diff options
| author | jsing <> | 2014-06-11 14:50:07 +0000 |
|---|---|---|
| committer | jsing <> | 2014-06-11 14:50:07 +0000 |
| commit | edeec798f517bbf85e9b72eba5ead0073a68fb73 (patch) | |
| tree | 8428cf327f591bba8f54f7ac97e41d3587309533 | |
| parent | 5f1ffd2d0c4f43b0c2493eb1bdb7a5fad0f1eb6c (diff) | |
| download | openbsd-edeec798f517bbf85e9b72eba5ead0073a68fb73.tar.gz openbsd-edeec798f517bbf85e9b72eba5ead0073a68fb73.tar.bz2 openbsd-edeec798f517bbf85e9b72eba5ead0073a68fb73.zip | |
More KNF.
Diffstat (limited to '')
| -rw-r--r-- | src/lib/libssl/s3_pkt.c | 147 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/s3_pkt.c | 147 |
2 files changed, 182 insertions, 112 deletions
diff --git a/src/lib/libssl/s3_pkt.c b/src/lib/libssl/s3_pkt.c index 942ab37b95..e19aba5580 100644 --- a/src/lib/libssl/s3_pkt.c +++ b/src/lib/libssl/s3_pkt.c | |||
| @@ -245,9 +245,12 @@ ssl3_read_n(SSL *s, int n, int max, int extend) | |||
| 245 | return (i); | 245 | return (i); |
| 246 | } | 246 | } |
| 247 | left += i; | 247 | left += i; |
| 248 | /* reads should *never* span multiple packets for DTLS because | 248 | |
| 249 | * the underlying transport protocol is message oriented as opposed | 249 | /* |
| 250 | * to byte oriented as in the TLS case. */ | 250 | * reads should *never* span multiple packets for DTLS because |
| 251 | * the underlying transport protocol is message oriented as | ||
| 252 | * opposed to byte oriented as in the TLS case. | ||
| 253 | */ | ||
| 251 | if (SSL_IS_DTLS(s)) { | 254 | if (SSL_IS_DTLS(s)) { |
| 252 | if (n > left) | 255 | if (n > left) |
| 253 | n = left; /* makes the while condition false */ | 256 | n = left; /* makes the while condition false */ |
| @@ -332,13 +335,15 @@ again: | |||
| 332 | } | 335 | } |
| 333 | 336 | ||
| 334 | if ((version >> 8) != SSL3_VERSION_MAJOR) { | 337 | if ((version >> 8) != SSL3_VERSION_MAJOR) { |
| 335 | SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_WRONG_VERSION_NUMBER); | 338 | SSLerr(SSL_F_SSL3_GET_RECORD, |
| 339 | SSL_R_WRONG_VERSION_NUMBER); | ||
| 336 | goto err; | 340 | goto err; |
| 337 | } | 341 | } |
| 338 | 342 | ||
| 339 | if (rr->length > s->s3->rbuf.len - SSL3_RT_HEADER_LENGTH) { | 343 | if (rr->length > s->s3->rbuf.len - SSL3_RT_HEADER_LENGTH) { |
| 340 | al = SSL_AD_RECORD_OVERFLOW; | 344 | al = SSL_AD_RECORD_OVERFLOW; |
| 341 | SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_PACKET_LENGTH_TOO_LONG); | 345 | SSLerr(SSL_F_SSL3_GET_RECORD, |
| 346 | SSL_R_PACKET_LENGTH_TOO_LONG); | ||
| 342 | goto f_err; | 347 | goto f_err; |
| 343 | } | 348 | } |
| 344 | 349 | ||
| @@ -444,18 +449,23 @@ again: | |||
| 444 | if (i < 0 || mac == NULL || | 449 | if (i < 0 || mac == NULL || |
| 445 | CRYPTO_memcmp(md, mac, (size_t)mac_size) != 0) | 450 | CRYPTO_memcmp(md, mac, (size_t)mac_size) != 0) |
| 446 | enc_err = -1; | 451 | enc_err = -1; |
| 447 | if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH + extra + mac_size) | 452 | if (rr->length > |
| 453 | SSL3_RT_MAX_COMPRESSED_LENGTH + extra + mac_size) | ||
| 448 | enc_err = -1; | 454 | enc_err = -1; |
| 449 | } | 455 | } |
| 450 | 456 | ||
| 451 | if (enc_err < 0) { | 457 | if (enc_err < 0) { |
| 452 | /* A separate 'decryption_failed' alert was introduced with TLS 1.0, | 458 | /* |
| 453 | * SSL 3.0 only has 'bad_record_mac'. But unless a decryption | 459 | * A separate 'decryption_failed' alert was introduced with |
| 454 | * failure is directly visible from the ciphertext anyway, | 460 | * TLS 1.0, SSL 3.0 only has 'bad_record_mac'. But unless a |
| 455 | * we should not reveal which kind of error occured -- this | 461 | * decryption failure is directly visible from the ciphertext |
| 456 | * might become visible to an attacker (e.g. via a logfile) */ | 462 | * anyway, we should not reveal which kind of error |
| 463 | * occurred -- this might become visible to an attacker | ||
| 464 | * (e.g. via a logfile) | ||
| 465 | */ | ||
| 457 | al = SSL_AD_BAD_RECORD_MAC; | 466 | al = SSL_AD_BAD_RECORD_MAC; |
| 458 | SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC); | 467 | SSLerr(SSL_F_SSL3_GET_RECORD, |
| 468 | SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC); | ||
| 459 | goto f_err; | 469 | goto f_err; |
| 460 | } | 470 | } |
| 461 | 471 | ||
| @@ -463,7 +473,8 @@ again: | |||
| 463 | if (s->expand != NULL) { | 473 | if (s->expand != NULL) { |
| 464 | if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH + extra) { | 474 | if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH + extra) { |
| 465 | al = SSL_AD_RECORD_OVERFLOW; | 475 | al = SSL_AD_RECORD_OVERFLOW; |
| 466 | SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_COMPRESSED_LENGTH_TOO_LONG); | 476 | SSLerr(SSL_F_SSL3_GET_RECORD, |
| 477 | SSL_R_COMPRESSED_LENGTH_TOO_LONG); | ||
| 467 | goto f_err; | 478 | goto f_err; |
| 468 | } | 479 | } |
| 469 | if (!ssl3_do_uncompress(s)) { | 480 | if (!ssl3_do_uncompress(s)) { |
| @@ -569,7 +580,8 @@ ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) | |||
| 569 | if (i < 0) | 580 | if (i < 0) |
| 570 | return (i); | 581 | return (i); |
| 571 | if (i == 0) { | 582 | if (i == 0) { |
