SecBSD/src
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

sync with OpenBSD -current

Browse source
This commit is contained in:
purplerain 2024-06-29 09:21:17 +00:00
parent caabca1cee
commit aaa686b79e
Signed by: purplerain
GPG key ID: F42C07F07E2E35B7
15 changed files with 537 additions and 267 deletions
Download patch file Download diff file Expand all files Collapse all files

48
lib/libradius/radius.h
View file

@ -1,4 +1,4 @@
/* $OpenBSD: radius.h,v 1.4 2024/02/25 06:22:45 yasuoka Exp $ */
/* $OpenBSD: radius.h,v 1.6 2024/06/29 07:19:18 yasuoka Exp $ */
/*-
* Copyright (c) 2009 Internet Initiative Japan Inc.
@ -31,6 +31,7 @@
#define RADIUS_DEFAULT_PORT 1812
#define RADIUS_ACCT_DEFAULT_PORT 1813
#define RADIUS_DAE_DEFAULT_PORT 3799
/* RADIUS codes */
#define RADIUS_CODE_ACCESS_REQUEST 1
@ -42,6 +43,12 @@
#define RADIUS_CODE_STATUS_SERVER 12
#define RADIUS_CODE_STATUS_CLIENT 13
#define RADIUS_CODE_DISCONNECT_REQUEST 40
#define RADIUS_CODE_DISCONNECT_ACK 41
#define RADIUS_CODE_DISCONNECT_NACK 42
#define RADIUS_CODE_COA_REQUEST 43
#define RADIUS_CODE_COA_ACK 44
#define RADIUS_CODE_COA_NACK 45
/* RADIUS attributes */
#define RADIUS_TYPE_USER_NAME 1
@ -143,6 +150,9 @@
#define RADIUS_TYPE_FRAMED_IPV6_ROUTE 99
#define RADIUS_TYPE_FRAMED_IPV6_POOL 100
/* RFC 5176 3.5. Error-Cause */
#define RADIUS_TYPE_ERROR_CAUSE 101
/* RFC 6911 3. Attributes */
#define RADIUS_TYPE_FRAMED_IPV6_ADDRESS 168
#define RADIUS_TYPE_DNS_SERVER_IPV6_ADDRESS 169
@ -320,6 +330,42 @@
#define RADIUS_TUNNEL_MEDIUM_TYPE_E163 7 /* E.163 (POTS) */
#define RADIUS_TUNNEL_MEDIUM_TYPE_E164 8 /* E.164 (SMDS, Frame
* Relay, ATM) */
/* RFC 5167 3.5. Error-Cause */
/* Residual Session Context Removed */
#define RADIUS_ERROR_CAUSE_RESIDUAL_SESSION_REMOVED 201
/* Invalid EAP Packet (Ignored) */
#define RADIUS_ERROR_CAUSE_INVALID_EAP_PACKET 202
/* Unsupported Attribute */
#define RADIUS_ERROR_CAUSE_UNSUPPORTED_ATTRIBUTE 401
/* Missing Attribute */
#define RADIUS_ERROR_CAUSE_MISSING_ATTRIBUTE 402
/* NAS Identification Mismatch */
#define RADIUS_ERROR_CAUSE_NAS_IDENTIFICATION_MISMATCH 403
/* Invalid Request */
#define RADIUS_ERROR_CAUSE_INVALID_REQUEST 404
/* Unsupported Service */
#define RADIUS_ERROR_CAUSE_UNSUPPORTED_SERVICE 405
/* Unsupported Extension */
#define RADIUS_ERROR_CAUSE_UNSUPPORTED_EXTENSION 406
/* Invalid Attribute Valu */
#define RADIUS_ERROR_CAUSE_INVALID_ATTRIBUTE_VALUE 407
/* Administratively Prohibited */
#define RADIUS_ERROR_CAUSE_ADMINISTRATIVELY_PROHIBITED 501
/* Request Not Routable (Proxy) */
#define RADIUS_ERROR_CAUSE_REQUEST_NOT_ROUTABLE 502
/* Session Context Not Found */
#define RADIUS_ERROR_CAUSE_SESSION_NOT_FOUND 503
/* Session Context Not Removable */
#define RADIUS_ERROR_CAUSE_SESSION_NOT_REMOVABLE 504
/* Other Proxy Processing Error */
#define RADIUS_ERROR_CAUSE_OTHER_PROXY_PROCESSING_ERROR 505
/* Resources Unavailable */
#define RADIUS_ERROR_CAUSE_RESOURCES_UNAVAILABLE 506
/* Request Initiated */
#define RADIUS_ERROR_CAUSE_REQUEST_INITIATED 507
/* Multiple Session Selection Unsupported */
#define RADIUS_ERROR_CAUSE_MULTI_SELECTION_UNSUPPORTED 508
#include <sys/socket.h>
#include <sys/cdefs.h>

