X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=ssl%2Fs3_pkt.c;h=a1a701458527fd5b3da13fc357875580df7342e4;hp=3be69ef13889c3834bb9a0fcbac291b975c064ba;hb=7865b871c0307ad2d71a8f3dc066b7cfd0d99c4a;hpb=d02b48c63a58ea4367a0e905979f140b7d090f86 diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c index 3be69ef138..a1a7014585 100644 --- a/ssl/s3_pkt.c +++ b/ssl/s3_pkt.c @@ -1,5 +1,5 @@ /* ssl/s3_pkt.c */ -/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written @@ -55,148 +55,166 @@ * copied and put under another distribution licence * [including the GNU Public Licence.] */ +/* ==================================================================== + * Copyright (c) 1998-1999 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ #include #include #define USE_SOCKETS -#include "evp.h" -#include "buffer.h" +#include +#include #include "ssl_locl.h" -/* SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_PEER_ERROR_NO_CIPHER); - * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_PEER_ERROR_NO_CERTIFICATE); - * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_PEER_ERROR_CERTIFICATE); - * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE); - * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_UNKNOWN_REMOTE_ERROR_TYPE); - * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE); - * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_BAD_RECORD_MAC); - * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE); - * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE); - * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_NO_CERTIFICATE); - * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_BAD_CERTIFICATE); - * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE); - * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED); - * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED); - * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN); - * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER); - */ - -#ifndef NOPROTO -static int do_ssl3_write(SSL *s, int type, char *buf, unsigned int len); -static int ssl3_write_pending(SSL *s, int type, char *buf, unsigned int len); +static int do_ssl3_write(SSL *s, int type, const unsigned char *buf, + unsigned int len); +static int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, + unsigned int len); static int ssl3_get_record(SSL *s); static int do_compress(SSL *ssl); static int do_uncompress(SSL *ssl); -#else -static int do_ssl3_write(); -static int ssl3_write_pending(); -static int ssl3_get_record(); -static int do_compress(); -static int do_uncompress(); -#endif +static int do_change_cipher_spec(SSL *ssl); -static int ssl3_read_n(s,n,max,extend) -SSL *s; -int n; -int max; -int extend; +static int ssl3_read_n(SSL *s, int n, int max, int extend) { + /* If extend == 0, obtain new n-byte packet; if extend == 1, increase + * packet by another n bytes. + * The packet will be in the sub-array of s->s3->rbuf.buf specified + * by s->packet and s->packet_length. + * (If s->read_ahead is set, 'max' bytes may be stored in rbuf + * [plus s->packet_length bytes if extend == 1].) + */ int i,off,newb; - /* if there is stuff still in the buffer from a previous read, - * and there is more than we want, take some. */ + if (!extend) + { + /* start with empty packet ... */ + if (s->s3->rbuf.left == 0) + s->s3->rbuf.offset = 0; + s->packet = s->s3->rbuf.buf + s->s3->rbuf.offset; + s->packet_length = 0; + /* ... now we can act as if 'extend' was set */ + } + + /* if there is enough in the buffer from a previous read, take some */ if (s->s3->rbuf.left >= (int)n) { - if (extend) - s->packet_length+=n; - else - { - s->packet= &(s->s3->rbuf.buf[s->s3->rbuf.offset]); - s->packet_length=n; - } + s->packet_length+=n; s->s3->rbuf.left-=n; s->s3->rbuf.offset+=n; return(n); } /* else we need to read more data */ - if (!s->read_ahead) max=n; - if (max > SSL3_RT_MAX_PACKET_SIZE) - max=SSL3_RT_MAX_PACKET_SIZE; + if (!s->read_ahead) + max=n; - /* First check if there is some left or we want to extend */ - off=0; - if ( (s->s3->rbuf.left != 0) || - ((s->packet_length != 0) && extend)) + { + /* avoid buffer overflow */ + int max_max = SSL3_RT_MAX_PACKET_SIZE - s->packet_length; + if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER) + max_max += SSL3_RT_MAX_EXTRA; + if (max > max_max) + max = max_max; + } + if (n > max) /* does not happen */ { - newb=s->s3->rbuf.left; - if (extend) - { - /* Copy bytes back to the front of the buffer - * Take the bytes already pointed to by 'packet' - * and take the extra ones on the end. */ - off=s->packet_length; - if (s->packet != s->s3->rbuf.buf) - memcpy(s->s3->rbuf.buf,s->packet,newb+off); - } - else if (s->s3->rbuf.offset != 0) - { /* so the data is not at the start of the buffer */ - memcpy(s->s3->rbuf.buf, - &(s->s3->rbuf.buf[s->s3->rbuf.offset]),newb); - s->s3->rbuf.offset=0; - } - - s->s3->rbuf.left=0; + SSLerr(SSL_F_SSL3_READ_N,SSL_R_INTERNAL_ERROR); + return -1; } - else - newb=0; - - /* So we now have 'newb' bytes at the front of - * s->s3->rbuf.buf and need to read some more in on the end - * We start reading into the buffer at 's->s3->rbuf.offset' - */ - s->packet=s->s3->rbuf.buf; + off = s->packet_length; + newb = s->s3->rbuf.left; + /* Move any available bytes to front of buffer: + * 'off' bytes already pointed to by 'packet', + * 'newb' extra ones at the end */ + if (s->packet != s->s3->rbuf.buf) + { + /* off > 0 */ + memmove(s->s3->rbuf.buf, s->packet, off+newb); + s->packet = s->s3->rbuf.buf; + } + while (newb < n) { - errno=0; + /* Now we have off+newb bytes at the front of s->s3->rbuf.buf and need + * to read in more until we have off+n (up to off+max if possible) */ + + clear_sys_error(); if (s->rbio != NULL) { s->rwstate=SSL_READING; - i=BIO_read(s->rbio, - (char *)&(s->s3->rbuf.buf[off+newb]), - max-newb); + i=BIO_read(s->rbio, &(s->s3->rbuf.buf[off+newb]), max-newb); } else { SSLerr(SSL_F_SSL3_READ_N,SSL_R_READ_BIO_NOT_SET); - i= -1; + i = -1; } if (i <= 0) { - s->s3->rbuf.left+=newb; + s->s3->rbuf.left = newb; return(i); } newb+=i; } - /* record used data read */ - if (newb > n) - { - s->s3->rbuf.offset=n+off; - s->s3->rbuf.left=newb-n; - } - else - { - s->s3->rbuf.offset=0; - s->s3->rbuf.left=0; - } - - if (extend) - s->packet_length+=n; - else - s->packet_length+=n; + /* done reading, now the book-keeping */ + s->s3->rbuf.offset = off + n; + s->s3->rbuf.left = newb - n; + s->packet_length += n; + s->rwstate=SSL_NOTHING; return(n); } @@ -204,12 +222,11 @@ int extend; * It will return <= 0 if more data is needed, normally due to an error * or non-blocking IO. * When it finishes, one packet has been decoded and can be found in - * ssl->s3->rrec.type - is the type of record - * ssl->s3->rrec.data, - data + * ssl->s3->rrec.type - is the type of record + * ssl->s3->rrec.data, - data * ssl->s3->rrec.length, - number of bytes */ -static int ssl3_get_record(s) -SSL *s; +static int ssl3_get_record(SSL *s) { int ssl_major,ssl_minor,al; int n,i,ret= -1; @@ -226,7 +243,7 @@ SSL *s; rb= &(s->s3->rbuf); sess=s->session; - if (s->ctx->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER) + if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER) extra=SSL3_RT_MAX_EXTRA; else extra=0; @@ -257,50 +274,51 @@ again: } else { - if ( (ssl_major != SSL3_VERSION_MAJOR) || - (ssl_minor != SSL3_VERSION_MINOR)) - { - al=SSL3_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER); - goto f_err; - } + if (version != s->version) + { + SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER); + /* Send back error using their + * version number :-) */ + s->version=version; + al=SSL_AD_PROTOCOL_VERSION; + goto f_err; + } } - if (s->version != SSL3_VERSION_MAJOR) + if ((version>>8) != SSL3_VERSION_MAJOR) { - SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_INTERNAL_ERROR); + SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER); goto err; } if (rr->length > (unsigned int)SSL3_RT_MAX_ENCRYPTED_LENGTH+extra) { - al=SSL3_AD_ILLEGAL_PARAMETER; + al=SSL_AD_RECORD_OVERFLOW; SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_PACKET_LENGTH_TOO_LONG); goto f_err; } - s->rstate=SSL_ST_READ_BODY; + /* now s->rstate == SSL_ST_READ_BODY */ } - /* get and decode the data */ - if (s->rstate == SSL_ST_READ_BODY) + /* s->rstate == SSL_ST_READ_BODY, get and decode the data */ + + if (rr->length > (s->packet_length-SSL3_RT_HEADER_LENGTH)) { - if (rr->length > (s->packet_length-SSL3_RT_HEADER_LENGTH)) - { - i=rr->length; - /*-(s->packet_length-SSL3_RT_HEADER_LENGTH); */ - n=ssl3_read_n(s,i,i,1); - if (n <= 0) return(n); /* error or non-blocking io */ - } - s->rstate=SSL_ST_READ_HEADER; + /* now s->packet_length == SSL3_RT_HEADER_LENGTH */ + i=rr->length; + n=ssl3_read_n(s,i,i,1); + if (n <= 0) return(n); /* error or non-blocking io */ + /* now n == rr->length, + * and s->packet_length == SSL3_RT_HEADER_LENGTH + rr->length */ } - /* At this point, we have the data in s->packet and there should be - * s->packet_length bytes, we must not 'overrun' this buffer :-) - * One of the following functions will copy the data from the - * s->packet buffer */ + s->rstate=SSL_ST_READ_HEADER; /* set state for later operations */ + /* At this point, s->packet_length == SSL3_RT_HEADER_LNGTH + rr->length, + * and we have that many bytes in s->packet + */ rr->input= &(s->packet[SSL3_RT_HEADER_LENGTH]); /* ok, we can now read from 's->packet' data into 'rr' @@ -310,16 +328,13 @@ again: * When the data is 'copied' into the rr->data buffer, * rr->input will be pointed at the new buffer */ - /* Set the state for the following operations */ - s->rstate=SSL_ST_READ_HEADER; - /* We now have - encrypted [ MAC [ compressed [ plain ] ] ] * rr->length bytes of encrypted compressed stuff. */ /* check is not needed I belive */ if (rr->length > (unsigned int)SSL3_RT_MAX_ENCRYPTED_LENGTH+extra) { - al=SSL3_AD_ILLEGAL_PARAMETER; + al=SSL_AD_RECORD_OVERFLOW; SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_ENCRYPTED_LENGTH_TOO_LONG); goto f_err; } @@ -327,12 +342,16 @@ again: /* decrypt in place in 'rr->input' */ rr->data=rr->input; - if (!ssl3_enc(s,0)) + if (!s->method->ssl3_enc->enc(s,0)) { - al=SSL3_AD_ILLEGAL_PARAMETER; + al=SSL_AD_DECRYPT_ERROR; goto f_err; } - +#ifdef TLS_DEBUG +printf("dec %d\n",rr->length); +{ unsigned int z; for (z=0; zlength; z++) printf("%02X%c",rr->data[z],((z+1)%16)?' ':'\n'); } +printf("\n"); +#endif /* r->length is now the compressed data plus mac */ if ( (sess == NULL) || (s->enc_read_ctx == NULL) || @@ -345,41 +364,41 @@ again: if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+extra+mac_size) { - al=SSL3_AD_ILLEGAL_PARAMETER; + al=SSL_AD_RECORD_OVERFLOW; SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_PRE_MAC_LENGTH_TOO_LONG); goto f_err; } - /* check MAC for rr->input' */ + /* check the MAC for rr->input (it's in mac_size bytes at the tail) */ if (rr->length < mac_size) { - al=SSL3_AD_ILLEGAL_PARAMETER; + al=SSL_AD_DECODE_ERROR; SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_LENGTH_TOO_SHORT); goto f_err; } rr->length-=mac_size; - i=ssl3_mac(s,md,0); + i=s->method->ssl3_enc->mac(s,md,0); if (memcmp(md,&(rr->data[rr->length]),mac_size) != 0) { - al=SSL3_AD_BAD_RECORD_MAC; + al=SSL_AD_BAD_RECORD_MAC; SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_BAD_MAC_DECODE); - ret=SSL_RWERR_BAD_MAC_DECODE; + ret= -1; goto f_err; } } /* r->length is now just compressed */ - if ((sess != NULL) && (sess->read_compression != NULL)) + if (s->expand != NULL) { if (rr->length > (unsigned int)SSL3_RT_MAX_COMPRESSED_LENGTH+extra) { - al=SSL3_AD_ILLEGAL_PARAMETER; + al=SSL_AD_RECORD_OVERFLOW; SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_COMPRESSED_LENGTH_TOO_LONG); goto f_err; } if (!do_uncompress(s)) { - al=SSL3_AD_DECOMPRESSION_FAILURE; + al=SSL_AD_DECOMPRESSION_FAILURE; SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_BAD_DECOMPRESSION); goto f_err; } @@ -387,7 +406,7 @@ again: if (rr->length > (unsigned int)SSL3_RT_MAX_PLAIN_LENGTH+extra) { - al=SSL3_AD_DECOMPRESSION_FAILURE; + al=SSL_AD_RECORD_OVERFLOW; SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_DATA_LENGTH_TOO_LONG); goto f_err; } @@ -414,27 +433,47 @@ err: return(ret); } -static int do_uncompress(ssl) -SSL *ssl; +static int do_uncompress(SSL *ssl) { + int i; + SSL3_RECORD *rr; + + rr= &(ssl->s3->rrec); + i=COMP_expand_block(ssl->expand,rr->comp, + SSL3_RT_MAX_PLAIN_LENGTH,rr->data,(int)rr->length); + if (i < 0) + return(0); + else + rr->length=i; + rr->data=rr->comp; + return(1); } -static int do_compress(ssl) -SSL *ssl; +static int do_compress(SSL *ssl) { + int i; + SSL3_RECORD *wr; + + wr= &(ssl->s3->wrec); + i=COMP_compress_block(ssl->compress,wr->data, + SSL3_RT_MAX_COMPRESSED_LENGTH, + wr->input,(int)wr->length); + if (i < 0) + return(0); + else + wr->length=i; + + wr->input=wr->data; return(1); } -/* Call this write a data +/* Call this to write data in records of type 'type' * It will return <= 0 if not all data has been sent or non-blocking IO. */ -int ssl3_write_bytes(s,type,buf,len) -SSL *s; -int type; -char *buf; -int len; +int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) { + const unsigned char *buf=buf_; unsigned int tot,n,nw; int i; @@ -460,7 +499,7 @@ int len; nw=SSL3_RT_MAX_PLAIN_LENGTH; else nw=n; - + i=do_ssl3_write(s,type,&(buf[tot]),nw); if (i <= 0) { @@ -469,20 +508,22 @@ int len; } if (type == SSL3_RT_HANDSHAKE) - ssl3_finish_mac(s,(unsigned char *)&(buf[tot]),i); + ssl3_finish_mac(s,&(buf[tot]),i); - if (i == (int)n) return(tot+i); + if ((i == (int)n) || + (type == SSL3_RT_APPLICATION_DATA && + (s->mode & SSL_MODE_ENABLE_PARTIAL_WRITE))) + { + return(tot+i); + } n-=i; tot+=i; } } -static int do_ssl3_write(s,type,buf,len) -SSL *s; -int type; -char *buf; -unsigned int len; +static int do_ssl3_write(SSL *s, int type, const unsigned char *buf, + unsigned int len) { unsigned char *p,*plen; int i,mac_size,clear=0; @@ -504,7 +545,7 @@ unsigned int len; /* if it went, fall through and send more stuff */ } - if (len <= 0) return(len); + if (len == 0) return(len); wr= &(s->s3->wrec); wb= &(s->s3->wbuf); @@ -526,8 +567,8 @@ unsigned int len; *(p++)=type&0xff; wr->type=type; - *(p++)=SSL3_VERSION_MAJOR; - *(p++)=SSL3_VERSION_MINOR; + *(p++)=(s->version>>8); + *(p++)=s->version&0xff; /* record where we are to write out packet length */ plen=p; @@ -542,7 +583,7 @@ unsigned int len; * wr->data */ /* first we compress */ - if ((sess != NULL) && (sess->write_compression != NULL)) + if (s->compress != NULL) { if (!do_compress(s)) { @@ -562,14 +603,14 @@ unsigned int len; if (mac_size != 