| 572 | SSLerr(SSL_F_SSL3_WRITE_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE); | 583 | SSLerr(SSL_F_SSL3_WRITE_BYTES, |
| 584 | SSL_R_SSL_HANDSHAKE_FAILURE); | ||
| 573 | return -1; | 585 | return -1; |
| 574 | } | 586 | } |
| 575 | } | 587 | } |
| @@ -591,8 +603,11 @@ ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) | |||
| 591 | 603 | ||
| 592 | if ((i == (int)n) || (type == SSL3_RT_APPLICATION_DATA && | 604 | if ((i == (int)n) || (type == SSL3_RT_APPLICATION_DATA && |
| 593 | (s->mode & SSL_MODE_ENABLE_PARTIAL_WRITE))) { | 605 | (s->mode & SSL_MODE_ENABLE_PARTIAL_WRITE))) { |
| 594 | /* next chunk of data should get another prepended empty fragment | 606 | /* |
| 595 | * in ciphersuites with known-IV weakness: */ | 607 | * Next chunk of data should get another prepended |
| 608 | * empty fragment in ciphersuites with known-IV | ||
| 609 | * weakness. | ||
| 610 | */ | ||
| 596 | s->s3->empty_fragment_done = 0; | 611 | s->s3->empty_fragment_done = 0; |
| 597 | 612 | ||
| 598 | return tot + i; | 613 | return tot + i; |
| @@ -653,12 +668,17 @@ do_ssl3_write(SSL *s, int type, const unsigned char *buf, | |||
| 653 | goto err; | 668 | goto err; |
| 654 | } | 669 | } |
| 655 | 670 | ||
| 656 | /* 'create_empty_fragment' is true only when this function calls itself */ | 671 | /* |
| 672 | * 'create_empty_fragment' is true only when this function calls | ||
| 673 | * itself. | ||
| 674 | */ | ||
| 657 | if (!clear && !create_empty_fragment && !s->s3->empty_fragment_done) { | 675 | if (!clear && !create_empty_fragment && !s->s3->empty_fragment_done) { |
| 658 | /* countermeasure against known-IV weakness in CBC ciphersuites | 676 | /* |
| 659 | * (see http://www.openssl.org/~bodo/tls-cbc.txt) */ | 677 | * Countermeasure against known-IV weakness in CBC ciphersuites |
| 660 | 678 | * (see http://www.openssl.org/~bodo/tls-cbc.txt) | |
| 661 | if (s->s3->need_empty_fragments && type == SSL3_RT_APPLICATION_DATA) { | 679 | */ |
| 680 | if (s->s3->need_empty_fragments && | ||
| 681 | type == SSL3_RT_APPLICATION_DATA) { | ||
| 662 | /* recursive function call with 'create_empty_fragment' set; | 682 | /* recursive function call with 'create_empty_fragment' set; |
| 663 | * this prepares and buffers the data for an empty fragment | 683 | * this prepares and buffers the data for an empty fragment |
| 664 | * (these 'prefix_len' bytes are sent out later | 684 | * (these 'prefix_len' bytes are sent out later |
| @@ -670,7 +690,8 @@ do_ssl3_write(SSL *s, int type, const unsigned char *buf, | |||
| 670 | if (prefix_len > | 690 | if (prefix_len > |
| 671 | (SSL3_RT_HEADER_LENGTH + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD)) { | 691 | (SSL3_RT_HEADER_LENGTH + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD)) { |
| 672 | /* insufficient space */ | 692 | /* insufficient space */ |
| 673 | SSLerr(SSL_F_DO_SSL3_WRITE, ERR_R_INTERNAL_ERROR); | 693 | SSLerr(SSL_F_DO_SSL3_WRITE, |
| 694 | ERR_R_INTERNAL_ERROR); | ||
| 674 | goto err; | 695 | goto err; |
| 675 | } | 696 | } |
| 676 | } | 697 | } |
| @@ -758,7 +779,8 @@ do_ssl3_write(SSL *s, int type, const unsigned char *buf, | |||
| 758 | * wr->data still points in the wb->buf */ | 779 | * wr->data still points in the wb->buf */ |
| 759 | 780 | ||
| 760 | if (mac_size != 0) { | 781 | if (mac_size != 0) { |
| 761 | if (s->method->ssl3_enc->mac(s, &(p[wr->length + eivlen]), 1) < 0) | 782 | if (s->method->ssl3_enc->mac(s, |
| 783 | &(p[wr->length + eivlen]), 1) < 0) | ||
| 762 | goto err; | 784 | goto err; |
| 763 | wr->length += mac_size; | 785 | wr->length += mac_size; |
| 764 | } | 786 | } |
| @@ -810,8 +832,7 @@ err: | |||
| 810 | 832 | ||
| 811 | /* if s->s3->wbuf.left != 0, we need to call this */ | 833 | /* if s->s3->wbuf.left != 0, we need to call this */ |
| 812 | int | 834 | int |
| 813 | ssl3_write_pending(SSL *s, int type, const unsigned char *buf, | 835 | ssl3_write_pending(SSL *s, int type, const unsigned char *buf, unsigned int len) |
| 814 | unsigned int len) | ||
| 815 | { | 836 | { |
| 816 | int i; | 837 | int i; |
| 817 | SSL3_BUFFER *wb = &(s->s3->wbuf); | 838 | SSL3_BUFFER *wb = &(s->s3->wbuf); |
| @@ -901,14 +922,15 @@ ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) | |||
| 901 | return -1; | 922 | return -1; |
| 902 | } | 923 | } |
| 903 | 924 | ||
| 904 | if ((type && | 925 | if ((type && type != SSL3_RT_APPLICATION_DATA && |
| 905 | type != SSL3_RT_APPLICATION_DATA && type != SSL3_RT_HANDSHAKE) || | 926 | type != SSL3_RT_HANDSHAKE) || |
| 906 | (peek && (type != SSL3_RT_APPLICATION_DATA))) { | 927 | (peek && (type != SSL3_RT_APPLICATION_DATA))) { |
| 907 | SSLerr(SSL_F_SSL3_READ_BYTES, ERR_R_INTERNAL_ERROR); | 928 | SSLerr(SSL_F_SSL3_READ_BYTES, ERR_R_INTERNAL_ERROR); |
| 908 | return -1; | 929 | return -1; |
| 909 | } | 930 | } |
| 910 | 931 | ||
| 911 | if ((type == SSL3_RT_HANDSHAKE) && (s->s3->handshake_fragment_len > 0)) { | 932 | if ((type == SSL3_RT_HANDSHAKE) && |
| 933 | (s->s3->handshake_fragment_len > 0)) { | ||
| 912 | /* (partially) satisfy request from storage */ | 934 | /* (partially) satisfy request from storage */ |
