diff options
Diffstat (limited to '')
-rw-r--r-- | src/lib/libssl/s3_pkt.c | 181 |
1 files changed, 132 insertions, 49 deletions
diff --git a/src/lib/libssl/s3_pkt.c b/src/lib/libssl/s3_pkt.c index 9ab76604a6..43e8502b66 100644 --- a/src/lib/libssl/s3_pkt.c +++ b/src/lib/libssl/s3_pkt.c | |||
@@ -56,7 +56,7 @@ | |||
56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
57 | */ | 57 | */ |
58 | /* ==================================================================== | 58 | /* ==================================================================== |
59 | * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. | 59 | * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. |
60 | * | 60 | * |
61 | * Redistribution and use in source and binary forms, with or without | 61 | * Redistribution and use in source and binary forms, with or without |
62 | * modification, are permitted provided that the following conditions | 62 | * modification, are permitted provided that the following conditions |
@@ -117,7 +117,7 @@ | |||
117 | #include "ssl_locl.h" | 117 | #include "ssl_locl.h" |
118 | 118 | ||
119 | static int do_ssl3_write(SSL *s, int type, const unsigned char *buf, | 119 | static int do_ssl3_write(SSL *s, int type, const unsigned char *buf, |
120 | unsigned int len); | 120 | unsigned int len, int create_empty_fragment); |
121 | static int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, | 121 | static int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, |
122 | unsigned int len); | 122 | unsigned int len); |
123 | static int ssl3_get_record(SSL *s); | 123 | static int ssl3_get_record(SSL *s); |
@@ -162,15 +162,13 @@ static int ssl3_read_n(SSL *s, int n, int max, int extend) | |||
162 | 162 | ||
163 | { | 163 | { |
164 | /* avoid buffer overflow */ | 164 | /* avoid buffer overflow */ |
165 | int max_max = SSL3_RT_MAX_PACKET_SIZE - s->packet_length; | 165 | int max_max = s->s3->rbuf.len - s->packet_length; |
166 | if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER) | ||
167 | max_max += SSL3_RT_MAX_EXTRA; | ||
168 | if (max > max_max) | 166 | if (max > max_max) |
169 | max = max_max; | 167 | max = max_max; |
170 | } | 168 | } |
171 | if (n > max) /* does not happen */ | 169 | if (n > max) /* does not happen */ |
172 | { | 170 | { |
173 | SSLerr(SSL_F_SSL3_READ_N,SSL_R_INTERNAL_ERROR); | 171 | SSLerr(SSL_F_SSL3_READ_N,ERR_R_INTERNAL_ERROR); |
174 | return -1; | 172 | return -1; |
175 | } | 173 | } |
176 | 174 | ||
@@ -231,14 +229,15 @@ static int ssl3_read_n(SSL *s, int n, int max, int extend) | |||
231 | static int ssl3_get_record(SSL *s) | 229 | static int ssl3_get_record(SSL *s) |
232 | { | 230 | { |
233 | int ssl_major,ssl_minor,al; | 231 | int ssl_major,ssl_minor,al; |
234 | int n,i,ret= -1; | 232 | int enc_err,n,i,ret= -1; |
235 | SSL3_RECORD *rr; | 233 | SSL3_RECORD *rr; |
236 | SSL_SESSION *sess; | 234 | SSL_SESSION *sess; |
237 | unsigned char *p; | 235 | unsigned char *p; |
238 | unsigned char md[EVP_MAX_MD_SIZE]; | 236 | unsigned char md[EVP_MAX_MD_SIZE]; |
239 | short version; | 237 | short version; |
240 | unsigned int mac_size; | 238 | unsigned int mac_size; |
241 | int clear=0,extra; | 239 | int clear=0; |
