src - FreeBSD source tree

diff options


context:
space:
mode:

author	Enji Cooper <ngie@FreeBSD.org>	2025-07-11 00:18:38 +0000
committer	Enji Cooper <ngie@FreeBSD.org>	2025-07-11 00:18:38 +0000
commit	ecf8229ffeb17a05c78fab6b973b0cccb84e25c5 (patch)
tree	da8cf5ccc84d9bc3fbadcf674c7d501f9ca7ab5d /ssl
parent	1c34280346af8284acdc0eae39496811d37df25d (diff)

vendor/openssl: import OpenSSL 3.0.17vendor/openssl/3.0.17 vendor/openssl-3.0

Per the upstream release notes, this is a ["bugfix release"](https://github.com/openssl/openssl/blob/openssl-3.0/CHANGES.md#openssl-30). It does not contain any security-critical bugfixes, unlike the most recent prior releases of OpenSSL 3.0. This release is not an immediate candidate for inclusion in 14.3-* releases. That being said, content from this release will potentially be rolled into upcoming releases by virtue of this being an iterative 3.0.x release. The changes may be benign, but some care might be required in the event that some of the bugfixes affect shipping code which requires behavior that may have been changed in this release. Obtained from: https://github.com/openssl/openssl/releases/download/openssl-3.0.17/openssl-3.0.17.tar.gz

Diffstat (limited to 'ssl')

-rw-r--r--

ssl/record/rec_layer_d1.c

-rw-r--r--

ssl/record/rec_layer_s3.c

-rw-r--r--

ssl/s3_lib.c

-rw-r--r--

ssl/ssl_cert.c

-rw-r--r--

ssl/ssl_sess.c

-rw-r--r--

ssl/statem/extensions_srvr.c

-rw-r--r--

ssl/statem/statem_lib.c

7 files changed, 61 insertions, 28 deletions

diff --git a/ssl/record/rec_layer_d1.c b/ssl/record/rec_layer_d1.c
index 79de0219ec7b..3e5ec6aec4dd 100644
--- a/ssl/record/rec_layer_d1.c
+++ b/ssl/record/rec_layer_d1.c

@@ -1,5 +1,5 @@

* Licensed under the Apache License 2.0 (the "License"). You may not use

* this file except in compliance with the License. You can obtain a copy

@@ -606,6 +606,17 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,

#endif

s->shutdown |= SSL_RECEIVED_SHUTDOWN;

return 0;

+ } else if (alert_descr == SSL_AD_NO_RENEGOTIATION) {

+ /*

+ * This is a warning but we receive it if we requested

+ * renegotiation and the peer denied it. Terminate with a fatal

+ * alert because if the application tried to renegotiate it

+ * presumably had a good reason and expects it to succeed. In

+ * the future we might have a renegotiation where we don't care

+ * if the peer refused it where we carry on.

+ */

+ SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_NO_RENEGOTIATION);

+ return -1;

}

} else if (alert_level == SSL3_AL_FATAL) {

s->rwstate = SSL_NOTHING;

diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c
index 779e998bb6ee..89ab1f4f1a44 100644
--- a/ssl/record/rec_layer_s3.c
+++ b/ssl/record/rec_layer_s3.c

@@ -1,5 +1,5 @@

* Licensed under the Apache License 2.0 (the "License"). You may not use

* this file except in compliance with the License. You can obtain a copy

@@ -1613,10 +1613,10 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,

* This is a warning but we receive it if we requested

* renegotiation and the peer denied it. Terminate with a fatal

- * alert because if application tried to renegotiate it

+ * alert because if the application tried to renegotiate it

* presumably had a good reason and expects it to succeed. In

- * future we might have a renegotiation where we don't care if

- * the peer refused it where we carry on.

+ * the future we might have a renegotiation where we don't care

+ * if the peer refused it where we carry on.

SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_NO_RENEGOTIATION);

return -1;

diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index bcfe57b46f08..7c76ae13db76 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c

@@ -1,5 +1,5 @@

@@ -4820,7 +4820,10 @@ int ssl_derive(SSL *s, EVP_PKEY *privkey, EVP_PKEY *pubkey, int gensecret)

}

if (EVP_PKEY_derive(pctx, pms, &pmslen) <= 0) {

- SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);

+ /*

+ * the public key was probably a weak key

+ */

+ SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_BAD_KEY_SHARE);

goto err;

}

@@ -4923,7 +4926,7 @@ int ssl_encapsulate(SSL *s, EVP_PKEY *pubkey,

}

if (EVP_PKEY_encapsulate(pctx, ct, &ctlen, pms, &pmslen) <= 0) {

- SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);

+ SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_BAD_KEY_SHARE);

goto err;

}

diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index 2e2d09a32ee4..a8d6df924bce 100644
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c

@@ -1,5 +1,5 @@

* Licensed under the Apache License 2.0 (the "License"). You may not use

@@ -812,16 +812,17 @@ static int add_uris_recursive(STACK_OF(X509_NAME) *stack,

OSSL_STORE_CTX *ctx = NULL;

X509 *x = NULL;

X509_NAME *xn = NULL;

