summaryrefslogtreecommitdiff
path: root/src/lib/libssl/s3_pkt.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libssl/s3_pkt.c')
-rw-r--r--src/lib/libssl/s3_pkt.c77
1 files changed, 68 insertions, 9 deletions
diff --git a/src/lib/libssl/s3_pkt.c b/src/lib/libssl/s3_pkt.c
index f9b3629cf7..adf8c387cc 100644
--- a/src/lib/libssl/s3_pkt.c
+++ b/src/lib/libssl/s3_pkt.c
@@ -115,6 +115,7 @@
115#include "ssl_locl.h" 115#include "ssl_locl.h"
116#include <openssl/evp.h> 116#include <openssl/evp.h>
117#include <openssl/buffer.h> 117#include <openssl/buffer.h>
118#include <openssl/rand.h>
118 119
119static int do_ssl3_write(SSL *s, int type, const unsigned char *buf, 120static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
120 unsigned int len, int create_empty_fragment); 121 unsigned int len, int create_empty_fragment);
@@ -630,6 +631,7 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
630 unsigned char *p,*plen; 631 unsigned char *p,*plen;
631 int i,mac_size,clear=0; 632 int i,mac_size,clear=0;
632 int prefix_len=0; 633 int prefix_len=0;
634 int eivlen;
633 long align=0; 635 long align=0;
634 SSL3_RECORD *wr; 636 SSL3_RECORD *wr;
635 SSL3_BUFFER *wb=&(s->s3->wbuf); 637 SSL3_BUFFER *wb=&(s->s3->wbuf);
@@ -662,10 +664,14 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
662 if ( (sess == NULL) || 664 if ( (sess == NULL) ||
663 (s->enc_write_ctx == NULL) || 665 (s->enc_write_ctx == NULL) ||
664 (EVP_MD_CTX_md(s->write_hash) == NULL)) 666 (EVP_MD_CTX_md(s->write_hash) == NULL))
667 {
668#if 1
669 clear=s->enc_write_ctx?0:1; /* must be AEAD cipher */
670#else
665 clear=1; 671 clear=1;
666 672#endif
667 if (clear)
668 mac_size=0; 673 mac_size=0;
674 }
669 else 675 else
670 { 676 {
671 mac_size=EVP_MD_CTX_size(s->write_hash); 677 mac_size=EVP_MD_CTX_size(s->write_hash);
@@ -734,14 +740,39 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
734 wr->type=type; 740 wr->type=type;
735 741
736 *(p++)=(s->version>>8); 742 *(p++)=(s->version>>8);
737 *(p++)=s->version&0xff; 743 /* Some servers hang if iniatial client hello is larger than 256
744 * bytes and record version number > TLS 1.0
745 */
746 if (s->state == SSL3_ST_CW_CLNT_HELLO_B
747 && TLS1_get_version(s) > TLS1_VERSION)
748 *(p++) = 0x1;
749 else
750 *(p++)=s->version&0xff;
738 751
739 /* field where we are to write out packet length */ 752 /* field where we are to write out packet length */
740 plen=p; 753 plen=p;
741 p+=2; 754 p+=2;
755 /* Explicit IV length, block ciphers and TLS version 1.1 or later */
756 if (s->enc_write_ctx && s->version >= TLS1_1_VERSION)
757 {
758 int mode = EVP_CIPHER_CTX_mode(s->enc_write_ctx);
759 if (mode == EVP_CIPH_CBC_MODE)
760 {
761 eivlen = EVP_CIPHER_CTX_iv_length(s->enc_write_ctx);
762 if (eivlen <= 1)
763 eivlen = 0;
764 }
765 /* Need explicit part of IV for GCM mode */
766 else if (mode == EVP_CIPH_GCM_MODE)
767 eivlen = EVP_GCM_TLS_EXPLICIT_IV_LEN;
768 else
769 eivlen = 0;
770 }
771 else
772 eivlen = 0;
742 773
743 /* lets setup the record stuff. */ 774 /* lets setup the record stuff. */
744 wr->data=p; 775 wr->data=p + eivlen;
745 wr->length=(int)len; 776 wr->length=(int)len;
746 wr->input=(unsigned char *)buf; 777 wr->input=(unsigned char *)buf;
747 778
@@ -769,11 +800,19 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
769 800
770 if (mac_size != 0) 801 if (mac_size != 0)
771 { 802 {
772 if (s->method->ssl3_enc->mac(s,&(p[wr->length]),1) < 0) 803 if (s->method->ssl3_enc->mac(s,&(p[wr->length + eivlen]),1) < 0)
773 goto err; 804 goto err;
774 wr->length+=mac_size; 805 wr->length+=mac_size;
775 wr->input=p; 806 }
776 wr->data=p; 807
808 wr->input=p;
809 wr->data=p;
810
811 if (eivlen)
812 {
813 /* if (RAND_pseudo_bytes(p, eivlen) <= 0)
814 goto err; */
815 wr->length += eivlen;
777 } 816 }
778 817
779 /* ssl3_enc can only have an error on read */ 818 /* ssl3_enc can only have an error on read */
@@ -1042,6 +1081,19 @@ start:
1042 dest = s->s3->alert_fragment; 1081 dest = s->s3->alert_fragment;
1043 dest_len = &s->s3->alert_fragment_len; 1082 dest_len = &s->s3->alert_fragment_len;
1044 } 1083 }
1084#ifndef OPENSSL_NO_HEARTBEATS
1085 else if (rr->type == TLS1_RT_HEARTBEAT)
1086 {
1087 tls1_process_heartbeat(s);
1088
1089 /* Exit and notify application to read again */
1090 rr->length = 0;
1091 s->rwstate=SSL_READING;
1092 BIO_clear_retry_flags(SSL_get_rbio(s));
1093 BIO_set_retry_read(SSL_get_rbio(s));
1094 return(-1);
1095 }
1096#endif
1045 1097
1046 if (dest_maxlen > 0) 1098 if (dest_maxlen > 0)
1047 { 1099 {
@@ -1185,6 +1237,10 @@ start:
1185 SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_NO_RENEGOTIATION); 1237 SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_NO_RENEGOTIATION);
1186 goto f_err; 1238 goto f_err;
1187 } 1239 }
1240#ifdef SSL_AD_MISSING_SRP_USERNAME
1241 if (alert_descr == SSL_AD_MISSING_SRP_USERNAME)
1242 return(0);
1243#endif
1188 } 1244 }
1189 else if (alert_level == 2) /* fatal */ 1245 else if (alert_level == 2) /* fatal */
1190 { 1246 {
@@ -1263,6 +1319,7 @@ start:
1263#else 1319#else
1264 s->state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT; 1320 s->state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT;
1265#endif 1321#endif
1322 s->renegotiate=1;
1266 s->new_session=1; 1323 s->new_session=1;
1267 } 1324 }
1268 i=s->handshake_func(s); 1325 i=s->handshake_func(s);
@@ -1296,8 +1353,10 @@ start:
1296 { 1353 {
1297 default: 1354 default:
1298#ifndef OPENSSL_NO_TLS 1355#ifndef OPENSSL_NO_TLS
1299 /* TLS just ignores unknown message types */ 1356 /* TLS up to v1.1 just ignores unknown message types:
1300 if (s->version == TLS1_VERSION) 1357 * TLS v1.2 give an unexpected message alert.
1358 */
1359 if (s->version >= TLS1_VERSION && s->version <= TLS1_1_VERSION)
1301 { 1360 {
1302 rr->length = 0; 1361 rr->length = 0;
1303 goto start; 1362 goto start;
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-26 07:26:00 +0000