Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(624)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: openssl/ssl/s3_pkt.c

Issue 9254031: Upgrade chrome's OpenSSL to same version Android ships with. (Closed) Base URL: http://src.chromium.org/svn/trunk/deps/third_party/openssl/
Patch Set: '' Created 8 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « openssl/ssl/s3_meth.c ('k') | openssl/ssl/s3_srvr.c » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* ssl/s3_pkt.c */ 1 /* ssl/s3_pkt.c */
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
5 * This package is an SSL implementation written 5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com). 6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL. 7 * The implementation was written so as to conform with Netscapes SSL.
8 * 8 *
9 * This library is free for commercial and non-commercial use as long as 9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions 10 * the following conditions are aheared to. The following conditions
(...skipping 102 matching lines...) Expand 10 before | Expand all | Expand 10 after
113 #include <errno.h> 113 #include <errno.h>
114 #define USE_SOCKETS 114 #define USE_SOCKETS
115 #include "ssl_locl.h" 115 #include "ssl_locl.h"
116 #include <openssl/evp.h> 116 #include <openssl/evp.h>
117 #include <openssl/buffer.h> 117 #include <openssl/buffer.h>
118 118
119 static int do_ssl3_write(SSL *s, int type, const unsigned char *buf, 119 static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
120 unsigned int len, int create_empty_fragment); 120 unsigned int len, int create_empty_fragment);
121 static int ssl3_get_record(SSL *s); 121 static int ssl3_get_record(SSL *s);
122 122
123 /* ssl3_read_snap_start_n reads from the opportunistic records contained within
124 * a Snap Start extension. |s->packet| and |s->packet_length| are set to frame
125 * a record within this area. Partial records are not allowed. The Snap Start
126 * records are held in |s->s3->snap_start_records| and the |left| member must
127 * be non-zero on entry.
128 *
129 * If |extend| is true then we'll expand the currently framed record by |n|
130 * bytes, otherwise we frame a new record. */
131 static int ssl3_read_snap_start_n(SSL *s, int n, int extend)
132 {
133 if (!extend)
134 {
135 s->packet = s->s3->snap_start_records.buf + s->s3->snap_start_re cords.offset;
136 s->packet_length = 0;
137 }
138
139 if (s->s3->snap_start_records.left < n)
140 {
141 /* We aren't called unless .left is non-zero, therefore this
142 * means that we wanted to read more than we have. Since
143 * partial records aren't allowed, this is fatal. */
144 SSLerr(SSL_F_SSL3_READ_SNAP_START_N,SSL_R_BAD_PACKET_LENGTH);
145 return -1;
146 }
147
148 s->packet_length += n;
149 s->s3->snap_start_records.left -= n;
150 s->s3->snap_start_records.offset += n;
151
152 return n;
153 }
154
155 int ssl3_read_n(SSL *s, int n, int max, int extend) 123 int ssl3_read_n(SSL *s, int n, int max, int extend)
156 { 124 {
157 if (s->s3->snap_start_records.left)
158 return ssl3_read_snap_start_n(s, n, extend);
159 else if (s->s3->snap_start_client_hello.buf && !extend)
160 {
161 /* If we started reading the opportunistic records then we know
162 * that we didn't enter recovery. Thus it's safe to free the
163 * copy of the ClientHello now because we'll not need it again. */
164 OPENSSL_free(s->s3->snap_start_client_hello.buf);
165 s->s3->snap_start_client_hello.buf = NULL;
166 }
167
168 /* If extend == 0, obtain new n-byte packet; if extend == 1, increase 125 /* If extend == 0, obtain new n-byte packet; if extend == 1, increase
169 * packet by another n bytes. 126 * packet by another n bytes.
170 * The packet will be in the sub-array of s->s3->rbuf.buf specified 127 * The packet will be in the sub-array of s->s3->rbuf.buf specified
171 * by s->packet and s->packet_length. 128 * by s->packet and s->packet_length.
172 * (If s->read_ahead is set, 'max' bytes may be stored in rbuf 129 * (If s->read_ahead is set, 'max' bytes may be stored in rbuf
173 * [plus s->packet_length bytes if extend == 1].) 130 * [plus s->packet_length bytes if extend == 1].)
174 */ 131 */
175 » int i,off,newb; 132 » int i,len,left;
133 » long align=0;
134 » unsigned char *pkt;
135 » SSL3_BUFFER *rb;
136
137 » if (n <= 0) return n;
138
139 » rb = &(s->s3->rbuf);
140 » if (rb->buf == NULL)
141 » » if (!ssl3_setup_read_buffer(s))
142 » » » return -1;
143
144 » left = rb->left;
145 #if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0
146 » align = (long)rb->buf + SSL3_RT_HEADER_LENGTH;
147 » align = (-align)&(SSL3_ALIGN_PAYLOAD-1);
148 #endif
176 149
177 if (!extend) 150 if (!extend)
178 { 151 {
179 /* start with empty packet ... */ 152 /* start with empty packet ... */
180 » » if (s->s3->rbuf.left == 0) 153 » » if (left == 0)
181 » » » s->s3->rbuf.offset = 0; 154 » » » rb->offset = align;
182 » » s->packet = s->s3->rbuf.buf + s->s3->rbuf.offset; 155 » » else if (align != 0 && left >= SSL3_RT_HEADER_LENGTH)
156 » » » {
157 » » » /* check if next packet length is large
158 » » » * enough to justify payload alignment... */
159 » » » pkt = rb->buf + rb->offset;
160 » » » if (pkt[0] == SSL3_RT_APPLICATION_DATA
161 » » » && (pkt[3]<<8|pkt[4]) >= 128)
162 » » » » {
163 » » » » /* Note that even if packet is corrupted
164 » » » » * and its length field is insane, we can
165 » » » » * only be led to wrong decision about
166 » » » » * whether memmove will occur or not.
