Convert tls_construct_client_hello() to use PACKETW

[openssl.git] / ssl / statem / statem_lib.c

diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c
index aab4e76aa86353bf665eef7f3e0c56473274f760..2eaa2c0b1a9dc9d2c20988d9aea4b06b4517ee6b 100644 (file)
--- a/ssl/statem/statem_lib.c
+++ b/ssl/statem/statem_lib.c
@@ -40,8 +40,10 @@ int ssl3_do_write(SSL *s, int type)
          * should not be done for 'Hello Request's, but in that case we'll
          * ignore the result anyway
          */
-        ssl3_finish_mac(s, (unsigned char *)&s->init_buf->data[s->init_off],
-                        ret);
+        if (!ssl3_finish_mac(s,
+                             (unsigned char *)&s->init_buf->data[s->init_off],
+                             ret))
+            return -1;
 
     if (ret == s->init_num) {
         if (s->msg_callback)
@@ -55,6 +57,20 @@ int ssl3_do_write(SSL *s, int type)
     return (0);
 }
 
+int tls_close_construct_packet(SSL *s, PACKETW *pkt)
+{
+    size_t msglen;
+
+    if (!PACKETW_get_length(pkt, &msglen)
+            || msglen > INT_MAX
+            || !PACKETW_close(pkt))
+        return 0;
+    s->init_num = (int)msglen;
+    s->init_off = 0;
+
+    return 1;
+}
+
 int tls_construct_finished(SSL *s, const char *sender, int slen)
 {
     unsigned char *p;
@@ -136,13 +152,13 @@ MSG_PROCESS_RETURN tls_process_change_cipher_spec(SSL *s, PACKET *pkt)
      */
     if (SSL_IS_DTLS(s)) {
         if ((s->version == DTLS1_BAD_VER
-                        && remain != DTLS1_CCS_HEADER_LENGTH + 1)
-                    || (s->version != DTLS1_BAD_VER
-                        && remain != DTLS1_CCS_HEADER_LENGTH - 1)) {
-                al = SSL_AD_ILLEGAL_PARAMETER;
-                SSLerr(SSL_F_TLS_PROCESS_CHANGE_CIPHER_SPEC,
-                       SSL_R_BAD_CHANGE_CIPHER_SPEC);
-                goto f_err;
+             && remain != DTLS1_CCS_HEADER_LENGTH + 1)
+            || (s->version != DTLS1_BAD_VER
+                && remain != DTLS1_CCS_HEADER_LENGTH - 1)) {
+            al = SSL_AD_ILLEGAL_PARAMETER;
+            SSLerr(SSL_F_TLS_PROCESS_CHANGE_CIPHER_SPEC,
+                   SSL_R_BAD_CHANGE_CIPHER_SPEC);
+            goto f_err;
         }
     } else {
         if (remain != 0) {
@@ -329,6 +345,7 @@ WORK_STATE tls_finish_handshake(SSL *s, WORK_STATE wst)
             s->d1->handshake_read_seq = 0;
             s->d1->handshake_write_seq = 0;
             s->d1->next_handshake_write_seq = 0;
+            dtls1_clear_received_buffer(s);
         }
     }
 
@@ -347,16 +364,18 @@ int tls_get_message_header(SSL *s, int *mt)
     do {
         while (s->init_num < SSL3_HM_HEADER_LENGTH) {
             i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, &recvd_type,
-                &p[s->init_num], SSL3_HM_HEADER_LENGTH - s->init_num, 0);
+                                          &p[s->init_num],
+                                          SSL3_HM_HEADER_LENGTH - s->init_num,
+                                          0);
             if (i <= 0) {
                 s->rwstate = SSL_READING;
                 return 0;
             }
             if (recvd_type == SSL3_RT_CHANGE_CIPHER_SPEC) {
                 /*
-                * A ChangeCipherSpec must be a single byte and may not occur
-                * in the middle of a handshake message.
-                */
+                 * A ChangeCipherSpec must be a single byte and may not occur
+                 * in the middle of a handshake message.
+                 */
                 if (s->init_num != 0 || i != 1 || p[0] != SSL3_MT_CCS) {
                     al = SSL_AD_UNEXPECTED_MESSAGE;
                     SSLerr(SSL_F_TLS_GET_MESSAGE_HEADER,
@@ -399,15 +418,14 @@ int tls_get_message_header(SSL *s, int *mt)
     *mt = *p;
     s->s3->tmp.message_type = *(p++);
 
