summaryrefslogtreecommitdiff
path: root/src/lib/libssl/s3_pkt.c
diff options
context:
space:
mode:
authorbeck <>2000-03-19 11:13:58 +0000
committerbeck <>2000-03-19 11:13:58 +0000
commit796d609550df3a33fc11468741c5d2f6d3df4c11 (patch)
tree6c6d539061caa20372dad0ac4ddb1dfae2fbe7fe /src/lib/libssl/s3_pkt.c
parent5be3114c1fd7e0dfea1e38d3abb4cbba75244419 (diff)
downloadopenbsd-796d609550df3a33fc11468741c5d2f6d3df4c11.tar.gz
openbsd-796d609550df3a33fc11468741c5d2f6d3df4c11.tar.bz2
openbsd-796d609550df3a33fc11468741c5d2f6d3df4c11.zip
OpenSSL 0.9.5 merge
*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2 if you are using the ssl26 packages for ssh and other things to work you will need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs
Diffstat (limited to 'src/lib/libssl/s3_pkt.c')
-rw-r--r--src/lib/libssl/s3_pkt.c761
1 files changed, 457 insertions, 304 deletions
diff --git a/src/lib/libssl/s3_pkt.c b/src/lib/libssl/s3_pkt.c
index 7893d03123..eb965310d9 100644
--- a/src/lib/libssl/s3_pkt.c
+++ b/src/lib/libssl/s3_pkt.c
@@ -55,6 +55,59 @@
55 * copied and put under another distribution licence 55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.] 56 * [including the GNU Public Licence.]
57 */ 57 */
58/* ====================================================================
59 * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
58 111
59#include <stdio.h> 112#include <stdio.h>
60#include <errno.h> 113#include <errno.h>
@@ -71,104 +124,98 @@ static int ssl3_get_record(SSL *s);
71static int do_compress(SSL *ssl); 124static int do_compress(SSL *ssl);
72static int do_uncompress(SSL *ssl); 125static int do_uncompress(SSL *ssl);
73static int do_change_cipher_spec(SSL *ssl); 126static int do_change_cipher_spec(SSL *ssl);
127
128/* used only by ssl3_get_record */
74static int ssl3_read_n(SSL *s, int n, int max, int extend) 129static int ssl3_read_n(SSL *s, int n, int max, int extend)
75 { 130 {
131 /* If extend == 0, obtain new n-byte packet; if extend == 1, increase
132 * packet by another n bytes.
133 * The packet will be in the sub-array of s->s3->rbuf.buf specified
134 * by s->packet and s->packet_length.
135 * (If s->read_ahead is set, 'max' bytes may be stored in rbuf
136 * [plus s->packet_length bytes if extend == 1].)
137 */
76 int i,off,newb; 138 int i,off,newb;
77 139
78 /* if there is stuff still in the buffer from a previous read, 140 if (!extend)
79 * and there is more than we want, take some. */ 141 {
142 /* start with empty packet ... */
143 if (s->s3->rbuf.left == 0)
144 s->s3->rbuf.offset = 0;
145 s->packet = s->s3->rbuf.buf + s->s3->rbuf.offset;
146 s->packet_length = 0;
147 /* ... now we can act as if 'extend' was set */
148 }
149
150 /* if there is enough in the buffer from a previous read, take some */
80 if (s->s3->rbuf.left >= (int)n) 151 if (s->s3->rbuf.left >= (int)n)
81 { 152 {
82 if (extend) 153 s->packet_length+=n;
83 s->packet_length+=n;
84 else
85 {
86 s->packet= &(s->s3->rbuf.buf[s->s3->rbuf.offset]);
87 s->packet_length=n;
88 }
89 s->s3->rbuf.left-=n; 154 s->s3->rbuf.left-=n;
90 s->s3->rbuf.offset+=n; 155 s->s3->rbuf.offset+=n;
91 return(n); 156 return(n);
92 } 157 }
93 158
94 /* else we need to read more data */ 159 /* else we need to read more data */
95 if (!s->read_ahead) max=n; 160 if (!s->read_ahead)
96 if (max > SSL3_RT_MAX_PACKET_SIZE) 161 max=n;
97 max=SSL3_RT_MAX_PACKET_SIZE;
98
99 /* First check if there is some left or we want to extend */
100 off=0;
101 if ( (s->s3->rbuf.left != 0) ||
102 ((s->packet_length != 0) && extend))
103 {
104 newb=s->s3->rbuf.left;
105 if (extend)
106 {
107 /* Copy bytes back to the front of the buffer
108 * Take the bytes already pointed to by 'packet'
109 * and take the extra ones on the end. */
110 off=s->packet_length;
111 if (s->packet != s->s3->rbuf.buf)
112 memcpy(s->s3->rbuf.buf,s->packet,newb+off);
113 }
114 else if (s->s3->rbuf.offset != 0)
115 { /* so the data is not at the start of the buffer */
116 memcpy(s->s3->rbuf.buf,
117 &(s->s3->rbuf.buf[s->s3->rbuf.offset]),newb);
118 s->s3->rbuf.offset=0;
119 }
120 162
121 s->s3->rbuf.left=0; 163 {
164 /* avoid buffer overflow */
165 int max_max = SSL3_RT_MAX_PACKET_SIZE - s->packet_length;
166 if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER)
167 max_max += SSL3_RT_MAX_EXTRA;
168 if (max > max_max)
169 max = max_max;
170 }
171 if (n > max) /* does not happen */
172 {
173 SSLerr(SSL_F_SSL3_READ_N,SSL_R_INTERNAL_ERROR);
174 return -1;
122 } 175 }
123 else
124 newb=0;