167 » » » » * Header values has no effect on memmove
168 » » » » * arguments and therefore no buffer
169 » » » » * overrun can be triggered. */
170 » » » » memmove (rb->buf+align,pkt,left);
171 » » » » rb->offset = align;
172 » » » » }
173 » » » }
174 » » s->packet = rb->buf + rb->offset;
183 s->packet_length = 0; 175 s->packet_length = 0;
184 /* ... now we can act as if 'extend' was set */ 176 /* ... now we can act as if 'extend' was set */
185 } 177 }
186 178
187 /* For DTLS/UDP reads should not span multiple packets 179 /* For DTLS/UDP reads should not span multiple packets
188 * because the read operation returns the whole packet 180 * because the read operation returns the whole packet
189 * at once (as long as it fits into the buffer). */ 181 * at once (as long as it fits into the buffer). */
190 » if (SSL_version(s) == DTLS1_VERSION) 182 » if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER)
191 { 183 {
192 » » if ( s->s3->rbuf.left > 0 && n > s->s3->rbuf.left) 184 » » if (left > 0 && n > left)
193 » » » n = s->s3->rbuf.left; 185 » » » n = left;
194 } 186 }
195 187
196 /* if there is enough in the buffer from a previous read, take some */ 188 /* if there is enough in the buffer from a previous read, take some */
197 » if (s->s3->rbuf.left >= (int)n) 189 » if (left >= n)
198 { 190 {
199 s->packet_length+=n; 191 s->packet_length+=n;
200 » » s->s3->rbuf.left-=n; 192 » » rb->left=left-n;
201 » » s->s3->rbuf.offset+=n; 193 » » rb->offset+=n;
202 return(n); 194 return(n);
203 } 195 }
204 196
205 /* else we need to read more data */ 197 /* else we need to read more data */
206 if (!s->read_ahead)
207 max=n;
208 198
209 » { 199 » len = s->packet_length;
210 » » /* avoid buffer overflow */ 200 » pkt = rb->buf+align;
211 » » int max_max = s->s3->rbuf.len - s->packet_length; 201 » /* Move any available bytes to front of buffer:
212 » » if (max > max_max) 202 » * 'len' bytes already pointed to by 'packet',
213 » » » max = max_max; 203 » * 'left' extra ones at the end */
214 » } 204 » if (s->packet != pkt) /* len > 0 */
215 » if (n > max) /* does not happen */ 205 » » {
206 » » memmove(pkt, s->packet, len+left);
207 » » s->packet = pkt;
208 » » rb->offset = len + align;
209 » » }
210
211 » if (n > (int)(rb->len - rb->offset)) /* does not happen */
216 { 212 {
217 SSLerr(SSL_F_SSL3_READ_N,ERR_R_INTERNAL_ERROR); 213 SSLerr(SSL_F_SSL3_READ_N,ERR_R_INTERNAL_ERROR);
218 return -1; 214 return -1;
219 } 215 }
220 216
221 » off = s->packet_length; 217 » if (!s->read_ahead)
222 » newb = s->s3->rbuf.left; 218 » » /* ignore max parameter */
223 » /* Move any available bytes to front of buffer: 219 » » max = n;
224 » * 'off' bytes already pointed to by 'packet', 220 » else
225 » * 'newb' extra ones at the end */
226 » if (s->packet != s->s3->rbuf.buf)
227 { 221 {
228 » » /* off > 0 */ 222 » » if (max < n)
229 » » memmove(s->s3->rbuf.buf, s->packet, off+newb); 223 » » » max = n;
230 » » s->packet = s->s3->rbuf.buf; 224 » » if (max > (int)(rb->len - rb->offset))
225 » » » max = rb->len - rb->offset;
231 } 226 }
232 227
233 » while (newb < n) 228 » while (left < n)
234 { 229 {
235 » » /* Now we have off+newb bytes at the front of s->s3->rbuf.buf an d need 230 » » /* Now we have len+left bytes at the front of s->s3->rbuf.buf
236 » » * to read in more until we have off+n (up to off+max if possibl e) */ 231 » » * and need to read in more until we have len+n (up to
232 » » * len+max if possible) */
237 233
238 clear_sys_error(); 234 clear_sys_error();
239 if (s->rbio != NULL) 235 if (s->rbio != NULL)
240 { 236 {
241 s->rwstate=SSL_READING; 237 s->rwstate=SSL_READING;
242 » » » i=BIO_read(s->rbio,» &(s->s3->rbuf.buf[off+newb]), ma x-newb); 238 » » » i=BIO_read(s->rbio,pkt+len+left, max-left);
243 } 239 }
244 else 240 else
245 { 241 {
246 SSLerr(SSL_F_SSL3_READ_N,SSL_R_READ_BIO_NOT_SET); 242 SSLerr(SSL_F_SSL3_READ_N,SSL_R_READ_BIO_NOT_SET);
247 i = -1; 243 i = -1;
248 } 244 }
249 245
250 if (i <= 0) 246 if (i <= 0)
251 { 247 {
252 » » » s->s3->rbuf.left = newb; 248 » » » rb->left = left;
249 » » » if (s->mode & SSL_MODE_RELEASE_BUFFERS &&
250 » » » SSL_version(s) != DTLS1_VERSION && SSL_version(s) != DTLS1_BAD_VER)
251 » » » » if (len+left == 0)
252 » » » » » ssl3_release_read_buffer(s);
253 return(i); 253 return(i);
254 } 254 }
255 » » newb+=i; 255 » » left+=i;
256 /* reads should *never* span multiple packets for DTLS because 256 /* reads should *never* span multiple packets for DTLS because
257 * the underlying transport protocol is message oriented as oppo sed 257 * the underlying transport protocol is message oriented as oppo sed
258 * to byte oriented as in the TLS case. */ 258 * to byte oriented as in the TLS case. */
259 » » if (SSL_version(s) == DTLS1_VERSION) 259 » » if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_B AD_VER)
260 { 260 {
261 » » » if (n > newb) 261 » » » if (n > left)
262 » » » » n = newb; /* makes the while condition false */ 262 » » » » n = left; /* makes the while condition false */
263 } 263 }
264 } 264 }
265 265
266 /* done reading, now the book-keeping */ 266 /* done reading, now the book-keeping */
267 » s->s3->rbuf.offset = off + n; 267 » rb->offset += n;
268 » s->s3->rbuf.left = newb - n; 268 » rb->left = left - n;
269 s->packet_length += n; 269 s->packet_length += n;
270 s->rwstate=SSL_NOTHING; 270 s->rwstate=SSL_NOTHING;
271 return(n); 271 return(n);
272 } 272 }
273 273
274 /* Call this to get a new input record. 274 /* Call this to get a new input record.
275 * It will return <= 0 if more data is needed, normally due to an error 275 * It will return <= 0 if more data is needed, normally due to an error
276 * or non-blocking IO. 276 * or non-blocking IO.
