diff options
| author | beck <> | 1999-09-29 04:37:45 +0000 |
|---|---|---|
| committer | beck <> | 1999-09-29 04:37:45 +0000 |
| commit | de8f24ea083384bb66b32ec105dc4743c5663cdf (patch) | |
| tree | 1412176ae62a3cab2cf2b0b92150fcbceaac6092 /src/lib/libssl/s3_pkt.c | |
| parent | cb929d29896bcb87c2a97417fbd03e50078fc178 (diff) | |
| download | openbsd-de8f24ea083384bb66b32ec105dc4743c5663cdf.tar.gz openbsd-de8f24ea083384bb66b32ec105dc4743c5663cdf.tar.bz2 openbsd-de8f24ea083384bb66b32ec105dc4743c5663cdf.zip | |
OpenSSL 0.9.4 merge
Diffstat (limited to 'src/lib/libssl/s3_pkt.c')
| -rw-r--r-- | src/lib/libssl/s3_pkt.c | 160 |
1 files changed, 70 insertions, 90 deletions
diff --git a/src/lib/libssl/s3_pkt.c b/src/lib/libssl/s3_pkt.c index 2385080347..7893d03123 100644 --- a/src/lib/libssl/s3_pkt.c +++ b/src/lib/libssl/s3_pkt.c | |||
| @@ -59,49 +59,19 @@ | |||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include <errno.h> | 60 | #include <errno.h> |
| 61 | #define USE_SOCKETS | 61 | #define USE_SOCKETS |
| 62 | #include "evp.h" | 62 | #include <openssl/evp.h> |
| 63 | #include "buffer.h" | 63 | #include <openssl/buffer.h> |
| 64 | #include "ssl_locl.h" | 64 | #include "ssl_locl.h" |
| 65 | 65 | ||
| 66 | /* SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_PEER_ERROR_NO_CIPHER); | 66 | static int do_ssl3_write(SSL *s, int type, const unsigned char *buf, |
| 67 | * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_PEER_ERROR_NO_CERTIFICATE); | 67 | unsigned int len); |
| 68 | * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_PEER_ERROR_CERTIFICATE); | 68 | static int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, |
| 69 | * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE); | 69 | unsigned int len); |
| 70 | * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_UNKNOWN_REMOTE_ERROR_TYPE); | ||
| 71 | * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE); | ||
| 72 | * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_BAD_RECORD_MAC); | ||
| 73 | * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE); | ||
| 74 | * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE); | ||
| 75 | * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_NO_CERTIFICATE); | ||
| 76 | * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_BAD_CERTIFICATE); | ||
| 77 | * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE); | ||
| 78 | * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED); | ||
| 79 | * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED); | ||
| 80 | * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN); | ||
| 81 | * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER); | ||
| 82 | */ | ||
| 83 | |||
| 84 | #ifndef NOPROTO | ||
| 85 | static int do_ssl3_write(SSL *s, int type, char *buf, unsigned int len); | ||
| 86 | static int ssl3_write_pending(SSL *s, int type, char *buf, unsigned int len); | ||
| 87 | static int ssl3_get_record(SSL *s); | 70 | static int ssl3_get_record(SSL *s); |
| 88 | static int do_compress(SSL *ssl); | 71 | static int do_compress(SSL *ssl); |
