summaryrefslogtreecommitdiff
path: root/src/lib/libssl/s3_pkt.c
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--src/lib/libssl/s3_pkt.c761
1 files changed, 457 insertions, 304 deletions
diff --git a/src/lib/libssl/s3_pkt.c b/src/lib/libssl/s3_pkt.c
index 7893d03123..eb965310d9 100644
--- a/src/lib/libssl/s3_pkt.c
+++ b/src/lib/libssl/s3_pkt.c
@@ -55,6 +55,59 @@
55 * copied and put under another distribution licence 55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.] 56 * [including the GNU Public Licence.]
57 */ 57 */
58/* ====================================================================
59 * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
58 111
59#include <stdio.h> 112#include <stdio.h>
60#include <errno.h> 113#include <errno.h>
@@ -71,104 +124,98 @@ static int ssl3_get_record(SSL *s);
71static int do_compress(SSL *ssl); 124static int do_compress(SSL *ssl);
72static int do_uncompress(SSL *ssl); 125static int do_uncompress(SSL *ssl);
73static int do_change_cipher_spec(SSL *ssl); 126static int do_change_cipher_spec(SSL *ssl);
127
128/* used only by ssl3_get_record */
74static int ssl3_read_n(SSL *s, int n, int max, int extend) 129static int ssl3_read_n(SSL *s, int n, int max, int extend)
75 { 130 {
131 /* If extend == 0, obtain new n-byte packet; if extend == 1, increase
132 * packet by another n bytes.
133 * The packet will be in the sub-array of s->s3->rbuf.buf specified
134 * by s->packet and s->packet_length.
135 * (If s->read_ahead is set, 'max' bytes may be stored in rbuf
136 * [plus s->packet_length bytes if extend == 1].)
137 */
76 int i,off,newb; 138 int i,off,newb;
77 139
78 /* if there is stuff still in the buffer from a previous read, 140 if (!extend)
79 * and there is more than we want, take some. */ 141 {
142 /* start with empty packet ... */
143 if (s->s3->rbuf.left == 0)
144 s->s3->rbuf.offset = 0;
145 s->packet = s->s3->rbuf.buf + s->s3->rbuf.offset;
146 s->packet_length = 0;
147 /* ... now we can act as if 'extend' was set */
148 }
149
150 /* if there is enough in the buffer from a previous read, take some */
80 if (s->s3->rbuf.left >= (int)n) 151 if (s->s3->rbuf.left >= (int)n)
81 { 152 {
82 if (extend) 153 s->packet_length+=n;
83 s->packet_length+=n;
84 else
85 {
86 s->packet= &(s->s3->rbuf.buf[s->s3->rbuf.offset]);
87 s->packet_length=n;
88 }
89 s->s3->rbuf.left-=n; 154 s->s3->rbuf.left-=n;
90 s->s3->rbuf.offset+=n; 155 s->s3->rbuf.offset+=n;
91 return(n); 156 return(n);
92 } 157 }
93 158
94 /* else we need to read more data */ 159 /* else we need to read more data */
95 if (!s->read_ahead) max=n; 160 if (!s->read_ahead)
96 if (max > SSL3_RT_MAX_PACKET_SIZE) 161 max=n;
97 max=SSL3_RT_MAX_PACKET_SIZE;
98
99 /* First check if there is some left or we want to extend */
100 off=0;
101 if ( (s->s3->rbuf.left != 0) ||
102 ((s->packet_length != 0) && extend))
103 {
104 newb=s->s3->rbuf.left;
105 if (extend)
106 {
107 /* Copy bytes back to the front of the buffer
108 * Take the bytes already pointed to by 'packet'
109 * and take the extra ones on the end. */
110 off=s->packet_length;
111 if (s->packet != s->s3->rbuf.buf)
112 memcpy(s->s3->rbuf.buf,s->packet,newb+off);
113 }
114 else if (s->s3->rbuf.offset != 0)
115 { /* so the data is not at the start of the buffer */
116 memcpy(s->s3->rbuf.buf,
117 &(s->s3->rbuf.buf[s->s3->rbuf.offset]),newb);
118 s->s3->rbuf.offset=0;
119 }
120 162
121 s->s3->rbuf.left=0; 163 {
164 /* avoid buffer overflow */
165 int max_max = SSL3_RT_MAX_PACKET_SIZE - s->packet_length;
166 if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER)
167 max_max += SSL3_RT_MAX_EXTRA;
168 if (max > max_max)
169 max = max_max;
170 }
171 if (n > max) /* does not happen */
172 {
173 SSLerr(SSL_F_SSL3_READ_N,SSL_R_INTERNAL_ERROR);
174 return -1;
122 } 175 }
123 else
124 newb=0;
125 176
126 /* So we now have 'newb' bytes at the front of 177 off = s->packet_length;
127 * s->s3->rbuf.buf and need to read some more in on the end 178 newb = s->s3->rbuf.left;
128 * We start reading into the buffer at 's->s3->rbuf.offset' 179 /* Move any available bytes to front of buffer:
129 */ 180 * 'off' bytes already pointed to by 'packet',
130 s->packet=s->s3->rbuf.buf; 181 * 'newb' extra ones at the end */
182 if (s->packet != s->s3->rbuf.buf)