+ OSSL_STORE_INFO *info = NULL;

if ((ctx = OSSL_STORE_open(uri, NULL, NULL, NULL, NULL)) == NULL)

goto err;

while (!OSSL_STORE_eof(ctx) && !OSSL_STORE_error(ctx)) {

- OSSL_STORE_INFO *info = OSSL_STORE_load(ctx);

- int infotype = info == 0 ? 0 : OSSL_STORE_INFO_get_type(info);

+ int infotype;

- if (info == NULL)

+ if ((info = OSSL_STORE_load(ctx)) == NULL)

continue;

+ infotype = OSSL_STORE_INFO_get_type(info);

if (infotype == OSSL_STORE_INFO_NAME) {

@@ -846,6 +847,7 @@ static int add_uris_recursive(STACK_OF(X509_NAME) *stack,

}

OSSL_STORE_INFO_free(info);

+ info = NULL;

}

ERR_clear_error();

@@ -853,6 +855,7 @@ static int add_uris_recursive(STACK_OF(X509_NAME) *stack,

err:

ok = 0;

+ OSSL_STORE_INFO_free(info);

done:

OSSL_STORE_close(ctx);

diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
index ec937a321c30..72b6dae677e3 100644
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c

@@ -1,5 +1,5 @@

* Licensed under the Apache License 2.0 (the "License"). You may not use

@@ -612,6 +612,8 @@ int ssl_get_prev_session(SSL *s, CLIENTHELLO_MSG *hello)

SSL_TICKET_STATUS r;

if (SSL_IS_TLS13(s)) {

+ SSL_SESSION_free(s->session);

+ s->session = NULL;

* By default we will send a new ticket. This can be overridden in the

* ticket processing.

@@ -624,6 +626,7 @@ int ssl_get_prev_session(SSL *s, CLIENTHELLO_MSG *hello)

hello->pre_proc_exts, NULL, 0))

return -1;

+ /* If we resumed, s->session will now be set */

ret = s->session;

} else {

/* sets s->ext.ticket_expected */

diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c
index 72c00574be68..b8d55e144cfc 100644
--- a/ssl/statem/extensions_srvr.c
+++ b/ssl/statem/extensions_srvr.c

@@ -1,5 +1,5 @@

* Licensed under the Apache License 2.0 (the "License"). You may not use

* this file except in compliance with the License. You can obtain a copy

@@ -275,7 +275,13 @@ int tls_parse_ctos_sig_algs_cert(SSL *s, PACKET *pkt,

return 0;

}

- if (!s->hit && !tls1_save_sigalgs(s, &supported_sig_algs, 1)) {

+ /*

+ * We use this routine on both clients and servers, and when clients

+ * get asked for PHA we need to always save the sigalgs regardless

+ * of whether it was a resumption or not.

+ */

+ if ((!s->server || (s->server && !s->hit))

+ && !tls1_save_sigalgs(s, &supported_sig_algs, 1)) {

SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION);

return 0;

}

@@ -294,7 +300,13 @@ int tls_parse_ctos_sig_algs(SSL *s, PACKET *pkt, unsigned int context, X509 *x,

return 0;

}

- if (!s->hit && !tls1_save_sigalgs(s, &supported_sig_algs, 0)) {

+ /*

+ * We use this routine on both clients and servers, and when clients

+ * get asked for PHA we need to always save the sigalgs regardless

+ * of whether it was a resumption or not.

+ */

+ if ((!s->server || (s->server && !s->hit))

+ && !tls1_save_sigalgs(s, &supported_sig_algs, 0)) {

SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION);

return 0;

}

diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c
index 6f0eaa5d6c0d..422d0428d465 100644
--- a/ssl/statem/statem_lib.c
+++ b/ssl/statem/statem_lib.c

@@ -1,5 +1,5 @@

* Licensed under the Apache License 2.0 (the "License"). You may not use

@@ -1967,23 +1967,24 @@ int ssl_choose_client_version(SSL *s, int version, RAW_EXTENSION *extensions)

real_max = ver_max;

/* Check for downgrades */

- if (s->version == TLS1_2_VERSION && real_max > s->version) {

- if (memcmp(tls12downgrade,

+ if (!SSL_IS_DTLS(s) && real_max > s->version) {

+ /* Signal applies to all versions */

+ if (memcmp(tls11downgrade,

s->s3.server_random + SSL3_RANDOM_SIZE

- - sizeof(tls12downgrade),

- sizeof(tls12downgrade)) == 0) {

+ - sizeof(tls11downgrade),

+ sizeof(tls11downgrade)) == 0) {

s->version = origv;

SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,

SSL_R_INAPPROPRIATE_FALLBACK);

return 0;

}

- } else if (!SSL_IS_DTLS(s)

- && s->version < TLS1_2_VERSION

- && real_max > s->version) {

- if (memcmp(tls11downgrade,

- s->s3.server_random + SSL3_RANDOM_SIZE

- - sizeof(tls11downgrade),

- sizeof(tls11downgrade)) == 0) {

+ /* Only when accepting TLS1.3 */

+ if (real_max == TLS1_3_VERSION

+ && memcmp(tls12downgrade,

+ s->s3.server_random + SSL3_RANDOM_SIZE

+ - sizeof(tls12downgrade),

+ sizeof(tls12downgrade)) == 0) {

s->version = origv;

SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,

SSL_R_INAPPROPRIATE_FALLBACK);