| 89 | static int do_uncompress(SSL *ssl); | 72 | static int do_uncompress(SSL *ssl); |
| 90 | static int do_change_cipher_spec(SSL *ssl); | 73 | static int do_change_cipher_spec(SSL *ssl); |
| 91 | #else | 74 | static int ssl3_read_n(SSL *s, int n, int max, int extend) |
| 92 | static int do_ssl3_write(); | ||
| 93 | static int ssl3_write_pending(); | ||
| 94 | static int ssl3_get_record(); | ||
| 95 | static int do_compress(); | ||
| 96 | static int do_uncompress(); | ||
| 97 | static int do_change_cipher_spec(); | ||
| 98 | #endif | ||
| 99 | |||
| 100 | static int ssl3_read_n(s,n,max,extend) | ||
| 101 | SSL *s; | ||
| 102 | int n; | ||
| 103 | int max; | ||
| 104 | int extend; | ||
| 105 | { | 75 | { |
| 106 | int i,off,newb; | 76 | int i,off,newb; |
| 107 | 77 | ||
| @@ -210,10 +180,8 @@ int extend; | |||
| 210 | * ssl->s3->rrec.data, - data | 180 | * ssl->s3->rrec.data, - data |
| 211 | * ssl->s3->rrec.length, - number of bytes | 181 | * ssl->s3->rrec.length, - number of bytes |
| 212 | */ | 182 | */ |
| 213 | static int ssl3_get_record(s) | 183 | static int ssl3_get_record(SSL *s) |
| 214 | SSL *s; | ||
| 215 | { | 184 | { |
| 216 | char tmp_buf[512]; | ||
| 217 | int ssl_major,ssl_minor,al; | 185 | int ssl_major,ssl_minor,al; |
| 218 | int n,i,ret= -1; | 186 | int n,i,ret= -1; |
| 219 | SSL3_BUFFER *rb; | 187 | SSL3_BUFFER *rb; |
| @@ -331,7 +299,6 @@ again: | |||
| 331 | 299 | ||
| 332 | /* decrypt in place in 'rr->input' */ | 300 | /* decrypt in place in 'rr->input' */ |
| 333 | rr->data=rr->input; | 301 | rr->data=rr->input; |
| 334 | memcpy(tmp_buf,rr->input,(rr->length > 512)?512:rr->length); | ||
| 335 | 302 | ||
| 336 | if (!s->method->ssl3_enc->enc(s,0)) | 303 | if (!s->method->ssl3_enc->enc(s,0)) |
| 337 | { | 304 | { |
| @@ -340,7 +307,7 @@ again: | |||
| 340 | } | 307 | } |
| 341 | #ifdef TLS_DEBUG | 308 | #ifdef TLS_DEBUG |
| 342 | printf("dec %d\n",rr->length); | 309 | printf("dec %d\n",rr->length); |
| 343 | { int z; for (z=0; z<rr->length; z++) printf("%02X%c",rr->data[z],((z+1)%16)?' ':'\n'); } | 310 | { unsigned int z; for (z=0; z<rr->length; z++) printf("%02X%c",rr->data[z],((z+1)%16)?' ':'\n'); } |
| 344 | printf("\n"); | 311 | printf("\n"); |
| 345 | #endif | 312 | #endif |
| 346 | /* r->length is now the compressed data plus mac */ | 313 | /* r->length is now the compressed data plus mac */ |
| @@ -378,7 +345,7 @@ printf("\n"); | |||
| 378 | } | 345 | } |
| 379 | 346 | ||
| 380 | /* r->length is now just compressed */ | 347 | /* r->length is now just compressed */ |
| 381 | if ((sess != NULL) && (sess->read_compression != NULL)) | 348 | if (s->expand != NULL) |
| 382 | { | 349 | { |
| 383 | if (rr->length > | 350 | if (rr->length > |
| 384 | (unsigned int)SSL3_RT_MAX_COMPRESSED_LENGTH+extra) | 351 | (unsigned int)SSL3_RT_MAX_COMPRESSED_LENGTH+extra) |
| @@ -424,27 +391,47 @@ err: | |||
| 424 | return(ret); | 391 | return(ret); |
| 425 | } | 392 | } |
| 426 | 393 | ||
| 427 | static int do_uncompress(ssl) | 394 | static int do_uncompress(SSL *ssl) |
| 428 | SSL *ssl; | ||
| 429 | { | 395 | { |
| 396 | int i; | ||
| 397 | SSL3_RECORD *rr; | ||
| 398 | |||