125 176
126 /* So we now have 'newb' bytes at the front of 177 off = s->packet_length;
127 * s->s3->rbuf.buf and need to read some more in on the end 178 newb = s->s3->rbuf.left;
128 * We start reading into the buffer at 's->s3->rbuf.offset' 179 /* Move any available bytes to front of buffer:
129 */ 180 * 'off' bytes already pointed to by 'packet',
130 s->packet=s->s3->rbuf.buf; 181 * 'newb' extra ones at the end */
182 if (s->packet != s->s3->rbuf.buf)
183 {
184 /* off > 0 */
185 memmove(s->s3->rbuf.buf, s->packet, off+newb);
186 s->packet = s->s3->rbuf.buf;
187 }
131 188
132 while (newb < n) 189 while (newb < n)
133 { 190 {
191 /* Now we have off+newb bytes at the front of s->s3->rbuf.buf and need
192 * to read in more until we have off+n (up to off+max if possible) */
193
134 clear_sys_error(); 194 clear_sys_error();
135 if (s->rbio != NULL) 195 if (s->rbio != NULL)
136 { 196 {
137 s->rwstate=SSL_READING; 197 s->rwstate=SSL_READING;
138 i=BIO_read(s->rbio, 198 i=BIO_read(s->rbio, &(s->s3->rbuf.buf[off+newb]), max-newb);
139 (char *)&(s->s3->rbuf.buf[off+newb]),
140 max-newb);
141 } 199 }
142 else 200 else
143 { 201 {
144 SSLerr(SSL_F_SSL3_READ_N,SSL_R_READ_BIO_NOT_SET); 202 SSLerr(SSL_F_SSL3_READ_N,SSL_R_READ_BIO_NOT_SET);
145 i= -1; 203 i = -1;
146 } 204 }
147 205
148 if (i <= 0) 206 if (i <= 0)
149 { 207 {
150 s->s3->rbuf.left+=newb; 208 s->s3->rbuf.left = newb;
151 return(i); 209 return(i);
152 } 210 }
153 newb+=i; 211 newb+=i;
154 } 212 }
155 213
156 /* record used data read */ 214 /* done reading, now the book-keeping */
157 if (newb > n) 215 s->s3->rbuf.offset = off + n;
158 { 216 s->s3->rbuf.left = newb - n;
159 s->s3->rbuf.offset=n+off; 217 s->packet_length += n;
160 s->s3->rbuf.left=newb-n; 218 s->rwstate=SSL_NOTHING;
161 }
162 else
163 {
164 s->s3->rbuf.offset=0;
165 s->s3->rbuf.left=0;
166 }
167
168 if (extend)
169 s->packet_length+=n;
170 else
171 s->packet_length+=n;
172 return(n); 219 return(n);
173 } 220 }
174 221
@@ -176,15 +223,15 @@ static int ssl3_read_n(SSL *s, int n, int max, int extend)
176 * It will return <= 0 if more data is needed, normally due to an error 223 * It will return <= 0 if more data is needed, normally due to an error
177 * or non-blocking IO. 224 * or non-blocking IO.
178 * When it finishes, one packet has been decoded and can be found in 225 * When it finishes, one packet has been decoded and can be found in
179 * ssl->s3->rrec.type - is the type of record 226 * ssl->s3->rrec.type - is the type of record
180 * ssl->s3->rrec.data, - data 227 * ssl->s3->rrec.data, - data
181 * ssl->s3->rrec.length, - number of bytes 228 * ssl->s3->rrec.length, - number of bytes
182 */ 229 */
230/* used only by ssl3_read_bytes */
183static int ssl3_get_record(SSL *s) 231static int ssl3_get_record(SSL *s)
184 { 232 {
185 int ssl_major,ssl_minor,al; 233 int ssl_major,ssl_minor,al;
186 int n,i,ret= -1; 234 int n,i,ret= -1;
187 SSL3_BUFFER *rb;
188 SSL3_RECORD *rr; 235 SSL3_RECORD *rr;
189 SSL_SESSION *sess; 236 SSL_SESSION *sess;
190 unsigned char *p; 237 unsigned char *p;
@@ -194,7 +241,6 @@ static int ssl3_get_record(SSL *s)
194 int clear=0,extra; 241 int clear=0,extra;
195 242
196 rr= &(s->s3->rrec); 243 rr= &(s->s3->rrec);
197 rb= &(s->s3->rbuf);
198 sess=s->session; 244 sess=s->session;
199 245
200 if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER) 246 if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER)
@@ -253,27 +299,26 @@ again:
253 goto f_err; 299 goto f_err;
254 } 300 }
255 301
256 s->rstate=SSL_ST_READ_BODY; 302 /* now s->rstate == SSL_ST_READ_BODY */
257 } 303 }
258 304
259 /* get and decode the data */ 305 /* s->rstate == SSL_ST_READ_BODY, get and decode the data */
260 if (s->rstate == SSL_ST_READ_BODY) 306
307 if (rr->length > (s->packet_length-SSL3_RT_HEADER_LENGTH))
261 { 308 {
262 if (rr->length > (s->packet_length-SSL3_RT_HEADER_LENGTH)) 309 /* now s->packet_length == SSL3_RT_HEADER_LENGTH */
263 { 310 i=rr->length;
264 i=rr->length; 311 n=ssl3_read_n(s,i,i,1);
265 /*-(s->packet_length-SSL3_RT_HEADER_LENGTH); */ 312 if (n <= 0) return(n); /* error or non-blocking io */
266 n=ssl3_read_n(s,i,i,1); 313 /* now n == rr->length,
267 if (n <= 0) return(n); /* error or non-blocking io */ 314 * and s->packet_length == SSL3_RT_HEADER_LENGTH + rr->length */
268 }
269 s->rstate=SSL_ST_READ_HEADER;
270 } 315 }
271 316
272 /* At this point, we have the data in s->packet and there should be 317 s->rstate=SSL_ST_READ_HEADER; /* set state for later operations */
