summaryrefslogtreecommitdiff
path: root/src/lib/libssl/s3_pkt.c
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--src/lib/libssl/s3_pkt.c160
1 files changed, 70 insertions, 90 deletions
diff --git a/src/lib/libssl/s3_pkt.c b/src/lib/libssl/s3_pkt.c
index 2385080347..7893d03123 100644
--- a/src/lib/libssl/s3_pkt.c
+++ b/src/lib/libssl/s3_pkt.c
@@ -59,49 +59,19 @@
59#include <stdio.h> 59#include <stdio.h>
60#include <errno.h> 60#include <errno.h>
61#define USE_SOCKETS 61#define USE_SOCKETS
62#include "evp.h" 62#include <openssl/evp.h>
63#include "buffer.h" 63#include <openssl/buffer.h>
64#include "ssl_locl.h" 64#include "ssl_locl.h"
65 65
66/* SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_PEER_ERROR_NO_CIPHER); 66static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
67 * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_PEER_ERROR_NO_CERTIFICATE); 67 unsigned int len);
68 * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_PEER_ERROR_CERTIFICATE); 68static int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
69 * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE); 69 unsigned int len);
70 * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_UNKNOWN_REMOTE_ERROR_TYPE);
71 * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE);
72 * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_BAD_RECORD_MAC);
73 * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE);
74 * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE);
75 * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_NO_CERTIFICATE);
76 * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_BAD_CERTIFICATE);
77 * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE);
78 * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED);
79 * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED);
80 * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN);
81 * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER);
82 */
83
84#ifndef NOPROTO
85static int do_ssl3_write(SSL *s, int type, char *buf, unsigned int len);
86static int ssl3_write_pending(SSL *s, int type, char *buf, unsigned int len);
87static int ssl3_get_record(SSL *s); 70static int ssl3_get_record(SSL *s);
88static int do_compress(SSL *ssl); 71static int do_compress(SSL *ssl);
89static int do_uncompress(SSL *ssl); 72static int do_uncompress(SSL *ssl);
90static int do_change_cipher_spec(SSL *ssl); 73static int do_change_cipher_spec(SSL *ssl);
91#else 74static int ssl3_read_n(SSL *s, int n, int max, int extend)
92static int do_ssl3_write();
93static int ssl3_write_pending();
94static int ssl3_get_record();
95static int do_compress();
96static int do_uncompress();
97static int do_change_cipher_spec();
98#endif
99
100static int ssl3_read_n(s,n,max,extend)
101SSL *s;
102int n;
103int max;
104int extend;
105 { 75 {
106 int i,off,newb; 76 int i,off,newb;
107 77
@@ -210,10 +180,8 @@ int extend;
210 * ssl->s3->rrec.data, - data 180 * ssl->s3->rrec.data, - data
211 * ssl->s3->rrec.length, - number of bytes 181 * ssl->s3->rrec.length, - number of bytes