183 {
184 /* off > 0 */
185 memmove(s->s3->rbuf.buf, s->packet, off+newb);
186 s->packet = s->s3->rbuf.buf;
187 }
131 188
132 while (newb < n) 189 while (newb < n)
133 { 190 {
191 /* Now we have off+newb bytes at the front of s->s3->rbuf.buf and need
192 * to read in more until we have off+n (up to off+max if possible) */
193
134 clear_sys_error(); 194 clear_sys_error();
135 if (s->rbio != NULL) 195 if (s->rbio != NULL)
136 { 196 {
137 s->rwstate=SSL_READING; 197 s->rwstate=SSL_READING;
138 i=BIO_read(s->rbio, 198 i=BIO_read(s->rbio, &(s->s3->rbuf.buf[off+newb]), max-newb);
139 (char *)&(s->s3->rbuf.buf[off+newb]),
140 max-newb);
141 } 199 }
142 else 200 else
143 { 201 {
144 SSLerr(SSL_F_SSL3_READ_N,SSL_R_READ_BIO_NOT_SET); 202 SSLerr(SSL_F_SSL3_READ_N,SSL_R_READ_BIO_NOT_SET);
145 i= -1; 203 i = -1;
146 } 204 }
147 205
148 if (i <= 0) 206 if (i <= 0)
149 { 207 {
150 s->s3->rbuf.left+=newb; 208 s->s3->rbuf.left = newb;
151 return(i); 209 return(i);
152 } 210 }
153 newb+=i; 211 newb+=i;
154 } 212 }
155 213
156 /* record used data read */ 214 /* done reading, now the book-keeping */
157 if (newb > n) 215 s->s3->rbuf.offset = off + n;
158 { 216 s->s3->rbuf.left = newb - n;
159 s->s3->rbuf.offset=n+off; 217 s->packet_length += n;
160 s->s3->rbuf.left=newb-n; 218 s->rwstate=SSL_NOTHING;
161 }
162 else
163 {
164 s->s3->rbuf.offset=0;
165 s->s3->rbuf.left=0;
166 }
167
168 if (extend)
169 s->packet_length+=n;
170 else
171 s->packet_length+=n;
172 return(n); 219 return(n);
173 } 220 }
174 221
@@ -176,15 +223,15 @@ static int ssl3_read_n(SSL *s, int n, int max, int extend)
176 * It will return <= 0 if more data is needed, normally due to an error 223 * It will return <= 0 if more data is needed, normally due to an error
177 * or non-blocking IO. 224 * or non-blocking IO.
178 * When it finishes, one packet has been decoded and can be found in 225 * When it finishes, one packet has been decoded and can be found in
179 * ssl->s3->rrec.type - is the type of record 226 * ssl->s3->rrec.type - is the type of record
180 * ssl->s3->rrec.data, - data 227 * ssl->s3->rrec.data, - data
181 * ssl->s3->rrec.length, - number of bytes 228 * ssl->s3->rrec.length, - number of bytes
182 */ 229 */
230/* used only by ssl3_read_bytes */
183static int ssl3_get_record(SSL *s) 231static int ssl3_get_record(SSL *s)
184 { 232 {
185 int ssl_major,ssl_minor,al; 233 int ssl_major,ssl_minor,al;
186 int n,i,ret= -1; 234 int n,i,ret= -1;
187 SSL3_BUFFER *rb;
188 SSL3_RECORD *rr; 235 SSL3_RECORD *rr;
189 SSL_SESSION *sess; 236 SSL_SESSION *sess;
190 unsigned char *p; 237 unsigned char *p;
@@ -194,7 +241,6 @@ static int ssl3_get_record(SSL *s)
194 int clear=0,extra; 241 int clear=0,extra;
195 242
196 rr= &(s->s3->rrec); 243 rr= &(s->s3->rrec);
197 rb= &(s->s3->rbuf);
198 sess=s->session; 244 sess=s->session;
199 245
200 if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER) 246 if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER)
@@ -253,27 +299,26 @@ again:
253 goto f_err; 299 goto f_err;
254 } 300 }
255 301
256 s->rstate=SSL_ST_READ_BODY; 302 /* now s->rstate == SSL_ST_READ_BODY */
257 } 303 }
258 304
259 /* get and decode the data */ 305 /* s->rstate == SSL_ST_READ_BODY, get and decode the data */
260 if (s->rstate == SSL_ST_READ_BODY) 306
307 if (rr->length > (s->packet_length-SSL3_RT_HEADER_LENGTH))
261 { 308 {
262 if (rr->length > (s->packet_length-SSL3_RT_HEADER_LENGTH)) 309 /* now s->packet_length == SSL3_RT_HEADER_LENGTH */
263 { 310 i=rr->length;
264 i=rr->length; 311 n=ssl3_read_n(s,i,i,1);
265 /*-(s->packet_length-SSL3_RT_HEADER_LENGTH); */ 312 if (n <= 0) return(n); /* error or non-blocking io */
266 n=ssl3_read_n(s,i,i,1); 313 /* now n == rr->length,
267 if (n <= 0) return(n); /* error or non-blocking io */ 314 * and s->packet_length == SSL3_RT_HEADER_LENGTH + rr->length */
268 }
269 s->rstate=SSL_ST_READ_HEADER;
270 } 315 }
271 316
272 /* At this point, we have the data in s->packet and there should be 317 s->rstate=SSL_ST_READ_HEADER; /* set state for later operations */
273 * s->packet_length bytes, we must not 'overrun' this buffer :-)
274 * One of the following functions will copy the data from the
275 * s->packet buffer */
276 318
319 /* At this point, s->packet_length == SSL3_RT_HEADER_LNGTH + rr->length,
