OLD | NEW |
1 /* ssl/s3_pkt.c */ | 1 /* ssl/s3_pkt.c */ |
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
3 * All rights reserved. | 3 * All rights reserved. |
4 * | 4 * |
5 * This package is an SSL implementation written | 5 * This package is an SSL implementation written |
6 * by Eric Young (eay@cryptsoft.com). | 6 * by Eric Young (eay@cryptsoft.com). |
7 * The implementation was written so as to conform with Netscapes SSL. | 7 * The implementation was written so as to conform with Netscapes SSL. |
8 * | 8 * |
9 * This library is free for commercial and non-commercial use as long as | 9 * This library is free for commercial and non-commercial use as long as |
10 * the following conditions are aheared to. The following conditions | 10 * the following conditions are aheared to. The following conditions |
(...skipping 102 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
113 #include <errno.h> | 113 #include <errno.h> |
114 #define USE_SOCKETS | 114 #define USE_SOCKETS |
115 #include "ssl_locl.h" | 115 #include "ssl_locl.h" |
116 #include <openssl/evp.h> | 116 #include <openssl/evp.h> |
117 #include <openssl/buffer.h> | 117 #include <openssl/buffer.h> |
118 | 118 |
119 static int do_ssl3_write(SSL *s, int type, const unsigned char *buf, | 119 static int do_ssl3_write(SSL *s, int type, const unsigned char *buf, |
120 unsigned int len, int create_empty_fragment); | 120 unsigned int len, int create_empty_fragment); |
121 static int ssl3_get_record(SSL *s); | 121 static int ssl3_get_record(SSL *s); |
122 | 122 |
123 /* ssl3_read_snap_start_n reads from the opportunistic records contained within | |
124 * a Snap Start extension. |s->packet| and |s->packet_length| are set to frame | |
125 * a record within this area. Partial records are not allowed. The Snap Start | |
126 * records are held in |s->s3->snap_start_records| and the |left| member must | |
127 * be non-zero on entry. | |
128 * | |
129 * If |extend| is true then we'll expand the currently framed record by |n| | |
130 * bytes, otherwise we frame a new record. */ | |
131 static int ssl3_read_snap_start_n(SSL *s, int n, int extend) | |
132 { | |
133 if (!extend) | |
134 { | |
135 s->packet = s->s3->snap_start_records.buf + s->s3->snap_start_re
cords.offset; | |
136 s->packet_length = 0; | |
137 } | |
138 | |
139 if (s->s3->snap_start_records.left < n) | |
140 { | |
141 /* We aren't called unless .left is non-zero, therefore this | |
142 * means that we wanted to read more than we have. Since | |
143 * partial records aren't allowed, this is fatal. */ | |
144 SSLerr(SSL_F_SSL3_READ_SNAP_START_N,SSL_R_BAD_PACKET_LENGTH); | |
145 return -1; | |
146 } | |
147 | |
148 s->packet_length += n; | |
149 s->s3->snap_start_records.left -= n; | |
150 s->s3->snap_start_records.offset += n; | |
151 | |
152 return n; | |
153 } | |
154 | |
155 int ssl3_read_n(SSL *s, int n, int max, int extend) | 123 int ssl3_read_n(SSL *s, int n, int max, int extend) |
156 { | 124 { |
157 if (s->s3->snap_start_records.left) | |
158 return ssl3_read_snap_start_n(s, n, extend); | |
159 else if (s->s3->snap_start_client_hello.buf && !extend) | |
160 { | |
161 /* If we started reading the opportunistic records then we know | |
162 * that we didn't enter recovery. Thus it's safe to free the | |
163 * copy of the ClientHello now because we'll not need it again.
*/ | |
164 OPENSSL_free(s->s3->snap_start_client_hello.buf); | |
165 s->s3->snap_start_client_hello.buf = NULL; | |
166 } | |
167 | |
168 /* If extend == 0, obtain new n-byte packet; if extend == 1, increase | 125 /* If extend == 0, obtain new n-byte packet; if extend == 1, increase |
169 * packet by another n bytes. | 126 * packet by another n bytes. |
170 * The packet will be in the sub-array of s->s3->rbuf.buf specified | 127 * The packet will be in the sub-array of s->s3->rbuf.buf specified |
171 * by s->packet and s->packet_length. | 128 * by s->packet and s->packet_length. |
172 * (If s->read_ahead is set, 'max' bytes may be stored in rbuf | 129 * (If s->read_ahead is set, 'max' bytes may be stored in rbuf |
173 * [plus s->packet_length bytes if extend == 1].) | 130 * [plus s->packet_length bytes if extend == 1].) |
174 */ | 131 */ |
175 » int i,off,newb; | 132 » int i,len,left; |
| 133 » long align=0; |
| 134 » unsigned char *pkt; |
| 135 » SSL3_BUFFER *rb; |
| 136 |
| 137 » if (n <= 0) return n; |
| 138 |
| 139 » rb = &(s->s3->rbuf); |
| 140 » if (rb->buf == NULL) |
| 141 » » if (!ssl3_setup_read_buffer(s)) |
| 142 » » » return -1; |
| 143 |
| 144 » left = rb->left; |
| 145 #if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0 |
| 146 » align = (long)rb->buf + SSL3_RT_HEADER_LENGTH; |
| 147 » align = (-align)&(SSL3_ALIGN_PAYLOAD-1); |
| 148 #endif |
176 | 149 |
177 if (!extend) | 150 if (!extend) |
178 { | 151 { |
179 /* start with empty packet ... */ | 152 /* start with empty packet ... */ |
180 » » if (s->s3->rbuf.left == 0) | 153 » » if (left == 0) |
181 » » » s->s3->rbuf.offset = 0; | 154 » » » rb->offset = align; |
182 » » s->packet = s->s3->rbuf.buf + s->s3->rbuf.offset; | 155 » » else if (align != 0 && left >= SSL3_RT_HEADER_LENGTH) |
| 156 » » » { |
| 157 » » » /* check if next packet length is large |
| 158 » » » * enough to justify payload alignment... */ |
| 159 » » » pkt = rb->buf + rb->offset; |
| 160 » » » if (pkt[0] == SSL3_RT_APPLICATION_DATA |
| 161 » » » && (pkt[3]<<8|pkt[4]) >= 128) |
| 162 » » » » { |
| 163 » » » » /* Note that even if packet is corrupted |
| 164 » » » » * and its length field is insane, we can |
| 165 » » » » * only be led to wrong decision about |
