#include "../ssl_locl.h"
#include "statem_locl.h"
#include <openssl/buffer.h>
-#include <openssl/rand.h>
#include <openssl/objects.h>
#include <openssl/evp.h>
#include <openssl/x509.h>
* should not be done for 'Hello Request's, but in that case we'll
* ignore the result anyway
*/
- ssl3_finish_mac(s, (unsigned char *)&s->init_buf->data[s->init_off],
- ret);
+ if (!ssl3_finish_mac(s,
+ (unsigned char *)&s->init_buf->data[s->init_off],
+ ret))
+ return -1;
if (ret == s->init_num) {
if (s->msg_callback)
*/
if (SSL_IS_DTLS(s)) {
if ((s->version == DTLS1_BAD_VER
- && remain != DTLS1_CCS_HEADER_LENGTH + 1)
- || (s->version != DTLS1_BAD_VER
- && remain != DTLS1_CCS_HEADER_LENGTH - 1)) {
- al = SSL_AD_ILLEGAL_PARAMETER;
- SSLerr(SSL_F_TLS_PROCESS_CHANGE_CIPHER_SPEC,
- SSL_R_BAD_CHANGE_CIPHER_SPEC);
- goto f_err;
+ && remain != DTLS1_CCS_HEADER_LENGTH + 1)
+ || (s->version != DTLS1_BAD_VER
+ && remain != DTLS1_CCS_HEADER_LENGTH - 1)) {
+ al = SSL_AD_ILLEGAL_PARAMETER;
+ SSLerr(SSL_F_TLS_PROCESS_CHANGE_CIPHER_SPEC,
+ SSL_R_BAD_CHANGE_CIPHER_SPEC);
+ goto f_err;
}
} else {
if (remain != 0) {
s->d1->handshake_read_seq = 0;
s->d1->handshake_write_seq = 0;
s->d1->next_handshake_write_seq = 0;
+ dtls1_clear_received_buffer(s);
}
}
do {
while (s->init_num < SSL3_HM_HEADER_LENGTH) {
i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, &recvd_type,
- &p[s->init_num], SSL3_HM_HEADER_LENGTH - s->init_num, 0);
+ &p[s->init_num],
+ SSL3_HM_HEADER_LENGTH - s->init_num,
+ 0);
if (i <= 0) {
s->rwstate = SSL_READING;
return 0;
}
if (recvd_type == SSL3_RT_CHANGE_CIPHER_SPEC) {
+ /*
+ * A ChangeCipherSpec must be a single byte and may not occur
+ * in the middle of a handshake message.
+ */
+ if (s->init_num != 0 || i != 1 || p[0] != SSL3_MT_CCS) {
+ al = SSL_AD_UNEXPECTED_MESSAGE;
+ SSLerr(SSL_F_TLS_GET_MESSAGE_HEADER,
+ SSL_R_BAD_CHANGE_CIPHER_SPEC);
+ goto f_err;
+ }
s->s3->tmp.message_type = *mt = SSL3_MT_CHANGE_CIPHER_SPEC;
s->init_num = i - 1;
s->s3->tmp.message_size = i;
*mt = *p;
s->s3->tmp.message_type = *(p++);
- if(RECORD_LAYER_is_sslv2_record(&s->rlayer)) {
+ if (RECORD_LAYER_is_sslv2_record(&s->rlayer)) {
/*
* Only happens with SSLv3+ in an SSLv2 backward compatible
* ClientHello
+ *
+ * Total message size is the remaining record bytes to read
+ * plus the SSL3_HM_HEADER_LENGTH bytes that we already read
*/
- /*
- * Total message size is the remaining record bytes to read
- * plus the SSL3_HM_HEADER_LENGTH bytes that we already read
- */
l = RECORD_LAYER_get_rrec_length(&s->rlayer)
+ SSL3_HM_HEADER_LENGTH;
if (l && !BUF_MEM_grow_clean(s->init_buf, (int)l)) {
goto f_err;
}
if (l && !BUF_MEM_grow_clean(s->init_buf,
- (int)l + SSL3_HM_HEADER_LENGTH)) {
+ (int)l + SSL3_HM_HEADER_LENGTH)) {
SSLerr(SSL_F_TLS_GET_MESSAGE_HEADER, ERR_R_BUF_LIB);
goto err;
}
#endif
/* Feed this message into MAC computation. */
- if(RECORD_LAYER_is_sslv2_record(&s->rlayer)) {
- ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, s->init_num);
+ if (RECORD_LAYER_is_sslv2_record(&s->rlayer)) {
+ if (!ssl3_finish_mac(s, (unsigned char *)s->init_buf->data,
+ s->init_num)) {
+ SSLerr(SSL_F_TLS_GET_MESSAGE_BODY, ERR_R_EVP_LIB);
+ ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
+ *len = 0;
+ return 0;
+ }
if (s->msg_callback)
- s->msg_callback(0, SSL2_VERSION, 0, s->init_buf->data,
+ s->msg_callback(0, SSL2_VERSION, 0, s->init_buf->data,
(size_t)s->init_num, s, s->msg_callback_arg);
} else {
- ssl3_finish_mac(s, (unsigned char *)s->init_buf->data,
- s->init_num + SSL3_HM_HEADER_LENGTH);
+ if (!ssl3_finish_mac(s, (unsigned char *)s->init_buf->data,
+ s->init_num + SSL3_HM_HEADER_LENGTH)) {
+ SSLerr(SSL_F_TLS_GET_MESSAGE_BODY, ERR_R_EVP_LIB);
+ ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
+ *len = 0;
+ return 0;
+ }
if (s->msg_callback)