277 * When it finishes, one packet has been decoded and can be found in 277 * When it finishes, one packet has been decoded and can be found in
278 * ssl->s3->rrec.type - is the type of record 278 * ssl->s3->rrec.type - is the type of record
279 * ssl->s3->rrec.data, - data 279 * ssl->s3->rrec.data, - data
280 * ssl->s3->rrec.length, - number of bytes 280 * ssl->s3->rrec.length, - number of bytes
281 */ 281 */
282 /* used only by ssl3_read_bytes */ 282 /* used only by ssl3_read_bytes */
283 static int ssl3_get_record(SSL *s) 283 static int ssl3_get_record(SSL *s)
284 { 284 {
285 int ssl_major,ssl_minor,al; 285 int ssl_major,ssl_minor,al;
286 int enc_err,n,i,ret= -1; 286 int enc_err,n,i,ret= -1;
287 SSL3_RECORD *rr; 287 SSL3_RECORD *rr;
288 SSL_SESSION *sess; 288 SSL_SESSION *sess;
289 unsigned char *p; 289 unsigned char *p;
290 unsigned char md[EVP_MAX_MD_SIZE]; 290 unsigned char md[EVP_MAX_MD_SIZE];
291 short version; 291 short version;
292 » unsigned int mac_size; 292 » int mac_size;
293 int clear=0; 293 int clear=0;
294 size_t extra; 294 size_t extra;
295 int decryption_failed_or_bad_record_mac = 0; 295 int decryption_failed_or_bad_record_mac = 0;
296 unsigned char *mac = NULL; 296 unsigned char *mac = NULL;
297 #if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0
298 long align=SSL3_ALIGN_PAYLOAD;
299 #else
300 long align=0;
301 #endif
297 302
298 rr= &(s->s3->rrec); 303 rr= &(s->s3->rrec);
299 sess=s->session; 304 sess=s->session;
300 305
301 if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER) 306 if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER)
302 extra=SSL3_RT_MAX_EXTRA; 307 extra=SSL3_RT_MAX_EXTRA;
303 else 308 else
304 extra=0; 309 extra=0;
305 » if (extra != s->s3->rbuf.len - SSL3_RT_MAX_PACKET_SIZE) 310 » if (!(SSL_get_mode(s) & SSL_MODE_SMALL_BUFFERS) &&
311 » » extra && !s->s3->init_extra)
306 { 312 {
307 » » /* actually likely an application error: SLS_OP_MICROSOFT_BIG_SS LV3_BUFFER 313 » » /* An application error: SLS_OP_MICROSOFT_BIG_SSLV3_BUFFER
308 * set after ssl3_setup_buffers() was done */ 314 * set after ssl3_setup_buffers() was done */
309 SSLerr(SSL_F_SSL3_GET_RECORD, ERR_R_INTERNAL_ERROR); 315 SSLerr(SSL_F_SSL3_GET_RECORD, ERR_R_INTERNAL_ERROR);
310 return -1; 316 return -1;
311 } 317 }
312 318
313 again: 319 again:
314 /* check if we have the header */ 320 /* check if we have the header */
315 if ( (s->rstate != SSL_ST_READ_BODY) || 321 if ( (s->rstate != SSL_ST_READ_BODY) ||
316 (s->packet_length < SSL3_RT_HEADER_LENGTH)) 322 (s->packet_length < SSL3_RT_HEADER_LENGTH))
317 { 323 {
318 n=ssl3_read_n(s, SSL3_RT_HEADER_LENGTH, s->s3->rbuf.len, 0); 324 n=ssl3_read_n(s, SSL3_RT_HEADER_LENGTH, s->s3->rbuf.len, 0);
319 if (n <= 0) return(n); /* error or non-blocking */ 325 if (n <= 0) return(n); /* error or non-blocking */
320 s->rstate=SSL_ST_READ_BODY; 326 s->rstate=SSL_ST_READ_BODY;
321 327
322 p=s->packet; 328 p=s->packet;
323 329
324 /* Pull apart the header into the SSL3_RECORD */ 330 /* Pull apart the header into the SSL3_RECORD */
325 rr->type= *(p++); 331 rr->type= *(p++);
326 ssl_major= *(p++); 332 ssl_major= *(p++);
327 ssl_minor= *(p++); 333 ssl_minor= *(p++);
328 version=(ssl_major<<8)|ssl_minor; 334 version=(ssl_major<<8)|ssl_minor;
329 n2s(p,rr->length); 335 n2s(p,rr->length);
336 #if 0
337 fprintf(stderr, "Record type=%d, Length=%d\n", rr->type, rr->length);
338 #endif
330 339
331 /* Lets check version */ 340 /* Lets check version */
332 if (!s->first_packet) 341 if (!s->first_packet)
333 { 342 {
334 if (version != s->version) 343 if (version != s->version)
335 { 344 {
336 SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION _NUMBER); 345 SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION _NUMBER);
337 if ((s->version & 0xFF00) == (version & 0xFF00)) 346 if ((s->version & 0xFF00) == (version & 0xFF00))
338 /* Send back error using their minor ver sion number :-) */ 347 /* Send back error using their minor ver sion number :-) */
339 s->version = (unsigned short)version; 348 s->version = (unsigned short)version;
340 al=SSL_AD_PROTOCOL_VERSION; 349 al=SSL_AD_PROTOCOL_VERSION;
341 goto f_err; 350 goto f_err;
342 } 351 }
343 } 352 }
344 353
345 if ((version>>8) != SSL3_VERSION_MAJOR) 354 if ((version>>8) != SSL3_VERSION_MAJOR)
346 { 355 {
347 SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER) ; 356 SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER) ;
348 goto err; 357 goto err;
349 } 358 }
350 359
351 » » if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH+extra) 360 » » /* If we receive a valid record larger than the current buffer s ize,
361 » » * allocate some memory for it.