0) { - ssl3_mac(s,&(p[wr->length]),1); + s->method->ssl3_enc->mac(s,&(p[wr->length]),1); wr->length+=mac_size; wr->input=p; wr->data=p; } /* ssl3_enc can only have an error on read */ - ssl3_enc(s,1); + s->method->ssl3_enc->enc(s,1); /* record length after mac and block padding */ s2n(wr->length,plen); @@ -596,24 +637,24 @@ err: } /* if s->s3->wbuf.left != 0, we need to call this */ -static int ssl3_write_pending(s,type,buf,len) -SSL *s; -int type; -char *buf; -unsigned int len; +static int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, + unsigned int len) { int i; - if ((s->s3->wpend_tot != (int)len) || (s->s3->wpend_buf != buf) +/* XXXX */ + if ((s->s3->wpend_tot > (int)len) + || ((s->s3->wpend_buf != buf) && + !(s->mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER)) || (s->s3->wpend_type != type)) { SSLerr(SSL_F_SSL3_WRITE_PENDING,SSL_R_BAD_WRITE_RETRY); - return(SSL_RWERR_BAD_WRITE_RETRY); + return(-1); } for (;;) { - errno=0; + clear_sys_error(); if (s->wbio != NULL) { s->rwstate=SSL_WRITING; @@ -639,22 +680,18 @@ unsigned int len; } } -int ssl3_read_bytes(s,type,buf,len) -SSL *s; -int type; -char *buf; -int len; +int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len) { int al,i,j,n,ret; SSL3_RECORD *rr; - unsigned char *sender; void (*cb)()=NULL; + BIO *bio; - if (s->s3->rbuf.buf == NULL) /* Not initalised yet */ + if (s->s3->rbuf.buf == NULL) /* Not initialized yet */ if (!ssl3_setup_buffers(s)) return(-1); - if (!s->in_handshake && SSL_in_before(s)) + if (!s->in_handshake && SSL_in_init(s)) { i=s->handshake_func(s); if (i < 0) return(i); @@ -667,10 +704,10 @@ int len; start: s->rwstate=SSL_NOTHING; - /* s->s3->rrec.type - is the type of record - * s->s3->rrec.data, - data - * s->s3->rrec.off, - ofset into 'data' for next read - * s->s3->rrec.length, - number of bytes. */ + /* s->s3->rrec.type - is the type of record + * s->s3->rrec.data, - data + * s->s3->rrec.off, - offset into 'data' for next read + * s->s3->rrec.length, - number of bytes. */ rr= &(s->s3->rrec); /* get new packet */ @@ -684,7 +721,7 @@ start: if (s->s3->change_cipher_spec && (rr->type != SSL3_RT_HANDSHAKE)) { - al=SSL3_AD_UNEXPECTED_MESSAGE; + al=SSL_AD_UNEXPECTED_MESSAGE; SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_DATA_BETWEEN_CCS_AND_FINISHED); goto err; } @@ -697,29 +734,33 @@ start: return(0); } - /* Check for an incoming 'Client Request' message */ + /* Check for an incoming 'Hello Request' message from client */ if ((rr->type == SSL3_RT_HANDSHAKE) && (rr->length == 4) && - (rr->data[0] == SSL3_MT_CLIENT_REQUEST) && + (rr->data[0] == SSL3_MT_HELLO_REQUEST) && (s->session != NULL) && (s->session->cipher != NULL)) { if ((rr->data[1] != 0) || (rr->data[2] != 0) || (rr->data[3] != 0)) { - al=SSL3_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_BAD_CLIENT_REQUEST); + al=SSL_AD_DECODE_ERROR; + SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_BAD_HELLO_REQUEST); goto err; } if (SSL_is_init_finished(s) && - !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)) + !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) && + !s->s3->renegotiate) { ssl3_renegotiate(s); - n=s->handshake_func(s); - if (n < 0) return(n); - if (n == 0) + if (ssl3_renegotiate_check(s)) { - SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE); - return(-1); + n=s->handshake_func(s); + if (n < 0) return(n); + if (n == 0) + { + SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE); + return(-1); + } } } rr->length=0; @@ -734,7 +775,7 @@ start: { if ((rr->length != 2) || (rr->off != 0)) { - al=SSL3_AD_ILLEGAL_PARAMETER; + al=SSL_AD_DECODE_ERROR; SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_BAD_ALERT_RECORD); goto