s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->init_buf->data,
(size_t)s->init_num + SSL3_HM_HEADER_LENGTH, s,
return 1;
}
-int ssl_cert_type(X509 *x, EVP_PKEY *pk)
+int ssl_cert_type(const X509 *x, const EVP_PKEY *pk)
{
- if (pk == NULL &&
- (pk = X509_get0_pubkey(x)) == NULL)
+ if (pk == NULL && (pk = X509_get0_pubkey(x)) == NULL)
return -1;
switch (EVP_PKEY_id(pk)) {
typedef struct {
int version;
- const SSL_METHOD *(*cmeth)(void);
- const SSL_METHOD *(*smeth)(void);
+ const SSL_METHOD *(*cmeth) (void);
+ const SSL_METHOD *(*smeth) (void);
} version_info;
#if TLS_MAX_VERSION != TLS1_2_VERSION
static const version_info tls_version_table[] = {
#ifndef OPENSSL_NO_TLS1_2
- { TLS1_2_VERSION, tlsv1_2_client_method, tlsv1_2_server_method },
+ {TLS1_2_VERSION, tlsv1_2_client_method, tlsv1_2_server_method},
#else
- { TLS1_2_VERSION, NULL, NULL },
+ {TLS1_2_VERSION, NULL, NULL},
#endif
#ifndef OPENSSL_NO_TLS1_1
- { TLS1_1_VERSION, tlsv1_1_client_method, tlsv1_1_server_method },
+ {TLS1_1_VERSION, tlsv1_1_client_method, tlsv1_1_server_method},
#else
- { TLS1_1_VERSION, NULL, NULL },
+ {TLS1_1_VERSION, NULL, NULL},
#endif
#ifndef OPENSSL_NO_TLS1
- { TLS1_VERSION, tlsv1_client_method, tlsv1_server_method },
+ {TLS1_VERSION, tlsv1_client_method, tlsv1_server_method},
#else
- { TLS1_VERSION, NULL, NULL },
+ {TLS1_VERSION, NULL, NULL},
#endif
#ifndef OPENSSL_NO_SSL3
- { SSL3_VERSION, sslv3_client_method, sslv3_server_method },
+ {SSL3_VERSION, sslv3_client_method, sslv3_server_method},
#else
- { SSL3_VERSION, NULL, NULL },
+ {SSL3_VERSION, NULL, NULL},
#endif
- { 0, NULL, NULL },
+ {0, NULL, NULL},
};
#if DTLS_MAX_VERSION != DTLS1_2_VERSION
static const version_info dtls_version_table[] = {
#ifndef OPENSSL_NO_DTLS1_2
- { DTLS1_2_VERSION, dtlsv1_2_client_method, dtlsv1_2_server_method },
+ {DTLS1_2_VERSION, dtlsv1_2_client_method, dtlsv1_2_server_method},
#else
- { DTLS1_2_VERSION, NULL, NULL },
+ {DTLS1_2_VERSION, NULL, NULL},
#endif
#ifndef OPENSSL_NO_DTLS1
- { DTLS1_VERSION, dtlsv1_client_method, dtlsv1_server_method },
+ {DTLS1_VERSION, dtlsv1_client_method, dtlsv1_server_method},
+ {DTLS1_BAD_VER, dtls_bad_ver_client_method, NULL},
#else
- { DTLS1_VERSION, NULL, NULL },
+ {DTLS1_VERSION, NULL, NULL},
+ {DTLS1_BAD_VER, NULL, NULL},
#endif
- { 0, NULL, NULL },
+ {0, NULL, NULL},
};
/*
return SSL_R_VERSION_TOO_LOW;
if (s->max_proto_version != 0 &&
- version_cmp(s, version, s->max_proto_version) > 0)
+ version_cmp(s, version, s->max_proto_version) > 0)
return SSL_R_VERSION_TOO_HIGH;
if ((s->options & method->mask) != 0)
}
for (vent = table; vent->version != 0; ++vent) {
- if (vent->smeth != NULL &&
- ssl_method_error(s, vent->smeth()) == 0)
+ if (vent->smeth != NULL && ssl_method_error(s, vent->smeth()) == 0)
return s->version == vent->version;
}
return 0;
case DTLS_ANY_VERSION:
if (DTLS_VERSION_GT(version, DTLS_MAX_VERSION) ||
- DTLS_VERSION_LT(version, DTLS1_VERSION))
+ DTLS_VERSION_LT(version, DTLS1_BAD_VER))
return 0;
break;
}
* or FIPS_mode() constraints and any floor imposed by the security level here,
* so we don't advertise the wrong protocol version to only reject the outcome later.
*
- * Computing the right floor matters. If, e.g., TLS 1.0 and 1.2 are enabled,
+ * Computing the right floor matters. If, e.g., TLS 1.0 and 1.2 are enabled,
* TLS 1.1 is disabled, but the security level, Suite-B and/or MinProtocol
* only allow TLS 1.2, we want to advertise TLS1.2, *not* TLS1.
*
* Returns 0 on success or an SSL error reason number on failure. On failure
* min_version and max_version will also be set to 0.
*/
-int ssl_get_client_min_max_version(const SSL *s, int *min_version, int *max_version)
+int ssl_get_client_min_max_version(const SSL *s, int *min_version,
+ int *max_version)
{
int version;
int hole;
projects / openssl.git / blobdiff