summaryrefslogtreecommitdiff
path: root/src/lib/libssl/s3_pkt.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libssl/s3_pkt.c')
-rw-r--r--src/lib/libssl/s3_pkt.c283
1 files changed, 77 insertions, 206 deletions
diff --git a/src/lib/libssl/s3_pkt.c b/src/lib/libssl/s3_pkt.c
index e3f6050a26..515739c08c 100644
--- a/src/lib/libssl/s3_pkt.c
+++ b/src/lib/libssl/s3_pkt.c
@@ -129,113 +129,73 @@ int ssl3_read_n(SSL *s, int n, int max, int extend)
129 * (If s->read_ahead is set, 'max' bytes may be stored in rbuf 129 * (If s->read_ahead is set, 'max' bytes may be stored in rbuf
130 * [plus s->packet_length bytes if extend == 1].) 130 * [plus s->packet_length bytes if extend == 1].)
131 */ 131 */
132 int i,len,left; 132 int i,off,newb;
133 long align=0;
134 unsigned char *pkt;
135 SSL3_BUFFER *rb;
136
137 if (n <= 0) return n;
138
139 rb = &(s->s3->rbuf);
140 if (rb->buf == NULL)
141 if (!ssl3_setup_read_buffer(s))
142 return -1;
143
144 left = rb->left;
145#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0
146 align = (long)rb->buf + SSL3_RT_HEADER_LENGTH;
147 align = (-align)&(SSL3_ALIGN_PAYLOAD-1);
148#endif
149 133
150 if (!extend) 134 if (!extend)
151 { 135 {
152 /* start with empty packet ... */ 136 /* start with empty packet ... */
153 if (left == 0) 137 if (s->s3->rbuf.left == 0)
154 rb->offset = align; 138 s->s3->rbuf.offset = 0;
155 else if (align != 0 && left >= SSL3_RT_HEADER_LENGTH) 139 s->packet = s->s3->rbuf.buf + s->s3->rbuf.offset;
156 {
157 /* check if next packet length is large
158 * enough to justify payload alignment... */
159 pkt = rb->buf + rb->offset;
160 if (pkt[0] == SSL3_RT_APPLICATION_DATA
161 && (pkt[3]<<8|pkt[4]) >= 128)
162 {
163 /* Note that even if packet is corrupted
164 * and its length field is insane, we can
165 * only be led to wrong decision about
166 * whether memmove will occur or not.
167 * Header values has no effect on memmove
168 * arguments and therefore no buffer
169 * overrun can be triggered. */
170 memmove (rb->buf+align,pkt,left);
171 rb->offset = align;
172 }
173 }
174 s->packet = rb->buf + rb->offset;
175 s->packet_length = 0; 140 s->packet_length = 0;
176 /* ... now we can act as if 'extend' was set */ 141 /* ... now we can act as if 'extend' was set */
177 } 142 }
178 143
179 /* For DTLS/UDP reads should not span multiple packets 144 /* extend reads should not span multiple packets for DTLS */
180 * because the read operation returns the whole packet 145 if ( SSL_version(s) == DTLS1_VERSION &&
181 * at once (as long as it fits into the buffer). */ 146 extend)
182 if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER)
183 { 147 {
184 if (left > 0 && n > left) 148 if ( s->s3->rbuf.left > 0 && n > s->s3->rbuf.left)
185 n = left; 149 n = s->s3->rbuf.left;
186 } 150 }
187 151
188 /* if there is enough in the buffer from a previous read, take some */ 152 /* if there is enough in the buffer from a previous read, take some */
189 if (left >= n) 153 if (s->s3->rbuf.left >= (int)n)
190 { 154 {
191 s->packet_length+=n; 155 s->packet_length+=n;
192 rb->left=left-n; 156 s->s3->rbuf.left-=n;
193 rb->offset+=n; 157 s->s3->rbuf.offset+=n;
194 return(n); 158 return(n);
195 } 159 }
196 160
197 /* else we need to read more data */ 161 /* else we need to read more data */
162 if (!s->read_ahead)
163 max=n;
198 164
199 len = s->packet_length; 165 {
200 pkt = rb->buf+align; 166 /* avoid buffer overflow */