| 913 | unsigned char *src = s->s3->handshake_fragment; | 935 | unsigned char *src = s->s3->handshake_fragment; |
| 914 | unsigned char *dst = buf; | 936 | unsigned char *dst = buf; |
| @@ -928,15 +950,18 @@ ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) | |||
| 928 | return n; | 950 | return n; |
| 929 | } | 951 | } |
| 930 | 952 | ||
| 931 | /* Now s->s3->handshake_fragment_len == 0 if type == SSL3_RT_HANDSHAKE. */ | 953 | /* |
| 932 | 954 | * Now s->s3->handshake_fragment_len == 0 if | |
| 955 | * type == SSL3_RT_HANDSHAKE. | ||
| 956 | */ | ||
| 933 | if (!s->in_handshake && SSL_in_init(s)) { | 957 | if (!s->in_handshake && SSL_in_init(s)) { |
| 934 | /* type == SSL3_RT_APPLICATION_DATA */ | 958 | /* type == SSL3_RT_APPLICATION_DATA */ |
| 935 | i = s->handshake_func(s); | 959 | i = s->handshake_func(s); |
| 936 | if (i < 0) | 960 | if (i < 0) |
| 937 | return (i); | 961 | return (i); |
| 938 | if (i == 0) { | 962 | if (i == 0) { |
| 939 | SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE); | 963 | SSLerr(SSL_F_SSL3_READ_BYTES, |
| 964 | SSL_R_SSL_HANDSHAKE_FAILURE); | ||
| 940 | return (-1); | 965 | return (-1); |
| 941 | } | 966 | } |
| 942 | } | 967 | } |
| @@ -964,7 +989,8 @@ start: | |||
| 964 | * reset by ssl3_get_finished */ | 989 | * reset by ssl3_get_finished */ |
| 965 | && (rr->type != SSL3_RT_HANDSHAKE)) { | 990 | && (rr->type != SSL3_RT_HANDSHAKE)) { |
| 966 | al = SSL_AD_UNEXPECTED_MESSAGE; | 991 | al = SSL_AD_UNEXPECTED_MESSAGE; |
| 967 | SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_DATA_BETWEEN_CCS_AND_FINISHED); | 992 | SSLerr(SSL_F_SSL3_READ_BYTES, |
| 993 | SSL_R_DATA_BETWEEN_CCS_AND_FINISHED); | ||
| 968 | goto f_err; | 994 | goto f_err; |
| 969 | } | 995 | } |
| 970 | 996 | ||
| @@ -977,13 +1003,15 @@ start: | |||
| 977 | } | 1003 | } |
| 978 | 1004 | ||
| 979 | 1005 | ||
| 980 | if (type == rr->type) { /* SSL3_RT_APPLICATION_DATA or SSL3_RT_HANDSHAKE */ | 1006 | /* SSL3_RT_APPLICATION_DATA or SSL3_RT_HANDSHAKE */ |
| 1007 | if (type == rr->type) { | ||
| 981 | /* make sure that we are not getting application data when we | 1008 | /* make sure that we are not getting application data when we |
| 982 | * are doing a handshake for the first time */ | 1009 | * are doing a handshake for the first time */ |
| 983 | if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) && | 1010 | if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) && |
| 984 | (s->enc_read_ctx == NULL)) { | 1011 | (s->enc_read_ctx == NULL)) { |
| 985 | al = SSL_AD_UNEXPECTED_MESSAGE; | 1012 | al = SSL_AD_UNEXPECTED_MESSAGE; |
| 986 | SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_APP_DATA_IN_HANDSHAKE); | 1013 | SSLerr(SSL_F_SSL3_READ_BYTES, |
| 1014 | SSL_R_APP_DATA_IN_HANDSHAKE); | ||
| 987 | goto f_err; | 1015 | goto f_err; |
| 988 | } | 1016 | } |
| 989 | 1017 | ||
| @@ -1034,7 +1062,8 @@ start: | |||
| 1034 | dest_len = &s->s3->alert_fragment_len; | 1062 | dest_len = &s->s3->alert_fragment_len; |
| 1035 | } | 1063 | } |
| 1036 | if (dest_maxlen > 0) { | 1064 | if (dest_maxlen > 0) { |
| 1037 | n = dest_maxlen - *dest_len; /* available space in 'dest' */ | 1065 | /* available space in 'dest' */ |
| 1066 | n = dest_maxlen - *dest_len; | ||
| 1038 | if (rr->length < n) | 1067 | if (rr->length < n) |
| 1039 | n = rr->length; /* available bytes */ | 1068 | n = rr->length; /* available bytes */ |
| 1040 | 1069 | ||
| @@ -1069,7 +1098,8 @@ start: | |||
| 1069 | 1098 | ||
| 1070 | if (s->msg_callback) | 1099 | if (s->msg_callback) |
| 1071 | s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, | 1100 | s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, |
| 1072 | s->s3->handshake_fragment, 4, s, s->msg_callback_arg); | 1101 | s->s3->handshake_fragment, 4, s, |
| 1102 | s->msg_callback_arg); | ||
| 1073 | 1103 | ||
| 1074 | if (SSL_is_init_finished(s) && | 1104 | if (SSL_is_init_finished(s) && |
| 1075 | !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) && | 1105 | !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) && |
| @@ -1080,7 +1110,8 @@ start: | |||
| 1080 | if (i < 0) | 1110 | if (i < 0) |
| 1081 | return (i); | 1111 | return (i); |
| 1082 | if (i == 0) { | 1112 | if (i == 0) { |
| 1083 | SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE); | 1113 | SSLerr(SSL_F_SSL3_READ_BYTES, |
| 1114 | SSL_R_SSL_HANDSHAKE_FAILURE); | ||
| 1084 | return (-1); | 1115 | return (-1); |
| 1085 | } | 1116 | } |
| 1086 | 1117 | ||
| @@ -1159,7 +1190,8 @@ start: | |||
| 1159 | */ | 1190 | */ |
| 1160 | else if (alert_descr == SSL_AD_NO_RENEGOTIATION) { | 1191 | else if (alert_descr == SSL_AD_NO_RENEGOTIATION) { |
| 1161 | al = SSL_AD_HANDSHAKE_FAILURE; | 1192 | al = SSL_AD_HANDSHAKE_FAILURE; |
| 1162 | SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_NO_RENEGOTIATION); | 1193 | SSLerr(SSL_F_SSL3_READ_BYTES, |
| 1194 | SSL_R_NO_RENEGOTIATION); | ||
| 1163 | goto f_err; | 1195 | goto f_err; |
| 1164 | } | 1196 | } |
| 1165 | #ifdef SSL_AD_MISSING_SRP_USERNAME | 1197 | #ifdef SSL_AD_MISSING_SRP_USERNAME |
| @@ -1170,10 +1202,11 @@ start: | |||
| 1170 | /* fatal */ | 1202 | /* fatal */ |
