X-Git-Url: https://git.openssl.org/?a=blobdiff_plain;f=ssl%2Fs3_pkt.c;h=1ce30ff5a191238579e5ee3f4da054cfa1eaf1de;hb=150a4320d8005c6a97b36a6fabb38f723afba720;hp=3be69ef13889c3834bb9a0fcbac291b975c064ba;hpb=b7896b3cb86d80206af14a14d69b0717786f2729;p=openssl.git diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c index 3be69ef138..1ce30ff5a1 100644 --- a/ssl/s3_pkt.c +++ b/ssl/s3_pkt.c @@ -1,5 +1,5 @@ /* ssl/s3_pkt.c */ -/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written @@ -59,47 +59,19 @@ #include #include #define USE_SOCKETS -#include "evp.h" -#include "buffer.h" +#include +#include #include "ssl_locl.h" -/* SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_PEER_ERROR_NO_CIPHER); - * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_PEER_ERROR_NO_CERTIFICATE); - * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_PEER_ERROR_CERTIFICATE); - * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE); - * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_UNKNOWN_REMOTE_ERROR_TYPE); - * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE); - * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_BAD_RECORD_MAC); - * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE); - * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE); - * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_NO_CERTIFICATE); - * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_BAD_CERTIFICATE); - * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE); - * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED); - * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED); - * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN); - * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER); - */ - -#ifndef NOPROTO -static int do_ssl3_write(SSL *s, int type, char *buf, unsigned int len); -static int ssl3_write_pending(SSL *s, int type, char *buf, unsigned int len); +static int do_ssl3_write(SSL *s, int type, const unsigned char *buf, + unsigned int len); +static int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, + unsigned int len); static int ssl3_get_record(SSL *s); static int do_compress(SSL *ssl); static int do_uncompress(SSL *ssl); -#else -static int do_ssl3_write(); -static int ssl3_write_pending(); -static int ssl3_get_record(); -static int do_compress(); -static int do_uncompress(); -#endif - -static int ssl3_read_n(s,n,max,extend) -SSL *s; -int n; -int max; -int extend; +static int do_change_cipher_spec(SSL *ssl); +static int ssl3_read_n(SSL *s, int n, int max, int extend) { int i,off,newb; @@ -159,7 +131,7 @@ int extend; while (newb < n) { - errno=0; + clear_sys_error(); if (s->rbio != NULL) { s->rwstate=SSL_READING; @@ -208,8 +180,7 @@ int extend; * ssl->s3->rrec.data, - data * ssl->s3->rrec.length, - number of bytes */ -static int ssl3_get_record(s) -SSL *s; +static int ssl3_get_record(SSL *s) { int ssl_major,ssl_minor,al; int n,i,ret= -1; @@ -226,7 +197,7 @@ SSL *s; rb= &(s->s3->rbuf); sess=s->session; - if (s->ctx->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER) + if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER) extra=SSL3_RT_MAX_EXTRA; else extra=0; @@ -257,25 +228,27 @@ again: } else { - if ( (ssl_major != SSL3_VERSION_MAJOR) || - (ssl_minor != SSL3_VERSION_MINOR)) - { - al=SSL3_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER); - goto f_err; - } + if (version != s->version) + { + SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER); + /* Send back error using their + * version number :-) */ + s->version=version; + al=SSL_AD_PROTOCOL_VERSION; + goto f_err; + } } - if (s->version != SSL3_VERSION_MAJOR) + if ((version>>8) != SSL3_VERSION_MAJOR) { - SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_INTERNAL_ERROR); + SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER); goto err; } if (rr->length > (unsigned int)SSL3_RT_MAX_ENCRYPTED_LENGTH+extra) { - al=SSL3_AD_ILLEGAL_PARAMETER; + al=SSL_AD_RECORD_OVERFLOW; SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_PACKET_LENGTH_TOO_LONG); goto f_err; } @@ -319,7 +292,7 @@ again: /* check is not needed I belive */ if (rr->length > (unsigned int)SSL3_RT_MAX_ENCRYPTED_LENGTH+extra) { - al=SSL3_AD_ILLEGAL_PARAMETER; + al=SSL_AD_RECORD_OVERFLOW; SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_ENCRYPTED_LENGTH_TOO_LONG); goto f_err; } @@ -327,12 +300,16 @@ again: /* decrypt in place in 'rr->input' */ rr->data=rr->input; - if (!ssl3_enc(s,0)) + if (!s->method->ssl3_enc->enc(s,0)) { - al=SSL3_AD_ILLEGAL_PARAMETER; + al=SSL_AD_DECRYPT_ERROR; goto f_err; } - +#ifdef TLS_DEBUG +printf("dec %d\n",rr->length); +{ unsigned int z; for (z=0; zlength; z++) printf("%02X%c",rr->data[z],((z+1)%16)?' ':'\n'); } +printf("\n"); +#endif /* r->length is now the compressed data plus mac */ if ( (sess == NULL) || (s->enc_read_ctx == NULL) || @@ -345,41 +322,41 @@ again: if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+extra+mac_size) { - al=SSL3_AD_ILLEGAL_PARAMETER; + al=SSL_AD_RECORD_OVERFLOW; SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_PRE_MAC_LENGTH_TOO_LONG); goto f_err; } /* check MAC for rr->input' */ if (rr->length < mac_size) { - al=SSL3_AD_ILLEGAL_PARAMETER; + al=SSL_AD_DECODE_ERROR; SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_LENGTH_TOO_SHORT); goto f_err; } rr->length-=mac_size; - i=ssl3_mac(s,md,0); + i=s->method->ssl3_enc->mac(s,md,0); if (memcmp(md,&(rr->data[rr->length]),mac_size) != 0) { - al=SSL3_AD_BAD_RECORD_MAC; + al=SSL_AD_BAD_RECORD_MAC; SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_BAD_MAC_DECODE); - ret=SSL_RWERR_BAD_MAC_DECODE; + ret= -1; goto f_err; } } /* r->length is now just compressed */ - if ((sess != NULL) && (sess->read_compression != NULL)) + if (s->expand != NULL) { if (rr->length > (unsigned int)SSL3_RT_MAX_COMPRESSED_LENGTH+extra) { - al=SSL3_AD_ILLEGAL_PARAMETER; + al=SSL_AD_RECORD_OVERFLOW; SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_COMPRESSED_LENGTH_TOO_LONG); goto f_err; } if (!do_uncompress(s)) { - al=SSL3_AD_DECOMPRESSION_FAILURE; + al=SSL_AD_DECOMPRESSION_FAILURE; SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_BAD_DECOMPRESSION); goto f_err; } @@ -387,7 +364,7 @@ again: if (rr->length > (unsigned int)SSL3_RT_MAX_PLAIN_LENGTH+extra) { - al=SSL3_AD_DECOMPRESSION_FAILURE; + al=SSL_AD_RECORD_OVERFLOW; SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_DATA_LENGTH_TOO_LONG); goto f_err; } @@ -414,27 +391,47 @@ err: return(ret); } -static int do_uncompress(ssl) -SSL *ssl; +static int do_uncompress(SSL *ssl) { + int i; + SSL3_RECORD *rr; + + rr= &(ssl->s3->rrec); + i=COMP_expand_block(ssl->expand,rr->comp, + SSL3_RT_MAX_PLAIN_LENGTH,rr->data,(int)rr->length); + if (i < 0) + return(0); + else + rr->length=i; + rr->data=rr->comp; + return(1); } -static int do_compress(ssl) -SSL *ssl; +static int do_compress(SSL *ssl) { + int i; + SSL3_RECORD *wr; + + wr= &(ssl->s3->wrec); + i=COMP_compress_block(ssl->compress,wr->data, + SSL3_RT_MAX_COMPRESSED_LENGTH, + wr->input,(int)wr->length); + if (i < 0) + return(0); + else + wr->length=i; + + wr->input=wr->data; return(1); } -/* Call this write a data +/* Call this to write data * It will return <= 0 if not all data has been sent or non-blocking IO. */ -int ssl3_write_bytes(s,type,buf,len) -SSL *s; -int type; -char *buf; -int len; +int ssl3_write_bytes(SSL *s, int type, const void *_buf, int