_PREFIX)$(OPENSSLDIR)/misc \ - $(INSTALL_PREFIX)$(OPENSSLDIR)/certs \ - $(INSTALL_PREFIX)$(OPENSSLDIR)/private - @set -e; headerlist="$(EXHEADER)"; for i in $$headerlist;\ - do \ - (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ - chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ - done; - @set -e; target=install; $(RECURSIVE_BUILD_CMD) - @set -e; liblist="$(LIBS)"; for i in $$liblist ;\ - do \ - if [ -f "$$i" ]; then \ - ( echo installing $$i; \ - cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \ - $(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \ - chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \ - mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i ); \ - fi; \ - done; - @set -e; if [ -n "$(SHARED_LIBS)" ]; then \ - tmp="$(SHARED_LIBS)"; \ - for i in $${tmp:-x}; \ - do \ - if [ -f "$$i" -o -f "$$i.a" ]; then \ - ( echo installing $$i; \ - if expr "$(PLATFORM)" : "Cygwin" >/dev/null; then \ - c=`echo $$i | sed 's/^lib\(.*\)\.dll\.a/cyg\1-$(SHLIB_VERSION_NUMBER).dll/'`; \ - cp $$c $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \ - chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \ - mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \ - cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \ - chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \ - mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i; \ - else \ - cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \ - chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \ - mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i; \ - fi ); \ - if expr $(PLATFORM) : 'mingw' > /dev/null; then \ - ( case $$i in \ - *crypto*) i=libeay32.dll;; \ - *ssl*) i=ssleay32.dll;; \ - esac; \ - echo installing $$i; \ - cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \ - chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \ - mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i ); \ - fi; \ - fi; \ - done; \ - ( here="`pwd`"; \ - cd $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR); \ - $(MAKE) -f $$here/Makefile HERE="$$here" link-shared ); \ - if [ "$(INSTALLTOP)" != "/usr" ]; then \ - echo 'OpenSSL shared libraries have been installed in:'; \ - echo ' $(INSTALLTOP)'; \ - echo ''; \ - sed -e '1,/^$$/d' doc/openssl-shared.txt; \ - fi; \ - fi - cp libcrypto.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig - chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/libcrypto.pc - cp libssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig - chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/libssl.pc - cp openssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig - chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/openssl.pc - -install_html_docs: - here="`pwd`"; \ - filecase=; \ - case "$(PLATFORM)" in DJGPP|Cygwin*|mingw*|darwin*-*-cc) \ - filecase=-i; \ - esac; \ - for subdir in apps crypto ssl; do \ - mkdir -p $(INSTALL_PREFIX)$(HTMLDIR)/$$subdir; \ - for i in doc/$$subdir/*.pod; do \ - fn=`basename $$i .pod`; \ - echo "installing html/$$fn.$(HTMLSUFFIX)"; \ - cat $$i \ - | sed -r 's/L<([^)]*)(\([0-9]\))?\|([^)]*)(\([0-9]\))?>/L<\1|\3>/g' \ - | pod2html --podroot=doc --htmlroot=.. --podpath=apps:crypto:ssl \ - | sed -r 's/<!DOCTYPE.*//g' \ - > $(INSTALL_PREFIX)$(HTMLDIR)/$$subdir/$$fn.$(HTMLSUFFIX); \ - $(PERL) util/extract-names.pl < $$i | \ - grep -v $$filecase "^$$fn\$$" | \ - (cd $(INSTALL_PREFIX)$(HTMLDIR)/$$subdir; \ - while read n; do \ - PLATFORM=$(PLATFORM) $$here/util/point.sh $$fn.$(HTMLSUFFIX) "$$n".