OpenSSL: Merge OpenSSL 1.1.1k

Merge commit '94fa08a4bcdfbb3434b025d67d014af3b18e5380'
This commit is contained in:
Jung-uk Kim 2021-03-25 11:45:19 -04:00
commit b6c1fdcdf5
22 changed files with 166 additions and 44 deletions

View File

@ -7,6 +7,50 @@
https://github.com/openssl/openssl/commits/ and pick the appropriate
release branch.
Changes between 1.1.1j and 1.1.1k [25 Mar 2021]
*) Fixed a problem with verifying a certificate chain when using the
X509_V_FLAG_X509_STRICT flag. This flag enables additional security checks
of the certificates present in a certificate chain. It is not set by
default.
Starting from OpenSSL version 1.1.1h a check to disallow certificates in
the chain that have explicitly encoded elliptic curve parameters was added
as an additional strict check.
An error in the implementation of this check meant that the result of a
previous check to confirm that certificates in the chain are valid CA
certificates was overwritten. This effectively bypasses the check
that non-CA certificates must not be able to issue other certificates.
If a "purpose" has been configured then there is a subsequent opportunity
for checks that the certificate is a valid CA. All of the named "purpose"
values implemented in libcrypto perform this check. Therefore, where
a purpose is set the certificate chain will still be rejected even when the
strict flag has been used. A purpose is set by default in libssl client and
server certificate verification routines, but it can be overridden or
removed by an application.
In order to be affected, an application must explicitly set the
X509_V_FLAG_X509_STRICT verification flag and either not set a purpose
for the certificate verification or, in the case of TLS client or server
applications, override the default purpose.
(CVE-2021-3450)
[Tomáš Mráz]
*) Fixed an issue where an OpenSSL TLS server may crash if sent a maliciously
crafted renegotiation ClientHello message from a client. If a TLSv1.2
renegotiation ClientHello omits the signature_algorithms extension (where
it was present in the initial ClientHello), but includes a
signature_algorithms_cert extension then a NULL pointer dereference will
result, leading to a crash and a denial of service attack.
A server is only vulnerable if it has TLSv1.2 and renegotiation enabled
(which is the default configuration). OpenSSL TLS clients are not impacted
by this issue.
(CVE-2021-3449)
[Peter Kästle and Samuel Sapalski]
Changes between 1.1.1i and 1.1.1j [16 Feb 2021]
*) Fixed the X509_issuer_and_serial_hash() function. It attempts to

View File

@ -5,6 +5,14 @@
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
Major changes between OpenSSL 1.1.1j and OpenSSL 1.1.1k [25 Mar 2021]
o Fixed a problem with verifying a certificate chain when using the
X509_V_FLAG_X509_STRICT flag (CVE-2021-3450)
o Fixed an issue where an OpenSSL TLS server may crash if sent a
maliciously crafted renegotiation ClientHello message from a client
(CVE-2021-3449)
Major changes between OpenSSL 1.1.1i and OpenSSL 1.1.1j [16 Feb 2021]
o Fixed a NULL pointer deref in the X509_issuer_and_serial_hash()

View File

@ -1,7 +1,7 @@
OpenSSL 1.1.1j 16 Feb 2021
OpenSSL 1.1.1k 25 Mar 2021
Copyright (c) 1998-2020 The OpenSSL Project
Copyright (c) 1998-2021 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
All rights reserved.

View File

@ -1,5 +1,5 @@
/*
* Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -934,7 +934,8 @@ static int set_cert_cb(SSL *ssl, void *arg)
if (!SSL_build_cert_chain(ssl, 0))
return 0;
} else if (exc->chain != NULL) {
SSL_set1_chain(ssl, exc->chain);
if (!SSL_set1_chain(ssl, exc->chain))
return 0;
}
}
exc = exc->prev;

View File

@ -1,5 +1,5 @@
/*
* Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -263,7 +263,8 @@ int s_time_main(int argc, char **argv)
nConn, totalTime, ((double)nConn / totalTime), bytes_read);
printf
("%d connections in %ld real seconds, %ld bytes read per connection\n",
nConn, (long)time(NULL) - finishtime + maxtime, bytes_read / nConn);
nConn, (long)time(NULL) - finishtime + maxtime,
nConn > 0 ? bytes_read / nConn : 0l);
/*
* Now loop and time connections using the same session id over and over

View File

@ -1,5 +1,5 @@
/*
* Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -325,6 +325,7 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length,
}
if (BIO_puts(bp, "]") <= 0)
goto end;
dump_cont = 0;
}
if (!nl) {