f_err; } @@ -756,27 +797,32 @@ start: cb(s,SSL_CB_READ_ALERT,j); } - if (i == 1) + if (i == 1) /* warning */ { s->s3->warn_alert=n; - if (n == SSL3_AD_CLOSE_NOTIFY) + if (n == SSL_AD_CLOSE_NOTIFY) { s->shutdown|=SSL_RECEIVED_SHUTDOWN; return(0); } } - else if (i == 2) + else if (i == 2) /* fatal */ { + char tmp[16]; + s->rwstate=SSL_NOTHING; s->s3->fatal_alert=n; - SSLerr(SSL_F_SSL3_READ_BYTES,1000+n); + SSLerr(SSL_F_SSL3_READ_BYTES, + SSL_AD_REASON_OFFSET+n); + sprintf(tmp,"%d",n); + ERR_add_error_data(2,"SSL alert number ",tmp); s->shutdown|=SSL_RECEIVED_SHUTDOWN; SSL_CTX_remove_session(s->ctx,s->session); return(0); } else { - al=SSL3_AD_ILLEGAL_PARAMETER; + al=SSL_AD_ILLEGAL_PARAMETER; SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_UNKNOWN_ALERT_TYPE); goto f_err; } @@ -797,43 +843,17 @@ start: if ( (rr->length != 1) || (rr->off != 0) || (rr->data[0] != SSL3_MT_CCS)) { - i=SSL3_AD_ILLEGAL_PARAMETER; + i=SSL_AD_ILLEGAL_PARAMETER; SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_BAD_CHANGE_CIPHER_SPEC); goto err; } rr->length=0; - s->s3->change_cipher_spec=1; - - if (s->state & SSL_ST_ACCEPT) - i=SSL3_CHANGE_CIPHER_SERVER_READ; - else - i=SSL3_CHANGE_CIPHER_CLIENT_READ; - - if (s->s3->tmp.key_block == NULL) - { - s->session->cipher=s->s3->tmp.new_cipher; - if (!ssl3_setup_key_block(s)) - goto err; - } - - if (!ssl3_change_cipher_state(s,i)) + if (!do_change_cipher_spec(s)) goto err; - - /* we have to record the message digest at - * this point so we can get it before we read - * the finished message */ - sender=(s->state & SSL_ST_CONNECT) - ?&(ssl3_server_finished_const[0]) - :&(ssl3_client_finished_const[0]); - - ssl3_final_finish_mac(s,&(s->s3->finish_dgst1), - sender,&(s->s3->tmp.finish_md1[0])); - ssl3_final_finish_mac(s,&(s->s3->finish_dgst2), - sender,&(s->s3->tmp.finish_md2[0])); - - goto start; + else + goto start; } /* else we have a handshake */ @@ -843,7 +863,9 @@ start: if (((s->state&SSL_ST_MASK) == SSL_ST_OK) && !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)) { - s->state=SSL_ST_BEFORE; + s->state=SSL_ST_BEFORE|(s->server) + ?SSL_ST_ACCEPT + :SSL_ST_CONNECT; s->new_session=1; } n=s->handshake_func(s); @@ -853,20 +875,79 @@ start: SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE); return(-1); } - goto start; + + /* In the case where we try to read application data + * the first time, but we trigger an SSL handshake, we + * return -1 with the retry option set. I do this + * otherwise renegotiation can cause nasty problems + * in the non-blocking world */ + + s->rwstate=SSL_READING; + bio=SSL_get_rbio(s); + BIO_clear_retry_flags(bio); + BIO_set_retry_read(bio); + return(-1); } - al=SSL3_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_UNEXPECTED_RECORD); - goto f_err; + switch (rr->type) + { + default: +#ifndef NO_TLS + /* TLS just ignores unknown message types */ + if (s->version == TLS1_VERSION) + { + goto start; + } +#endif + case SSL3_RT_CHANGE_CIPHER_SPEC: + case SSL3_RT_ALERT: + case SSL3_RT_HANDSHAKE: + al=SSL_AD_UNEXPECTED_MESSAGE; + SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_UNEXPECTED_RECORD); + goto f_err; + case SSL3_RT_APPLICATION_DATA: + /* At this point, we were expecting something else, + * but have application data. What we do is set the + * error, and return -1. On the way out, if the + * library was running inside ssl3_read() and it makes + * sense to read application data at this point, we + * will indulge it. This will mostly happen during + * session renegotiation. + */ + if (s->s3->in_read_app_data && + (s->s3->total_renegotiations != 0) && + (( + (s->state & SSL_ST_CONNECT) && + (s->state >= SSL3_ST_CW_CLNT_HELLO_A) && + (s->state <= SSL3_ST_CR_SRVR_HELLO_A) + ) || ( + (s->state & SSL_ST_ACCEPT) && + (s->state <= SSL3_ST_SW_HELLO_REQ_A) && + (s->state >= SSL3_ST_SR_CLNT_HELLO_A) + ) + )) + { + s->s3->in_read_app_data=0; + return(-1); + } + else + { + al=SSL_AD_UNEXPECTED_MESSAGE; + SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_UNEXPECTED_RECORD); + goto f_err; + } + } + /* not reached */ } + /* rr->type == type */ + /* make sure that we are not getting application data when we * are doing a handshake for the first time */ if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) && (s->enc_read_ctx == NULL)) { - al=SSL3_AD_UNEXPECTED_MESSAGE; + al=SSL_AD_UNEXPECTED_MESSAGE; SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_APP_DATA_IN_HANDSHAKE); goto f_err; } @@ -881,11 +962,14 @@ start: memcpy(buf,&(rr->data[rr->off]),(unsigned int)n); rr->length-=n; rr->off+=n; - if (rr->length <= 0) + if (rr->length == 0) + { s->rstate=SSL_ST_READ_HEADER; + rr->off=0; + } if (type == SSL3_RT_HANDSHAKE) - ssl3_finish_mac(s,(unsigned char *)buf,n); + ssl3_finish_mac(s,buf,n); return(n); f_err: ssl3_send_alert(s,SSL3_AL_FATAL,al); @@ -893,14 +977,55 @@ err: return(-1); } -int ssl3_do_write(s,type) -SSL *s; -int type; +static int do_change_cipher_spec(SSL *s) + { + int i; + const char *sender; + int slen; + + if (s->state & SSL_ST_ACCEPT) + i=SSL3_CHANGE_CIPHER_SERVER_READ; + else + i=SSL3_CHANGE_CIPHER_CLIENT_READ; + + if (s->s3->tmp.key_block == NULL) + { + s->session->cipher=s->s3->tmp.new_cipher; + if (!s->method->ssl3_enc->setup_key_block(s)) return(0); + } + + if (!s->method->ssl3_enc->change_cipher_state(s,i)) + return(0); + + /* we have to record the message digest at + * this point so we can get it before we read + * the finished message */ + if (s->state & SSL_ST_CONNECT) + { + sender=s->method->ssl3_enc->server_finished_label; + slen=s->method->ssl3_enc->server_finished_label_len; + } + else + { + sender=s->method->ssl3_enc->client_finished_label; + slen=s->method->ssl3_enc->client_finished_label_len; + } + + s->s3->tmp.peer_finish_md_len = s->method->ssl3_enc->final_finish_mac(s, + &(s->s3->finish_dgst1), + &(s->s3->finish_dgst2), + sender,slen,s->s3->tmp.peer_finish_md); + + return(1); + } + +/* send s->init_buf in records of type 'type' */ +int ssl3_do_write(SSL *s, int type) { int ret; - ret=ssl3_write_bytes(s,type,(char *) - &(s->init_buf->data[s->init_off]),s->init_num); + ret=ssl3_write_bytes(s,type,&s->init_buf->data[s->init_off], + s->init_num); if (ret == s->init_num) return(1); if (ret < 0) return(-1); @@ -909,11 +1034,11 @@ int type; return(0); } -void ssl3_send_alert(s,level,desc) -SSL *s; -int level; -int desc; +void ssl3_send_alert(SSL *s, int level, int desc) { + /* Map tls/ssl alert value to correct one */ + desc=s->method->ssl3_enc->alert_value(desc); + if (desc < 0) return; /* If a fatal one, remove from cache */ if ((level == 2) && (s->session != NULL)) SSL_CTX_remove_session(s->ctx,s->session); @@ -927,14 +1052,13 @@ int desc; * some time in the future */ } -int ssl3_dispatch_alert(s) -SSL *s; +int ssl3_dispatch_alert(SSL *s) { int i,j; void (*cb)()=NULL; s->s3->alert_dispatch=0; - i=do_ssl3_write(s,SSL3_RT_ALERT,&(s->s3->send_alert[0]),2); + i=do_ssl3_write(s,SSL3_RT_ALERT,&s->s3->send_alert[0],2); if (i <= 0) { s->s3->alert_dispatch=1; @@ -945,7 +1069,7 @@ SSL *s; * does not get sent due to non-blocking IO, we will * not worry too much. */ if (s->s3->send_alert[0] == SSL3_AL_FATAL) - BIO_flush(s->wbio); + (void)BIO_flush(s->wbio); if (s->info_callback != NULL) cb=s->info_callback; @@ -960,4 +1084,3 @@ SSL *s; } return(i); } -