len) { + const unsigned char *buf=_buf; unsigned int tot,n,nw; int i; @@ -460,7 +457,7 @@ int len; nw=SSL3_RT_MAX_PLAIN_LENGTH; else nw=n; - + i=do_ssl3_write(s,type,&(buf[tot]),nw); if (i <= 0) { @@ -469,20 +466,22 @@ int len; } if (type == SSL3_RT_HANDSHAKE) - ssl3_finish_mac(s,(unsigned char *)&(buf[tot]),i); + ssl3_finish_mac(s,&(buf[tot]),i); - if (i == (int)n) return(tot+i); + if ((i == (int)n) || + (type == SSL3_RT_APPLICATION_DATA && + (s->mode & SSL_MODE_ENABLE_PARTIAL_WRITE))) + { + return(tot+i); + } n-=i; tot+=i; } } -static int do_ssl3_write(s,type,buf,len) -SSL *s; -int type; -char *buf; -unsigned int len; +static int do_ssl3_write(SSL *s, int type, const unsigned char *buf, + unsigned int len) { unsigned char *p,*plen; int i,mac_size,clear=0; @@ -526,8 +525,8 @@ unsigned int len; *(p++)=type&0xff; wr->type=type; - *(p++)=SSL3_VERSION_MAJOR; - *(p++)=SSL3_VERSION_MINOR; + *(p++)=(s->version>>8); + *(p++)=s->version&0xff; /* record where we are to write out packet length */ plen=p; @@ -542,7 +541,7 @@ unsigned int len; * wr->data */ /* first we compress */ - if ((sess != NULL) && (sess->write_compression != NULL)) + if (s->compress != NULL) { if (!do_compress(s)) { @@ -562,14 +561,14 @@ unsigned int len; if (mac_size != 0) { - ssl3_mac(s,&(p[wr->length]),1); + s->method->ssl3_enc->mac(s,&(p[wr->length]),1); wr->length+=mac_size; wr->input=p; wr->data=p; } /* ssl3_enc can only have an error on read */ - ssl3_enc(s,1); + s->method->ssl3_enc->enc(s,1); /* record length after mac and block padding */ s2n(wr->length,plen); @@ -596,24 +595,24 @@ err: } /* if s->s3->wbuf.left != 0, we need to call this */ -static int ssl3_write_pending(s,type,buf,len) -SSL *s; -int type; -char *buf; -unsigned int len; +static int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, + unsigned int len) { int i; - if ((s->s3->wpend_tot != (int)len) || (s->s3->wpend_buf != buf) +/* XXXX */ + if ((s->s3->wpend_tot > (int)len) + || ((s->s3->wpend_buf != buf) && + !(s->mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER)) || (s->s3->wpend_type != type)) { SSLerr(SSL_F_SSL3_WRITE_PENDING,SSL_R_BAD_WRITE_RETRY); - return(SSL_RWERR_BAD_WRITE_RETRY); + return(-1); } for (;;) { - errno=0; + clear_sys_error(); if (s->wbio != NULL) { s->rwstate=SSL_WRITING; @@ -639,22 +638,18 @@ unsigned int len; } } -int ssl3_read_bytes(s,type,buf,len) -SSL *s; -int type; -char *buf; -int len; +int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len) { int al,i,j,n,ret; SSL3_RECORD *rr; - unsigned char *sender; void (*cb)()=NULL; + BIO *bio; - if (s->s3->rbuf.buf == NULL) /* Not initalised yet */ + if (s->s3->rbuf.buf == NULL) /* Not initialize yet */ if (!ssl3_setup_buffers(s)) return(-1); - if (!s->in_handshake && SSL_in_before(s)) + if (!s->in_handshake && SSL_in_init(s)) { i=s->handshake_func(s); if (i < 0) return(i); @@ -684,7 +679,7 @@ start: if (s->s3->change_cipher_spec && (rr->type != SSL3_RT_HANDSHAKE)) { - al=SSL3_AD_UNEXPECTED_MESSAGE; + al=SSL_AD_UNEXPECTED_MESSAGE; SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_DATA_BETWEEN_CCS_AND_FINISHED); goto err; } @@ -705,21 +700,25 @@ start: if ((rr->data[1] != 0) || (rr->data[2] != 0) || (rr->data[3] != 0)) { - al=SSL3_AD_ILLEGAL_PARAMETER; + al=SSL_AD_DECODE_ERROR; SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_BAD_CLIENT_REQUEST); goto err; } if (SSL_is_init_finished(s) && - !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)) + !