View File

@ -1,5 +1,5 @@
/*
* Copyright 2008-2018 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2008-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -113,6 +113,8 @@ static int ndef_prefix(BIO *b, unsigned char **pbuf, int *plen, void *parg)
ndef_aux = *(NDEF_SUPPORT **)parg;
derlen = ASN1_item_ndef_i2d(ndef_aux->val, NULL, ndef_aux->it);
if (derlen < 0)
return 0;
if ((p = OPENSSL_malloc(derlen)) == NULL) {
ASN1err(ASN1_F_NDEF_PREFIX, ERR_R_MALLOC_FAILURE);
return 0;

View File

@ -1,5 +1,5 @@
/*
* Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -758,8 +758,9 @@ static int devcrypto_unload(ENGINE *e)
void engine_load_devcrypto_int()
{
ENGINE *e = NULL;
int fd;
if ((cfd = open("/dev/crypto", O_RDWR, 0)) < 0) {
if ((fd = open("/dev/crypto", O_RDWR, 0)) < 0) {
#ifndef ENGINE_DEVCRYPTO_DEBUG
if (errno != ENOENT)
#endif
@ -767,6 +768,18 @@ void engine_load_devcrypto_int()
return;
}
#ifdef CRIOGET
if (ioctl(fd, CRIOGET, &cfd) < 0) {
fprintf(stderr, "Could not create crypto fd: %s\n", strerror(errno));
close(fd);
cfd = -1;
return;
}
close(fd);
#else
cfd = fd;
#endif
if ((e = ENGINE_new()) == NULL
|| !ENGINE_set_destroy_function(e, devcrypto_unload)) {
ENGINE_free(e);

View File

@ -1,5 +1,5 @@
/*
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy

View File

@ -1,5 +1,5 @@
/*
* Copyright 2008-2020 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2008-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -69,6 +69,7 @@ void CRYPTO_cbc128_encrypt(const unsigned char *in, unsigned char *out,
in += 16;
out += 16;
}
if (ivec != iv)
memcpy(ivec, iv, 16);
}
@ -114,6 +115,7 @@ void CRYPTO_cbc128_decrypt(const unsigned char *in, unsigned char *out,
out += 16;
}
}
if (ivec != iv)
memcpy(ivec, iv, 16);
} else {
if (STRICT_ALIGNMENT &&

View File

@ -1,5 +1,5 @@
/*
* Copyright 2010-2020 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2010-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -1385,8 +1385,8 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx,
else
ctx->Yi.d[3] = ctr;
for (i = 0; i < 16 / sizeof(size_t); ++i) {
size_t c = in[i];
out[i] = c ^ ctx->EKi.t[i];
size_t c = in_t[i];
out_t[i] = c ^ ctx->EKi.t[i];
ctx->Xi.t[i] ^= c;
}
GCM_MUL(ctx);

View File

@ -1,5 +1,5 @@
/*
* Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -133,8 +133,8 @@ int OPENSSL_gmtime_diff(int *pday, int *psec,
static int julian_adj(const struct tm *tm, int off_day, long offset_sec,
long *pday, int *psec)
{
int offset_hms, offset_day;
long time_jd;
int offset_hms;
long offset_day, time_jd;
int time_year, time_month, time_day;
/* split offset into days and day seconds */
offset_day = offset_sec / SECS_PER_DAY;

View File

@ -1,5 +1,5 @@
/*
* Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -432,9 +432,13 @@ int RAND_poll(void)
RAND_POOL *rand_pool_new(int entropy_requested, int secure,
size_t min_len, size_t max_len)
{
RAND_POOL *pool = OPENSSL_zalloc(sizeof(*pool));
RAND_POOL *pool;
size_t min_alloc_size = RAND_POOL_MIN_ALLOCATION(secure);
if (!RUN_ONCE(&rand_init, do_rand_init))
return NULL;
pool = OPENSSL_zalloc(sizeof(*pool));
if (pool == NULL) {
RANDerr(RAND_F_RAND_POOL_NEW, ERR_R_MALLOC_FAILURE);
return NULL;

View File

@ -1,5 +1,5 @@
/*
* Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy

View File

@ -524,15 +524,19 @@ static int check_chain_extensions(X509_STORE_CTX *ctx)
ret = 1;
break;
}
if ((ctx->param->flags & X509_V_FLAG_X509_STRICT) && num > 1) {
if (ret > 0
&& (ctx->param->flags & X509_V_FLAG_X509_STRICT) && num > 1) {
/* Check for presence of explicit elliptic curve parameters */
ret = check_curve(x);
if (ret < 0)
if (ret < 0) {
ctx->error = X509_V_ERR_UNSPECIFIED;
else if (ret == 0)
ret = 0;
} else if (ret == 0) {
ctx->error = X509_V_ERR_EC_KEY_EXPLICIT_PARAMS;
}
if ((x->ex_flags & EXFLAG_CA) == 0
}
if (ret > 0
&& (x->ex_flags & EXFLAG_CA) == 0
&& x->ex_pathlen != -1
&& (ctx->param->flags & X509_V_FLAG_X509_STRICT)) {
ctx->error = X509_V_ERR_INVALID_EXTENSION;