| 399 | rr= &(ssl->s3->rrec); | ||
| 400 | i=COMP_expand_block(ssl->expand,rr->comp, | ||
| 401 | SSL3_RT_MAX_PLAIN_LENGTH,rr->data,(int)rr->length); | ||
| 402 | if (i < 0) | ||
| 403 | return(0); | ||
| 404 | else | ||
| 405 | rr->length=i; | ||
| 406 | rr->data=rr->comp; | ||
| 407 | |||
| 430 | return(1); | 408 | return(1); |
| 431 | } | 409 | } |
| 432 | 410 | ||
| 433 | static int do_compress(ssl) | 411 | static int do_compress(SSL *ssl) |
| 434 | SSL *ssl; | ||
| 435 | { | 412 | { |
| 413 | int i; | ||
| 414 | SSL3_RECORD *wr; | ||
| 415 | |||
| 416 | wr= &(ssl->s3->wrec); | ||
| 417 | i=COMP_compress_block(ssl->compress,wr->data, | ||
| 418 | SSL3_RT_MAX_COMPRESSED_LENGTH, | ||
| 419 | wr->input,(int)wr->length); | ||
| 420 | if (i < 0) | ||
| 421 | return(0); | ||
| 422 | else | ||
| 423 | wr->length=i; | ||
| 424 | |||
| 425 | wr->input=wr->data; | ||
| 436 | return(1); | 426 | return(1); |
| 437 | } | 427 | } |
| 438 | 428 | ||
| 439 | /* Call this to write data | 429 | /* Call this to write data |
| 440 | * It will return <= 0 if not all data has been sent or non-blocking IO. | 430 | * It will return <= 0 if not all data has been sent or non-blocking IO. |
| 441 | */ | 431 | */ |
| 442 | int ssl3_write_bytes(s,type,buf,len) | 432 | int ssl3_write_bytes(SSL *s, int type, const void *_buf, int len) |
| 443 | SSL *s; | ||
| 444 | int type; | ||
| 445 | char *buf; | ||
| 446 | int len; | ||
| 447 | { | 433 | { |
| 434 | const unsigned char *buf=_buf; | ||
| 448 | unsigned int tot,n,nw; | 435 | unsigned int tot,n,nw; |
| 449 | int i; | 436 | int i; |
| 450 | 437 | ||
| @@ -479,20 +466,22 @@ int len; | |||
| 479 | } | 466 | } |
| 480 | 467 | ||
| 481 | if (type == SSL3_RT_HANDSHAKE) | 468 | if (type == SSL3_RT_HANDSHAKE) |
| 482 | ssl3_finish_mac(s,(unsigned char *)&(buf[tot]),i); | 469 | ssl3_finish_mac(s,&(buf[tot]),i); |
| 483 | 470 | ||
| 484 | if (i == (int)n) return(tot+i); | 471 | if ((i == (int)n) || |
| 472 | (type == SSL3_RT_APPLICATION_DATA && | ||
| 473 | (s->mode & SSL_MODE_ENABLE_PARTIAL_WRITE))) | ||
| 474 | { | ||
| 475 | return(tot+i); | ||
| 476 | } | ||
| 485 | 477 | ||
| 486 | n-=i; | 478 | n-=i; |
| 487 | tot+=i; | 479 | tot+=i; |
| 488 | } | 480 | } |
| 489 | } | 481 | } |
| 490 | 482 | ||
| 491 | static int do_ssl3_write(s,type,buf,len) | 483 | static int do_ssl3_write(SSL *s, int type, const unsigned char *buf, |
| 492 | SSL *s; | 484 | unsigned int len) |
| 493 | int type; | ||
| 494 | char *buf; | ||
| 495 | unsigned int len; | ||
| 496 | { | 485 | { |
| 497 | unsigned char *p,*plen; | 486 | unsigned char *p,*plen; |
| 498 | int i,mac_size,clear=0; | 487 | int i,mac_size,clear=0; |
| @@ -552,7 +541,7 @@ unsigned int len; | |||
| 552 | * wr->data */ | 541 | * wr->data */ |
| 553 | 542 | ||
| 554 | /* first we compress */ | 543 | /* first we compress */ |
| 555 | if ((sess != NULL) && (sess->write_compression != NULL)) | 544 | if (s->compress != NULL) |
| 556 | { | 545 | { |
| 557 | if (!do_compress(s)) | 546 | if (!do_compress(s)) |
| 558 | { | 547 | { |
| @@ -606,16 +595,15 @@ err: | |||
| 606 | } | 595 | } |