| 1171 | s->rwstate = SSL_NOTHING; | 1203 | s->rwstate = SSL_NOTHING; |
| 1172 | s->s3->fatal_alert = alert_descr; | 1204 | s->s3->fatal_alert = alert_descr; |
| 1173 | SSLerr(SSL_F_SSL3_READ_BYTES, SSL_AD_REASON_OFFSET + alert_descr); | 1205 | SSLerr(SSL_F_SSL3_READ_BYTES, |
| 1206 | SSL_AD_REASON_OFFSET + alert_descr); | ||
| 1174 | ERR_asprintf_error_data("SSL alert number %d", | 1207 | ERR_asprintf_error_data("SSL alert number %d", |
| 1175 | alert_descr); | 1208 | alert_descr); |
| 1176 | s->shutdown|=SSL_RECEIVED_SHUTDOWN; | 1209 | s->shutdown |= SSL_RECEIVED_SHUTDOWN; |
| 1177 | SSL_CTX_remove_session(s->ctx, s->session); | 1210 | SSL_CTX_remove_session(s->ctx, s->session); |
| 1178 | return (0); | 1211 | return (0); |
| 1179 | } else { | 1212 | } else { |
| @@ -1198,21 +1231,24 @@ start: | |||
| 1198 | if ((rr->length != 1) || (rr->off != 0) || | 1231 | if ((rr->length != 1) || (rr->off != 0) || |
| 1199 | (rr->data[0] != SSL3_MT_CCS)) { | 1232 | (rr->data[0] != SSL3_MT_CCS)) { |
| 1200 | al = SSL_AD_ILLEGAL_PARAMETER; | 1233 | al = SSL_AD_ILLEGAL_PARAMETER; |
| 1201 | SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_BAD_CHANGE_CIPHER_SPEC); | 1234 | SSLerr(SSL_F_SSL3_READ_BYTES, |
| 1235 | SSL_R_BAD_CHANGE_CIPHER_SPEC); | ||
| 1202 | goto f_err; | 1236 | goto f_err; |
| 1203 | } | 1237 | } |
| 1204 | 1238 | ||
| 1205 | /* Check we have a cipher to change to */ | 1239 | /* Check we have a cipher to change to */ |
| 1206 | if (s->s3->tmp.new_cipher == NULL) { | 1240 | if (s->s3->tmp.new_cipher == NULL) { |
| 1207 | al = SSL_AD_UNEXPECTED_MESSAGE; | 1241 | al = SSL_AD_UNEXPECTED_MESSAGE; |
| 1208 | SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_CCS_RECEIVED_EARLY); | 1242 | SSLerr(SSL_F_SSL3_READ_BYTES, |
| 1243 | SSL_R_CCS_RECEIVED_EARLY); | ||
| 1209 | goto f_err; | 1244 | goto f_err; |
| 1210 | } | 1245 | } |
| 1211 | 1246 | ||
| 1212 | /* Check that we should be receiving a Change Cipher Spec. */ | 1247 | /* Check that we should be receiving a Change Cipher Spec. */ |
| 1213 | if (!(s->s3->flags & SSL3_FLAGS_CCS_OK)) { | 1248 | if (!(s->s3->flags & SSL3_FLAGS_CCS_OK)) { |
| 1214 | al = SSL_AD_UNEXPECTED_MESSAGE; | 1249 | al = SSL_AD_UNEXPECTED_MESSAGE; |
| 1215 | SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_CCS_RECEIVED_EARLY); | 1250 | SSLerr(SSL_F_SSL3_READ_BYTES, |
| 1251 | SSL_R_CCS_RECEIVED_EARLY); | ||
| 1216 | goto f_err; | 1252 | goto f_err; |
| 1217 | } | 1253 | } |
| 1218 | s->s3->flags &= ~SSL3_FLAGS_CCS_OK; | 1254 | s->s3->flags &= ~SSL3_FLAGS_CCS_OK; |
| @@ -1244,7 +1280,8 @@ start: | |||
| 1244 | if (i < 0) | 1280 | if (i < 0) |
| 1245 | return (i); | 1281 | return (i); |
| 1246 | if (i == 0) { | 1282 | if (i == 0) { |
| 1247 | SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE); | 1283 | SSLerr(SSL_F_SSL3_READ_BYTES, |
| 1284 | SSL_R_SSL_HANDSHAKE_FAILURE); | ||
| 1248 | return (-1); | 1285 | return (-1); |
| 1249 | } | 1286 | } |
| 1250 | 1287 | ||
| @@ -1268,10 +1305,12 @@ start: | |||
| 1268 | switch (rr->type) { | 1305 | switch (rr->type) { |
| 1269 | default: | 1306 | default: |
| 1270 | #ifndef OPENSSL_NO_TLS | 1307 | #ifndef OPENSSL_NO_TLS |
| 1271 | /* TLS up to v1.1 just ignores unknown message types: | 1308 | /* |
| 1309 | * TLS up to v1.1 just ignores unknown message types: | ||
| 1272 | * TLS v1.2 give an unexpected message alert. | 1310 | * TLS v1.2 give an unexpected message alert. |
| 1273 | */ | 1311 | */ |
| 1274 | if (s->version >= TLS1_VERSION && s->version <= TLS1_1_VERSION) { | 1312 | if (s->version >= TLS1_VERSION && |
| 1313 | s->version <= TLS1_1_VERSION) { | ||
| 1275 | rr->length = 0; | 1314 | rr->length = 0; |
| 1276 | goto start; | 1315 | goto start; |
| 1277 | } | 1316 | } |
| @@ -1298,16 +1337,12 @@ start: | |||
| 1298 | */ | 1337 | */ |
| 1299 | if (s->s3->in_read_app_data && | 1338 | if (s->s3->in_read_app_data && |
| 1300 | (s->s3->total_renegotiations != 0) && | 1339 | (s->s3->total_renegotiations != 0) && |
| 1301 | (( | 1340 | (((s->state & SSL_ST_CONNECT) && |
| 1302 | (s->state & SSL_ST_CONNECT) && | ||
| 1303 | (s->state >= SSL3_ST_CW_CLNT_HELLO_A) && | 1341 | (s->state >= SSL3_ST_CW_CLNT_HELLO_A) && |
| 1304 | (s->state <= SSL3_ST_CR_SRVR_HELLO_A) | 1342 | (s->state <= SSL3_ST_CR_SRVR_HELLO_A)) || |
| 1305 | ) || ( | 1343 | ((s->state & SSL_ST_ACCEPT) && |
| 1306 | (s->state & SSL_ST_ACCEPT) && | ||
| 1307 | (s->state <= SSL3_ST_SW_HELLO_REQ_A) && | 1344 | (s->state <= SSL3_ST_SW_HELLO_REQ_A) && |
| 1308 | (s->state >= SSL3_ST_SR_CLNT_HELLO_A) | 1345 | (s->state >= SSL3_ST_SR_CLNT_HELLO_A)))) { |
| 1309 | ) | ||
| 1310 | )) { | ||
| 1311 | s->s3->in_read_app_data = 2; | 1346 | s->s3->in_read_app_data = 2; |
| 1312 | return (-1); | 1347 | return (-1); |
| 1313 | } else { | 1348 | } else { |
| @@ -1363,8 +1398,8 @@ ssl3_do_change_cipher_spec(SSL *s) | |||
| 1363 | slen = s->method->ssl3_enc->client_finished_label_len; | 1398 | slen = s->method->ssl3_enc->client_finished_label_len; |
| 1364 | } | 1399 | } |
| 1365 | 1400 | ||
| 1366 | i = s->method->ssl3_enc->final_finish_mac(s, | 1401 | i = s->method->ssl3_enc->final_finish_mac(s, sender, slen, |