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) && + !s->s3->renegotiate) { ssl3_renegotiate(s); - n=s->handshake_func(s); - if (n < 0) return(n); - if (n == 0) + if (ssl3_renegotiate_check(s)) { - SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE); - return(-1); + n=s->handshake_func(s); + if (n < 0) return(n); + if (n == 0) + { + SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE); + return(-1); + } } } rr->length=0; @@ -734,7 +733,7 @@ start: { if ((rr->length != 2) || (rr->off != 0)) { - al=SSL3_AD_ILLEGAL_PARAMETER; + al=SSL_AD_DECODE_ERROR; SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_BAD_ALERT_RECORD); goto f_err; } @@ -759,7 +758,7 @@ start: if (i == 1) { s->s3->warn_alert=n; - if (n == SSL3_AD_CLOSE_NOTIFY) + if (n == SSL_AD_CLOSE_NOTIFY) { s->shutdown|=SSL_RECEIVED_SHUTDOWN; return(0); @@ -767,16 +766,21 @@ start: } else if (i == 2) { + char tmp[16]; + s->rwstate=SSL_NOTHING; s->s3->fatal_alert=n; - SSLerr(SSL_F_SSL3_READ_BYTES,1000+n); + SSLerr(SSL_F_SSL3_READ_BYTES, + SSL_AD_REASON_OFFSET+n); + sprintf(tmp,"%d",n); + ERR_add_error_data(2,"SSL alert number ",tmp); s->shutdown|=SSL_RECEIVED_SHUTDOWN; SSL_CTX_remove_session(s->ctx,s->session); return(0); } else { - al=SSL3_AD_ILLEGAL_PARAMETER; + al=SSL_AD_ILLEGAL_PARAMETER; SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_UNKNOWN_ALERT_TYPE); goto f_err; } @@ -797,43 +801,17 @@ start: if ( (rr->length != 1) || (rr->off != 0) || (rr->data[0] != SSL3_MT_CCS)) { - i=SSL3_AD_ILLEGAL_PARAMETER; + i=SSL_AD_ILLEGAL_PARAMETER; SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_BAD_CHANGE_CIPHER_SPEC); goto err; } rr->length=0; - s->s3->change_cipher_spec=1; - - if (s->state & SSL_ST_ACCEPT) - i=SSL3_CHANGE_CIPHER_SERVER_READ; - else - i=SSL3_CHANGE_CIPHER_CLIENT_READ; - - if (s->s3->tmp.key_block == NULL) - { - s->session->cipher=s->s3->tmp.new_cipher; - if (!ssl3_setup_key_block(s)) - goto err; - } - - if (!ssl3_change_cipher_state(s,i)) + if (!do_change_cipher_spec(s)) goto err; - - /* we have to record the message digest at - * this point so we can get it before we read - * the finished message */ - sender=(s->state & SSL_ST_CONNECT) - ?&(ssl3_server_finished_const[0]) - :&(ssl3_client_finished_const[0]); - - ssl3_final_finish_mac(s,&(s->s3->finish_dgst1), - sender,&(s->s3->tmp.finish_md1[0])); - ssl3_final_finish_mac(s,&(s->s3->finish_dgst2), - sender,&(s->s3->tmp.finish_md2[0])); - - goto start; + else + goto start; } /* else we have a handshake */ @@ -843,7 +821,9 @@ start: if (((s->state&SSL_ST_MASK) == SSL_ST_OK) && !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)) { - s->state=SSL_ST_BEFORE; + s->state=SSL_ST_BEFORE|(s->server) + ?SSL_ST_ACCEPT + :SSL_ST_CONNECT; s->new_session=1; } n=s->handshake_func(s); @@ -853,12 +833,68 @@ start: SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE); return(-1); } - goto start; + + /* In the case where we try to read application data + * the first time, but we trigger an SSL handshake, we + * return -1 with the retry option set. I do this + * otherwise renegotiation can cause nasty problems + * in the non-blocking world */ + + s->rwstate=SSL_READING; + bio=SSL_get_rbio(s); + BIO_clear_retry_flags(bio); + BIO_set_retry_read(bio); + return(-1); } - al=SSL3_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_UNEXPECTED_RECORD); - goto f_err; + switch (rr->type) + { + default: +#ifndef NO_TLS + /* TLS just ignores unknown message types */ + if (s->version == TLS1_VERSION) + { + goto start; + } +#endif + case SSL3_RT_CHANGE_CIPHER_SPEC: + case SSL3_RT_ALERT: + case SSL3_RT_HANDSHAKE: + al=SSL_AD_UNEXPECTED_MESSAGE; + SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_UNEXPECTED_RECORD); + goto f_err; + case SSL3_RT_APPLICATION_DATA: + /* At this point, we were expecting something else, + * but have application data. What we do is set the + * error, and return -1. On the way out, if the + * library was running inside