diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 740c09e43..5be4b5457 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -14,7 +14,7 @@ jobs: fuzz-seconds: 600 dry-run: false - name: Upload Crash - uses: actions/upload-artifact@v1 + uses: actions/upload-artifact@v4 if: failure() with: name: artifacts diff --git a/apps/ocsp.c b/apps/ocsp.c index 27ec94fa6..a783dd2b1 100644 --- a/apps/ocsp.c +++ b/apps/ocsp.c @@ -268,7 +268,7 @@ int ocsp_main(int argc, char **argv) if (ids == NULL) goto end; if ((vpm = X509_VERIFY_PARAM_new()) == NULL) - return 1; + goto end; prog = opt_init(argc, argv, ocsp_options); while ((o = opt_next()) != OPT_EOF) { diff --git a/crypto/asn1/x_delegated_credential.c b/crypto/asn1/x_delegated_credential.c index 0c6ab0bac..f502bd663 100644 --- a/crypto/asn1/x_delegated_credential.c +++ b/crypto/asn1/x_delegated_credential.c @@ -91,7 +91,7 @@ DELEGATED_CREDENTIAL *DC_new_from_raw_byte(const unsigned char *byte, if(!DC_set1_raw_byte(dc, byte, len)) { ASN1err(ASN1_F_DC_NEW_FROM_RAW_BYTE, ERR_R_MALLOC_FAILURE); - return NULL; + goto err; } if (!PACKET_buf_init(&pkt, dc->raw_byte, dc->raw_byte_len)) diff --git a/crypto/bn/bn_exp.c b/crypto/bn/bn_exp.c index 9531acfc3..451e88ac3 100644 --- a/crypto/bn/bn_exp.c +++ b/crypto/bn/bn_exp.c @@ -188,13 +188,14 @@ int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, return ret; } + BN_RECP_CTX_init(&recp); + BN_CTX_start(ctx); aa = BN_CTX_get(ctx); val[0] = BN_CTX_get(ctx); if (val[0] == NULL) goto err; - BN_RECP_CTX_init(&recp); if (m->neg) { /* ignore sign of 'm' */ if (!BN_copy(aa, m)) diff --git a/crypto/cms/cms_sd.c b/crypto/cms/cms_sd.c index 29ba4c1b1..6030f0718 100644 --- a/crypto/cms/cms_sd.c +++ b/crypto/cms/cms_sd.c @@ -897,8 +897,10 @@ int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs, ASN1_INTEGER *key = NULL; if (keysize > 0) { key = ASN1_INTEGER_new(); - if (key == NULL || !ASN1_INTEGER_set(key, keysize)) + if (key == NULL || !ASN1_INTEGER_set(key, keysize)) { + ASN1_INTEGER_free(key); return 0; + } } alg = X509_ALGOR_new(); if (alg == NULL) { diff --git a/crypto/dsa/dsa_gen.c b/crypto/dsa/dsa_gen.c index 5d066a06c..b0688a3af 100644 --- a/crypto/dsa/dsa_gen.c +++ b/crypto/dsa/dsa_gen.c @@ -342,6 +342,9 @@ int dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N, } mdsize = EVP_MD_size(evpmd); + if (mdsize < 0) + goto err; + /* If unverifiable g generation only don't need seed */ if (!ret->p || !ret->q || idx >= 0) { if (seed_len == 0) diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index 1f9ee3ac7..ea3ca7242 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -1,4 +1,4 @@ -# Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 1999-2024 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -1602,7 +1602,6 @@ SSL_F_TLS_CONSTRUCT_CTOS_ALPN:466:tls_construct_ctos_alpn SSL_F_TLS_CONSTRUCT_CTOS_ALPN_NTLS:721:tls_construct_ctos_alpn_ntls SSL_F_TLS_CONSTRUCT_CTOS_CERTIFICATE:355:* SSL_F_TLS_CONSTRUCT_CTOS_COOKIE:535:tls_construct_ctos_cookie -SSL_F_TLS_CONSTRUCT_CTOS_COOKIE_NTLS:722:tls_construct_ctos_cookie_ntls SSL_F_TLS_CONSTRUCT_CTOS_DELEGATED_CREDENTIAL:853:\ tls_construct_ctos_delegated_credential SSL_F_TLS_CONSTRUCT_CTOS_EARLY_DATA:530:tls_construct_ctos_early_data @@ -1633,7 +1632,6 @@ SSL_F_TLS_CONSTRUCT_CTOS_PSK:501:tls_construct_ctos_psk SSL_F_TLS_CONSTRUCT_CTOS_PSK_KEX_MODES:509:tls_construct_ctos_psk_kex_modes SSL_F_TLS_CONSTRUCT_CTOS_PSK_KEX_MODES_NTLS:733:\ tls_construct_ctos_psk_kex_modes_ntls -SSL_F_TLS_CONSTRUCT_CTOS_PSK_NTLS:732:tls_construct_ctos_psk_ntls SSL_F_TLS_CONSTRUCT_CTOS_QUIC_TRANSPORT_PARAMS:3008:\ tls_construct_ctos_quic_transport_params SSL_F_TLS_CONSTRUCT_CTOS_QUIC_TRANSPORT_PARAMS_DRAFT:3013:\ @@ -1698,7 +1696,6 @@ SSL_F_TLS_CONSTRUCT_STOC_ALPN:451:tls_construct_stoc_alpn SSL_F_TLS_CONSTRUCT_STOC_ALPN_NTLS:753:tls_construct_stoc_alpn_ntls SSL_F_TLS_CONSTRUCT_STOC_CERTIFICATE:374:* SSL_F_TLS_CONSTRUCT_STOC_COOKIE:613:tls_construct_stoc_cookie -SSL_F_TLS_CONSTRUCT_STOC_COOKIE_NTLS:754:tls_construct_stoc_cookie_ntls SSL_F_TLS_CONSTRUCT_STOC_CRYPTOPRO_BUG:452:tls_construct_stoc_cryptopro_bug SSL_F_TLS_CONSTRUCT_STOC_CRYPTOPRO_BUG_NTLS:755:\ tls_construct_stoc_cryptopro_bug_ntls @@ -1726,7 +1723,6 @@ SSL_F_TLS_CONSTRUCT_STOC_NEXT_PROTO_NEG:457:tls_construct_stoc_next_proto_neg SSL_F_TLS_CONSTRUCT_STOC_NEXT_PROTO_NEG_NTLS:762:\ tls_construct_stoc_next_proto_neg_ntls SSL_F_TLS_CONSTRUCT_STOC_PSK:504:tls_construct_stoc_psk -SSL_F_TLS_CONSTRUCT_STOC_PSK_NTLS:763:tls_construct_stoc_psk_ntls SSL_F_TLS_CONSTRUCT_STOC_QUIC_TRANSPORT_PARAMS:3009:\ tls_construct_stoc_quic_transport_params SSL_F_TLS_CONSTRUCT_STOC_QUIC_TRANSPORT_PARAMS_DRAFT:3014:\ @@ -1769,7 +1765,6 @@ SSL_F_TLS_PARSE_COMPRESS_CERT:875:tls_parse_compress_cert SSL_F_TLS_PARSE_CTOS_ALPN:567:tls_parse_ctos_alpn SSL_F_TLS_PARSE_CTOS_ALPN_NTLS:774:tls_parse_ctos_alpn_ntls SSL_F_TLS_PARSE_CTOS_COOKIE:614:tls_parse_ctos_cookie -SSL_F_TLS_PARSE_CTOS_COOKIE_NTLS:775:tls_parse_ctos_cookie_ntls SSL_F_TLS_PARSE_CTOS_DELEGATED_CREDENTIAL:862:\ tls_parse_ctos_delegated_credential SSL_F_TLS_PARSE_CTOS_EARLY_DATA:568:tls_parse_ctos_early_data @@ -1788,7 +1783,6 @@ SSL_F_TLS_PARSE_CTOS_POST_HANDSHAKE_AUTH_NTLS:781:\ SSL_F_TLS_PARSE_CTOS_PSK:505:tls_parse_ctos_psk SSL_F_TLS_PARSE_CTOS_PSK_KEX_MODES:572:tls_parse_ctos_psk_kex_modes SSL_F_TLS_PARSE_CTOS_PSK_KEX_MODES_NTLS:783:tls_parse_ctos_psk_kex_modes_ntls -SSL_F_TLS_PARSE_CTOS_PSK_NTLS:782:tls_parse_ctos_psk_ntls SSL_F_TLS_PARSE_CTOS_QUIC_TRANSPORT_PARAMS:3010:\ tls_parse_ctos_quic_transport_params SSL_F_TLS_PARSE_CTOS_QUIC_TRANSPORT_PARAMS_DRAFT:3015:\ @@ -1815,7 +1809,6 @@ SSL_F_TLS_PARSE_DC_FROM_EXTENSION:864:tls_parse_dc_from_extension SSL_F_TLS_PARSE_STOC_ALPN:579:tls_parse_stoc_alpn SSL_F_TLS_PARSE_STOC_ALPN_NTLS:793:tls_parse_stoc_alpn_ntls SSL_F_TLS_PARSE_STOC_COOKIE:534:tls_parse_stoc_cookie -SSL_F_TLS_PARSE_STOC_COOKIE_NTLS:794:tls_parse_stoc_cookie_ntls SSL_F_TLS_PARSE_STOC_DELEGATED_CREDENTIAL:854:\ tls_parse_stoc_delegated_credential SSL_F_TLS_PARSE_STOC_EARLY_DATA:538:tls_parse_stoc_early_data @@ -1830,7 +1823,6 @@ SSL_F_TLS_PARSE_STOC_MAXFRAGMENTLEN_NTLS:798:tls_parse_stoc_maxfragmentlen_ntls SSL_F_TLS_PARSE_STOC_NPN:582:tls_parse_stoc_npn SSL_F_TLS_PARSE_STOC_NPN_NTLS:799:tls_parse_stoc_npn_ntls SSL_F_TLS_PARSE_STOC_PSK:502:tls_parse_stoc_psk -SSL_F_TLS_PARSE_STOC_PSK_NTLS:800:tls_parse_stoc_psk_ntls SSL_F_TLS_PARSE_STOC_QUIC_TRANSPORT_PARAMS:3011:\ tls_parse_stoc_quic_transport_params SSL_F_TLS_PARSE_STOC_QUIC_TRANSPORT_PARAMS_DRAFT:3016:\ diff --git a/crypto/evp/bio_ok.c b/crypto/evp/bio_ok.c index a77cfb155..e591451e9 100644 --- a/crypto/evp/bio_ok.c +++ b/crypto/evp/bio_ok.c @@ -496,9 +496,11 @@ static int sig_in(BIO *b) void *md_data; ctx = BIO_get_data(b); - md = ctx->md; + if ((md = ctx->md) == NULL) + goto berr; digest = EVP_MD_CTX_md(md); - md_size = EVP_MD_size(digest); + if ((md_size = EVP_MD_size(digest)) <= 0) + goto berr; md_data = EVP_MD_CTX_md_data(md); if ((int)(ctx->buf_len - ctx->buf_off) < 2 * md_size) diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c index 281ca165a..643b0deb1 100644 --- a/crypto/evp/e_aes.c +++ b/crypto/evp/e_aes.c @@ -3887,6 +3887,7 @@ typedef struct { static int aes_wrap_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc) { + int len; EVP_AES_WRAP_CTX *wctx = EVP_C_DATA(EVP_AES_WRAP_CTX,ctx); if (!iv && !key) return 1; @@ -3901,8 +3902,10 @@ static int aes_wrap_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, wctx->iv = NULL; } if (iv) { - memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), iv, EVP_CIPHER_CTX_iv_length(ctx)); - wctx->iv = EVP_CIPHER_CTX_iv_noconst(ctx); + if ((len = EVP_CIPHER_CTX_iv_length(ctx)) < 0) + return 0; + memcpy(ctx->iv, iv, len); + wctx->iv = ctx->iv; } return 1; } diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c index 26622b4d7..a773733b3 100644 --- a/crypto/evp/evp_enc.c +++ b/crypto/evp/evp_enc.c @@ -88,6 +88,8 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl, const unsigned char *key, const unsigned char *iv, int enc) { + int n; + if (enc == -1) enc = ctx->encrypt; else { @@ -204,19 +206,27 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, /* fall-through */ case EVP_CIPH_CBC_MODE: - - OPENSSL_assert(EVP_CIPHER_CTX_iv_length(ctx) <= - (int)sizeof(ctx->iv)); + n = EVP_CIPHER_CTX_iv_length(ctx); + if (n < 0 || n > (int)sizeof(ctx->iv)) { + EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INVALID_IV_LENGTH); + return 0; + } if (iv) - memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx)); - memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx)); + memcpy(ctx->oiv, iv, n); + memcpy(ctx->iv, ctx->oiv, n); break; case EVP_CIPH_CTR_MODE: ctx->num = 0; /* Don't reuse IV for CTR mode */ - if (iv) - memcpy(ctx->iv, iv, EVP_CIPHER_CTX_iv_length(ctx)); + if (iv) { + n = EVP_CIPHER_CTX_iv_length(ctx); + if (n <= 0 || n > (int)sizeof(ctx->iv)) { + EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INVALID_IV_LENGTH); + return 0; + } + memcpy(ctx->iv, iv, n); + } break; default: diff --git a/crypto/rsa/rsa_ossl.c b/crypto/rsa/rsa_ossl.c index 6c3c0cf78..e7cd60ad9 100644 --- a/crypto/rsa/rsa_ossl.c +++ b/crypto/rsa/rsa_ossl.c @@ -578,6 +578,8 @@ static int rsa_ossl_public_decrypt(int flen, const unsigned char *from, goto err; i = BN_bn2binpad(ret, buf, num); + if (i < 0) + goto err; switch (padding) { case RSA_PKCS1_PADDING: diff --git a/crypto/ts/ts_rsp_sign.c b/crypto/ts/ts_rsp_sign.c index 041a187da..fc221ec6e 100644 --- a/crypto/ts/ts_rsp_sign.c +++ b/crypto/ts/ts_rsp_sign.c @@ -63,6 +63,7 @@ static ASN1_INTEGER *def_serial_cb(struct TS_resp_ctx *ctx, void *data) TSerr(TS_F_DEF_SERIAL_CB, ERR_R_MALLOC_FAILURE); TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION, "Error during serial number generation."); + ASN1_INTEGER_free(serial); return NULL; } diff --git a/crypto/x509/x509spki.c b/crypto/x509/x509spki.c index fd8162af6..01c9d40b6 100644 --- a/crypto/x509/x509spki.c +++ b/crypto/x509/x509spki.c @@ -58,7 +58,10 @@ char *NETSCAPE_SPKI_b64_encode(NETSCAPE_SPKI *spki) unsigned char *der_spki, *p; char *b64_str; int der_len; + der_len = i2d_NETSCAPE_SPKI(spki, NULL); + if (der_len <= 0) + return NULL; der_spki = OPENSSL_malloc(der_len); b64_str = OPENSSL_malloc(der_len * 2); if (der_spki == NULL || b64_str == NULL) { diff --git a/crypto/x509v3/pcy_data.c b/crypto/x509v3/pcy_data.c index 073505951..fce58a586 100644 --- a/crypto/x509v3/pcy_data.c +++ b/crypto/x509v3/pcy_data.c @@ -51,6 +51,7 @@ X509_POLICY_DATA *policy_data_new(POLICYINFO *policy, id = NULL; ret = OPENSSL_zalloc(sizeof(*ret)); if (ret == NULL) { + ASN1_OBJECT_free(id); X509V3err(X509V3_F_POLICY_DATA_NEW, ERR_R_MALLOC_FAILURE); return NULL; } diff --git a/crypto/x509v3/v3_tlsf.c b/crypto/x509v3/v3_tlsf.c index 7fd6ef17d..dd18991e7 100644 --- a/crypto/x509v3/v3_tlsf.c +++ b/crypto/x509v3/v3_tlsf.c @@ -89,7 +89,7 @@ static TLS_FEATURE *v2i_TLS_FEATURE(const X509V3_EXT_METHOD *method, { TLS_FEATURE *tlsf; char *extval, *endptr; - ASN1_INTEGER *ai; + ASN1_INTEGER *ai = NULL; CONF_VALUE *val; int i; size_t j; @@ -128,10 +128,13 @@ static TLS_FEATURE *v2i_TLS_FEATURE(const X509V3_EXT_METHOD *method, X509V3err(X509V3_F_V2I_TLS_FEATURE, ERR_R_MALLOC_FAILURE); goto err; } + + ai = NULL; } return tlsf; err: sk_ASN1_INTEGER_pop_free(tlsf, ASN1_INTEGER_free); + ASN1_INTEGER_free(ai); return NULL; } diff --git a/include/openssl/sslerr.h b/include/openssl/sslerr.h index 802d3341a..526530b0c 100644 --- a/include/openssl/sslerr.h +++ b/include/openssl/sslerr.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -425,7 +425,6 @@ int ERR_load_SSL_strings(void); # define SSL_F_TLS_CONSTRUCT_CTOS_ALPN_NTLS 721 # define SSL_F_TLS_CONSTRUCT_CTOS_CERTIFICATE 355 # define SSL_F_TLS_CONSTRUCT_CTOS_COOKIE 535 -# define SSL_F_TLS_CONSTRUCT_CTOS_COOKIE_NTLS 722 # define SSL_F_TLS_CONSTRUCT_CTOS_DELEGATED_CREDENTIAL 853 # define SSL_F_TLS_CONSTRUCT_CTOS_EARLY_DATA 530 # define SSL_F_TLS_CONSTRUCT_CTOS_EARLY_DATA_NTLS 723 @@ -450,7 +449,6 @@ int ERR_load_SSL_strings(void); # define SSL_F_TLS_CONSTRUCT_CTOS_PSK 501 # define SSL_F_TLS_CONSTRUCT_CTOS_PSK_KEX_MODES 509 # define SSL_F_TLS_CONSTRUCT_CTOS_PSK_KEX_MODES_NTLS 733 -# define SSL_F_TLS_CONSTRUCT_CTOS_PSK_NTLS 732 # define SSL_F_TLS_CONSTRUCT_CTOS_QUIC_TRANSPORT_PARAMS 3008 # define SSL_F_TLS_CONSTRUCT_CTOS_QUIC_TRANSPORT_PARAMS_DRAFT 3013 # define SSL_F_TLS_CONSTRUCT_CTOS_RENEGOTIATE 473 @@ -500,7 +498,6 @@ int ERR_load_SSL_strings(void); # define SSL_F_TLS_CONSTRUCT_STOC_ALPN_NTLS 753 # define SSL_F_TLS_CONSTRUCT_STOC_CERTIFICATE 374 # define SSL_F_TLS_CONSTRUCT_STOC_COOKIE 613 -# define SSL_F_TLS_CONSTRUCT_STOC_COOKIE_NTLS 754 # define SSL_F_TLS_CONSTRUCT_STOC_CRYPTOPRO_BUG 452 # define SSL_F_TLS_CONSTRUCT_STOC_CRYPTOPRO_BUG_NTLS 755 # define SSL_F_TLS_CONSTRUCT_STOC_DELEGATED_CREDENTIAL 863 @@ -523,7 +520,6 @@ int ERR_load_SSL_strings(void); # define SSL_F_TLS_CONSTRUCT_STOC_NEXT_PROTO_NEG 457 # define SSL_F_TLS_CONSTRUCT_STOC_NEXT_PROTO_NEG_NTLS 762 # define SSL_F_TLS_CONSTRUCT_STOC_PSK 504 -# define SSL_F_TLS_CONSTRUCT_STOC_PSK_NTLS 763 # define SSL_F_TLS_CONSTRUCT_STOC_QUIC_TRANSPORT_PARAMS 3009 # define SSL_F_TLS_CONSTRUCT_STOC_QUIC_TRANSPORT_PARAMS_DRAFT 3014 # define SSL_F_TLS_CONSTRUCT_STOC_RENEGOTIATE 458 @@ -555,7 +551,6 @@ int ERR_load_SSL_strings(void); # define SSL_F_TLS_PARSE_CTOS_ALPN 567 # define SSL_F_TLS_PARSE_CTOS_ALPN_NTLS 774 # define SSL_F_TLS_PARSE_CTOS_COOKIE 614 -# define SSL_F_TLS_PARSE_CTOS_COOKIE_NTLS 775 # define SSL_F_TLS_PARSE_CTOS_DELEGATED_CREDENTIAL 862 # define SSL_F_TLS_PARSE_CTOS_EARLY_DATA 568 # define SSL_F_TLS_PARSE_CTOS_EARLY_DATA_NTLS 776 @@ -572,7 +567,6 @@ int ERR_load_SSL_strings(void); # define SSL_F_TLS_PARSE_CTOS_PSK 505 # define SSL_F_TLS_PARSE_CTOS_PSK_KEX_MODES 572 # define SSL_F_TLS_PARSE_CTOS_PSK_KEX_MODES_NTLS 783 -# define SSL_F_TLS_PARSE_CTOS_PSK_NTLS 782 # define SSL_F_TLS_PARSE_CTOS_QUIC_TRANSPORT_PARAMS 3010 # define SSL_F_TLS_PARSE_CTOS_QUIC_TRANSPORT_PARAMS_DRAFT 3015 # define SSL_F_TLS_PARSE_CTOS_RENEGOTIATE 464 @@ -596,7 +590,6 @@ int ERR_load_SSL_strings(void); # define SSL_F_TLS_PARSE_STOC_ALPN 579 # define SSL_F_TLS_PARSE_STOC_ALPN_NTLS 793 # define SSL_F_TLS_PARSE_STOC_COOKIE 534 -# define SSL_F_TLS_PARSE_STOC_COOKIE_NTLS 794 # define SSL_F_TLS_PARSE_STOC_DELEGATED_CREDENTIAL 854 # define SSL_F_TLS_PARSE_STOC_EARLY_DATA 538 # define SSL_F_TLS_PARSE_STOC_EARLY_DATA_INFO 528 @@ -610,7 +603,6 @@ int ERR_load_SSL_strings(void); # define SSL_F_TLS_PARSE_STOC_NPN 582 # define SSL_F_TLS_PARSE_STOC_NPN_NTLS 799 # define SSL_F_TLS_PARSE_STOC_PSK 502 -# define SSL_F_TLS_PARSE_STOC_PSK_NTLS 800 # define SSL_F_TLS_PARSE_STOC_QUIC_TRANSPORT_PARAMS 3011 # define SSL_F_TLS_PARSE_STOC_QUIC_TRANSPORT_PARAMS_DRAFT 3016 # define SSL_F_TLS_PARSE_STOC_RENEGOTIATE 448 diff --git a/ssl/packet.c b/ssl/packet.c index 1ddde969f..691a82b70 100644 --- a/ssl/packet.c +++ b/ssl/packet.c @@ -161,7 +161,7 @@ int WPACKET_set_flags(WPACKET *pkt, unsigned int flags) } /* Store the |value| of length |len| at location |data| */ -static int put_value(unsigned char *data, size_t value, size_t len) +static int put_value(unsigned char *data, uint64_t value, size_t len) { for (data += len - 1; len > 0; len--) { *data = (unsigned char)(value & 0xff); @@ -306,12 +306,12 @@ int WPACKET_start_sub_packet(WPACKET *pkt) return WPACKET_start_sub_packet_len__(pkt, 0); } -int WPACKET_put_bytes__(WPACKET *pkt, unsigned int val, size_t size) +int WPACKET_put_bytes__(WPACKET *pkt, uint64_t val, size_t size) { unsigned char *data; /* Internal API, so should not fail */ - if (!ossl_assert(size <= sizeof(unsigned int)) + if (!ossl_assert(size <= sizeof(uint64_t)) || !WPACKET_allocate_bytes(pkt, size, &data) || !put_value(data, val, size)) return 0; diff --git a/ssl/packet_local.h b/ssl/packet_local.h index 1b6c2fb9b..13eebfe65 100644 --- a/ssl/packet_local.h +++ b/ssl/packet_local.h @@ -227,6 +227,28 @@ __owur static ossl_inline int PACKET_peek_net_4(const PACKET *pkt, return 1; } +/* + * Peek ahead at 8 bytes in network order from |pkt| and store the value in + * |*data| + */ +__owur static ossl_inline int PACKET_peek_net_8(const PACKET *pkt, + uint64_t *data) +{ + if (PACKET_remaining(pkt) < 8) + return 0; + + *data = ((uint64_t)(*pkt->curr)) << 56; + *data |= ((uint64_t)(*(pkt->curr + 1))) << 48; + *data |= ((uint64_t)(*(pkt->curr + 2))) << 40; + *data |= ((uint64_t)(*(pkt->curr + 3))) << 32; + *data |= ((uint64_t)(*(pkt->curr + 4))) << 24; + *data |= ((uint64_t)(*(pkt->curr + 5))) << 16; + *data |= ((uint64_t)(*(pkt->curr + 6))) << 8; + *data |= *(pkt->curr + 7); + + return 1; +} + /* Equivalent of n2l */ /* Get 4 bytes in network order from |pkt| and store the value in |*data| */ __owur static ossl_inline int PACKET_get_net_4(PACKET *pkt, unsigned long *data) @@ -251,6 +273,17 @@ __owur static ossl_inline int PACKET_get_net_4_len(PACKET *pkt, size_t *data) return ret; } +/* Get 8 bytes in network order from |pkt| and store the value in |*data| */ +__owur static ossl_inline int PACKET_get_net_8(PACKET *pkt, uint64_t *data) +{ + if (!PACKET_peek_net_8(pkt, data)) + return 0; + + packet_forward(pkt, 8); + + return 1; +} + /* Peek ahead at 1 byte from |pkt| and store the value in |*data| */ __owur static ossl_inline int PACKET_peek_1(const PACKET *pkt, unsigned int *data) @@ -808,7 +841,7 @@ int WPACKET_sub_reserve_bytes__(WPACKET *pkt, size_t len, * 1 byte will fail. Don't call this directly. Use the convenience macros below * instead. */ -int WPACKET_put_bytes__(WPACKET *pkt, unsigned int val, size_t bytes); +int WPACKET_put_bytes__(WPACKET *pkt, uint64_t