projects
/
openssl.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Add more error state transitions (client)
[openssl.git]
/
ssl
/
s3_lib.c
diff --git
a/ssl/s3_lib.c
b/ssl/s3_lib.c
index 9893930eef478d48eeaf634aaced9a42cb086560..a962b5cb6316b801e8a25bc24bba47f9abd21d6d 100644
(file)
--- a/
ssl/s3_lib.c
+++ b/
ssl/s3_lib.c
@@
-159,7
+159,7
@@
const char ssl3_version_str[] = "SSLv3" OPENSSL_VERSION_PTEXT;
const char ssl3_version_str[] = "SSLv3" OPENSSL_VERSION_PTEXT;
-#define SSL3_NUM_CIPHERS
(sizeof(ssl3_ciphers)/sizeof(SSL_CIPHER)
)
+#define SSL3_NUM_CIPHERS
OSSL_NELEM(ssl3_ciphers
)
/* list of available SSLv3 ciphers (sorted by id) */
OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
/* list of available SSLv3 ciphers (sorted by id) */
OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
@@
-3078,15
+3078,6
@@
const SSL_CIPHER *ssl3_get_cipher(unsigned int u)
return (NULL);
}
return (NULL);
}
-int ssl3_pending(const SSL *s)
-{
- if (s->rstate == SSL_ST_READ_BODY)
- return 0;
-
- return (s->s3->rrec.type ==
- SSL3_RT_APPLICATION_DATA) ? s->s3->rrec.length : 0;
-}
-
int ssl3_set_handshake_header(SSL *s, int htype, unsigned long len)
{
unsigned char *p = (unsigned char *)s->init_buf->data;
int ssl3_set_handshake_header(SSL *s, int htype, unsigned long len)
{
unsigned char *p = (unsigned char *)s->init_buf->data;
@@
-3107,16
+3098,13
@@
int ssl3_new(SSL *s)
{
SSL3_STATE *s3;
{
SSL3_STATE *s3;
- if ((s3 = OPENSSL_malloc(sizeof
*s3
)) == NULL)
+ if ((s3 = OPENSSL_malloc(sizeof
(*s3)
)) == NULL)
goto err;
goto err;
- memset(s3, 0, sizeof *s3);
- memset(s3->rrec.seq_num, 0, sizeof(s3->rrec.seq_num));
- memset(s3->wrec.seq_num, 0, sizeof(s3->wrec.seq_num));
-
+ memset(s3, 0, sizeof(*s3));
s->s3 = s3;
s->s3 = s3;
-
+
#ifndef OPENSSL_NO_SRP
#ifndef OPENSSL_NO_SRP
- if(!SSL_SRP_CTX_init(s))
+ if
(!SSL_SRP_CTX_init(s))
goto err;
#endif
s->method->ssl_clear(s);
goto err;
#endif
s->method->ssl_clear(s);
@@
-3131,63
+3119,42
@@
void ssl3_free(SSL *s)
return;
ssl3_cleanup_key_block(s);
return;
ssl3_cleanup_key_block(s);
- if (s->s3->rbuf.buf != NULL)
- ssl3_release_read_buffer(s);
- if (s->s3->wbuf.buf != NULL)
- ssl3_release_write_buffer(s);
- if (s->s3->rrec.comp != NULL)
- OPENSSL_free(s->s3->rrec.comp);
#ifndef OPENSSL_NO_DH
DH_free(s->s3->tmp.dh);
#endif
#ifndef OPENSSL_NO_EC
#ifndef OPENSSL_NO_DH
DH_free(s->s3->tmp.dh);
#endif
#ifndef OPENSSL_NO_EC
- if (s->s3->tmp.ecdh != NULL)
- EC_KEY_free(s->s3->tmp.ecdh);
+ EC_KEY_free(s->s3->tmp.ecdh);
#endif
#endif
- if (s->s3->tmp.ca_names != NULL)
- sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);
- if (s->s3->handshake_buffer) {
- BIO_free(s->s3->handshake_buffer);
- }
+ sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);
+ BIO_free(s->s3->handshake_buffer);
if (s->s3->handshake_dgst)
ssl3_free_digest_list(s);
#ifndef OPENSSL_NO_TLSEXT
if (s->s3->handshake_dgst)
ssl3_free_digest_list(s);
#ifndef OPENSSL_NO_TLSEXT
- if (s->s3->alpn_selected)
- OPENSSL_free(s->s3->alpn_selected);
+ OPENSSL_free(s->s3->alpn_selected);
#endif
#ifndef OPENSSL_NO_SRP
SSL_SRP_CTX_free(s);
#endif
#endif
#ifndef OPENSSL_NO_SRP
SSL_SRP_CTX_free(s);
#endif
- OPENSSL_cleanse(s->s3, sizeof *s->s3);
- OPENSSL_free(s->s3);
+ OPENSSL_clear_free(s->s3, sizeof(*s->s3));