320 * and we have that many bytes in s->packet
321 */
277 rr->input= &(s->packet[SSL3_RT_HEADER_LENGTH]); 322 rr->input= &(s->packet[SSL3_RT_HEADER_LENGTH]);
278 323
279 /* ok, we can now read from 's->packet' data into 'rr' 324 /* ok, we can now read from 's->packet' data into 'rr'
@@ -283,13 +328,10 @@ again:
283 * When the data is 'copied' into the rr->data buffer, 328 * When the data is 'copied' into the rr->data buffer,
284 * rr->input will be pointed at the new buffer */ 329 * rr->input will be pointed at the new buffer */
285 330
286 /* Set the state for the following operations */
287 s->rstate=SSL_ST_READ_HEADER;
288
289 /* We now have - encrypted [ MAC [ compressed [ plain ] ] ] 331 /* We now have - encrypted [ MAC [ compressed [ plain ] ] ]
290 * rr->length bytes of encrypted compressed stuff. */ 332 * rr->length bytes of encrypted compressed stuff. */
291 333
292 /* check is not needed I belive */ 334 /* check is not needed I believe */
293 if (rr->length > (unsigned int)SSL3_RT_MAX_ENCRYPTED_LENGTH+extra) 335 if (rr->length > (unsigned int)SSL3_RT_MAX_ENCRYPTED_LENGTH+extra)
294 { 336 {
295 al=SSL_AD_RECORD_OVERFLOW; 337 al=SSL_AD_RECORD_OVERFLOW;
@@ -326,7 +368,7 @@ printf("\n");
326 SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_PRE_MAC_LENGTH_TOO_LONG); 368 SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_PRE_MAC_LENGTH_TOO_LONG);
327 goto f_err; 369 goto f_err;
328 } 370 }
329 /* check MAC for rr->input' */ 371 /* check the MAC for rr->input (it's in mac_size bytes at the tail) */
330 if (rr->length < mac_size) 372 if (rr->length < mac_size)
331 { 373 {
332 al=SSL_AD_DECODE_ERROR; 374 al=SSL_AD_DECODE_ERROR;
@@ -426,12 +468,12 @@ static int do_compress(SSL *ssl)
426 return(1); 468 return(1);
427 } 469 }
428 470
429/* Call this to write data 471/* Call this to write data in records of type 'type'
430 * It will return <= 0 if not all data has been sent or non-blocking IO. 472 * It will return <= 0 if not all data has been sent or non-blocking IO.
431 */ 473 */
432int ssl3_write_bytes(SSL *s, int type, const void *_buf, int len) 474int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len)
433 { 475 {
434 const unsigned char *buf=_buf; 476 const unsigned char *buf=buf_;
435 unsigned int tot,n,nw; 477 unsigned int tot,n,nw;
436 int i; 478 int i;
437 479
@@ -457,7 +499,7 @@ int ssl3_write_bytes(SSL *s, int type, const void *_buf, int len)
457 nw=SSL3_RT_MAX_PLAIN_LENGTH; 499 nw=SSL3_RT_MAX_PLAIN_LENGTH;
458 else 500 else
459 nw=n; 501 nw=n;
460 502
461 i=do_ssl3_write(s,type,&(buf[tot]),nw); 503 i=do_ssl3_write(s,type,&(buf[tot]),nw);
462 if (i <= 0) 504 if (i <= 0)
463 { 505 {
@@ -465,9 +507,6 @@ int ssl3_write_bytes(SSL *s, int type, const void *_buf, int len)
465 return(i); 507 return(i);
466 } 508 }
467 509
468 if (type == SSL3_RT_HANDSHAKE)
469 ssl3_finish_mac(s,&(buf[tot]),i);
470
471 if ((i == (int)n) || 510 if ((i == (int)n) ||
472 (type == SSL3_RT_APPLICATION_DATA && 511 (type == SSL3_RT_APPLICATION_DATA &&
473 (s->mode & SSL_MODE_ENABLE_PARTIAL_WRITE))) 512 (s->mode & SSL_MODE_ENABLE_PARTIAL_WRITE)))
@@ -503,8 +542,8 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
503 /* if it went, fall through and send more stuff */ 542 /* if it went, fall through and send more stuff */
504 } 543 }
505 544
506 if (len <= 0) return(len); 545 if (len == 0) return(len);
507 546
508 wr= &(s->s3->wrec); 547 wr= &(s->s3->wrec);
509 wb= &(s->s3->wbuf); 548 wb= &(s->s3->wbuf);
510 sess=s->session; 549 sess=s->session;
@@ -527,11 +566,11 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
527 566
528 *(p++)=(s->version>>8); 567 *(p++)=(s->version>>8);
529 *(p++)=s->version&0xff; 568 *(p++)=s->version&0xff;
530 569
531 /* record where we are to write out packet length */ 570 /* record where we are to write out packet length */
532 plen=p; 571 plen=p;
533 p+=2; 572 p+=2;
534 573
535 /* lets setup the record stuff. */ 574 /* lets setup the record stuff. */
536 wr->data=p; 575 wr->data=p;
537 wr->length=(int)len; 576 wr->length=(int)len;
@@ -638,19 +677,75 @@ static int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
638 } 677 }
639 } 678 }
640 679
680/* Return up to 'len' payload bytes received in 'type' records.
