summaryrefslogtreecommitdiff
path: root/src/lib/libssl/ssl_pkt.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libssl/ssl_pkt.c')
-rw-r--r--src/lib/libssl/ssl_pkt.c59
1 files changed, 20 insertions, 39 deletions
diff --git a/src/lib/libssl/ssl_pkt.c b/src/lib/libssl/ssl_pkt.c
index f354fb82bf..38d011fdc3 100644
--- a/src/lib/libssl/ssl_pkt.c
+++ b/src/lib/libssl/ssl_pkt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_pkt.c,v 1.6 2017/01/26 10:40:21 beck Exp $ */ 1/* $OpenBSD: ssl_pkt.c,v 1.7 2017/01/26 12:16:13 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -364,8 +364,7 @@ ssl3_get_record(SSL *s)
364 if (!CBS_get_u8(&header, &type) || 364 if (!CBS_get_u8(&header, &type) ||
365 !CBS_get_u16(&header, &ssl_version) || 365 !CBS_get_u16(&header, &ssl_version) ||
366 !CBS_get_u16(&header, &len)) { 366 !CBS_get_u16(&header, &len)) {
367 SSLerror( 367 SSLerror(SSL_R_BAD_PACKET_LENGTH);
368 SSL_R_BAD_PACKET_LENGTH);
369 goto err; 368 goto err;
370 } 369 }
371 370
@@ -374,8 +373,7 @@ ssl3_get_record(SSL *s)
374 373
375 /* Lets check version */ 374 /* Lets check version */
376 if (!s->internal->first_packet && ssl_version != s->version) { 375 if (!s->internal->first_packet && ssl_version != s->version) {
377 SSLerror( 376 SSLerror(SSL_R_WRONG_VERSION_NUMBER);
378 SSL_R_WRONG_VERSION_NUMBER);
379 if ((s->version & 0xFF00) == (ssl_version & 0xFF00) && 377 if ((s->version & 0xFF00) == (ssl_version & 0xFF00) &&
380 !s->internal->enc_write_ctx && !s->internal->write_hash) 378 !s->internal->enc_write_ctx && !s->internal->write_hash)
381 /* Send back error using their minor version number :-) */ 379 /* Send back error using their minor version number :-) */
@@ -385,15 +383,13 @@ ssl3_get_record(SSL *s)
385 } 383 }
386 384
387 if ((ssl_version >> 8) != SSL3_VERSION_MAJOR) { 385 if ((ssl_version >> 8) != SSL3_VERSION_MAJOR) {
388 SSLerror( 386 SSLerror(SSL_R_WRONG_VERSION_NUMBER);
389 SSL_R_WRONG_VERSION_NUMBER);
390 goto err; 387 goto err;
391 } 388 }
392 389
393 if (rr->length > s->s3->rbuf.len - SSL3_RT_HEADER_LENGTH) { 390 if (rr->length > s->s3->rbuf.len - SSL3_RT_HEADER_LENGTH) {
394 al = SSL_AD_RECORD_OVERFLOW; 391 al = SSL_AD_RECORD_OVERFLOW;
395 SSLerror( 392 SSLerror(SSL_R_PACKET_LENGTH_TOO_LONG);
396 SSL_R_PACKET_LENGTH_TOO_LONG);
397 goto f_err; 393 goto f_err;
398 } 394 }
399 395
@@ -510,8 +506,7 @@ ssl3_get_record(SSL *s)
510 * (e.g. via a logfile) 506 * (e.g. via a logfile)
511 */ 507 */
512 al = SSL_AD_BAD_RECORD_MAC; 508 al = SSL_AD_BAD_RECORD_MAC;
513 SSLerror( 509 SSLerror(SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);
514 SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);
515 goto f_err; 510 goto f_err;
516 } 511 }
517 512
@@ -543,8 +538,7 @@ ssl3_get_record(SSL *s)
543 * empty record without forcing want_read. 538 * empty record without forcing want_read.