| 607 | 596 | ||
| 608 | /* if s->s3->wbuf.left != 0, we need to call this */ | 597 | /* if s->s3->wbuf.left != 0, we need to call this */ |
| 609 | static int ssl3_write_pending(s,type,buf,len) | 598 | static int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, |
| 610 | SSL *s; | 599 | unsigned int len) |
| 611 | int type; | ||
| 612 | char *buf; | ||
| 613 | unsigned int len; | ||
| 614 | { | 600 | { |
| 615 | int i; | 601 | int i; |
| 616 | 602 | ||
| 617 | /* XXXX */ | 603 | /* XXXX */ |
| 618 | if ((s->s3->wpend_tot > (int)len) || (s->s3->wpend_buf != buf) | 604 | if ((s->s3->wpend_tot > (int)len) |
| 605 | || ((s->s3->wpend_buf != buf) && | ||
| 606 | !(s->mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER)) | ||
| 619 | || (s->s3->wpend_type != type)) | 607 | || (s->s3->wpend_type != type)) |
| 620 | { | 608 | { |
| 621 | SSLerr(SSL_F_SSL3_WRITE_PENDING,SSL_R_BAD_WRITE_RETRY); | 609 | SSLerr(SSL_F_SSL3_WRITE_PENDING,SSL_R_BAD_WRITE_RETRY); |
| @@ -650,18 +638,14 @@ unsigned int len; | |||
| 650 | } | 638 | } |
| 651 | } | 639 | } |
| 652 | 640 | ||
| 653 | int ssl3_read_bytes(s,type,buf,len) | 641 | int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len) |
| 654 | SSL *s; | ||
| 655 | int type; | ||
| 656 | char *buf; | ||
| 657 | int len; | ||
| 658 | { | 642 | { |
| 659 | int al,i,j,n,ret; | 643 | int al,i,j,n,ret; |
| 660 | SSL3_RECORD *rr; | 644 | SSL3_RECORD *rr; |
| 661 | void (*cb)()=NULL; | 645 | void (*cb)()=NULL; |
| 662 | BIO *bio; | 646 | BIO *bio; |
| 663 | 647 | ||
| 664 | if (s->s3->rbuf.buf == NULL) /* Not initalised yet */ | 648 | if (s->s3->rbuf.buf == NULL) /* Not initialize yet */ |
| 665 | if (!ssl3_setup_buffers(s)) | 649 | if (!ssl3_setup_buffers(s)) |
| 666 | return(-1); | 650 | return(-1); |
| 667 | 651 | ||
| @@ -786,7 +770,8 @@ start: | |||
| 786 | 770 | ||
| 787 | s->rwstate=SSL_NOTHING; | 771 | s->rwstate=SSL_NOTHING; |
| 788 | s->s3->fatal_alert=n; | 772 | s->s3->fatal_alert=n; |
| 789 | SSLerr(SSL_F_SSL3_READ_BYTES,1000+n); | 773 | SSLerr(SSL_F_SSL3_READ_BYTES, |
| 774 | SSL_AD_REASON_OFFSET+n); | ||
| 790 | sprintf(tmp,"%d",n); | 775 | sprintf(tmp,"%d",n); |
| 791 | ERR_add_error_data(2,"SSL alert number ",tmp); | 776 | ERR_add_error_data(2,"SSL alert number ",tmp); |
| 792 | s->shutdown|=SSL_RECEIVED_SHUTDOWN; | 777 | s->shutdown|=SSL_RECEIVED_SHUTDOWN; |
| @@ -836,7 +821,9 @@ start: | |||
| 836 | if (((s->state&SSL_ST_MASK) == SSL_ST_OK) && | 821 | if (((s->state&SSL_ST_MASK) == SSL_ST_OK) && |
| 837 | !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)) | 822 | !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)) |
| 838 | { | 823 | { |
| 839 | s->state=SSL_ST_BEFORE; | 824 | s->state=SSL_ST_BEFORE|(s->server) |
| 825 | ?SSL_ST_ACCEPT | ||
| 826 | :SSL_ST_CONNECT; | ||
| 840 | s->new_session=1; | 827 | s->new_session=1; |
| 841 | } | 828 | } |
| 842 | n=s->handshake_func(s); | 829 | n=s->handshake_func(s); |
| @@ -937,7 +924,7 @@ start: | |||
| 937 | } | 924 | } |
| 938 | 925 | ||
| 939 | if (type == SSL3_RT_HANDSHAKE) | 926 | if (type == SSL3_RT_HANDSHAKE) |