ssl3_read() and it makes + * sense to read application data at this point, we + * will indulge it. This will mostly happen during + * session renegotiation. + */ + if (s->s3->in_read_app_data && + (s->s3->total_renegotiations != 0) && + (( + (s->state & SSL_ST_CONNECT) && + (s->state >= SSL3_ST_CW_CLNT_HELLO_A) && + (s->state <= SSL3_ST_CR_SRVR_HELLO_A) + ) || ( + (s->state & SSL_ST_ACCEPT) && + (s->state <= SSL3_ST_SW_HELLO_REQ_A) && + (s->state >= SSL3_ST_SR_CLNT_HELLO_A) + ) + )) + { + s->s3->in_read_app_data=0; + return(-1); + } + else + { + al=SSL_AD_UNEXPECTED_MESSAGE; + SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_UNEXPECTED_RECORD); + goto f_err; + } + } } /* make sure that we are not getting application data when we @@ -866,7 +902,7 @@ start: if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) && (s->enc_read_ctx == NULL)) { - al=SSL3_AD_UNEXPECTED_MESSAGE; + al=SSL_AD_UNEXPECTED_MESSAGE; SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_APP_DATA_IN_HANDSHAKE); goto f_err; } @@ -882,10 +918,13 @@ start: rr->length-=n; rr->off+=n; if (rr->length <= 0) + { s->rstate=SSL_ST_READ_HEADER; + rr->off=0; + } if (type == SSL3_RT_HANDSHAKE) - ssl3_finish_mac(s,(unsigned char *)buf,n); + ssl3_finish_mac(s,buf,n); return(n); f_err: ssl3_send_alert(s,SSL3_AL_FATAL,al); @@ -893,14 +932,54 @@ err: return(-1); } -int ssl3_do_write(s,type) -SSL *s; -int type; +static int do_change_cipher_spec(SSL *s) + { + int i; + const char *sender; + int slen; + + if (s->state & SSL_ST_ACCEPT) + i=SSL3_CHANGE_CIPHER_SERVER_READ; + else + i=SSL3_CHANGE_CIPHER_CLIENT_READ; + + if (s->s3->tmp.key_block == NULL) + { + s->session->cipher=s->s3->tmp.new_cipher; + if (!s->method->ssl3_enc->setup_key_block(s)) return(0); + } + + if (!s->method->ssl3_enc->change_cipher_state(s,i)) + return(0); + + /* we have to record the message digest at + * this point so we can get it before we read + * the finished message */ + if (s->state & SSL_ST_CONNECT) + { + sender=s->method->ssl3_enc->server_finished_label; + slen=s->method->ssl3_enc->server_finished_label_len; + } + else + { + sender=s->method->ssl3_enc->client_finished_label; + slen=s->method->ssl3_enc->client_finished_label_len; + } + + s->s3->tmp.peer_finish_md_len = s->method->ssl3_enc->final_finish_mac(s, + &(s->s3->finish_dgst1), + &(s->s3->finish_dgst2), + sender,slen,s->s3->tmp.peer_finish_md); + + return(1); + } + +int ssl3_do_write(SSL *s, int type) { int ret; - ret=ssl3_write_bytes(s,type,(char *) - &(s->init_buf->data[s->init_off]),s->init_num); + ret=ssl3_write_bytes(s,type,&s->init_buf->data[s->init_off], + s->init_num); if (ret == s->init_num) return(1); if (ret < 0) return(-1); @@ -909,11 +988,11 @@ int type; return(0); } -void ssl3_send_alert(s,level,desc) -SSL *s; -int level; -int desc; +void ssl3_send_alert(SSL *s, int level, int desc) { + /* Map tls/ssl alert value to correct one */ + desc=s->method->ssl3_enc->alert_value(desc); + if (desc < 0) return; /* If a fatal one, remove from cache */ if ((level == 2) && (s->session != NULL)) SSL_CTX_remove_session(s->ctx,s->session); @@ -927,14 +1006,13 @@ int desc; * some time in the future */ } -int ssl3_dispatch_alert(s) -SSL *s; +int ssl3_dispatch_alert(SSL *s) { int i,j; void (*cb)()=NULL; s->s3->alert_dispatch=0; - i=do_ssl3_write(s,SSL3_RT_ALERT,&(s->s3->send_alert[0]),2); + i=do_ssl3_write(s,SSL3_RT_ALERT,&s->s3->send_alert[0],2); if (i <= 0) { s->s3->alert_dispatch=1; @@ -945,7 +1023,7 @@ SSL *s; * does not get sent due to non-blocking IO, we will * not worry too much. */ if (s->s3->send_alert[0] == SSL3_AL_FATAL) - BIO_flush(s->wbio); + (void)BIO_flush(s->wbio); if (s->info_callback != NULL) cb=s->info_callback;