681 * 'type' is one of the following:
682 *
683 * - SSL3_RT_HANDSHAKE (when ssl3_get_message calls us)
684 * - SSL3_RT_APPLICATION_DATA (when ssl3_read calls us)
685 * - 0 (during a shutdown, no data has to be returned)
686 *
687 * If we don't have stored data to work from, read a SSL/TLS record first
688 * (possibly multiple records if we still don't have anything to return).
689 *
690 * This function must handle any surprises the peer may have for us, such as
691 * Alert records (e.g. close_notify), ChangeCipherSpec records (not really
692 * a surprise, but handled as if it were), or renegotiation requests.
693 * Also if record payloads contain fragments too small to process, we store
694 * them until there is enough for the respective protocol (the record protocol
695 * may use arbitrary fragmentation and even interleaving):
696 * Change cipher spec protocol
697 * just 1 byte needed, no need for keeping anything stored
698 * Alert protocol
699 * 2 bytes needed (AlertLevel, AlertDescription)
700 * Handshake protocol
701 * 4 bytes needed (HandshakeType, uint24 length) -- we just have
702 * to detect unexpected Client Hello and Hello Request messages
703 * here, anything else is handled by higher layers
704 * Application data protocol
705 * none of our business
706 */
641int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len) 707int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len)
642 { 708 {
643 int al,i,j,n,ret; 709 int al,i,j,ret;
710 unsigned int n;
644 SSL3_RECORD *rr; 711 SSL3_RECORD *rr;
645 void (*cb)()=NULL; 712 void (*cb)()=NULL;
646 BIO *bio;
647 713
648 if (s->s3->rbuf.buf == NULL) /* Not initialize yet */ 714 if (s->s3->rbuf.buf == NULL) /* Not initialized yet */
649 if (!ssl3_setup_buffers(s)) 715 if (!ssl3_setup_buffers(s))
650 return(-1); 716 return(-1);
651 717
718 if ((type != SSL3_RT_APPLICATION_DATA) && (type != SSL3_RT_HANDSHAKE) && type)
719 {
720 SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_INTERNAL_ERROR);
721 return -1;
722 }
723
724 if ((type == SSL3_RT_HANDSHAKE) && (s->s3->handshake_fragment_len > 0))
725 /* (partially) satisfy request from storage */
726 {
727 unsigned char *src = s->s3->handshake_fragment;
728 unsigned char *dst = buf;
729 unsigned int k;
730
731 n = 0;
732 while ((len > 0) && (s->s3->handshake_fragment_len > 0))
733 {
734 *dst++ = *src++;
735 len--; s->s3->handshake_fragment_len--;
736 n++;
737 }
738 /* move any remaining fragment bytes: */
739 for (k = 0; k < s->s3->handshake_fragment_len; k++)
740 s->s3->handshake_fragment[k] = *src++;
741 return n;
742 }
743
744 /* Now s->s3->handshake_fragment_len == 0 if type == SSL3_RT_HANDSHAKE. */
745
652 if (!s->in_handshake && SSL_in_init(s)) 746 if (!s->in_handshake && SSL_in_init(s))
653 { 747 {
748 /* type == SSL3_RT_APPLICATION_DATA */
654 i=s->handshake_func(s); 749 i=s->handshake_func(s);
655 if (i < 0) return(i); 750 if (i < 0) return(i);
656 if (i == 0) 751 if (i == 0)
@@ -662,11 +757,11 @@ int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len)
662start: 757start:
663 s->rwstate=SSL_NOTHING; 758 s->rwstate=SSL_NOTHING;
664 759
665 /* s->s3->rrec.type - is the type of record 760 /* s->s3->rrec.type - is the type of record
666 * s->s3->rrec.data, - data 761 * s->s3->rrec.data, - data
667 * s->s3->rrec.off, - ofset into 'data' for next read 762 * s->s3->rrec.off, - offset into 'data' for next read
668 * s->s3->rrec.length, - number of bytes. */ 763 * s->s3->rrec.length, - number of bytes. */
669 rr= &(s->s3->rrec); 764 rr = &(s->s3->rrec);
670 765
671 /* get new packet */ 766 /* get new packet */
672 if ((rr->length == 0) || (s->rstate == SSL_ST_READ_BODY)) 767 if ((rr->length == 0) || (s->rstate == SSL_ST_READ_BODY))
@@ -677,7 +772,9 @@ start:
677 772
678 /* we now have a packet which can be read and processed */ 773 /* we now have a packet which can be read and processed */
679 774
680 if (s->s3->change_cipher_spec && (rr->type != SSL3_RT_HANDSHAKE)) 775 if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec,
776 * reset by ssl3_get_finished */
777 && (rr->type != SSL3_RT_HANDSHAKE))
681 { 778 {
682 al=SSL_AD_UNEXPECTED_MESSAGE; 779 al=SSL_AD_UNEXPECTED_MESSAGE;
683 SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_DATA_BETWEEN_CCS_AND_FINISHED); 780 SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_DATA_BETWEEN_CCS_AND_FINISHED);
@@ -692,16 +789,98 @@ start:
692 return(0); 789 return(0);
693 } 790 }
694 791
695 /* Check for an incoming 'Client Request' message */ 792
696 if ((rr->type == SSL3_RT_HANDSHAKE) && (rr->length == 4) && 793 if (type == rr->type) /* SSL3_RT_APPLICATION_DATA or SSL3_RT_HANDSHAKE */
697 (rr->data[0] == SSL3_MT_CLIENT_REQUEST) && 794 {
795 /* make sure that we are not getting application data when we
796 * are doing a handshake for the first time */
797 if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) &&
798 (s->enc_read_ctx == NULL))
799 {
800 al=SSL_AD_UNEXPECTED_MESSAGE;
801 SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_APP_DATA_IN_HANDSHAKE);
802 goto f_err;
803 }
804
805 if (len <= 0) return(len);
806
807 if ((unsigned int)len > rr->length)
808 n = rr->length;
809 else
810 n = (unsigned int)len;
811
812 memcpy(buf,&(rr->data[rr->off]),n);
813 rr->length-=n;
814 rr->off+=n;
815 if (rr->length == 0)
816 {
817 s->rstate=SSL_ST_READ_HEADER;
818 rr->off=0;
819 }
820 return(n);
821 }
822
823
824 /* If we get here, then type != rr->type; if we have a handshake
825 * message, then it was unexpected (Hello Request or Client Hello). */
826
827 /* In case of record types for which we have 'fragment' storage,
828 * fill that so that we can process the data at a fixed place.