362 » » */
363 » » if (rr->length > s->s3->rbuf.len - SSL3_RT_HEADER_LENGTH - align )
364 » » » {
365 » » » if ((p=OPENSSL_realloc(s->s3->rbuf.buf, rr->length + SSL 3_RT_HEADER_LENGTH + align))==NULL)
366 » » » » {
367 » » » » SSLerr(SSL_F_SSL3_GET_RECORD,ERR_R_MALLOC_FAILUR E);
368 » » » » goto err;
369 » » » » }
370 » » » s->s3->rbuf.buf=p;
371 » » » s->s3->rbuf.len=rr->length + SSL3_RT_HEADER_LENGTH + ali gn;
372 » » » s->packet= &(s->s3->rbuf.buf[0]);
373 » » » }
374
375 » » if (rr->length > s->s3->rbuf.len - SSL3_RT_HEADER_LENGTH)
352 { 376 {
353 al=SSL_AD_RECORD_OVERFLOW; 377 al=SSL_AD_RECORD_OVERFLOW;
354 SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_PACKET_LENGTH_TOO_LON G); 378 SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_PACKET_LENGTH_TOO_LON G);
355 goto f_err; 379 goto f_err;
356 } 380 }
357 381
358 /* now s->rstate == SSL_ST_READ_BODY */ 382 /* now s->rstate == SSL_ST_READ_BODY */
359 } 383 }
360 384
361 /* s->rstate == SSL_ST_READ_BODY, get and decode the data */ 385 /* s->rstate == SSL_ST_READ_BODY, get and decode the data */
(...skipping 52 matching lines...) Expand 10 before | Expand all | Expand 10 after
414 438
415 #ifdef TLS_DEBUG 439 #ifdef TLS_DEBUG
416 printf("dec %d\n",rr->length); 440 printf("dec %d\n",rr->length);
417 { unsigned int z; for (z=0; z<rr->length; z++) printf("%02X%c",rr->data[z],((z+1 )%16)?' ':'\n'); } 441 { unsigned int z; for (z=0; z<rr->length; z++) printf("%02X%c",rr->data[z],((z+1 )%16)?' ':'\n'); }
418 printf("\n"); 442 printf("\n");
419 #endif 443 #endif
420 444
421 /* r->length is now the compressed data plus mac */ 445 /* r->length is now the compressed data plus mac */
422 if ( (sess == NULL) || 446 if ( (sess == NULL) ||
423 (s->enc_read_ctx == NULL) || 447 (s->enc_read_ctx == NULL) ||
424 » » (s->read_hash == NULL)) 448 » » (EVP_MD_CTX_md(s->read_hash) == NULL))
425 clear=1; 449 clear=1;
426 450
427 if (!clear) 451 if (!clear)
428 { 452 {
429 » » mac_size=EVP_MD_size(s->read_hash); 453 » » /* !clear => s->read_hash != NULL => mac_size != -1 */
454 » » mac_size=EVP_MD_CTX_size(s->read_hash);
455 » » OPENSSL_assert(mac_size >= 0);
430 456
431 if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+extra+mac_size) 457 if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+extra+mac_size)
432 { 458 {
433 #if 0 /* OK only for stream ciphers (then rr->length is visible from ciphertext anyway) */ 459 #if 0 /* OK only for stream ciphers (then rr->length is visible from ciphertext anyway) */
434 al=SSL_AD_RECORD_OVERFLOW; 460 al=SSL_AD_RECORD_OVERFLOW;
435 SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_PRE_MAC_LENGTH_TOO_LO NG); 461 SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_PRE_MAC_LENGTH_TOO_LO NG);
436 goto f_err; 462 goto f_err;
437 #else 463 #else
438 decryption_failed_or_bad_record_mac = 1; 464 decryption_failed_or_bad_record_mac = 1;
439 #endif 465 #endif
440 } 466 }
441 /* check the MAC for rr->input (it's in mac_size bytes at the ta il) */ 467 /* check the MAC for rr->input (it's in mac_size bytes at the ta il) */
442 » » if (rr->length >= mac_size) 468 » » if (rr->length >= (unsigned int)mac_size)
443 { 469 {
444 rr->length -= mac_size; 470 rr->length -= mac_size;
445 mac = &rr->data[rr->length]; 471 mac = &rr->data[rr->length];
446 } 472 }
447 else 473 else
448 { 474 {
449 /* record (minus padding) is too short to contain a MAC */ 475 /* record (minus padding) is too short to contain a MAC */
450 #if 0 /* OK only for stream ciphers */ 476 #if 0 /* OK only for stream ciphers */
451 al=SSL_AD_DECODE_ERROR; 477 al=SSL_AD_DECODE_ERROR;
452 SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_LENGTH_TOO_SHORT); 478 SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_LENGTH_TOO_SHORT);
453 goto f_err; 479 goto f_err;
454 #else 480 #else
455 decryption_failed_or_bad_record_mac = 1; 481 decryption_failed_or_bad_record_mac = 1;
456 rr->length = 0; 482 rr->length = 0;
457 #endif 483 #endif
458 } 484 }
459 i=s->method->ssl3_enc->mac(s,md,0); 485 i=s->method->ssl3_enc->mac(s,md,0);
460 » » if (mac == NULL || memcmp(md, mac, mac_size) != 0) 486 » » if (i < 0 || mac == NULL || memcmp(md, mac, (size_t)mac_size) != 0)
461 { 487 {
462 decryption_failed_or_bad_record_mac = 1; 488 decryption_failed_or_bad_record_mac = 1;
463 } 489 }
464 } 490 }
465 491
466 if (decryption_failed_or_bad_record_mac) 492 if (decryption_failed_or_bad_record_mac)
467 { 493 {
468 /* A separate 'decryption_failed' alert was introduced with TLS 1.0, 494 /* A separate 'decryption_failed' alert was introduced with TLS 1.0,
469 * SSL 3.0 only has 'bad_record_mac'. But unless a decryption 495 * SSL 3.0 only has 'bad_record_mac'. But unless a decryption
470 * failure is directly visible from the ciphertext anyway, 496 * failure is directly visible from the ciphertext anyway,
(...skipping 36 matching lines...) Expand 10 before | Expand all | Expand 10 after
507 * ssl->s3->rrec.data == where to take bytes from, increment 533 * ssl->s3->rrec.data == where to take bytes from, increment
508 * after use :-). 534 * after use :-).
509 */ 535 */
510 536
511 /* we have pulled in a full packet so zero things */ 537 /* we have pulled in a full packet so zero things */
512 s->packet_length=0; 538 s->packet_length=0;
513 539
514 /* just read a 0 length packet */ 540 /* just read a 0 length packet */
515 if (rr->length == 0) goto again; 541 if (rr->length == 0) goto again;
516 542
543 #if 0
544 fprintf(stderr, "Ultimate Record type=%d, Length=%d\n", rr->type, rr->length);
545 #endif
546
517 return(1); 547 return(1);
518 548
519 f_err: 549 f_err:
520 ssl3_send_alert(s,SSL3_AL_FATAL,al); 550 ssl3_send_alert(s,SSL3_AL_FATAL,al);
521 err: 551 err:
522 return(ret); 552 return(ret);
523 } 553 }
524 554
525 int ssl3_do_uncompress(SSL *ssl) 555 int ssl3_do_uncompress(SSL *ssl)
526 { 556 {
(...skipping 34 matching lines...) Expand 10 before | Expand all | Expand 10 after
561 } 591 }
562 592
563 /* Call this to write data in records of type 'type' 593 /* Call this to write data in records of type 'type'
564 * It will return <= 0 if not all data has been sent or non-blocking IO. 594 * It will return <= 0 if not all data has been sent or non-blocking IO.