| 166 » » » » * whether memmove will occur or not. |
| 167 » » » » * Header values has no effect on memmove |
| 168 » » » » * arguments and therefore no buffer |
| 169 » » » » * overrun can be triggered. */ |
| 170 » » » » memmove (rb->buf+align,pkt,left); |
| 171 » » » » rb->offset = align; |
| 172 » » » » } |
| 173 » » » } |
| 174 » » s->packet = rb->buf + rb->offset; |
183 s->packet_length = 0; | 175 s->packet_length = 0; |
184 /* ... now we can act as if 'extend' was set */ | 176 /* ... now we can act as if 'extend' was set */ |
185 } | 177 } |
186 | 178 |
187 /* For DTLS/UDP reads should not span multiple packets | 179 /* For DTLS/UDP reads should not span multiple packets |
188 * because the read operation returns the whole packet | 180 * because the read operation returns the whole packet |
189 * at once (as long as it fits into the buffer). */ | 181 * at once (as long as it fits into the buffer). */ |
190 » if (SSL_version(s) == DTLS1_VERSION) | 182 » if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER) |
191 { | 183 { |
192 » » if ( s->s3->rbuf.left > 0 && n > s->s3->rbuf.left) | 184 » » if (left > 0 && n > left) |
193 » » » n = s->s3->rbuf.left; | 185 » » » n = left; |
194 } | 186 } |
195 | 187 |
196 /* if there is enough in the buffer from a previous read, take some */ | 188 /* if there is enough in the buffer from a previous read, take some */ |
197 » if (s->s3->rbuf.left >= (int)n) | 189 » if (left >= n) |
198 { | 190 { |
199 s->packet_length+=n; | 191 s->packet_length+=n; |
200 » » s->s3->rbuf.left-=n; | 192 » » rb->left=left-n; |
201 » » s->s3->rbuf.offset+=n; | 193 » » rb->offset+=n; |
202 return(n); | 194 return(n); |
203 } | 195 } |
204 | 196 |
205 /* else we need to read more data */ | 197 /* else we need to read more data */ |
206 if (!s->read_ahead) | |
207 max=n; | |
208 | 198 |
209 » { | 199 » len = s->packet_length; |
210 » » /* avoid buffer overflow */ | 200 » pkt = rb->buf+align; |
211 » » int max_max = s->s3->rbuf.len - s->packet_length; | 201 » /* Move any available bytes to front of buffer: |
212 » » if (max > max_max) | 202 » * 'len' bytes already pointed to by 'packet', |
213 » » » max = max_max; | 203 » * 'left' extra ones at the end */ |
214 » } | 204 » if (s->packet != pkt) /* len > 0 */ |
215 » if (n > max) /* does not happen */ | 205 » » { |
| 206 » » memmove(pkt, s->packet, len+left); |
| 207 » » s->packet = pkt; |
| 208 » » rb->offset = len + align; |
| 209 » » } |
| 210 |
| 211 » if (n > (int)(rb->len - rb->offset)) /* does not happen */ |
216 { | 212 { |
217 SSLerr(SSL_F_SSL3_READ_N,ERR_R_INTERNAL_ERROR); | 213 SSLerr(SSL_F_SSL3_READ_N,ERR_R_INTERNAL_ERROR); |
218 return -1; | 214 return -1; |
219 } | 215 } |
220 | 216 |
221 » off = s->packet_length; | 217 » if (!s->read_ahead) |
222 » newb = s->s3->rbuf.left; | 218 » » /* ignore max parameter */ |
223 » /* Move any available bytes to front of buffer: | 219 » » max = n; |
224 » * 'off' bytes already pointed to by 'packet', | 220 » else |
225 » * 'newb' extra ones at the end */ | |
226 » if (s->packet != s->s3->rbuf.buf) | |
227 { | 221 { |
228 » » /* off > 0 */ | 222 » » if (max < n) |
229 » » memmove(s->s3->rbuf.buf, s->packet, off+newb); | 223 » » » max = n; |
230 » » s->packet = s->s3->rbuf.buf; | 224 » » if (max > (int)(rb->len - rb->offset)) |
| 225 » » » max = rb->len - rb->offset; |
231 } | 226 } |
232 | 227 |
233 » while (newb < n) | 228 » while (left < n) |
234 { | 229 { |
235 » » /* Now we have off+newb bytes at the front of s->s3->rbuf.buf an
d need | 230 » » /* Now we have len+left bytes at the front of s->s3->rbuf.buf |
236 » » * to read in more until we have off+n (up to off+max if possibl
e) */ | 231 » » * and need to read in more until we have len+n (up to |
| 232 » » * len+max if possible) */ |
237 | 233 |
238 clear_sys_error(); | 234 clear_sys_error(); |
239 if (s->rbio != NULL) | 235 if (s->rbio != NULL) |
240 { | 236 { |
241 s->rwstate=SSL_READING; | 237 s->rwstate=SSL_READING; |
242 » » » i=BIO_read(s->rbio,» &(s->s3->rbuf.buf[off+newb]), ma
x-newb); | 238 » » » i=BIO_read(s->rbio,pkt+len+left, max-left); |
243 } | 239 } |
244 else | 240 else |
245 { | 241 { |
246 SSLerr(SSL_F_SSL3_READ_N,SSL_R_READ_BIO_NOT_SET); | 242 SSLerr(SSL_F_SSL3_READ_N,SSL_R_READ_BIO_NOT_SET); |
247 i = -1; | 243 i = -1; |
248 } | 244 } |
249 | 245 |
250 if (i <= 0) | 246 if (i <= 0) |
251 { | 247 { |
252 » » » s->s3->rbuf.left = newb; | 248 » » » rb->left = left; |
| 249 » » » if (s->mode & SSL_MODE_RELEASE_BUFFERS && |
| 250 » » » SSL_version(s) != DTLS1_VERSION && SSL_version(s) !=
DTLS1_BAD_VER) |
| 251 » » » » if (len+left == 0) |
| 252 » » » » » ssl3_release_read_buffer(s); |
253 return(i); | 253 return(i); |
254 } | 254 } |
255 » » newb+=i; | 255 » » left+=i; |
256 /* reads should *never* span multiple packets for DTLS because | 256 /* reads should *never* span multiple packets for DTLS because |
257 * the underlying transport protocol is message oriented as oppo
sed | 257 * the underlying transport protocol is message oriented as oppo
sed |
258 * to byte oriented as in the TLS case. */ | 258 * to byte oriented as in the TLS case. */ |
259 » » if (SSL_version(s) == DTLS1_VERSION) | 259 » » if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_B
AD_VER) |
260 { | 260 { |
261 » » » if (n > newb) | 261 » » » if (n > left) |
262 » » » » n = newb; /* makes the while condition false */ | 262 » » » » n = left; /* makes the while condition false */ |
263 } | 263 } |
264 } | 264 } |
265 | 265 |
266 /* done reading, now the book-keeping */ | 266 /* done reading, now the book-keeping */ |