val, size_t bytes); /* * Convenience macros for calling WPACKET_put_bytes with different @@ -822,6 +855,8 @@ int WPACKET_put_bytes__(WPACKET *pkt, unsigned int val, size_t bytes); WPACKET_put_bytes__((pkt), (val), 3) #define WPACKET_put_bytes_u32(pkt, val) \ WPACKET_put_bytes__((pkt), (val), 4) +#define WPACKET_put_bytes_u64(pkt, val) \ + WPACKET_put_bytes__((pkt), (val), 8) /* Set a maximum size that we will not allow the WPACKET to grow beyond */ int WPACKET_set_max_size(WPACKET *pkt, size_t maxsize); diff --git a/ssl/record/ssl3_record_tls13.c b/ssl/record/ssl3_record_tls13.c index fffefc201..9d1fc9c75 100644 --- a/ssl/record/ssl3_record_tls13.c +++ b/ssl/record/ssl3_record_tls13.c @@ -26,10 +26,10 @@ int tls13_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending) { EVP_CIPHER_CTX *ctx; unsigned char iv[EVP_MAX_IV_LENGTH], recheader[SSL3_RT_HEADER_LENGTH]; - size_t ivlen, taglen, offset, loop, hdrlen; + size_t taglen, offset, loop, hdrlen; unsigned char *staticiv; unsigned char *seq; - int lenu, lenf; + int lenu, lenf, ivlen; SSL3_RECORD *rec = &recs[0]; uint32_t alg_enc; WPACKET wpkt; diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index 7b0f4d7c2..608bce23a 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -1395,8 +1395,10 @@ static int update_cipher_list(STACK_OF(SSL_CIPHER) **cipher_list, sk_SSL_CIPHER_insert(tmp_cipher_list, sk_SSL_CIPHER_value(tls13_ciphersuites, i), i); - if (!update_cipher_list_by_id(cipher_list_by_id, tmp_cipher_list)) + if (!update_cipher_list_by_id(cipher_list_by_id, tmp_cipher_list)) { + sk_SSL_CIPHER_free(tmp_cipher_list); return 0; + } sk_SSL_CIPHER_free(*cipher_list); *cipher_list = tmp_cipher_list; diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c index b1684e58f..e554c486e 100644 --- a/ssl/ssl_err.c +++ b/ssl/ssl_err.c @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -478,7 +478,7 @@ static const ERR_STRING_DATA SSL_str_functs[] = { {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_SCAN_CLIENTHELLO_TLSEXT, 0), ""}, {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_SCAN_SERVERHELLO_TLSEXT, 0), ""}, {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_SESSION_DUP_INTERN, 0), - "ssl_session_dup_intern"}, + "ssl_session_dup_intern"}, {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_SESSION_NEW, 0), "SSL_SESSION_new"}, {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_SESSION_PRINT_FP, 0), "SSL_SESSION_print_fp"}, @@ -685,8 +685,6 @@ static const ERR_STRING_DATA SSL_str_functs[] = { {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_CERTIFICATE, 0), ""}, {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_COOKIE, 0), "tls_construct_ctos_cookie"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_COOKIE_NTLS, 0), - "tls_construct_ctos_cookie_ntls"}, {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_DELEGATED_CREDENTIAL, 0), "tls_construct_ctos_delegated_credential"}, {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_EARLY_DATA, 0), @@ -733,8 +731,6 @@ static const ERR_STRING_DATA SSL_str_functs[] = { "tls_construct_ctos_psk_kex_modes"}, {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_PSK_KEX_MODES_NTLS, 0), "tls_construct_ctos_psk_kex_modes_ntls"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_PSK_NTLS, 0), - "tls_construct_ctos_psk_ntls"}, {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_QUIC_TRANSPORT_PARAMS, 0), "tls_construct_ctos_quic_transport_params"}, {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_QUIC_TRANSPORT_PARAMS_DRAFT, 0), @@ -830,8 +826,6 @@ static const ERR_STRING_DATA SSL_str_functs[] = { {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_STOC_CERTIFICATE, 0), ""}, {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_STOC_COOKIE, 0), "tls_construct_stoc_cookie"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_STOC_COOKIE_NTLS, 0), - "tls_construct_stoc_cookie_ntls"}, {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_STOC_CRYPTOPRO_BUG, 0), "tls_construct_stoc_cryptopro_bug"}, {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_STOC_CRYPTOPRO_BUG_NTLS, 0), @@ -872,8 +866,6 @@ static const ERR_STRING_DATA SSL_str_functs[] = { "tls_construct_stoc_next_proto_neg_ntls"}, {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_STOC_PSK, 0), "tls_construct_stoc_psk"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_STOC_PSK_NTLS, 0), - "tls_construct_stoc_psk_ntls"}, {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_STOC_QUIC_TRANSPORT_PARAMS, 0), "tls_construct_stoc_quic_transport_params"}, {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_STOC_QUIC_TRANSPORT_PARAMS_DRAFT, 0), @@ -934,8 +926,6 @@ static const ERR_STRING_DATA SSL_str_functs[] = { "tls_parse_ctos_alpn_ntls"}, {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CTOS_COOKIE, 0), "tls_parse_ctos_cookie"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CTOS_COOKIE_NTLS, 0), - "tls_parse_ctos_cookie_ntls"}, {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CTOS_DELEGATED_CREDENTIAL, 0), "tls_parse_ctos_delegated_credential"}, {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CTOS_EARLY_DATA, 0), @@ -966,8 +956,6 @@ static const ERR_STRING_DATA SSL_str_functs[] = { "tls_parse_ctos_psk_kex_modes"}, {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CTOS_PSK_KEX_MODES_NTLS, 0), "tls_parse_ctos_psk_kex_modes_ntls"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CTOS_PSK_NTLS, 0), - "tls_parse_ctos_psk_ntls"}, {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CTOS_QUIC_TRANSPORT_PARAMS, 0), "tls_parse_ctos_quic_transport_params"}, {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CTOS_QUIC_TRANSPORT_PARAMS_DRAFT, 0), @@ -1013,8 +1001,6 @@ static const ERR_STRING_DATA SSL_str_functs[] = { "tls_parse_stoc_alpn_ntls"}, {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_STOC_COOKIE, 0), "tls_parse_stoc_cookie"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_STOC_COOKIE_NTLS, 0), - "tls_parse_stoc_cookie_ntls"}, {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_STOC_DELEGATED_CREDENTIAL, 0), "tls_parse_stoc_delegated_credential"}, {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_STOC_EARLY_DATA, 0), @@ -1038,8 +1024,6 @@ static const ERR_STRING_DATA SSL_str_functs[] = { {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_STOC_NPN_NTLS, 0), "tls_parse_stoc_npn_ntls"}, {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_STOC_PSK, 0), "tls_parse_stoc_psk"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_STOC_PSK_NTLS, 0), - "tls_parse_stoc_psk_ntls"}, {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_STOC_QUIC_TRANSPORT_PARAMS, 0), "tls_parse_stoc_quic_transport_params"}, {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_STOC_QUIC_TRANSPORT_PARAMS_DRAFT, 0), diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c index 48fa09016..e0cfb3fd1 100644 --- a/ssl/statem/extensions_clnt.c +++ b/ssl/statem/extensions_clnt.c @@ -1065,7 +1065,7 @@ EXT_RETURN tls_construct_ctos_psk(SSL *s, WPACKET *pkt, unsigned int context, X509 *x, size_t chainidx) { #ifndef OPENSSL_NO_TLS1_3 - uint32_t now, agesec, agems = 0; + uint32_t agesec, agems = 0; size_t reshashsize = 0, pskhashsize = 0, binderoffset, msglen; unsigned char *resbinder = NULL, *pskbinder = NULL, *msgstart = NULL; const EVP_MD *handmd = NULL, *mdres = NULL, *mdpsk = NULL; @@ -1122,8 +1122,7 @@ EXT_RETURN tls_construct_ctos_psk(SSL *s, WPACKET *pkt, unsigned int context, * this in multiple places in the code, so portability shouldn't be an * issue. */ - now = (uint32_t)time(NULL); - agesec = now - (uint32_t)s->session->time; + agesec = (uint32_t)(time(NULL) - s->session->time); /* * We calculate the age in seconds but the server may work in ms. Due to * rounding errors we could overestimate the age by up to 1s. It is diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c index 8977801ca..daacdf5bc 100644 --- a/ssl/statem/extensions_srvr.c +++ b/ssl/statem/extensions_srvr.c @@ -12,16 +12,16 @@ #include "statem_local.h" #include "internal/cryptlib.h" -#define COOKIE_STATE_FORMAT_VERSION 0 +#define COOKIE_STATE_FORMAT_VERSION 1 /* * 2 bytes for packet length, 2 bytes for format version, 2 bytes for * protocol version, 2 bytes for group id, 2 bytes for cipher id, 1 byte for - * key_share present flag, 4 bytes for timestamp, 2 bytes for the hashlen, + * key_share present flag, 8 bytes for timestamp, 2 bytes for the hashlen, * EVP_MAX_MD_SIZE for transcript hash, 1 byte for app cookie length, app cookie * length bytes, SHA256_DIGEST_LENGTH bytes for the HMAC of the whole thing. */ -#define MAX_COOKIE_SIZE (2 + 2 + 2 + 2 + 2 + 1 + 4 + 2 + EVP_MAX_MD_SIZE + 1 \ +#define MAX_COOKIE_SIZE (2 + 2 + 2 + 2 + 2 + 1 + 8 + 2 + EVP_MAX_MD_SIZE + 1 \ + SSL_COOKIE_LENGTH + SHA256_DIGEST_LENGTH) /* @@ -745,7 +745,7 @@ int tls_parse_ctos_cookie(SSL *s, PACKET *pkt, unsigned int context, X509 *x, unsigned char hmac[SHA256_DIGEST_LENGTH]; unsigned char hrr[MAX_HRR_SIZE]; size_t rawlen, hmaclen, hrrlen, ciphlen; - unsigned long tm, now; + uint64_t tm, now; /* Ignore any cookie if we're not set up to verify it */ if (s->ctx->verify_stateless_cookie_cb == NULL @@ -855,7 +855,7 @@ int tls_parse_ctos_cookie(SSL *s, PACKET *pkt, unsigned int context, X509 *x, } if (!PACKET_get_1(&cookie, &key_share) - || !PACKET_get_net_4(&cookie, &tm) + || !PACKET_get_net_8(&cookie, &tm) || !PACKET_get_length_prefixed_2(&cookie, &chhash) || !PACKET_get_length_prefixed_1(&cookie, &appcookie) || PACKET_remaining(&cookie) != SHA256_DIGEST_LENGTH) { @@ -865,7 +865,7 @@ int tls_parse_ctos_cookie(SSL *s, PACKET *pkt, unsigned int context, X509 *x, } /* We tolerate a cookie age of up to 10 minutes (= 60 * 10 seconds) */ - now = (unsigned long)time(NULL); + now = time(NULL); if (tm > now || (now - tm) > 600) { /* Cookie is stale. Ignore it */ return 1; @@ -1199,7 +1199,7 @@ int tls_parse_ctos_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x, s->ext.early_data_ok = 1; s->ext.ticket_expected = 1; } else { - uint32_t ticket_age = 0, now, agesec, agems; + uint32_t ticket_age = 0, agesec, agems; int ret; /* @@ -1241,8 +1241,7 @@ int tls_parse_ctos_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x, } ticket_age = (uint32_t)ticket_agel; - now = (uint32_t)time(NULL); - agesec = now - (uint32_t)sess->time; + agesec = (uint32_t)(time(NULL) - sess->time); agems = agesec * (uint32_t)1000; ticket_age -= sess->ext.tick_age_add; @@ -1902,7 +1901,7 @@ EXT_RETURN tls_construct_stoc_cookie(SSL *s, WPACKET *pkt, unsigned int context, &ciphlen) /* Is there a key_share extension present in this HRR? */ || !WPACKET_put_bytes_u8(pkt, s->s3->peer_tmp == NULL) - || !WPACKET_put_bytes_u32(pkt, (unsigned int)time(NULL)) + || !WPACKET_put_bytes_u64(pkt, time(NULL)) || !WPACKET_start_sub_packet_u16(pkt) || !WPACKET_reserve_bytes(pkt, EVP_MAX_MD_SIZE, &hashval1)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_STOC_COOKIE, diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index 6fe1ff3c3..6aeedc3d6 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -3106,6 +3106,7 @@ static int tls_construct_cke_psk_preamble(SSL *s, WPACKET *pkt) if (psklen > PSK_MAX_PSK_LEN) { SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_TLS_CONSTRUCT_CKE_PSK_PREAMBLE, ERR_R_INTERNAL_ERROR); + psklen = PSK_MAX_PSK_LEN; /* Avoid overrunning the array on cleanse */ goto err; } else if (psklen == 0) { SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, diff --git a/ssl/statem_ntls/extensions.c b/ssl/statem_ntls/extensions.c index ed12e598d..ea83148b6 100644 --- a/ssl/statem_ntls/extensions.c +++ b/ssl/statem_ntls/extensions.c @@ -319,14 +319,7 @@ static const EXTENSION_DEFINITION ext_defs[] = { # else INVALID_EXTENSION, # endif - { - /* Must be after key_share */ - TLSEXT_TYPE_cookie, - SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST - | SSL_EXT_TLS_IMPLEMENTATION_ONLY | SSL_EXT_TLS1_3_ONLY, - NULL, tls_parse_ctos_cookie_ntls, tls_parse_stoc_cookie_ntls, - tls_construct_stoc_cookie_ntls, tls_construct_ctos_cookie_ntls, NULL - }, + INVALID_EXTENSION, /* TLSEXT_IDX_cookie */ { /* * Special unsolicited ServerHello extension only used when @@ -366,14 +359,7 @@ static const EXTENSION_DEFINITION ext_defs[] = { /* We send this, but don't read it */ NULL, NULL, NULL, tls_construct_ctos_padding_ntls, NULL }, - { - /* Required by the TLSv1.3 spec to always be the last extension */ - TLSEXT_TYPE_psk, - SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_SERVER_HELLO - | SSL_EXT_TLS_IMPLEMENTATION_ONLY | SSL_EXT_TLS1_3_ONLY, - NULL, tls_parse_ctos_psk_ntls, tls_parse_stoc_psk_ntls, tls_construct_stoc_psk_ntls, - tls_construct_ctos_psk_ntls, NULL - } + INVALID_EXTENSION /* TLSEXT_IDX_psk */ }; /* Check whether an extension's context matches the current context */ diff --git a/ssl/statem_ntls/extensions_clnt.c b/ssl/statem_ntls/extensions_clnt.c index 748101f3b..9d9fff663 100644 --- a/ssl/statem_ntls/extensions_clnt.c +++ b/ssl/statem_ntls/extensions_clnt.c @@ -489,35 +489,6 @@ EXT_RETURN tls_construct_ctos_key_share_ntls(SSL *s, WPACKET *pkt, # endif } -EXT_RETURN tls_construct_ctos_cookie_ntls(SSL *s, WPACKET *pkt, unsigned int context, - X509 *x, size_t chainidx) -{ - EXT_RETURN ret = EXT_RETURN_FAIL; - - /* Should only be set if we've had an HRR */ - if (s->ext.tls13_cookie_len == 0) - return EXT_RETURN_NOT_SENT; - - if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_cookie) - /* Extension data sub-packet */ - || !WPACKET_start_sub_packet_u16(pkt) - || !WPACKET_sub_memcpy_u16(pkt, s->ext.tls13_cookie, - s->ext.tls13_cookie_len) - || !WPACKET_close(pkt)) { - SSLfatal_ntls(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CTOS_COOKIE_NTLS, - ERR_R_INTERNAL_ERROR); - goto end; - } - - ret = EXT_RETURN_SENT; - end: - OPENSSL_free(s->ext.tls13_cookie); - s->ext.tls13_cookie = NULL; - s->ext.tls13_cookie_len = 0; - - return ret; -} - EXT_RETURN tls_construct_ctos_early_data_ntls(SSL *s, WPACKET *pkt, unsigned int context, X509 *x, size_t chainidx) @@ -711,214 +682,6 @@ EXT_RETURN tls_construct_ctos_padding_ntls(SSL *s, WPACKET *pkt, return EXT_RETURN_SENT; } -/* - * Construct the pre_shared_key extension - */ -EXT_RETURN tls_construct_ctos_psk_ntls(SSL *s, WPACKET *pkt, unsigned int context, - X509 *x, size_t chainidx) -{ -# ifndef OPENSSL_NO_TLS1_3 - uint32_t now, agesec, agems = 0; - size_t reshashsize = 0, pskhashsize = 0, binderoffset, msglen; - unsigned char *resbinder = NULL, *pskbinder = NULL, *msgstart = NULL; - const EVP_MD *handmd = NULL, *mdres = NULL, *mdpsk = NULL; - int dores = 0; - - s->ext.tick_identity = 0; - - /* - * Note: At this stage of the code we only support adding a single - * resumption PSK. If we add support for multiple PSKs then the length - * calculations in the padding extension will need to be adjusted. - */ - - /* - * If this is an incompatible or new session then we have nothing to resume - * so don't add this extension. - */ - if (s->session->ssl_version != TLS1_3_VERSION - || (s->session->ext.ticklen == 0 && s->psksession == NULL)) - return EXT_RETURN_NOT_SENT; - - if (s->hello_retry_request == SSL_HRR_PENDING) - handmd = ssl_handshake_md(s); - - if (s->session->ext.ticklen != 0) { - /* Get the digest associated with the ciphersuite in the session */ - if (s->session->cipher == NULL) { - SSLfatal_ntls(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CTOS_PSK_NTLS, - ERR_R_INTERNAL_ERROR); - return EXT_RETURN_FAIL; - } - mdres = ssl_md(s->session->cipher->algorithm2); - if (mdres == NULL) { - /* - * Don't recognize this cipher so we can't use the session. - * Ignore it - */ - goto dopsksess; - } - - if (s->hello_retry_request == SSL_HRR_PENDING && mdres != handmd) { - /* - * Selected ciphersuite hash does not match the hash for the session - * so we can't use it. - */ - goto dopsksess; - } - - /* - * Technically the C standard just says time() returns a time_t and says - * nothing about the encoding of that type. In practice most - * implementations follow POSIX which holds it as an integral type in - * seconds since epoch. We've already made the assumption that we can do - * this in multiple places in the code, so portability shouldn't be an - * issue. - */ - now = (uint32_t)time(NULL); - agesec = now - (uint32_t)s->session->time; - /* - * We calculate the age in seconds but the server may work in ms. Due to - * rounding errors we could overestimate the age by up to 1s. It is - * better to underestimate it. Otherwise, if the RTT is very short, when - * the server calculates the age reported by the client it could be - * bigger than the age calculated on the server - which should never - * happen. - */ - if (agesec > 0) - agesec--; - - if (s->session->ext.tick_lifetime_hint < agesec) { - /* Ticket is too old. Ignore it. */ - goto dopsksess; - } - - /* - * Calculate age in ms. We're just doing it to nearest second. Should be - * good enough. - */ - agems = agesec * (uint32_t)1000; - - if (agesec != 0 && agems / (uint32_t)1000 != agesec) { - /* - * Overflow. Shouldn't happen unless this is a *really* old session. - * If so we just ignore it. - */ - goto dopsksess; - } - - /* - * Obfuscate the age. Overflow here is fine, this addition is supposed - * to be mod 2^32. - */ - agems += s->session->ext.tick_age_add; - - reshashsize = EVP_MD_size(mdres); - s->ext.tick_identity++; - dores = 1; - } - - dopsksess: - if (!dores && s->psksession == NULL) - return EXT_RETURN_NOT_SENT; - - if (s->psksession != NULL) { - mdpsk = ssl_md(s->psksession->cipher->algorithm2); - if (mdpsk == NULL) { - /* - * Don't recognize this cipher