X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=ssl%2Fstatem%2Fstatem_srvr.c;h=b68366cb332a8c426cbf65c6af8102f93756cfd9;hp=f135f9a737303909650296d24efe626d2a79f12b;hb=141eb8c679a316278651d1e50b2259a989e030c9;hpb=20dbe585772a18952b730b71cd6722ce62dfe88b diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index f135f9a737..b68366cb33 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -180,7 +180,7 @@ static STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s, * 1: Success (transition allowed) * 0: Error (transition not allowed) */ -int server_read_transition(SSL *s, int mt) +int ossl_statem_server_read_transition(SSL *s, int mt) { OSSL_STATEM *st = &s->statem; @@ -402,7 +402,7 @@ static inline int send_certificate_request(SSL *s) * server_write_transition() works out what handshake state to move to next * when the server is writing messages to be sent to the client. */ -enum WRITE_TRAN server_write_transition(SSL *s) +WRITE_TRAN ossl_statem_server_write_transition(SSL *s) { OSSL_STATEM *st = &s->statem; @@ -520,7 +520,7 @@ enum WRITE_TRAN server_write_transition(SSL *s) * Perform any pre work that needs to be done prior to sending a message from * the server to the client. */ -enum WORK_STATE server_pre_work(SSL *s, enum WORK_STATE wst) +WORK_STATE ossl_statem_server_pre_work(SSL *s, WORK_STATE wst) { OSSL_STATEM *st = &s->statem; @@ -599,7 +599,7 @@ enum WORK_STATE server_pre_work(SSL *s, enum WORK_STATE wst) * Perform any work that needs to be done after sending a message from the * server to the client. */ -enum WORK_STATE server_post_work(SSL *s, enum WORK_STATE wst) +WORK_STATE ossl_statem_server_post_work(SSL *s, WORK_STATE wst) { OSSL_STATEM *st = &s->statem; @@ -635,8 +635,8 @@ enum WORK_STATE server_post_work(SSL *s, enum WORK_STATE wst) * Add new shared key for SCTP-Auth, will be ignored if no * SCTP used. */ - snprintf((char *)labelbuffer, sizeof(DTLS1_SCTP_AUTH_LABEL), - DTLS1_SCTP_AUTH_LABEL); + memcpy(labelbuffer, DTLS1_SCTP_AUTH_LABEL, + sizeof(DTLS1_SCTP_AUTH_LABEL)); if (SSL_export_keying_material(s, sctpauthkey, sizeof(sctpauthkey), labelbuffer, @@ -707,7 +707,7 @@ enum WORK_STATE server_post_work(SSL *s, enum WORK_STATE wst) * 1: Success * 0: Error */ -int server_construct_message(SSL *s) +int ossl_statem_server_construct_message(SSL *s) { OSSL_STATEM *st = &s->statem; @@ -767,7 +767,7 @@ int server_construct_message(SSL *s) * Returns the maximum allowed length for the current message that we are * reading. Excludes the message header. */ -unsigned long server_max_message_size(SSL *s) +unsigned long ossl_statem_server_max_message_size(SSL *s) { OSSL_STATEM *st = &s->statem; @@ -806,7 +806,7 @@ unsigned long server_max_message_size(SSL *s) /* * Process a message that the server has received from the client. */ -enum MSG_PROCESS_RETURN server_process_message(SSL *s, PACKET *pkt) +MSG_PROCESS_RETURN ossl_statem_server_process_message(SSL *s, PACKET *pkt) { OSSL_STATEM *st = &s->statem; @@ -846,7 +846,7 @@ enum MSG_PROCESS_RETURN server_process_message(SSL *s, PACKET *pkt) * Perform any further processing required following the receipt of a message * from the client */ -enum WORK_STATE server_post_process_message(SSL *s, enum WORK_STATE wst) +WORK_STATE ossl_statem_server_post_process_message(SSL *s, WORK_STATE wst) { OSSL_STATEM *st = &s->statem; @@ -956,7 +956,7 @@ int dtls_construct_hello_verify_request(SSL *s) s->ctx->app_gen_cookie_cb(s, s->d1->cookie, &(s->d1->cookie_len)) == 0 || s->d1->cookie_len > 255) { - SSLerr(SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST, + SSLerr(SSL_F_DTLS_CONSTRUCT_HELLO_VERIFY_REQUEST, SSL_R_COOKIE_GEN_CALLBACK_FAILURE); ossl_statem_set_error(s); return 0; @@ -976,7 +976,7 @@ int dtls_construct_hello_verify_request(SSL *s) return 1; } -enum MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt) +MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt) { int i, al = SSL_AD_INTERNAL_ERROR; unsigned int j, complen = 0; @@ -1145,7 +1145,8 @@ enum MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt) || !PACKET_get_sub_packet(pkt, &challenge, challenge_len) /* No extensions. */ || PACKET_remaining(pkt) != 0) { - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_RECORD_LENGTH_MISMATCH); + SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO, + SSL_R_RECORD_LENGTH_MISMATCH); al = SSL_AD_DECODE_ERROR; goto f_err; } @@ -1157,7 +1158,7 @@ enum MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt) if (!PACKET_copy_bytes(&challenge, s->s3->client_random + SSL3_RANDOM_SIZE - challenge_len, challenge_len)) { - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, ERR_R_INTERNAL_ERROR); + SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO, ERR_R_INTERNAL_ERROR); al = SSL_AD_INTERNAL_ERROR; goto f_err; } @@ -1169,14 +1170,14 @@ enum MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt) if (!PACKET_copy_bytes(pkt, s->s3->client_random, SSL3_RANDOM_SIZE) || !PACKET_get_length_prefixed_1(pkt, &session_id)) { al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH); + SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH); goto f_err; } if (SSL_IS_DTLS(s)) { if (!PACKET_get_length_prefixed_1(pkt, &cookie)) { al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH); + SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH); goto f_err; } /* @@ -1193,7 +1194,7 @@ enum MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt) if (!PACKET_get_length_prefixed_2(pkt, &cipher_suites) || !PACKET_get_length_prefixed_1(pkt, &compression)) { al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH); + SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH); goto f_err; } /* Could be empty. */ @@ -1253,7 +1254,7 @@ enum MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt) if (s->ctx->app_verify_cookie_cb(s, PACKET_data(&cookie), PACKET_remaining(&cookie)) == 0) { al = SSL_AD_HANDSHAKE_FAILURE; - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, + SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO, SSL_R_COOKIE_MISMATCH); goto f_err; /* else cookie verification succeeded */ @@ -1262,7 +1263,7 @@ enum MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt) } else if (!PACKET_equal(&cookie, s->d1->cookie, s->d1->cookie_len)) { al = SSL_AD_HANDSHAKE_FAILURE; - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_COOKIE_MISMATCH); + SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO, SSL_R_COOKIE_MISMATCH); goto f_err; } s->d1->cookie_verified = 1; @@ -1274,7 +1275,7 @@ enum MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt) s->version = DTLS1_2_VERSION; s->method = DTLSv1_2_server_method(); } else if (tls1_suiteb(s)) { - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, + SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO, SSL_R_ONLY_DTLS_1_2_ALLOWED_IN_SUITEB_MODE); s->version = s->client_version; al = SSL_AD_PROTOCOL_VERSION; @@ -1284,7 +1285,7 @@ enum MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt) s->version = DTLS1_VERSION; s->method = DTLSv1_server_method(); } else { - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, + SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO, SSL_R_WRONG_VERSION_NUMBER); s->version = s->client_version; al = SSL_AD_PROTOCOL_VERSION; @@ -1325,7 +1326,7 @@ enum MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt) * to reuse it */ al = SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, + SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO, SSL_R_REQUIRED_CIPHER_MISSING); goto f_err; } @@ -1340,14 +1341,14 @@ enum MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt) if (j >= complen) { /* no compress */ al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_NO_COMPRESSION_SPECIFIED); + SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO, SSL_R_NO_COMPRESSION_SPECIFIED); goto f_err; } /* TLS extensions */ if (s->version >= SSL3_VERSION) { if (!ssl_parse_clienthello_tlsext(s, &extensions)) { - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_PARSE_TLSEXT); + SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO, SSL_R_PARSE_TLSEXT); goto err; } } @@ -1515,9 +1516,9 @@ enum MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt) } -enum WORK_STATE tls_post_process_client_hello(SSL *s, enum WORK_STATE wst) +WORK_STATE tls_post_process_client_hello(SSL *s, WORK_STATE wst) { - int al; + int al = SSL_AD_HANDSHAKE_FAILURE; SSL_CIPHER *cipher; if (wst == WORK_MORE_A) { @@ -1539,7 +1540,6 @@ enum WORK_STATE tls_post_process_client_hello(SSL *s, enum WORK_STATE wst) cipher = ssl3_choose_cipher(s, s->session->ciphers, SSL_get_ciphers(s)); if (cipher == NULL) { - al = SSL_AD_HANDSHAKE_FAILURE; SSLerr(SSL_F_TLS_POST_PROCESS_CLIENT_HELLO, SSL_R_NO_SHARED_CIPHER); goto f_err; } @@ -1557,8 +1557,10 @@ enum WORK_STATE tls_post_process_client_hello(SSL *s, enum WORK_STATE wst) } if (!SSL_USE_SIGALGS(s) || !