[openssl] master update
Dr. Paul Dale
pauli at openssl.org
Sat Aug 29 07:57:48 UTC 2020
The branch master has been updated
via 8e32ea633f9d908a083f208c74eac9d8011046a3 (commit)
via 7cd1420b3e53212485e5e7e53ac69929a9bc1ac3 (commit)
from e3bf65da88f714f8721c2985f235b12a7f90d9f8 (commit)
- Log -----------------------------------------------------------------
commit 8e32ea633f9d908a083f208c74eac9d8011046a3
Author: Matt Caswell <matt at openssl.org>
Date: Thu Aug 27 17:03:13 2020 +0100
Check whether we have MD5-SHA1 and whether we need it
If we don't have MD5-SHA1 then we must be use (D)TLSv1.2 or above. We
check that this is consistent with the way we've been configured. We also
ensure that we never attempt to negotiate <(D)TLSv1.2 if MD5-SHA1 is not
available.
Reviewed-by: Richard Levitte <levitte at openssl.org>
Reviewed-by: Paul Dale <paul.dale at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12733)
commit 7cd1420b3e53212485e5e7e53ac69929a9bc1ac3
Author: Matt Caswell <matt at openssl.org>
Date: Thu Aug 27 16:19:27 2020 +0100
Improve some error messages if a digest is not available
If a digest is not available we just get an "internal error" error
message - which isn't very helpful for diagnosing problems. Instead we
explicitly state that we couldn't find a suitable digest.
Reviewed-by: Richard Levitte <levitte at openssl.org>
Reviewed-by: Paul Dale <paul.dale at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12733)
-----------------------------------------------------------------------
Summary of changes:
crypto/err/openssl.txt | 3 ++-
include/openssl/sslerr.h | 1 +
ssl/s3_enc.c | 7 +++++-
ssl/ssl_err.c | 2 ++
ssl/statem/statem_clnt.c | 2 +-
ssl/statem/statem_lib.c | 55 ++++++++++++++++++++++++++++++++++++++++++------
6 files changed, 61 insertions(+), 9 deletions(-)
diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
index 43114dc545..643bf6b278 100644
--- a/crypto/err/openssl.txt
+++ b/crypto/err/openssl.txt
@@ -2710,8 +2710,8 @@ OCSP_R_UNKNOWN_MESSAGE_DIGEST:119:unknown message digest
OCSP_R_UNKNOWN_NID:120:unknown nid
OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE:129:unsupported requestorname type
OSSL_DECODER_R_MISSING_GET_PARAMS:100:missing get params
-OSSL_ENCODER_R_INCORRECT_PROPERTY_QUERY:100:incorrect property query
OSSL_ENCODER_R_ENCODER_NOT_FOUND:101:encoder not found
+OSSL_ENCODER_R_INCORRECT_PROPERTY_QUERY:100:incorrect property query
OSSL_STORE_R_AMBIGUOUS_CONTENT_TYPE:107:ambiguous content type
OSSL_STORE_R_BAD_PASSWORD_READ:115:bad password read
OSSL_STORE_R_ERROR_VERIFYING_PKCS12_MAC:113:error verifying pkcs12 mac
@@ -3297,6 +3297,7 @@ SSL_R_NO_SHARED_CIPHER:193:no shared cipher
SSL_R_NO_SHARED_GROUPS:410:no shared groups
SSL_R_NO_SHARED_SIGNATURE_ALGORITHMS:376:no shared signature algorithms
SSL_R_NO_SRTP_PROFILES:359:no srtp profiles
+SSL_R_NO_SUITABLE_DIGEST_ALGORITHM:297:no suitable digest algorithm
SSL_R_NO_SUITABLE_KEY_SHARE:101:no suitable key share
SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM:118:no suitable signature algorithm
SSL_R_NO_VALID_SCTS:216:no valid scts
diff --git a/include/openssl/sslerr.h b/include/openssl/sslerr.h
index c15a17f96f..d4ee837a1e 100644
--- a/include/openssl/sslerr.h
+++ b/include/openssl/sslerr.h
@@ -634,6 +634,7 @@ int ERR_load_SSL_strings(void);
# define SSL_R_NO_SHARED_GROUPS 410
# define SSL_R_NO_SHARED_SIGNATURE_ALGORITHMS 376
# define SSL_R_NO_SRTP_PROFILES 359
+# define SSL_R_NO_SUITABLE_DIGEST_ALGORITHM 297
# define SSL_R_NO_SUITABLE_KEY_SHARE 101
# define SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM 118
# define SSL_R_NO_VALID_SCTS 216
diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c
index bd668f317e..bd90e059b5 100644
--- a/ssl/s3_enc.c
+++ b/ssl/s3_enc.c
@@ -408,7 +408,12 @@ int ssl3_digest_cached_records(SSL *s, int keep)
}
md = ssl_handshake_md(s);
- if (md == NULL || !EVP_DigestInit_ex(s->s3.handshake_dgst, md, NULL)