267 » s->s3->rbuf.offset = off + n; | 267 » rb->offset += n; |
268 » s->s3->rbuf.left = newb - n; | 268 » rb->left = left - n; |
269 s->packet_length += n; | 269 s->packet_length += n; |
270 s->rwstate=SSL_NOTHING; | 270 s->rwstate=SSL_NOTHING; |
271 return(n); | 271 return(n); |
272 } | 272 } |
273 | 273 |
274 /* Call this to get a new input record. | 274 /* Call this to get a new input record. |
275 * It will return <= 0 if more data is needed, normally due to an error | 275 * It will return <= 0 if more data is needed, normally due to an error |
276 * or non-blocking IO. | 276 * or non-blocking IO. |
277 * When it finishes, one packet has been decoded and can be found in | 277 * When it finishes, one packet has been decoded and can be found in |
278 * ssl->s3->rrec.type - is the type of record | 278 * ssl->s3->rrec.type - is the type of record |
279 * ssl->s3->rrec.data, - data | 279 * ssl->s3->rrec.data, - data |
280 * ssl->s3->rrec.length, - number of bytes | 280 * ssl->s3->rrec.length, - number of bytes |
281 */ | 281 */ |
282 /* used only by ssl3_read_bytes */ | 282 /* used only by ssl3_read_bytes */ |
283 static int ssl3_get_record(SSL *s) | 283 static int ssl3_get_record(SSL *s) |
284 { | 284 { |
285 int ssl_major,ssl_minor,al; | 285 int ssl_major,ssl_minor,al; |
286 int enc_err,n,i,ret= -1; | 286 int enc_err,n,i,ret= -1; |
287 SSL3_RECORD *rr; | 287 SSL3_RECORD *rr; |
288 SSL_SESSION *sess; | 288 SSL_SESSION *sess; |
289 unsigned char *p; | 289 unsigned char *p; |
290 unsigned char md[EVP_MAX_MD_SIZE]; | 290 unsigned char md[EVP_MAX_MD_SIZE]; |
291 short version; | 291 short version; |
292 » unsigned int mac_size; | 292 » int mac_size; |
293 int clear=0; | 293 int clear=0; |
294 size_t extra; | 294 size_t extra; |
295 int decryption_failed_or_bad_record_mac = 0; | 295 int decryption_failed_or_bad_record_mac = 0; |
296 unsigned char *mac = NULL; | 296 unsigned char *mac = NULL; |
| 297 #if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0 |
| 298 long align=SSL3_ALIGN_PAYLOAD; |
| 299 #else |
| 300 long align=0; |
| 301 #endif |
297 | 302 |
298 rr= &(s->s3->rrec); | 303 rr= &(s->s3->rrec); |
299 sess=s->session; | 304 sess=s->session; |
300 | 305 |
301 if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER) | 306 if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER) |
302 extra=SSL3_RT_MAX_EXTRA; | 307 extra=SSL3_RT_MAX_EXTRA; |
303 else | 308 else |
304 extra=0; | 309 extra=0; |
305 » if (extra != s->s3->rbuf.len - SSL3_RT_MAX_PACKET_SIZE) | 310 » if (!(SSL_get_mode(s) & SSL_MODE_SMALL_BUFFERS) && |
| 311 » » extra && !s->s3->init_extra) |
306 { | 312 { |
307 » » /* actually likely an application error: SLS_OP_MICROSOFT_BIG_SS
LV3_BUFFER | 313 » » /* An application error: SLS_OP_MICROSOFT_BIG_SSLV3_BUFFER |
308 * set after ssl3_setup_buffers() was done */ | 314 * set after ssl3_setup_buffers() was done */ |
309 SSLerr(SSL_F_SSL3_GET_RECORD, ERR_R_INTERNAL_ERROR); | 315 SSLerr(SSL_F_SSL3_GET_RECORD, ERR_R_INTERNAL_ERROR); |
310 return -1; | 316 return -1; |
311 } | 317 } |
312 | 318 |
313 again: | 319 again: |
314 /* check if we have the header */ | 320 /* check if we have the header */ |
315 if ( (s->rstate != SSL_ST_READ_BODY) || | 321 if ( (s->rstate != SSL_ST_READ_BODY) || |
316 (s->packet_length < SSL3_RT_HEADER_LENGTH)) | 322 (s->packet_length < SSL3_RT_HEADER_LENGTH)) |
317 { | 323 { |
318 n=ssl3_read_n(s, SSL3_RT_HEADER_LENGTH, s->s3->rbuf.len, 0); | 324 n=ssl3_read_n(s, SSL3_RT_HEADER_LENGTH, s->s3->rbuf.len, 0); |
319 if (n <= 0) return(n); /* error or non-blocking */ | 325 if (n <= 0) return(n); /* error or non-blocking */ |
320 s->rstate=SSL_ST_READ_BODY; | 326 s->rstate=SSL_ST_READ_BODY; |
321 | 327 |
322 p=s->packet; | 328 p=s->packet; |
323 | 329 |
324 /* Pull apart the header into the SSL3_RECORD */ | 330 /* Pull apart the header into the SSL3_RECORD */ |
325 rr->type= *(p++); | 331 rr->type= *(p++); |
326 ssl_major= *(p++); | 332 ssl_major= *(p++); |
327 ssl_minor= *(p++); | 333 ssl_minor= *(p++); |
328 version=(ssl_major<<8)|ssl_minor; | 334 version=(ssl_major<<8)|ssl_minor; |
329 n2s(p,rr->length); | 335 n2s(p,rr->length); |
| 336 #if 0 |
| 337 fprintf(stderr, "Record type=%d, Length=%d\n", rr->type, rr->length); |
| 338 #endif |
330 | 339 |
331 /* Lets check version */ | 340 /* Lets check version */ |
332 if (!s->first_packet) | 341 if (!s->first_packet) |
333 { | 342 { |
334 if (version != s->version) | 343 if (version != s->version) |
335 { | 344 { |
336 SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION
_NUMBER); | 345 SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION
_NUMBER); |
337 if ((s->version & 0xFF00) == (version & 0xFF00)) | 346 if ((s->version & 0xFF00) == (version & 0xFF00)) |
338 /* Send back error using their minor ver
sion number :-) */ | 347 /* Send back error using their minor ver
sion number :-) */ |
339 s->version = (unsigned short)version; | 348 s->version = (unsigned short)version; |
340 al=SSL_AD_PROTOCOL_VERSION; | 349 al=SSL_AD_PROTOCOL_VERSION; |
341 goto f_err; | 350 goto f_err; |
342 } | 351 } |
343 } | 352 } |
344 | 353 |
345 if ((version>>8) != SSL3_VERSION_MAJOR) | 354 if ((version>>8) != SSL3_VERSION_MAJOR) |
346 { | 355 { |
347 SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER)
; | 356 SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER)
; |
348 goto err; | 357 goto err; |
349 } | 358 } |
350 | 359 |
351 » » if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH+extra) | 360 » » /* If we receive a valid record larger than the current buffer s