| 1367 | sender, slen, s->s3->tmp.peer_finish_md); | 1402 | s->s3->tmp.peer_finish_md); |
| 1368 | if (i == 0) { | 1403 | if (i == 0) { |
| 1369 | SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC, ERR_R_INTERNAL_ERROR); | 1404 | SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC, ERR_R_INTERNAL_ERROR); |
| 1370 | return 0; | 1405 | return 0; |
diff --git a/src/lib/libssl/src/ssl/s3_pkt.c b/src/lib/libssl/src/ssl/s3_pkt.c index 942ab37b95..e19aba5580 100644 --- a/src/lib/libssl/src/ssl/s3_pkt.c +++ b/src/lib/libssl/src/ssl/s3_pkt.c | |||
| @@ -245,9 +245,12 @@ ssl3_read_n(SSL *s, int n, int max, int extend) | |||
| 245 | return (i); | 245 | return (i); |
| 246 | } | 246 | } |
| 247 | left += i; | 247 | left += i; |
| 248 | /* reads should *never* span multiple packets for DTLS because | 248 | |
| 249 | * the underlying transport protocol is message oriented as opposed | 249 | /* |
| 250 | * to byte oriented as in the TLS case. */ | 250 | * reads should *never* span multiple packets for DTLS because |
| 251 | * the underlying transport protocol is message oriented as | ||
| 252 | * opposed to byte oriented as in the TLS case. | ||
| 253 | */ | ||
| 251 | if (SSL_IS_DTLS(s)) { | 254 | if (SSL_IS_DTLS(s)) { |
| 252 | if (n > left) | 255 | if (n > left) |
| 253 | n = left; /* makes the while condition false */ | 256 | n = left; /* makes the while condition false */ |
| @@ -332,13 +335,15 @@ again: | |||
| 332 | } | 335 | } |
| 333 | 336 | ||
| 334 | if ((version >> 8) != SSL3_VERSION_MAJOR) { | 337 | if ((version >> 8) != SSL3_VERSION_MAJOR) { |
| 335 | SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_WRONG_VERSION_NUMBER); | 338 | SSLerr(SSL_F_SSL3_GET_RECORD, |
| 339 | SSL_R_WRONG_VERSION_NUMBER); | ||
| 336 | goto err; | 340 | goto err; |
| 337 | } | 341 | } |
| 338 | 342 | ||
| 339 | if (rr->length > s->s3->rbuf.len - SSL3_RT_HEADER_LENGTH) { | 343 | if (rr->length > s->s3->rbuf.len - SSL3_RT_HEADER_LENGTH) { |
| 340 | al = SSL_AD_RECORD_OVERFLOW; | 344 | al = SSL_AD_RECORD_OVERFLOW; |
| 341 | SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_PACKET_LENGTH_TOO_LONG); | 345 | SSLerr(SSL_F_SSL3_GET_RECORD, |
| 346 | SSL_R_PACKET_LENGTH_TOO_LONG); | ||
| 342 | goto f_err; | 347 | goto f_err; |
| 343 | } | 348 | } |
| 344 | 349 | ||
| @@ -444,18 +449,23 @@ again: | |||
| 444 | if (i < 0 || mac == NULL || | 449 | if (i < 0 || mac == NULL || |
| 445 | CRYPTO_memcmp(md, mac, (size_t)mac_size) != 0) | 450 | CRYPTO_memcmp(md, mac, (size_t)mac_size) != 0) |
| 446 | enc_err = -1; | 451 | enc_err = -1; |
| 447 | if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH + extra + mac_size) | 452 | if (rr->length > |
| 453 | SSL3_RT_MAX_COMPRESSED_LENGTH + extra + mac_size) | ||
| 448 | enc_err = -1; | 454 | enc_err = -1; |
| 449 | } | 455 | } |
| 450 | 456 | ||
| 451 | if (enc_err < 0) { | 457 | if (enc_err < 0) { |
| 452 | /* A separate 'decryption_failed' alert was introduced with TLS 1.0, | 458 | /* |
| 453 | * SSL 3.0 only has 'bad_record_mac'. But unless a decryption | 459 | * A separate 'decryption_failed' alert was introduced with |
| 454 | * failure is directly visible from the ciphertext anyway, | 460 | * TLS 1.0, SSL 3.0 only has 'bad_record_mac'. But unless a |
| 455 | * we should not reveal which kind of error occured -- this | 461 | * decryption failure is directly visible from the ciphertext |
| 456 | * might become visible to an attacker (e.g. via a logfile) */ | 462 | * anyway, we should not reveal which kind of error |
| 463 | * occurred -- this might become visible to an attacker | ||
| 464 | * (e.g. via a logfile) | ||
| 465 | */ | ||
| 457 | al = SSL_AD_BAD_RECORD_MAC; | 466 | al = SSL_AD_BAD_RECORD_MAC; |
| 458 | SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC); | 467 | SSLerr(SSL_F_SSL3_GET_RECORD, |
| 468 | SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC); | ||
| 459 | goto f_err; | 469 | goto f_err; |
| 460 | } | 470 | } |
| 461 | 471 | ||
| @@ -463,7 +473,8 @@ again: | |||
| 463 | if (s->expand != NULL) { | 473 | if (s->expand != NULL) { |
| 464 | if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH + extra) { | 474 | if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH + extra) { |
| 465 | al = SSL_AD_RECORD_OVERFLOW; | 475 | al = SSL_AD_RECORD_OVERFLOW; |
| 466 | SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_COMPRESSED_LENGTH_TOO_LONG); | 476 | SSLerr(SSL_F_SSL3_GET_RECORD, |
| 477 | SSL_R_COMPRESSED_LENGTH_TOO_LONG); | ||
| 467 | goto f_err; | 478 | goto f_err; |
| 468 | } | 479 | } |
| 469 | if (!ssl3_do_uncompress(s)) { | 480 | if (!ssl3_do_uncompress(s)) { |
| @@ -569,7 +580,8 @@ ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) | |||
| 569 | if (i < 0) | 580 | if (i < 0) |
| 570 | return (i); | 581 | return (i); |
| 571 | if (i == 0) { | 582 | if (i == 0) { |
| 572 | SSLerr(SSL_F_SSL3_WRITE_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE); | 583 | SSLerr(SSL_F_SSL3_WRITE_BYTES, |
| 584 | SSL_R_SSL_HANDSHAKE_FAILURE); | ||
| 573 | return -1; | 585 | return -1; |
| 574 | } | 586 | } |
| 575 | } | 587 | } |
| @@ -591,8 +603,11 @@ ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) | |||