16
lib/libssl/man/SSL_CTX_set_alpn_select_cb.3
View file

@ -1,4 +1,4 @@
.\" $OpenBSD: SSL_CTX_set_alpn_select_cb.3,v 1.8 2021/09/10 09:25:29 tb Exp $
.\" $OpenBSD: SSL_CTX_set_alpn_select_cb.3,v 1.9 2024/06/28 14:48:43 tb Exp $
.\" OpenSSL 87b81496 Apr 19 12:38:27 2017 -0400
.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
.\"
@ -49,7 +49,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: September 10 2021 $
.Dd $Mdocdate: June 28 2024 $
.Dt SSL_CTX_SET_ALPN_SELECT_CB 3
.Os
.Sh NAME
@ -153,6 +153,15 @@ It implements the standard protocol selection.
It is expected that this function is called from the application
callback
.Fa cb .
If
.Fn SSL_select_next_proto
returns
.Dv OPENSSL_NPN_NO_OVERLAP ,
.Fa cb
should ignore
.Fa out
and fail by returning
.Dv SSL_TLSEXT_ERR_ALERT_FATAL .
The protocol data in
.Fa server ,
.Fa server_len
@ -175,7 +184,8 @@ value will point into either
.Fa server
or
.Fa client ,
so it should be copied immediately.
so it must not be modified and
should be copied immediately.
If no match is found, the first item in
.Fa client ,
.Fa client_len

83
lib/libssl/ssl_lib.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: ssl_lib.c,v 1.323 2024/04/15 16:00:05 tb Exp $ */
/* $OpenBSD: ssl_lib.c,v 1.325 2024/06/29 07:34:12 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -1785,45 +1785,70 @@ LSSL_ALIAS(SSL_get_servername_type);
* It returns either:
* OPENSSL_NPN_NEGOTIATED if a common protocol was found, or
* OPENSSL_NPN_NO_OVERLAP if the fallback case was reached.
*
* XXX - the out argument points into server_list or client_list and should
* therefore really be const. We can't fix that without breaking the callers.
*/
int
SSL_select_next_proto(unsigned char **out, unsigned char *outlen,
const unsigned char *server, unsigned int server_len,
const unsigned char *client, unsigned int client_len)
const unsigned char *server_list, unsigned int server_list_len,
const unsigned char *client_list, unsigned int client_list_len)
{
unsigned int i, j;
const unsigned char *result;
int status = OPENSSL_NPN_UNSUPPORTED;
CBS client, client_proto, server, server_proto;
*out = NULL;
*outlen = 0;
/* First check that the client list is well-formed. */
CBS_init(&client, client_list, client_list_len);
if (!tlsext_alpn_check_format(&client))
goto err;
/*
* For each protocol in server preference order,
* see if we support it.
* Use first client protocol as fallback. This is one way of doing NPN's
* "opportunistic" protocol selection (see security considerations in
* draft-agl-tls-nextprotoneg-04), and it is the documented behavior of
* this API. For ALPN it's the callback's responsibility to fail on
* OPENSSL_NPN_NO_OVERLAP.
*/
for (i = 0; i < server_len; ) {
for (j = 0; j < client_len; ) {
if (server[i] == client[j] &&
memcmp(&server[i + 1],
&client[j + 1], server[i]) == 0) {
/* We found a match */
result = &server[i];
status = OPENSSL_NPN_NEGOTIATED;
goto found;
if (!CBS_get_u8_length_prefixed(&client, &client_proto))
goto err;
*out = (unsigned char *)CBS_data(&client_proto);
*outlen = CBS_len(&client_proto);
/* Now check that the server list is well-formed. */
CBS_init(&server, server_list, server_list_len);
if (!tlsext_alpn_check_format(&server))
goto err;
/*
* Walk the server list and select the first protocol that appears in
* the client list.
*/
while (CBS_len(&server) > 0) {
if (!CBS_get_u8_length_prefixed(&server, &server_proto))
goto err;
CBS_init(&client, client_list, client_list_len);
while (CBS_len(&client) > 0) {
if (!CBS_get_u8_length_prefixed(&client, &client_proto))
goto err;
if (CBS_mem_equal(&client_proto,
CBS_data(&server_proto), CBS_len(&server_proto))) {
*out = (unsigned char *)CBS_data(&server_proto);
*outlen = CBS_len(&server_proto);
return OPENSSL_NPN_NEGOTIATED;
}
j += client[j];
j++;
}
i += server[i];
i++;
}
/* There's no overlap between our protocols and the server's list. */
result = client;
status = OPENSSL_NPN_NO_OVERLAP;
found:
*out = (unsigned char *) result + 1;
*outlen = result[0];
return (status);
err:
return OPENSSL_NPN_NO_OVERLAP;
}
LSSL_ALIAS(SSL_select_next_proto);

