summaryrefslogtreecommitdiff
path: root/src/lib/libssl/s3_pkt.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libssl/s3_pkt.c')
-rw-r--r--src/lib/libssl/s3_pkt.c77
1 files changed, 9 insertions, 68 deletions
diff --git a/src/lib/libssl/s3_pkt.c b/src/lib/libssl/s3_pkt.c
index adf8c387cc..f9b3629cf7 100644
--- a/src/lib/libssl/s3_pkt.c
+++ b/src/lib/libssl/s3_pkt.c
@@ -115,7 +115,6 @@
115#include "ssl_locl.h" 115#include "ssl_locl.h"
116#include <openssl/evp.h> 116#include <openssl/evp.h>
117#include <openssl/buffer.h> 117#include <openssl/buffer.h>
118#include <openssl/rand.h>
119 118
120static int do_ssl3_write(SSL *s, int type, const unsigned char *buf, 119static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
121 unsigned int len, int create_empty_fragment); 120 unsigned int len, int create_empty_fragment);
@@ -631,7 +630,6 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
631 unsigned char *p,*plen; 630 unsigned char *p,*plen;
632 int i,mac_size,clear=0; 631 int i,mac_size,clear=0;
633 int prefix_len=0; 632 int prefix_len=0;
634 int eivlen;
635 long align=0; 633 long align=0;
636 SSL3_RECORD *wr; 634 SSL3_RECORD *wr;
637 SSL3_BUFFER *wb=&(s->s3->wbuf); 635 SSL3_BUFFER *wb=&(s->s3->wbuf);
@@ -664,14 +662,10 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
664 if ( (sess == NULL) || 662 if ( (sess == NULL) ||
665 (s->enc_write_ctx == NULL) || 663 (s->enc_write_ctx == NULL) ||
666 (EVP_MD_CTX_md(s->write_hash) == NULL)) 664 (EVP_MD_CTX_md(s->write_hash) == NULL))
667 {
668#if 1
669 clear=s->enc_write_ctx?0:1; /* must be AEAD cipher */
670#else
671 clear=1; 665 clear=1;
672#endif 666
667 if (clear)
673 mac_size=0; 668 mac_size=0;
674 }
675 else 669 else
676 { 670 {
677 mac_size=EVP_MD_CTX_size(s->write_hash); 671 mac_size=EVP_MD_CTX_size(s->write_hash);
@@ -740,39 +734,14 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
740 wr->type=type; 734 wr->type=type;
741 735
742 *(p++)=(s->version>>8); 736 *(p++)=(s->version>>8);
743 /* Some servers hang if iniatial client hello is larger than 256 737 *(p++)=s->version&0xff;
744 * bytes and record version number > TLS 1.0
745 */
746 if (s->state == SSL3_ST_CW_CLNT_HELLO_B
747 && TLS1_get_version(s) > TLS1_VERSION)
748 *(p++) = 0x1;
749 else
750 *(p++)=s->version&0xff;
751 738
752 /* field where we are to write out packet length */ 739 /* field where we are to write out packet length */
753 plen=p; 740 plen=p;
754 p+=2; 741 p+=2;
755 /* Explicit IV length, block ciphers and TLS version 1.1 or later */
756 if (s->enc_write_ctx && s->version >= TLS1_1_VERSION)
757 {
758 int mode = EVP_CIPHER_CTX_mode(s->enc_write_ctx);
759 if (mode == EVP_CIPH_CBC_MODE)
760 {
761 eivlen = EVP_CIPHER_CTX_iv_length(s->enc_write_ctx);
762 if (eivlen <= 1)
763 eivlen = 0;
764 }
765 /* Need explicit part of IV for GCM mode */
766 else if (mode == EVP_CIPH_GCM_MODE)
767 eivlen = EVP_GCM_TLS_EXPLICIT_IV_LEN;
768 else
769 eivlen = 0;
770 }
771 else
772 eivlen = 0;
773 742
774 /* lets setup the record stuff. */ 743 /* lets setup the record stuff. */
775 wr->data=p + eivlen; 744 wr->data=p;
776 wr->length=(int)len; 745 wr->length=(int)len;
777 wr->input=(unsigned char *)buf; 746 wr->input=(unsigned char *)buf;
778 747
@@ -800,19 +769,11 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
800 769
801 if (mac_size != 0) 770 if (mac_size != 0)
802 { 771 {
803 if (s->method->ssl3_enc->mac(s,&(p[wr->length + eivlen]),1) < 0) 772 if (s->method->ssl3_enc->mac(s,&(p[wr->length]),1) < 0)
804 goto err; 773 goto err;
805 wr->length+=mac_size; 774 wr->length+=mac_size;
806 } 775 wr->input=p;
807 776 wr->data=p;
808 wr->input=p;
809 wr->data=p;
810
811 if (eivlen)
812 {
813 /* if (RAND_pseudo_bytes(p, eivlen) <= 0)
814 goto err; */
815 wr->length += eivlen;
816 } 777 }
817 778
818 /* ssl3_enc can only have an error on read */ 779 /* ssl3_enc can only have an error on read */
@@ -1081,19 +1042,6 @@ start:
1081 dest = s->s3->alert_fragment; 1042 dest = s->s3->alert_fragment;
1082 dest_len = &s->s3->alert_fragment_len; 1043 dest_len = &s->s3->alert_fragment_len;
1083 } 1044 }
1084#ifndef OPENSSL_NO_HEARTBEATS
1085 else if (rr->type == TLS1_RT_HEARTBEAT)
1086 {
1087 tls1_process_heartbeat(s);
1088
1089 /* Exit and notify application to read again */
1090 rr->length = 0;
1091 s->rwstate=SSL_READING;
1092 BIO_clear_retry_flags(SSL_get_rbio(s));
1093 BIO_set_retry_read(SSL_get_rbio(s));
1094 return(-1);
1095 }
1096#endif
1097 1045
1098 if (dest_maxlen > 0) 1046 if (dest_maxlen > 0)
1099 { 1047 {
@@ -1237,10 +1185,6 @@ start:
1237 SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_NO_RENEGOTIATION); 1185 SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_NO_RENEGOTIATION);
1238 goto f_err; 1186 goto f_err;
1239 } 1187 }
1240#ifdef SSL_AD_MISSING_SRP_USERNAME
1241 if (alert_descr == SSL_AD_MISSING_SRP_USERNAME)
1242 return(0);
1243#endif
1244 } 1188 }
1245 else if (alert_level == 2) /* fatal */ 1189 else if (alert_level == 2) /* fatal */
1246 { 1190 {
@@ -1319,7 +1263,6 @@ start:
1319#else 1263#else
1320 s->state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT; 1264 s->state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT;
1321#endif 1265#endif
1322 s->renegotiate=1;
1323 s->new_session=1; 1266 s->new_session=1;
1324 } 1267 }
1325 i=s->handshake_func(s); 1268 i=s->handshake_func(s);
@@ -1353,10 +1296,8 @@ start:
1353 { 1296 {
1354 default: 1297 default:
1355#ifndef OPENSSL_NO_TLS 1298#ifndef OPENSSL_NO_TLS
1356 /* TLS up to v1.1 just ignores unknown message types: 1299 /* TLS just ignores unknown message types */
1357 * TLS v1.2 give an unexpected message alert. 1300 if (s->version == TLS1_VERSION)
1358 */
1359 if (s->version >= TLS1_VERSION && s->version <= TLS1_1_VERSION)
1360 { 1301 {
1361 rr->length = 0; 1302 rr->length = 0;
1362 goto start; 1303 goto start;
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-10-04 17:11:01 +0000