$(HTMLSUFFIX); \ - done); \ - done; \ - done - -install_docs: - @$(PERL) $(TOP)/util/mkdir-p.pl \ - $(INSTALL_PREFIX)$(MANDIR)/man1 \ - $(INSTALL_PREFIX)$(MANDIR)/man3 \ - $(INSTALL_PREFIX)$(MANDIR)/man5 \ - $(INSTALL_PREFIX)$(MANDIR)/man7 - @pod2man="`cd ./util; ./pod2mantest $(PERL)`"; \ - here="`pwd`"; \ - filecase=; \ - case "$(PLATFORM)" in DJGPP|Cygwin*|mingw*|darwin*-*-cc) \ - filecase=-i; \ - esac; \ - set -e; for i in doc/apps/*.pod; do \ - fn=`basename $$i .pod`; \ - sec=`$(PERL) util/extract-section.pl 1 < $$i`; \ - echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \ - (cd `$(PERL) util/dirname.pl $$i`; \ - sh -c "$$pod2man \ - --section=$$sec --center=OpenSSL \ - --release=$(VERSION) `basename $$i`") \ - > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \ - $(PERL) util/extract-names.pl < $$i | \ - (grep -v $$filecase "^$$fn\$$"; true) | \ - (grep -v "[ ]"; true) | \ - (cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \ - while read n; do \ - PLATFORM=$(PLATFORM) $$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \ - done); \ - done; \ - set -e; for i in doc/crypto/*.pod doc/ssl/*.pod; do \ - fn=`basename $$i .pod`; \ - sec=`$(PERL) util/extract-section.pl 3 < $$i`; \ - echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \ - (cd `$(PERL) util/dirname.pl $$i`; \ - sh -c "$$pod2man \ - --section=$$sec --center=OpenSSL \ - --release=$(VERSION) `basename $$i`") \ - > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \ - $(PERL) util/extract-names.pl < $$i | \ - (grep -v $$filecase "^$$fn\$$"; true) | \ - (grep -v "[ ]"; true) | \ - (cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \ - while read n; do \ - PLATFORM=$(PLATFORM) $$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \ - done); \ - done - -# DO NOT DELETE THIS LINE -- make depend depends on it. diff --git a/apps/s_client.c b/apps/s_client.c index ffd3a4b50f..80ee42aea6 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -343,6 +343,7 @@ static void sc_usage(void) BIO_printf(bio_err," -tls1_1 - just use TLSv1.1\n"); BIO_printf(bio_err," -tls1 - just use TLSv1\n"); BIO_printf(bio_err," -dtls1 - just use DTLSv1\n"); + BIO_printf(bio_err," -fallback_scsv - send TLS_FALLBACK_SCSV\n"); BIO_printf(bio_err," -mtu - set the link layer MTU\n"); BIO_printf(bio_err," -no_tls1_2/-no_tls1_1/-no_tls1/-no_ssl3/-no_ssl2 - turn off that protocol\n"); BIO_printf(bio_err," -bugs - Switch on all SSL implementation bug workarounds\n"); @@ -649,6 +650,7 @@ int MAIN(int argc, char **argv) char *sess_out = NULL; struct sockaddr peer; int peerlen = sizeof(peer); + int fallback_scsv = 0; int enable_timeouts = 0 ; long socket_mtu = 0; #ifndef OPENSSL_NO_JPAKE @@ -925,6 +927,10 @@ static char *jpake_secret = NULL; meth=DTLSv1_2_client_method(); socket_type=SOCK_DGRAM; } + else if (strcmp(*argv,"-fallback_scsv") == 0) + { + fallback_scsv = 1; + } else if (strcmp(*argv,"-timeout") == 0) enable_timeouts=1; else if (strcmp(*argv,"-mtu") == 0) @@ -1415,6 +1421,10 @@ bad: SSL_set_session(con, sess); SSL_SESSION_free(sess); } + + if (fallback_scsv) + SSL_set_mode(con, SSL_MODE_SEND_FALLBACK_SCSV); + #ifndef OPENSSL_NO_TLSEXT if (servername != NULL) { diff --git a/crypto/err/openssl.ec b/crypto/err/openssl.ec index 4cb24df5d1..4b57b9934c 100644 --- a/crypto/err/openssl.ec +++ b/crypto/err/openssl.ec @@ -72,6 +72,7 @@ R SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION 1060 R SSL_R_TLSV1_ALERT_PROTOCOL_VERSION 1070 R SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY 1071 R SSL_R_TLSV1_ALERT_INTERNAL_ERROR 1080 +R SSL_R_SSLV3_ALERT_INAPPROPRIATE_FALLBACK 