| 591 | 603 | ||
| 592 | if ((i == (int)n) || (type == SSL3_RT_APPLICATION_DATA && | 604 | if ((i == (int)n) || (type == SSL3_RT_APPLICATION_DATA && |
| 593 | (s->mode & SSL_MODE_ENABLE_PARTIAL_WRITE))) { | 605 | (s->mode & SSL_MODE_ENABLE_PARTIAL_WRITE))) { |
| 594 | /* next chunk of data should get another prepended empty fragment | 606 | /* |
| 595 | * in ciphersuites with known-IV weakness: */ | 607 | * Next chunk of data should get another prepended |
| 608 | * empty fragment in ciphersuites with known-IV | ||
| 609 | * weakness. | ||
| 610 | */ | ||
| 596 | s->s3->empty_fragment_done = 0; | 611 | s->s3->empty_fragment_done = 0; |
| 597 | 612 | ||
| 598 | return tot + i; | 613 | return tot + i; |
| @@ -653,12 +668,17 @@ do_ssl3_write(SSL *s, int type, const unsigned char *buf, | |||
| 653 | goto err; | 668 | goto err; |
| 654 | } | 669 | } |
| 655 | 670 | ||
| 656 | /* 'create_empty_fragment' is true only when this function calls itself */ | 671 | /* |
| 672 | * 'create_empty_fragment' is true only when this function calls | ||
| 673 | * itself. | ||
| 674 | */ | ||
| 657 | if (!clear && !create_empty_fragment && !s->s3->empty_fragment_done) { | 675 | if (!clear && !create_empty_fragment && !s->s3->empty_fragment_done) { |
| 658 | /* countermeasure against known-IV weakness in CBC ciphersuites | 676 | /* |
| 659 | * (see http://www.openssl.org/~bodo/tls-cbc.txt) */ | 677 | * Countermeasure against known-IV weakness in CBC ciphersuites |
| 660 | 678 | * (see http://www.openssl.org/~bodo/tls-cbc.txt) | |
| 661 | if (s->s3->need_empty_fragments && type == SSL3_RT_APPLICATION_DATA) { | 679 | */ |
| 680 | if (s->s3->need_empty_fragments && | ||
| 681 | type == SSL3_RT_APPLICATION_DATA) { | ||
| 662 | /* recursive function call with 'create_empty_fragment' set; | 682 | /* recursive function call with 'create_empty_fragment' set; |
| 663 | * this prepares and buffers the data for an empty fragment | 683 | * this prepares and buffers the data for an empty fragment |
| 664 | * (these 'prefix_len' bytes are sent out later | 684 | * (these 'prefix_len' bytes are sent out later |
| @@ -670,7 +690,8 @@ do_ssl3_write(SSL *s, int type, const unsigned char *buf, | |||
| 670 | if (prefix_len > | 690 | if (prefix_len > |
| 671 | (SSL3_RT_HEADER_LENGTH + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD)) { | 691 | (SSL3_RT_HEADER_LENGTH + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD)) { |
| 672 | /* insufficient space */ | 692 | /* insufficient space */ |
| 673 | SSLerr(SSL_F_DO_SSL3_WRITE, ERR_R_INTERNAL_ERROR); | 693 | SSLerr(SSL_F_DO_SSL3_WRITE, |
| 694 | ERR_R_INTERNAL_ERROR); | ||
| 674 | goto err; | 695 | goto err; |
| 675 | } | 696 | } |
| 676 | } | 697 | } |
| @@ -758,7 +779,8 @@ do_ssl3_write(SSL *s, int type, const unsigned char *buf, | |||
| 758 | * wr->data still points in the wb->buf */ | 779 | * wr->data still points in the wb->buf */ |
| 759 | 780 | ||
| 760 | if (mac_size != 0) { | 781 | if (mac_size != 0) { |
| 761 | if (s->method->ssl3_enc->mac(s, &(p[wr->length + eivlen]), 1) < 0) | 782 | if (s->method->ssl3_enc->mac(s, |
| 783 | &(p[wr->length + eivlen]), 1) < 0) | ||
| 762 | goto err; | 784 | goto err; |
| 763 | wr->length += mac_size; | 785 | wr->length += mac_size; |
| 764 | } | 786 | } |
| @@ -810,8 +832,7 @@ err: | |||
| 810 | 832 | ||
| 811 | /* if s->s3->wbuf.left != 0, we need to call this */ | 833 | /* if s->s3->wbuf.left != 0, we need to call this */ |
| 812 | int | 834 | int |
| 813 | ssl3_write_pending(SSL *s, int type, const unsigned char *buf, | 835 | ssl3_write_pending(SSL *s, int type, const unsigned char *buf, unsigned int len) |
| 814 | unsigned int len) | ||
| 815 | { | 836 | { |
| 816 | int i; | 837 | int i; |
| 817 | SSL3_BUFFER *wb = &(s->s3->wbuf); | 838 | SSL3_BUFFER *wb = &(s->s3->wbuf); |
| @@ -901,14 +922,15 @@ ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) | |||
| 901 | return -1; | 922 | return -1; |
| 902 | } | 923 | } |
| 903 | 924 | ||
| 904 | if ((type && | 925 | if ((type && type != SSL3_RT_APPLICATION_DATA && |
| 905 | type != SSL3_RT_APPLICATION_DATA && type != SSL3_RT_HANDSHAKE) || | 926 | type != SSL3_RT_HANDSHAKE) || |
| 906 | (peek && (type != SSL3_RT_APPLICATION_DATA))) { | 927 | (peek && (type != SSL3_RT_APPLICATION_DATA))) { |
| 907 | SSLerr(SSL_F_SSL3_READ_BYTES, ERR_R_INTERNAL_ERROR); | 928 | SSLerr(SSL_F_SSL3_READ_BYTES, ERR_R_INTERNAL_ERROR); |
| 908 | return -1; | 929 | return -1; |
| 909 | } | 930 | } |
| 910 | 931 | ||
| 911 | if ((type == SSL3_RT_HANDSHAKE) && (s->s3->handshake_fragment_len > 0)) { | 932 | if ((type == SSL3_RT_HANDSHAKE) && |
| 933 | (s->s3->handshake_fragment_len > 0)) { | ||
| 912 | /* (partially) satisfy request from storage */ | 934 | /* (partially) satisfy request from storage */ |
| 913 | unsigned char *src = s->s3->handshake_fragment; | 935 | unsigned char *src = s->s3->handshake_fragment; |
| 914 | unsigned char *dst = buf; | 936 | unsigned char *dst = buf; |
| @@ -928,15 +950,18 @@ ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) | |||
| 928 | return n; | 950 | return n; |
| 929 | } | 951 | } |
| 930 | 952 | ||
