summaryrefslogtreecommitdiff
path: root/src/lib/libssl/s3_both.c
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--src/lib/libssl/s3_both.c74
1 files changed, 55 insertions, 19 deletions
diff --git a/src/lib/libssl/s3_both.c b/src/lib/libssl/s3_both.c
index 10d8d3b15a..58a24cd883 100644
--- a/src/lib/libssl/s3_both.c
+++ b/src/lib/libssl/s3_both.c
@@ -56,7 +56,7 @@
56 * [including the GNU Public Licence.] 56 * [including the GNU Public Licence.]
57 */ 57 */
58/* ==================================================================== 58/* ====================================================================
59 * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. 59 * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
60 * 60 *
61 * Redistribution and use in source and binary forms, with or without 61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions 62 * modification, are permitted provided that the following conditions
@@ -109,6 +109,7 @@
109 * 109 *
110 */ 110 */
111 111
112#include <limits.h>
112#include <string.h> 113#include <string.h>
113#include <stdio.h> 114#include <stdio.h>
114#include <openssl/buffer.h> 115#include <openssl/buffer.h>
@@ -118,7 +119,7 @@
118#include <openssl/x509.h> 119#include <openssl/x509.h>
119#include "ssl_locl.h" 120#include "ssl_locl.h"
120 121
121/* send s->init_buf in records of type 'type' */ 122/* send s->init_buf in records of type 'type' (SSL3_RT_HANDSHAKE or SSL3_RT_CHANGE_CIPHER_SPEC) */
122int ssl3_do_write(SSL *s, int type) 123int ssl3_do_write(SSL *s, int type)
123 { 124 {
124 int ret; 125 int ret;
@@ -132,7 +133,11 @@ int ssl3_do_write(SSL *s, int type)
132 ssl3_finish_mac(s,(unsigned char *)&s->init_buf->data[s->init_off],ret); 133 ssl3_finish_mac(s,(unsigned char *)&s->init_buf->data[s->init_off],ret);
133 134
134 if (ret == s->init_num) 135 if (ret == s->init_num)
136 {
137 if (s->msg_callback)
138 s->msg_callback(1, s->version, type, s->init_buf->data, (size_t)(s->init_off + s->init_num), s, s->msg_callback_arg);
135 return(1); 139 return(1);
140 }
136 s->init_off+=ret; 141 s->init_off+=ret;
137 s->init_num-=ret; 142 s->init_num-=ret;
138 return(0); 143 return(0);
@@ -158,7 +163,7 @@ int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen)
158 p+=i; 163 p+=i;
159 l=i; 164 l=i;
160 165
161#ifdef WIN16 166#ifdef OPENSSL_SYS_WIN16
162 /* MSVC 1.5 does not clear the top bytes of the word unless 167 /* MSVC 1.5 does not clear the top bytes of the word unless
163 * I do this. 168 * I do this.
164 */ 169 */
@@ -205,7 +210,7 @@ int ssl3_get_finished(SSL *s, int a, int b)
205 } 210 }
206 s->s3->change_cipher_spec=0; 211 s->s3->change_cipher_spec=0;
207 212
208 p = (unsigned char *)s->init_buf->data; 213 p = (unsigned char *)s->init_msg;
209 i = s->s3->tmp.peer_finish_md_len; 214 i = s->s3->tmp.peer_finish_md_len;
210 215
211 if (i != n) 216 if (i != n)
@@ -272,7 +277,11 @@ unsigned long ssl3_output_cert_chain(SSL *s, X509 *x)
272 } 277 }
273 if (x != NULL) 278 if (x != NULL)
274 { 279 {
275 X509_STORE_CTX_init(&xs_ctx,s->ctx->cert_store,NULL,NULL); 280 if(!X509_STORE_CTX_init(&xs_ctx,s->ctx->cert_store,NULL,NULL))
281 {
282 SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_X509_LIB);
283 return(0);
284 }
276 285
277 for (;;) 286 for (;;)
278 { 287 {