1086 R SSL_R_TLSV1_ALERT_USER_CANCELLED 1090 R SSL_R_TLSV1_ALERT_NO_RENEGOTIATION 1100 R SSL_R_TLSV1_UNSUPPORTED_EXTENSION 1110 diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c index 7d9d91ff2c..25c58a8af9 100644 --- a/ssl/d1_lib.c +++ b/ssl/d1_lib.c @@ -294,6 +294,25 @@ long dtls1_ctrl(SSL *s, int cmd, long larg, void *parg) case DTLS_CTRL_LISTEN: ret = dtls1_listen(s, parg); break; + case SSL_CTRL_CHECK_PROTO_VERSION: + /* For library-internal use; checks that the current protocol + * is the highest enabled version (according to s->ctx->method, + * as version negotiation may have changed s->method). */ + if (s->version == s->ctx->method->version) + return 1; + /* Apparently we're using a version-flexible SSL_METHOD + * (not at its highest protocol version). */ + if (s->ctx->method->version == DTLS_method()->version) + { +#if DTLS_MAX_VERSION != DTLS1_2_VERSION +# error Code needs update for DTLS_method() support beyond DTLS1_2_VERSION. +#endif + if (!(s->options & SSL_OP_NO_DTLSv1_2)) + return s->version == DTLS1_2_VERSION; + if (!(s->options & SSL_OP_NO_DTLSv1)) + return s->version == DTLS1_VERSION; + } + return 0; /* Unexpected state; fail closed. */ default: ret = ssl3_ctrl(s, cmd, larg, parg); diff --git a/ssl/dtls1.h b/ssl/dtls1.h index c6edbe39f9..5cb79f1dac 100644 --- a/ssl/dtls1.h +++ b/ssl/dtls1.h @@ -84,8 +84,11 @@ extern "C" { #endif #define DTLS1_VERSION 0xFEFF -#define DTLS1_BAD_VER 0x0100 #define DTLS1_2_VERSION 0xFEFD +#define DTLS_MAX_VERSION DTLS1_2_VERSION + +#define DTLS1_BAD_VER 0x0100 + /* Special value for method supporting multiple versions */ #define DTLS_ANY_VERSION 0x1FFFF @@ -287,4 +290,3 @@ typedef struct dtls1_record_data_st } #endif #endif - diff --git a/ssl/s23_clnt.c b/ssl/s23_clnt.c index 5177f060c2..ca6dcd343c 100644 --- a/ssl/s23_clnt.c +++ b/ssl/s23_clnt.c @@ -748,6 +748,9 @@ static int ssl23_get_server_hello(SSL *s) goto err; } + /* ensure that TLS_MAX_VERSION is up-to-date */ + OPENSSL_assert(s->version <= TLS_MAX_VERSION); + if (p[0] == SSL3_RT_ALERT && p[5] != SSL3_AL_WARNING) { /* fatal alert */ diff --git a/ssl/s23_srvr.c b/ssl/s23_srvr.c index 75d814250b..6e0746691c 100644 --- a/ssl/s23_srvr.c +++ b/ssl/s23_srvr.c @@ -421,6 +421,9 @@ int ssl23_get_client_hello(SSL *s) } } + /* ensure that TLS_MAX_VERSION is up-to-date */ + OPENSSL_assert(s->version <= TLS_MAX_VERSION); + if (s->version < TLS1_2_VERSION && tls1_suiteb(s)) { SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, diff --git a/ssl/s2_lib.c b/ssl/s2_lib.c index 41ae4e8abb..41818dc6e8 100644 --- a/ssl/s2_lib.c +++ b/ssl/s2_lib.c @@ -391,6 +391,8 @@ long ssl2_ctrl(SSL *s, int cmd, long larg, void *parg) case SSL_CTRL_GET_SESSION_REUSED: ret=s->hit; break; + case SSL_CTRL_CHECK_PROTO_VERSION: + return ssl3_ctrl(s, SSL_CTRL_CHECK_PROTO_VERSION, larg, parg); default: break; } @@ -434,7 +436,7 @@ int ssl2_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p) if (p != NULL) { l=c->id; - if ((l & 0xff000000) != 0x02000000) return(0); + if ((l & 0xff000000) != 0x02000000 && l != SSL3_CK_FALLBACK_SCSV) return(0); p[0]=((unsigned char)(l>>16L))&0xFF; p[1]=((unsigned char)(l>> 8L))&0xFF; p[2]=((unsigned char)(l ))&0xFF; diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c index 86f06d02c7..73f3e1730c 100644 --- a/ssl/s3_enc.c +++ b/ssl/s3_enc.c @@ -941,7 +941,7 @@ int ssl3_alert_code(int code) case SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE: return(SSL3_AD_HANDSHAKE_FAILURE); case SSL_AD_BAD_CERTIFICATE_HASH_VALUE: return(SSL3_AD_HANDSHAKE_FAILURE); case