240 | size_t extra; | ||
242 | 241 | ||
243 | rr= &(s->s3->rrec); | 242 | rr= &(s->s3->rrec); |
244 | sess=s->session; | 243 | sess=s->session; |
@@ -247,14 +246,20 @@ static int ssl3_get_record(SSL *s) | |||
247 | extra=SSL3_RT_MAX_EXTRA; | 246 | extra=SSL3_RT_MAX_EXTRA; |
248 | else | 247 | else |
249 | extra=0; | 248 | extra=0; |
249 | if (extra != s->s3->rbuf.len - SSL3_RT_MAX_PACKET_SIZE) | ||
250 | { | ||
251 | /* actually likely an application error: SLS_OP_MICROSOFT_BIG_SSLV3_BUFFER | ||
252 | * set after ssl3_setup_buffers() was done */ | ||
253 | SSLerr(SSL_F_SSL3_GET_RECORD, ERR_R_INTERNAL_ERROR); | ||
254 | return -1; | ||
255 | } | ||
250 | 256 | ||
251 | again: | 257 | again: |
252 | /* check if we have the header */ | 258 | /* check if we have the header */ |
253 | if ( (s->rstate != SSL_ST_READ_BODY) || | 259 | if ( (s->rstate != SSL_ST_READ_BODY) || |
254 | (s->packet_length < SSL3_RT_HEADER_LENGTH)) | 260 | (s->packet_length < SSL3_RT_HEADER_LENGTH)) |
255 | { | 261 | { |
256 | n=ssl3_read_n(s,SSL3_RT_HEADER_LENGTH, | 262 | n=ssl3_read_n(s, SSL3_RT_HEADER_LENGTH, s->s3->rbuf.len, 0); |
257 | SSL3_RT_MAX_PACKET_SIZE,0); | ||
258 | if (n <= 0) return(n); /* error or non-blocking */ | 263 | if (n <= 0) return(n); /* error or non-blocking */ |
259 | s->rstate=SSL_ST_READ_BODY; | 264 | s->rstate=SSL_ST_READ_BODY; |
260 | 265 | ||
@@ -291,8 +296,7 @@ again: | |||
291 | goto err; | 296 | goto err; |
292 | } | 297 | } |
293 | 298 | ||
294 | if (rr->length > | 299 | if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH+extra) |
295 | (unsigned int)SSL3_RT_MAX_ENCRYPTED_LENGTH+extra) | ||
296 | { | 300 | { |
297 | al=SSL_AD_RECORD_OVERFLOW; | 301 | al=SSL_AD_RECORD_OVERFLOW; |
298 | SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_PACKET_LENGTH_TOO_LONG); | 302 | SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_PACKET_LENGTH_TOO_LONG); |
@@ -304,7 +308,7 @@ again: | |||
304 | 308 | ||
305 | /* s->rstate == SSL_ST_READ_BODY, get and decode the data */ | 309 | /* s->rstate == SSL_ST_READ_BODY, get and decode the data */ |
306 | 310 | ||
307 | if (rr->length > (s->packet_length-SSL3_RT_HEADER_LENGTH)) | 311 | if (rr->length > s->packet_length-SSL3_RT_HEADER_LENGTH) |
308 | { | 312 | { |
309 | /* now s->packet_length == SSL3_RT_HEADER_LENGTH */ | 313 | /* now s->packet_length == SSL3_RT_HEADER_LENGTH */ |
310 | i=rr->length; | 314 | i=rr->length; |
@@ -332,7 +336,7 @@ again: | |||
332 | * rr->length bytes of encrypted compressed stuff. */ | 336 | * rr->length bytes of encrypted compressed stuff. */ |
333 | 337 | ||
334 | /* check is not needed I believe */ | 338 | /* check is not needed I believe */ |
335 | if (rr->length > (unsigned int)SSL3_RT_MAX_ENCRYPTED_LENGTH+extra) | 339 | if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH+extra) |
336 | { | 340 | { |
337 | al=SSL_AD_RECORD_OVERFLOW; | 341 | al=SSL_AD_RECORD_OVERFLOW; |
338 | SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_ENCRYPTED_LENGTH_TOO_LONG); | 342 | SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_ENCRYPTED_LENGTH_TOO_LONG); |
@@ -342,16 +346,23 @@ again: | |||