| 931 | /* Now s->s3->handshake_fragment_len == 0 if type == SSL3_RT_HANDSHAKE. */ | 953 | /* |
| 932 | 954 | * Now s->s3->handshake_fragment_len == 0 if | |
| 955 | * type == SSL3_RT_HANDSHAKE. | ||
| 956 | */ | ||
| 933 | if (!s->in_handshake && SSL_in_init(s)) { | 957 | if (!s->in_handshake && SSL_in_init(s)) { |
| 934 | /* type == SSL3_RT_APPLICATION_DATA */ | 958 | /* type == SSL3_RT_APPLICATION_DATA */ |
| 935 | i = s->handshake_func(s); | 959 | i = s->handshake_func(s); |
| 936 | if (i < 0) | 960 | if (i < 0) |
| 937 | return (i); | 961 | return (i); |
| 938 | if (i == 0) { | 962 | if (i == 0) { |
| 939 | SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE); | 963 | SSLerr(SSL_F_SSL3_READ_BYTES, |
| 964 | SSL_R_SSL_HANDSHAKE_FAILURE); | ||
| 940 | return (-1); | 965 | return (-1); |
| 941 | } | 966 | } |
| 942 | } | 967 | } |
| @@ -964,7 +989,8 @@ start: | |||
| 964 | * reset by ssl3_get_finished */ | 989 | * reset by ssl3_get_finished */ |
| 965 | && (rr->type != SSL3_RT_HANDSHAKE)) { | 990 | && (rr->type != SSL3_RT_HANDSHAKE)) { |
| 966 | al = SSL_AD_UNEXPECTED_MESSAGE; | 991 | al = SSL_AD_UNEXPECTED_MESSAGE; |
| 967 | SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_DATA_BETWEEN_CCS_AND_FINISHED); | 992 | SSLerr(SSL_F_SSL3_READ_BYTES, |
| 993 | SSL_R_DATA_BETWEEN_CCS_AND_FINISHED); | ||
| 968 | goto f_err; | 994 | goto f_err; |
| 969 | } | 995 | } |
| 970 | 996 | ||
| @@ -977,13 +1003,15 @@ start: | |||
| 977 | } | 1003 | } |
| 978 | 1004 | ||
| 979 | 1005 | ||
| 980 | if (type == rr->type) { /* SSL3_RT_APPLICATION_DATA or SSL3_RT_HANDSHAKE */ | 1006 | /* SSL3_RT_APPLICATION_DATA or SSL3_RT_HANDSHAKE */ |
| 1007 | if (type == rr->type) { | ||
| 981 | /* make sure that we are not getting application data when we | 1008 | /* make sure that we are not getting application data when we |
| 982 | * are doing a handshake for the first time */ | 1009 | * are doing a handshake for the first time */ |
| 983 | if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) && | 1010 | if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) && |
| 984 | (s->enc_read_ctx == NULL)) { | 1011 | (s->enc_read_ctx == NULL)) { |
| 985 | al = SSL_AD_UNEXPECTED_MESSAGE; | 1012 | al = SSL_AD_UNEXPECTED_MESSAGE; |
| 986 | SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_APP_DATA_IN_HANDSHAKE); | 1013 | SSLerr(SSL_F_SSL3_READ_BYTES, |
| 1014 | SSL_R_APP_DATA_IN_HANDSHAKE); | ||
| 987 | goto f_err; | 1015 | goto f_err; |
| 988 | } | 1016 | } |
| 989 | 1017 | ||
| @@ -1034,7 +1062,8 @@ start: | |||
| 1034 | dest_len = &s->s3->alert_fragment_len; | 1062 | dest_len = &s->s3->alert_fragment_len; |
| 1035 | } | 1063 | } |
| 1036 | if (dest_maxlen > 0) { | 1064 | if (dest_maxlen > 0) { |
| 1037 | n = dest_maxlen - *dest_len; /* available space in 'dest' */ | 1065 | /* available space in 'dest' */ |
| 1066 | n = dest_maxlen - *dest_len; | ||
| 1038 | if (rr->length < n) | 1067 | if (rr->length < n) |
| 1039 | n = rr->length; /* available bytes */ | 1068 | n = rr->length; /* available bytes */ |
| 1040 | 1069 | ||
| @@ -1069,7 +1098,8 @@ start: | |||
| 1069 | 1098 | ||
| 1070 | if (s->msg_callback) | 1099 | if (s->msg_callback) |
| 1071 | s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, | 1100 | s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, |
| 1072 | s->s3->handshake_fragment, 4, s, s->msg_callback_arg); | 1101 | s->s3->handshake_fragment, 4, s, |
| 1102 | s->msg_callback_arg); | ||
| 1073 | 1103 | ||
| 1074 | if (SSL_is_init_finished(s) && | 1104 | if (SSL_is_init_finished(s) && |
| 1075 | !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) && | 1105 | !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) && |
| @@ -1080,7 +1110,8 @@ start: | |||
| 1080 | if (i < 0) | 1110 | if (i < 0) |
| 1081 | return (i); | 1111 | return (i); |
| 1082 | if (i == 0) { | 1112 | if (i == 0) { |
| 1083 | SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE); | 1113 | SSLerr(SSL_F_SSL3_READ_BYTES, |
| 1114 | SSL_R_SSL_HANDSHAKE_FAILURE); | ||
| 1084 | return (-1); | 1115 | return (-1); |
| 1085 | } | 1116 | } |
| 1086 | 1117 | ||
| @@ -1159,7 +1190,8 @@ start: | |||
| 1159 | */ | 1190 | */ |
| 1160 | else if (alert_descr == SSL_AD_NO_RENEGOTIATION) { | 1191 | else if (alert_descr == SSL_AD_NO_RENEGOTIATION) { |
| 1161 | al = SSL_AD_HANDSHAKE_FAILURE; | 1192 | al = SSL_AD_HANDSHAKE_FAILURE; |
| 1162 | SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_NO_RENEGOTIATION); | 1193 | SSLerr(SSL_F_SSL3_READ_BYTES, |
| 1194 | SSL_R_NO_RENEGOTIATION); | ||
| 1163 | goto f_err; | 1195 | goto f_err; |
| 1164 | } | 1196 | } |
| 1165 | #ifdef SSL_AD_MISSING_SRP_USERNAME | 1197 | #ifdef SSL_AD_MISSING_SRP_USERNAME |
| @@ -1170,10 +1202,11 @@ start: | |||
| 1170 | /* fatal */ | 1202 | /* fatal */ |
| 1171 | s->rwstate = SSL_NOTHING; | 1203 | s->rwstate = SSL_NOTHING; |
| 1172 | s->s3->fatal_alert = alert_descr; | 1204 | s->s3->fatal_alert = alert_descr; |
| 1173 | SSLerr(SSL_F_SSL3_READ_BYTES, SSL_AD_REASON_OFFSET + alert_descr); | 1205 | SSLerr(SSL_F_SSL3_READ_BYTES, |
| 1206 | SSL_AD_REASON_OFFSET + alert_descr); | ||
