X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=ssl%2Fs3_lib.c;h=52f9214c3d8ef2193a6835cdf018fb00e8c40087;hp=9f7c6cc7826d3f6aedc85d8047b772ae294b4ec6;hb=7ee8627f6eb7cf63b34d2701d76bb66f6db811e5;hpb=2c7b4dbc1af9cfae4e4afd7c4a07db95a1133a6a diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 9f7c6cc782..52f9214c3d 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -834,6 +834,21 @@ static SSL_CIPHER ssl3_ciphers[] = { 256, 256, }, + { + 1, + TLS1_3_TXT_AES_128_GCM_SHA256, + TLS1_3_CK_AES_128_GCM_SHA256, + SSL_kRSA, + SSL_aRSA, + SSL_AES128GCM, + SSL_AEAD, + TLS1_3_VERSION, TLS1_3_VERSION, + 0, 0, + SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 128, + 128, + }, #ifndef OPENSSL_NO_EC { @@ -2751,7 +2766,6 @@ const SSL3_ENC_METHOD SSLv3_enc_data = { 0, SSL3_HM_HEADER_LENGTH, ssl3_set_handshake_header, - ssl3_set_handshake_header2, tls_close_construct_packet, ssl3_handshake_write }; @@ -2778,28 +2792,15 @@ const SSL_CIPHER *ssl3_get_cipher(unsigned int u) return (NULL); } -int ssl3_set_handshake_header(SSL *s, int htype, unsigned long len) +int ssl3_set_handshake_header(SSL *s, WPACKET *pkt, int htype) { - unsigned char *p = (unsigned char *)s->init_buf->data; - *(p++) = htype; - l2n3(len, p); - s->init_num = (int)len + SSL3_HM_HEADER_LENGTH; - s->init_off = 0; - - return 1; -} + /* No header in the event of a CCS */ + if (htype == SSL3_MT_CHANGE_CIPHER_SPEC) + return 1; -/* - * Temporary name. To be renamed ssl3_set_handshake_header() once all PACKETW - * conversion is complete. The old ssl3_set_handshake_heder() can be deleted - * at that point. - * TODO - RENAME ME - */ -int ssl3_set_handshake_header2(SSL *s, PACKETW *pkt, PACKETW *body, int htype) -{ /* Set the content type and 3 bytes for the message len */ - if (!PACKETW_put_bytes(pkt, htype, 1) - || !PACKETW_get_sub_packet_len(pkt, body, 3)) + if (!WPACKET_put_bytes_u8(pkt, htype) + || !WPACKET_start_sub_packet_u24(pkt)) return 0; return 1; @@ -3571,34 +3572,14 @@ const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p) return cp; } -/* - * Old version of the ssl3_put_cipher_by_char function used by code that has not - * yet been converted to PACKETW yet. It will be deleted once PACKETW conversion - * is complete. - * TODO - DELETE ME - */ -int ssl3_put_cipher_by_char_old(const SSL_CIPHER *c, unsigned char *p) -{ - long l; - - if (p != NULL) { - l = c->id; - if ((l & 0xff000000) != 0x03000000) - return (0); - p[0] = ((unsigned char)(l >> 8L)) & 0xFF; - p[1] = ((unsigned char)(l)) & 0xFF; - } - return (2); -} - -int ssl3_put_cipher_by_char(const SSL_CIPHER *c, PACKETW *pkt, size_t *len) +int ssl3_put_cipher_by_char(const SSL_CIPHER *c, WPACKET *pkt, size_t *len) { if ((c->id & 0xff000000) != 0x03000000) { *len = 0; return 1; } - if (!PACKETW_put_bytes(pkt, c->id & 0xffff, 2)) + if (!WPACKET_put_bytes_u16(pkt, c->id & 0xffff)) return 0; *len = 2; @@ -3728,15 +3709,13 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, return (ret); } -int ssl3_get_req_cert_type(SSL *s, unsigned char *p) +int ssl3_get_req_cert_type(SSL *s, WPACKET *pkt) { - int ret = 0; uint32_t alg_k, alg_a = 0; /* If we have custom certificate types set, use them */ if (s->cert->ctypes) { - memcpy(p, s->cert->ctypes, s->cert->ctype_num); - return (int)s->cert->ctype_num; + return WPACKET_memcpy(pkt, s->cert->ctypes, s->cert->ctype_num); } /* Get mask of algorithms disabled by signature list */ ssl_set_sig_mask(&alg_a, s, SSL_SECOP_SIGALG_MASK); @@ -3744,45 +3723,43 @@ int ssl3_get_req_cert_type(SSL *s, unsigned char *p) alg_k = s->s3->tmp.new_cipher->algorithm_mkey; #ifndef OPENSSL_NO_GOST - if (s->version >= TLS1_VERSION) { - if (alg_k & SSL_kGOST) { - p[ret++] = TLS_CT_GOST01_SIGN; - p[ret++] = TLS_CT_GOST12_SIGN; - p[ret++] = TLS_CT_GOST12_512_SIGN; - return (ret); - } - } + if (s->version >= TLS1_VERSION && (alg_k & SSL_kGOST)) + return WPACKET_put_bytes_u8(pkt, TLS_CT_GOST01_SIGN) + && WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_SIGN) + && WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_512_SIGN); #endif if ((s->version == SSL3_VERSION) && (alg_k & SSL_kDHE)) { #ifndef OPENSSL_NO_DH # ifndef OPENSSL_NO_RSA - p[ret++] = SSL3_CT_RSA_EPHEMERAL_DH; + if (!WPACKET_put_bytes_u8(pkt, SSL3_CT_RSA_EPHEMERAL_DH)) + return 0; # endif # ifndef OPENSSL_NO_DSA - p[ret++] = SSL3_CT_DSS_EPHEMERAL_DH; + if (!WPACKET_put_bytes_u8(pkt, SSL3_CT_DSS_EPHEMERAL_DH)) + return 0; # endif #endif /* !OPENSSL_NO_DH */ } #ifndef OPENSSL_NO_RSA - if (!(alg_a & SSL_aRSA)) - p[ret++] = SSL3_CT_RSA_SIGN; + if (!(alg_a & SSL_aRSA) && !WPACKET_put_bytes_u8(pkt, SSL3_CT_RSA_SIGN)) + return 0; #endif #ifndef OPENSSL_NO_DSA - if (!(alg_a & SSL_aDSS)) - p[ret++] = SSL3_CT_DSS_SIGN; + if (!(alg_a & SSL_aDSS) && !WPACKET_put_bytes_u8(pkt, SSL3_CT_DSS_SIGN)) + return 0; #endif #ifndef OPENSSL_NO_EC /* * ECDSA certs can be used with RSA cipher suites too so we don't * need to check for SSL_kECDH or SSL_kECDHE */ - if (s->version >= TLS1_VERSION) { - if (!(alg_a & SSL_aECDSA)) - p[ret++] = TLS_CT_ECDSA_SIGN; - } + if (s->version >= TLS1_VERSION + && !(alg_a & SSL_aECDSA) + && !WPACKET_put_bytes_u8(pkt, TLS_CT_ECDSA_SIGN)) + return 0; #endif - return (ret); + return 1; } static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len) @@ -3835,12 +3812,13 @@ int ssl3_shutdown(SSL *s) return (ret); } } else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) { + size_t read; /* * If we are waiting for a close from our peer, we are closed */ - s->method->ssl_read_bytes(s, 0, NULL, NULL, 0, 0); + s->method->ssl_read_bytes(s, 0, NULL, NULL, 0, 0, &read); if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) { - return (-1); /* return WANT_READ */ + return -1; /* return WANT_READ */ } } @@ -3851,16 +3829,18 @@ int ssl3_shutdown(SSL *s) return (0); } -int ssl3_write(SSL *s, const void *buf, int len) +int ssl3_write(SSL *s, const void *buf, size_t len, size_t *written) { clear_sys_error(); if (s->s3->renegotiate) ssl3_renegotiate_check(s); - return s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len); + return s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len, + written); } -static int ssl3_read_internal(SSL *s, void *buf, int len, int peek) +static int ssl3_read_internal(SSL *s, void *buf, size_t len, int peek, + size_t *read) { int ret; @@ -3870,7 +3850,7 @@ static int ssl3_read_internal(SSL *s, void *buf, int len, int peek) s->s3->in_read_app_data = 1; ret = s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf, len, - peek); + peek, read); if ((ret == -1) && (s->s3->in_read_app_data == 2)) { /* * ssl3_read_bytes decided to call s->handshake_func, which called @@ -3882,22 +3862,22 @@ static int ssl3_read_internal(SSL *s, void *buf, int len, int peek) ossl_statem_set_in_handshake(s, 1); ret = s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf, - len, peek); + len, peek, read); ossl_statem_set_in_handshake(s, 0); } else s->s3->in_read_app_data = 0; - return (ret); + return ret; } -int ssl3_read(SSL *s, void *buf, int len) +int ssl3_read(SSL *s, void *buf, size_t len, size_t *read) { - return ssl3_read_internal(s, buf, len, 0); + return ssl3_read_internal(s, buf, len, 0, read); } -int ssl3_peek(SSL *s, void *buf, int len) +int ssl3_peek(SSL *s, void *buf, size_t len, size_t *read) { - return ssl3_read_internal(s, buf, len, 1); + return ssl3_read_internal(s, buf, len, 1, read); } int ssl3_renegotiate(SSL *s)