SSL_AD_UNKNOWN_PSK_IDENTITY:return(TLS1_AD_UNKNOWN_PSK_IDENTITY); + case SSL_AD_INAPPROPRIATE_FALLBACK:return(TLS1_AD_INAPPROPRIATE_FALLBACK); default: return(-1); } } - diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index a15625b911..361f295521 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -3598,6 +3598,33 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) return (int)sess->tlsext_ecpointformatlist_length; } #endif + + case SSL_CTRL_CHECK_PROTO_VERSION: + /* For library-internal use; checks that the current protocol + * is the highest enabled version (according to s->ctx->method, + * as version negotiation may have changed s->method). */ + if (s->version == s->ctx->method->version) + return 1; + /* Apparently we're using a version-flexible SSL_METHOD + * (not at its highest protocol version). */ + if (s->ctx->method->version == SSLv23_method()->version) + { +#if TLS_MAX_VERSION != TLS1_2_VERSION +# error Code needs update for SSLv23_method() support beyond TLS1_2_VERSION. +#endif + if (!(s->options & SSL_OP_NO_TLSv1_2)) + return s->version == TLS1_2_VERSION; + if (!(s->options & SSL_OP_NO_TLSv1_1)) + return s->version == TLS1_1_VERSION; + if (!(s->options & SSL_OP_NO_TLSv1)) + return s->version == TLS1_VERSION; + if (!(s->options & SSL_OP_NO_SSLv3)) + return s->version == SSL3_VERSION; + if (!(s->options & SSL_OP_NO_SSLv2)) + return s->version == SSL2_VERSION; + } + return 0; /* Unexpected state; fail closed. */ + default: break; } @@ -4519,4 +4546,3 @@ long ssl_get_algorithm2(SSL *s) return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256; return alg2; } - @@ -681,6 +681,10 @@ struct ssl_session_st */ #define SSL_MODE_SEND_CLIENTHELLO_TIME 0x00000020L #define SSL_MODE_SEND_SERVERHELLO_TIME 0x00000040L +/* Send TLS_FALLBACK_SCSV in the ClientHello. + * To be set by applications that reconnect with a downgraded protocol + * version; see draft-ietf-tls-downgrade-scsv-00 for details. */ +#define SSL_MODE_SEND_FALLBACK_SCSV 0x00000080L /* Cert related flags */ /* Many implementations ignore some aspects of the TLS standards such as @@ -1683,6 +1687,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) #define SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE #define SSL_AD_BAD_CERTIFICATE_HASH_VALUE TLS1_AD_BAD_CERTIFICATE_HASH_VALUE #define SSL_AD_UNKNOWN_PSK_IDENTITY TLS1_AD_UNKNOWN_PSK_IDENTITY /* fatal */ +#define SSL_AD_INAPPROPRIATE_FALLBACK TLS1_AD_INAPPROPRIATE_FALLBACK /* fatal */ #define SSL_ERROR_NONE 0 #define SSL_ERROR_SSL 1 @@ -1821,6 +1826,9 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) #define SSL_CTRL_SELECT_CURRENT_CERT 116 #define SSL_CTRL_SET_CURRENT_CERT 117 +#define SSL_CTRL_CHECK_PROTO_VERSION 119 + + #define SSL_CERT_SET_FIRST 1 #define SSL_CERT_SET_NEXT 2 #define SSL_CERT_SET_SERVER 3 @@ -2765,6 +2773,7 @@ void ERR_load_SSL_strings(void); #define SSL_R_HTTP_REQUEST 156 #define SSL_R_ILLEGAL_PADDING 283 #define SSL_R_ILLEGAL_SUITEB_DIGEST 380 +#define SSL_R_INAPPROPRIATE_FALLBACK 373 #define SSL_R_INCONSISTENT_COMPRESSION 340 #define SSL_R_INVALID_CHALLENGE_LENGTH 158 #define SSL_R_INVALID_COMMAND 280 @@ -2921,6 +2930,7 @@ void ERR_load_SSL_strings(void); #define SSL_R_TLSV1_ALERT_DECRYPTION_FAILED 1021 #define SSL_R_TLSV1_ALERT_DECRYPT_ERROR 1051 #define SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION 1060 +#define SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK 1086 #define SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY 1071 #define SSL_R_TLSV1_ALERT_INTERNAL_ERROR 1080 #define SSL_R_TLSV1_ALERT_NO_RENEGOTIATION 