565 */ 595 */
566 int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) 596 int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len)
567 { 597 {
568 const unsigned char *buf=buf_; 598 const unsigned char *buf=buf_;
569 unsigned int tot,n,nw; 599 unsigned int tot,n,nw;
570 int i; 600 int i;
601 unsigned int max_plain_length;
571 602
572 s->rwstate=SSL_NOTHING; 603 s->rwstate=SSL_NOTHING;
573 tot=s->s3->wnum; 604 tot=s->s3->wnum;
574 s->s3->wnum=0; 605 s->s3->wnum=0;
575 606
576 if (SSL_in_init(s) && !s->in_handshake) 607 if (SSL_in_init(s) && !s->in_handshake)
577 { 608 {
578 i=s->handshake_func(s); 609 i=s->handshake_func(s);
579 if (i < 0) return(i); 610 if (i < 0) return(i);
580 if (i == 0) 611 if (i == 0)
581 { 612 {
582 SSLerr(SSL_F_SSL3_WRITE_BYTES,SSL_R_SSL_HANDSHAKE_FAILUR E); 613 SSLerr(SSL_F_SSL3_WRITE_BYTES,SSL_R_SSL_HANDSHAKE_FAILUR E);
583 return -1; 614 return -1;
584 } 615 }
585 } 616 }
586 617
587 n=(len-tot); 618 n=(len-tot);
588 for (;;) 619 for (;;)
589 { 620 {
590 » » if (n > SSL3_RT_MAX_PLAIN_LENGTH) 621 » » if (type == SSL3_RT_APPLICATION_DATA && (SSL_get_mode(s) & SSL_M ODE_SMALL_BUFFERS))
591 » » » nw=SSL3_RT_MAX_PLAIN_LENGTH; 622 » » » max_plain_length = SSL3_RT_DEFAULT_PLAIN_LENGTH;
623 » » else
624 » » » max_plain_length = s->max_send_fragment;
625
626 » » if (n > max_plain_length)
627 » » » nw = max_plain_length;
592 else 628 else
593 nw=n; 629 nw=n;
594 630
595 i=do_ssl3_write(s, type, &(buf[tot]), nw, 0); 631 i=do_ssl3_write(s, type, &(buf[tot]), nw, 0);
596 if (i <= 0) 632 if (i <= 0)
597 { 633 {
598 s->s3->wnum=tot; 634 s->s3->wnum=tot;
599 return i; 635 return i;
600 } 636 }
601 637
(...skipping 11 matching lines...) Expand all
613 n-=i; 649 n-=i;
614 tot+=i; 650 tot+=i;
615 } 651 }
616 } 652 }
617 653
618 static int do_ssl3_write(SSL *s, int type, const unsigned char *buf, 654 static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
619 unsigned int len, int create_empty_fragment) 655 unsigned int len, int create_empty_fragment)
620 { 656 {
621 unsigned char *p,*plen; 657 unsigned char *p,*plen;
622 int i,mac_size,clear=0; 658 int i,mac_size,clear=0;
623 » int prefix_len = 0; 659 » int prefix_len=0;
660 » long align=0;
624 SSL3_RECORD *wr; 661 SSL3_RECORD *wr;
625 » SSL3_BUFFER *wb; 662 » SSL3_BUFFER *wb=&(s->s3->wbuf);
626 SSL_SESSION *sess; 663 SSL_SESSION *sess;
627 664
665 if (wb->buf == NULL)
666 if (!ssl3_setup_write_buffer(s))
667 return -1;
668
628 /* first check if there is a SSL3_BUFFER still being written 669 /* first check if there is a SSL3_BUFFER still being written
629 * out. This will happen with non blocking IO */ 670 * out. This will happen with non blocking IO */
630 » if (s->s3->wbuf.left != 0) 671 » if (wb->left != 0)
631 return(ssl3_write_pending(s,type,buf,len)); 672 return(ssl3_write_pending(s,type,buf,len));
632 673
633 /* If we have an alert to send, lets send it */ 674 /* If we have an alert to send, lets send it */
634 if (s->s3->alert_dispatch) 675 if (s->s3->alert_dispatch)
635 { 676 {
636 i=s->method->ssl_dispatch_alert(s); 677 i=s->method->ssl_dispatch_alert(s);
637 if (i <= 0) 678 if (i <= 0)
638 return(i); 679 return(i);
639 /* if it went, fall through and send more stuff */ 680 /* if it went, fall through and send more stuff */
640 } 681 }
641 682
642 if (len == 0 && !create_empty_fragment) 683 if (len == 0 && !create_empty_fragment)
643 return 0; 684 return 0;
644 685
645 wr= &(s->s3->wrec); 686 wr= &(s->s3->wrec);
646 wb= &(s->s3->wbuf);
647 sess=s->session; 687 sess=s->session;
648 688
649 if ( (sess == NULL) || 689 if ( (sess == NULL) ||
650 (s->enc_write_ctx == NULL) || 690 (s->enc_write_ctx == NULL) ||
651 » » (s->write_hash == NULL)) 691 » » (EVP_MD_CTX_md(s->write_hash) == NULL))
652 clear=1; 692 clear=1;
653 693
654 if (clear) 694 if (clear)
655 mac_size=0; 695 mac_size=0;
656 else 696 else
657 » » mac_size=EVP_MD_size(s->write_hash); 697 » » {
698 » » mac_size=EVP_MD_CTX_size(s->write_hash);
699 » » if (mac_size < 0)
700 » » » goto err;
701 » » }
658 702
659 /* 'create_empty_fragment' is true only when this function calls itself */ 703 /* 'create_empty_fragment' is true only when this function calls itself */
660 if (!clear && !create_empty_fragment && !s->s3->empty_fragment_done) 704 if (!clear && !create_empty_fragment && !s->s3->empty_fragment_done)
661 { 705 {
662 /* countermeasure against known-IV weakness in CBC ciphersuites 706 /* countermeasure against known-IV weakness in CBC ciphersuites
663 * (see http://www.openssl.org/~bodo/tls-cbc.txt) */ 707 * (see http://www.openssl.org/~bodo/tls-cbc.txt) */
664 708
665 if (s->s3->need_empty_fragments && type == SSL3_RT_APPLICATION_D ATA) 709 if (s->s3->need_empty_fragments && type == SSL3_RT_APPLICATION_D ATA)
666 { 710 {
667 /* recursive function call with 'create_empty_fragment' set; 711 /* recursive function call with 'create_empty_fragment' set;