273 * s->packet_length bytes, we must not 'overrun' this buffer :-)
274 * One of the following functions will copy the data from the
275 * s->packet buffer */
276 318
319 /* At this point, s->packet_length == SSL3_RT_HEADER_LNGTH + rr->length,
320 * and we have that many bytes in s->packet
321 */
277 rr->input= &(s->packet[SSL3_RT_HEADER_LENGTH]); 322 rr->input= &(s->packet[SSL3_RT_HEADER_LENGTH]);
278 323
279 /* ok, we can now read from 's->packet' data into 'rr' 324 /* ok, we can now read from 's->packet' data into 'rr'
@@ -283,13 +328,10 @@ again:
283 * When the data is 'copied' into the rr->data buffer, 328 * When the data is 'copied' into the rr->data buffer,
284 * rr->input will be pointed at the new buffer */ 329 * rr->input will be pointed at the new buffer */
285 330
286 /* Set the state for the following operations */
287 s->rstate=SSL_ST_READ_HEADER;
288
289 /* We now have - encrypted [ MAC [ compressed [ plain ] ] ] 331 /* We now have - encrypted [ MAC [ compressed [ plain ] ] ]
290 * rr->length bytes of encrypted compressed stuff. */ 332 * rr->length bytes of encrypted compressed stuff. */
291 333
292 /* check is not needed I belive */ 334 /* check is not needed I believe */
293 if (rr->length > (unsigned int)SSL3_RT_MAX_ENCRYPTED_LENGTH+extra) 335 if (rr->length > (unsigned int)SSL3_RT_MAX_ENCRYPTED_LENGTH+extra)
294 { 336 {
295 al=SSL_AD_RECORD_OVERFLOW; 337 al=SSL_AD_RECORD_OVERFLOW;
@@ -326,7 +368,7 @@ printf("\n");
326 SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_PRE_MAC_LENGTH_TOO_LONG); 368 SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_PRE_MAC_LENGTH_TOO_LONG);
327 goto f_err; 369 goto f_err;
328 } 370 }
329 /* check MAC for rr->input' */ 371 /* check the MAC for rr->input (it's in mac_size bytes at the tail) */
330 if (rr->length < mac_size) 372 if (rr->length < mac_size)
331 { 373 {
332 al=SSL_AD_DECODE_ERROR; 374 al=SSL_AD_DECODE_ERROR;
@@ -426,12 +468,12 @@ static int do_compress(SSL *ssl)
426 return(1); 468 return(1);
427 } 469 }
428 470
429/* Call this to write data 471/* Call this to write data in records of type 'type'
430 * It will return <= 0 if not all data has been sent or non-blocking IO. 472 * It will return <= 0 if not all data has been sent or non-blocking IO.
431 */ 473 */
432int ssl3_write_bytes(SSL *s, int type, const void *_buf, int len) 474int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len)
433 { 475 {
434 const unsigned char *buf=_buf; 476 const unsigned char *buf=buf_;
435 unsigned int tot,n,nw; 477 unsigned int tot,n,nw;
436 int i; 478 int i;
437 479
@@ -457,7 +499,7 @@ int ssl3_write_bytes(SSL *s, int type, const void *_buf, int len)
457 nw=SSL3_RT_MAX_PLAIN_LENGTH; 499 nw=SSL3_RT_MAX_PLAIN_LENGTH;
458 else 500 else
459 nw=n; 501 nw=n;
460 502
461 i=do_ssl3_write(s,type,&(buf[tot]),nw); 503 i=do_ssl3_write(s,type,&(buf[tot]),nw);
462 if (i <= 0) 504 if (i <= 0)
463 { 505 {
@@ -465,9 +507,6 @@ int ssl3_write_bytes(SSL *s, int type, const void *_buf, int len)
465 return(i); 507 return(i);
466 } 508 }
467 509
468 if (type == SSL3_RT_HANDSHAKE)
469 ssl3_finish_mac(s,&(buf[tot]),i);
470
471 if ((i == (int)n) || 510 if ((i == (int)n) ||
472 (type == SSL3_RT_APPLICATION_DATA && 511 (type == SSL3_RT_APPLICATION_DATA &&
473 (s->mode & SSL_MODE_ENABLE_PARTIAL_WRITE))) 512 (s->mode & SSL_MODE_ENABLE_PARTIAL_WRITE)))
@@ -503,8 +542,8 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
503 /* if it went, fall through and send more stuff */ 542 /* if it went, fall through and send more stuff */
504 } 543 }
505 544
506 if (len <= 0) return(len); 545 if (len == 0) return(len);
507 546
508 wr= &(s->s3->wrec); 547 wr= &(s->s3->wrec);
509 wb= &(s->s3->wbuf); 548 wb= &(s->s3->wbuf);
510 sess=s->session; 549 sess=s->session;
@@ -527,11 +566,11 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
527 566
528 *(p++)=(s->version>>8); 567 *(p++)=(s->version>>8);
529 *(p++)=s->version&0xff; 568 *(p++)=s->version&0xff;
530 569
531 /* record where we are to write out packet length */ 570 /* record where we are to write out packet length */
532 plen=p; 571 plen=p;
533 p+=2; 572 p+=2;
534 573
535 /* lets setup the record stuff. */ 574 /* lets setup the record stuff. */
536 wr->data=p; 575 wr->data=p;
537 wr->length=(int)len; 576 wr->length=(int)len;
@@ -638,19 +677,75 @@ static int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
638 } 677 }
639 } 678 }
640 679
680/* Return up to 'len' payload bytes received in 'type' records.