212 */ 182 */
213static int ssl3_get_record(s) 183static int ssl3_get_record(SSL *s)
214SSL *s;
215 { 184 {
216 char tmp_buf[512];
217 int ssl_major,ssl_minor,al; 185 int ssl_major,ssl_minor,al;
218 int n,i,ret= -1; 186 int n,i,ret= -1;
219 SSL3_BUFFER *rb; 187 SSL3_BUFFER *rb;
@@ -331,7 +299,6 @@ again:
331 299
332 /* decrypt in place in 'rr->input' */ 300 /* decrypt in place in 'rr->input' */
333 rr->data=rr->input; 301 rr->data=rr->input;
334 memcpy(tmp_buf,rr->input,(rr->length > 512)?512:rr->length);
335 302
336 if (!s->method->ssl3_enc->enc(s,0)) 303 if (!s->method->ssl3_enc->enc(s,0))
337 { 304 {
@@ -340,7 +307,7 @@ again:
340 } 307 }
341#ifdef TLS_DEBUG 308#ifdef TLS_DEBUG
342printf("dec %d\n",rr->length); 309printf("dec %d\n",rr->length);
343{ int z; for (z=0; z<rr->length; z++) printf("%02X%c",rr->data[z],((z+1)%16)?' ':'\n'); } 310{ unsigned int z; for (z=0; z<rr->length; z++) printf("%02X%c",rr->data[z],((z+1)%16)?' ':'\n'); }
344printf("\n"); 311printf("\n");
345#endif 312#endif
346 /* r->length is now the compressed data plus mac */ 313 /* r->length is now the compressed data plus mac */
@@ -378,7 +345,7 @@ printf("\n");
378 } 345 }
379 346
380 /* r->length is now just compressed */ 347 /* r->length is now just compressed */
381 if ((sess != NULL) && (sess->read_compression != NULL)) 348 if (s->expand != NULL)
382 { 349 {
383 if (rr->length > 350 if (rr->length >
384 (unsigned int)SSL3_RT_MAX_COMPRESSED_LENGTH+extra) 351 (unsigned int)SSL3_RT_MAX_COMPRESSED_LENGTH+extra)
@@ -424,27 +391,47 @@ err:
424 return(ret); 391 return(ret);
425 } 392 }
426 393
427static int do_uncompress(ssl) 394static int do_uncompress(SSL *ssl)
428SSL *ssl;
429 { 395 {
396 int i;
397 SSL3_RECORD *rr;
398
399 rr= &(ssl->s3->rrec);
400 i=COMP_expand_block(ssl->expand,rr->comp,
401 SSL3_RT_MAX_PLAIN_LENGTH,rr->data,(int)rr->length);
402 if (i < 0)
403 return(0);
404 else
405 rr->length=i;
406 rr->data=rr->comp;
407
430 return(1); 408 return(1);
431 } 409 }
432 410
433static int do_compress(ssl) 411static int do_compress(SSL *ssl)
434SSL *ssl;
435 { 412 {
413 int i;
414 SSL3_RECORD *wr;
415
416 wr= &(ssl->s3->wrec);
417 i=COMP_compress_block(ssl->compress,wr->data,
418 SSL3_RT_MAX_COMPRESSED_LENGTH,
419 wr->input,(int)wr->length);
420 if (i < 0)
421 return(0);
422 else
423 wr->length=i;
424
425 wr->input=wr->data;
436 return(1); 426 return(1);
437 } 427 }
438 428
439/* Call this to write data 429/* Call this to write data
440 * It will return <= 0 if not all data has been sent or non-blocking IO. 430 * It will return <= 0 if not all data has been sent or non-blocking IO.
441 */ 431 */
442int ssl3_write_bytes(s,type,buf,len) 432int ssl3_write_bytes(SSL *s, int type, const void *_buf, int len)
443SSL *s;
444int type;
445char *buf;
446int len;
447 { 433 {
434 const unsigned char *buf=_buf;
448 unsigned int tot,n,nw; 435 unsigned int tot,n,nw;
449 int i; 436 int i;
450 437
@@ -479,20 +466,22 @@ int len;
479 } 466 }
480 467
481 if (type == SSL3_RT_HANDSHAKE) 468 if (type == SSL3_RT_HANDSHAKE)