668 * this prepares and buffers the data for an empty fragm ent 712 * this prepares and buffers the data for an empty fragm ent
669 * (these 'prefix_len' bytes are sent out later 713 * (these 'prefix_len' bytes are sent out later
670 * together with the actual payload) */ 714 * together with the actual payload) */
671 prefix_len = do_ssl3_write(s, type, buf, 0, 1); 715 prefix_len = do_ssl3_write(s, type, buf, 0, 1);
672 if (prefix_len <= 0) 716 if (prefix_len <= 0)
673 goto err; 717 goto err;
674 718
675 » » » if (s->s3->wbuf.len < (size_t)prefix_len + SSL3_RT_MAX_P ACKET_SIZE) 719 » » » if (prefix_len >
720 » » (SSL3_RT_HEADER_LENGTH + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD))
676 { 721 {
677 /* insufficient space */ 722 /* insufficient space */
678 SSLerr(SSL_F_DO_SSL3_WRITE, ERR_R_INTERNAL_ERROR ); 723 SSLerr(SSL_F_DO_SSL3_WRITE, ERR_R_INTERNAL_ERROR );
679 goto err; 724 goto err;
680 } 725 }
681 } 726 }
682 727
683 s->s3->empty_fragment_done = 1; 728 s->s3->empty_fragment_done = 1;
684 } 729 }
685 730
686 » p = wb->buf + prefix_len; 731 » /* resize if necessary to hold the data. */
732 » if (len + SSL3_RT_DEFAULT_WRITE_OVERHEAD > wb->len)
733 » » {
734 » » if ((p=OPENSSL_realloc(wb->buf, len + SSL3_RT_DEFAULT_WRITE_OVER HEAD))==NULL)
735 » » » {
736 » » » SSLerr(SSL_F_DO_SSL3_WRITE,ERR_R_MALLOC_FAILURE);
737 » » » goto err;
738 » » » }
739 » » wb->buf = p;
740 » » wb->len = len + SSL3_RT_DEFAULT_WRITE_OVERHEAD;
741 » » }
742
743 » if (create_empty_fragment)
744 » » {
745 #if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0
746 » » /* extra fragment would be couple of cipher blocks,
747 » » * which would be multiple of SSL3_ALIGN_PAYLOAD, so
748 » » * if we want to align the real payload, then we can
749 » » * just pretent we simply have two headers. */
750 » » align = (long)wb->buf + 2*SSL3_RT_HEADER_LENGTH;
751 » » align = (-align)&(SSL3_ALIGN_PAYLOAD-1);
752 #endif
753 » » p = wb->buf + align;
754 » » wb->offset = align;
755 » » }
756 » else if (prefix_len)
757 » » {
758 » » p = wb->buf + wb->offset + prefix_len;
759 » » }
760 » else
761 » » {
762 #if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0
763 » » align = (long)wb->buf + SSL3_RT_HEADER_LENGTH;
764 » » align = (-align)&(SSL3_ALIGN_PAYLOAD-1);
765 #endif
766 » » p = wb->buf + align;
767 » » wb->offset = align;
768 » » }
687 769
688 /* write the header */ 770 /* write the header */
689 771
690 *(p++)=type&0xff; 772 *(p++)=type&0xff;
691 wr->type=type; 773 wr->type=type;
692 774
693 *(p++)=(s->version>>8); 775 *(p++)=(s->version>>8);
694 *(p++)=s->version&0xff; 776 *(p++)=s->version&0xff;
695 777
696 /* field where we are to write out packet length */ 778 /* field where we are to write out packet length */
(...skipping 22 matching lines...) Expand all
719 memcpy(wr->data,wr->input,wr->length); 801 memcpy(wr->data,wr->input,wr->length);
720 wr->input=wr->data; 802 wr->input=wr->data;
721 } 803 }
722 804
723 /* we should still have the output to wr->data and the input 805 /* we should still have the output to wr->data and the input
724 * from wr->input. Length should be wr->length. 806 * from wr->input. Length should be wr->length.
725 * wr->data still points in the wb->buf */ 807 * wr->data still points in the wb->buf */
726 808
727 if (mac_size != 0) 809 if (mac_size != 0)
728 { 810 {
729 » » s->method->ssl3_enc->mac(s,&(p[wr->length]),1); 811 » » if (s->method->ssl3_enc->mac(s,&(p[wr->length]),1) < 0)
812 » » » goto err;
730 wr->length+=mac_size; 813 wr->length+=mac_size;
731 wr->input=p; 814 wr->input=p;
732 wr->data=p; 815 wr->data=p;
733 } 816 }
734 817
735 /* ssl3_enc can only have an error on read */ 818 /* ssl3_enc can only have an error on read */
736 s->method->ssl3_enc->enc(s,1); 819 s->method->ssl3_enc->enc(s,1);
737 820
738 /* record length after mac and block padding */ 821 /* record length after mac and block padding */
739 s2n(wr->length,plen); 822 s2n(wr->length,plen);
740 823
741 /* we should now have 824 /* we should now have
742 * wr->data pointing to the encrypted data, which is 825 * wr->data pointing to the encrypted data, which is
743 * wr->length long */ 826 * wr->length long */
744 wr->type=type; /* not needed but helps for debugging */ 827 wr->type=type; /* not needed but helps for debugging */
745 wr->length+=SSL3_RT_HEADER_LENGTH; 828 wr->length+=SSL3_RT_HEADER_LENGTH;
746 829
747 if (create_empty_fragment) 830 if (create_empty_fragment)
748 { 831 {
749 /* we are in a recursive call; 832 /* we are in a recursive call;
750 * just return the length, don't write out anything here 833 * just return the length, don't write out anything here
751 */ 834 */
752 return wr->length; 835 return wr->length;
753 } 836 }
754 837
755 /* now let's set up wb */ 838 /* now let's set up wb */
756 wb->left = prefix_len + wr->length; 839 wb->left = prefix_len + wr->length;
757 wb->offset = 0;
758 840
759 /* memorize arguments so that ssl3_write_pending can detect bad write re tries later */ 841 /* memorize arguments so that ssl3_write_pending can detect bad write re tries later */