681 * 'type' is one of the following:
682 *
683 * - SSL3_RT_HANDSHAKE (when ssl3_get_message calls us)
684 * - SSL3_RT_APPLICATION_DATA (when ssl3_read calls us)
685 * - 0 (during a shutdown, no data has to be returned)
686 *
687 * If we don't have stored data to work from, read a SSL/TLS record first
688 * (possibly multiple records if we still don't have anything to return).
689 *
690 * This function must handle any surprises the peer may have for us, such as
691 * Alert records (e.g. close_notify), ChangeCipherSpec records (not really
692 * a surprise, but handled as if it were), or renegotiation requests.
693 * Also if record payloads contain fragments too small to process, we store
694 * them until there is enough for the respective protocol (the record protocol
695 * may use arbitrary fragmentation and even interleaving):
696 * Change cipher spec protocol
697 * just 1 byte needed, no need for keeping anything stored
698 * Alert protocol
699 * 2 bytes needed (AlertLevel, AlertDescription)
700 * Handshake protocol
701 * 4 bytes needed (HandshakeType, uint24 length) -- we just have
702 * to detect unexpected Client Hello and Hello Request messages
703 * here, anything else is handled by higher layers
704 * Application data protocol
705 * none of our business
706 */
641int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len) 707int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len)
642 { 708 {
643 int al,i,j,n,ret; 709 int al,i,j,ret;
710 unsigned int n;
644 SSL3_RECORD *rr; 711 SSL3_RECORD *rr;
645 void (*cb)()=NULL; 712 void (*cb)()=NULL;
646 BIO *bio;
647 713
648 if (s->s3->rbuf.buf == NULL) /* Not initialize yet */ 714 if (s->s3->rbuf.buf == NULL) /* Not initialized yet */
649 if (!ssl3_setup_buffers(s)) 715 if (!ssl3_setup_buffers(s))
650 return(-1); 716 return(-1);
651 717
718 if ((type != SSL3_RT_APPLICATION_DATA) && (type != SSL3_RT_HANDSHAKE) && type)
719 {
720 SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_INTERNAL_ERROR);
721 return -1;
722 }
723
724 if ((type == SSL3_RT_HANDSHAKE) && (s->s3->handshake_fragment_len > 0))
725 /* (partially) satisfy request from storage */
726 {
727 unsigned char *src = s->s3->handshake_fragment;
728 unsigned char *dst = buf;
729 unsigned int k;
730
731 n = 0;
732 while ((len > 0) && (s->s3->handshake_fragment_len > 0))
733 {
734 *dst++ = *src++;
735 len--; s->s3->handshake_fragment_len--;
736 n++;
737 }
738 /* move any remaining fragment bytes: */
739 for (k = 0; k < s->s3->handshake_fragment_len; k++)
740 s->s3->handshake_fragment[k] = *src++;
741 return n;
742 }
743
744 /* Now s->s3->handshake_fragment_len == 0 if type == SSL3_RT_HANDSHAKE. */
745
652 if (!s->in_handshake && SSL_in_init(s)) 746 if (!s->in_handshake && SSL_in_init(s))
653 { 747 {
748 /* type == SSL3_RT_APPLICATION_DATA */
654 i=s->handshake_func(s); 749 i=s->handshake_func(s);
655 if (i < 0) return(i); 750 if (i < 0) return(i);
656 if (i == 0) 751 if (i == 0)
@@ -662,11 +757,11 @@ int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len)
662start: 757start:
663 s->rwstate=SSL_NOTHING; 758 s->rwstate=SSL_NOTHING;
664 759
665 /* s->s3->rrec.type - is the type of record 760 /* s->s3->rrec.type - is the type of record
666 * s->s3->rrec.data, - data 761 * s->s3->rrec.data, - data
667 * s->s3->rrec.off, - ofset into 'data' for next read 762 * s->s3->rrec.off, - offset into 'data' for next read
668 * s->s3->rrec.length, - number of bytes. */ 763 * s->s3->rrec.length, - number of bytes. */
669 rr= &(s->s3->rrec); 764 rr = &(s->s3->rrec);
670 765
671 /* get new packet */ 766 /* get new packet */
672 if ((rr->length == 0) || (s->rstate == SSL_ST_READ_BODY)) 767 if ((rr->length == 0) || (s->rstate == SSL_ST_READ_BODY))
@@ -677,7 +772,9 @@ start:
677 772
678 /* we now have a packet which can be read and processed */ 773 /* we now have a packet which can be read and processed */
679 774
680 if (s->s3->change_cipher_spec && (rr->type != SSL3_RT_HANDSHAKE)) 775 if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec,
776 * reset by ssl3_get_finished */
777 && (rr->type != SSL3_RT_HANDSHAKE))
681 { 778 {
682 al=SSL_AD_UNEXPECTED_MESSAGE; 779 al=SSL_AD_UNEXPECTED_MESSAGE;
683 SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_DATA_BETWEEN_CCS_AND_FINISHED); 780 SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_DATA_BETWEEN_CCS_AND_FINISHED);