@@ -351,7 +360,9 @@ long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
351 goto f_err; 360 goto f_err;
352 } 361 }
353 *ok=1; 362 *ok=1;
354 return((int)s->s3->tmp.message_size); 363 s->init_msg = s->init_buf->data + 4;
364 s->init_num = (int)s->s3->tmp.message_size;
365 return s->init_num;
355 } 366 }
356 367
357 p=(unsigned char *)s->init_buf->data; 368 p=(unsigned char *)s->init_buf->data;
@@ -383,7 +394,13 @@ long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
383 * if their format is correct. Does not count for 394 * if their format is correct. Does not count for
384 * 'Finished' MAC. */ 395 * 'Finished' MAC. */
385 if (p[1] == 0 && p[2] == 0 &&p[3] == 0) 396 if (p[1] == 0 && p[2] == 0 &&p[3] == 0)
397 {
398 s->init_num = 0;
386 skip_message = 1; 399 skip_message = 1;
400
401 if (s->msg_callback)
402 s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, p, 4, s, s->msg_callback_arg);
403 }
387 } 404 }
388 while (skip_message); 405 while (skip_message);
389 406
@@ -407,8 +424,6 @@ long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
407 ssl3_init_finished_mac(s); 424 ssl3_init_finished_mac(s);
408 } 425 }
409 426
410 ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, 4);
411
412 s->s3->tmp.message_type= *(p++); 427 s->s3->tmp.message_type= *(p++);
413 428
414 n2l3(p,l); 429 n2l3(p,l);
@@ -418,7 +433,13 @@ long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
418 SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_EXCESSIVE_MESSAGE_SIZE); 433 SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_EXCESSIVE_MESSAGE_SIZE);
419 goto f_err; 434 goto f_err;
420 } 435 }
421 if (l && !BUF_MEM_grow(s->init_buf,(int)l)) 436 if (l > (INT_MAX-4)) /* BUF_MEM_grow takes an 'int' parameter */
437 {
438 al=SSL_AD_ILLEGAL_PARAMETER;
439 SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_EXCESSIVE_MESSAGE_SIZE);
440 goto f_err;
441 }
442 if (l && !BUF_MEM_grow(s->init_buf,(int)l+4))
422 { 443 {
423 SSLerr(SSL_F_SSL3_GET_MESSAGE,ERR_R_BUF_LIB); 444 SSLerr(SSL_F_SSL3_GET_MESSAGE,ERR_R_BUF_LIB);
424 goto err; 445 goto err;
@@ -426,12 +447,13 @@ long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
426 s->s3->tmp.message_size=l; 447 s->s3->tmp.message_size=l;
427 s->state=stn; 448 s->state=stn;
428 449
429 s->init_num=0; 450 s->init_msg = s->init_buf->data + 4;
451 s->init_num = 0;
430 } 452 }
431 453
432 /* next state (stn) */ 454 /* next state (stn) */
433 p=(unsigned char *)s->init_buf->data; 455 p = s->init_msg;
434 n=s->s3->tmp.message_size; 456 n = s->s3->tmp.message_size - s->init_num;
435 while (n > 0) 457 while (n > 0)
436 { 458 {
437 i=ssl3_read_bytes(s,SSL3_RT_HANDSHAKE,&p[s->init_num],n,0); 459 i=ssl3_read_bytes(s,SSL3_RT_HANDSHAKE,&p[s->init_num],n,0);
@@ -444,7 +466,9 @@ long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
444 s->init_num += i; 466 s->init_num += i;
445 n -= i; 467 n -= i;
446 } 468 }
447 ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, s->init_num); 469 ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, s->init_num + 4);
470 if (s->msg_callback)
471 s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->init_buf->data, (size_t)s->init_num + 4, s, s->msg_callback_arg);
448 *ok=1; 472 *ok=1;
449 return s->init_num; 473 return s->init_num;
450f_err: 474f_err:
@@ -512,6 +536,7 @@ int ssl_verify_alarm_type(long type)