482 ssl3_finish_mac(s,(unsigned char *)&(buf[tot]),i); 469 ssl3_finish_mac(s,&(buf[tot]),i);
483 470
484 if (i == (int)n) return(tot+i); 471 if ((i == (int)n) ||
472 (type == SSL3_RT_APPLICATION_DATA &&
473 (s->mode & SSL_MODE_ENABLE_PARTIAL_WRITE)))
474 {
475 return(tot+i);
476 }
485 477
486 n-=i; 478 n-=i;
487 tot+=i; 479 tot+=i;
488 } 480 }
489 } 481 }
490 482
491static int do_ssl3_write(s,type,buf,len) 483static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
492SSL *s; 484 unsigned int len)
493int type;
494char *buf;
495unsigned int len;
496 { 485 {
497 unsigned char *p,*plen; 486 unsigned char *p,*plen;
498 int i,mac_size,clear=0; 487 int i,mac_size,clear=0;
@@ -552,7 +541,7 @@ unsigned int len;
552 * wr->data */ 541 * wr->data */
553 542
554 /* first we compress */ 543 /* first we compress */
555 if ((sess != NULL) && (sess->write_compression != NULL)) 544 if (s->compress != NULL)
556 { 545 {
557 if (!do_compress(s)) 546 if (!do_compress(s))
558 { 547 {
@@ -606,16 +595,15 @@ err:
606 } 595 }
607 596
608/* if s->s3->wbuf.left != 0, we need to call this */ 597/* if s->s3->wbuf.left != 0, we need to call this */
609static int ssl3_write_pending(s,type,buf,len) 598static int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
610SSL *s; 599 unsigned int len)
611int type;
612char *buf;
613unsigned int len;
614 { 600 {
615 int i; 601 int i;
616 602
617/* XXXX */ 603/* XXXX */
618 if ((s->s3->wpend_tot > (int)len) || (s->s3->wpend_buf != buf) 604 if ((s->s3->wpend_tot > (int)len)
605 || ((s->s3->wpend_buf != buf) &&
606 !(s->mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER))
619 || (s->s3->wpend_type != type)) 607 || (s->s3->wpend_type != type))
620 { 608 {
621 SSLerr(SSL_F_SSL3_WRITE_PENDING,SSL_R_BAD_WRITE_RETRY); 609 SSLerr(SSL_F_SSL3_WRITE_PENDING,SSL_R_BAD_WRITE_RETRY);
@@ -650,18 +638,14 @@ unsigned int len;
650 } 638 }
651 } 639 }
652 640
653int ssl3_read_bytes(s,type,buf,len) 641int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len)
654SSL *s;
655int type;
656char *buf;
657int len;
658 { 642 {
659 int al,i,j,n,ret; 643 int al,i,j,n,ret;
660 SSL3_RECORD *rr; 644 SSL3_RECORD *rr;
661 void (*cb)()=NULL; 645 void (*cb)()=NULL;
662 BIO *bio; 646 BIO *bio;
663 647
664 if (s->s3->rbuf.buf == NULL) /* Not initalised yet */ 648 if (s->s3->rbuf.buf == NULL) /* Not initialize yet */
665 if (!ssl3_setup_buffers(s)) 649 if (!ssl3_setup_buffers(s))
666 return(-1); 650 return(-1);
667 651
@@ -786,7 +770,8 @@ start:
786 770
787 s->rwstate=SSL_NOTHING; 771 s->rwstate=SSL_NOTHING;
788 s->s3->fatal_alert=n; 772 s->s3->fatal_alert=n;
789 SSLerr(SSL_F_SSL3_READ_BYTES,1000+n); 773 SSLerr(SSL_F_SSL3_READ_BYTES,
774 SSL_AD_REASON_OFFSET+n);
790 sprintf(tmp,"%d",n); 775 sprintf(tmp,"%d",n);
791 ERR_add_error_data(2,"SSL alert number ",tmp); 776 ERR_add_error_data(2,"SSL alert number ",tmp);
792 s->shutdown|=SSL_RECEIVED_SHUTDOWN; 777 s->shutdown|=SSL_RECEIVED_SHUTDOWN;
@@ -836,7 +821,9 @@ start:
836 if (((s->state&SSL_ST_MASK) == SSL_ST_OK) && 821 if (((s->state&SSL_ST_MASK) == SSL_ST_OK) &&