@@ -692,16 +789,98 @@ start:
692 return(0); 789 return(0);
693 } 790 }
694 791
695 /* Check for an incoming 'Client Request' message */ 792
696 if ((rr->type == SSL3_RT_HANDSHAKE) && (rr->length == 4) && 793 if (type == rr->type) /* SSL3_RT_APPLICATION_DATA or SSL3_RT_HANDSHAKE */
697 (rr->data[0] == SSL3_MT_CLIENT_REQUEST) && 794 {
795 /* make sure that we are not getting application data when we
796 * are doing a handshake for the first time */
797 if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) &&
798 (s->enc_read_ctx == NULL))
799 {
800 al=SSL_AD_UNEXPECTED_MESSAGE;
801 SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_APP_DATA_IN_HANDSHAKE);
802 goto f_err;
803 }
804
805 if (len <= 0) return(len);
806
807 if ((unsigned int)len > rr->length)
808 n = rr->length;
809 else
810 n = (unsigned int)len;
811
812 memcpy(buf,&(rr->data[rr->off]),n);
813 rr->length-=n;
814 rr->off+=n;
815 if (rr->length == 0)
816 {
817 s->rstate=SSL_ST_READ_HEADER;
818 rr->off=0;
819 }
820 return(n);
821 }
822
823
824 /* If we get here, then type != rr->type; if we have a handshake
825 * message, then it was unexpected (Hello Request or Client Hello). */
826
827 /* In case of record types for which we have 'fragment' storage,
828 * fill that so that we can process the data at a fixed place.
829 */
830 {
831 unsigned int dest_maxlen = 0;
832 unsigned char *dest = NULL;
833 unsigned int *dest_len = NULL;
834
835 if (rr->type == SSL3_RT_HANDSHAKE)
836 {
837 dest_maxlen = sizeof s->s3->handshake_fragment;
838 dest = s->s3->handshake_fragment;
839 dest_len = &s->s3->handshake_fragment_len;
840 }
841 else if (rr->type == SSL3_RT_ALERT)
842 {
843 dest_maxlen = sizeof s->s3->alert_fragment;
844 dest = s->s3->alert_fragment;
845 dest_len = &s->s3->alert_fragment_len;
846 }
847
848 if (dest_maxlen > 0)
849 {
850 n = dest_maxlen - *dest_len; /* available space in 'dest' */
851 if (rr->length < n)
852 n = rr->length; /* available bytes */
853
854 /* now move 'n' bytes: */
855 while (n-- > 0)
856 {
857 dest[(*dest_len)++] = rr->data[rr->off++];
858 rr->length--;
859 }
860
861 if (*dest_len < dest_maxlen)
862 goto start; /* fragment was too small */
863 }
864 }
865
866 /* s->s3->handshake_fragment_len == 4 iff rr->type == SSL3_RT_HANDSHAKE;
867 * s->s3->alert_fragment_len == 2 iff rr->type == SSL3_RT_ALERT.
868 * (Possibly rr is 'empty' now, i.e. rr->length may be 0.) */
869
870 /* If we are a client, check for an incoming 'Hello Request': */
871 if ((!s->server) &&
872 (s->s3->handshake_fragment_len >= 4) &&
873 (s->s3->handshake_fragment[0] == SSL3_MT_HELLO_REQUEST) &&
698 (s->session != NULL) && (s->session->cipher != NULL)) 874 (s->session != NULL) && (s->session->cipher != NULL))
699 { 875 {
700 if ((rr->data[1] != 0) || (rr->data[2] != 0) || 876 s->s3->handshake_fragment_len = 0;
701 (rr->data[3] != 0)) 877
878 if ((s->s3->handshake_fragment[1] != 0) ||
879 (s->s3->handshake_fragment[2] != 0) ||
880 (s->s3->handshake_fragment[3] != 0))
702 { 881 {
703 al=SSL_AD_DECODE_ERROR; 882 al=SSL_AD_DECODE_ERROR;
704 SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_BAD_CLIENT_REQUEST); 883 SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_BAD_HELLO_REQUEST);
705 goto err; 884 goto err;
706 } 885 }
707 886
@@ -712,220 +891,209 @@ start:
712 ssl3_renegotiate(s); 891 ssl3_renegotiate(s);
713 if (ssl3_renegotiate_check(s)) 892 if (ssl3_renegotiate_check(s))
714 { 893 {
715 n=s->handshake_func(s); 894 i=s->handshake_func(s);
716 if (n < 0) return(n); 895 if (i < 0) return(i);
717 if (n == 0) 896 if (i == 0)
718 { 897 {
719 SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE); 898 SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE);
720 return(-1); 899 return(-1);
721 } 900 }
901
902 if (s->s3->rbuf.left == 0) /* no read-ahead left? */
903 {
904 BIO *bio;
905 /* In the case where we try to read application data
906 * the first time, but we trigger an SSL handshake, we
907 * return -1 with the retry option set. I do this
908 * otherwise renegotiation can cause nasty problems
909 * in the blocking world */ /* ? */
910 s->rwstate=SSL_READING;
911 bio=SSL_get_rbio(s);
912 BIO_clear_retry_flags(bio);
913 BIO_set_retry_read(bio);
914 return(-1);
915 }
722 } 916 }
723 } 917 }
724 rr->length=0; 918 /* we either finished a handshake or ignored the request,