1100 diff --git a/ssl/ssl3.h b/ssl/ssl3.h index 7ba8f4c130..a4823d3308 100644 --- a/ssl/ssl3.h +++ b/ssl/ssl3.h @@ -128,9 +128,14 @@ extern "C" { #endif -/* Signalling cipher suite value: from draft-ietf-tls-renegotiation-03.txt */ +/* Signalling cipher suite value from RFC 5746 + * (TLS_EMPTY_RENEGOTIATION_INFO_SCSV) */ #define SSL3_CK_SCSV 0x030000FF +/* Signalling cipher suite value from draft-ietf-tls-downgrade-scsv-00 + * (TLS_FALLBACK_SCSV) */ +#define SSL3_CK_FALLBACK_SCSV 0x03005600 + #define SSL3_CK_RSA_NULL_MD5 0x03000001 #define SSL3_CK_RSA_NULL_SHA 0x03000002 #define SSL3_CK_RSA_RC4_40_MD5 0x03000003 diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c index 1eca037175..63b5c35bea 100644 --- a/ssl/ssl_err.c +++ b/ssl/ssl_err.c @@ -398,6 +398,7 @@ static ERR_STRING_DATA SSL_str_reasons[]= {ERR_REASON(SSL_R_HTTP_REQUEST) ,"http request"}, {ERR_REASON(SSL_R_ILLEGAL_PADDING) ,"illegal padding"}, {ERR_REASON(SSL_R_ILLEGAL_SUITEB_DIGEST) ,"illegal Suite B digest"}, +{ERR_REASON(SSL_R_INAPPROPRIATE_FALLBACK),"inappropriate fallback"}, {ERR_REASON(SSL_R_INCONSISTENT_COMPRESSION),"inconsistent compression"}, {ERR_REASON(SSL_R_INVALID_CHALLENGE_LENGTH),"invalid challenge length"}, {ERR_REASON(SSL_R_INVALID_COMMAND) ,"invalid command"}, @@ -554,6 +555,7 @@ static ERR_STRING_DATA SSL_str_reasons[]= {ERR_REASON(SSL_R_TLSV1_ALERT_DECRYPTION_FAILED),"tlsv1 alert decryption failed"}, {ERR_REASON(SSL_R_TLSV1_ALERT_DECRYPT_ERROR),"tlsv1 alert decrypt error"}, {ERR_REASON(SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION),"tlsv1 alert export restriction"}, +{ERR_REASON(SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK),"tlsv1 alert inappropriate fallback"}, {ERR_REASON(SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY),"tlsv1 alert insufficient security"}, {ERR_REASON(SSL_R_TLSV1_ALERT_INTERNAL_ERROR),"tlsv1 alert internal error"}, {ERR_REASON(SSL_R_TLSV1_ALERT_NO_RENEGOTIATION),"tlsv1 alert no renegotiation"}, diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index f779ce66d7..27819b452f 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -1464,12 +1464,14 @@ int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p, SSL_CIPHER *c; CERT *ct = s->cert; unsigned char *q; - int no_scsv = s->renegotiate; + int empty_reneg_info_scsv = !s->renegotiate; /* Set disabled masks for this session */ ssl_set_client_disabled(s); if (sk == NULL) return(0); q=p; + if (put_cb == NULL) + put_cb = s->method->put_cipher_by_char; for (i=0; i<sk_SSL_CIPHER_num(sk); i++) { @@ -1482,29 +1484,40 @@ int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p, #ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL if (c->id == SSL3_CK_SCSV) { - if (no_scsv) + if (!empty_reneg_info_scsv) continue; else - no_scsv = 1; + empty_reneg_info_scsv = 0; } #endif - j = put_cb ? put_cb(c,p) : ssl_put_cipher_by_char(s,c,p); + j = put_cb(c,p); p+=j; } - /* If p == q, no ciphers and caller indicates an error. Otherwise - * add SCSV if not renegotiating. - */ - if (p != q && !no_scsv) + /* If p == q, no ciphers; caller indicates an error. + * Otherwise, add applicable SCSVs. */ + if (p != q) { - static SSL_CIPHER scsv = + if (empty_reneg_info_scsv) { - 0, NULL, SSL3_CK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0 - }; - j = put_cb ? put_cb(&scsv,p) : ssl_put_cipher_by_char(s,&scsv,p); - p+=j; + static SSL_CIPHER scsv = + { + 0, NULL, SSL3_CK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0 + }; + j = put_cb(&scsv,p); + p+=j; #ifdef OPENSSL_RI_DEBUG - fprintf(stderr, "SCSV sent by