201 /* Move any available bytes to front of buffer: 167 int max_max = s->s3->rbuf.len - s->packet_length;
202 * 'len' bytes already pointed to by 'packet', 168 if (max > max_max)
203 * 'left' extra ones at the end */ 169 max = max_max;
204 if (s->packet != pkt) /* len > 0 */ 170 }
205 { 171 if (n > max) /* does not happen */
206 memmove(pkt, s->packet, len+left);
207 s->packet = pkt;
208 rb->offset = len + align;
209 }
210
211 if (n > (int)(rb->len - rb->offset)) /* does not happen */
212 { 172 {
213 SSLerr(SSL_F_SSL3_READ_N,ERR_R_INTERNAL_ERROR); 173 SSLerr(SSL_F_SSL3_READ_N,ERR_R_INTERNAL_ERROR);
214 return -1; 174 return -1;
215 } 175 }
216 176
217 if (!s->read_ahead) 177 off = s->packet_length;
218 /* ignore max parameter */ 178 newb = s->s3->rbuf.left;
219 max = n; 179 /* Move any available bytes to front of buffer:
220 else 180 * 'off' bytes already pointed to by 'packet',
181 * 'newb' extra ones at the end */
182 if (s->packet != s->s3->rbuf.buf)
221 { 183 {
222 if (max < n) 184 /* off > 0 */
223 max = n; 185 memmove(s->s3->rbuf.buf, s->packet, off+newb);
224 if (max > (int)(rb->len - rb->offset)) 186 s->packet = s->s3->rbuf.buf;
225 max = rb->len - rb->offset;
226 } 187 }
227 188
228 while (left < n) 189 while (newb < n)
229 { 190 {
230 /* Now we have len+left bytes at the front of s->s3->rbuf.buf 191 /* Now we have off+newb bytes at the front of s->s3->rbuf.buf and need
231 * and need to read in more until we have len+n (up to 192 * to read in more until we have off+n (up to off+max if possible) */
232 * len+max if possible) */
233 193
234 clear_sys_error(); 194 clear_sys_error();
235 if (s->rbio != NULL) 195 if (s->rbio != NULL)
236 { 196 {
237 s->rwstate=SSL_READING; 197 s->rwstate=SSL_READING;
238 i=BIO_read(s->rbio,pkt+len+left, max-left); 198 i=BIO_read(s->rbio, &(s->s3->rbuf.buf[off+newb]), max-newb);
239 } 199 }
240 else 200 else
241 { 201 {
@@ -245,26 +205,15 @@ int ssl3_read_n(SSL *s, int n, int max, int extend)
245 205
246 if (i <= 0) 206 if (i <= 0)
247 { 207 {
248 rb->left = left; 208 s->s3->rbuf.left = newb;
249 if (s->mode & SSL_MODE_RELEASE_BUFFERS)
250 if (len+left == 0)
251 ssl3_release_read_buffer(s);
252 return(i); 209 return(i);
253 } 210 }
254 left+=i; 211 newb+=i;
255 /* reads should *never* span multiple packets for DTLS because
256 * the underlying transport protocol is message oriented as opposed
257 * to byte oriented as in the TLS case. */
258 if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER)
259 {
260 if (n > left)
261 n = left; /* makes the while condition false */
262 }
263 } 212 }
264 213
265 /* done reading, now the book-keeping */ 214 /* done reading, now the book-keeping */
266 rb->offset += n; 215 s->s3->rbuf.offset = off + n;
267 rb->left = left - n; 216 s->s3->rbuf.left = newb - n;
268 s->packet_length += n; 217 s->packet_length += n;
269 s->rwstate=SSL_NOTHING; 218 s->rwstate=SSL_NOTHING;
270 return(n); 219 return(n);
@@ -288,7 +237,7 @@ static int ssl3_get_record(SSL *s)
288 unsigned char *p; 237 unsigned char *p;
289 unsigned char md[EVP_MAX_MD_SIZE]; 238 unsigned char md[EVP_MAX_MD_SIZE];
290 short version; 239 short version;
291 int mac_size; 240 unsigned int mac_size;
292 int clear=0; 241 int clear=0;
293 size_t extra; 242 size_t extra;
294 int decryption_failed_or_bad_record_mac = 0; 243 int decryption_failed_or_bad_record_mac = 0;