342 | /* decrypt in place in 'rr->input' */ | 346 | /* decrypt in place in 'rr->input' */ |
343 | rr->data=rr->input; | 347 | rr->data=rr->input; |
344 | 348 | ||
345 | if (!s->method->ssl3_enc->enc(s,0)) | 349 | enc_err = s->method->ssl3_enc->enc(s,0); |
350 | if (enc_err <= 0) | ||
346 | { | 351 | { |
347 | al=SSL_AD_DECRYPT_ERROR; | 352 | if (enc_err == 0) |
348 | goto f_err; | 353 | /* SSLerr() and ssl3_send_alert() have been called */ |
354 | goto err; | ||
355 | |||
356 | /* otherwise enc_err == -1 */ | ||
357 | goto decryption_failed_or_bad_record_mac; | ||
349 | } | 358 | } |
359 | |||
350 | #ifdef TLS_DEBUG | 360 | #ifdef TLS_DEBUG |
351 | printf("dec %d\n",rr->length); | 361 | printf("dec %d\n",rr->length); |
352 | { unsigned int z; for (z=0; z<rr->length; z++) printf("%02X%c",rr->data[z],((z+1)%16)?' ':'\n'); } | 362 | { unsigned int z; for (z=0; z<rr->length; z++) printf("%02X%c",rr->data[z],((z+1)%16)?' ':'\n'); } |
353 | printf("\n"); | 363 | printf("\n"); |
354 | #endif | 364 | #endif |
365 | |||
355 | /* r->length is now the compressed data plus mac */ | 366 | /* r->length is now the compressed data plus mac */ |
356 | if ( (sess == NULL) || | 367 | if ( (sess == NULL) || |
357 | (s->enc_read_ctx == NULL) || | 368 | (s->enc_read_ctx == NULL) || |
@@ -364,33 +375,37 @@ printf("\n"); | |||
364 | 375 | ||
365 | if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+extra+mac_size) | 376 | if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+extra+mac_size) |
366 | { | 377 | { |
378 | #if 0 /* OK only for stream ciphers (then rr->length is visible from ciphertext anyway) */ | ||
367 | al=SSL_AD_RECORD_OVERFLOW; | 379 | al=SSL_AD_RECORD_OVERFLOW; |
368 | SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_PRE_MAC_LENGTH_TOO_LONG); | 380 | SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_PRE_MAC_LENGTH_TOO_LONG); |
369 | goto f_err; | 381 | goto f_err; |
382 | #else | ||
383 | goto decryption_failed_or_bad_record_mac; | ||
384 | #endif | ||
370 | } | 385 | } |
371 | /* check the MAC for rr->input (it's in mac_size bytes at the tail) */ | 386 | /* check the MAC for rr->input (it's in mac_size bytes at the tail) */ |
372 | if (rr->length < mac_size) | 387 | if (rr->length < mac_size) |
373 | { | 388 | { |
389 | #if 0 /* OK only for stream ciphers */ | ||
374 | al=SSL_AD_DECODE_ERROR; | 390 | al=SSL_AD_DECODE_ERROR; |
375 | SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_LENGTH_TOO_SHORT); | 391 | SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_LENGTH_TOO_SHORT); |
376 | goto f_err; | 392 | goto f_err; |
393 | #else | ||
394 | goto decryption_failed_or_bad_record_mac; | ||
395 | #endif | ||
377 | } | 396 | } |
378 | rr->length-=mac_size; | 397 | rr->length-=mac_size; |
379 | i=s->method->ssl3_enc->mac(s,md,0); | 398 | i=s->method->ssl3_enc->mac(s,md,0); |
380 | if (memcmp(md,&(rr->data[rr->length]),mac_size) != 0) | 399 | if (memcmp(md,&(rr->data[rr->length]),mac_size) != 0) |
381 | { | 400 | { |
382 | al=SSL_AD_BAD_RECORD_MAC; | 401 | goto decryption_failed_or_bad_record_mac; |
383 | SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_BAD_MAC_DECODE); | ||
384 | ret= -1; | ||