829 */
830 {
831 unsigned int dest_maxlen = 0;
832 unsigned char *dest = NULL;
833 unsigned int *dest_len = NULL;
834
835 if (rr->type == SSL3_RT_HANDSHAKE)
836 {
837 dest_maxlen = sizeof s->s3->handshake_fragment;
838 dest = s->s3->handshake_fragment;
839 dest_len = &s->s3->handshake_fragment_len;
840 }
841 else if (rr->type == SSL3_RT_ALERT)
842 {
843 dest_maxlen = sizeof s->s3->alert_fragment;
844 dest = s->s3->alert_fragment;
845 dest_len = &s->s3->alert_fragment_len;
846 }
847
848 if (dest_maxlen > 0)
849 {
850 n = dest_maxlen - *dest_len; /* available space in 'dest' */
851 if (rr->length < n)
852 n = rr->length; /* available bytes */
853
854 /* now move 'n' bytes: */
855 while (n-- > 0)
856 {
857 dest[(*dest_len)++] = rr->data[rr->off++];
858 rr->length--;
859 }
860
861 if (*dest_len < dest_maxlen)
862 goto start; /* fragment was too small */
863 }
864 }
865
866 /* s->s3->handshake_fragment_len == 4 iff rr->type == SSL3_RT_HANDSHAKE;
867 * s->s3->alert_fragment_len == 2 iff rr->type == SSL3_RT_ALERT.
868 * (Possibly rr is 'empty' now, i.e. rr->length may be 0.) */
869
870 /* If we are a client, check for an incoming 'Hello Request': */
871 if ((!s->server) &&
872 (s->s3->handshake_fragment_len >= 4) &&
873 (s->s3->handshake_fragment[0] == SSL3_MT_HELLO_REQUEST) &&
698 (s->session != NULL) && (s->session->cipher != NULL)) 874 (s->session != NULL) && (s->session->cipher != NULL))
699 { 875 {
700 if ((rr->data[1] != 0) || (rr->data[2] != 0) || 876 s->s3->handshake_fragment_len = 0;
701 (rr->data[3] != 0)) 877
878 if ((s->s3->handshake_fragment[1] != 0) ||
879 (s->s3->handshake_fragment[2] != 0) ||
880 (s->s3->handshake_fragment[3] != 0))
702 { 881 {
703 al=SSL_AD_DECODE_ERROR; 882 al=SSL_AD_DECODE_ERROR;
704 SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_BAD_CLIENT_REQUEST); 883 SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_BAD_HELLO_REQUEST);
705 goto err; 884 goto err;
706 } 885 }
707 886
@@ -712,220 +891,209 @@ start:
712 ssl3_renegotiate(s); 891 ssl3_renegotiate(s);
713 if (ssl3_renegotiate_check(s)) 892 if (ssl3_renegotiate_check(s))
714 { 893 {
715 n=s->handshake_func(s); 894 i=s->handshake_func(s);
716 if (n < 0) return(n); 895 if (i < 0) return(i);
717 if (n == 0) 896 if (i == 0)
718 { 897 {
719 SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE); 898 SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE);
720 return(-1); 899 return(-1);
721 } 900 }
901
902 if (s->s3->rbuf.left == 0) /* no read-ahead left? */
903 {
904 BIO *bio;
905 /* In the case where we try to read application data
906 * the first time, but we trigger an SSL handshake, we
907 * return -1 with the retry option set. I do this
908 * otherwise renegotiation can cause nasty problems
909 * in the blocking world */ /* ? */
910 s->rwstate=SSL_READING;
911 bio=SSL_get_rbio(s);
912 BIO_clear_retry_flags(bio);
913 BIO_set_retry_read(bio);
914 return(-1);
915 }
722 } 916 }
723 } 917 }
724 rr->length=0; 918 /* we either finished a handshake or ignored the request,
725/* ZZZ */ goto start; 919 * now try again to obtain the (application) data we were asked for */
920 goto start;
726 } 921 }
727 922
728 /* if it is not the type we want, or we have shutdown and want 923 if (s->s3->alert_fragment_len >= 2)
729 * the peer shutdown */
730 if ((rr->type != type) || (s->shutdown & SSL_SENT_SHUTDOWN))
731 { 924 {
732 if (rr->type == SSL3_RT_ALERT) 925 int alert_level = s->s3->alert_fragment[0];
733 { 926 int alert_descr = s->s3->alert_fragment[1];
734 if ((rr->length != 2) || (rr->off != 0))
735 {
736 al=SSL_AD_DECODE_ERROR;
737 SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_BAD_ALERT_RECORD);
738 goto f_err;
739 }
740 927
741 i=rr->data[0]; 928 s->s3->alert_fragment_len = 0;
742 n=rr->data[1];
743 929
744 /* clear from buffer */ 930 if (s->info_callback != NULL)
745 rr->length=0; 931 cb=s->info_callback;
746 932 else if (s->ctx->info_callback != NULL)