@@ -301,9 +250,9 @@ static int ssl3_get_record(SSL *s)
301 extra=SSL3_RT_MAX_EXTRA; 250 extra=SSL3_RT_MAX_EXTRA;
302 else 251 else
303 extra=0; 252 extra=0;
304 if (extra && !s->s3->init_extra) 253 if (extra != s->s3->rbuf.len - SSL3_RT_MAX_PACKET_SIZE)
305 { 254 {
306 /* An application error: SLS_OP_MICROSOFT_BIG_SSLV3_BUFFER 255 /* actually likely an application error: SLS_OP_MICROSOFT_BIG_SSLV3_BUFFER
307 * set after ssl3_setup_buffers() was done */ 256 * set after ssl3_setup_buffers() was done */
308 SSLerr(SSL_F_SSL3_GET_RECORD, ERR_R_INTERNAL_ERROR); 257 SSLerr(SSL_F_SSL3_GET_RECORD, ERR_R_INTERNAL_ERROR);
309 return -1; 258 return -1;
@@ -326,9 +275,6 @@ again:
326 ssl_minor= *(p++); 275 ssl_minor= *(p++);
327 version=(ssl_major<<8)|ssl_minor; 276 version=(ssl_major<<8)|ssl_minor;
328 n2s(p,rr->length); 277 n2s(p,rr->length);
329#if 0
330fprintf(stderr, "Record type=%d, Length=%d\n", rr->type, rr->length);
331#endif
332 278
333 /* Lets check version */ 279 /* Lets check version */
334 if (!s->first_packet) 280 if (!s->first_packet)
@@ -337,7 +283,8 @@ fprintf(stderr, "Record type=%d, Length=%d\n", rr->type, rr->length);
337 { 283 {
338 SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER); 284 SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER);
339 if ((s->version & 0xFF00) == (version & 0xFF00)) 285 if ((s->version & 0xFF00) == (version & 0xFF00))
340 /* Send back error using their minor version number :-) */ 286 /* Send back error using their
287 * minor version number :-) */
341 s->version = (unsigned short)version; 288 s->version = (unsigned short)version;
342 al=SSL_AD_PROTOCOL_VERSION; 289 al=SSL_AD_PROTOCOL_VERSION;
343 goto f_err; 290 goto f_err;
@@ -350,7 +297,7 @@ fprintf(stderr, "Record type=%d, Length=%d\n", rr->type, rr->length);
350 goto err; 297 goto err;
351 } 298 }
352 299
353 if (rr->length > s->s3->rbuf.len - SSL3_RT_HEADER_LENGTH) 300 if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH+extra)
354 { 301 {
355 al=SSL_AD_RECORD_OVERFLOW; 302 al=SSL_AD_RECORD_OVERFLOW;
356 SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_PACKET_LENGTH_TOO_LONG); 303 SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_PACKET_LENGTH_TOO_LONG);
@@ -423,14 +370,12 @@ printf("\n");
423 /* r->length is now the compressed data plus mac */ 370 /* r->length is now the compressed data plus mac */
424 if ( (sess == NULL) || 371 if ( (sess == NULL) ||
425 (s->enc_read_ctx == NULL) || 372 (s->enc_read_ctx == NULL) ||
426 (EVP_MD_CTX_md(s->read_hash) == NULL)) 373 (s->read_hash == NULL))
427 clear=1; 374 clear=1;
428 375
429 if (!clear) 376 if (!clear)
430 { 377 {
431 /* !clear => s->read_hash != NULL => mac_size != -1 */ 378 mac_size=EVP_MD_size(s->read_hash);
432 mac_size=EVP_MD_CTX_size(s->read_hash);
433 OPENSSL_assert(mac_size >= 0);
434 379
435 if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+extra+mac_size) 380 if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+extra+mac_size)
436 { 381 {
@@ -443,7 +388,7 @@ printf("\n");
443#endif 388#endif
444 } 389 }
445 /* check the MAC for rr->input (it's in mac_size bytes at the tail) */ 390 /* check the MAC for rr->input (it's in mac_size bytes at the tail) */
446 if (rr->length >= (unsigned int)mac_size) 391 if (rr->length >= mac_size)
447 { 392 {
448 rr->length -= mac_size; 393 rr->length -= mac_size;
449 mac = &rr->data[rr->length]; 394 mac = &rr->data[rr->length];