so we can't use the session. - * If this happens it's an application bug. - */ - SSLfatal_ntls(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CTOS_PSK_NTLS, - SSL_R_BAD_PSK); - return EXT_RETURN_FAIL; - } - - if (s->hello_retry_request == SSL_HRR_PENDING && mdpsk != handmd) { - /* - * Selected ciphersuite hash does not match the hash for the PSK - * session. This is an application bug. - */ - SSLfatal_ntls(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CTOS_PSK_NTLS, - SSL_R_BAD_PSK); - return EXT_RETURN_FAIL; - } - - pskhashsize = EVP_MD_size(mdpsk); - } - - /* Create the extension, but skip over the binder for now */ - if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_psk) - || !WPACKET_start_sub_packet_u16(pkt) - || !WPACKET_start_sub_packet_u16(pkt)) { - SSLfatal_ntls(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CTOS_PSK_NTLS, - ERR_R_INTERNAL_ERROR); - return EXT_RETURN_FAIL; - } - - if (dores) { - if (!WPACKET_sub_memcpy_u16(pkt, s->session->ext.tick, - s->session->ext.ticklen) - || !WPACKET_put_bytes_u32(pkt, agems)) { - SSLfatal_ntls(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CTOS_PSK_NTLS, - ERR_R_INTERNAL_ERROR); - return EXT_RETURN_FAIL; - } - } - - if (s->psksession != NULL) { - if (!WPACKET_sub_memcpy_u16(pkt, s->psksession_id, - s->psksession_id_len) - || !WPACKET_put_bytes_u32(pkt, 0)) { - SSLfatal_ntls(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CTOS_PSK_NTLS, - ERR_R_INTERNAL_ERROR); - return EXT_RETURN_FAIL; - } - s->ext.tick_identity++; - } - - if (!WPACKET_close(pkt) - || !WPACKET_get_total_written(pkt, &binderoffset) - || !WPACKET_start_sub_packet_u16(pkt) - || (dores - && !WPACKET_sub_allocate_bytes_u8(pkt, reshashsize, &resbinder)) - || (s->psksession != NULL - && !WPACKET_sub_allocate_bytes_u8(pkt, pskhashsize, &pskbinder)) - || !WPACKET_close(pkt) - || !WPACKET_close(pkt) - || !WPACKET_get_total_written(pkt, &msglen) - /* - * We need to fill in all the sub-packet lengths now so we can - * calculate the HMAC of the message up to the binders - */ - || !WPACKET_fill_lengths(pkt)) { - SSLfatal_ntls(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CTOS_PSK_NTLS, - ERR_R_INTERNAL_ERROR); - return EXT_RETURN_FAIL; - } - - msgstart = WPACKET_get_curr(pkt) - msglen; - - if (dores - && tls_psk_do_binder_ntls(s, mdres, msgstart, binderoffset, NULL, - resbinder, s->session, 1, 0) != 1) { - /* SSLfatal_ntls() already called */ - return EXT_RETURN_FAIL; - } - - if (s->psksession != NULL - && tls_psk_do_binder_ntls(s, mdpsk, msgstart, binderoffset, NULL, - pskbinder, s->psksession, 1, 1) != 1) { - /* SSLfatal_ntls() already called */ - return EXT_RETURN_FAIL; - } - - return EXT_RETURN_SENT; -# else - return EXT_RETURN_NOT_SENT; -# endif -} - EXT_RETURN tls_construct_ctos_post_handshake_auth_ntls(SSL *s, WPACKET *pkt, unsigned int context, X509 *x, size_t chainidx) @@ -1496,22 +1259,6 @@ int tls_parse_stoc_key_share_ntls(SSL *s, PACKET *pkt, unsigned int context, X50 return 1; } -int tls_parse_stoc_cookie_ntls(SSL *s, PACKET *pkt, unsigned int context, X509 *x, - size_t chainidx) -{ - PACKET cookie; - - if (!PACKET_as_length_prefixed_2(pkt, &cookie) - || !PACKET_memdup(&cookie, &s->ext.tls13_cookie, - &s->ext.tls13_cookie_len)) { - SSLfatal_ntls(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_STOC_COOKIE_NTLS, - SSL_R_LENGTH_MISMATCH); - return 0; - } - - return 1; -} - int tls_parse_stoc_early_data_ntls(SSL *s, PACKET *pkt, unsigned int context, X509 *x, size_t chainidx) { @@ -1553,64 +1300,4 @@ int tls_parse_stoc_early_data_ntls(SSL *s, PACKET *pkt, unsigned int context, return 1; } -int tls_parse_stoc_psk_ntls(SSL *s, PACKET *pkt, unsigned int context, X509 *x, - size_t chainidx) -{ -# ifndef OPENSSL_NO_TLS1_3 - unsigned int identity; - - if (!PACKET_get_net_2(pkt, &identity) || PACKET_remaining(pkt) != 0) { - SSLfatal_ntls(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_STOC_PSK_NTLS, - SSL_R_LENGTH_MISMATCH); - return 0; - } - - if (identity >= (unsigned int)s->ext.tick_identity) { - SSLfatal_ntls(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PARSE_STOC_PSK_NTLS, - SSL_R_BAD_PSK_IDENTITY); - return 0; - } - - /* - * Session resumption tickets are always sent before PSK tickets. If the - * ticket index is 0 then it must be for a session resumption ticket if we - * sent two tickets, or if we didn't send a PSK ticket. - */ - if (identity == 0 && (s->psksession == NULL || s->ext.tick_identity == 2)) { - s->hit = 1; - SSL_SESSION_free(s->psksession); - s->psksession = NULL; - return 1; - } - - if (s->psksession == NULL) { - /* Should never happen */ - SSLfatal_ntls(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_PSK_NTLS, - ERR_R_INTERNAL_ERROR); - return 0; - } - - /* - * If we used the external PSK for sending early_data then s->early_secret - * is already set up, so don't overwrite it. Otherwise we copy the - * early_secret across that we generated earlier. - */ - if ((s->early_data_state != SSL_EARLY_DATA_WRITE_RETRY - && s->early_data_state != SSL_EARLY_DATA_FINISHED_WRITING) - || s->session->ext.max_early_data > 0 - || s->psksession->ext.max_early_data == 0) - memcpy(s->early_secret, s->psksession->early_secret, EVP_MAX_MD_SIZE); - - SSL_SESSION_free(s->session); - s->session = s->psksession; - s->psksession = NULL; - s->hit = 1; - /* Early data is only allowed if we used the first ticket */ - if (identity != 0) - s->ext.early_data_ok = 0; -# endif - - return 1; -} - #endif diff --git a/ssl/statem_ntls/extensions_srvr.c b/ssl/statem_ntls/extensions_srvr.c index 13268fabc..b439db8c2 100644 --- a/ssl/statem_ntls/extensions_srvr.c +++ b/ssl/statem_ntls/extensions_srvr.c @@ -9,30 +9,6 @@ #ifndef OPENSSL_NO_NTLS -# define COOKIE_STATE_FORMAT_VERSION 0 - -/* - * 2 bytes for packet length, 2 bytes for format version, 2 bytes for - * protocol version, 2 bytes for group id, 2 bytes for cipher id, 1 byte for - * key_share present flag, 4 bytes for timestamp, 2 bytes for the hashlen, - * EVP_MAX_MD_SIZE for transcript hash, 1 byte for app cookie length, app cookie - * length bytes, SHA256_DIGEST_LENGTH bytes for the HMAC of the whole thing. - */ -# define MAX_COOKIE_SIZE (2 + 2 + 2 + 2 + 2 + 1 + 4 + 2 + EVP_MAX_MD_SIZE + 1 \ - + SSL_COOKIE_LENGTH + SHA256_DIGEST_LENGTH) - -/* - * Message header + 2 bytes for protocol version + number of random bytes + - * + 1 byte for legacy session id length + number of bytes in legacy session id - * + 2 bytes for ciphersuite + 1 byte for legacy compression - * + 2 bytes for extension block length + 6 bytes for key_share extension - * + 4 bytes for cookie extension header + the number of bytes in the cookie - */ -# define MAX_HRR_SIZE (SSL3_HM_HEADER_LENGTH + 2 + SSL3_RANDOM_SIZE + 1 \ - + SSL_MAX_SSL_SESSION_ID_LENGTH + 2 + 1 + 2 + 6 + 4 \ - + MAX_COOKIE_SIZE) - - /*- * The servername extension is treated as follows: * @@ -609,228 +585,6 @@ int tls_parse_ctos_key_share_ntls(SSL *s, PACKET *pkt, unsigned int context, X50 return 1; } -int tls_parse_ctos_cookie_ntls(SSL *s, PACKET *pkt, unsigned int context, X509 *x, - size_t chainidx) -{ -# ifndef OPENSSL_NO_TLS1_3 - unsigned int format, version, key_share, group_id; - EVP_MD_CTX *hctx; - EVP_PKEY *pkey; - PACKET cookie, raw, chhash, appcookie; - WPACKET hrrpkt; - const unsigned char *data, *mdin, *ciphdata; - unsigned char hmac[SHA256_DIGEST_LENGTH]; - unsigned char hrr[MAX_HRR_SIZE]; - size_t rawlen, hmaclen, hrrlen, ciphlen; - unsigned long tm, now; - - /* Ignore any cookie if we're not set up to verify it */ - if (s->ctx->verify_stateless_cookie_cb == NULL - || (s->s3->flags & TLS1_FLAGS_STATELESS) == 0) - return 1; - - if (!PACKET_as_length_prefixed_2(pkt, &cookie)) { - SSLfatal_ntls(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_CTOS_COOKIE_NTLS, - SSL_R_LENGTH_MISMATCH); - return 0; - } - - raw = cookie; - data = PACKET_data(&raw); - rawlen = PACKET_remaining(&raw); - if (rawlen < SHA256_DIGEST_LENGTH - || !PACKET_forward(&raw, rawlen - SHA256_DIGEST_LENGTH)) { - SSLfatal_ntls(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_CTOS_COOKIE_NTLS, - SSL_R_LENGTH_MISMATCH); - return 0; - } - mdin = PACKET_data(&raw); - - /* Verify the HMAC of the cookie */ - hctx = EVP_MD_CTX_create(); - pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, NULL, - s->session_ctx->ext.cookie_hmac_key, - sizeof(s->session_ctx->ext - .cookie_hmac_key)); - if (hctx == NULL || pkey == NULL) { - EVP_MD_CTX_free(hctx); - EVP_PKEY_free(pkey); - SSLfatal_ntls(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_CTOS_COOKIE_NTLS, - ERR_R_MALLOC_FAILURE); - return 0; - } - - hmaclen = SHA256_DIGEST_LENGTH; - if (EVP_DigestSignInit(hctx, NULL, EVP_sha256(), NULL, pkey) <= 0 - || EVP_DigestSign(hctx, hmac, &hmaclen, data, - rawlen - SHA256_DIGEST_LENGTH) <= 0 - || hmaclen != SHA256_DIGEST_LENGTH) { - EVP_MD_CTX_free(hctx); - EVP_PKEY_free(pkey); - SSLfatal_ntls(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_CTOS_COOKIE_NTLS, - ERR_R_INTERNAL_ERROR); - return 0; - } - - EVP_MD_CTX_free(hctx); - EVP_PKEY_free(pkey); - - if (CRYPTO_memcmp(hmac, mdin, SHA256_DIGEST_LENGTH) != 0) { - SSLfatal_ntls(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PARSE_CTOS_COOKIE_NTLS, - SSL_R_COOKIE_MISMATCH); - return 0; - } - - if (!PACKET_get_net_2(&cookie, &format)) { - SSLfatal_ntls(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_CTOS_COOKIE_NTLS, - SSL_R_LENGTH_MISMATCH); - return 0; - } - /* Check the cookie format is something we recognise. Ignore it if not */ - if (format != COOKIE_STATE_FORMAT_VERSION) - return 1; - - /* - * The rest of these checks really shouldn't fail since we have verified the - * HMAC above. - */ - - /* Check the version number is sane */ - if (!PACKET_get_net_2(&cookie, &version)) { - SSLfatal_ntls(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_CTOS_COOKIE_NTLS, - SSL_R_LENGTH_MISMATCH); - return 0; - } - if (version != TLS1_3_VERSION) { - SSLfatal_ntls(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PARSE_CTOS_COOKIE_NTLS, - SSL_R_BAD_PROTOCOL_VERSION_NUMBER); - return 0; - } - - if (!PACKET_get_net_2(&cookie, &group_id)) { - SSLfatal_ntls(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_CTOS_COOKIE_NTLS, - SSL_R_LENGTH_MISMATCH); - return 0; - } - - ciphdata = PACKET_data(&cookie); - if (!PACKET_forward(&cookie, 2)) { - SSLfatal_ntls(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_CTOS_COOKIE_NTLS, - SSL_R_LENGTH_MISMATCH); - return 0; - } - if (group_id != s->s3->group_id - || s->s3->tmp.new_cipher - != ssl_get_cipher_by_char(s, ciphdata, 0)) { - /* - * We chose a different cipher or group id this time around to what is - * in the cookie. Something must have changed. - */ - SSLfatal_ntls(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PARSE_CTOS_COOKIE_NTLS, - SSL_R_BAD_CIPHER); - return 0; - } - - if (!PACKET_get_1(&cookie, &key_share) - || !PACKET_get_net_4(&cookie, &tm) - || !PACKET_get_length_prefixed_2(&cookie, &chhash) - || !PACKET_get_length_prefixed_1(&cookie, &appcookie) - || PACKET_remaining(&cookie) != SHA256_DIGEST_LENGTH) { - SSLfatal_ntls(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_CTOS_COOKIE_NTLS, - SSL_R_LENGTH_MISMATCH); - return 0; - } - - /* We tolerate a cookie age of up to 10 minutes (= 60 * 10 seconds) */ - now = (unsigned long)time(NULL); - if (tm > now || (now - tm) > 600) { - /* Cookie is stale. Ignore it */ - return 1; - } - - /* Verify the app cookie */ - if (s->ctx->verify_stateless_cookie_cb(s, PACKET_data(&appcookie), - PACKET_remaining(&appcookie)) == 0) { - SSLfatal_ntls(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PARSE_CTOS_COOKIE_NTLS, - SSL_R_COOKIE_MISMATCH); - return 0; - } - - /* - * Reconstruct the HRR that we would have sent in response to the original - * ClientHello so we can add it to the transcript hash. - * Note: This won't work with custom HRR extensions - */ - if (!WPACKET_init_static_len(&hrrpkt, hrr, sizeof(hrr), 0)) { - SSLfatal_ntls(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_CTOS_COOKIE_NTLS, - ERR_R_INTERNAL_ERROR); - return 0; - } - if (!WPACKET_put_bytes_u8(&hrrpkt, SSL3_MT_SERVER_HELLO) - || !WPACKET_start_sub_packet_u24(&hrrpkt) - || !WPACKET_put_bytes_u16(&hrrpkt, TLS1_2_VERSION) - || !WPACKET_memcpy(&hrrpkt, hrrrandom_ntls, SSL3_RANDOM_SIZE) - || !WPACKET_sub_memcpy_u8(&hrrpkt, s->tmp_session_id, - s->tmp_session_id_len) - || !s->method->put_cipher_by_char(s->s3->tmp.new_cipher, &hrrpkt, - &ciphlen) - || !WPACKET_put_bytes_u8(&hrrpkt, 0) - || !WPACKET_start_sub_packet_u16(&hrrpkt)) { - WPACKET_cleanup(&hrrpkt); - SSLfatal_ntls(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_CTOS_COOKIE_NTLS, - ERR_R_INTERNAL_ERROR); - return 0; - } - if (!WPACKET_put_bytes_u16(&hrrpkt, TLSEXT_TYPE_supported_versions) - || !WPACKET_start_sub_packet_u16(&hrrpkt) - || !WPACKET_put_bytes_u16(&hrrpkt, s->version) - || !WPACKET_close(&hrrpkt)) { - WPACKET_cleanup(&hrrpkt); - SSLfatal_ntls(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_CTOS_COOKIE_NTLS, - ERR_R_INTERNAL_ERROR); - return 0; - } - if (key_share) { - if (!WPACKET_put_bytes_u16(&hrrpkt, TLSEXT_TYPE_key_share) - || !WPACKET_start_sub_packet_u16(&hrrpkt) - || !WPACKET_put_bytes_u16(&hrrpkt, s->s3->group_id) - || !WPACKET_close(&hrrpkt)) { - WPACKET_cleanup(&hrrpkt); - SSLfatal_ntls(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_CTOS_COOKIE_NTLS, - ERR_R_INTERNAL_ERROR); - return 0; - } - } - if (!WPACKET_put_bytes_u16(&hrrpkt, TLSEXT_TYPE_cookie) - || !WPACKET_start_sub_packet_u16(&hrrpkt) - || !WPACKET_sub_memcpy_u16(&hrrpkt, data, rawlen) - || !WPACKET_close(&hrrpkt) /* cookie extension */ - || !WPACKET_close(&hrrpkt) /* extension block */ - || !WPACKET_close(&hrrpkt) /* message */ - || !WPACKET_get_total_written(&hrrpkt, &hrrlen) - || !WPACKET_finish(&hrrpkt)) { - WPACKET_cleanup(&hrrpkt); - SSLfatal_ntls(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_CTOS_COOKIE_NTLS, - ERR_R_INTERNAL_ERROR); - return 0; - } - - /* Reconstruct the transcript hash */ - if (!create_synthetic_message_hash_ntls(s, PACKET_data(&chhash), - PACKET_remaining(&chhash), hrr, - hrrlen)) { - /* SSLfatal_ntls() already called */ - return 0; - } - - /* Act as if this ClientHello came after a HelloRetryRequest */ - s->hello_retry_request = 1; - - s->ext.cookieok = 1; -# endif - return 1; -} - # ifndef OPENSSL_NO_EC int tls_parse_ctos_supported_groups_ntls(SSL *s, PACKET *pkt, unsigned int context, X509 *x, size_t chainidx) @@ -866,224 +620,6 @@ int tls_parse_ctos_early_data_ntls(SSL *s, PACKET *pkt, unsigned int context, return 1; } -static SSL_TICKET_STATUS tls_get_stateful_ticket(SSL *s, PACKET *tick, - SSL_SESSION **sess) -{ - SSL_SESSION *tmpsess = NULL; - - s->ext.ticket_expected = 1; - - switch (PACKET_remaining(tick)) { - case 0: - return SSL_TICKET_EMPTY; - - case SSL_MAX_SSL_SESSION_ID_LENGTH: - break; - - default: - return SSL_TICKET_NO_DECRYPT; - } - - tmpsess = lookup_sess_in_cache(s, PACKET_data(tick), - SSL_MAX_SSL_SESSION_ID_LENGTH); - - if (tmpsess == NULL) - return SSL_TICKET_NO_DECRYPT; - - *sess = tmpsess; - return SSL_TICKET_SUCCESS; -} - -int tls_parse_ctos_psk_ntls(SSL *s, PACKET *pkt, unsigned int context, X509 *x, - size_t chainidx) -{ - PACKET identities, binders, binder; - size_t binderoffset, hashsize; - SSL_SESSION *sess = NULL; - unsigned int id, i, ext = 0; - const EVP_MD *md = NULL; - - /* - * If we have no PSK kex mode that we recognise then we can't resume so - * ignore this extension - */ - if ((s->ext.psk_kex_mode - & (TLSEXT_KEX_MODE_FLAG_KE | TLSEXT_KEX_MODE_FLAG_KE_DHE)) == 0) - return 1; - - if (!PACKET_get_length_prefixed_2(pkt, &identities)) { - SSLfatal_ntls(s, SSL_AD_DECODE_ERROR, - SSL_F_TLS_PARSE_CTOS_PSK_NTLS, SSL_R_BAD_EXTENSION); - return 0; - } - - s->ext.ticket_expected = 0; - for (id = 0; PACKET_remaining(&identities) != 0; id++) { - PACKET identity; - unsigned long ticket_agel; - size_t idlen; - - if (!PACKET_get_length_prefixed_2(&identities, &identity) - || !PACKET_get_net_4(&identities, &ticket_agel)) { - SSLfatal_ntls(s, SSL_AD_DECODE_ERROR, - SSL_F_TLS_PARSE_CTOS_PSK_NTLS, SSL_R_BAD_EXTENSION); - return 0; - } - - idlen = PACKET_remaining(&identity); - if (s->psk_find_session_cb != NULL - && !s->psk_find_session_cb(s, PACKET_data(&identity), idlen, - &sess)) { - SSLfatal_ntls(s, SSL_AD_INTERNAL_ERROR, - SSL_F_TLS_PARSE_CTOS_PSK_NTLS, SSL_R_BAD_EXTENSION); - return 0; - } - - if (sess != NULL) { - /* We found a PSK */ - SSL_SESSION *sesstmp = ssl_session_dup(sess, 0); - - if (sesstmp == NULL) { - SSLfatal_ntls(s, SSL_AD_INTERNAL_ERROR, - SSL_F_TLS_PARSE_CTOS_PSK_NTLS, ERR_R_INTERNAL_ERROR); - return 0; - } - SSL_SESSION_free(sess); - sess = sesstmp; - - /* - * We've just been told to use this session for this context so - * make sure the sid_ctx matches up. - */ - memcpy(sess->sid_ctx, s->sid_ctx, s->sid_ctx_length); - sess->sid_ctx_length = s->sid_ctx_length; - ext = 1; - if (id == 0) - s->ext.early_data_ok = 1; - s->ext.ticket_expected = 1; - } else { - uint32_t ticket_age = 0, now, agesec, agems; - int ret; - - /* - * If we are using anti-replay protection then we behave as if - * SSL_OP_NO_TICKET is set - we are caching tickets anyway so there - * is no point in using full stateless tickets. - */ - if ((s->options & SSL_OP_NO_TICKET) != 0 - || (s->max_early_data > 0 - && (s->options & SSL_OP_NO_ANTI_REPLAY) == 0)) - ret = tls_get_stateful_ticket(s, &identity, &sess); - else - ret = tls_decrypt_ticket(s, PACKET_data(&identity), - PACKET_remaining(&identity), NULL, 0, - &sess); - - if (ret == SSL_TICKET_EMPTY) { - SSLfatal_ntls(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_CTOS_PSK_NTLS, - SSL_R_BAD_EXTENSION); - return 0; - } - - if (ret == SSL_TICKET_FATAL_ERR_MALLOC - || ret == SSL_TICKET_FATAL_ERR_OTHER) { - SSLfatal_ntls(s, SSL_AD_INTERNAL_ERROR, - SSL_F_TLS_PARSE_CTOS_PSK_NTLS, ERR_R_INTERNAL_ERROR); - return 0; - } - if (ret == SSL_TICKET_NONE || ret == SSL_TICKET_NO_DECRYPT) - continue; - - /* Check for replay */ - if (s->max_early_data > 0 - && (s->options & SSL_OP_NO_ANTI_REPLAY) == 0 - && !SSL_CTX_remove_session(s->session_ctx, sess)) { - SSL_SESSION_free(sess); - sess = NULL; - continue; - } - - ticket_age = (uint32_t)ticket_agel; - now = (uint32_t)time(NULL); - agesec = now - (uint32_t)sess->time; - agems = agesec * (uint32_t)1000; - ticket_age -= sess->ext.tick_age_add; - - /* - * For simplicity we do our age calculations in seconds. If the - * client does it in ms then it could appear that their ticket age - * is longer than ours (our ticket age calculation should always be - * slightly longer than the client's due to the network latency). - * Therefore we add 1000ms to our age calculation to adjust for - * rounding errors. - */ - if (id == 0 - && sess->timeout >= (long)agesec - && agems / (uint32_t)1000 == agesec - && ticket_age <= agems + 1000 - && ticket_age + TICKET_AGE_ALLOWANCE >= agems + 1000) { - /* - * Ticket age is within tolerance and not expired. We allow it - * for early data - */ - s->ext.early_data_ok = 1; - } - } - - md = ssl_md(sess->cipher->algorithm2); - if (md != ssl_md(s->s3->tmp.new_cipher->algorithm2)) { - /* The ciphersuite is not compatible with this session. */ - SSL_SESSION_free(sess); - sess = NULL; - s->ext.early_data_ok = 0; - s->ext.ticket_expected = 0; - continue; - } - break; - } - - if (sess == NULL) - return 1; - - binderoffset = PACKET_data(pkt) - (const unsigned char *)s->init_buf->data; - hashsize = EVP_MD_size(md); - - if (!PACKET_get_length_prefixed_2(pkt, &binders)) { - SSLfatal_ntls(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_CTOS_PSK_NTLS, - SSL_R_BAD_EXTENSION); - goto err; - } - - for (i = 0; i <= id; i++) { - if (!PACKET_get_length_prefixed_1(&binders, &binder)) { - SSLfatal_ntls(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_CTOS_PSK_NTLS, - SSL_R_BAD_EXTENSION); - goto err; - } - } - - if (PACKET_remaining(&binder) != hashsize) { - SSLfatal_ntls(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_CTOS_PSK_NTLS, - SSL_R_BAD_EXTENSION); - goto err; - } - if (tls_psk_do_binder_ntls(s, md, (const unsigned char *)s->init_buf->data, - binderoffset, PACKET_data(&binder), NULL, sess, 0, - ext) != 1) { - /* SSLfatal_ntls() already called */ - goto err; - } - - s->ext.tick_identity = id; - - SSL_SESSION_free(s->session); - s->session = sess; - return 1; -err: - SSL_SESSION_free(sess); - return 0; -} - int tls_parse_ctos_post_handshake_auth_ntls(SSL *s, PACKET *pkt, unsigned int context, X509 *x, size_t chainidx) { @@ -1395,139 +931,6 @@ EXT_RETURN tls_construct_stoc_key_share_ntls(SSL *s, WPACKET *pkt, # endif } -EXT_RETURN tls_construct_stoc_cookie_ntls(SSL *s, WPACKET *pkt, unsigned int context, - X509 *x, size_t chainidx) -{ -# ifndef OPENSSL_NO_TLS1_3 - unsigned char *hashval1, *hashval2, *appcookie1, *appcookie2, *cookie; - unsigned char *hmac, *hmac2; - size_t startlen, ciphlen, totcookielen, hashlen, hmaclen, appcookielen; - EVP_MD_CTX *hctx; - EVP_PKEY *pkey; - int ret = EXT_RETURN_FAIL; - - if ((s->s3->flags & TLS1_FLAGS_STATELESS) == 0) - return EXT_RETURN_NOT_SENT; - - if (s->ctx->gen_stateless_cookie_cb == NULL) { - SSLfatal_ntls(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_STOC_COOKIE_NTLS, - SSL_R_NO_COOKIE_CALLBACK_SET); - return EXT_RETURN_FAIL; - } - - if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_cookie) - || !WPACKET_start_sub_packet_u16(pkt) - || !WPACKET_start_sub_packet_u16(pkt) - || !WPACKET_get_total_written(pkt, &startlen) - || !WPACKET_reserve_bytes(pkt, MAX_COOKIE_SIZE, &cookie) - || !WPACKET_put_bytes_u16(pkt, COOKIE_STATE_FORMAT_VERSION) - || !WPACKET_put_bytes_u16(pkt, TLS1_3_VERSION) - || !WPACKET_put_bytes_u16(pkt, s->s3->group_id) - || !s->method->put_cipher_by_char(s->s3->tmp.new_cipher, pkt, - &ciphlen) - /* Is there a key_share extension present in this HRR? */ - || !WPACKET_put_bytes_u8(pkt, s->s3->peer_tmp == NULL) - || !WPACKET_put_bytes_u32(pkt, (unsigned int)time(NULL)) - || !WPACKET_start_sub_packet_u16(pkt) - || !WPACKET_reserve_bytes(pkt, EVP_MAX_MD_SIZE, &hashval1)) { - SSLfatal_ntls(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_STOC_COOKIE_NTLS, - ERR_R_INTERNAL_ERROR); - return EXT_RETURN_FAIL; - } - - /* - * Get the hash of the initial ClientHello. ssl_handshake_hash() operates - * on raw buffers, so we first reserve sufficient bytes (above) and then - * subsequently allocate them (below) - */ - if (!ssl3_digest_cached_records(s, 0) - || !ssl_handshake_hash(s, hashval1, EVP_MAX_MD_SIZE, &hashlen)) { - /* SSLfatal_ntls() already called */ - return EXT_RETURN_FAIL; - } - - if (!WPACKET_allocate_bytes(pkt, hashlen, &hashval2) - || !ossl_assert(hashval1 == hashval2) - || !WPACKET_close(pkt) - || !WPACKET_start_sub_packet_u8(pkt) - || !WPACKET_reserve_bytes(pkt, SSL_COOKIE_LENGTH, &appcookie1)) { - SSLfatal_ntls(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_STOC_COOKIE_NTLS, - ERR_R_INTERNAL_ERROR); - return EXT_RETURN_FAIL; - } - - /* Generate the application cookie */ - if (s->ctx->gen_stateless_cookie_cb(s, appcookie1, &appcookielen) == 0) { - SSLfatal_ntls(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_STOC_COOKIE_NTLS, - SSL_R_COOKIE_GEN_CALLBACK_FAILURE); - return EXT_RETURN_FAIL; - } - - if (!WPACKET_allocate_bytes(pkt, appcookielen, &appcookie2) - || !ossl_assert(appcookie1 == appcookie2) - || !WPACKET_close(pkt) - || !WPACKET_get_total_written(pkt, &totcookielen) - || !WPACKET_reserve_bytes(pkt, SHA256_DIGEST_LENGTH, &hmac)) { - SSLfatal_ntls(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_STOC_COOKIE_NTLS, - ERR_R_INTERNAL_ERROR); - return EXT_RETURN_FAIL; - } - hmaclen = SHA256_DIGEST_LENGTH; - - totcookielen -= startlen; - if (!ossl_assert(totcookielen <= MAX_COOKIE_SIZE - SHA256_DIGEST_LENGTH)) { - SSLfatal_ntls(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_STOC_COOKIE_NTLS, - ERR_R_INTERNAL_ERROR); - return EXT_RETURN_FAIL; - } - - /* HMAC the cookie */ - hctx = EVP_MD_CTX_create(); - pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, NULL, - s->session_ctx->ext.cookie_hmac_key, - sizeof(s->session_ctx->ext - .cookie_hmac_key)); - if (hctx == NULL || pkey == NULL) { - SSLfatal_ntls(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_STOC_COOKIE_NTLS, - ERR_R_MALLOC_FAILURE); - goto err; - } - - if (EVP_DigestSignInit(hctx, NULL, EVP_sha256(), NULL, pkey) <= 0 - || EVP_DigestSign(hctx, hmac, &hmaclen, cookie, - totcookielen) <= 0) { - SSLfatal_ntls(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_STOC_COOKIE_NTLS, - ERR_R_INTERNAL_ERROR); - goto err; - } - - if (!ossl_assert(totcookielen + hmaclen <= MAX_COOKIE_SIZE)) { - SSLfatal_ntls(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_STOC_COOKIE_NTLS, - ERR_R_INTERNAL_ERROR); - goto err; - } - - if (!WPACKET_allocate_bytes(pkt, hmaclen, &hmac2) - || !ossl_assert(hmac == hmac2) - || !ossl_assert(cookie == hmac - totcookielen) - || !WPACKET_close(pkt) - || !WPACKET_close(pkt)) { - SSLfatal_ntls(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_STOC_COOKIE_NTLS, - ERR_R_INTERNAL_ERROR); - goto err; - } - - ret = EXT_RETURN_SENT; - - err: - EVP_MD_CTX_free(hctx); - EVP_PKEY_free(pkey); - return ret; -# else - return EXT_RETURN_FAIL; -# endif -} - EXT_RETURN tls_construct_stoc_cryptopro_bug_ntls(SSL *s, WPACKET *pkt, unsigned int context, X509 *x, size_t chainidx) @@ -1589,22 +992,4 @@ EXT_RETURN tls_construct_stoc_early_data_ntls(SSL *s, WPACKET *pkt, return EXT_RETURN_SENT; } -EXT_RETURN tls_construct_stoc_psk_ntls(SSL *s, WPACKET *pkt, unsigned int context, - X509 *x, size_t chainidx) -{ - if (!s->hit) - return EXT_RETURN_NOT_SENT; - - if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_psk) - || !WPACKET_start_sub_packet_u16(pkt) - || !WPACKET_put_bytes_u16(pkt, s->ext.tick_identity) - || !WPACKET_close(pkt)) { - SSLfatal_ntls(s, SSL_AD_INTERNAL_ERROR, - SSL_F_TLS_CONSTRUCT_STOC_PSK_NTLS, ERR_R_INTERNAL_ERROR); - return EXT_RETURN_FAIL; - } - - return EXT_RETURN_SENT; -} - #endif diff --git a/ssl/statem_ntls/statem_local_ntls.h b/ssl/statem_ntls/statem_local_ntls.h index e2db3c250..4b68bd4e9 100644 --- a/ssl/statem_ntls/statem_local_ntls.h +++ b/ssl/statem_ntls/statem_local_ntls.h @@ -226,14 +226,10 @@ int tls_parse_ctos_etm_ntls(SSL *s, PACKET *pkt, unsigned int context, X509 *x, size_t chainidx); int tls_parse_ctos_key_share_ntls(SSL *s, PACKET *pkt, unsigned