(s->verify_mode & SSL_VERIFY_PEER)) { - if (!ssl3_digest_cached_records(s, 0)) + if (!ssl3_digest_cached_records(s, 0)) { + al = SSL_AD_INTERNAL_ERROR; goto f_err; + } } /*- @@ -1576,7 +1578,8 @@ enum WORK_STATE tls_post_process_client_hello(SSL *s, enum WORK_STATE wst) /* Handles TLS extensions that we couldn't check earlier */ if (s->version >= SSL3_VERSION) { if (ssl_check_clienthello_tlsext_late(s) <= 0) { - SSLerr(SSL_F_TLS_POST_PROCESS_CLIENT_HELLO, SSL_R_CLIENTHELLO_TLSEXT); + SSLerr(SSL_F_TLS_POST_PROCESS_CLIENT_HELLO, + SSL_R_CLIENTHELLO_TLSEXT); goto f_err; } } @@ -2263,7 +2266,7 @@ int tls_construct_certificate_request(SSL *s) return 0; } -enum MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt) +MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt) { int al; unsigned int i; @@ -2313,7 +2316,7 @@ enum MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt) } if (!PACKET_strndup(&psk_identity, &s->session->psk_identity)) { - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); + SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); al = SSL_AD_INTERNAL_ERROR; goto f_err; } @@ -2407,7 +2410,8 @@ enum MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt) enc_premaster = orig; } else { al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, SSL_R_LENGTH_MISMATCH); + SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, + SSL_R_LENGTH_MISMATCH); goto f_err; } } @@ -2421,7 +2425,7 @@ enum MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt) */ if (RSA_size(rsa) < SSL_MAX_MASTER_KEY_LENGTH) { al = SSL_AD_INTERNAL_ERROR; - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, + SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, RSA_R_KEY_SIZE_TOO_SMALL); goto f_err; } @@ -2429,7 +2433,7 @@ enum MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt) rsa_decrypt = OPENSSL_malloc(RSA_size(rsa)); if (rsa_decrypt == NULL) { al = SSL_AD_INTERNAL_ERROR; - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE); + SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE); goto f_err; } @@ -2890,8 +2894,7 @@ enum MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt) return MSG_PROCESS_ERROR; } -enum WORK_STATE tls_post_process_client_key_exchange(SSL *s, - enum WORK_STATE wst) +WORK_STATE tls_post_process_client_key_exchange(SSL *s, WORK_STATE wst) { #ifndef OPENSSL_NO_SCTP if (wst == WORK_MORE_A) { @@ -2902,8 +2905,8 @@ enum WORK_STATE tls_post_process_client_key_exchange(SSL *s, * Add new shared key for SCTP-Auth, will be ignored if no SCTP * used. */ - snprintf((char *)labelbuffer, sizeof(DTLS1_SCTP_AUTH_LABEL), - DTLS1_SCTP_AUTH_LABEL); + memcpy(labelbuffer, DTLS1_SCTP_AUTH_LABEL, + sizeof(DTLS1_SCTP_AUTH_LABEL)); if (SSL_export_keying_material(s, sctpauthkey, sizeof(sctpauthkey), labelbuffer, @@ -3001,7 +3004,7 @@ enum WORK_STATE tls_post_process_client_key_exchange(SSL *s, return WORK_FINISHED_CONTINUE; } -enum MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt) +MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt) { EVP_PKEY *pkey = NULL; unsigned char *sig, *data; @@ -3177,7 +3180,7 @@ enum MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt) return ret; } -enum MSG_PROCESS_RETURN tls_process_client_certificate(SSL *s, PACKET *pkt) +MSG_PROCESS_RETURN tls_process_client_certificate(SSL *s, PACKET *pkt) { int i, al = SSL_AD_INTERNAL_ERROR, ret = MSG_PROCESS_ERROR; X509 *x = NULL; @@ -3497,7 +3500,7 @@ int tls_construct_cert_status(SSL *s) * tls_process_next_proto reads a Next Protocol Negotiation handshake message. * It sets the next_proto member in s if found */ -enum MSG_PROCESS_RETURN tls_process_next_proto(SSL *s, PACKET *pkt) +MSG_PROCESS_RETURN tls_process_next_proto(SSL *s, PACKET *pkt) { PACKET next_proto, padding; size_t next_proto_len;