s->s3 = NULL;
}
void ssl3_clear(SSL *s)
{
s->s3 = NULL;
}
void ssl3_clear(SSL *s)
{
- unsigned char *rp, *wp;
- size_t rlen, wlen;
int init_extra;
ssl3_cleanup_key_block(s);
int init_extra;
ssl3_cleanup_key_block(s);
- if (s->s3->tmp.ca_names != NULL)
- sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);
+ sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);
- if (s->s3->rrec.comp != NULL) {
- OPENSSL_free(s->s3->rrec.comp);
- s->s3->rrec.comp = NULL;
- }
#ifndef OPENSSL_NO_DH
DH_free(s->s3->tmp.dh);
s->s3->tmp.dh = NULL;
#endif
#ifndef OPENSSL_NO_EC
#ifndef OPENSSL_NO_DH
DH_free(s->s3->tmp.dh);
s->s3->tmp.dh = NULL;
#endif
#ifndef OPENSSL_NO_EC
- if (s->s3->tmp.ecdh != NULL) {
- EC_KEY_free(s->s3->tmp.ecdh);
- s->s3->tmp.ecdh = NULL;
- }
+ EC_KEY_free(s->s3->tmp.ecdh);
+ s->s3->tmp.ecdh = NULL;
#endif
#ifndef OPENSSL_NO_TLSEXT
# ifndef OPENSSL_NO_EC
#endif
#ifndef OPENSSL_NO_TLSEXT
# ifndef OPENSSL_NO_EC
@@
-3195,15
+3162,9
@@
void ssl3_clear(SSL *s)
# endif /* !OPENSSL_NO_EC */
#endif /* !OPENSSL_NO_TLSEXT */
# endif /* !OPENSSL_NO_EC */
#endif /* !OPENSSL_NO_TLSEXT */
- rp = s->s3->rbuf.buf;
- wp = s->s3->wbuf.buf;
- rlen = s->s3->rbuf.len;
- wlen = s->s3->wbuf.len;
init_extra = s->s3->init_extra;
init_extra = s->s3->init_extra;
- if (s->s3->handshake_buffer) {
- BIO_free(s->s3->handshake_buffer);
- s->s3->handshake_buffer = NULL;
- }
+ BIO_free(s->s3->handshake_buffer);
+ s->s3->handshake_buffer = NULL;
if (s->s3->handshake_dgst) {
ssl3_free_digest_list(s);
}
if (s->s3->handshake_dgst) {
ssl3_free_digest_list(s);
}
@@
-3213,16
+3174,11
@@
void ssl3_clear(SSL *s)
s->s3->alpn_selected = NULL;
}
#endif
s->s3->alpn_selected = NULL;
}
#endif
- memset(s->s3, 0, sizeof *s->s3);
- s->s3->rbuf.buf = rp;
- s->s3->wbuf.buf = wp;
- s->s3->rbuf.len = rlen;
- s->s3->wbuf.len = wlen;
+ memset(s->s3, 0, sizeof(*s->s3));
s->s3->init_extra = init_extra;
ssl_free_wbio_buffer(s);
s->s3->init_extra = init_extra;
ssl_free_wbio_buffer(s);
- s->packet_length = 0;
s->s3->renegotiate = 0;
s->s3->total_renegotiations = 0;
s->s3->num_renegotiations = 0;
s->s3->renegotiate = 0;
s->s3->total_renegotiations = 0;
s->s3->num_renegotiations = 0;
@@
-3230,11
+3186,9
@@
void ssl3_clear(SSL *s)
s->version = SSL3_VERSION;
#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
s->version = SSL3_VERSION;
#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
- if (s->next_proto_negotiated) {
- OPENSSL_free(s->next_proto_negotiated);
- s->next_proto_negotiated = NULL;
- s->next_proto_negotiated_len = 0;
- }
+ OPENSSL_free(s->next_proto_negotiated);
+ s->next_proto_negotiated = NULL;
+ s->next_proto_negotiated_len = 0;
#endif
}
#endif
}
@@
-3360,8
+3314,7
@@
long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
return (ret);
}
}
return (ret);
}
}
- if (s->cert->ecdh_tmp != NULL)
- EC_KEY_free(s->cert->ecdh_tmp);
+ EC_KEY_free(s->cert->ecdh_tmp);
s->cert->ecdh_tmp = ecdh;
ret = 1;
}
s->cert->ecdh_tmp = ecdh;
ret = 1;
}
@@
-3375,8
+3328,7
@@
long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
#ifndef OPENSSL_NO_TLSEXT
case SSL_CTRL_SET_TLSEXT_HOSTNAME:
if (larg == TLSEXT_NAMETYPE_host_name) {
#ifndef OPENSSL_NO_TLSEXT
case SSL_CTRL_SET_TLSEXT_HOSTNAME:
if (larg == TLSEXT_NAMETYPE_host_name) {