@@ -461,7 +406,7 @@ printf("\n");
461#endif 406#endif
462 } 407 }
463 i=s->method->ssl3_enc->mac(s,md,0); 408 i=s->method->ssl3_enc->mac(s,md,0);
464 if (i < 0 || mac == NULL || memcmp(md, mac, (size_t)mac_size) != 0) 409 if (mac == NULL || memcmp(md, mac, mac_size) != 0)
465 { 410 {
466 decryption_failed_or_bad_record_mac = 1; 411 decryption_failed_or_bad_record_mac = 1;
467 } 412 }
@@ -518,10 +463,6 @@ printf("\n");
518 /* just read a 0 length packet */ 463 /* just read a 0 length packet */
519 if (rr->length == 0) goto again; 464 if (rr->length == 0) goto again;
520 465
521#if 0
522fprintf(stderr, "Ultimate Record type=%d, Length=%d\n", rr->type, rr->length);
523#endif
524
525 return(1); 466 return(1);
526 467
527f_err: 468f_err:
@@ -595,8 +536,8 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len)
595 n=(len-tot); 536 n=(len-tot);
596 for (;;) 537 for (;;)
597 { 538 {
598 if (n > s->max_send_fragment) 539 if (n > SSL3_RT_MAX_PLAIN_LENGTH)
599 nw=s->max_send_fragment; 540 nw=SSL3_RT_MAX_PLAIN_LENGTH;
600 else 541 else
601 nw=n; 542 nw=n;
602 543
@@ -628,19 +569,14 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
628 { 569 {
629 unsigned char *p,*plen; 570 unsigned char *p,*plen;
630 int i,mac_size,clear=0; 571 int i,mac_size,clear=0;
631 int prefix_len=0; 572 int prefix_len = 0;
632 long align=0;
633 SSL3_RECORD *wr; 573 SSL3_RECORD *wr;
634 SSL3_BUFFER *wb=&(s->s3->wbuf); 574 SSL3_BUFFER *wb;
635 SSL_SESSION *sess; 575 SSL_SESSION *sess;
636 576
637 if (wb->buf == NULL)
638 if (!ssl3_setup_write_buffer(s))
639 return -1;
640
641 /* first check if there is a SSL3_BUFFER still being written 577 /* first check if there is a SSL3_BUFFER still being written
642 * out. This will happen with non blocking IO */ 578 * out. This will happen with non blocking IO */
643 if (wb->left != 0) 579 if (s->s3->wbuf.left != 0)
644 return(ssl3_write_pending(s,type,buf,len)); 580 return(ssl3_write_pending(s,type,buf,len));
645 581
646 /* If we have an alert to send, lets send it */ 582 /* If we have an alert to send, lets send it */
@@ -656,21 +592,18 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
656 return 0; 592 return 0;
657 593
658 wr= &(s->s3->wrec); 594 wr= &(s->s3->wrec);
595 wb= &(s->s3->wbuf);
659 sess=s->session; 596 sess=s->session;
660 597
661 if ( (sess == NULL) || 598 if ( (sess == NULL) ||
662 (s->enc_write_ctx == NULL) || 599 (s->enc_write_ctx == NULL) ||
663 (EVP_MD_CTX_md(s->write_hash) == NULL)) 600 (s->write_hash == NULL))
664 clear=1; 601 clear=1;
665 602
666 if (clear) 603 if (clear)
667 mac_size=0; 604 mac_size=0;
668 else 605 else
669 { 606 mac_size=EVP_MD_size(s->write_hash);
670 mac_size=EVP_MD_CTX_size(s->write_hash);
671 if (mac_size < 0)
672 goto err;
673 }
674 607
675 /* 'create_empty_fragment' is true only when this function calls itself */ 608 /* 'create_empty_fragment' is true only when this function calls itself */
676 if (!clear && !create_empty_fragment && !s->s3->empty_fragment_done) 609 if (!clear && !create_empty_fragment && !s->s3->empty_fragment_done)
@@ -688,8 +621,7 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
688 if (prefix_len <= 0) 621 if (prefix_len <= 0)
689 goto err; 622 goto err;
690 623
691 if (prefix_len > 624 if (s->s3->wbuf.len < (size_t)prefix_len + SSL3_RT_MAX_PACKET_SIZE)
692 (SSL3_RT_HEADER_LENGTH + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD))