ize, |
| 361 » » * allocate some memory for it. |
| 362 » » */ |
| 363 » » if (rr->length > s->s3->rbuf.len - SSL3_RT_HEADER_LENGTH - align
) |
| 364 » » » { |
| 365 » » » if ((p=OPENSSL_realloc(s->s3->rbuf.buf, rr->length + SSL
3_RT_HEADER_LENGTH + align))==NULL) |
| 366 » » » » { |
| 367 » » » » SSLerr(SSL_F_SSL3_GET_RECORD,ERR_R_MALLOC_FAILUR
E); |
| 368 » » » » goto err; |
| 369 » » » » } |
| 370 » » » s->s3->rbuf.buf=p; |
| 371 » » » s->s3->rbuf.len=rr->length + SSL3_RT_HEADER_LENGTH + ali
gn; |
| 372 » » » s->packet= &(s->s3->rbuf.buf[0]); |
| 373 » » » } |
| 374 |
| 375 » » if (rr->length > s->s3->rbuf.len - SSL3_RT_HEADER_LENGTH) |
352 { | 376 { |
353 al=SSL_AD_RECORD_OVERFLOW; | 377 al=SSL_AD_RECORD_OVERFLOW; |
354 SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_PACKET_LENGTH_TOO_LON
G); | 378 SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_PACKET_LENGTH_TOO_LON
G); |
355 goto f_err; | 379 goto f_err; |
356 } | 380 } |
357 | 381 |
358 /* now s->rstate == SSL_ST_READ_BODY */ | 382 /* now s->rstate == SSL_ST_READ_BODY */ |
359 } | 383 } |
360 | 384 |
361 /* s->rstate == SSL_ST_READ_BODY, get and decode the data */ | 385 /* s->rstate == SSL_ST_READ_BODY, get and decode the data */ |
(...skipping 52 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
414 | 438 |
415 #ifdef TLS_DEBUG | 439 #ifdef TLS_DEBUG |
416 printf("dec %d\n",rr->length); | 440 printf("dec %d\n",rr->length); |
417 { unsigned int z; for (z=0; z<rr->length; z++) printf("%02X%c",rr->data[z],((z+1
)%16)?' ':'\n'); } | 441 { unsigned int z; for (z=0; z<rr->length; z++) printf("%02X%c",rr->data[z],((z+1
)%16)?' ':'\n'); } |
418 printf("\n"); | 442 printf("\n"); |
419 #endif | 443 #endif |
420 | 444 |
421 /* r->length is now the compressed data plus mac */ | 445 /* r->length is now the compressed data plus mac */ |
422 if ( (sess == NULL) || | 446 if ( (sess == NULL) || |
423 (s->enc_read_ctx == NULL) || | 447 (s->enc_read_ctx == NULL) || |
424 » » (s->read_hash == NULL)) | 448 » » (EVP_MD_CTX_md(s->read_hash) == NULL)) |
425 clear=1; | 449 clear=1; |
426 | 450 |
427 if (!clear) | 451 if (!clear) |
428 { | 452 { |
429 » » mac_size=EVP_MD_size(s->read_hash); | 453 » » /* !clear => s->read_hash != NULL => mac_size != -1 */ |
| 454 » » mac_size=EVP_MD_CTX_size(s->read_hash); |
| 455 » » OPENSSL_assert(mac_size >= 0); |
430 | 456 |
431 if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+extra+mac_size) | 457 if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+extra+mac_size) |
432 { | 458 { |
433 #if 0 /* OK only for stream ciphers (then rr->length is visible from ciphertext
anyway) */ | 459 #if 0 /* OK only for stream ciphers (then rr->length is visible from ciphertext
anyway) */ |
434 al=SSL_AD_RECORD_OVERFLOW; | 460 al=SSL_AD_RECORD_OVERFLOW; |
435 SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_PRE_MAC_LENGTH_TOO_LO
NG); | 461 SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_PRE_MAC_LENGTH_TOO_LO
NG); |
436 goto f_err; | 462 goto f_err; |
437 #else | 463 #else |
438 decryption_failed_or_bad_record_mac = 1; | 464 decryption_failed_or_bad_record_mac = 1; |
439 #endif | 465 #endif |
440 } | 466 } |
441 /* check the MAC for rr->input (it's in mac_size bytes at the ta
il) */ | 467 /* check the MAC for rr->input (it's in mac_size bytes at the ta
il) */ |
442 » » if (rr->length >= mac_size) | 468 » » if (rr->length >= (unsigned int)mac_size) |
443 { | 469 { |
444 rr->length -= mac_size; | 470 rr->length -= mac_size; |
445 mac = &rr->data[rr->length]; | 471 mac = &rr->data[rr->length]; |
446 } | 472 } |
447 else | 473 else |
448 { | 474 { |
449 /* record (minus padding) is too short to contain a MAC
*/ | 475 /* record (minus padding) is too short to contain a MAC
*/ |
450 #if 0 /* OK only for stream ciphers */ | 476 #if 0 /* OK only for stream ciphers */ |
451 al=SSL_AD_DECODE_ERROR; | 477 al=SSL_AD_DECODE_ERROR; |
452 SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_LENGTH_TOO_SHORT); | 478 SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_LENGTH_TOO_SHORT); |
453 goto f_err; | 479 goto f_err; |
454 #else | 480 #else |
455 decryption_failed_or_bad_record_mac = 1; | 481 decryption_failed_or_bad_record_mac = 1; |
456 rr->length = 0; | 482 rr->length = 0; |
457 #endif | 483 #endif |
458 } | 484 } |
459 i=s->method->ssl3_enc->mac(s,md,0); | 485 i=s->method->ssl3_enc->mac(s,md,0); |
460 » » if (mac == NULL || memcmp(md, mac, mac_size) != 0) | 486 » » if (i < 0 || mac == NULL || memcmp(md, mac, (size_t)mac_size) !=
0) |
461 { | 487 { |
462 decryption_failed_or_bad_record_mac = 1; | 488 decryption_failed_or_bad_record_mac = 1; |
463 } | 489 } |
464 } | 490 } |
465 | 491 |
466 if (decryption_failed_or_bad_record_mac) | 492 if (decryption_failed_or_bad_record_mac) |
467 { | 493 { |
468 /* A separate 'decryption_failed' alert was introduced with TLS
1.0, | 494 /* A separate 'decryption_failed' alert was introduced with TLS
1.0, |
469 * SSL 3.0 only has 'bad_record_mac'. But unless a decryption | 495 * SSL 3.0 only has 'bad_record_mac'. But unless a decryption |
470 * failure is directly visible from the ciphertext anyway, | 496 * failure is directly visible from the ciphertext anyway, |
(...skipping 36 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
507 * ssl->s3->rrec.data == where to take bytes from, increment | 533 * ssl->s3->rrec.data == where to take bytes from, increment |
508 * after use :-). | 534 * after use :-). |
509 */ | 535 */ |
510 | 536 |
511 /* we have pulled in a full packet so zero things */ | 537 /* we have pulled in a full packet so zero things */ |