760 s->s3->wpend_tot=len; 842 s->s3->wpend_tot=len;
761 s->s3->wpend_buf=buf; 843 s->s3->wpend_buf=buf;
762 s->s3->wpend_type=type; 844 s->s3->wpend_type=type;
763 s->s3->wpend_ret=len; 845 s->s3->wpend_ret=len;
764 846
765 /* we now just need to write the buffer */ 847 /* we now just need to write the buffer */
766 return ssl3_write_pending(s,type,buf,len); 848 return ssl3_write_pending(s,type,buf,len);
767 err: 849 err:
768 return -1; 850 return -1;
769 } 851 }
770 852
771 /* if s->s3->wbuf.left != 0, we need to call this */ 853 /* if s->s3->wbuf.left != 0, we need to call this */
772 int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, 854 int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
773 unsigned int len) 855 unsigned int len)
774 { 856 {
775 int i; 857 int i;
858 SSL3_BUFFER *wb=&(s->s3->wbuf);
776 859
777 /* XXXX */ 860 /* XXXX */
778 if ((s->s3->wpend_tot > (int)len) 861 if ((s->s3->wpend_tot > (int)len)
779 || ((s->s3->wpend_buf != buf) && 862 || ((s->s3->wpend_buf != buf) &&
780 !(s->mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER)) 863 !(s->mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER))
781 || (s->s3->wpend_type != type)) 864 || (s->s3->wpend_type != type))
782 { 865 {
783 SSLerr(SSL_F_SSL3_WRITE_PENDING,SSL_R_BAD_WRITE_RETRY); 866 SSLerr(SSL_F_SSL3_WRITE_PENDING,SSL_R_BAD_WRITE_RETRY);
784 return(-1); 867 return(-1);
785 } 868 }
786 869
787 for (;;) 870 for (;;)
788 { 871 {
789 clear_sys_error(); 872 clear_sys_error();
790 if (s->wbio != NULL) 873 if (s->wbio != NULL)
791 { 874 {
792 s->rwstate=SSL_WRITING; 875 s->rwstate=SSL_WRITING;
793 i=BIO_write(s->wbio, 876 i=BIO_write(s->wbio,
794 » » » » (char *)&(s->s3->wbuf.buf[s->s3->wbuf.offset]), 877 » » » » (char *)&(wb->buf[wb->offset]),
795 » » » » (unsigned int)s->s3->wbuf.left); 878 » » » » (unsigned int)wb->left);
796 } 879 }
797 else 880 else
798 { 881 {
799 SSLerr(SSL_F_SSL3_WRITE_PENDING,SSL_R_BIO_NOT_SET); 882 SSLerr(SSL_F_SSL3_WRITE_PENDING,SSL_R_BIO_NOT_SET);
800 i= -1; 883 i= -1;
801 } 884 }
802 » » if (i == s->s3->wbuf.left) 885 » » if (i == wb->left)
803 { 886 {
804 » » » s->s3->wbuf.left=0; 887 » » » wb->left=0;
888 » » » wb->offset+=i;
889 » » » if (s->mode & SSL_MODE_RELEASE_BUFFERS &&
890 » » » SSL_version(s) != DTLS1_VERSION && SSL_version(s) != DTLS1_BAD_VER)
891 » » » » ssl3_release_write_buffer(s);
805 s->rwstate=SSL_NOTHING; 892 s->rwstate=SSL_NOTHING;
806 return(s->s3->wpend_ret); 893 return(s->s3->wpend_ret);
807 } 894 }
808 else if (i <= 0) { 895 else if (i <= 0) {
809 if (s->version == DTLS1_VERSION || 896 if (s->version == DTLS1_VERSION ||
810 s->version == DTLS1_BAD_VER) { 897 s->version == DTLS1_BAD_VER) {
811 /* For DTLS, just drop it. That's kind of the wh ole 898 /* For DTLS, just drop it. That's kind of the wh ole
812 point in using a datagram service */ 899 point in using a datagram service */
813 » » » » s->s3->wbuf.left = 0; 900 » » » » wb->left = 0;
814 } 901 }
815 return(i); 902 return(i);
816 } 903 }
817 » » s->s3->wbuf.offset+=i; 904 » » wb->offset+=i;
818 » » s->s3->wbuf.left-=i; 905 » » wb->left-=i;
819 } 906 }
820 } 907 }
821 908
822 /* Return up to 'len' payload bytes received in 'type' records. 909 /* Return up to 'len' payload bytes received in 'type' records.
823 * 'type' is one of the following: 910 * 'type' is one of the following:
824 * 911 *
825 * - SSL3_RT_HANDSHAKE (when ssl3_get_message calls us) 912 * - SSL3_RT_HANDSHAKE (when ssl3_get_message calls us)
826 * - SSL3_RT_APPLICATION_DATA (when ssl3_read calls us) 913 * - SSL3_RT_APPLICATION_DATA (when ssl3_read calls us)
827 * - 0 (during a shutdown, no data has to be returned) 914 * - 0 (during a shutdown, no data has to be returned)
828 * 915 *
(...skipping 18 matching lines...) Expand all
847 * none of our business 934 * none of our business
848 */ 935 */
849 int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) 936 int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
850 { 937 {
851 int al,i,j,ret; 938 int al,i,j,ret;
852 unsigned int n; 939 unsigned int n;
853 SSL3_RECORD *rr; 940 SSL3_RECORD *rr;
854 void (*cb)(const SSL *ssl,int type2,int val)=NULL; 941 void (*cb)(const SSL *ssl,int type2,int val)=NULL;
855 942
856 if (s->s3->rbuf.buf == NULL) /* Not initialized yet */ 943 if (s->s3->rbuf.buf == NULL) /* Not initialized yet */
857 » » if (!ssl3_setup_buffers(s)) 944 » » if (!ssl3_setup_read_buffer(s))
858 return(-1); 945 return(-1);
859 946
860 if ((type && (type != SSL3_RT_APPLICATION_DATA) && (type != SSL3_RT_HAND SHAKE) && type) || 947 if ((type && (type != SSL3_RT_APPLICATION_DATA) && (type != SSL3_RT_HAND SHAKE) && type) ||
861 (peek && (type != SSL3_RT_APPLICATION_DATA))) 948 (peek && (type != SSL3_RT_APPLICATION_DATA)))
862 { 949 {
863 SSLerr(SSL_F_SSL3_READ_BYTES, ERR_R_INTERNAL_ERROR); 950 SSLerr(SSL_F_SSL3_READ_BYTES, ERR_R_INTERNAL_ERROR);