View File

@ -1,5 +1,5 @@
/*
* Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -39,8 +39,8 @@ extern "C" {
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
* major minor fix final patch/beta)
*/
# define OPENSSL_VERSION_NUMBER 0x101010afL
# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1j-freebsd 16 Feb 2021"
# define OPENSSL_VERSION_NUMBER 0x101010bfL
# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1k-freebsd 25 Mar 2021"
/*-
* The macros below are to be used for shared library (.so, .dll, ...)

View File

@ -1,5 +1,5 @@
/*
* Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
* Copyright 2005 Nokia. All rights reserved.
*
@ -4629,6 +4629,7 @@ int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen,
OPENSSL_clear_free(s->s3->tmp.psk, psklen);
s->s3->tmp.psk = NULL;
s->s3->tmp.psklen = 0;
if (!s->method->ssl3_enc->generate_master_secret(s,
s->session->master_key, pskpms, pskpmslen,
&s->session->master_key_length)) {
@ -4658,8 +4659,10 @@ int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen,
else
OPENSSL_cleanse(pms, pmslen);
}
if (s->server == 0)
if (s->server == 0) {
s->s3->tmp.pms = NULL;
s->s3->tmp.pmslen = 0;
}
return ret;
}

View File

@ -1,5 +1,5 @@
/*
* Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
* Copyright 2005 Nokia. All rights reserved.
*
@ -781,8 +781,10 @@ SSL *SSL_new(SSL_CTX *ctx)
s->ext.ecpointformats =
OPENSSL_memdup(ctx->ext.ecpointformats,
ctx->ext.ecpointformats_len);
if (!s->ext.ecpointformats)
if (!s->ext.ecpointformats) {
s->ext.ecpointformats_len = 0;
goto err;
}
s->ext.ecpointformats_len =
ctx->ext.ecpointformats_len;
}
@ -791,8 +793,10 @@ SSL *SSL_new(SSL_CTX *ctx)
OPENSSL_memdup(ctx->ext.supportedgroups,
ctx->ext.supportedgroups_len
* sizeof(*ctx->ext.supportedgroups));
if (!s->ext.supportedgroups)
if (!s->ext.supportedgroups) {
s->ext.supportedgroups_len = 0;
goto err;
}
s->ext.supportedgroups_len = ctx->ext.supportedgroups_len;
}
#endif
@ -802,8 +806,10 @@ SSL *SSL_new(SSL_CTX *ctx)
if (s->ctx->ext.alpn) {
s->ext.alpn = OPENSSL_malloc(s->ctx->ext.alpn_len);
if (s->ext.alpn == NULL)
if (s->ext.alpn == NULL) {
s->ext.alpn_len = 0;
goto err;
}
memcpy(s->ext.alpn, s->ctx->ext.alpn, s->ctx->ext.alpn_len);
s->ext.alpn_len = s->ctx->ext.alpn_len;
}
@ -2923,6 +2929,7 @@ int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos,
OPENSSL_free(ctx->ext.alpn);
ctx->ext.alpn = OPENSSL_memdup(protos, protos_len);
if (ctx->ext.alpn == NULL) {
ctx->ext.alpn_len = 0;
SSLerr(SSL_F_SSL_CTX_SET_ALPN_PROTOS, ERR_R_MALLOC_FAILURE);
return 1;
}
@ -2942,6 +2949,7 @@ int SSL_set_alpn_protos(SSL *ssl, const unsigned char *protos,
OPENSSL_free(ssl->ext.alpn);
ssl->ext.alpn = OPENSSL_memdup(protos, protos_len);
if (ssl->ext.alpn == NULL) {
ssl->ext.alpn_len = 0;
SSLerr(SSL_F_SSL_SET_ALPN_PROTOS, ERR_R_MALLOC_FAILURE);
return 1;
}

