diff options
| author | agl@chromium.org <agl@chromium.org@4ff67af0-8c30-449e-8e8b-ad334ec8d88c> | 2014-06-05 14:43:56 +0000 |
|---|---|---|
| committer | agl@chromium.org <agl@chromium.org@4ff67af0-8c30-449e-8e8b-ad334ec8d88c> | 2014-06-05 14:43:56 +0000 |
| commit | 0cfe86d7e7bfe0bab5699c5afe2fce15f1e2579f (patch) | |
| tree | 66f8bef555b8d7570332ede318f92dd26c730d55 | |
| parent | 29e801fb234ad76f516552e0c39129f7fcb358ba (diff) | |
| download | openssl-0cfe86d7e7bfe0bab5699c5afe2fce15f1e2579f.tar.gz | |
OpenSSL: add CVE fixes from 1.0.1h
This change includes the following commits from upstream:
8011cd56e39a433b1837465259a9bd24a38727fb
d3152655d5319ce883c8e3ac4b99f8de4c59d846
006cd7083f76ed5cb0d9a914857e9231ef1bc317
bc8923b1ec9c467755cd86f7848c50ee8812e441
1632ef744872edc2aa2a53d487d3e79c965a4ad3
These address the following CVEs:
CVE-2014-3470
CVE-2014-0221
CVE-2014-0224
CVE-2014-0195
BUG=381169
https://codereview.chromium.org/317183003/
git-svn-id: http://src.chromium.org/svn/trunk/deps/third_party/openssl@275106 4ff67af0-8c30-449e-8e8b-ad334ec8d88c
| -rw-r--r-- | openssl/ssl/d1_both.c | 13 | ||||
| -rw-r--r-- | openssl/ssl/s3_clnt.c | 9 | ||||
| -rw-r--r-- | openssl/ssl/s3_pkt.c | 11 | ||||
| -rw-r--r-- | openssl/ssl/s3_srvr.c | 3 | ||||
| -rw-r--r-- | openssl/ssl/ssl3.h | 1 |
5 files changed, 34 insertions, 3 deletions
diff --git a/openssl/ssl/d1_both.c b/openssl/ssl/d1_both.c index de8bab8..9a250fd 100644 --- a/openssl/ssl/d1_both.c +++ b/openssl/ssl/d1_both.c @@ -620,7 +620,16 @@ dtls1_reassemble_fragment(SSL *s, struct hm_header_st* msg_hdr, int *ok) frag->msg_header.frag_off = 0; } else + { frag = (hm_fragment*) item->data; + if (frag->msg_header.msg_len != msg_hdr->msg_len) + { + item = NULL; + frag = NULL; + goto err; + } + } + /* If message is already reassembled, this must be a * retransmit and can be dropped. @@ -777,6 +786,7 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok) int i,al; struct hm_header_st msg_hdr; + redo: /* see if we have the required fragment already */ if ((frag_len = dtls1_retrieve_buffered_fragment(s,max,ok)) || *ok) { @@ -835,8 +845,7 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok) s->msg_callback_arg); s->init_num = 0; - return dtls1_get_message_fragment(s, st1, stn, - max, ok); + goto redo; } else /* Incorrectly formated Hello request */ { diff --git a/openssl/ssl/s3_clnt.c b/openssl/ssl/s3_clnt.c index 2b094c9..5eb106f 100644 --- a/openssl/ssl/s3_clnt.c +++ b/openssl/ssl/s3_clnt.c @@ -620,6 +620,7 @@ int ssl3_connect(SSL *s) case SSL3_ST_CR_FINISHED_A: case SSL3_ST_CR_FINISHED_B: + s->s3->flags |= SSL3_FLAGS_CCS_OK; ret=ssl3_get_finished(s,SSL3_ST_CR_FINISHED_A, SSL3_ST_CR_FINISHED_B); if (ret <= 0) goto end; @@ -1003,6 +1004,7 @@ int ssl3_get_server_hello(SSL *s) SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT); goto f_err; } + s->s3->flags |= SSL3_FLAGS_CCS_OK; s->hit=1; } else /* a miss or crap from the other end */ @@ -2604,6 +2606,13 @@ int ssl3_send_client_key_exchange(SSL *s) int ecdh_clnt_cert = 0; int field_size = 0; + if (s->session->sess_cert == NULL) + { + ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE); + SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE); + goto err; + } + /* Did we send out the client's * ECDH share for use in premaster * computation as part of client certificate? diff --git a/openssl/ssl/s3_pkt.c b/openssl/ssl/s3_pkt.c index 9f117d1..98d448d 100644 --- a/openssl/ssl/s3_pkt.c +++ b/openssl/ssl/s3_pkt.c @@ -1302,6 +1302,15 @@ start: goto f_err; } + if (!(s->s3->flags & SSL3_FLAGS_CCS_OK)) + { + al=SSL_AD_UNEXPECTED_MESSAGE; + SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_CCS_RECEIVED_EARLY); + goto f_err; + } + + s->s3->flags &= ~SSL3_FLAGS_CCS_OK; + rr->length=0; if (s->msg_callback) @@ -1436,7 +1445,7 @@ int ssl3_do_change_cipher_spec(SSL *s) if (s->s3->tmp.key_block == NULL) { - if (s->session == NULL) + if (s->session == NULL || s->session->master_key_length == 0) { /* might happen if dtls1_read_bytes() calls this */ SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC,SSL_R_CCS_RECEIVED_EARLY); diff --git a/openssl/ssl/s3_srvr.c b/openssl/ssl/s3_srvr.c index 5c3343a..94e9b6f 100644 --- a/openssl/ssl/s3_srvr.c +++ b/openssl/ssl/s3_srvr.c @@ -669,6 +669,7 @@ int ssl3_accept(SSL *s) case SSL3_ST_SR_CERT_VRFY_A: case SSL3_ST_SR_CERT_VRFY_B: + s->s3->flags |= SSL3_FLAGS_CCS_OK; /* we should decide if we expected this one */ ret=ssl3_get_cert_verify(s); if (ret <= 0) goto end; @@ -686,6 +687,7 @@ int ssl3_accept(SSL *s) # endif channel_id = s->s3->tlsext_channel_id_valid; #endif + s->s3->flags |= SSL3_FLAGS_CCS_OK; if (next_proto_neg) s->state=SSL3_ST_SR_NEXT_PROTO_A; @@ -721,6 +723,7 @@ int ssl3_accept(SSL *s) case SSL3_ST_SR_FINISHED_A: case SSL3_ST_SR_FINISHED_B: + s->s3->flags |= SSL3_FLAGS_CCS_OK; ret=ssl3_get_finished(s,SSL3_ST_SR_FINISHED_A, SSL3_ST_SR_FINISHED_B); if (ret <= 0) goto end; diff --git a/openssl/ssl/ssl3.h b/openssl/ssl/ssl3.h index 019e8d8..c5864ee 100644 --- a/openssl/ssl/ssl3.h +++ b/openssl/ssl/ssl3.h @@ -388,6 +388,7 @@ typedef struct ssl3_buffer_st #define TLS1_FLAGS_TLS_PADDING_BUG 0x0008 #define TLS1_FLAGS_SKIP_CERT_VERIFY 0x0010 #define TLS1_FLAGS_KEEP_HANDSHAKE 0x0020 +#define SSL3_FLAGS_CCS_OK 0x0080 /* SSL3_FLAGS_SGC_RESTART_DONE is set when we * restart a handshake because of MS SGC and so prevents us |