- if (s->tlsext_hostname != NULL)
- OPENSSL_free(s->tlsext_hostname);
+ OPENSSL_free(s->tlsext_hostname);
s->tlsext_hostname = NULL;
ret = 1;
s->tlsext_hostname = NULL;
ret = 1;
@@
-3430,8
+3382,7
@@
long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
return s->tlsext_ocsp_resplen;
case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP:
return s->tlsext_ocsp_resplen;
case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP:
- if (s->tlsext_ocsp_resp)
- OPENSSL_free(s->tlsext_ocsp_resp);
+ OPENSSL_free(s->tlsext_ocsp_resp);
s->tlsext_ocsp_resp = parg;
s->tlsext_ocsp_resplen = larg;
ret = 1;
s->tlsext_ocsp_resp = parg;
s->tlsext_ocsp_resplen = larg;
ret = 1;
@@
-3618,7
+3569,6
@@
long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
ptmp = EVP_PKEY_new();
if (!ptmp)
return 0;
ptmp = EVP_PKEY_new();
if (!ptmp)
return 0;
- if (0) ;
#ifndef OPENSSL_NO_RSA
else if (sc->peer_rsa_tmp)
rv = EVP_PKEY_set1_RSA(ptmp, sc->peer_rsa_tmp);
#ifndef OPENSSL_NO_RSA
else if (sc->peer_rsa_tmp)
rv = EVP_PKEY_set1_RSA(ptmp, sc->peer_rsa_tmp);
@@
-3833,9
+3783,7
@@
long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
}
}
}
}
- if (cert->ecdh_tmp != NULL) {
- EC_KEY_free(cert->ecdh_tmp);
- }
+ EC_KEY_free(cert->ecdh_tmp);
cert->ecdh_tmp = ecdh;
return 1;
}
cert->ecdh_tmp = ecdh;
return 1;
}
@@
-3879,8
+3827,7
@@
long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
# ifndef OPENSSL_NO_SRP
case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME:
ctx->srp_ctx.srp_Mask |= SSL_kSRP;
# ifndef OPENSSL_NO_SRP
case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME:
ctx->srp_ctx.srp_Mask |= SSL_kSRP;
- if (ctx->srp_ctx.login != NULL)
- OPENSSL_free(ctx->srp_ctx.login);
+ OPENSSL_free(ctx->srp_ctx.login);
ctx->srp_ctx.login = NULL;
if (parg == NULL)
break;
ctx->srp_ctx.login = NULL;
if (parg == NULL)
break;
@@
-3968,10
+3915,8
@@
long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
break;
case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS:
break;
case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS:
- if (ctx->extra_certs) {
- sk_X509_pop_free(ctx->extra_certs, X509_free);
- ctx->extra_certs = NULL;
- }
+ sk_X509_pop_free(ctx->extra_certs, X509_free);
+ ctx->extra_certs = NULL;
break;
case SSL_CTRL_CHAIN:
break;
case SSL_CTRL_CHAIN:
@@
-4329,10
+4274,8
@@
int ssl3_get_req_cert_type(SSL *s, unsigned char *p)
static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len)
{
static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len)
{
- if (c->ctypes) {
- OPENSSL_free(c->ctypes);
- c->ctypes = NULL;
- }
+ OPENSSL_free(c->ctypes);
+ c->ctypes = NULL;
if (!p || !len)
return 1;
if (len > 0xff)
if (!p || !len)
return 1;
if (len > 0xff)
@@
-4504,8
+4447,9
@@
int ssl3_renegotiate_check(SSL *s)
int ret = 0;
if (s->s3->renegotiate) {
int ret = 0;
if (s->s3->renegotiate) {
- if ((s->s3->rbuf.left == 0) &&
- (s->s3->wbuf.left == 0) && !SSL_in_init(s)) {
+ if (!RECORD_LAYER_read_pending(&s->rlayer)
+ && !RECORD_LAYER_write_pending(&s->rlayer)
+ && !SSL_in_init(s)) {
/*
* if we are the server, and we have sent a 'RENEGOTIATE'
* message, we need to go to SSL_ST_ACCEPT.
/*
* if we are the server, and we have sent a 'RENEGOTIATE'
* message, we need to go to SSL_ST_ACCEPT.