512 s->packet_length=0; | 538 s->packet_length=0; |
513 | 539 |
514 /* just read a 0 length packet */ | 540 /* just read a 0 length packet */ |
515 if (rr->length == 0) goto again; | 541 if (rr->length == 0) goto again; |
516 | 542 |
| 543 #if 0 |
| 544 fprintf(stderr, "Ultimate Record type=%d, Length=%d\n", rr->type, rr->length); |
| 545 #endif |
| 546 |
517 return(1); | 547 return(1); |
518 | 548 |
519 f_err: | 549 f_err: |
520 ssl3_send_alert(s,SSL3_AL_FATAL,al); | 550 ssl3_send_alert(s,SSL3_AL_FATAL,al); |
521 err: | 551 err: |
522 return(ret); | 552 return(ret); |
523 } | 553 } |
524 | 554 |
525 int ssl3_do_uncompress(SSL *ssl) | 555 int ssl3_do_uncompress(SSL *ssl) |
526 { | 556 { |
(...skipping 34 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
561 } | 591 } |
562 | 592 |
563 /* Call this to write data in records of type 'type' | 593 /* Call this to write data in records of type 'type' |
564 * It will return <= 0 if not all data has been sent or non-blocking IO. | 594 * It will return <= 0 if not all data has been sent or non-blocking IO. |
565 */ | 595 */ |
566 int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) | 596 int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) |
567 { | 597 { |
568 const unsigned char *buf=buf_; | 598 const unsigned char *buf=buf_; |
569 unsigned int tot,n,nw; | 599 unsigned int tot,n,nw; |
570 int i; | 600 int i; |
| 601 unsigned int max_plain_length; |
571 | 602 |
572 s->rwstate=SSL_NOTHING; | 603 s->rwstate=SSL_NOTHING; |
573 tot=s->s3->wnum; | 604 tot=s->s3->wnum; |
574 s->s3->wnum=0; | 605 s->s3->wnum=0; |
575 | 606 |
576 if (SSL_in_init(s) && !s->in_handshake) | 607 if (SSL_in_init(s) && !s->in_handshake) |
577 { | 608 { |
578 i=s->handshake_func(s); | 609 i=s->handshake_func(s); |
579 if (i < 0) return(i); | 610 if (i < 0) return(i); |
580 if (i == 0) | 611 if (i == 0) |
581 { | 612 { |
582 SSLerr(SSL_F_SSL3_WRITE_BYTES,SSL_R_SSL_HANDSHAKE_FAILUR
E); | 613 SSLerr(SSL_F_SSL3_WRITE_BYTES,SSL_R_SSL_HANDSHAKE_FAILUR
E); |
583 return -1; | 614 return -1; |
584 } | 615 } |
585 } | 616 } |
586 | 617 |
587 n=(len-tot); | 618 n=(len-tot); |
588 for (;;) | 619 for (;;) |
589 { | 620 { |
590 » » if (n > SSL3_RT_MAX_PLAIN_LENGTH) | 621 » » if (type == SSL3_RT_APPLICATION_DATA && (SSL_get_mode(s) & SSL_M
ODE_SMALL_BUFFERS)) |
591 » » » nw=SSL3_RT_MAX_PLAIN_LENGTH; | 622 » » » max_plain_length = SSL3_RT_DEFAULT_PLAIN_LENGTH; |
| 623 » » else |
| 624 » » » max_plain_length = s->max_send_fragment; |
| 625 |
| 626 » » if (n > max_plain_length) |
| 627 » » » nw = max_plain_length; |
592 else | 628 else |
593 nw=n; | 629 nw=n; |
594 | 630 |
595 i=do_ssl3_write(s, type, &(buf[tot]), nw, 0); | 631 i=do_ssl3_write(s, type, &(buf[tot]), nw, 0); |
596 if (i <= 0) | 632 if (i <= 0) |
597 { | 633 { |
598 s->s3->wnum=tot; | 634 s->s3->wnum=tot; |
599 return i; | 635 return i; |
600 } | 636 } |
601 | 637 |
(...skipping 11 matching lines...) Expand all Loading... |
613 n-=i; | 649 n-=i; |
614 tot+=i; | 650 tot+=i; |
615 } | 651 } |
616 } | 652 } |
617 | 653 |
618 static int do_ssl3_write(SSL *s, int type, const unsigned char *buf, | 654 static int do_ssl3_write(SSL *s, int type, const unsigned char *buf, |
619 unsigned int len, int create_empty_fragment) | 655 unsigned int len, int create_empty_fragment) |
620 { | 656 { |
621 unsigned char *p,*plen; | 657 unsigned char *p,*plen; |
622 int i,mac_size,clear=0; | 658 int i,mac_size,clear=0; |
623 » int prefix_len = 0; | 659 » int prefix_len=0; |
| 660 » long align=0; |
624 SSL3_RECORD *wr; | 661 SSL3_RECORD *wr; |
625 » SSL3_BUFFER *wb; | 662 » SSL3_BUFFER *wb=&(s->s3->wbuf); |
626 SSL_SESSION *sess; | 663 SSL_SESSION *sess; |
627 | 664 |
| 665 if (wb->buf == NULL) |
| 666 if (!ssl3_setup_write_buffer(s)) |
| 667 return -1; |
| 668 |
628 /* first check if there is a SSL3_BUFFER still being written | 669 /* first check if there is a SSL3_BUFFER still being written |
629 * out. This will happen with non blocking IO */ | 670 * out. This will happen with non blocking IO */ |
630 » if (s->s3->wbuf.left != 0) | 671 » if (wb->left != 0) |
631 return(ssl3_write_pending(s,type,buf,len)); | 672 return(ssl3_write_pending(s,type,buf,len)); |
632 | 673 |
633 /* If we have an alert to send, lets send it */ | 674 /* If we have an alert to send, lets send it */ |
634 if (s->s3->alert_dispatch) | 675 if (s->s3->alert_dispatch) |
635 { | 676 { |
636 i=s->method->ssl_dispatch_alert(s); | 677 i=s->method->ssl_dispatch_alert(s); |
637 if (i <= 0) | 678 if (i <= 0) |
638 return(i); | 679 return(i); |
639 /* if it went, fall through and send more stuff */ | 680 /* if it went, fall through and send more stuff */ |
640 } | 681 } |
641 | 682 |
642 if (len == 0 && !create_empty_fragment) | 683 if (len == 0 && !create_empty_fragment) |
643 return 0; | 684 return 0; |
644 | 685 |
645 wr= &(s->s3->wrec); | 686 wr= &(s->s3->wrec); |
646 wb= &(s->s3->wbuf); | |
647 sess=s->session; | 687 sess=s->session; |
648 | 688 |
649 if ( (sess == NULL) || | 689 if ( (sess == NULL) || |
650 (s->enc_write_ctx == NULL) || | 690 (s->enc_write_ctx == NULL) || |
651 » » (s->write_hash == NULL)) | 691 » » (EVP_MD_CTX_md(s->write_hash) == NULL)) |
652 clear=1; | 692 clear=1; |
653 | 693 |
654 if (clear) | 694 if (clear) |
655 mac_size=0; | 695 mac_size=0; |
656 else | 696 else |
657 » » mac_size=EVP_MD_size(s->write_hash); | 697 » » { |
| 698 » » mac_size=EVP_MD_CTX_size(s->write_hash); |
| 699 » » if (mac_size < 0) |
| 700 » » » goto err; |
| 701 » » } |
658 | 702 |
659 /* 'create_empty_fragment' is true only when this function calls itself