512 { 536 {
513 case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: 537 case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
514 case X509_V_ERR_UNABLE_TO_GET_CRL: 538 case X509_V_ERR_UNABLE_TO_GET_CRL:
539 case X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER:
515 al=SSL_AD_UNKNOWN_CA; 540 al=SSL_AD_UNKNOWN_CA;
516 break; 541 break;
517 case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE: 542 case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE:
@@ -523,6 +548,8 @@ int ssl_verify_alarm_type(long type)
523 case X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD: 548 case X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD:
524 case X509_V_ERR_CERT_NOT_YET_VALID: 549 case X509_V_ERR_CERT_NOT_YET_VALID:
525 case X509_V_ERR_CRL_NOT_YET_VALID: 550 case X509_V_ERR_CRL_NOT_YET_VALID:
551 case X509_V_ERR_CERT_UNTRUSTED:
552 case X509_V_ERR_CERT_REJECTED:
526 al=SSL_AD_BAD_CERTIFICATE; 553 al=SSL_AD_BAD_CERTIFICATE;
527 break; 554 break;
528 case X509_V_ERR_CERT_SIGNATURE_FAILURE: 555 case X509_V_ERR_CERT_SIGNATURE_FAILURE:
@@ -544,11 +571,16 @@ int ssl_verify_alarm_type(long type)
544 case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: 571 case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY:
545 case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: 572 case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE:
546 case X509_V_ERR_CERT_CHAIN_TOO_LONG: 573 case X509_V_ERR_CERT_CHAIN_TOO_LONG:
574 case X509_V_ERR_PATH_LENGTH_EXCEEDED:
575 case X509_V_ERR_INVALID_CA:
547 al=SSL_AD_UNKNOWN_CA; 576 al=SSL_AD_UNKNOWN_CA;
548 break; 577 break;
549 case X509_V_ERR_APPLICATION_VERIFICATION: 578 case X509_V_ERR_APPLICATION_VERIFICATION:
550 al=SSL_AD_HANDSHAKE_FAILURE; 579 al=SSL_AD_HANDSHAKE_FAILURE;
551 break; 580 break;
581 case X509_V_ERR_INVALID_PURPOSE:
582 al=SSL_AD_UNSUPPORTED_CERTIFICATE;
583 break;
552 default: 584 default:
553 al=SSL_AD_CERTIFICATE_UNKNOWN; 585 al=SSL_AD_CERTIFICATE_UNKNOWN;
554 break; 586 break;
@@ -560,6 +592,7 @@ int ssl3_setup_buffers(SSL *s)
560 { 592 {
561 unsigned char *p; 593 unsigned char *p;
562 unsigned int extra; 594 unsigned int extra;
595 size_t len;
563 596
564 if (s->s3->rbuf.buf == NULL) 597 if (s->s3->rbuf.buf == NULL)
565 { 598 {
@@ -567,18 +600,21 @@ int ssl3_setup_buffers(SSL *s)
567 extra=SSL3_RT_MAX_EXTRA; 600 extra=SSL3_RT_MAX_EXTRA;
568 else 601 else
569 extra=0; 602 extra=0;
570 if ((p=OPENSSL_malloc(SSL3_RT_MAX_PACKET_SIZE+extra)) 603 len = SSL3_RT_MAX_PACKET_SIZE + extra;
571 == NULL) 604 if ((p=OPENSSL_malloc(len)) == NULL)
572 goto err; 605 goto err;
573 s->s3->rbuf.buf=p; 606 s->s3->rbuf.buf = p;
607 s->s3->rbuf.len = len;
574 } 608 }
575 609
576 if (s->s3->wbuf.buf == NULL) 610 if (s->s3->wbuf.buf == NULL)
577 { 611 {
578 if ((p=OPENSSL_malloc(SSL3_RT_MAX_PACKET_SIZE)) 612 len = SSL3_RT_MAX_PACKET_SIZE;
579 == NULL) 613 len += SSL3_RT_HEADER_LENGTH + 256; /* extra space for empty fragment */
614 if ((p=OPENSSL_malloc(len)) == NULL)
580 goto err; 615 goto err;
581 s->s3->wbuf.buf=p; 616 s->s3->wbuf.buf = p;
617 s->s3->wbuf.len = len;
582 } 618 }
583 s->packet= &(s->s3->rbuf.buf[0]); 619 s->packet= &(s->s3->rbuf.buf[0]);
584 return(1); 620 return(1);
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-10-23 23:44:32 +0000