544 */ 539 */
545 if (s->internal->empty_record_count++ > SSL_MAX_EMPTY_RECORDS) { 540 if (s->internal->empty_record_count++ > SSL_MAX_EMPTY_RECORDS) {
546 SSLerror( 541 SSLerror(SSL_R_PEER_BEHAVING_BADLY);
547 SSL_R_PEER_BEHAVING_BADLY);
548 return -1; 542 return -1;
549 } 543 }
550 if (s->internal->empty_record_count > 1) { 544 if (s->internal->empty_record_count > 1) {
@@ -588,8 +582,7 @@ ssl3_write_bytes(SSL *s, int type, const void *buf_, int len)
588 if (i < 0) 582 if (i < 0)
589 return (i); 583 return (i);
590 if (i == 0) { 584 if (i == 0) {
591 SSLerror( 585 SSLerror(SSL_R_SSL_HANDSHAKE_FAILURE);
592 SSL_R_SSL_HANDSHAKE_FAILURE);
593 return -1; 586 return -1;
594 } 587 }
595 } 588 }
@@ -698,8 +691,7 @@ do_ssl3_write(SSL *s, int type, const unsigned char *buf,
698 if (prefix_len > 691 if (prefix_len >
699 (SSL3_RT_HEADER_LENGTH + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD)) { 692 (SSL3_RT_HEADER_LENGTH + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD)) {
700 /* insufficient space */ 693 /* insufficient space */
701 SSLerror( 694 SSLerror(ERR_R_INTERNAL_ERROR);
702 ERR_R_INTERNAL_ERROR);
703 goto err; 695 goto err;
704 } 696 }
705 } 697 }
@@ -961,8 +953,7 @@ ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
961 if (i < 0) 953 if (i < 0)
962 return (i); 954 return (i);
963 if (i == 0) { 955 if (i == 0) {
964 SSLerror( 956 SSLerror(SSL_R_SSL_HANDSHAKE_FAILURE);
965 SSL_R_SSL_HANDSHAKE_FAILURE);
966 return (-1); 957 return (-1);
967 } 958 }
968 } 959 }
@@ -1004,8 +995,7 @@ start:
1004 * reset by ssl3_get_finished */ 995 * reset by ssl3_get_finished */
1005 && (rr->type != SSL3_RT_HANDSHAKE)) { 996 && (rr->type != SSL3_RT_HANDSHAKE)) {
1006 al = SSL_AD_UNEXPECTED_MESSAGE; 997 al = SSL_AD_UNEXPECTED_MESSAGE;
1007 SSLerror( 998 SSLerror(SSL_R_DATA_BETWEEN_CCS_AND_FINISHED);
1008 SSL_R_DATA_BETWEEN_CCS_AND_FINISHED);
1009 goto f_err; 999 goto f_err;
1010 } 1000 }
1011 1001
@@ -1025,8 +1015,7 @@ start:
1025 if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) && 1015 if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) &&
1026 (s->enc_read_ctx == NULL)) { 1016 (s->enc_read_ctx == NULL)) {
1027 al = SSL_AD_UNEXPECTED_MESSAGE; 1017 al = SSL_AD_UNEXPECTED_MESSAGE;
1028 SSLerror( 1018 SSLerror(SSL_R_APP_DATA_IN_HANDSHAKE);
1029 SSL_R_APP_DATA_IN_HANDSHAKE);
1030 goto f_err; 1019 goto f_err;
1031 } 1020 }
1032 1021
@@ -1126,8 +1115,7 @@ start:
1126 if (i < 0) 1115 if (i < 0)
1127 return (i); 1116 return (i);
1128 if (i == 0) { 1117 if (i == 0) {
1129 SSLerror( 1118 SSLerror(SSL_R_SSL_HANDSHAKE_FAILURE);
1130 SSL_R_SSL_HANDSHAKE_FAILURE);
1131 return (-1); 1119 return (-1);
1132 } 1120 }
1133 1121
@@ -1200,15 +1188,13 @@ start:
1200 */ 1188 */
1201 else if (alert_descr == SSL_AD_NO_RENEGOTIATION) { 1189 else if (alert_descr == SSL_AD_NO_RENEGOTIATION) {
1202 al = SSL_AD_HANDSHAKE_FAILURE; 1190 al = SSL_AD_HANDSHAKE_FAILURE;
1203 SSLerror( 1191 SSLerror(SSL_R_NO_RENEGOTIATION);