*/ | 703 /* 'create_empty_fragment' is true only when this function calls itself
*/ |
660 if (!clear && !create_empty_fragment && !s->s3->empty_fragment_done) | 704 if (!clear && !create_empty_fragment && !s->s3->empty_fragment_done) |
661 { | 705 { |
662 /* countermeasure against known-IV weakness in CBC ciphersuites | 706 /* countermeasure against known-IV weakness in CBC ciphersuites |
663 * (see http://www.openssl.org/~bodo/tls-cbc.txt) */ | 707 * (see http://www.openssl.org/~bodo/tls-cbc.txt) */ |
664 | 708 |
665 if (s->s3->need_empty_fragments && type == SSL3_RT_APPLICATION_D
ATA) | 709 if (s->s3->need_empty_fragments && type == SSL3_RT_APPLICATION_D
ATA) |
666 { | 710 { |
667 /* recursive function call with 'create_empty_fragment'
set; | 711 /* recursive function call with 'create_empty_fragment'
set; |
668 * this prepares and buffers the data for an empty fragm
ent | 712 * this prepares and buffers the data for an empty fragm
ent |
669 * (these 'prefix_len' bytes are sent out later | 713 * (these 'prefix_len' bytes are sent out later |
670 * together with the actual payload) */ | 714 * together with the actual payload) */ |
671 prefix_len = do_ssl3_write(s, type, buf, 0, 1); | 715 prefix_len = do_ssl3_write(s, type, buf, 0, 1); |
672 if (prefix_len <= 0) | 716 if (prefix_len <= 0) |
673 goto err; | 717 goto err; |
674 | 718 |
675 » » » if (s->s3->wbuf.len < (size_t)prefix_len + SSL3_RT_MAX_P
ACKET_SIZE) | 719 » » » if (prefix_len > |
| 720 » » (SSL3_RT_HEADER_LENGTH + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD)) |
676 { | 721 { |
677 /* insufficient space */ | 722 /* insufficient space */ |
678 SSLerr(SSL_F_DO_SSL3_WRITE, ERR_R_INTERNAL_ERROR
); | 723 SSLerr(SSL_F_DO_SSL3_WRITE, ERR_R_INTERNAL_ERROR
); |
679 goto err; | 724 goto err; |
680 } | 725 } |
681 } | 726 } |
682 | 727 |
683 s->s3->empty_fragment_done = 1; | 728 s->s3->empty_fragment_done = 1; |
684 } | 729 } |
685 | 730 |
686 » p = wb->buf + prefix_len; | 731 » /* resize if necessary to hold the data. */ |
| 732 » if (len + SSL3_RT_DEFAULT_WRITE_OVERHEAD > wb->len) |
| 733 » » { |
| 734 » » if ((p=OPENSSL_realloc(wb->buf, len + SSL3_RT_DEFAULT_WRITE_OVER
HEAD))==NULL) |
| 735 » » » { |
| 736 » » » SSLerr(SSL_F_DO_SSL3_WRITE,ERR_R_MALLOC_FAILURE); |
| 737 » » » goto err; |
| 738 » » » } |
| 739 » » wb->buf = p; |
| 740 » » wb->len = len + SSL3_RT_DEFAULT_WRITE_OVERHEAD; |
| 741 » » } |
| 742 |
| 743 » if (create_empty_fragment) |
| 744 » » { |
| 745 #if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0 |
| 746 » » /* extra fragment would be couple of cipher blocks, |
| 747 » » * which would be multiple of SSL3_ALIGN_PAYLOAD, so |
| 748 » » * if we want to align the real payload, then we can |
| 749 » » * just pretent we simply have two headers. */ |
| 750 » » align = (long)wb->buf + 2*SSL3_RT_HEADER_LENGTH; |
| 751 » » align = (-align)&(SSL3_ALIGN_PAYLOAD-1); |
| 752 #endif |
| 753 » » p = wb->buf + align; |
| 754 » » wb->offset = align; |
| 755 » » } |
| 756 » else if (prefix_len) |
| 757 » » { |
| 758 » » p = wb->buf + wb->offset + prefix_len; |
| 759 » » } |
| 760 » else |
| 761 » » { |
| 762 #if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0 |
| 763 » » align = (long)wb->buf + SSL3_RT_HEADER_LENGTH; |
| 764 » » align = (-align)&(SSL3_ALIGN_PAYLOAD-1); |
| 765 #endif |
| 766 » » p = wb->buf + align; |
| 767 » » wb->offset = align; |
| 768 » » } |
687 | 769 |
688 /* write the header */ | 770 /* write the header */ |
689 | 771 |
690 *(p++)=type&0xff; | 772 *(p++)=type&0xff; |
691 wr->type=type; | 773 wr->type=type; |
692 | 774 |
693 *(p++)=(s->version>>8); | 775 *(p++)=(s->version>>8); |
694 *(p++)=s->version&0xff; | 776 *(p++)=s->version&0xff; |
695 | 777 |
696 /* field where we are to write out packet length */ | 778 /* field where we are to write out packet length */ |
(...skipping 22 matching lines...) Expand all Loading... |
719 memcpy(wr->data,wr->input,wr->length); | 801 memcpy(wr->data,wr->input,wr->length); |
720 wr->input=wr->data; | 802 wr->input=wr->data; |
721 } | 803 } |
722 | 804 |
723 /* we should still have the output to wr->data and the input | 805 /* we should still have the output to wr->data and the input |
724 * from wr->input. Length should be wr->length. | 806 * from wr->input. Length should be wr->length. |
725 * wr->data still points in the wb->buf */ | 807 * wr->data still points in the wb->buf */ |
726 | 808 |
727 if (mac_size != 0) | 809 if (mac_size != 0) |
728 { | 810 { |
729 » » s->method->ssl3_enc->mac(s,&(p[wr->length]),1); | 811 » » if (s->method->ssl3_enc->mac(s,&(p[wr->length]),1) < 0) |
| 812 » » » goto err; |
730 wr->length+=mac_size; | 813 wr->length+=mac_size; |
731 wr->input=p; | 814 wr->input=p; |
732 wr->data=p; | 815 wr->data=p; |
733 } | 816 } |
734 | 817 |
735 /* ssl3_enc can only have an error on read */ | 818 /* ssl3_enc can only have an error on read */ |
736 s->method->ssl3_enc->enc(s,1); | 819 s->method->ssl3_enc->enc(s,1); |
737 | 820 |
738 /* record length after mac and block padding */ | 821 /* record length after mac and block padding */ |
739 s2n(wr->length,plen); | 822 s2n(wr->length,plen); |
740 | 823 |
741 /* we should now have | 824 /* we should now have |
742 * wr->data pointing to the encrypted data, which is | 825 * wr->data pointing to the encrypted data, which is |
743 * wr->length long */ | 826 * wr->length long */ |
744 wr->type=type; /* not needed but helps for debugging */ | 827 wr->type=type; /* not needed but helps for debugging */ |
745 wr->length+=SSL3_RT_HEADER_LENGTH; | 828 wr->length+=SSL3_RT_HEADER_LENGTH; |