385 | goto f_err; | ||
386 | } | 402 | } |
387 | } | 403 | } |
388 | 404 | ||
389 | /* r->length is now just compressed */ | 405 | /* r->length is now just compressed */ |
390 | if (s->expand != NULL) | 406 | if (s->expand != NULL) |
391 | { | 407 | { |
392 | if (rr->length > | 408 | if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+extra) |
393 | (unsigned int)SSL3_RT_MAX_COMPRESSED_LENGTH+extra) | ||
394 | { | 409 | { |
395 | al=SSL_AD_RECORD_OVERFLOW; | 410 | al=SSL_AD_RECORD_OVERFLOW; |
396 | SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_COMPRESSED_LENGTH_TOO_LONG); | 411 | SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_COMPRESSED_LENGTH_TOO_LONG); |
@@ -404,7 +419,7 @@ printf("\n"); | |||
404 | } | 419 | } |
405 | } | 420 | } |
406 | 421 | ||
407 | if (rr->length > (unsigned int)SSL3_RT_MAX_PLAIN_LENGTH+extra) | 422 | if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH+extra) |
408 | { | 423 | { |
409 | al=SSL_AD_RECORD_OVERFLOW; | 424 | al=SSL_AD_RECORD_OVERFLOW; |
410 | SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_DATA_LENGTH_TOO_LONG); | 425 | SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_DATA_LENGTH_TOO_LONG); |
@@ -427,6 +442,15 @@ printf("\n"); | |||
427 | if (rr->length == 0) goto again; | 442 | if (rr->length == 0) goto again; |
428 | 443 | ||
429 | return(1); | 444 | return(1); |
445 | |||
446 | decryption_failed_or_bad_record_mac: | ||
447 | /* Separate 'decryption_failed' alert was introduced with TLS 1.0, | ||
448 | * SSL 3.0 only has 'bad_record_mac'. But unless a decryption | ||
449 | * failure is directly visible from the ciphertext anyway, | ||
450 | * we should not reveal which kind of error occured -- this | ||
451 | * might become visible to an attacker (e.g. via logfile) */ | ||
452 | al=SSL_AD_BAD_RECORD_MAC; | ||
453 | SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC); | ||
430 | f_err: | 454 | f_err: |
431 | ssl3_send_alert(s,SSL3_AL_FATAL,al); | 455 | ssl3_send_alert(s,SSL3_AL_FATAL,al); |
432 | err: | 456 | err: |
@@ -488,7 +512,7 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) | |||
488 | if (i == 0) | 512 | if (i == 0) |
489 | { | 513 | { |
490 | SSLerr(SSL_F_SSL3_WRITE_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE); | 514 | SSLerr(SSL_F_SSL3_WRITE_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE); |
491 | return(-1); | 515 | return -1; |
492 | } | 516 | } |
493 | } | 517 | } |
494 | 518 | ||
@@ -500,18 +524,22 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) | |||
500 | else | 524 | else |
501 | nw=n; | 525 | nw=n; |
502 | 526 | ||
503 | i=do_ssl3_write(s,type,&(buf[tot]),nw); | 527 | i=do_ssl3_write(s, type, &(buf[tot]), nw, 0); |
504 | if (i <= 0) | 528 | if (i <= 0) |
505 | { | 529 | { |
506 | s->s3->wnum=tot; | 530 | s->s3->wnum=tot; |
507 | return(i); | 531 | return i; |
508 | } | 532 | } |
509 | 533 | ||
510 | if ((i == (int)n) || | 534 | if ((i == (int)n) || |
511 | (type == SSL3_RT_APPLICATION_DATA && | 535 | (type == SSL3_RT_APPLICATION_DATA && |
512 | (s->mode & SSL_MODE_ENABLE_PARTIAL_WRITE))) | 536 | (s->mode & SSL_MODE_ENABLE_PARTIAL_WRITE))) |
513 | { | 537 | { |