206
lib/libssl/ssl_packet.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: ssl_packet.c,v 1.15 2022/11/26 16:08:56 tb Exp $ */
/* $OpenBSD: ssl_packet.c,v 1.16 2024/06/28 13:37:49 jsing Exp $ */
/*
* Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org>
*
@ -18,34 +18,6 @@
#include "bytestring.h"
#include "ssl_local.h"
static int
ssl_is_sslv2_client_hello(CBS *header)
{
uint16_t record_length;
uint8_t message_type;
CBS cbs;
CBS_dup(header, &cbs);
if (!CBS_get_u16(&cbs, &record_length) ||
!CBS_get_u8(&cbs, &message_type))
return 0;
/*
* The SSLv2 record length field uses variable length (2 or 3 byte)
* encoding. Given the size of a client hello, we expect/require the
* 2-byte form which is indicated by a one in the most significant bit.
*/
if ((record_length & 0x8000) == 0)
return 0;
if ((record_length & ~0x8000) < 3)
return 0;
if (message_type != SSL2_MT_CLIENT_HELLO)
return 0;
return 1;
}
static int
ssl_is_sslv3_handshake(CBS *header)
{
@ -67,164 +39,6 @@ ssl_is_sslv3_handshake(CBS *header)
return 1;
}
static int
ssl_convert_sslv2_client_hello(SSL *s)
{
CBB cbb, handshake, client_hello, cipher_suites, compression, session_id;
CBS cbs, challenge, cipher_specs, session;
uint16_t record_length, client_version, cipher_specs_length;
uint16_t session_id_length, challenge_length;
unsigned char *client_random = NULL, *data = NULL;
size_t data_len, pad_len, len;
uint32_t cipher_spec;
uint8_t message_type;
unsigned char *pad;
int ret = -1;
int n;
memset(&cbb, 0, sizeof(cbb));
CBS_init(&cbs, s->packet, SSL3_RT_HEADER_LENGTH);
if (!CBS_get_u16(&cbs, &record_length) ||
!CBS_get_u8(&cbs, &message_type) ||
!CBS_get_u16(&cbs, &client_version))
return -1;
/*
* The SSLv2 record length field uses variable length (2 or 3 byte)
* encoding. Given the size of a client hello, we expect/require the
* 2-byte form which is indicated by a one in the most significant bit.
* Also note that the record length value does not include the bytes
* used for the record length field.
*/
if ((record_length & 0x8000) == 0)
return -1;
record_length &= ~0x8000;
if (record_length < SSL3_RT_HEADER_LENGTH - 2)
return -1;
if (message_type != SSL2_MT_CLIENT_HELLO)
return -1;
if (record_length < 9) {
SSLerror(s, SSL_R_RECORD_LENGTH_MISMATCH);
return -1;
}
if (record_length > 4096) {
SSLerror(s, SSL_R_RECORD_TOO_LARGE);
return -1;
}
n = ssl3_packet_extend(s, record_length + 2);
if (n != record_length + 2)
return n;
tls1_transcript_record(s, s->packet + 2,
s->packet_length - 2);
s->mac_packet = 0;
if (s->msg_callback)
s->msg_callback(0, SSL2_VERSION, 0,
s->packet + 2, s->packet_length - 2, s,
s->msg_callback_arg);
/* Decode the SSLv2 record containing the client hello. */
CBS_init(&cbs, s->packet, s->packet_length);
if (!CBS_get_u16(&cbs, &record_length))
return -1;
if (!CBS_get_u8(&cbs, &message_type))
return -1;
if (!CBS_get_u16(&cbs, &client_version))
return -1;
if (!CBS_get_u16(&cbs, &cipher_specs_length))
return -1;
if (!CBS_get_u16(&cbs, &session_id_length))
return -1;
if (!CBS_get_u16(&cbs, &challenge_length))
return -1;