837 !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)) 822 !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS))
838 { 823 {
839 s->state=SSL_ST_BEFORE; 824 s->state=SSL_ST_BEFORE|(s->server)
825 ?SSL_ST_ACCEPT
826 :SSL_ST_CONNECT;
840 s->new_session=1; 827 s->new_session=1;
841 } 828 }
842 n=s->handshake_func(s); 829 n=s->handshake_func(s);
@@ -937,7 +924,7 @@ start:
937 } 924 }
938 925
939 if (type == SSL3_RT_HANDSHAKE) 926 if (type == SSL3_RT_HANDSHAKE)
940 ssl3_finish_mac(s,(unsigned char *)buf,n); 927 ssl3_finish_mac(s,buf,n);
941 return(n); 928 return(n);
942f_err: 929f_err:
943 ssl3_send_alert(s,SSL3_AL_FATAL,al); 930 ssl3_send_alert(s,SSL3_AL_FATAL,al);
@@ -945,8 +932,7 @@ err:
945 return(-1); 932 return(-1);
946 } 933 }
947 934
948static int do_change_cipher_spec(s) 935static int do_change_cipher_spec(SSL *s)
949SSL *s;
950 { 936 {
951 int i; 937 int i;
952 unsigned char *sender; 938 unsigned char *sender;
@@ -988,14 +974,12 @@ SSL *s;
988 return(1); 974 return(1);
989 } 975 }
990 976
991int ssl3_do_write(s,type) 977int ssl3_do_write(SSL *s, int type)
992SSL *s;
993int type;
994 { 978 {
995 int ret; 979 int ret;
996 980
997 ret=ssl3_write_bytes(s,type,(char *) 981 ret=ssl3_write_bytes(s,type,&s->init_buf->data[s->init_off],
998 &(s->init_buf->data[s->init_off]),s->init_num); 982 s->init_num);
999 if (ret == s->init_num) 983 if (ret == s->init_num)
1000 return(1); 984 return(1);
1001 if (ret < 0) return(-1); 985 if (ret < 0) return(-1);
@@ -1004,10 +988,7 @@ int type;
1004 return(0); 988 return(0);
1005 } 989 }
1006 990
1007void ssl3_send_alert(s,level,desc) 991void ssl3_send_alert(SSL *s, int level, int desc)
1008SSL *s;
1009int level;
1010int desc;
1011 { 992 {
1012 /* Map tls/ssl alert value to correct one */ 993 /* Map tls/ssl alert value to correct one */
1013 desc=s->method->ssl3_enc->alert_value(desc); 994 desc=s->method->ssl3_enc->alert_value(desc);
@@ -1025,14 +1006,13 @@ int desc;
1025 * some time in the future */ 1006 * some time in the future */
1026 } 1007 }
1027 1008
1028int ssl3_dispatch_alert(s) 1009int ssl3_dispatch_alert(SSL *s)
1029SSL *s;
1030 { 1010 {
1031 int i,j; 1011 int i,j;
1032 void (*cb)()=NULL; 1012 void (*cb)()=NULL;
1033 1013
1034 s->s3->alert_dispatch=0; 1014 s->s3->alert_dispatch=0;
1035 i=do_ssl3_write(s,SSL3_RT_ALERT,&(s->s3->send_alert[0]),2); 1015 i=do_ssl3_write(s,SSL3_RT_ALERT,&s->s3->send_alert[0],2);
1036 if (i <= 0) 1016 if (i <= 0)
1037 { 1017 {
1038 s->s3->alert_dispatch=1; 1018 s->s3->alert_dispatch=1;
@@ -1043,7 +1023,7 @@ SSL *s;
1043 * does not get sent due to non-blocking IO, we will 1023 * does not get sent due to non-blocking IO, we will
1044 * not worry too much. */ 1024 * not worry too much. */
1045 if (s->s3->send_alert[0] == SSL3_AL_FATAL) 1025 if (s->s3->send_alert[0] == SSL3_AL_FATAL)
1046 BIO_flush(s->wbio); 1026 (void)BIO_flush(s->wbio);
1047 1027
1048 if (s->info_callback != NULL) 1028 if (s->info_callback != NULL)
1049 cb=s->info_callback; 1029 cb=s->info_callback;
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-11-22 07:25:30 +0000