X-Git-Url: https://git.openssl.org/?a=blobdiff_plain;f=ssl%2Fs3_srvr.c;h=63fc23c540cc3a61ed824c3abb1c0a2f4094f524;hb=0989790b87efcfd40ae6770f11af28a005df28ac;hp=72fd3e40d6653abe7e9a35e73dae9930937bab58;hpb=92d81ba622396425764d676ba4fb3f0dac273f17;p=openssl.git diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 72fd3e40d6..63fc23c540 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -409,25 +409,10 @@ int ssl3_accept(SSL *s) s->state=SSL3_ST_SW_CHANGE_A; #endif else -#ifndef OPENSSL_NO_TLSEXT - s->state = SSL3_ST_SW_SUPPLEMENTAL_DATA_A; -#else - s->state = SSL3_ST_SW_CERT_A; -#endif + s->state = SSL3_ST_SW_CERT_A; s->init_num = 0; break; -#ifndef OPENSSL_NO_TLSEXT - case SSL3_ST_SW_SUPPLEMENTAL_DATA_A: - case SSL3_ST_SW_SUPPLEMENTAL_DATA_B: - ret = tls1_send_server_supplemental_data(s, &skip); - if (ret <= 0) goto end; - - s->state = SSL3_ST_SW_CERT_A; - s->init_num = 0; - break; -#endif - case SSL3_ST_SW_CERT_A: case SSL3_ST_SW_CERT_B: /* Check if it is anon DH or anon ECDH, */ @@ -596,16 +581,7 @@ int ssl3_accept(SSL *s) s->state=s->s3->tmp.next_state; break; -#ifndef OPENSSL_NO_TLSEXT - case SSL3_ST_SR_SUPPLEMENTAL_DATA_A: - case SSL3_ST_SR_SUPPLEMENTAL_DATA_B: - ret=tls1_get_client_supplemental_data(s); - if (ret <= 0) goto end; - s->s3->tmp.next_state=SSL3_ST_SR_CERT_A; - s->state=SSL3_ST_SW_FLUSH; - s->init_num=0; - break; -#endif + case SSL3_ST_SR_CERT_A: case SSL3_ST_SR_CERT_B: /* Check for second client hello (MS SGC) */ @@ -614,10 +590,6 @@ int ssl3_accept(SSL *s) goto end; if (ret == 2) s->state = SSL3_ST_SR_CLNT_HELLO_C; -#ifndef OPENSSL_NO_TLSEXT - else if (ret == 3) - s->state = SSL3_ST_SR_SUPPLEMENTAL_DATA_A; -#endif else { if (s->s3->tmp.cert_request) { @@ -708,6 +680,7 @@ int ssl3_accept(SSL *s) case SSL3_ST_SR_CERT_VRFY_A: case SSL3_ST_SR_CERT_VRFY_B: + s->s3->flags |= SSL3_FLAGS_CCS_OK; /* we should decide if we expected this one */ ret=ssl3_get_cert_verify(s); if (ret <= 0) goto end; @@ -735,6 +708,7 @@ int ssl3_accept(SSL *s) case SSL3_ST_SR_FINISHED_A: case SSL3_ST_SR_FINISHED_B: + s->s3->flags |= SSL3_FLAGS_CCS_OK; ret=ssl3_get_finished(s,SSL3_ST_SR_FINISHED_A, SSL3_ST_SR_FINISHED_B); if (ret <= 0) goto end; @@ -805,7 +779,10 @@ int ssl3_accept(SSL *s) s->s3->tmp.next_state=SSL3_ST_SR_FINISHED_A; #else if (s->s3->next_proto_neg_seen) + { + s->s3->flags |= SSL3_FLAGS_CCS_OK; s->s3->tmp.next_state=SSL3_ST_SR_NEXT_PROTO_A; + } else s->s3->tmp.next_state=SSL3_ST_SR_FINISHED_A; #endif @@ -908,10 +885,6 @@ int ssl3_check_client_hello(SSL *s) &ok); if (!ok) return((int)n); s->s3->tmp.reuse_message = 1; -#ifndef OPENSSL_NO_TLSEXT - if (s->s3->tmp.message_type == SSL3_MT_SUPPLEMENTAL_DATA) - return 3; -#endif if (s->s3->tmp.message_type == SSL3_MT_CLIENT_HELLO) { /* We only allow the client to restart the handshake once per @@ -1484,7 +1457,7 @@ int ssl3_get_client_hello(SSL *s) * ssl version is set - sslv3 * s->session - The ssl session has been setup. * s->hit - session reuse flag - * s->tmp.new_cipher - the new cipher to use. + * s->s3->tmp.new_cipher- the new cipher to use. */ /* Handles TLS extensions that we couldn't check earlier */ @@ -2956,6 +2929,13 @@ int ssl3_get_client_key_exchange(SSL *s) SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,ERR_R_BN_LIB); goto err; } + if (BN_ucmp(s->srp_ctx.A, s->srp_ctx.N) >= 0 + || BN_is_zero(s->srp_ctx.A)) + { + al=SSL_AD_ILLEGAL_PARAMETER; + SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_SRP_PARAMETERS); + goto f_err; + } if (s->session->srp_username != NULL) OPENSSL_free(s->session->srp_username); s->session->srp_username = BUF_strdup(s->srp_ctx.login); @@ -3079,7 +3059,7 @@ int ssl3_get_cert_verify(SSL *s) SSL3_ST_SR_CERT_VRFY_A, SSL3_ST_SR_CERT_VRFY_B, -1, - 516, /* Enough for 4096 bit RSA key with TLS v1.2 */ + SSL3_RT_MAX_PLAIN_LENGTH, &ok); if (!ok) return((int)n); @@ -3750,156 +3730,4 @@ int ssl3_get_next_proto(SSL *s) } # endif -int tls1_send_server_supplemental_data(SSL *s, int *skip) - { - int al = 0; - if (s->ctx->srv_supp_data_records_count) - { - unsigned char *p = NULL; - unsigned char *size_loc = NULL; - srv_supp_data_record *record = NULL; - size_t length = 0; - size_t i = 0; - - for (i = 0; i < s->ctx->srv_supp_data_records_count; i++) - { - const unsigned char *out = NULL; - unsigned short outlen = 0; - int cb_retval = 0; - record = &s->ctx->srv_supp_data_records[i]; - - /* NULL callback or -1 omits supp data entry */ - if (!record->fn1) - continue; - cb_retval = record->fn1(s, record->supp_data_type, - &out, &outlen, &al, record->arg); - if (cb_retval == -1) - continue; /* skip this supp data entry */ - if (cb_retval == 0) - { - SSLerr(SSL_F_TLS1_SEND_SERVER_SUPPLEMENTAL_DATA,ERR_R_BUF_LIB); - goto f_err; - } - if (outlen == 0 || TLSEXT_MAXLEN_supplemental_data < outlen + 4 + length) - { - SSLerr(SSL_F_TLS1_SEND_SERVER_SUPPLEMENTAL_DATA,ERR_R_BUF_LIB); - return 0; - } - /* write supp data entry... - * if first entry, write handshake message type - * jump back to write length at end */ - if (length == 0) - { - /* 1 byte message type + 3 bytes for - * message length */ - if (!BUF_MEM_grow_clean(s->init_buf, 4)) - { - SSLerr(SSL_F_TLS1_SEND_SERVER_SUPPLEMENTAL_DATA,ERR_R_BUF_LIB); - return 0; - } - p = (unsigned char *)s->init_buf->data; - *(p++) = SSL3_MT_SUPPLEMENTAL_DATA; - /* hold on to length field to update later */ - size_loc = p; - /* skip over handshake length field (3 - * bytes) and supp_data length field - * (3 bytes) */ - p += 3 + 3; - length += 1 +3 +3; - } - /* 2 byte supp data type + 2 byte length + outlen */ - if (!BUF_MEM_grow(s->init_buf, outlen + 4)) - { - SSLerr(SSL_F_TLS1_SEND_SERVER_SUPPLEMENTAL_DATA,ERR_R_BUF_LIB); - return 0; - } - s2n(record->supp_data_type, p); - s2n(outlen, p); - memcpy(p, out, outlen); - /* update length to supp data type (2 bytes) + - * supp data length (2 bytes) + supp data */ - length += (outlen + 4); - p += outlen; - } - if (length > 0) - { - /* write handshake length */ - l2n3(length - 4, size_loc); - /* supp_data length */ - l2n3(length - 7, size_loc); - s->state = SSL3_ST_SW_SUPPLEMENTAL_DATA_B; - s->init_num = length; - s->init_off = 0; - - return ssl3_do_write(s, SSL3_RT_HANDSHAKE); - } - } - - /* no supp data message sent */ - *skip = 1; - s->init_num = 0; - s->init_off = 0; - return 1; -f_err: - ssl3_send_alert(s,SSL3_AL_FATAL,al); - return 0; - } - -int tls1_get_client_supplemental_data(SSL *s) - { - int al = 0; - int cb_retval = 0; - int ok; - long n; - const unsigned char *p, *d; - unsigned short supp_data_entry_type = 0; - unsigned short supp_data_entry_len = 0; - unsigned long supp_data_len = 0; - size_t i = 0; - - n=s->method->ssl_get_message(s, - SSL3_ST_SR_SUPPLEMENTAL_DATA_A, - SSL3_ST_SR_SUPPLEMENTAL_DATA_B, - SSL3_MT_SUPPLEMENTAL_DATA, - /* use default limit */ - TLSEXT_MAXLEN_supplemental_data, - &ok); - - if (!ok) return((int)n); - - p = (unsigned char *)s->init_msg; - d = p; - - /* The message cannot be empty */ - if (n < 3) - { - al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_TLS1_GET_CLIENT_SUPPLEMENTAL_DATA,SSL_R_LENGTH_MISMATCH); - goto f_err; - } - n2l3(p, supp_data_len); - while (pctx->srv_supp_data_records_count; i++) - { - if (s->ctx->srv_supp_data_records[i].supp_data_type == supp_data_entry_type && s->ctx->srv_supp_data_records[i].fn2) - { - cb_retval = s->ctx->srv_supp_data_records[i].fn2(s, supp_data_entry_type, p, supp_data_entry_len, &al, s->ctx->srv_supp_data_records[i].arg); - if (cb_retval == 0) - { - SSLerr(SSL_F_TLS1_GET_CLIENT_SUPPLEMENTAL_DATA, ERR_R_SSL_LIB); - goto f_err; - } - } - } - p+=supp_data_entry_len; - } - return 1; -f_err: - ssl3_send_alert(s,SSL3_AL_FATAL,al); - return -1; - } #endif