514 | return(tot+i); | 538 | /* next chunk of data should get another prepended empty fragment |
539 | * in ciphersuites with known-IV weakness: */ | ||
540 | s->s3->empty_fragment_done = 0; | ||
541 | |||
542 | return tot+i; | ||
515 | } | 543 | } |
516 | 544 | ||
517 | n-=i; | 545 | n-=i; |
@@ -520,15 +548,16 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) | |||
520 | } | 548 | } |
521 | 549 | ||
522 | static int do_ssl3_write(SSL *s, int type, const unsigned char *buf, | 550 | static int do_ssl3_write(SSL *s, int type, const unsigned char *buf, |
523 | unsigned int len) | 551 | unsigned int len, int create_empty_fragment) |
524 | { | 552 | { |
525 | unsigned char *p,*plen; | 553 | unsigned char *p,*plen; |
526 | int i,mac_size,clear=0; | 554 | int i,mac_size,clear=0; |
555 | int prefix_len = 0; | ||
527 | SSL3_RECORD *wr; | 556 | SSL3_RECORD *wr; |
528 | SSL3_BUFFER *wb; | 557 | SSL3_BUFFER *wb; |
529 | SSL_SESSION *sess; | 558 | SSL_SESSION *sess; |
530 | 559 | ||
531 | /* first check is there is a SSL3_RECORD still being written | 560 | /* first check if there is a SSL3_BUFFER still being written |
532 | * out. This will happen with non blocking IO */ | 561 | * out. This will happen with non blocking IO */ |
533 | if (s->s3->wbuf.left != 0) | 562 | if (s->s3->wbuf.left != 0) |
534 | return(ssl3_write_pending(s,type,buf,len)); | 563 | return(ssl3_write_pending(s,type,buf,len)); |
@@ -542,7 +571,8 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf, | |||
542 | /* if it went, fall through and send more stuff */ | 571 | /* if it went, fall through and send more stuff */ |
543 | } | 572 | } |
544 | 573 | ||
545 | if (len == 0) return(len); | 574 | if (len == 0 && !create_empty_fragment) |
575 | return 0; | ||
546 | 576 | ||
547 | wr= &(s->s3->wrec); | 577 | wr= &(s->s3->wrec); |
548 | wb= &(s->s3->wbuf); | 578 | wb= &(s->s3->wbuf); |
@@ -558,16 +588,44 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf, | |||
558 | else | 588 | else |
559 | mac_size=EVP_MD_size(s->write_hash); | 589 | mac_size=EVP_MD_size(s->write_hash); |
560 | 590 | ||
561 | p=wb->buf; | 591 | /* 'create_empty_fragment' is true only when this function calls itself */ |
592 | if (!clear && !create_empty_fragment && !s->s3->empty_fragment_done) | ||
593 | { | ||
594 | /* countermeasure against known-IV weakness in CBC ciphersuites | ||
595 | * (see http://www.openssl.org/~bodo/tls-cbc.txt) */ | ||
596 | |||
597 | if (s->s3->need_empty_fragments && type == SSL3_RT_APPLICATION_DATA) | ||
598 | { | ||
599 | /* recursive function call with 'create_empty_fragment' set; | ||
600 | * this prepares and buffers the data for an empty fragment | ||
601 | * (these 'prefix_len' bytes are sent out later | ||
602 | * together with the actual payload) */ | ||
603 | prefix_len = do_ssl3_write(s, type, buf, 0, 1); | ||
604 | if (prefix_len <= 0) | ||
605 | goto err; | ||
606 | |||
607 | if (s->s3->wbuf.len < (size_t)prefix_len + SSL3_RT_MAX_PACKET_SIZE) | ||
608 | { | ||
609 | /* insufficient space */ | ||
610 | SSLerr(SSL_F_DO_SSL3_WRITE, ERR_R_INTERNAL_ERROR); | ||
611 | goto err; | ||
612 | } | ||
613 | } | ||
614 | |||
615 | s->s3->empty_fragment_done = 1; | ||