View File

@ -336,6 +336,8 @@ static const EXTENSION_DEFINITION ext_defs[] = {
tls_construct_stoc_key_share, tls_construct_ctos_key_share,
final_key_share
},
#else
INVALID_EXTENSION,
#endif
{
/* Must be after key_share */
@ -1137,6 +1139,7 @@ static int init_sig_algs(SSL *s, unsigned int context)
/* Clear any signature algorithms extension received */
OPENSSL_free(s->s3->tmp.peer_sigalgs);
s->s3->tmp.peer_sigalgs = NULL;
s->s3->tmp.peer_sigalgslen = 0;
return 1;
}
@ -1146,6 +1149,7 @@ static int init_sig_algs_cert(SSL *s, unsigned int context)
/* Clear any signature algorithms extension received */
OPENSSL_free(s->s3->tmp.peer_cert_sigalgs);
s->s3->tmp.peer_cert_sigalgs = NULL;
s->s3->tmp.peer_cert_sigalgslen = 0;
return 1;
}

View File

@ -1,5 +1,5 @@
/*
* Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -816,6 +816,7 @@ EXT_RETURN tls_construct_ctos_early_data(SSL *s, WPACKET *pkt,
OPENSSL_free(s->psksession_id);
s->psksession_id = OPENSSL_memdup(id, idlen);
if (s->psksession_id == NULL) {
s->psksession_id_len = 0;
SSLfatal(s, SSL_AD_INTERNAL_ERROR,
SSL_F_TLS_CONSTRUCT_CTOS_EARLY_DATA, ERR_R_INTERNAL_ERROR);
return EXT_RETURN_FAIL;
@ -1375,6 +1376,7 @@ int tls_parse_stoc_ec_pt_formats(SSL *s, PACKET *pkt, unsigned int context,
OPENSSL_free(s->ext.peer_ecpointformats);
s->ext.peer_ecpointformats = OPENSSL_malloc(ecpointformats_len);
if (s->ext.peer_ecpointformats == NULL) {
s->ext.peer_ecpointformats_len = 0;
SSLfatal(s, SSL_AD_INTERNAL_ERROR,
SSL_F_TLS_PARSE_STOC_EC_PT_FORMATS, ERR_R_INTERNAL_ERROR);
return 0;
@ -1492,8 +1494,13 @@ int tls_parse_stoc_sct(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
s->ext.scts_len = (uint16_t)size;
if (size > 0) {
s->ext.scts = OPENSSL_malloc(size);
if (s->ext.scts == NULL
|| !PACKET_copy_bytes(pkt, s->ext.scts, size)) {
if (s->ext.scts == NULL) {
s->ext.scts_len = 0;
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_SCT,
ERR_R_MALLOC_FAILURE);
return 0;
}
if (!PACKET_copy_bytes(pkt, s->ext.scts, size)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_SCT,
ERR_R_INTERNAL_ERROR);
return 0;
@ -1592,6 +1599,7 @@ int tls_parse_stoc_npn(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
OPENSSL_free(s->ext.npn);
s->ext.npn = OPENSSL_malloc(selected_len);
if (s->ext.npn == NULL) {
s->ext.npn_len = 0;
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_NPN,
ERR_R_INTERNAL_ERROR);
return 0;
@ -1632,6 +1640,7 @@ int tls_parse_stoc_alpn(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
OPENSSL_free(s->s3->alpn_selected);
s->s3->alpn_selected = OPENSSL_malloc(len);
if (s->s3->alpn_selected == NULL) {
s->s3->alpn_selected_len = 0;
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_ALPN,
ERR_R_INTERNAL_ERROR);
return 0;
@ -1663,6 +1672,7 @@ int tls_parse_stoc_alpn(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
s->session->ext.alpn_selected =
OPENSSL_memdup(s->s3->alpn_selected, s->s3->alpn_selected_len);
if (s->session->ext.alpn_selected == NULL) {
s->session->ext.alpn_selected_len = 0;
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_ALPN,
ERR_R_INTERNAL_ERROR);
return 0;