725/* ZZZ */ goto start; 919 * now try again to obtain the (application) data we were asked for */
920 goto start;
726 } 921 }
727 922
728 /* if it is not the type we want, or we have shutdown and want 923 if (s->s3->alert_fragment_len >= 2)
729 * the peer shutdown */
730 if ((rr->type != type) || (s->shutdown & SSL_SENT_SHUTDOWN))
731 { 924 {
732 if (rr->type == SSL3_RT_ALERT) 925 int alert_level = s->s3->alert_fragment[0];
733 { 926 int alert_descr = s->s3->alert_fragment[1];
734 if ((rr->length != 2) || (rr->off != 0))
735 {
736 al=SSL_AD_DECODE_ERROR;
737 SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_BAD_ALERT_RECORD);
738 goto f_err;
739 }
740 927
741 i=rr->data[0]; 928 s->s3->alert_fragment_len = 0;
742 n=rr->data[1];
743 929
744 /* clear from buffer */ 930 if (s->info_callback != NULL)
745 rr->length=0; 931 cb=s->info_callback;
746 932 else if (s->ctx->info_callback != NULL)
747 if (s->info_callback != NULL) 933 cb=s->ctx->info_callback;
748 cb=s->info_callback;
749 else if (s->ctx->info_callback != NULL)
750 cb=s->ctx->info_callback;
751 934
752 if (cb != NULL) 935 if (cb != NULL)
753 { 936 {
754 j=(i<<8)|n; 937 j = (alert_level << 8) | alert_descr;
755 cb(s,SSL_CB_READ_ALERT,j); 938 cb(s, SSL_CB_READ_ALERT, j);
756 } 939 }
757 940
758 if (i == 1) 941 if (alert_level == 1) /* warning */
759 { 942 {
760 s->s3->warn_alert=n; 943 s->s3->warn_alert = alert_descr;
761 if (n == SSL_AD_CLOSE_NOTIFY) 944 if (alert_descr == SSL_AD_CLOSE_NOTIFY)
762 {
763 s->shutdown|=SSL_RECEIVED_SHUTDOWN;
764 return(0);
765 }
766 }
767 else if (i == 2)
768 { 945 {
769 char tmp[16]; 946 s->shutdown |= SSL_RECEIVED_SHUTDOWN;
770
771 s->rwstate=SSL_NOTHING;
772 s->s3->fatal_alert=n;
773 SSLerr(SSL_F_SSL3_READ_BYTES,
774 SSL_AD_REASON_OFFSET+n);
775 sprintf(tmp,"%d",n);
776 ERR_add_error_data(2,"SSL alert number ",tmp);
777 s->shutdown|=SSL_RECEIVED_SHUTDOWN;
778 SSL_CTX_remove_session(s->ctx,s->session);
779 return(0); 947 return(0);
780 } 948 }
781 else
782 {
783 al=SSL_AD_ILLEGAL_PARAMETER;
784 SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_UNKNOWN_ALERT_TYPE);
785 goto f_err;
786 }
787
788 rr->length=0;
789 goto start;
790 } 949 }
791 950 else if (alert_level == 2) /* fatal */
792 if (s->shutdown & SSL_SENT_SHUTDOWN)
793 { 951 {
952 char tmp[16];
953
794 s->rwstate=SSL_NOTHING; 954 s->rwstate=SSL_NOTHING;
795 rr->length=0; 955 s->s3->fatal_alert = alert_descr;
956 SSLerr(SSL_F_SSL3_READ_BYTES, SSL_AD_REASON_OFFSET + alert_descr);
957 sprintf(tmp,"%d",alert_descr);
958 ERR_add_error_data(2,"SSL alert number ",tmp);
959 s->shutdown|=SSL_RECEIVED_SHUTDOWN;
960 SSL_CTX_remove_session(s->ctx,s->session);
796 return(0); 961 return(0);
797 } 962 }
798 963 else
799 if (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC)
800 { 964 {
801 if ( (rr->length != 1) || (rr->off != 0) || 965 al=SSL_AD_ILLEGAL_PARAMETER;
802 (rr->data[0] != SSL3_MT_CCS)) 966 SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_UNKNOWN_ALERT_TYPE);
803 { 967 goto f_err;
804 i=SSL_AD_ILLEGAL_PARAMETER; 968 }
805 SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_BAD_CHANGE_CIPHER_SPEC);
806 goto err;
807 }
808 969
809 rr->length=0; 970 goto start;
810 s->s3->change_cipher_spec=1; 971 }
811 if (!do_change_cipher_spec(s)) 972
812 goto err; 973 if (s->shutdown & SSL_SENT_SHUTDOWN) /* but we have not received a shutdown */
813 else 974 {
814 goto start; 975 s->rwstate=SSL_NOTHING;
976 rr->length=0;
977 return(0);
978 }
979
980 if (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC)
981 {
982 /* 'Change Cipher Spec' is just a single byte, so we know
983 * exactly what the record payload has to look like */
984 if ( (rr->length != 1) || (rr->off != 0) ||
985 (rr->data[0] != SSL3_MT_CCS))
986 {
987 i=SSL_AD_ILLEGAL_PARAMETER;
988 SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_BAD_CHANGE_CIPHER_SPEC);
989 goto err;
815 } 990 }
816 991
817 /* else we have a handshake */ 992 rr->length=0;
818 if ((rr->type == SSL3_RT_HANDSHAKE) && 993 s->s3->change_cipher_spec=1;
819 !s->in_handshake) 994 if (!do_change_cipher_spec(s))
995 goto err;
996 else
997 goto start;
998 }
999
1000 /* Unexpected handshake message (Client Hello, or protocol violation) */
1001 if ((s->s3->handshake_fragment_len >= 4) && !s->in_handshake)
1002 {
1003 if (((s->state&SSL_ST_MASK) == SSL_ST_OK) &&
1004 !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS))