747 if (s->info_callback != NULL) 933 cb=s->ctx->info_callback;
748 cb=s->info_callback;
749 else if (s->ctx->info_callback != NULL)
750 cb=s->ctx->info_callback;
751 934
752 if (cb != NULL) 935 if (cb != NULL)
753 { 936 {
754 j=(i<<8)|n; 937 j = (alert_level << 8) | alert_descr;
755 cb(s,SSL_CB_READ_ALERT,j); 938 cb(s, SSL_CB_READ_ALERT, j);
756 } 939 }
757 940
758 if (i == 1) 941 if (alert_level == 1) /* warning */
759 { 942 {
760 s->s3->warn_alert=n; 943 s->s3->warn_alert = alert_descr;
761 if (n == SSL_AD_CLOSE_NOTIFY) 944 if (alert_descr == SSL_AD_CLOSE_NOTIFY)
762 {
763 s->shutdown|=SSL_RECEIVED_SHUTDOWN;
764 return(0);
765 }
766 }
767 else if (i == 2)
768 { 945 {
769 char tmp[16]; 946 s->shutdown |= SSL_RECEIVED_SHUTDOWN;
770
771 s->rwstate=SSL_NOTHING;
772 s->s3->fatal_alert=n;
773 SSLerr(SSL_F_SSL3_READ_BYTES,
774 SSL_AD_REASON_OFFSET+n);
775 sprintf(tmp,"%d",n);
776 ERR_add_error_data(2,"SSL alert number ",tmp);
777 s->shutdown|=SSL_RECEIVED_SHUTDOWN;
778 SSL_CTX_remove_session(s->ctx,s->session);
779 return(0); 947 return(0);
780 } 948 }
781 else
782 {
783 al=SSL_AD_ILLEGAL_PARAMETER;
784 SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_UNKNOWN_ALERT_TYPE);
785 goto f_err;
786 }
787
788 rr->length=0;
789 goto start;
790 } 949 }
791 950 else if (alert_level == 2) /* fatal */
792 if (s->shutdown & SSL_SENT_SHUTDOWN)
793 { 951 {
952 char tmp[16];
953
794 s->rwstate=SSL_NOTHING; 954 s->rwstate=SSL_NOTHING;
795 rr->length=0; 955 s->s3->fatal_alert = alert_descr;
956 SSLerr(SSL_F_SSL3_READ_BYTES, SSL_AD_REASON_OFFSET + alert_descr);
957 sprintf(tmp,"%d",alert_descr);
958 ERR_add_error_data(2,"SSL alert number ",tmp);
959 s->shutdown|=SSL_RECEIVED_SHUTDOWN;
960 SSL_CTX_remove_session(s->ctx,s->session);
796 return(0); 961 return(0);
797 } 962 }
798 963 else
799 if (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC)
800 { 964 {
801 if ( (rr->length != 1) || (rr->off != 0) || 965 al=SSL_AD_ILLEGAL_PARAMETER;
802 (rr->data[0] != SSL3_MT_CCS)) 966 SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_UNKNOWN_ALERT_TYPE);
803 { 967 goto f_err;
804 i=SSL_AD_ILLEGAL_PARAMETER; 968 }
805 SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_BAD_CHANGE_CIPHER_SPEC);
806 goto err;
807 }
808 969
809 rr->length=0; 970 goto start;
810 s->s3->change_cipher_spec=1; 971 }
811 if (!do_change_cipher_spec(s)) 972
812 goto err; 973 if (s->shutdown & SSL_SENT_SHUTDOWN) /* but we have not received a shutdown */
813 else 974 {
814 goto start; 975 s->rwstate=SSL_NOTHING;
976 rr->length=0;
977 return(0);
978 }
979
980 if (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC)
981 {
982 /* 'Change Cipher Spec' is just a single byte, so we know
983 * exactly what the record payload has to look like */
984 if ( (rr->length != 1) || (rr->off != 0) ||
985 (rr->data[0] != SSL3_MT_CCS))
986 {
987 i=SSL_AD_ILLEGAL_PARAMETER;
988 SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_BAD_CHANGE_CIPHER_SPEC);
989 goto err;
815 } 990 }
816 991
817 /* else we have a handshake */ 992 rr->length=0;
818 if ((rr->type == SSL3_RT_HANDSHAKE) && 993 s->s3->change_cipher_spec=1;
819 !s->in_handshake) 994 if (!do_change_cipher_spec(s))
995 goto err;
996 else
997 goto start;
998 }
999
1000 /* Unexpected handshake message (Client Hello, or protocol violation) */
1001 if ((s->s3->handshake_fragment_len >= 4) && !s->in_handshake)
1002 {
1003 if (((s->state&SSL_ST_MASK) == SSL_ST_OK) &&
1004 !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS))
820 { 1005 {
821 if (((s->state&SSL_ST_MASK) == SSL_ST_OK) && 1006#if 0 /* worked only because C operator preferences are not as expected (and
822 !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)) 1007 * because this is not really needed for clients except for detecting
823 { 1008 * protocol violations): */
824 s->state=SSL_ST_BEFORE|(s->server) 1009 s->state=SSL_ST_BEFORE|(s->server)
825 ?SSL_ST_ACCEPT 1010 ?SSL_ST_ACCEPT