864 return -1; 951 return -1;
865 } 952 }
866 953
867 if ((type == SSL3_RT_HANDSHAKE) && (s->s3->handshake_fragment_len > 0)) 954 if ((type == SSL3_RT_HANDSHAKE) && (s->s3->handshake_fragment_len > 0))
(...skipping 88 matching lines...) Expand 10 before | Expand all | Expand 10 after
956 1043
957 memcpy(buf,&(rr->data[rr->off]),n); 1044 memcpy(buf,&(rr->data[rr->off]),n);
958 if (!peek) 1045 if (!peek)
959 { 1046 {
960 rr->length-=n; 1047 rr->length-=n;
961 rr->off+=n; 1048 rr->off+=n;
962 if (rr->length == 0) 1049 if (rr->length == 0)
963 { 1050 {
964 s->rstate=SSL_ST_READ_HEADER; 1051 s->rstate=SSL_ST_READ_HEADER;
965 rr->off=0; 1052 rr->off=0;
1053 if (s->mode & SSL_MODE_RELEASE_BUFFERS)
1054 ssl3_release_read_buffer(s);
966 } 1055 }
967 } 1056 }
968 return(n); 1057 return(n);
969 } 1058 }
970 1059
971 1060
972 /* If we get here, then type != rr->type; if we have a handshake 1061 /* If we get here, then type != rr->type; if we have a handshake
973 * message, then it was unexpected (Hello Request or Client Hello). */ 1062 * message, then it was unexpected (Hello Request or Client Hello). */
974 1063
975 /* In case of record types for which we have 'fragment' storage, 1064 /* In case of record types for which we have 'fragment' storage,
(...skipping 324 matching lines...) Expand 10 before | Expand all | Expand 10 after
1300 1389
1301 f_err: 1390 f_err:
1302 ssl3_send_alert(s,SSL3_AL_FATAL,al); 1391 ssl3_send_alert(s,SSL3_AL_FATAL,al);
1303 err: 1392 err:
1304 return(-1); 1393 return(-1);
1305 } 1394 }
1306 1395
1307 int ssl3_do_change_cipher_spec(SSL *s) 1396 int ssl3_do_change_cipher_spec(SSL *s)
1308 { 1397 {
1309 int i; 1398 int i;
1399 #ifdef OPENSSL_NO_NEXTPROTONEG
1400 const char *sender;
1401 int slen;
1402 #endif
1310 1403
1311 if (s->state & SSL_ST_ACCEPT) 1404 if (s->state & SSL_ST_ACCEPT)
1312 i=SSL3_CHANGE_CIPHER_SERVER_READ; 1405 i=SSL3_CHANGE_CIPHER_SERVER_READ;
1313 else 1406 else
1314 i=SSL3_CHANGE_CIPHER_CLIENT_READ; 1407 i=SSL3_CHANGE_CIPHER_CLIENT_READ;
1315 1408
1316 if (s->s3->tmp.key_block == NULL) 1409 if (s->s3->tmp.key_block == NULL)
1317 { 1410 {
1318 if (s->session == NULL) 1411 if (s->session == NULL)
1319 { 1412 {
1320 /* might happen if dtls1_read_bytes() calls this */ 1413 /* might happen if dtls1_read_bytes() calls this */
1321 SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC,SSL_R_CCS_RECEIV ED_EARLY); 1414 SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC,SSL_R_CCS_RECEIV ED_EARLY);
1322 return (0); 1415 return (0);
1323 } 1416 }
1324 1417
1325 s->session->cipher=s->s3->tmp.new_cipher; 1418 s->session->cipher=s->s3->tmp.new_cipher;
1326 if (!s->method->ssl3_enc->setup_key_block(s)) return(0); 1419 if (!s->method->ssl3_enc->setup_key_block(s)) return(0);
1327 } 1420 }
1328 1421
1329 if (!s->method->ssl3_enc->change_cipher_state(s,i)) 1422 if (!s->method->ssl3_enc->change_cipher_state(s,i))
1330 return(0); 1423 return(0);
1331 1424
1425 #ifdef OPENSSL_NO_NEXTPROTONEG
1426 /* we have to record the message digest at
1427 * this point so we can get it before we read
1428 * the finished message */
1429 if (s->state & SSL_ST_CONNECT)
1430 {
1431 sender=s->method->ssl3_enc->server_finished_label;
1432 slen=s->method->ssl3_enc->server_finished_label_len;
1433 }
1434 else
1435 {
1436 sender=s->method->ssl3_enc->client_finished_label;
1437 slen=s->method->ssl3_enc->client_finished_label_len;
1438 }
1439
1440 s->s3->tmp.peer_finish_md_len = s->method->ssl3_enc->final_finish_mac(s,
1441 sender,slen,s->s3->tmp.peer_finish_md);
1442 #endif
1443
1332 return(1); 1444 return(1);
1333 } 1445 }
1334 1446
1335 int ssl3_send_alert(SSL *s, int level, int desc) 1447 int ssl3_send_alert(SSL *s, int level, int desc)
1336 { 1448 {
1337 /* Map tls/ssl alert value to correct one */ 1449 /* Map tls/ssl alert value to correct one */
1338 desc=s->method->ssl3_enc->alert_value(desc); 1450 desc=s->method->ssl3_enc->alert_value(desc);
1339 if (s->version == SSL3_VERSION && desc == SSL_AD_PROTOCOL_VERSION) 1451 if (s->version == SSL3_VERSION && desc == SSL_AD_PROTOCOL_VERSION)
1340 desc = SSL_AD_HANDSHAKE_FAILURE; /* SSL 3.0 does not have protoc ol_version alerts */ 1452 desc = SSL_AD_HANDSHAKE_FAILURE; /* SSL 3.0 does not have protoc ol_version alerts */
1341 if (desc < 0) return -1; 1453 if (desc < 0) return -1;
(...skipping 39 matching lines...) Expand 10 before | Expand all | Expand 10 after
1381 cb=s->ctx->info_callback; 1493 cb=s->ctx->info_callback;
1382 1494
1383 if (cb != NULL) 1495 if (cb != NULL)
1384 { 1496 {
1385 j=(s->s3->send_alert[0]<<8)|s->s3->send_alert[1]; 1497 j=(s->s3->send_alert[0]<<8)|s->s3->send_alert[1];
1386 cb(s,SSL_CB_WRITE_ALERT,j); 1498 cb(s,SSL_CB_WRITE_ALERT,j);
1387 } 1499 }
1388 } 1500 }
1389 return(i); 1501 return(i);
1390 } 1502 }
OLDNEW
« no previous file with comments | « openssl/ssl/s3_meth.c ('k') | openssl/ssl/s3_srvr.c » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698