+ if (md == NULL) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_DIGEST_CACHED_RECORDS,
+ SSL_R_NO_SUITABLE_DIGEST_ALGORITHM);
+ return 0;
+ }
+ if (!EVP_DigestInit_ex(s->s3.handshake_dgst, md, NULL)
|| !EVP_DigestUpdate(s->s3.handshake_dgst, hdata, hdatalen)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_DIGEST_CACHED_RECORDS,
ERR_R_INTERNAL_ERROR);
diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c
index f84b3f94d8..9f47a924f0 100644
--- a/ssl/ssl_err.c
+++ b/ssl/ssl_err.c
@@ -300,6 +300,8 @@ static const ERR_STRING_DATA SSL_str_reasons[] = {
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_SHARED_SIGNATURE_ALGORITHMS),
"no shared signature algorithms"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_SRTP_PROFILES), "no srtp profiles"},
+ {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_SUITABLE_DIGEST_ALGORITHM),
+ "no suitable digest algorithm"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_SUITABLE_KEY_SHARE),
"no suitable key share"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM),
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index ff48759436..4c994dd389 100644
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -2356,7 +2356,7 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt)
if (!tls1_lookup_md(s->ctx, s->s3.tmp.peer_sigalg, &md)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_KEY_EXCHANGE,
- ERR_R_INTERNAL_ERROR);
+ SSL_R_NO_SUITABLE_DIGEST_ALGORITHM);
goto err;
}
if (SSL_USE_SIGALGS(s))
diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c
index 39ec4a92fd..e0ff00d1b8 100644
--- a/ssl/statem/statem_lib.c
+++ b/ssl/statem/statem_lib.c
@@ -94,6 +94,8 @@ int tls_close_construct_packet(SSL *s, WPACKET *pkt, int htype)
int tls_setup_handshake(SSL *s)
{
+ int ver_min, ver_max, ok;
+
if (!ssl3_init_finished_mac(s)) {
/* SSLfatal() already called */
return 0;
@@ -102,20 +104,61 @@ int tls_setup_handshake(SSL *s)
/* Reset any extension flags */
memset(s->ext.extflags, 0, sizeof(s->ext.extflags));
+ if (ssl_get_min_max_version(s, &ver_min, &ver_max, NULL) != 0) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_SETUP_HANDSHAKE,
+ ERR_R_INTERNAL_ERROR);
+ return 0;
+ }
+
+ /* Sanity check that we have MD5-SHA1 if we need it */
+ if (s->ctx->ssl_digest_methods[SSL_MD_MD5_SHA1_IDX] == NULL) {
+ int md5sha1_needed = 0;
+
+ /* We don't have MD5-SHA1 - do we need it? */
+ if (SSL_IS_DTLS(s)) {
+ if (DTLS_VERSION_LE(ver_max, DTLS1_VERSION))
+ md5sha1_needed = 1;
+ } else {
+ if (ver_max <= TLS1_1_VERSION)
+ md5sha1_needed = 1;
+ }
+ if (md5sha1_needed) {
+ SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_TLS_SETUP_HANDSHAKE,
+ SSL_R_NO_SUITABLE_DIGEST_ALGORITHM);
+ ERR_add_error_data(1, "The max supported SSL/TLS version needs the"
+ " MD5-SHA1 digest but it is not available"
+ " in the loaded providers. Use (D)TLSv1.2 or"
+ " above, or load different providers");
+ return 0;
+ }
+
+ ok = 1;
+ /* Don't allow TLSv1.1 or below to be negotiated */
+ if (SSL_IS_DTLS(s)) {
+ if (DTLS_VERSION_LT(ver_min, DTLS1_2_VERSION))
+ ok = SSL_set_min_proto_version(s, DTLS1_2_VERSION);
+ } else {
+ if (ver_min < TLS1_2_VERSION)
+ ok = SSL_set_min_proto_version(s, TLS1_2_VERSION);
+ }
+ if (!ok) {
+ /* Shouldn't happen */
+ SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_TLS_SETUP_HANDSHAKE,
+ ERR_R_INTERNAL_ERROR);
+ return 0;
+ }
+ }
+
+ ok = 0;
if (s->server) {
STACK_OF(SSL_CIPHER) *ciphers = SSL_get_ciphers(s);
- int i, ver_min, ver_max, ok = 0;
+ int i;
/*
* Sanity check that the maximum version we accept has ciphers
* enabled. For clients we do this check during construction of the
* ClientHello.
*/
- if (ssl_get_min_max_version(s, &ver_min, &ver_max, NULL) != 0) {
- SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_SETUP_HANDSHAKE,
- ERR_R_INTERNAL_ERROR);
- return 0;
- }
for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) {
const SSL_CIPHER *c = sk_SSL_CIPHER_value(ciphers, i);
More information about the openssl-commits
mailing list