826 :SSL_ST_CONNECT; 1011 :SSL_ST_CONNECT;
827 s->new_session=1; 1012#else
828 } 1013 s->state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT;
829 n=s->handshake_func(s); 1014#endif
830 if (n < 0) return(n); 1015 s->new_session=1;
831 if (n == 0) 1016 }
832 { 1017 i=s->handshake_func(s);
833 SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE); 1018 if (i < 0) return(i);
834 return(-1); 1019 if (i == 0)
835 } 1020 {
1021 SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE);
1022 return(-1);
1023 }
836 1024
1025 if (s->s3->rbuf.left == 0) /* no read-ahead left? */
1026 {
1027 BIO *bio;
837 /* In the case where we try to read application data 1028 /* In the case where we try to read application data
838 * the first time, but we trigger an SSL handshake, we 1029 * the first time, but we trigger an SSL handshake, we
839 * return -1 with the retry option set. I do this 1030 * return -1 with the retry option set. I do this
840 * otherwise renegotiation can cause nasty problems 1031 * otherwise renegotiation can cause nasty problems
841 * in the non-blocking world */ 1032 * in the blocking world */ /* ? */
842
843 s->rwstate=SSL_READING; 1033 s->rwstate=SSL_READING;
844 bio=SSL_get_rbio(s); 1034 bio=SSL_get_rbio(s);
845 BIO_clear_retry_flags(bio); 1035 BIO_clear_retry_flags(bio);
846 BIO_set_retry_read(bio); 1036 BIO_set_retry_read(bio);
847 return(-1); 1037 return(-1);
848 } 1038 }
1039 goto start;
1040 }
849 1041
850 switch (rr->type) 1042 switch (rr->type)
851 { 1043 {
852 default: 1044 default:
853#ifndef NO_TLS 1045#ifndef NO_TLS
854 /* TLS just ignores unknown message types */ 1046 /* TLS just ignores unknown message types */
855 if (s->version == TLS1_VERSION) 1047 if (s->version == TLS1_VERSION)
856 { 1048 {
857 goto start; 1049 goto start;
858 } 1050 }
859#endif 1051#endif
860 case SSL3_RT_CHANGE_CIPHER_SPEC: 1052 al=SSL_AD_UNEXPECTED_MESSAGE;
861 case SSL3_RT_ALERT: 1053 SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_UNEXPECTED_RECORD);
862 case SSL3_RT_HANDSHAKE: 1054 goto f_err;
1055 case SSL3_RT_CHANGE_CIPHER_SPEC:
1056 case SSL3_RT_ALERT:
1057 case SSL3_RT_HANDSHAKE:
1058 /* we already handled all of these, with the possible exception
1059 * of SSL3_RT_HANDSHAKE when s->in_handshake is set, but that
1060 * should not happen when type != rr->type */
1061 al=SSL_AD_UNEXPECTED_MESSAGE;
1062 SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_INTERNAL_ERROR);
1063 goto f_err;
1064 case SSL3_RT_APPLICATION_DATA:
1065 /* At this point, we were expecting handshake data,
1066 * but have application data. If the library was
1067 * running inside ssl3_read() (i.e. in_read_app_data
1068 * is set) and it makes sense to read application data
1069 * at this point (session renegotiation not yet started),
1070 * we will indulge it.
1071 */
1072 if (s->s3->in_read_app_data &&
1073 (s->s3->total_renegotiations != 0) &&
1074 ((
1075 (s->state & SSL_ST_CONNECT) &&
1076 (s->state >= SSL3_ST_CW_CLNT_HELLO_A) &&
1077 (s->state <= SSL3_ST_CR_SRVR_HELLO_A)
1078 ) || (
1079 (s->state & SSL_ST_ACCEPT) &&
1080 (s->state <= SSL3_ST_SW_HELLO_REQ_A) &&
1081 (s->state >= SSL3_ST_SR_CLNT_HELLO_A)
1082 )
1083 ))
1084 {
1085 s->s3->in_read_app_data=0;
1086 return(-1);
1087 }
1088 else
1089 {
863 al=SSL_AD_UNEXPECTED_MESSAGE; 1090 al=SSL_AD_UNEXPECTED_MESSAGE;
864 SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_UNEXPECTED_RECORD); 1091 SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_UNEXPECTED_RECORD);
865 goto f_err; 1092 goto f_err;
866 case SSL3_RT_APPLICATION_DATA:
867 /* At this point, we were expecting something else,
868 * but have application data. What we do is set the
869 * error, and return -1. On the way out, if the
870 * library was running inside ssl3_read() and it makes
871 * sense to read application data at this point, we
872 * will indulge it. This will mostly happen during
873 * session renegotiation.