View File

@ -2462,6 +2462,7 @@ MSG_PROCESS_RETURN tls_process_certificate_request(SSL *s, PACKET *pkt)
s->s3->tmp.ctype_len = 0;
OPENSSL_free(s->pha_context);
s->pha_context = NULL;
s->pha_context_len = 0;
if (!PACKET_get_length_prefixed_1(pkt, &reqctx) ||
!PACKET_memdup(&reqctx, &s->pha_context, &s->pha_context_len)) {
@ -2771,16 +2772,17 @@ int tls_process_cert_status_body(SSL *s, PACKET *pkt)
}
s->ext.ocsp.resp = OPENSSL_malloc(resplen);
if (s->ext.ocsp.resp == NULL) {
s->ext.ocsp.resp_len = 0;
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CERT_STATUS_BODY,
ERR_R_MALLOC_FAILURE);
return 0;
}
s->ext.ocsp.resp_len = resplen;
if (!PACKET_copy_bytes(pkt, s->ext.ocsp.resp, resplen)) {
SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CERT_STATUS_BODY,
SSL_R_LENGTH_MISMATCH);
return 0;
}
s->ext.ocsp.resp_len = resplen;
return 1;
}
@ -2905,6 +2907,7 @@ static int tls_construct_cke_psk_preamble(SSL *s, WPACKET *pkt)
if (psklen > PSK_MAX_PSK_LEN) {
SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
SSL_F_TLS_CONSTRUCT_CKE_PSK_PREAMBLE, ERR_R_INTERNAL_ERROR);
psklen = PSK_MAX_PSK_LEN; /* Avoid overrunning the array on cleanse */
goto err;
} else if (psklen == 0) {
SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
@ -3350,9 +3353,11 @@ int tls_construct_client_key_exchange(SSL *s, WPACKET *pkt)
err:
OPENSSL_clear_free(s->s3->tmp.pms, s->s3->tmp.pmslen);
s->s3->tmp.pms = NULL;
s->s3->tmp.pmslen = 0;
#ifndef OPENSSL_NO_PSK
OPENSSL_clear_free(s->s3->tmp.psk, s->s3->tmp.psklen);
s->s3->tmp.psk = NULL;
s->s3->tmp.psklen = 0;
#endif
return 0;
}
@ -3427,6 +3432,7 @@ int tls_client_key_exchange_post_work(SSL *s)
err:
OPENSSL_clear_free(pms, pmslen);
s->s3->tmp.pms = NULL;
s->s3->tmp.pmslen = 0;
return 0;
}

View File

@ -1,5 +1,5 @@
/*
* Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
* Copyright 2005 Nokia. All rights reserved.
*
@ -2178,6 +2178,7 @@ int tls_handle_alpn(SSL *s)
OPENSSL_free(s->s3->alpn_selected);
s->s3->alpn_selected = OPENSSL_memdup(selected, selected_len);
if (s->s3->alpn_selected == NULL) {
s->s3->alpn_selected_len = 0;
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_HANDLE_ALPN,
ERR_R_INTERNAL_ERROR);
return 0;
@ -2853,9 +2854,16 @@ int tls_construct_certificate_request(SSL *s, WPACKET *pkt)
if (s->post_handshake_auth == SSL_PHA_REQUEST_PENDING) {
OPENSSL_free(s->pha_context);
s->pha_context_len = 32;
if ((s->pha_context = OPENSSL_malloc(s->pha_context_len)) == NULL
|| RAND_bytes(s->pha_context, s->pha_context_len) <= 0
|| !WPACKET_sub_memcpy_u8(pkt, s->pha_context, s->pha_context_len)) {
if ((s->pha_context = OPENSSL_malloc(s->pha_context_len)) == NULL) {
s->pha_context_len = 0;
SSLfatal(s, SSL_AD_INTERNAL_ERROR,
SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST,
ERR_R_INTERNAL_ERROR);
return 0;
}
if (RAND_bytes(s->pha_context, s->pha_context_len) <= 0
|| !WPACKET_sub_memcpy_u8(pkt, s->pha_context,
s->pha_context_len)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR,
SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST,
ERR_R_INTERNAL_ERROR);
@ -2969,6 +2977,7 @@ static int tls_process_cke_psk_preamble(SSL *s, PACKET *pkt)
OPENSSL_cleanse(psk, psklen);
if (s->s3->tmp.psk == NULL) {
s->s3->tmp.psklen = 0;
SSLfatal(s, SSL_AD_INTERNAL_ERROR,
SSL_F_TLS_PROCESS_CKE_PSK_PREAMBLE, ERR_R_MALLOC_FAILURE);
return 0;
@ -3508,6 +3517,7 @@ MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt)
#ifndef OPENSSL_NO_PSK
OPENSSL_clear_free(s->s3->tmp.psk, s->s3->tmp.psklen);
s->s3->tmp.psk = NULL;
s->s3->tmp.psklen = 0;
#endif
return MSG_PROCESS_ERROR;
}
@ -4117,6 +4127,7 @@ int tls_construct_new_session_ticket(SSL *s, WPACKET *pkt)
s->session->ext.alpn_selected =
OPENSSL_memdup(s->s3->alpn_selected, s->s3->alpn_selected_len);
if (s->session->ext.alpn_selected == NULL) {
s->session->ext.alpn_selected_len = 0;
SSLfatal(s, SSL_AD_INTERNAL_ERROR,
SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET,
ERR_R_MALLOC_FAILURE);