| 940 | ssl3_finish_mac(s,(unsigned char *)buf,n); | 927 | ssl3_finish_mac(s,buf,n); |
| 941 | return(n); | 928 | return(n); |
| 942 | f_err: | 929 | f_err: |
| 943 | ssl3_send_alert(s,SSL3_AL_FATAL,al); | 930 | ssl3_send_alert(s,SSL3_AL_FATAL,al); |
| @@ -945,8 +932,7 @@ err: | |||
| 945 | return(-1); | 932 | return(-1); |
| 946 | } | 933 | } |
| 947 | 934 | ||
| 948 | static int do_change_cipher_spec(s) | 935 | static int do_change_cipher_spec(SSL *s) |
| 949 | SSL *s; | ||
| 950 | { | 936 | { |
| 951 | int i; | 937 | int i; |
| 952 | unsigned char *sender; | 938 | unsigned char *sender; |
| @@ -988,14 +974,12 @@ SSL *s; | |||
| 988 | return(1); | 974 | return(1); |
| 989 | } | 975 | } |
| 990 | 976 | ||
| 991 | int ssl3_do_write(s,type) | 977 | int ssl3_do_write(SSL *s, int type) |
| 992 | SSL *s; | ||
| 993 | int type; | ||
| 994 | { | 978 | { |
| 995 | int ret; | 979 | int ret; |
| 996 | 980 | ||
| 997 | ret=ssl3_write_bytes(s,type,(char *) | 981 | ret=ssl3_write_bytes(s,type,&s->init_buf->data[s->init_off], |
| 998 | &(s->init_buf->data[s->init_off]),s->init_num); | 982 | s->init_num); |
| 999 | if (ret == s->init_num) | 983 | if (ret == s->init_num) |
| 1000 | return(1); | 984 | return(1); |
| 1001 | if (ret < 0) return(-1); | 985 | if (ret < 0) return(-1); |
| @@ -1004,10 +988,7 @@ int type; | |||
| 1004 | return(0); | 988 | return(0); |
| 1005 | } | 989 | } |
| 1006 | 990 | ||
| 1007 | void ssl3_send_alert(s,level,desc) | 991 | void ssl3_send_alert(SSL *s, int level, int desc) |
| 1008 | SSL *s; | ||
| 1009 | int level; | ||
| 1010 | int desc; | ||
| 1011 | { | 992 | { |
| 1012 | /* Map tls/ssl alert value to correct one */ | 993 | /* Map tls/ssl alert value to correct one */ |
| 1013 | desc=s->method->ssl3_enc->alert_value(desc); | 994 | desc=s->method->ssl3_enc->alert_value(desc); |
| @@ -1025,14 +1006,13 @@ int desc; | |||
| 1025 | * some time in the future */ | 1006 | * some time in the future */ |
| 1026 | } | 1007 | } |
| 1027 | 1008 | ||
| 1028 | int ssl3_dispatch_alert(s) | 1009 | int ssl3_dispatch_alert(SSL *s) |
| 1029 | SSL *s; | ||
| 1030 | { | 1010 | { |
| 1031 | int i,j; | 1011 | int i,j; |
| 1032 | void (*cb)()=NULL; | 1012 | void (*cb)()=NULL; |
| 1033 | 1013 | ||
| 1034 | s->s3->alert_dispatch=0; | 1014 | s->s3->alert_dispatch=0; |
| 1035 | i=do_ssl3_write(s,SSL3_RT_ALERT,&(s->s3->send_alert[0]),2); | 1015 | i=do_ssl3_write(s,SSL3_RT_ALERT,&s->s3->send_alert[0],2); |
| 1036 | if (i <= 0) | 1016 | if (i <= 0) |
| 1037 | { | 1017 | { |
| 1038 | s->s3->alert_dispatch=1; | 1018 | s->s3->alert_dispatch=1; |
| @@ -1043,7 +1023,7 @@ SSL *s; | |||
| 1043 | * does not get sent due to non-blocking IO, we will | 1023 | * does not get sent due to non-blocking IO, we will |
| 1044 | * not worry too much. */ | 1024 | * not worry too much. */ |
| 1045 | if (s->s3->send_alert[0] == SSL3_AL_FATAL) | 1025 | if (s->s3->send_alert[0] == SSL3_AL_FATAL) |
| 1046 | BIO_flush(s->wbio); | 1026 | (void)BIO_flush(s->wbio); |
| 1047 | 1027 | ||
| 1048 | if (s->info_callback != NULL) | 1028 | if (s->info_callback != NULL) |
| 1049 | cb=s->info_callback; | 1029 | cb=s->info_callback; |