874 */
875 if (s->s3->in_read_app_data &&
876 (s->s3->total_renegotiations != 0) &&
877 ((
878 (s->state & SSL_ST_CONNECT) &&
879 (s->state >= SSL3_ST_CW_CLNT_HELLO_A) &&
880 (s->state <= SSL3_ST_CR_SRVR_HELLO_A)
881 ) || (
882 (s->state & SSL_ST_ACCEPT) &&
883 (s->state <= SSL3_ST_SW_HELLO_REQ_A) &&
884 (s->state >= SSL3_ST_SR_CLNT_HELLO_A)
885 )
886 ))
887 {
888 s->s3->in_read_app_data=0;
889 return(-1);
890 }
891 else
892 {
893 al=SSL_AD_UNEXPECTED_MESSAGE;
894 SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_UNEXPECTED_RECORD);
895 goto f_err;
896 }
897 } 1093 }
898 } 1094 }
1095 /* not reached */
899 1096
900 /* make sure that we are not getting application data when we
901 * are doing a handshake for the first time */
902 if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) &&
903 (s->enc_read_ctx == NULL))
904 {
905 al=SSL_AD_UNEXPECTED_MESSAGE;
906 SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_APP_DATA_IN_HANDSHAKE);
907 goto f_err;
908 }
909
910 if (len <= 0) return(len);
911
912 if ((unsigned int)len > rr->length)
913 n=rr->length;
914 else
915 n=len;
916
917 memcpy(buf,&(rr->data[rr->off]),(unsigned int)n);
918 rr->length-=n;
919 rr->off+=n;
920 if (rr->length <= 0)
921 {
922 s->rstate=SSL_ST_READ_HEADER;
923 rr->off=0;
924 }
925
926 if (type == SSL3_RT_HANDSHAKE)
927 ssl3_finish_mac(s,buf,n);
928 return(n);
929f_err: 1097f_err:
930 ssl3_send_alert(s,SSL3_AL_FATAL,al); 1098 ssl3_send_alert(s,SSL3_AL_FATAL,al);
931err: 1099err:
@@ -935,7 +1103,7 @@ err:
935static int do_change_cipher_spec(SSL *s) 1103static int do_change_cipher_spec(SSL *s)
936 { 1104 {
937 int i; 1105 int i;
938 unsigned char *sender; 1106 const char *sender;
939 int slen; 1107 int slen;
940 1108
941 if (s->state & SSL_ST_ACCEPT) 1109 if (s->state & SSL_ST_ACCEPT)
@@ -957,37 +1125,23 @@ static int do_change_cipher_spec(SSL *s)
957 * the finished message */ 1125 * the finished message */
958 if (s->state & SSL_ST_CONNECT) 1126 if (s->state & SSL_ST_CONNECT)
959 { 1127 {
960 sender=s->method->ssl3_enc->server_finished; 1128 sender=s->method->ssl3_enc->server_finished_label;
961 slen=s->method->ssl3_enc->server_finished_len; 1129 slen=s->method->ssl3_enc->server_finished_label_len;
962 } 1130 }
963 else 1131 else
964 { 1132 {
965 sender=s->method->ssl3_enc->client_finished; 1133 sender=s->method->ssl3_enc->client_finished_label;
966 slen=s->method->ssl3_enc->client_finished_len; 1134 slen=s->method->ssl3_enc->client_finished_label_len;
967 } 1135 }
968 1136
969 s->method->ssl3_enc->final_finish_mac(s, 1137 s->s3->tmp.peer_finish_md_len = s->method->ssl3_enc->final_finish_mac(s,
970 &(s->s3->finish_dgst1), 1138 &(s->s3->finish_dgst1),
971 &(s->s3->finish_dgst2), 1139 &(s->s3->finish_dgst2),
972 sender,slen,&(s->s3->tmp.finish_md[0])); 1140 sender,slen,s->s3->tmp.peer_finish_md);
973 1141
974 return(1); 1142 return(1);
975 } 1143 }
976 1144
977int ssl3_do_write(SSL *s, int type)
978 {
979 int ret;
980
981 ret=ssl3_write_bytes(s,type,&s->init_buf->data[s->init_off],
982 s->init_num);
983 if (ret == s->init_num)
984 return(1);
985 if (ret < 0) return(-1);
986 s->init_off+=ret;
987 s->init_num-=ret;
988 return(0);
989 }
990
991void ssl3_send_alert(SSL *s, int level, int desc) 1145void ssl3_send_alert(SSL *s, int level, int desc)
992 { 1146 {
993 /* Map tls/ssl alert value to correct one */ 1147 /* Map tls/ssl alert value to correct one */
@@ -1029,7 +1183,7 @@ int ssl3_dispatch_alert(SSL *s)
1029 cb=s->info_callback; 1183 cb=s->info_callback;
1030 else if (s->ctx->info_callback != NULL) 1184 else if (s->ctx->info_callback != NULL)
1031 cb=s->ctx->info_callback; 1185 cb=s->ctx->info_callback;
1032 1186
1033 if (cb != NULL) 1187 if (cb != NULL)
1034 { 1188 {
1035 j=(s->s3->send_alert[0]<<8)|s->s3->send_alert[1]; 1189 j=(s->s3->send_alert[0]<<8)|s->s3->send_alert[1];
@@ -1038,4 +1192,3 @@ int ssl3_dispatch_alert(SSL *s)
1038 } 1192 }
1039 return(i); 1193 return(i);
1040 } 1194 }
1041
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-12-08 10:27:58 +0000