int context, X509 *x, size_t chainidx); -int tls_parse_ctos_cookie_ntls(SSL *s, PACKET *pkt, unsigned int context, X509 *x, - size_t chainidx); int tls_parse_ctos_ems_ntls(SSL *s, PACKET *pkt, unsigned int context, X509 *x, size_t chainidx); int tls_parse_ctos_psk_kex_modes_ntls(SSL *s, PACKET *pkt, unsigned int context, X509 *x, size_t chainidx); -int tls_parse_ctos_psk_ntls(SSL *s, PACKET *pkt, unsigned int context, X509 *x, - size_t chainidx); int tls_parse_ctos_post_handshake_auth_ntls(SSL *, PACKET *pkt, unsigned int context, X509 *x, size_t chainidx); EXT_RETURN tls_construct_stoc_server_name_ntls(SSL *s, WPACKET *pkt, @@ -282,8 +278,6 @@ EXT_RETURN tls_construct_stoc_supported_versions_ntls(SSL *s, WPACKET *pkt, EXT_RETURN tls_construct_stoc_key_share_ntls(SSL *s, WPACKET *pkt, unsigned int context, X509 *x, size_t chainidx); -EXT_RETURN tls_construct_stoc_cookie_ntls(SSL *s, WPACKET *pkt, unsigned int context, - X509 *x, size_t chainidx); /* * Not in public headers as this is not an official extension. Only used when * SSL_OP_CRYPTOPRO_TLSEXT_BUG is set. @@ -292,9 +286,6 @@ EXT_RETURN tls_construct_stoc_cookie_ntls(SSL *s, WPACKET *pkt, unsigned int con EXT_RETURN tls_construct_stoc_cryptopro_bug_ntls(SSL *s, WPACKET *pkt, unsigned int context, X509 *x, size_t chainidx); -EXT_RETURN tls_construct_stoc_psk_ntls(SSL *s, WPACKET *pkt, unsigned int context, - X509 *x, size_t chainidx); - /* Client Extension processing */ EXT_RETURN tls_construct_ctos_server_name_ntls(SSL *s, WPACKET *pkt, unsigned int context, X509 *x, size_t chainidx); @@ -350,13 +341,9 @@ EXT_RETURN tls_construct_ctos_key_share_ntls(SSL *s, WPACKET *pkt, EXT_RETURN tls_construct_ctos_psk_kex_modes_ntls(SSL *s, WPACKET *pkt, unsigned int context, X509 *x, size_t chainidx); -EXT_RETURN tls_construct_ctos_cookie_ntls(SSL *s, WPACKET *pkt, unsigned int context, - X509 *x, size_t chainidx); EXT_RETURN tls_construct_ctos_padding_ntls(SSL *s, WPACKET *pkt, unsigned int context, X509 *x, size_t chainidx); -EXT_RETURN tls_construct_ctos_psk_ntls(SSL *s, WPACKET *pkt, unsigned int context, - X509 *x, size_t chainidx); EXT_RETURN tls_construct_ctos_post_handshake_auth_ntls(SSL *s, WPACKET *pkt, unsigned int context, X509 *x, size_t chainidx); @@ -398,11 +385,6 @@ int tls_parse_stoc_supported_versions_ntls(SSL *s, PACKET *pkt, unsigned int con X509 *x, size_t chainidx); int tls_parse_stoc_key_share_ntls(SSL *s, PACKET *pkt, unsigned int context, X509 *x, size_t chainidx); -int tls_parse_stoc_cookie_ntls(SSL *s, PACKET *pkt, unsigned int context, X509 *x, - size_t chainidx); -int tls_parse_stoc_psk_ntls(SSL *s, PACKET *pkt, unsigned int context, X509 *x, - size_t chainidx); - int tls_handle_alpn_ntls(SSL *s); int tls13_save_handshake_digest_for_pha_ntls(SSL *s); diff --git a/test/bntest.c b/test/bntest.c index 174ade621..eeb739ab7 100644 --- a/test/bntest.c +++ b/test/bntest.c @@ -106,6 +106,7 @@ static BIGNUM *getBN(STANZA *s, const char *attribute) if (parseBN(&ret, hex) != (int)strlen(hex)) { TEST_error("Could not decode '%s'", hex); + BN_free(ret); return NULL; } return ret; diff --git a/test/cipherlist_test.c b/test/cipherlist_test.c index 5bcad73d0..f5a75677c 100644 --- a/test/cipherlist_test.c +++ b/test/cipherlist_test.c @@ -215,8 +215,10 @@ static int test_default_cipherlist_explicit(void) if (fixture == NULL) return 0; if (!TEST_true(SSL_CTX_set_cipher_list(fixture->server, "DEFAULT")) - || !TEST_true(SSL_CTX_set_cipher_list(fixture->client, "DEFAULT"))) + || !TEST_true(SSL_CTX_set_cipher_list(fixture->client, "DEFAULT"))) { tear_down(fixture); + fixture = NULL; + } EXECUTE_CIPHERLIST_TEST(); return result; } diff --git a/test/ec_elgamal_internal_test.c b/test/ec_elgamal_internal_test.c index 70edecef7..dad41b205 100644 --- a/test/ec_elgamal_internal_test.c +++ b/test/ec_elgamal_internal_test.c @@ -46,6 +46,7 @@ static size_t ec_elgamal_encrypt(EC_ELGAMAL_CTX *ctx, ret = size; err: + OPENSSL_free(buf); EC_ELGAMAL_CIPHERTEXT_free(r); return ret; } diff --git a/test/exdatatest.c b/test/exdatatest.c index bc39a145e..c69149fe7 100644 --- a/test/exdatatest.c +++ b/test/exdatatest.c @@ -185,16 +185,19 @@ static MYOBJ *MYOBJ_dup(MYOBJ *in) static int test_exdata(void) { - MYOBJ *t1, *t2, *t3; - MYOBJ_EX_DATA *ex_data; + MYOBJ *t1 = NULL, *t2 = NULL, *t3 = NULL; + MYOBJ_EX_DATA *ex_data = NULL; const char *cp; char *p; + int res = 0; gbl_result = 1; - p = OPENSSL_strdup("hello world"); + if (!TEST_ptr(p = OPENSSL_strdup("hello world"))) + return 0; saved_argl = 21; - saved_argp = OPENSSL_malloc(1); + if (!TEST_ptr(saved_argp = OPENSSL_malloc(1))) + goto err; saved_idx = CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_APP, saved_argl, saved_argp, exnew, exdup, exfree); @@ -204,58 +207,58 @@ static int test_exdata(void) t1 = MYOBJ_new(); t2 = MYOBJ_new(); if (!TEST_int_eq(t1->st, 1) || !TEST_int_eq(t2->st, 1)) - return 0; + goto err; if (!TEST_ptr(CRYPTO_get_ex_data(&t1->ex_data, saved_idx2))) - return 0; + goto err; if (!TEST_ptr(CRYPTO_get_ex_data(&t2->ex_data, saved_idx2))) - return 0; + goto err; MYOBJ_sethello(t1, p); cp = MYOBJ_gethello(t1); if (!TEST_ptr_eq(cp, p)) - return 0; + goto err; MYOBJ_sethello2(t1, p); cp = MYOBJ_gethello2(t1); if (!TEST_ptr_eq(cp, p)) - return 0; + goto err; cp = MYOBJ_gethello(t2); if (!TEST_ptr_null(cp)) - return 0; + goto err; cp = MYOBJ_gethello2(t2); if (!TEST_ptr_null(cp)) - return 0; + goto err; t3 = MYOBJ_dup(t1); if (!TEST_int_eq(t3->st, 1)) - return 0; + goto err; ex_data = CRYPTO_get_ex_data(&t3->ex_data, saved_idx2); if (!TEST_ptr(ex_data)) - return 0; + goto err; if (!TEST_int_eq(ex_data->dup, 1)) - return 0; + goto err; cp = MYOBJ_gethello(t3); if (!TEST_ptr_eq(cp, p)) - return 0; + goto err; cp = MYOBJ_gethello2(t3); if (!TEST_ptr_eq(cp, p)) - return 0; + goto err; + if (gbl_result) + res = 1; +err: MYOBJ_free(t1); MYOBJ_free(t2); MYOBJ_free(t3); OPENSSL_free(saved_argp); + saved_argp = NULL; OPENSSL_free(p); - - if (gbl_result) - return 1; - else - return 0; + return res; } int setup_tests(void) diff --git a/test/handshake_helper.c b/test/handshake_helper.c index 9ab2471f6..2f500aefd 100644 --- a/test/handshake_helper.c +++ b/test/handshake_helper.c @@ -1489,6 +1489,7 @@ static HANDSHAKE_RESULT *do_handshake_internal( test_ctx, extra, &server_ctx_data, &server2_ctx_data, &client_ctx_data)) { TEST_note("configure_handshake_ctx"); + HANDSHAKE_RESULT_free(ret); return NULL; } diff --git a/test/lhash_test.c b/test/lhash_test.c index 162286b7c..891553ae1 100644 --- a/test/lhash_test.c +++ b/test/lhash_test.c @@ -33,6 +33,7 @@ static int int_tests[] = { 65537, 13, 1, 3, -5, 6, 7, 4, -10, -12, -14, 22, 9, -17, 16, 17, -23, 35, 37, 173, 11 }; static const unsigned int n_int_tests = OSSL_NELEM(int_tests); static short int_found[OSSL_NELEM(int_tests)]; +static short int_not_found; static unsigned long int int_hash(const int *p) { @@ -56,12 +57,22 @@ static int int_find(int n) static void int_doall(int *v) { - int_found[int_find(*v)]++; + const int n = int_find(*v); + + if (n < 0) + int_not_found++; + else + int_found[n]++; } static void int_doall_arg(int *p, short *f) { - f[int_find(*p)]++; + const int n = int_find(*p); + + if (n < 0) + int_not_found++; + else + f[n]++; } IMPLEMENT_LHASH_DOALL_ARG(int, short); @@ -124,7 +135,12 @@ static int test_int_lhash(void) /* do_all */ memset(int_found, 0, sizeof(int_found)); + int_not_found = 0; lh_int_doall(h, &int_doall); + if (!TEST_int_eq(int_not_found, 0)) { + TEST_info("lhash int doall encountered a not found condition"); + goto end; + } for (i = 0; i < n_int_tests; i++) if (!TEST_int_eq(int_found[i], 1)) { TEST_info("lhash int doall %d", i); @@ -133,7 +149,12 @@ static int test_int_lhash(void) /* do_all_arg */ memset(int_found, 0, sizeof(int_found)); + int_not_found = 0; lh_int_doall_short(h, int_doall_arg, int_found); + if (!TEST_int_eq(int_not_found, 0)) { + TEST_info("lhash int doall arg encountered a not found condition"); + goto end; + } for (i = 0; i < n_int_tests; i++) if (!TEST_int_eq(int_found[i], 1)) { TEST_info("lhash int doall arg %d", i); diff --git a/test/threadstest.c b/test/threadstest.c index ee09f8693..7a818dd2d 100644 --- a/test/threadstest.c +++ b/test/threadstest.c @@ -83,14 +83,19 @@ static int wait_for_thread(thread_t thread) static int test_lock(void) { CRYPTO_RWLOCK *lock = CRYPTO_THREAD_lock_new(); + int res; - if (!TEST_true(CRYPTO_THREAD_read_lock(lock)) - || !TEST_true(CRYPTO_THREAD_unlock(lock))) + if (!TEST_ptr(lock)) return 0; + res = TEST_true(CRYPTO_THREAD_read_lock(lock)) + && TEST_true(CRYPTO_THREAD_unlock(lock)) + && TEST_true(CRYPTO_THREAD_write_lock(lock)) + && TEST_true(CRYPTO_THREAD_unlock(lock)); + CRYPTO_THREAD_lock_free(lock); - return 1; + return res; } static CRYPTO_ONCE once_run = CRYPTO_ONCE_STATIC_INIT;