| 1174 | ERR_asprintf_error_data("SSL alert number %d", | 1207 | ERR_asprintf_error_data("SSL alert number %d", |
| 1175 | alert_descr); | 1208 | alert_descr); |
| 1176 | s->shutdown|=SSL_RECEIVED_SHUTDOWN; | 1209 | s->shutdown |= SSL_RECEIVED_SHUTDOWN; |
| 1177 | SSL_CTX_remove_session(s->ctx, s->session); | 1210 | SSL_CTX_remove_session(s->ctx, s->session); |
| 1178 | return (0); | 1211 | return (0); |
| 1179 | } else { | 1212 | } else { |
| @@ -1198,21 +1231,24 @@ start: | |||
| 1198 | if ((rr->length != 1) || (rr->off != 0) || | 1231 | if ((rr->length != 1) || (rr->off != 0) || |
| 1199 | (rr->data[0] != SSL3_MT_CCS)) { | 1232 | (rr->data[0] != SSL3_MT_CCS)) { |
| 1200 | al = SSL_AD_ILLEGAL_PARAMETER; | 1233 | al = SSL_AD_ILLEGAL_PARAMETER; |
| 1201 | SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_BAD_CHANGE_CIPHER_SPEC); | 1234 | SSLerr(SSL_F_SSL3_READ_BYTES, |
| 1235 | SSL_R_BAD_CHANGE_CIPHER_SPEC); | ||
| 1202 | goto f_err; | 1236 | goto f_err; |
| 1203 | } | 1237 | } |
| 1204 | 1238 | ||
| 1205 | /* Check we have a cipher to change to */ | 1239 | /* Check we have a cipher to change to */ |
| 1206 | if (s->s3->tmp.new_cipher == NULL) { | 1240 | if (s->s3->tmp.new_cipher == NULL) { |
| 1207 | al = SSL_AD_UNEXPECTED_MESSAGE; | 1241 | al = SSL_AD_UNEXPECTED_MESSAGE; |
| 1208 | SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_CCS_RECEIVED_EARLY); | 1242 | SSLerr(SSL_F_SSL3_READ_BYTES, |
| 1243 | SSL_R_CCS_RECEIVED_EARLY); | ||
| 1209 | goto f_err; | 1244 | goto f_err; |
| 1210 | } | 1245 | } |
| 1211 | 1246 | ||
| 1212 | /* Check that we should be receiving a Change Cipher Spec. */ | 1247 | /* Check that we should be receiving a Change Cipher Spec. */ |
| 1213 | if (!(s->s3->flags & SSL3_FLAGS_CCS_OK)) { | 1248 | if (!(s->s3->flags & SSL3_FLAGS_CCS_OK)) { |
| 1214 | al = SSL_AD_UNEXPECTED_MESSAGE; | 1249 | al = SSL_AD_UNEXPECTED_MESSAGE; |
| 1215 | SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_CCS_RECEIVED_EARLY); | 1250 | SSLerr(SSL_F_SSL3_READ_BYTES, |
| 1251 | SSL_R_CCS_RECEIVED_EARLY); | ||
| 1216 | goto f_err; | 1252 | goto f_err; |
| 1217 | } | 1253 | } |
| 1218 | s->s3->flags &= ~SSL3_FLAGS_CCS_OK; | 1254 | s->s3->flags &= ~SSL3_FLAGS_CCS_OK; |
| @@ -1244,7 +1280,8 @@ start: | |||
| 1244 | if (i < 0) | 1280 | if (i < 0) |
| 1245 | return (i); | 1281 | return (i); |
| 1246 | if (i == 0) { | 1282 | if (i == 0) { |
| 1247 | SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE); | 1283 | SSLerr(SSL_F_SSL3_READ_BYTES, |
| 1284 | SSL_R_SSL_HANDSHAKE_FAILURE); | ||
| 1248 | return (-1); | 1285 | return (-1); |
| 1249 | } | 1286 | } |
| 1250 | 1287 | ||
| @@ -1268,10 +1305,12 @@ start: | |||
| 1268 | switch (rr->type) { | 1305 | switch (rr->type) { |
| 1269 | default: | 1306 | default: |
| 1270 | #ifndef OPENSSL_NO_TLS | 1307 | #ifndef OPENSSL_NO_TLS |
| 1271 | /* TLS up to v1.1 just ignores unknown message types: | 1308 | /* |
| 1309 | * TLS up to v1.1 just ignores unknown message types: | ||
| 1272 | * TLS v1.2 give an unexpected message alert. | 1310 | * TLS v1.2 give an unexpected message alert. |
| 1273 | */ | 1311 | */ |
| 1274 | if (s->version >= TLS1_VERSION && s->version <= TLS1_1_VERSION) { | 1312 | if (s->version >= TLS1_VERSION && |
| 1313 | s->version <= TLS1_1_VERSION) { | ||
| 1275 | rr->length = 0; | 1314 | rr->length = 0; |
| 1276 | goto start; | 1315 | goto start; |
| 1277 | } | 1316 | } |
| @@ -1298,16 +1337,12 @@ start: | |||
| 1298 | */ | 1337 | */ |
| 1299 | if (s->s3->in_read_app_data && | 1338 | if (s->s3->in_read_app_data && |
| 1300 | (s->s3->total_renegotiations != 0) && | 1339 | (s->s3->total_renegotiations != 0) && |
| 1301 | (( | 1340 | (((s->state & SSL_ST_CONNECT) && |
| 1302 | (s->state & SSL_ST_CONNECT) && | ||
| 1303 | (s->state >= SSL3_ST_CW_CLNT_HELLO_A) && | 1341 | (s->state >= SSL3_ST_CW_CLNT_HELLO_A) && |
| 1304 | (s->state <= SSL3_ST_CR_SRVR_HELLO_A) | 1342 | (s->state <= SSL3_ST_CR_SRVR_HELLO_A)) || |
| 1305 | ) || ( | 1343 | ((s->state & SSL_ST_ACCEPT) && |
| 1306 | (s->state & SSL_ST_ACCEPT) && | ||
| 1307 | (s->state <= SSL3_ST_SW_HELLO_REQ_A) && | 1344 | (s->state <= SSL3_ST_SW_HELLO_REQ_A) && |
| 1308 | (s->state >= SSL3_ST_SR_CLNT_HELLO_A) | 1345 | (s->state >= SSL3_ST_SR_CLNT_HELLO_A)))) { |
| 1309 | ) | ||
| 1310 | )) { | ||
| 1311 | s->s3->in_read_app_data = 2; | 1346 | s->s3->in_read_app_data = 2; |
| 1312 | return (-1); | 1347 | return (-1); |
| 1313 | } else { | 1348 | } else { |
| @@ -1363,8 +1398,8 @@ ssl3_do_change_cipher_spec(SSL *s) | |||
| 1363 | slen = s->method->ssl3_enc->client_finished_label_len; | 1398 | slen = s->method->ssl3_enc->client_finished_label_len; |
| 1364 | } | 1399 | } |
| 1365 | 1400 | ||
| 1366 | i = s->method->ssl3_enc->final_finish_mac(s, | 1401 | i = s->method->ssl3_enc->final_finish_mac(s, sender, slen, |
| 1367 | sender, slen, s->s3->tmp.peer_finish_md); | 1402 | s->s3->tmp.peer_finish_md); |
| 1368 | if (i == 0) { | 1403 | if (i == 0) { |
| 1369 | SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC, ERR_R_INTERNAL_ERROR); | 1404 | SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC, ERR_R_INTERNAL_ERROR); |
| 1370 | return 0; | 1405 | return 0; |