820 { 1005 {
821 if (((s->state&SSL_ST_MASK) == SSL_ST_OK) && 1006#if 0 /* worked only because C operator preferences are not as expected (and
822 !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)) 1007 * because this is not really needed for clients except for detecting
823 { 1008 * protocol violations): */
824 s->state=SSL_ST_BEFORE|(s->server) 1009 s->state=SSL_ST_BEFORE|(s->server)
825 ?SSL_ST_ACCEPT 1010 ?SSL_ST_ACCEPT
826 :SSL_ST_CONNECT; 1011 :SSL_ST_CONNECT;
827 s->new_session=1; 1012#else
828 } 1013 s->state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT;
829 n=s->handshake_func(s); 1014#endif
830 if (n < 0) return(n); 1015 s->new_session=1;
831 if (n == 0) 1016 }
832 { 1017 i=s->handshake_func(s);
833 SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE); 1018 if (i < 0) return(i);
834 return(-1); 1019 if (i == 0)
835 } 1020 {
1021 SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE);
1022 return(-1);
1023 }
836 1024
1025 if (s->s3->rbuf.left == 0) /* no read-ahead left? */
1026 {
1027 BIO *bio;
837 /* In the case where we try to read application data 1028 /* In the case where we try to read application data
838 * the first time, but we trigger an SSL handshake, we 1029 * the first time, but we trigger an SSL handshake, we
839 * return -1 with the retry option set. I do this 1030 * return -1 with the retry option set. I do this
840 * otherwise renegotiation can cause nasty problems 1031 * otherwise renegotiation can cause nasty problems
841 * in the non-blocking world */ 1032 * in the blocking world */ /* ? */
842
843 s->rwstate=SSL_READING; 1033 s->rwstate=SSL_READING;
844 bio=SSL_get_rbio(s); 1034 bio=SSL_get_rbio(s);
845 BIO_clear_retry_flags(bio); 1035 BIO_clear_retry_flags(bio);
846 BIO_set_retry_read(bio); 1036 BIO_set_retry_read(bio);
847 return(-1); 1037 return(-1);
848 } 1038 }
1039 goto start;
1040 }
849 1041
850 switch (rr->type) 1042 switch (rr->type)
851 { 1043 {
852 default: 1044 default:
853#ifndef NO_TLS 1045#ifndef NO_TLS
854 /* TLS just ignores unknown message types */ 1046 /* TLS just ignores unknown message types */
855 if (s->version == TLS1_VERSION) 1047 if (s->version == TLS1_VERSION)
856 { 1048 {
857 goto start; 1049 goto start;
858 } 1050 }
859#endif 1051#endif
860 case SSL3_RT_CHANGE_CIPHER_SPEC: 1052 al=SSL_AD_UNEXPECTED_MESSAGE;
861 case SSL3_RT_ALERT: 1053 SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_UNEXPECTED_RECORD);
862 case SSL3_RT_HANDSHAKE: 1054 goto f_err;
1055 case SSL3_RT_CHANGE_CIPHER_SPEC:
1056 case SSL3_RT_ALERT:
1057 case SSL3_RT_HANDSHAKE:
1058 /* we already handled all of these, with the possible exception
1059 * of SSL3_RT_HANDSHAKE when s->in_handshake is set, but that
1060 * should not happen when type != rr->type */
1061 al=SSL_AD_UNEXPECTED_MESSAGE;
1062 SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_INTERNAL_ERROR);
1063 goto f_err;
1064 case SSL3_RT_APPLICATION_DATA:
1065 /* At this point, we were expecting handshake data,
1066 * but have application data. If the library was
1067 * running inside ssl3_read() (i.e. in_read_app_data
1068 * is set) and it makes sense to read application data
1069 * at this point (session renegotiation not yet started),
1070 * we will indulge it.
1071 */
1072 if (s->s3->in_read_app_data &&
1073 (s->s3->total_renegotiations != 0) &&
1074 ((
1075 (s->state & SSL_ST_CONNECT) &&
1076 (s->state >= SSL3_ST_CW_CLNT_HELLO_A) &&
1077 (s->state <= SSL3_ST_CR_SRVR_HELLO_A)
1078 ) || (
1079 (s->state & SSL_ST_ACCEPT) &&
1080 (s->state <= SSL3_ST_SW_HELLO_REQ_A) &&
1081 (s->state >= SSL3_ST_SR_CLNT_HELLO_A)
1082 )
1083 ))
1084 {
1085 s->s3->in_read_app_data=0;
1086 return(-1);
1087 }
1088 else
1089 {
863 al=SSL_AD_UNEXPECTED_MESSAGE; 1090 al=SSL_AD_UNEXPECTED_MESSAGE;
864 SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_UNEXPECTED_RECORD); 1091 SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_UNEXPECTED_RECORD);
865 goto f_err; 1092 goto f_err;
866 case SSL3_RT_APPLICATION_DATA:
867 /* At this point, we were expecting something else,
868 * but have application data. What we do is set the
869 * error, and return -1. On the way out, if the
870 * library was running inside ssl3_read() and it makes
871 * sense to read application data at this point, we
872 * will indulge it. This will mostly happen during
873 * session renegotiation.