693 { 625 {
694 /* insufficient space */ 626 /* insufficient space */
695 SSLerr(SSL_F_DO_SSL3_WRITE, ERR_R_INTERNAL_ERROR); 627 SSLerr(SSL_F_DO_SSL3_WRITE, ERR_R_INTERNAL_ERROR);
@@ -700,32 +632,7 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
700 s->s3->empty_fragment_done = 1; 632 s->s3->empty_fragment_done = 1;
701 } 633 }
702 634
703 if (create_empty_fragment) 635 p = wb->buf + prefix_len;
704 {
705#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0
706 /* extra fragment would be couple of cipher blocks,
707 * which would be multiple of SSL3_ALIGN_PAYLOAD, so
708 * if we want to align the real payload, then we can
709 * just pretent we simply have two headers. */
710 align = (long)wb->buf + 2*SSL3_RT_HEADER_LENGTH;
711 align = (-align)&(SSL3_ALIGN_PAYLOAD-1);
712#endif
713 p = wb->buf + align;
714 wb->offset = align;
715 }
716 else if (prefix_len)
717 {
718 p = wb->buf + wb->offset + prefix_len;
719 }
720 else
721 {
722#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0
723 align = (long)wb->buf + SSL3_RT_HEADER_LENGTH;
724 align = (-align)&(SSL3_ALIGN_PAYLOAD-1);
725#endif
726 p = wb->buf + align;
727 wb->offset = align;
728 }
729 636
730 /* write the header */ 637 /* write the header */
731 638
@@ -768,8 +675,7 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
768 675
769 if (mac_size != 0) 676 if (mac_size != 0)
770 { 677 {
771 if (s->method->ssl3_enc->mac(s,&(p[wr->length]),1) < 0) 678 s->method->ssl3_enc->mac(s,&(p[wr->length]),1);
772 goto err;
773 wr->length+=mac_size; 679 wr->length+=mac_size;
774 wr->input=p; 680 wr->input=p;
775 wr->data=p; 681 wr->data=p;
@@ -797,6 +703,7 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
797 703
798 /* now let's set up wb */ 704 /* now let's set up wb */
799 wb->left = prefix_len + wr->length; 705 wb->left = prefix_len + wr->length;
706 wb->offset = 0;
800 707
801 /* memorize arguments so that ssl3_write_pending can detect bad write retries later */ 708 /* memorize arguments so that ssl3_write_pending can detect bad write retries later */
802 s->s3->wpend_tot=len; 709 s->s3->wpend_tot=len;
@@ -815,7 +722,6 @@ int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
815 unsigned int len) 722 unsigned int len)
816 { 723 {
817 int i; 724 int i;
818 SSL3_BUFFER *wb=&(s->s3->wbuf);
819 725
820/* XXXX */ 726/* XXXX */
821 if ((s->s3->wpend_tot > (int)len) 727 if ((s->s3->wpend_tot > (int)len)
@@ -834,20 +740,17 @@ int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
834 { 740 {
835 s->rwstate=SSL_WRITING; 741 s->rwstate=SSL_WRITING;
836 i=BIO_write(s->wbio, 742 i=BIO_write(s->wbio,
837 (char *)&(wb->buf[wb->offset]), 743 (char *)&(s->s3->wbuf.buf[s->s3->wbuf.offset]),
838 (unsigned int)wb->left); 744 (unsigned int)s->s3->wbuf.left);
839 } 745 }
840 else 746 else
841 { 747 {
842 SSLerr(SSL_F_SSL3_WRITE_PENDING,SSL_R_BIO_NOT_SET); 748 SSLerr(SSL_F_SSL3_WRITE_PENDING,SSL_R_BIO_NOT_SET);
843 i= -1; 749 i= -1;
844 } 750 }
845 if (i == wb->left) 751 if (i == s->s3->wbuf.left)
846 { 752 {
847 wb->left=0; 753 s->s3->wbuf.left=0;
848 wb->offset+=i;
849 if (s->mode & SSL_MODE_RELEASE_BUFFERS)
850 ssl3_release_write_buffer(s);
851 s->rwstate=SSL_NOTHING; 754 s->rwstate=SSL_NOTHING;
852 return(s->s3->wpend_ret); 755 return(s->s3->wpend_ret);
853 } 756 }
@@ -856,12 +759,12 @@ int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