616 | } | ||
617 | |||
618 | p = wb->buf + prefix_len; | ||
562 | 619 | ||
563 | /* write the header */ | 620 | /* write the header */ |
621 | |||
564 | *(p++)=type&0xff; | 622 | *(p++)=type&0xff; |
565 | wr->type=type; | 623 | wr->type=type; |
566 | 624 | ||
567 | *(p++)=(s->version>>8); | 625 | *(p++)=(s->version>>8); |
568 | *(p++)=s->version&0xff; | 626 | *(p++)=s->version&0xff; |
569 | 627 | ||
570 | /* record where we are to write out packet length */ | 628 | /* field where we are to write out packet length */ |
571 | plen=p; | 629 | plen=p; |
572 | p+=2; | 630 | p+=2; |
573 | 631 | ||
@@ -618,19 +676,28 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf, | |||
618 | wr->type=type; /* not needed but helps for debugging */ | 676 | wr->type=type; /* not needed but helps for debugging */ |
619 | wr->length+=SSL3_RT_HEADER_LENGTH; | 677 | wr->length+=SSL3_RT_HEADER_LENGTH; |
620 | 678 | ||
621 | /* Now lets setup wb */ | 679 | if (create_empty_fragment) |
622 | wb->left=wr->length; | 680 | { |
623 | wb->offset=0; | 681 | /* we are in a recursive call; |
682 | * just return the length, don't write out anything here | ||
683 | */ | ||
684 | return wr->length; | ||
685 | } | ||
686 | |||
687 | /* now let's set up wb */ | ||
688 | wb->left = prefix_len + wr->length; | ||
689 | wb->offset = 0; | ||
624 | 690 | ||
691 | /* memorize arguments so that ssl3_write_pending can detect bad write retries later */ | ||
625 | s->s3->wpend_tot=len; | 692 | s->s3->wpend_tot=len; |
626 | s->s3->wpend_buf=buf; | 693 | s->s3->wpend_buf=buf; |
627 | s->s3->wpend_type=type; | 694 | s->s3->wpend_type=type; |
628 | s->s3->wpend_ret=len; | 695 | s->s3->wpend_ret=len; |
629 | 696 | ||
630 | /* we now just need to write the buffer */ | 697 | /* we now just need to write the buffer */ |
631 | return(ssl3_write_pending(s,type,buf,len)); | 698 | return ssl3_write_pending(s,type,buf,len); |
632 | err: | 699 | err: |
633 | return(-1); | 700 | return -1; |
634 | } | 701 | } |
635 | 702 | ||
636 | /* if s->s3->wbuf.left != 0, we need to call this */ | 703 | /* if s->s3->wbuf.left != 0, we need to call this */ |
@@ -709,7 +776,7 @@ int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) | |||
709 | int al,i,j,ret; | 776 | int al,i,j,ret; |
710 | unsigned int n; | 777 | unsigned int n; |
711 | SSL3_RECORD *rr; | 778 | SSL3_RECORD *rr; |
712 | void (*cb)()=NULL; | 779 | void (*cb)(const SSL *ssl,int type2,int val)=NULL; |
713 | 780 | ||
714 | if (s->s3->rbuf.buf == NULL) /* Not initialized yet */ | 781 | if (s->s3->rbuf.buf == NULL) /* Not initialized yet */ |
715 | if (!ssl3_setup_buffers(s)) | 782 | if (!ssl3_setup_buffers(s)) |
@@ -718,7 +785,7 @@ int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) | |||
718 | if ((type && (type != SSL3_RT_APPLICATION_DATA) && (type != SSL3_RT_HANDSHAKE) && type) || | 785 | if ((type && (type != SSL3_RT_APPLICATION_DATA) && (type != SSL3_RT_HANDSHAKE) && type) || |
719 | (peek && (type != SSL3_RT_APPLICATION_DATA))) | 786 | (peek && (type != SSL3_RT_APPLICATION_DATA))) |
720 | { | 787 | { |
721 | SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_INTERNAL_ERROR); | 788 | SSLerr(SSL_F_SSL3_READ_BYTES, ERR_R_INTERNAL_ERROR); |