if (!CBS_get_bytes(&cbs, &cipher_specs, cipher_specs_length))
return -1;
if (!CBS_get_bytes(&cbs, &session, session_id_length))
return -1;
if (!CBS_get_bytes(&cbs, &challenge, challenge_length))
return -1;
if (CBS_len(&cbs) != 0) {
SSLerror(s, SSL_R_RECORD_LENGTH_MISMATCH);
return -1;
}
/*
* Convert SSLv2 challenge to SSLv3/TLS client random, by truncating or
* left-padding with zero bytes.
*/
if ((client_random = malloc(SSL3_RANDOM_SIZE)) == NULL)
goto err;
if (!CBB_init_fixed(&cbb, client_random, SSL3_RANDOM_SIZE))
goto err;
if ((len = CBS_len(&challenge)) > SSL3_RANDOM_SIZE)
len = SSL3_RANDOM_SIZE;
pad_len = SSL3_RANDOM_SIZE - len;
if (!CBB_add_space(&cbb, &pad, pad_len))
goto err;
memset(pad, 0, pad_len);
if (!CBB_add_bytes(&cbb, CBS_data(&challenge), len))
goto err;
if (!CBB_finish(&cbb, NULL, NULL))
goto err;
/* Build SSLv3/TLS record with client hello. */
if (!CBB_init(&cbb, SSL3_RT_MAX_PLAIN_LENGTH))
goto err;
if (!CBB_add_u8(&cbb, SSL3_RT_HANDSHAKE))
goto err;
if (!CBB_add_u16(&cbb, 0x0301))
goto err;
if (!CBB_add_u16_length_prefixed(&cbb, &handshake))
goto err;
if (!CBB_add_u8(&handshake, SSL3_MT_CLIENT_HELLO))
goto err;
if (!CBB_add_u24_length_prefixed(&handshake, &client_hello))
goto err;
if (!CBB_add_u16(&client_hello, client_version))
goto err;
if (!CBB_add_bytes(&client_hello, client_random, SSL3_RANDOM_SIZE))
goto err;
if (!CBB_add_u8_length_prefixed(&client_hello, &session_id))
goto err;
if (!CBB_add_u16_length_prefixed(&client_hello, &cipher_suites))
goto err;
while (CBS_len(&cipher_specs) > 0) {
if (!CBS_get_u24(&cipher_specs, &cipher_spec))
goto err;
if ((cipher_spec & 0xff0000) != 0)
continue;
if (!CBB_add_u16(&cipher_suites, cipher_spec & 0xffff))
goto err;
}
if (!CBB_add_u8_length_prefixed(&client_hello, &compression))
goto err;
if (!CBB_add_u8(&compression, 0))
goto err;
if (!CBB_finish(&cbb, &data, &data_len))
goto err;
if (data_len > s->s3->rbuf.len)
goto err;
s->packet = s->s3->rbuf.buf;
s->packet_length = data_len;
memcpy(s->packet, data, data_len);
ret = 1;
err:
CBB_cleanup(&cbb);
free(client_random);
free(data);
return (ret);
}
/*
* Potentially do legacy processing on the first packet received by a TLS
* server. We return 1 if we want SSLv3/TLS record processing to continue
@ -233,7 +47,6 @@ ssl_convert_sslv2_client_hello(SSL *s)
int
ssl_server_legacy_first_packet(SSL *s)
{
uint16_t min_version;
const char *data;
CBS header;
@ -249,23 +62,6 @@ ssl_server_legacy_first_packet(SSL *s)
if (s->method->min_tls_version == s->method->max_tls_version)
return 1;
if (ssl_is_sslv2_client_hello(&header) == 1) {
/* Only permit SSLv2 client hellos if TLSv1.0 is enabled. */
if (ssl_enabled_tls_version_range(s, &min_version, NULL) != 1) {
SSLerror(s, SSL_R_NO_PROTOCOLS_AVAILABLE);
return -1;
}
if (min_version > TLS1_VERSION)
return 1;
if (ssl_convert_sslv2_client_hello(s) != 1) {
SSLerror(s, SSL_R_BAD_PACKET_LENGTH);
return -1;
}
return 1;
}
/* Ensure that we have SSL3_RT_HEADER_LENGTH (5 bytes) of the packet. */
if (CBS_len(&header) != SSL3_RT_HEADER_LENGTH) {
SSLerror(s, ERR_R_INTERNAL_ERROR);