746 | 829 |
747 if (create_empty_fragment) | 830 if (create_empty_fragment) |
748 { | 831 { |
749 /* we are in a recursive call; | 832 /* we are in a recursive call; |
750 * just return the length, don't write out anything here | 833 * just return the length, don't write out anything here |
751 */ | 834 */ |
752 return wr->length; | 835 return wr->length; |
753 } | 836 } |
754 | 837 |
755 /* now let's set up wb */ | 838 /* now let's set up wb */ |
756 wb->left = prefix_len + wr->length; | 839 wb->left = prefix_len + wr->length; |
757 wb->offset = 0; | |
758 | 840 |
759 /* memorize arguments so that ssl3_write_pending can detect bad write re
tries later */ | 841 /* memorize arguments so that ssl3_write_pending can detect bad write re
tries later */ |
760 s->s3->wpend_tot=len; | 842 s->s3->wpend_tot=len; |
761 s->s3->wpend_buf=buf; | 843 s->s3->wpend_buf=buf; |
762 s->s3->wpend_type=type; | 844 s->s3->wpend_type=type; |
763 s->s3->wpend_ret=len; | 845 s->s3->wpend_ret=len; |
764 | 846 |
765 /* we now just need to write the buffer */ | 847 /* we now just need to write the buffer */ |
766 return ssl3_write_pending(s,type,buf,len); | 848 return ssl3_write_pending(s,type,buf,len); |
767 err: | 849 err: |
768 return -1; | 850 return -1; |
769 } | 851 } |
770 | 852 |
771 /* if s->s3->wbuf.left != 0, we need to call this */ | 853 /* if s->s3->wbuf.left != 0, we need to call this */ |
772 int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, | 854 int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, |
773 unsigned int len) | 855 unsigned int len) |
774 { | 856 { |
775 int i; | 857 int i; |
| 858 SSL3_BUFFER *wb=&(s->s3->wbuf); |
776 | 859 |
777 /* XXXX */ | 860 /* XXXX */ |
778 if ((s->s3->wpend_tot > (int)len) | 861 if ((s->s3->wpend_tot > (int)len) |
779 || ((s->s3->wpend_buf != buf) && | 862 || ((s->s3->wpend_buf != buf) && |
780 !(s->mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER)) | 863 !(s->mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER)) |
781 || (s->s3->wpend_type != type)) | 864 || (s->s3->wpend_type != type)) |
782 { | 865 { |
783 SSLerr(SSL_F_SSL3_WRITE_PENDING,SSL_R_BAD_WRITE_RETRY); | 866 SSLerr(SSL_F_SSL3_WRITE_PENDING,SSL_R_BAD_WRITE_RETRY); |
784 return(-1); | 867 return(-1); |
785 } | 868 } |
786 | 869 |
787 for (;;) | 870 for (;;) |
788 { | 871 { |
789 clear_sys_error(); | 872 clear_sys_error(); |
790 if (s->wbio != NULL) | 873 if (s->wbio != NULL) |
791 { | 874 { |
792 s->rwstate=SSL_WRITING; | 875 s->rwstate=SSL_WRITING; |
793 i=BIO_write(s->wbio, | 876 i=BIO_write(s->wbio, |
794 » » » » (char *)&(s->s3->wbuf.buf[s->s3->wbuf.offset]), | 877 » » » » (char *)&(wb->buf[wb->offset]), |
795 » » » » (unsigned int)s->s3->wbuf.left); | 878 » » » » (unsigned int)wb->left); |
796 } | 879 } |
797 else | 880 else |
798 { | 881 { |
799 SSLerr(SSL_F_SSL3_WRITE_PENDING,SSL_R_BIO_NOT_SET); | 882 SSLerr(SSL_F_SSL3_WRITE_PENDING,SSL_R_BIO_NOT_SET); |
800 i= -1; | 883 i= -1; |
801 } | 884 } |
802 » » if (i == s->s3->wbuf.left) | 885 » » if (i == wb->left) |
803 { | 886 { |
804 » » » s->s3->wbuf.left=0; | 887 » » » wb->left=0; |
| 888 » » » wb->offset+=i; |
| 889 » » » if (s->mode & SSL_MODE_RELEASE_BUFFERS && |
| 890 » » » SSL_version(s) != DTLS1_VERSION && SSL_version(s) !=
DTLS1_BAD_VER) |
| 891 » » » » ssl3_release_write_buffer(s); |
805 s->rwstate=SSL_NOTHING; | 892 s->rwstate=SSL_NOTHING; |
806 return(s->s3->wpend_ret); | 893 return(s->s3->wpend_ret); |
807 } | 894 } |
808 else if (i <= 0) { | 895 else if (i <= 0) { |
809 if (s->version == DTLS1_VERSION || | 896 if (s->version == DTLS1_VERSION || |
810 s->version == DTLS1_BAD_VER) { | 897 s->version == DTLS1_BAD_VER) { |
811 /* For DTLS, just drop it. That's kind of the wh
ole | 898 /* For DTLS, just drop it. That's kind of the wh
ole |
812 point in using a datagram service */ | 899 point in using a datagram service */ |
813 » » » » s->s3->wbuf.left = 0; | 900 » » » » wb->left = 0; |
814 } | 901 } |
815 return(i); | 902 return(i); |
816 } | 903 } |
817 » » s->s3->wbuf.offset+=i; | 904 » » wb->offset+=i; |
818 » » s->s3->wbuf.left-=i; | 905 » » wb->left-=i; |
819 } | 906 } |
820 } | 907 } |
821 | 908 |
822 /* Return up to 'len' payload bytes received in 'type' records. | 909 /* Return up to 'len' payload bytes received in 'type' records. |
823 * 'type' is one of the following: | 910 * 'type' is one of the following: |
824 * | 911 * |
825 * - SSL3_RT_HANDSHAKE (when ssl3_get_message calls us) | 912 * - SSL3_RT_HANDSHAKE (when ssl3_get_message calls us) |
826 * - SSL3_RT_APPLICATION_DATA (when ssl3_read calls us) | 913 * - SSL3_RT_APPLICATION_DATA (when ssl3_read calls us) |
827 * - 0 (during a shutdown, no data has to be returned) | 914 * - 0 (during a shutdown, no data has to be returned) |
828 * | 915 * |
(...skipping 18 matching lines...) Expand all Loading... |
847 * none of our business | 934 * none of our business |
848 */ | 935 */ |
849 int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) | 936 int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) |
850 { | 937 { |
851 int al,i,j,ret; | 938 int al,i,j,ret; |
852 unsigned int n; | 939 unsigned int n; |
853 SSL3_RECORD *rr; | 940 SSL3_RECORD *rr; |
854 void (*cb)(const SSL *ssl,int type2,int val)=NULL; | 941 void (*cb)(const SSL *ssl,int type2,int val)=NULL; |
855 | 942 |
856 if (s->s3->rbuf.buf == NULL) /* Not initialized yet */ | 943 if (s->s3->rbuf.buf == NULL) /* Not initialized yet */ |
857 » » if (!ssl3_setup_buffers(s)) | 944 » » if (!ssl3_setup_read_buffer(s)) |
858 return(-1); | 945 return(-1); |
859 | 946 |