722 | return -1; | 789 | return -1; |
723 | } | 790 | } |
724 | 791 | ||
@@ -890,6 +957,9 @@ start: | |||
890 | goto err; | 957 | goto err; |
891 | } | 958 | } |
892 | 959 | ||
960 | if (s->msg_callback) | ||
961 | s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->s3->handshake_fragment, 4, s, s->msg_callback_arg); | ||
962 | |||
893 | if (SSL_is_init_finished(s) && | 963 | if (SSL_is_init_finished(s) && |
894 | !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) && | 964 | !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) && |
895 | !s->s3->renegotiate) | 965 | !s->s3->renegotiate) |
@@ -935,6 +1005,9 @@ start: | |||
935 | 1005 | ||
936 | s->s3->alert_fragment_len = 0; | 1006 | s->s3->alert_fragment_len = 0; |
937 | 1007 | ||
1008 | if (s->msg_callback) | ||
1009 | s->msg_callback(0, s->version, SSL3_RT_ALERT, s->s3->alert_fragment, 2, s, s->msg_callback_arg); | ||
1010 | |||
938 | if (s->info_callback != NULL) | 1011 | if (s->info_callback != NULL) |
939 | cb=s->info_callback; | 1012 | cb=s->info_callback; |
940 | else if (s->ctx->info_callback != NULL) | 1013 | else if (s->ctx->info_callback != NULL) |
@@ -998,6 +1071,10 @@ start: | |||
998 | } | 1071 | } |
999 | 1072 | ||
1000 | rr->length=0; | 1073 | rr->length=0; |
1074 | |||
1075 | if (s->msg_callback) | ||
1076 | s->msg_callback(0, s->version, SSL3_RT_CHANGE_CIPHER_SPEC, rr->data, 1, s, s->msg_callback_arg); | ||
1077 | |||
1001 | s->s3->change_cipher_spec=1; | 1078 | s->s3->change_cipher_spec=1; |
1002 | if (!do_change_cipher_spec(s)) | 1079 | if (!do_change_cipher_spec(s)) |
1003 | goto err; | 1080 | goto err; |
@@ -1052,10 +1129,11 @@ start: | |||
1052 | switch (rr->type) | 1129 | switch (rr->type) |
1053 | { | 1130 | { |
1054 | default: | 1131 | default: |
1055 | #ifndef NO_TLS | 1132 | #ifndef OPENSSL_NO_TLS |
1056 | /* TLS just ignores unknown message types */ | 1133 | /* TLS just ignores unknown message types */ |
1057 | if (s->version == TLS1_VERSION) | 1134 | if (s->version == TLS1_VERSION) |
1058 | { | 1135 | { |
1136 | rr->length = 0; | ||
1059 | goto start; | 1137 | goto start; |
1060 | } | 1138 | } |
1061 | #endif | 1139 | #endif |
@@ -1069,7 +1147,7 @@ start: | |||
1069 | * of SSL3_RT_HANDSHAKE when s->in_handshake is set, but that | 1147 | * of SSL3_RT_HANDSHAKE when s->in_handshake is set, but that |
1070 | * should not happen when type != rr->type */ | 1148 | * should not happen when type != rr->type */ |
1071 | al=SSL_AD_UNEXPECTED_MESSAGE; | 1149 | al=SSL_AD_UNEXPECTED_MESSAGE; |
1072 | SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_INTERNAL_ERROR); | 1150 | SSLerr(SSL_F_SSL3_READ_BYTES,ERR_R_INTERNAL_ERROR); |
1073 | goto f_err; | 1151 | goto f_err; |
1074 | case SSL3_RT_APPLICATION_DATA: | 1152 | case SSL3_RT_APPLICATION_DATA: |
1075 | /* At this point, we were expecting handshake data, | 1153 | /* At this point, we were expecting handshake data, |
@@ -1092,7 +1170,7 @@ start: | |||
1092 | ) | 1170 | ) |
1093 | )) | 1171 | )) |
1094 | { | 1172 | { |
1095 | s->s3->in_read_app_data=0; | 1173 | s->s3->in_read_app_data=2; |
1096 | return(-1); | 1174 | return(-1); |