856 s->version == DTLS1_BAD_VER) { 759 s->version == DTLS1_BAD_VER) {
857 /* For DTLS, just drop it. That's kind of the whole 760 /* For DTLS, just drop it. That's kind of the whole
858 point in using a datagram service */ 761 point in using a datagram service */
859 wb->left = 0; 762 s->s3->wbuf.left = 0;
860 } 763 }
861 return(i); 764 return(i);
862 } 765 }
863 wb->offset+=i; 766 s->s3->wbuf.offset+=i;
864 wb->left-=i; 767 s->s3->wbuf.left-=i;
865 } 768 }
866 } 769 }
867 770
@@ -900,7 +803,7 @@ int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
900 void (*cb)(const SSL *ssl,int type2,int val)=NULL; 803 void (*cb)(const SSL *ssl,int type2,int val)=NULL;
901 804
902 if (s->s3->rbuf.buf == NULL) /* Not initialized yet */ 805 if (s->s3->rbuf.buf == NULL) /* Not initialized yet */
903 if (!ssl3_setup_read_buffer(s)) 806 if (!ssl3_setup_buffers(s))
904 return(-1); 807 return(-1);
905 808
906 if ((type && (type != SSL3_RT_APPLICATION_DATA) && (type != SSL3_RT_HANDSHAKE) && type) || 809 if ((type && (type != SSL3_RT_APPLICATION_DATA) && (type != SSL3_RT_HANDSHAKE) && type) ||
@@ -1009,8 +912,6 @@ start:
1009 { 912 {
1010 s->rstate=SSL_ST_READ_HEADER; 913 s->rstate=SSL_ST_READ_HEADER;
1011 rr->off=0; 914 rr->off=0;
1012 if (s->mode & SSL_MODE_RELEASE_BUFFERS)
1013 ssl3_release_read_buffer(s);
1014 } 915 }
1015 } 916 }
1016 return(n); 917 return(n);
@@ -1085,6 +986,7 @@ start:
1085 986
1086 if (SSL_is_init_finished(s) && 987 if (SSL_is_init_finished(s) &&
1087 !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) && 988 !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) &&
989 (s->s3->flags & SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION) &&
1088 !s->s3->renegotiate) 990 !s->s3->renegotiate)
1089 { 991 {
1090 ssl3_renegotiate(s); 992 ssl3_renegotiate(s);
@@ -1120,25 +1022,7 @@ start:
1120 * now try again to obtain the (application) data we were asked for */ 1022 * now try again to obtain the (application) data we were asked for */
1121 goto start; 1023 goto start;
1122 } 1024 }
1123 /* If we are a server and get a client hello when renegotiation isn't 1025
1124 * allowed send back a no renegotiation alert and carry on.
1125 * WARNING: experimental code, needs reviewing (steve)
1126 */
1127 if (s->server &&
1128 SSL_is_init_finished(s) &&
1129 !s->s3->send_connection_binding &&
1130 (s->version > SSL3_VERSION) &&
1131 (s->s3->handshake_fragment_len >= 4) &&
1132 (s->s3->handshake_fragment[0] == SSL3_MT_CLIENT_HELLO) &&
1133 (s->session != NULL) && (s->session->cipher != NULL) &&
1134 !(s->ctx->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION))
1135
1136 {
1137 /*s->s3->handshake_fragment_len = 0;*/
1138 rr->length = 0;
1139 ssl3_send_alert(s,SSL3_AL_WARNING, SSL_AD_NO_RENEGOTIATION);
1140 goto start;
1141 }
1142 if (s->s3->alert_fragment_len >= 2) 1026 if (s->s3->alert_fragment_len >= 2)
1143 { 1027 {
1144 int alert_level = s->s3->alert_fragment[0]; 1028 int alert_level = s->s3->alert_fragment[0];
@@ -1168,21 +1052,6 @@ start:
1168 s->shutdown |= SSL_RECEIVED_SHUTDOWN; 1052 s->shutdown |= SSL_RECEIVED_SHUTDOWN;
1169 return(0); 1053 return(0);
1170 } 1054 }
1171 /* This is a warning but we receive it if we requested
1172 * renegotiation and the peer denied it. Terminate with
1173 * a fatal alert because if application tried to
1174 * renegotiatie it presumably had a good reason and
1175 * expects it to succeed.