860 if ((type && (type != SSL3_RT_APPLICATION_DATA) && (type != SSL3_RT_HAND
SHAKE) && type) || | 947 if ((type && (type != SSL3_RT_APPLICATION_DATA) && (type != SSL3_RT_HAND
SHAKE) && type) || |
861 (peek && (type != SSL3_RT_APPLICATION_DATA))) | 948 (peek && (type != SSL3_RT_APPLICATION_DATA))) |
862 { | 949 { |
863 SSLerr(SSL_F_SSL3_READ_BYTES, ERR_R_INTERNAL_ERROR); | 950 SSLerr(SSL_F_SSL3_READ_BYTES, ERR_R_INTERNAL_ERROR); |
864 return -1; | 951 return -1; |
865 } | 952 } |
866 | 953 |
867 if ((type == SSL3_RT_HANDSHAKE) && (s->s3->handshake_fragment_len > 0)) | 954 if ((type == SSL3_RT_HANDSHAKE) && (s->s3->handshake_fragment_len > 0)) |
(...skipping 88 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
956 | 1043 |
957 memcpy(buf,&(rr->data[rr->off]),n); | 1044 memcpy(buf,&(rr->data[rr->off]),n); |
958 if (!peek) | 1045 if (!peek) |
959 { | 1046 { |
960 rr->length-=n; | 1047 rr->length-=n; |
961 rr->off+=n; | 1048 rr->off+=n; |
962 if (rr->length == 0) | 1049 if (rr->length == 0) |
963 { | 1050 { |
964 s->rstate=SSL_ST_READ_HEADER; | 1051 s->rstate=SSL_ST_READ_HEADER; |
965 rr->off=0; | 1052 rr->off=0; |
| 1053 if (s->mode & SSL_MODE_RELEASE_BUFFERS) |
| 1054 ssl3_release_read_buffer(s); |
966 } | 1055 } |
967 } | 1056 } |
968 return(n); | 1057 return(n); |
969 } | 1058 } |
970 | 1059 |
971 | 1060 |
972 /* If we get here, then type != rr->type; if we have a handshake | 1061 /* If we get here, then type != rr->type; if we have a handshake |
973 * message, then it was unexpected (Hello Request or Client Hello). */ | 1062 * message, then it was unexpected (Hello Request or Client Hello). */ |
974 | 1063 |
975 /* In case of record types for which we have 'fragment' storage, | 1064 /* In case of record types for which we have 'fragment' storage, |
(...skipping 324 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1300 | 1389 |
1301 f_err: | 1390 f_err: |
1302 ssl3_send_alert(s,SSL3_AL_FATAL,al); | 1391 ssl3_send_alert(s,SSL3_AL_FATAL,al); |
1303 err: | 1392 err: |
1304 return(-1); | 1393 return(-1); |
1305 } | 1394 } |
1306 | 1395 |
1307 int ssl3_do_change_cipher_spec(SSL *s) | 1396 int ssl3_do_change_cipher_spec(SSL *s) |
1308 { | 1397 { |
1309 int i; | 1398 int i; |
| 1399 #ifdef OPENSSL_NO_NEXTPROTONEG |
| 1400 const char *sender; |
| 1401 int slen; |
| 1402 #endif |
1310 | 1403 |
1311 if (s->state & SSL_ST_ACCEPT) | 1404 if (s->state & SSL_ST_ACCEPT) |
1312 i=SSL3_CHANGE_CIPHER_SERVER_READ; | 1405 i=SSL3_CHANGE_CIPHER_SERVER_READ; |
1313 else | 1406 else |
1314 i=SSL3_CHANGE_CIPHER_CLIENT_READ; | 1407 i=SSL3_CHANGE_CIPHER_CLIENT_READ; |
1315 | 1408 |
1316 if (s->s3->tmp.key_block == NULL) | 1409 if (s->s3->tmp.key_block == NULL) |
1317 { | 1410 { |
1318 if (s->session == NULL) | 1411 if (s->session == NULL) |
1319 { | 1412 { |
1320 /* might happen if dtls1_read_bytes() calls this */ | 1413 /* might happen if dtls1_read_bytes() calls this */ |
1321 SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC,SSL_R_CCS_RECEIV
ED_EARLY); | 1414 SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC,SSL_R_CCS_RECEIV
ED_EARLY); |
1322 return (0); | 1415 return (0); |
1323 } | 1416 } |
1324 | 1417 |
1325 s->session->cipher=s->s3->tmp.new_cipher; | 1418 s->session->cipher=s->s3->tmp.new_cipher; |
1326 if (!s->method->ssl3_enc->setup_key_block(s)) return(0); | 1419 if (!s->method->ssl3_enc->setup_key_block(s)) return(0); |
1327 } | 1420 } |
1328 | 1421 |
1329 if (!s->method->ssl3_enc->change_cipher_state(s,i)) | 1422 if (!s->method->ssl3_enc->change_cipher_state(s,i)) |
1330 return(0); | 1423 return(0); |
1331 | 1424 |
| 1425 #ifdef OPENSSL_NO_NEXTPROTONEG |
| 1426 /* we have to record the message digest at |
| 1427 * this point so we can get it before we read |
| 1428 * the finished message */ |
| 1429 if (s->state & SSL_ST_CONNECT) |
| 1430 { |
| 1431 sender=s->method->ssl3_enc->server_finished_label; |
| 1432 slen=s->method->ssl3_enc->server_finished_label_len; |
| 1433 } |
| 1434 else |
| 1435 { |
| 1436 sender=s->method->ssl3_enc->client_finished_label; |
| 1437 slen=s->method->ssl3_enc->client_finished_label_len; |
| 1438 } |
| 1439 |
| 1440 s->s3->tmp.peer_finish_md_len = s->method->ssl3_enc->final_finish_mac(s, |
| 1441 sender,slen,s->s3->tmp.peer_finish_md); |
| 1442 #endif |
| 1443 |
1332 return(1); | 1444 return(1); |
1333 } | 1445 } |
1334 | 1446 |
1335 int ssl3_send_alert(SSL *s, int level, int desc) | 1447 int ssl3_send_alert(SSL *s, int level, int desc) |
1336 { | 1448 { |
1337 /* Map tls/ssl alert value to correct one */ | 1449 /* Map tls/ssl alert value to correct one */ |
1338 desc=s->method->ssl3_enc->alert_value(desc); | 1450 desc=s->method->ssl3_enc->alert_value(desc); |
1339 if (s->version == SSL3_VERSION && desc == SSL_AD_PROTOCOL_VERSION) | 1451 if (s->version == SSL3_VERSION && desc == SSL_AD_PROTOCOL_VERSION) |
1340 desc = SSL_AD_HANDSHAKE_FAILURE; /* SSL 3.0 does not have protoc
ol_version alerts */ | 1452 desc = SSL_AD_HANDSHAKE_FAILURE; /* SSL 3.0 does not have protoc
ol_version alerts */ |
1341 if (desc < 0) return -1; | 1453 if (desc < 0) return -1; |
(...skipping 39 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1381 cb=s->ctx->info_callback; | 1493 cb=s->ctx->info_callback; |
1382 | 1494 |
1383 if (cb != NULL) | 1495 if (cb != NULL) |
1384 { | 1496 { |
1385 j=(s->s3->send_alert[0]<<8)|s->s3->send_alert[1]; | 1497 j=(s->s3->send_alert[0]<<8)|s->s3->send_alert[1]; |
1386 cb(s,SSL_CB_WRITE_ALERT,j); | 1498 cb(s,SSL_CB_WRITE_ALERT,j); |
1387 } | 1499 } |
1388 } | 1500 } |
1389 return(i); | 1501 return(i); |
1390 } | 1502 } |
OLD | NEW |