1097 | } | 1175 | } |
1098 | else | 1176 | else |
@@ -1156,6 +1234,8 @@ void ssl3_send_alert(SSL *s, int level, int desc) | |||
1156 | { | 1234 | { |
1157 | /* Map tls/ssl alert value to correct one */ | 1235 | /* Map tls/ssl alert value to correct one */ |
1158 | desc=s->method->ssl3_enc->alert_value(desc); | 1236 | desc=s->method->ssl3_enc->alert_value(desc); |
1237 | if (s->version == SSL3_VERSION && desc == SSL_AD_PROTOCOL_VERSION) | ||
1238 | desc = SSL_AD_HANDSHAKE_FAILURE; /* SSL 3.0 does not have protocol_version alerts */ | ||
1159 | if (desc < 0) return; | 1239 | if (desc < 0) return; |
1160 | /* If a fatal one, remove from cache */ | 1240 | /* If a fatal one, remove from cache */ |
1161 | if ((level == 2) && (s->session != NULL)) | 1241 | if ((level == 2) && (s->session != NULL)) |
@@ -1164,7 +1244,7 @@ void ssl3_send_alert(SSL *s, int level, int desc) | |||
1164 | s->s3->alert_dispatch=1; | 1244 | s->s3->alert_dispatch=1; |
1165 | s->s3->send_alert[0]=level; | 1245 | s->s3->send_alert[0]=level; |
1166 | s->s3->send_alert[1]=desc; | 1246 | s->s3->send_alert[1]=desc; |
1167 | if (s->s3->wbuf.left == 0) /* data still being written out */ | 1247 | if (s->s3->wbuf.left == 0) /* data still being written out? */ |
1168 | ssl3_dispatch_alert(s); | 1248 | ssl3_dispatch_alert(s); |
1169 | /* else data is still being written out, we will get written | 1249 | /* else data is still being written out, we will get written |
1170 | * some time in the future */ | 1250 | * some time in the future */ |
@@ -1173,22 +1253,25 @@ void ssl3_send_alert(SSL *s, int level, int desc) | |||
1173 | int ssl3_dispatch_alert(SSL *s) | 1253 | int ssl3_dispatch_alert(SSL *s) |
1174 | { | 1254 | { |
1175 | int i,j; | 1255 | int i,j; |
1176 | void (*cb)()=NULL; | 1256 | void (*cb)(const SSL *ssl,int type,int val)=NULL; |
1177 | 1257 | ||
1178 | s->s3->alert_dispatch=0; | 1258 | s->s3->alert_dispatch=0; |
1179 | i=do_ssl3_write(s,SSL3_RT_ALERT,&s->s3->send_alert[0],2); | 1259 | i = do_ssl3_write(s, SSL3_RT_ALERT, &s->s3->send_alert[0], 2, 0); |
1180 | if (i <= 0) | 1260 | if (i <= 0) |
1181 | { | 1261 | { |
1182 | s->s3->alert_dispatch=1; | 1262 | s->s3->alert_dispatch=1; |
1183 | } | 1263 | } |
1184 | else | 1264 | else |
1185 | { | 1265 | { |
1186 | /* If it is important, send it now. If the message | 1266 | /* Alert sent to BIO. If it is important, flush it now. |
1187 | * does not get sent due to non-blocking IO, we will | 1267 | * If the message does not get sent due to non-blocking IO, |
1188 | * not worry too much. */ | 1268 | * we will not worry too much. */ |
1189 | if (s->s3->send_alert[0] == SSL3_AL_FATAL) | 1269 | if (s->s3->send_alert[0] == SSL3_AL_FATAL) |
1190 | (void)BIO_flush(s->wbio); | 1270 | (void)BIO_flush(s->wbio); |
1191 | 1271 | ||
1272 | if (s->msg_callback) | ||
1273 | s->msg_callback(1, s->version, SSL3_RT_ALERT, s->s3->send_alert, 2, s, s->msg_callback_arg); | ||
1274 | |||
1192 | if (s->info_callback != NULL) | 1275 | if (s->info_callback != NULL) |
1193 | cb=s->info_callback; | 1276 | cb=s->info_callback; |
1194 | else if (s->ctx->info_callback != NULL) | 1277 | else if (s->ctx->info_callback != NULL) |