1176 *
1177 * In future we might have a renegotiation where we
1178 * don't care if the peer refused it where we carry on.
1179 */
1180 else if (alert_descr == SSL_AD_NO_RENEGOTIATION)
1181 {
1182 al = SSL_AD_HANDSHAKE_FAILURE;
1183 SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_NO_RENEGOTIATION);
1184 goto f_err;
1185 }
1186 } 1055 }
1187 else if (alert_level == 2) /* fatal */ 1056 else if (alert_level == 2) /* fatal */
1188 { 1057 {
@@ -1250,7 +1119,8 @@ start:
1250 if ((s->s3->handshake_fragment_len >= 4) && !s->in_handshake) 1119 if ((s->s3->handshake_fragment_len >= 4) && !s->in_handshake)
1251 { 1120 {
1252 if (((s->state&SSL_ST_MASK) == SSL_ST_OK) && 1121 if (((s->state&SSL_ST_MASK) == SSL_ST_OK) &&
1253 !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)) 1122 !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) &&
1123 (s->s3->flags & SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION))
1254 { 1124 {
1255#if 0 /* worked only because C operator preferences are not as expected (and 1125#if 0 /* worked only because C operator preferences are not as expected (and
1256 * because this is not really needed for clients except for detecting 1126 * because this is not really needed for clients except for detecting
@@ -1394,18 +1264,20 @@ int ssl3_do_change_cipher_spec(SSL *s)
1394 } 1264 }
1395 1265
1396 s->s3->tmp.peer_finish_md_len = s->method->ssl3_enc->final_finish_mac(s, 1266 s->s3->tmp.peer_finish_md_len = s->method->ssl3_enc->final_finish_mac(s,
1267 &(s->s3->finish_dgst1),
1268 &(s->s3->finish_dgst2),
1397 sender,slen,s->s3->tmp.peer_finish_md); 1269 sender,slen,s->s3->tmp.peer_finish_md);
1398 1270
1399 return(1); 1271 return(1);
1400 } 1272 }
1401 1273
1402int ssl3_send_alert(SSL *s, int level, int desc) 1274void ssl3_send_alert(SSL *s, int level, int desc)
1403 { 1275 {
1404 /* Map tls/ssl alert value to correct one */ 1276 /* Map tls/ssl alert value to correct one */
1405 desc=s->method->ssl3_enc->alert_value(desc); 1277 desc=s->method->ssl3_enc->alert_value(desc);
1406 if (s->version == SSL3_VERSION && desc == SSL_AD_PROTOCOL_VERSION) 1278 if (s->version == SSL3_VERSION && desc == SSL_AD_PROTOCOL_VERSION)
1407 desc = SSL_AD_HANDSHAKE_FAILURE; /* SSL 3.0 does not have protocol_version alerts */ 1279 desc = SSL_AD_HANDSHAKE_FAILURE; /* SSL 3.0 does not have protocol_version alerts */
1408 if (desc < 0) return -1; 1280 if (desc < 0) return;
1409 /* If a fatal one, remove from cache */ 1281 /* If a fatal one, remove from cache */
1410 if ((level == 2) && (s->session != NULL)) 1282 if ((level == 2) && (s->session != NULL))
1411 SSL_CTX_remove_session(s->ctx,s->session); 1283 SSL_CTX_remove_session(s->ctx,s->session);
@@ -1414,10 +1286,9 @@ int ssl3_send_alert(SSL *s, int level, int desc)
1414 s->s3->send_alert[0]=level; 1286 s->s3->send_alert[0]=level;
1415 s->s3->send_alert[1]=desc; 1287 s->s3->send_alert[1]=desc;
1416 if (s->s3->wbuf.left == 0) /* data still being written out? */ 1288 if (s->s3->wbuf.left == 0) /* data still being written out? */
1417 return s->method->ssl_dispatch_alert(s); 1289 s->method->ssl_dispatch_alert(s);
1418 /* else data is still being written out, we will get written 1290 /* else data is still being written out, we will get written
1419 * some time in the future */ 1291 * some time in the future */
1420 return -1;
1421 } 1292 }
1422 1293
1423int ssl3_dispatch_alert(SSL *s) 1294int ssl3_dispatch_alert(SSL *s)
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-04 06:41:51 +0000