1204 SSL_R_NO_RENEGOTIATION);
1205 goto f_err; 1192 goto f_err;
1206 } 1193 }
1207 } else if (alert_level == SSL3_AL_FATAL) { 1194 } else if (alert_level == SSL3_AL_FATAL) {
1208 s->internal->rwstate = SSL_NOTHING; 1195 s->internal->rwstate = SSL_NOTHING;
1209 S3I(s)->fatal_alert = alert_descr; 1196 S3I(s)->fatal_alert = alert_descr;
1210 SSLerror( 1197 SSLerror(SSL_AD_REASON_OFFSET + alert_descr);
1211 SSL_AD_REASON_OFFSET + alert_descr);
1212 ERR_asprintf_error_data("SSL alert number %d", 1198 ERR_asprintf_error_data("SSL alert number %d",
1213 alert_descr); 1199 alert_descr);
1214 s->internal->shutdown |= SSL_RECEIVED_SHUTDOWN; 1200 s->internal->shutdown |= SSL_RECEIVED_SHUTDOWN;
@@ -1236,24 +1222,21 @@ start:
1236 if ((rr->length != 1) || (rr->off != 0) || 1222 if ((rr->length != 1) || (rr->off != 0) ||
1237 (rr->data[0] != SSL3_MT_CCS)) { 1223 (rr->data[0] != SSL3_MT_CCS)) {
1238 al = SSL_AD_ILLEGAL_PARAMETER; 1224 al = SSL_AD_ILLEGAL_PARAMETER;
1239 SSLerror( 1225 SSLerror(SSL_R_BAD_CHANGE_CIPHER_SPEC);
1240 SSL_R_BAD_CHANGE_CIPHER_SPEC);
1241 goto f_err; 1226 goto f_err;
1242 } 1227 }
1243 1228
1244 /* Check we have a cipher to change to */ 1229 /* Check we have a cipher to change to */
1245 if (S3I(s)->tmp.new_cipher == NULL) { 1230 if (S3I(s)->tmp.new_cipher == NULL) {
1246 al = SSL_AD_UNEXPECTED_MESSAGE; 1231 al = SSL_AD_UNEXPECTED_MESSAGE;
1247 SSLerror( 1232 SSLerror(SSL_R_CCS_RECEIVED_EARLY);
1248 SSL_R_CCS_RECEIVED_EARLY);
1249 goto f_err; 1233 goto f_err;
1250 } 1234 }
1251 1235
1252 /* Check that we should be receiving a Change Cipher Spec. */ 1236 /* Check that we should be receiving a Change Cipher Spec. */
1253 if (!(s->s3->flags & SSL3_FLAGS_CCS_OK)) { 1237 if (!(s->s3->flags & SSL3_FLAGS_CCS_OK)) {
1254 al = SSL_AD_UNEXPECTED_MESSAGE; 1238 al = SSL_AD_UNEXPECTED_MESSAGE;
1255 SSLerror( 1239 SSLerror(SSL_R_CCS_RECEIVED_EARLY);
1256 SSL_R_CCS_RECEIVED_EARLY);
1257 goto f_err; 1240 goto f_err;
1258 } 1241 }
1259 s->s3->flags &= ~SSL3_FLAGS_CCS_OK; 1242 s->s3->flags &= ~SSL3_FLAGS_CCS_OK;
@@ -1285,8 +1268,7 @@ start:
1285 if (i < 0) 1268 if (i < 0)
1286 return (i); 1269 return (i);
1287 if (i == 0) { 1270 if (i == 0) {
1288 SSLerror( 1271 SSLerror(SSL_R_SSL_HANDSHAKE_FAILURE);
1289 SSL_R_SSL_HANDSHAKE_FAILURE);
1290 return (-1); 1272 return (-1);
1291 } 1273 }
1292 1274
@@ -1373,8 +1355,7 @@ ssl3_do_change_cipher_spec(SSL *s)
1373 if (S3I(s)->tmp.key_block == NULL) { 1355 if (S3I(s)->tmp.key_block == NULL) {
1374 if (s->session == NULL || s->session->master_key_length == 0) { 1356 if (s->session == NULL || s->session->master_key_length == 0) {
1375 /* might happen if dtls1_read_bytes() calls this */ 1357 /* might happen if dtls1_read_bytes() calls this */
1376 SSLerror( 1358 SSLerror(SSL_R_CCS_RECEIVED_EARLY);
1377 SSL_R_CCS_RECEIVED_EARLY);
1378 return (0); 1359 return (0);
1379 } 1360 }
1380 1361
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-26 11:50:27 +0000