e_aes_cbc_hmac_sha1.c: handle zero-length payload and engage empty frag
[openssl.git] / ssl / s3_pkt.c
index 94ccfa0e290f56dc306ef798f56a3ae538444a3e..ca5412dc2a4c15dfc7e0baf8f0986b8fd6c2a00c 100644 (file)
@@ -247,7 +247,8 @@ int ssl3_read_n(SSL *s, int n, int max, int extend)
                if (i <= 0)
                        {
                        rb->left = left;
-                       if (s->mode & SSL_MODE_RELEASE_BUFFERS)
+                       if (s->mode & SSL_MODE_RELEASE_BUFFERS &&
+                           SSL_version(s) != DTLS1_VERSION && SSL_version(s) != DTLS1_BAD_VER)
                                if (len+left == 0)
                                        ssl3_release_read_buffer(s);
                        return(i);
@@ -663,10 +664,14 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
        if (    (sess == NULL) ||
                (s->enc_write_ctx == NULL) ||
                (EVP_MD_CTX_md(s->write_hash) == NULL))
+               {
+#if 1
+               clear=s->enc_write_ctx?0:1;     /* must be AEAD cipher */
+#else
                clear=1;
-
-       if (clear)
+#endif
                mac_size=0;
+               }
        else
                {
                mac_size=EVP_MD_CTX_size(s->write_hash);
@@ -743,8 +748,17 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
        /* Explicit IV length, block ciphers and TLS version 1.1 or later */
        if (s->enc_write_ctx && s->version >= TLS1_1_VERSION)
                {
-               eivlen = EVP_CIPHER_CTX_iv_length(s->enc_write_ctx);
-               if (eivlen <= 1)
+               int mode = EVP_CIPHER_CTX_mode(s->enc_write_ctx);
+               if (mode == EVP_CIPH_CBC_MODE)
+                       {
+                       eivlen = EVP_CIPHER_CTX_iv_length(s->enc_write_ctx);
+                       if (eivlen <= 1)
+                               eivlen = 0;
+                       }
+               /* Need explicit part of IV for GCM mode */
+               else if (mode == EVP_CIPH_GCM_MODE)
+                       eivlen = EVP_GCM_TLS_EXPLICIT_IV_LEN;
+               else
                        eivlen = 0;
                }
        else 
@@ -865,7 +879,8 @@ int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
                        {
                        wb->left=0;
                        wb->offset+=i;
-                       if (s->mode & SSL_MODE_RELEASE_BUFFERS)
+                       if (s->mode & SSL_MODE_RELEASE_BUFFERS &&
+                           SSL_version(s) != DTLS1_VERSION && SSL_version(s) != DTLS1_BAD_VER)
                                ssl3_release_write_buffer(s);
                        s->rwstate=SSL_NOTHING;
                        return(s->s3->wpend_ret);
@@ -1059,6 +1074,19 @@ start:
                        dest = s->s3->alert_fragment;
                        dest_len = &s->s3->alert_fragment_len;
                        }
+#ifndef OPENSSL_NO_HEARTBEATS
+               else if (rr->type == TLS1_RT_HEARTBEAT)
+                       {
+                       tls1_process_heartbeat(s);
+
+                       /* Exit and notify application to read again */
+                       rr->length = 0;
+                       s->rwstate=SSL_READING;
+                       BIO_clear_retry_flags(SSL_get_rbio(s));
+                       BIO_set_retry_read(SSL_get_rbio(s));
+                       return(-1);
+                       }
+#endif
 
                if (dest_maxlen > 0)
                        {
@@ -1202,6 +1230,10 @@ start:
                                SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_NO_RENEGOTIATION);
                                goto f_err;
                                }
+#ifdef SSL_AD_MISSING_SRP_USERNAME
+                       else if (alert_descr == SSL_AD_MISSING_SRP_USERNAME)
+                               return(0);
+#endif
                        }
                else if (alert_level == 2) /* fatal */
                        {
@@ -1314,7 +1346,9 @@ start:
                {
        default:
 #ifndef OPENSSL_NO_TLS
-               /* TLS just ignores unknown message types */
+               /* TLS up to v1.1 just ignores unknown message types:
+                * TLS v1.2 give an unexpected message alert.
+                */
                if (s->version >= TLS1_VERSION && s->version <= TLS1_1_VERSION)
                        {
                        rr->length = 0;
@@ -1375,10 +1409,8 @@ err:
 int ssl3_do_change_cipher_spec(SSL *s)
        {
        int i;
-#ifdef OPENSSL_NO_NPN
        const char *sender;
        int slen;
-#endif
 
        if (s->state & SSL_ST_ACCEPT)
                i=SSL3_CHANGE_CIPHER_SERVER_READ;
@@ -1401,7 +1433,6 @@ int ssl3_do_change_cipher_spec(SSL *s)
        if (!s->method->ssl3_enc->change_cipher_state(s,i))
                return(0);
 
-#ifdef OPENSSL_NO_NPN
        /* we have to record the message digest at
         * this point so we can get it before we read
         * the finished message */
@@ -1418,7 +1449,6 @@ int ssl3_do_change_cipher_spec(SSL *s)
 
        s->s3->tmp.peer_finish_md_len = s->method->ssl3_enc->final_finish_mac(s,
                sender,slen,s->s3->tmp.peer_finish_md);
-#endif
 
        return(1);
        }