client\n"); + fprintf(stderr, "TLS_EMPTY_RENEGOTIATION_INFO_SCSV sent by client\n"); #endif + } + if (s->mode & SSL_MODE_SEND_FALLBACK_SCSV) + { + static SSL_CIPHER scsv = + { + 0, NULL, SSL3_CK_FALLBACK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0 + }; + j = put_cb(&scsv,p); + p+=j; + } } return(p-q); @@ -1516,11 +1529,12 @@ STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num, const SSL_CIPHER *c; STACK_OF(SSL_CIPHER) *sk; int i,n; + if (s->s3) s->s3->send_connection_binding = 0; n=ssl_put_cipher_by_char(s,NULL,NULL); - if ((num%n) != 0) + if (n == 0 || (num%n) != 0) { SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST); return(NULL); @@ -1545,7 +1559,7 @@ STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num, for (i=0; i<num; i+=n) { - /* Check for SCSV */ + /* Check for TLS_EMPTY_RENEGOTIATION_INFO_SCSV */ if (s->s3 && (n != 3 || !p[0]) && (p[n-2] == ((SSL3_CK_SCSV >> 8) & 0xff)) && (p[n-1] == (SSL3_CK_SCSV & 0xff))) @@ -1565,6 +1579,23 @@ STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num, continue; } + /* Check for TLS_FALLBACK_SCSV */ + if ((n != 3 || !p[0]) && + (p[n-2] == ((SSL3_CK_FALLBACK_SCSV >> 8) & 0xff)) && + (p[n-1] == (SSL3_CK_FALLBACK_SCSV & 0xff))) + { + /* The SCSV indicates that the client previously tried a higher version. + * Fail if the current version is an unexpected downgrade. */ + if (!SSL_ctrl(s, SSL_CTRL_CHECK_PROTO_VERSION, 0, NULL)) + { + SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,SSL_R_INAPPROPRIATE_FALLBACK); + if (s->s3) + ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_INAPPROPRIATE_FALLBACK); + goto err; + } + continue; + } + c=ssl_get_cipher_by_char(s,p); p+=n; if (c != NULL) diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index 10fc795acd..7974762d4c 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -1286,6 +1286,7 @@ int tls1_alert_code(int code) case SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE: return(TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE); case SSL_AD_BAD_CERTIFICATE_HASH_VALUE: return(TLS1_AD_BAD_CERTIFICATE_HASH_VALUE); case SSL_AD_UNKNOWN_PSK_IDENTITY:return(TLS1_AD_UNKNOWN_PSK_IDENTITY); + case SSL_AD_INAPPROPRIATE_FALLBACK:return(TLS1_AD_INAPPROPRIATE_FALLBACK); #if 0 /* not appropriate for TLS, not used for DTLS */ case DTLS1_AD_MISSING_HANDSHAKE_MESSAGE: return (DTLS1_AD_MISSING_HANDSHAKE_MESSAGE); diff --git a/ssl/tls1.h b/ssl/tls1.h index 09d1763f5b..3c8de73032 100644 --- a/ssl/tls1.h +++ b/ssl/tls1.h @@ -159,17 +159,19 @@ extern "C" { #define TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES 0 +#define TLS1_VERSION 0x0301 +#define TLS1_1_VERSION 0x0302 #define TLS1_2_VERSION 0x0303 -#define TLS1_2_VERSION_MAJOR 0x03 -#define TLS1_2_VERSION_MINOR 0x03 +#define TLS_MAX_VERSION TLS1_2_VERSION + +#define TLS1_VERSION_MAJOR 0x03 +#define TLS1_VERSION_MINOR 0x01 -#define TLS1_1_VERSION 0x0302 #define TLS1_1_VERSION_MAJOR 0x03 #define TLS1_1_VERSION_MINOR 0x02 -#define TLS1_VERSION 0x0301 -#define TLS1_VERSION_MAJOR 0x03 -#define TLS1_VERSION_MINOR 0x01 +#define TLS1_2_VERSION_MAJOR 0x03 +#define TLS1_2_VERSION_MINOR 0x03 #define TLS1_get_version(s) \ ((s->version >> 8) == TLS1_VERSION_MAJOR ? s->version : 0) @@ -187,6 +189,7 @@ extern "C" { #define TLS1_AD_PROTOCOL_VERSION 70 /* fatal */ #define TLS1_AD_INSUFFICIENT_SECURITY 71 /* fatal */ #define TLS1_AD_INTERNAL_ERROR 80 /* fatal */ +#define TLS1_AD_INAPPROPRIATE_FALLBACK 86 /* fatal */ #define TLS1_AD_USER_CANCELLED 90 #define TLS1_AD_NO_RENEGOTIATION 100 /* codes 110-114 are from RFC3546 */ |