diff --git a/backport-Fix-a-DTLS-server-hangup-due-to-TLS13_AD_MISSING_EXT.patch b/backport-Fix-a-DTLS-server-hangup-due-to-TLS13_AD_MISSING_EXT.patch new file mode 100644 index 0000000000000000000000000000000000000000..1229cba6123a6acf9e6c13e338641bfd95d352a8 --- /dev/null +++ b/backport-Fix-a-DTLS-server-hangup-due-to-TLS13_AD_MISSING_EXT.patch @@ -0,0 +1,440 @@ +From 6e73a0a0bd608daecb8e2c1e46de9d1014194c84 Mon Sep 17 00:00:00 2001 +From: Bernd Edlinger +Date: Tue, 12 Apr 2022 08:27:21 +0200 +Subject: [PATCH] Fix a DTLS server hangup due to TLS13_AD_MISSING_EXTENSION + +This causes the DTLS server to enter an error state: + +./openssl s_server -dtls +./openssl s_client -dtls -maxfraglen 512 -sess_out s1.txt +[...] +Q +./openssl s_client -dtls -sess_in s1.txt +CONNECTED(00000003) +^C +./openssl s_client -dtls +CONNECTED(00000003) +140335537067840:error:14102410:SSL routines:dtls1_read_bytes:sslv3 alert handshake failure:ssl/record/rec_layer_d1.c:614:SSL alert number 40 + +At this point the dtls server needs to be restarted, +because verify_cookie_callback always fails, because +the previous cookie is checked against the current one. +The reason for this is not fully understood. + +In wireshark we see the following each time: +c->s Client Hello (without cookie) +s->c Hello Verify Request (with new cookie) +s->c Alert (Level: Fatal, Description: Handshake Failure) +c->s Client Hello (echoes new cookie) + +The client gives up when the Alert arrives. +The Alert is triggered because the server calls +verify_cookie_callback with the previous cookie, +although it just sent the current cookie in the +Hello Verify Request. + +However this does only happen because no Alert message +is sent when the client re-connects the session with +the missing -maxfraglen option. + +Reviewed-by: Tomas Mraz +Reviewed-by: Matt Caswell +(Merged from https://github.com/openssl/openssl/pull/18094) +--- + ssl/s3_enc.c | 2 + + ssl/t1_enc.c | 2 + + test/ssl-tests/10-resumption.conf | 121 +++++++++++++++++++++++- + test/ssl-tests/11-dtls_resumption.conf | 124 ++++++++++++++++++++++++- + test/ssl-tests/protocol_version.pm | 63 +++++++++++++ + 5 files changed, 310 insertions(+), 2 deletions(-) + +diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c +index 8a89f512fe..eb1f36ac7e 100644 +--- a/ssl/s3_enc.c ++++ b/ssl/s3_enc.c +@@ -589,6 +589,8 @@ int ssl3_alert_code(int code) + return TLS1_AD_NO_APPLICATION_PROTOCOL; + case SSL_AD_CERTIFICATE_REQUIRED: + return SSL_AD_HANDSHAKE_FAILURE; ++ case SSL_AD_MISSING_EXTENSION: ++ return SSL_AD_HANDSHAKE_FAILURE; + default: + return -1; + } +diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c +index c85c0b0310..2087b274d1 100644 +--- a/ssl/t1_enc.c ++++ b/ssl/t1_enc.c +@@ -672,6 +672,8 @@ int tls1_alert_code(int code) + return TLS1_AD_NO_APPLICATION_PROTOCOL; + case SSL_AD_CERTIFICATE_REQUIRED: + return SSL_AD_HANDSHAKE_FAILURE; ++ case SSL_AD_MISSING_EXTENSION: ++ return SSL_AD_HANDSHAKE_FAILURE; + default: + return -1; + } +diff --git a/test/ssl-tests/10-resumption.conf b/test/ssl-tests/10-resumption.conf +index 73de974ab0..a33a1d80e4 100644 +--- a/test/ssl-tests/10-resumption.conf ++++ b/test/ssl-tests/10-resumption.conf +@@ -1,6 +1,6 @@ + # Generated with generate_ssl_tests.pl + +-num_tests = 65 ++num_tests = 68 + + test-0 = 0-resumption + test-1 = 1-resumption +@@ -67,6 +67,9 @@ test-61 = 61-resumption + test-62 = 62-resumption + test-63 = 63-resumption + test-64 = 64-resumption-with-hrr ++test-65 = 65-resumption-when-mfl-ext-is-missing ++test-66 = 66-resumption-when-mfl-ext-is-different ++test-67 = 67-resumption-when-mfl-ext-is-correct + # =========================================================== + + [0-resumption] +@@ -2437,3 +2440,119 @@ Method = TLS + ResumptionExpected = Yes + + ++# =========================================================== ++ ++[65-resumption-when-mfl-ext-is-missing] ++ssl_conf = 65-resumption-when-mfl-ext-is-missing-ssl ++ ++[65-resumption-when-mfl-ext-is-missing-ssl] ++server = 65-resumption-when-mfl-ext-is-missing-server ++client = 65-resumption-when-mfl-ext-is-missing-client ++resume-server = 65-resumption-when-mfl-ext-is-missing-server ++resume-client = 65-resumption-when-mfl-ext-is-missing-resume-client ++ ++[65-resumption-when-mfl-ext-is-missing-server] ++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem ++CipherString = DEFAULT ++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem ++ ++[65-resumption-when-mfl-ext-is-missing-client] ++CipherString = DEFAULT ++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem ++VerifyMode = Peer ++ ++[65-resumption-when-mfl-ext-is-missing-resume-client] ++CipherString = DEFAULT ++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem ++VerifyMode = Peer ++ ++[test-65] ++ExpectedResult = ServerFail ++HandshakeMode = Resume ++ResumptionExpected = No ++client = 65-resumption-when-mfl-ext-is-missing-client-extra ++ ++[65-resumption-when-mfl-ext-is-missing-client-extra] ++MaxFragmentLenExt = 512 ++ ++ ++# =========================================================== ++ ++[66-resumption-when-mfl-ext-is-different] ++ssl_conf = 66-resumption-when-mfl-ext-is-different-ssl ++ ++[66-resumption-when-mfl-ext-is-different-ssl] ++server = 66-resumption-when-mfl-ext-is-different-server ++client = 66-resumption-when-mfl-ext-is-different-client ++resume-server = 66-resumption-when-mfl-ext-is-different-server ++resume-client = 66-resumption-when-mfl-ext-is-different-resume-client ++ ++[66-resumption-when-mfl-ext-is-different-server] ++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem ++CipherString = DEFAULT ++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem ++ ++[66-resumption-when-mfl-ext-is-different-client] ++CipherString = DEFAULT ++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem ++VerifyMode = Peer ++ ++[66-resumption-when-mfl-ext-is-different-resume-client] ++CipherString = DEFAULT ++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem ++VerifyMode = Peer ++ ++[test-66] ++ExpectedResult = ServerFail ++HandshakeMode = Resume ++ResumptionExpected = No ++client = 66-resumption-when-mfl-ext-is-different-client-extra ++resume-client = 66-resumption-when-mfl-ext-is-different-resume-client-extra ++ ++[66-resumption-when-mfl-ext-is-different-client-extra] ++MaxFragmentLenExt = 512 ++ ++[66-resumption-when-mfl-ext-is-different-resume-client-extra] ++MaxFragmentLenExt = 1024 ++ ++ ++# =========================================================== ++ ++[67-resumption-when-mfl-ext-is-correct] ++ssl_conf = 67-resumption-when-mfl-ext-is-correct-ssl ++ ++[67-resumption-when-mfl-ext-is-correct-ssl] ++server = 67-resumption-when-mfl-ext-is-correct-server ++client = 67-resumption-when-mfl-ext-is-correct-client ++resume-server = 67-resumption-when-mfl-ext-is-correct-server ++resume-client = 67-resumption-when-mfl-ext-is-correct-resume-client ++ ++[67-resumption-when-mfl-ext-is-correct-server] ++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem ++CipherString = DEFAULT ++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem ++ ++[67-resumption-when-mfl-ext-is-correct-client] ++CipherString = DEFAULT ++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem ++VerifyMode = Peer ++ ++[67-resumption-when-mfl-ext-is-correct-resume-client] ++CipherString = DEFAULT ++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem ++VerifyMode = Peer ++ ++[test-67] ++ExpectedResult = Success ++HandshakeMode = Resume ++ResumptionExpected = Yes ++client = 67-resumption-when-mfl-ext-is-correct-client-extra ++resume-client = 67-resumption-when-mfl-ext-is-correct-resume-client-extra ++ ++[67-resumption-when-mfl-ext-is-correct-client-extra] ++MaxFragmentLenExt = 512 ++ ++[67-resumption-when-mfl-ext-is-correct-resume-client-extra] ++MaxFragmentLenExt = 512 ++ ++ +diff --git a/test/ssl-tests/11-dtls_resumption.conf b/test/ssl-tests/11-dtls_resumption.conf +index a981fa51df..635279a30f 100644 +--- a/test/ssl-tests/11-dtls_resumption.conf ++++ b/test/ssl-tests/11-dtls_resumption.conf +@@ -1,6 +1,6 @@ + # Generated with generate_ssl_tests.pl + +-num_tests = 16 ++num_tests = 19 + + test-0 = 0-resumption + test-1 = 1-resumption +@@ -18,6 +18,9 @@ test-12 = 12-resumption + test-13 = 13-resumption + test-14 = 14-resumption + test-15 = 15-resumption ++test-16 = 16-resumption-when-mfl-ext-is-missing ++test-17 = 17-resumption-when-mfl-ext-is-different ++test-18 = 18-resumption-when-mfl-ext-is-correct + # =========================================================== + + [0-resumption] +@@ -618,3 +621,122 @@ Method = DTLS + ResumptionExpected = Yes + + ++# =========================================================== ++ ++[16-resumption-when-mfl-ext-is-missing] ++ssl_conf = 16-resumption-when-mfl-ext-is-missing-ssl ++ ++[16-resumption-when-mfl-ext-is-missing-ssl] ++server = 16-resumption-when-mfl-ext-is-missing-server ++client = 16-resumption-when-mfl-ext-is-missing-client ++resume-server = 16-resumption-when-mfl-ext-is-missing-server ++resume-client = 16-resumption-when-mfl-ext-is-missing-resume-client ++ ++[16-resumption-when-mfl-ext-is-missing-server] ++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem ++CipherString = DEFAULT ++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem ++ ++[16-resumption-when-mfl-ext-is-missing-client] ++CipherString = DEFAULT ++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem ++VerifyMode = Peer ++ ++[16-resumption-when-mfl-ext-is-missing-resume-client] ++CipherString = DEFAULT ++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem ++VerifyMode = Peer ++ ++[test-16] ++ExpectedResult = ServerFail ++HandshakeMode = Resume ++Method = DTLS ++ResumptionExpected = No ++client = 16-resumption-when-mfl-ext-is-missing-client-extra ++ ++[16-resumption-when-mfl-ext-is-missing-client-extra] ++MaxFragmentLenExt = 512 ++ ++ ++# =========================================================== ++ ++[17-resumption-when-mfl-ext-is-different] ++ssl_conf = 17-resumption-when-mfl-ext-is-different-ssl ++ ++[17-resumption-when-mfl-ext-is-different-ssl] ++server = 17-resumption-when-mfl-ext-is-different-server ++client = 17-resumption-when-mfl-ext-is-different-client ++resume-server = 17-resumption-when-mfl-ext-is-different-server ++resume-client = 17-resumption-when-mfl-ext-is-different-resume-client ++ ++[17-resumption-when-mfl-ext-is-different-server] ++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem ++CipherString = DEFAULT ++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem ++ ++[17-resumption-when-mfl-ext-is-different-client] ++CipherString = DEFAULT ++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem ++VerifyMode = Peer ++ ++[17-resumption-when-mfl-ext-is-different-resume-client] ++CipherString = DEFAULT ++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem ++VerifyMode = Peer ++ ++[test-17] ++ExpectedResult = ServerFail ++HandshakeMode = Resume ++Method = DTLS ++ResumptionExpected = No ++client = 17-resumption-when-mfl-ext-is-different-client-extra ++resume-client = 17-resumption-when-mfl-ext-is-different-resume-client-extra ++ ++[17-resumption-when-mfl-ext-is-different-client-extra] ++MaxFragmentLenExt = 512 ++ ++[17-resumption-when-mfl-ext-is-different-resume-client-extra] ++MaxFragmentLenExt = 1024 ++ ++ ++# =========================================================== ++ ++[18-resumption-when-mfl-ext-is-correct] ++ssl_conf = 18-resumption-when-mfl-ext-is-correct-ssl ++ ++[18-resumption-when-mfl-ext-is-correct-ssl] ++server = 18-resumption-when-mfl-ext-is-correct-server ++client = 18-resumption-when-mfl-ext-is-correct-client ++resume-server = 18-resumption-when-mfl-ext-is-correct-server ++resume-client = 18-resumption-when-mfl-ext-is-correct-resume-client ++ ++[18-resumption-when-mfl-ext-is-correct-server] ++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem ++CipherString = DEFAULT ++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem ++ ++[18-resumption-when-mfl-ext-is-correct-client] ++CipherString = DEFAULT ++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem ++VerifyMode = Peer ++ ++[18-resumption-when-mfl-ext-is-correct-resume-client] ++CipherString = DEFAULT ++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem ++VerifyMode = Peer ++ ++[test-18] ++ExpectedResult = Success ++HandshakeMode = Resume ++Method = DTLS ++ResumptionExpected = Yes ++client = 18-resumption-when-mfl-ext-is-correct-client-extra ++resume-client = 18-resumption-when-mfl-ext-is-correct-resume-client-extra ++ ++[18-resumption-when-mfl-ext-is-correct-client-extra] ++MaxFragmentLenExt = 512 ++ ++[18-resumption-when-mfl-ext-is-correct-resume-client-extra] ++MaxFragmentLenExt = 512 ++ ++ +diff --git a/test/ssl-tests/protocol_version.pm b/test/ssl-tests/protocol_version.pm +index 943719e84a..039d782b73 100644 +--- a/test/ssl-tests/protocol_version.pm ++++ b/test/ssl-tests/protocol_version.pm +@@ -265,6 +265,69 @@ sub generate_resumption_tests { + }; + } + ++ push @client_tests, { ++ "name" => "resumption-when-mfl-ext-is-missing", ++ "server" => { ++ }, ++ "client" => { ++ "extra" => { ++ "MaxFragmentLenExt" => 512, ++ }, ++ }, ++ "resume_client" => { ++ }, ++ "test" => { ++ "Method" => $method, ++ "HandshakeMode" => "Resume", ++ "ResumptionExpected" => "No", ++ "ExpectedResult" => "ServerFail", ++ } ++ }; ++ ++ push @client_tests, { ++ "name" => "resumption-when-mfl-ext-is-different", ++ "server" => { ++ }, ++ "client" => { ++ "extra" => { ++ "MaxFragmentLenExt" => 512, ++ }, ++ }, ++ "resume_client" => { ++ "extra" => { ++ "MaxFragmentLenExt" => 1024, ++ }, ++ }, ++ "test" => { ++ "Method" => $method, ++ "HandshakeMode" => "Resume", ++ "ResumptionExpected" => "No", ++ "ExpectedResult" => "ServerFail", ++ } ++ }; ++ ++ push @client_tests, { ++ "name" => "resumption-when-mfl-ext-is-correct", ++ "server" => { ++ }, ++ "client" => { ++ "extra" => { ++ "MaxFragmentLenExt" => 512, ++ }, ++ }, ++ "resume_client" => { ++ "extra" => { ++ "MaxFragmentLenExt" => 512, ++ }, ++ }, ++ "test" => { ++ "Method" => $method, ++ "HandshakeMode" => "Resume", ++ "ResumptionExpected" => "Yes", ++ "ExpectedResult" => "Success", ++ } ++ }; ++ + return (@server_tests, @client_tests); + } + +-- +2.17.1 + diff --git a/backport-Fix-a-memory-leak-in-X509_issuer_and_serial_hash.patch b/backport-Fix-a-memory-leak-in-X509_issuer_and_serial_hash.patch new file mode 100644 index 0000000000000000000000000000000000000000..397b8c6c440569c98312efb5c2a6a33f198e3679 --- /dev/null +++ b/backport-Fix-a-memory-leak-in-X509_issuer_and_serial_hash.patch @@ -0,0 +1,74 @@ +From 59b8eca400d9ea7b77dc98fe08a91bbfe35d025a Mon Sep 17 00:00:00 2001 +From: Bernd Edlinger +Date: Sat, 21 May 2022 15:41:46 +0200 +Subject: [PATCH] Fix a memory leak in X509_issuer_and_serial_hash + +This is reproducible with my error injection patch: + +$ ERROR_INJECT=1653267699 ../util/shlib_wrap.sh ./x509-test ./corpora/x509/5f4034ae85d6587dcad4da3e812e80f3d312894d +ERROR_INJECT=1653267699 + #0 0x7fd485a6ad4f in __sanitizer_print_stack_trace ../../../../src/libsanitizer/asan/asan_stack.cc:36 + #1 0x55c12d268724 in my_malloc fuzz/test-corpus.c:114 + #2 0x7fd484f51a75 in CRYPTO_zalloc crypto/mem.c:230 + #3 0x7fd484ed778d in EVP_DigestInit_ex crypto/evp/digest.c:139 + #4 0x7fd4850a9849 in X509_issuer_and_serial_hash crypto/x509/x509_cmp.c:44 + #5 0x55c12d268951 in FuzzerTestOneInput fuzz/x509.c:44 + #6 0x55c12d268239 in testfile fuzz/test-corpus.c:182 + #7 0x55c12d267c7f in main fuzz/test-corpus.c:226 + #8 0x7fd483a42082 in __libc_start_main ../csu/libc-start.c:308 + #9 0x55c12d267e5d in _start (/home/ed/OPCToolboxV5/Source/Core/OpenSSL/openssl/fuzz/x509-test+0x3e5d) + +================================================================= +==1058475==ERROR: LeakSanitizer: detected memory leaks + +Direct leak of 268 byte(s) in 1 object(s) allocated from: + #0 0x7fd485a5dc3e in __interceptor_realloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:163 + #1 0x7fd484d2eb9b in BUF_MEM_grow crypto/buffer/buffer.c:97 + #2 0x7fd4850b2913 in X509_NAME_oneline crypto/x509/x509_obj.c:43 + #3 0x7fd4850a982f in X509_issuer_and_serial_hash crypto/x509/x509_cmp.c:41 + #4 0x55c12d268951 in FuzzerTestOneInput fuzz/x509.c:44 + #5 0x55c12d268239 in testfile fuzz/test-corpus.c:182 + #6 0x55c12d267c7f in main fuzz/test-corpus.c:226 + #7 0x7fd483a42082 in __libc_start_main ../csu/libc-start.c:308 + +SUMMARY: AddressSanitizer: 268 byte(s) leaked in 1 allocation(s). + +Reviewed-by: Tomas Mraz +Reviewed-by: Matt Caswell +(Merged from https://github.com/openssl/openssl/pull/18370) +--- + crypto/x509/x509_cmp.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c +index 1d8d2d7b28..1661cac634 100644 +--- a/crypto/x509/x509_cmp.c ++++ b/crypto/x509/x509_cmp.c +@@ -34,7 +34,7 @@ unsigned long X509_issuer_and_serial_hash(X509 *a) + unsigned long ret = 0; + EVP_MD_CTX *ctx = EVP_MD_CTX_new(); + unsigned char md[16]; +- char *f; ++ char *f = NULL; + + if (ctx == NULL) + goto err; +@@ -45,7 +45,6 @@ unsigned long X509_issuer_and_serial_hash(X509 *a) + goto err; + if (!EVP_DigestUpdate(ctx, (unsigned char *)f, strlen(f))) + goto err; +- OPENSSL_free(f); + if (!EVP_DigestUpdate + (ctx, (unsigned char *)a->cert_info.serialNumber.data, + (unsigned long)a->cert_info.serialNumber.length)) +@@ -56,6 +55,7 @@ unsigned long X509_issuer_and_serial_hash(X509 *a) + ((unsigned long)md[2] << 16L) | ((unsigned long)md[3] << 24L) + ) & 0xffffffffL; + err: ++ OPENSSL_free(f); + EVP_MD_CTX_free(ctx); + return ret; + } +-- +2.17.1 + diff --git a/backport-Fix-an-assertion-in-the-DTLS-server-code.patch b/backport-Fix-an-assertion-in-the-DTLS-server-code.patch new file mode 100644 index 0000000000000000000000000000000000000000..0f75a9f665c7a80eaca02839970b4af27288a389 --- /dev/null +++ b/backport-Fix-an-assertion-in-the-DTLS-server-code.patch @@ -0,0 +1,145 @@ +From 564a8d442cbd8ce68d452ff2e8a58c0aea6b0632 Mon Sep 17 00:00:00 2001 +From: Bernd Edlinger +Date: Mon, 11 Apr 2022 10:12:48 +0200 +Subject: [PATCH] Fix an assertion in the DTLS server code + +This fixes an internal error alert from the server and +an unexpected connection failure in the release version, +but a failed assertion and a server crash in the +debug version. + +Reproduce this issue with a DTLS server/client like that: + +./openssl s_server -dtls -mtu 1500 +./openssl s_client -dtls -maxfraglen 512 + +In the debug version a crash happens in the Server now: + +./openssl s_server -dtls -mtu 1500 +Using default temp DH parameters +ACCEPT +ssl/statem/statem_dtls.c:269: OpenSSL internal error: Assertion failed: len == written +Aborted (core dumped) + +While in the release version the handshake exceeds the +negotiated max fragment size, and fails because of this: + +$ ./openssl s_server -dtls -mtu 1500 +Using default temp DH parameters +ACCEPT +ERROR +4057152ADA7F0000:error:0A0000C2:SSL routines:do_dtls1_write:exceeds max fragment size:ssl/record/rec_layer_d1.c:826: +shutting down SSL +CONNECTION CLOSED + +From the client's point of view the connection fails +with an Internal Error Alert: + +$ ./openssl s_client -dtls -maxfraglen 512 +Connecting to ::1 +CONNECTED(00000003) +40B76343377F0000:error:0A000438:SSL routines:dtls1_read_bytes:tlsv1 alert internal error:ssl/record/rec_layer_d1.c:613:SSL alert number 80 + +and now the connection attempt fails unexpectedly. + +Reviewed-by: Tomas Mraz +Reviewed-by: Matt Caswell +(Merged from https://github.com/openssl/openssl/pull/18093) + +(cherry picked from commit e915c3f5381cd38ebdc1824c3ba9896ea7160103) +--- + ssl/statem/statem_dtls.c | 6 ++--- + test/dtls_mtu_test.c | 48 +++++++++++++++++++++++++++++++++++++++- + 2 files changed, 50 insertions(+), 4 deletions(-) + +diff --git a/ssl/statem/statem_dtls.c b/ssl/statem/statem_dtls.c +index 8e3fb686ee..620367ace4 100644 +--- a/ssl/statem/statem_dtls.c ++++ b/ssl/statem/statem_dtls.c +@@ -218,8 +218,8 @@ int dtls1_do_write(SSL *s, int type) + else + len = s->init_num; + +- if (len > s->max_send_fragment) +- len = s->max_send_fragment; ++ if (len > ssl_get_max_send_fragment(s)) ++ len = ssl_get_max_send_fragment(s); + + /* + * XDTLS: this function is too long. split out the CCS part +@@ -241,7 +241,7 @@ int dtls1_do_write(SSL *s, int type) + + ret = dtls1_write_bytes(s, type, &s->init_buf->data[s->init_off], len, + &written); +- if (ret < 0) { ++ if (ret <= 0) { + /* + * might need to update MTU here, but we don't know which + * previous packet caused the failure -- so can't really +diff --git a/test/dtls_mtu_test.c b/test/dtls_mtu_test.c +index f20edf02d2..9b69e80a62 100644 +--- a/test/dtls_mtu_test.c ++++ b/test/dtls_mtu_test.c +@@ -185,12 +185,58 @@ static int run_mtu_tests(void) + + end: + SSL_CTX_free(ctx); +- bio_s_mempacket_test_free(); + return ret; + } + ++static int test_server_mtu_larger_than_max_fragment_length(void) ++{ ++ SSL_CTX *ctx = NULL; ++ SSL *srvr_ssl = NULL, *clnt_ssl = NULL; ++ int rv = 0; ++ ++ if (!TEST_ptr(ctx = SSL_CTX_new(DTLS_method()))) ++ goto end; ++ ++ SSL_CTX_set_psk_server_callback(ctx, srvr_psk_callback); ++ SSL_CTX_set_psk_client_callback(ctx, clnt_psk_callback); ++ ++#ifndef OPENSSL_NO_DH ++ if (!TEST_true(SSL_CTX_set_dh_auto(ctx, 1))) ++ goto end; ++#endif ++ ++ if (!TEST_true(create_ssl_objects(ctx, ctx, &srvr_ssl, &clnt_ssl, ++ NULL, NULL))) ++ goto end; ++ ++ SSL_set_options(srvr_ssl, SSL_OP_NO_QUERY_MTU); ++ if (!TEST_true(DTLS_set_link_mtu(srvr_ssl, 1500))) ++ goto end; ++ ++ SSL_set_tlsext_max_fragment_length(clnt_ssl, ++ TLSEXT_max_fragment_length_512); ++ ++ if (!TEST_true(create_ssl_connection(srvr_ssl, clnt_ssl, ++ SSL_ERROR_NONE))) ++ goto end; ++ ++ rv = 1; ++ ++ end: ++ SSL_free(clnt_ssl); ++ SSL_free(srvr_ssl); ++ SSL_CTX_free(ctx); ++ return rv; ++} ++ + int setup_tests(void) + { + ADD_TEST(run_mtu_tests); ++ ADD_TEST(test_server_mtu_larger_than_max_fragment_length); + return 1; + } ++ ++void cleanup_tests(void) ++{ ++ bio_s_mempacket_test_free(); ++} +-- +2.17.1 + diff --git a/backport-Fix-strict-client-chain-check-with-TLS-1.3.patch b/backport-Fix-strict-client-chain-check-with-TLS-1.3.patch new file mode 100644 index 0000000000000000000000000000000000000000..f13fb2a3f6146ec7e5f78c657e688bb2c27c7c5f --- /dev/null +++ b/backport-Fix-strict-client-chain-check-with-TLS-1.3.patch @@ -0,0 +1,54 @@ +From 3bd976551e549c030bdbd150c7aa8a1980cb00fe Mon Sep 17 00:00:00 2001 +From: Tomas Mraz +Date: Tue, 29 Mar 2022 13:31:34 +0200 +Subject: [PATCH] Fix strict client chain check with TLS-1.3 + +When TLS-1.3 is used and the server does not send any CA names +the ca_dn will be NULL. sk_X509_NAME_num() returns -1 on null +argument. + +Reviewed-by: Todd Short +Reviewed-by: Matt Caswell +(Merged from https://github.com/openssl/openssl/pull/17986) + +(cherry picked from commit 89dd85430770d39cbfb15eb586c921958ca7687f) +--- + ssl/t1_lib.c | 14 ++++++-------- + 1 file changed, 6 insertions(+), 8 deletions(-) + +diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c +index 4de4623a49..5fcb40eaff 100644 +--- a/ssl/t1_lib.c ++++ b/ssl/t1_lib.c +@@ -2369,22 +2369,20 @@ int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain, + + ca_dn = s->s3->tmp.peer_ca_names; + +- if (!sk_X509_NAME_num(ca_dn)) ++ if (ca_dn == NULL ++ || sk_X509_NAME_num(ca_dn) == 0 ++ || ssl_check_ca_name(ca_dn, x)) + rv |= CERT_PKEY_ISSUER_NAME; +- +- if (!(rv & CERT_PKEY_ISSUER_NAME)) { +- if (ssl_check_ca_name(ca_dn, x)) +- rv |= CERT_PKEY_ISSUER_NAME; +- } +- if (!(rv & CERT_PKEY_ISSUER_NAME)) { ++ else + for (i = 0; i < sk_X509_num(chain); i++) { + X509 *xtmp = sk_X509_value(chain, i); ++ + if (ssl_check_ca_name(ca_dn, xtmp)) { + rv |= CERT_PKEY_ISSUER_NAME; + break; + } + } +- } ++ + if (!check_flags && !(rv & CERT_PKEY_ISSUER_NAME)) + goto end; + } else +-- +2.17.1 + diff --git a/openssl.spec b/openssl.spec index 521b231cfd1e5f82b05f609099764c355980ec8b..8bfa735da952e5f1ec08cd79c1e7dd25206d799b 100644 --- a/openssl.spec +++ b/openssl.spec @@ -2,7 +2,7 @@ Name: openssl Epoch: 1 Version: 1.1.1m -Release: 15 +Release: 16 Summary: Cryptography and SSL/TLS Toolkit License: OpenSSL and SSLeay URL: https://www.openssl.org/ @@ -63,6 +63,10 @@ Patch52: backport-Do-not-send-an-empty-supported-groups-extension.patch Patch53: backport-x509-use-actual-issuer-name-if-a-CA-is-used.patch Patch54: backport-ticket_lifetime_hint-may-exceed-1-week-in-TLSv1.3.patch Patch55: backport-Fix-a-memory-leak-in-crl_set_issuers.patch +Patch56: backport-Fix-a-DTLS-server-hangup-due-to-TLS13_AD_MISSING_EXT.patch +Patch57: backport-Fix-an-assertion-in-the-DTLS-server-code.patch +Patch58: backport-Fix-a-memory-leak-in-X509_issuer_and_serial_hash.patch +Patch59: backport-Fix-strict-client-chain-check-with-TLS-1.3.patch BuildRequires: gcc perl make lksctp-tools-devel coreutils util-linux zlib-devel Requires: coreutils %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release} @@ -265,6 +269,9 @@ make test || : %ldconfig_scriptlets libs %changelog +* Mon Nov 7 2022 steven.ygui - 1:1.1.1m-16 +- backport some patches + * Mon Nov 7 2022 fangxiuning - 1:1.1.1m-15 - backport some patches