874 */
875 if (s->s3->in_read_app_data &&
876 (s->s3->total_renegotiations != 0) &&
877 ((
878 (s->state & SSL_ST_CONNECT) &&
879 (s->state >= SSL3_ST_CW_CLNT_HELLO_A) &&
880 (s->state <= SSL3_ST_CR_SRVR_HELLO_A)
881 ) || (
882 (s->state & SSL_ST_ACCEPT) &&
883 (s->state <= SSL3_ST_SW_HELLO_REQ_A) &&
884 (s->state >= SSL3_ST_SR_CLNT_HELLO_A)
885 )
886 ))
887 {
888 s->s3->in_read_app_data=0;
889 return(-1);
890 }
891 else
892 {
893 al=SSL_AD_UNEXPECTED_MESSAGE;
894 SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_UNEXPECTED_RECORD);
895 goto f_err;
896 }
897 } 1093 }
898 } 1094 }
1095 /* not reached */
899 1096
900 /* make sure that we are not getting application data when we
901 * are doing a handshake for the first time */
902 if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) &&
903 (s->enc_read_ctx == NULL))
904 {
905 al=SSL_AD_UNEXPECTED_MESSAGE;
906 SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_APP_DATA_IN_HANDSHAKE);
907 goto f_err;
908 }
909
910 if (len <= 0) return(len);
911
912 if ((unsigned int)len > rr->length)
913 n=rr->length;
914 else
915 n=len;
916
917 memcpy(buf,&(rr->data[rr->off]),(unsigned int)n);
918 rr->length-=n;
919 rr->off+=n;
920 if (rr->length <= 0)
921 {
922 s->rstate=SSL_ST_READ_HEADER;
923 rr->off=0;
924 }
925
926 if (type == SSL3_RT_HANDSHAKE)
927 ssl3_finish_mac(s,buf,n);
928 return(n);
929f_err: 1097f_err:
930 ssl3_send_alert(s,SSL3_AL_FATAL,al); 1098 ssl3_send_alert(s,SSL3_AL_FATAL,al);
931err: 1099err:
@@ -935,7 +1103,7 @@ err:
935static int do_change_cipher_spec(SSL *s) 1103static int do_change_cipher_spec(SSL *s)
936 { 1104 {
937 int i; 1105 int i;
938 unsigned char *sender; 1106 const char *sender;
939 int slen; 1107 int slen;
940 1108
941 if (s->state & SSL_ST_ACCEPT) 1109 if (s->state & SSL_ST_ACCEPT)
@@ -957,37 +1125,23 @@ static int do_change_cipher_spec(SSL *s)
957 * the finished message */ 1125 * the finished message */
958 if (s->state & SSL_ST_CONNECT) 1126 if (s->state & SSL_ST_CONNECT)
959 { 1127 {
960 sender=s->method->ssl3_enc->server_finished; 1128 sender=s->method->ssl3_enc->server_finished_label;
961 slen=s->method->ssl3_enc->server_finished_len; 1129 slen=s->method->ssl3_enc->server_finished_label_len;
962 } 1130 }
963 else 1131 else
964 { 1132 {
965 sender=s->method->ssl3_enc->client_finished; 1133 sender=s->method->ssl3_enc->client_finished_label;
966 slen=s->method->ssl3_enc->client_finished_len; 1134 slen=s->method->ssl3_enc->client_finished_label_len;
967 } 1135 }
968 1136
969 s->method->ssl3_enc->final_finish_mac(s, 1137 s->s3->tmp.peer_finish_md_len = s->method->ssl3_enc->final_finish_mac(s,
970 &(s->s3->finish_dgst1), 1138 &(s->s3->finish_dgst1),
971 &(s->s3->finish_dgst2), 1139 &(s->s3->finish_dgst2),
972 sender,slen,&(s->s3->tmp.finish_md[0])); 1140 sender,slen,s->s3->tmp.peer_finish_md);
973 1141
974 return(1); 1142 return(1);
975 } 1143 }
976 1144
977int ssl3_do_write(SSL *s, int type)
978 {
979 int ret;
980
981 ret=ssl3_write_bytes(s,type,&s->init_buf->data[s->init_off],
982 s->init_num);
983 if (ret == s->init_num)
984 return(1);
985 if (ret < 0) return(-1);
986 s->init_off+=ret;
987 s->init_num-=ret;
988 return(0);
989 }
990
991void ssl3_send_alert(SSL *s, int level, int desc) 1145void ssl3_send_alert(SSL *s, int level, int desc)
992 { 1146 {
993 /* Map tls/ssl alert value to correct one */ 1147 /* Map tls/ssl alert value to correct one */
@@ -1029,7 +1183,7 @@ int ssl3_dispatch_alert(SSL *s)
1029 cb=s->info_callback; 1183 cb=s->info_callback;
1030 else if (s->ctx->info_callback != NULL) 1184 else if (s->ctx->info_callback != NULL)
1031 cb=s->ctx->info_callback; 1185 cb=s->ctx->info_callback;
1032 1186
1033 if (cb != NULL) 1187 if (cb != NULL)
1034 { 1188 {
1035 j=(s->s3->send_alert[0]<<8)|s->s3->send_alert[1]; 1189 j=(s->s3->send_alert[0]<<8)|s->s3->send_alert[1];
@@ -1038,4 +1192,3 @@ int ssl3_dispatch_alert(SSL *s)
1038 } 1192 }
1039 return(i); 1193 return(i);
1040 } 1194 }
1041
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-26 08:40:37 +0000