-    if(RECORD_LAYER_is_sslv2_record(&s->rlayer)) {
+    if (RECORD_LAYER_is_sslv2_record(&s->rlayer)) {
         /*
          * Only happens with SSLv3+ in an SSLv2 backward compatible
          * ClientHello
+         *
+         * Total message size is the remaining record bytes to read
+         * plus the SSL3_HM_HEADER_LENGTH bytes that we already read
          */
-         /*
-          * Total message size is the remaining record bytes to read
-          * plus the SSL3_HM_HEADER_LENGTH bytes that we already read
-          */
         l = RECORD_LAYER_get_rrec_length(&s->rlayer)
             + SSL3_HM_HEADER_LENGTH;
         if (l && !BUF_MEM_grow_clean(s->init_buf, (int)l)) {
@@ -427,7 +445,7 @@ int tls_get_message_header(SSL *s, int *mt)
             goto f_err;
         }
         if (l && !BUF_MEM_grow_clean(s->init_buf,
-                                    (int)l + SSL3_HM_HEADER_LENGTH)) {
+                                     (int)l + SSL3_HM_HEADER_LENGTH)) {
             SSLerr(SSL_F_TLS_GET_MESSAGE_HEADER, ERR_R_BUF_LIB);
             goto err;
         }
@@ -480,14 +498,25 @@ int tls_get_message_body(SSL *s, unsigned long *len)
 #endif
 
     /* Feed this message into MAC computation. */
-    if(RECORD_LAYER_is_sslv2_record(&s->rlayer)) {
-        ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, s->init_num);
+    if (RECORD_LAYER_is_sslv2_record(&s->rlayer)) {
+        if (!ssl3_finish_mac(s, (unsigned char *)s->init_buf->data,
+                             s->init_num)) {
+            SSLerr(SSL_F_TLS_GET_MESSAGE_BODY, ERR_R_EVP_LIB);
+            ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
+            *len = 0;
+            return 0;
+        }
         if (s->msg_callback)
-            s->msg_callback(0, SSL2_VERSION, 0,  s->init_buf->data,
+            s->msg_callback(0, SSL2_VERSION, 0, s->init_buf->data,
                             (size_t)s->init_num, s, s->msg_callback_arg);
     } else {
-        ssl3_finish_mac(s, (unsigned char *)s->init_buf->data,
-            s->init_num + SSL3_HM_HEADER_LENGTH);
+        if (!ssl3_finish_mac(s, (unsigned char *)s->init_buf->data,
+                             s->init_num + SSL3_HM_HEADER_LENGTH)) {
+            SSLerr(SSL_F_TLS_GET_MESSAGE_BODY, ERR_R_EVP_LIB);
+            ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
+            *len = 0;
+            return 0;
+        }
         if (s->msg_callback)
             s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->init_buf->data,
                             (size_t)s->init_num + SSL3_HM_HEADER_LENGTH, s,
@@ -508,10 +537,9 @@ int tls_get_message_body(SSL *s, unsigned long *len)
     return 1;
 }
 
-int ssl_cert_type(X509 *x, EVP_PKEY *pk)
+int ssl_cert_type(const X509 *x, const EVP_PKEY *pk)
 {
-    if (pk == NULL &&
-        (pk = X509_get0_pubkey(x)) == NULL)
+    if (pk == NULL && (pk = X509_get0_pubkey(x)) == NULL)
         return -1;
 
     switch (EVP_PKEY_id(pk)) {
@@ -625,8 +653,8 @@ static int version_cmp(const SSL *s, int a, int b)
 
 typedef struct {
     int version;
-    const SSL_METHOD *(*cmeth)(void);
-    const SSL_METHOD *(*smeth)(void);
+    const SSL_METHOD *(*cmeth) (void);
+    const SSL_METHOD *(*smeth) (void);
 } version_info;
 
 #if TLS_MAX_VERSION != TLS1_2_VERSION
@@ -635,26 +663,26 @@ typedef struct {
 
 static const version_info tls_version_table[] = {
 #ifndef OPENSSL_NO_TLS1_2
-    { TLS1_2_VERSION, tlsv1_2_client_method, tlsv1_2_server_method },
+    {TLS1_2_VERSION, tlsv1_2_client_method, tlsv1_2_server_method},
 #else
-    { TLS1_2_VERSION, NULL, NULL },
+    {TLS1_2_VERSION, NULL, NULL},
 #endif
 #ifndef OPENSSL_NO_TLS1_1
-    { TLS1_1_VERSION, tlsv1_1_client_method, tlsv1_1_server_method },
+    {TLS1_1_VERSION, tlsv1_1_client_method, tlsv1_1_server_method},
 #else
-    { TLS1_1_VERSION, NULL, NULL },
+    {TLS1_1_VERSION, NULL, NULL},
 #endif
 #ifndef OPENSSL_NO_TLS1
-    { TLS1_VERSION, tlsv1_client_method, tlsv1_server_method },
+    {TLS1_VERSION, tlsv1_client_method, tlsv1_server_method},
 #else
-    { TLS1_VERSION, NULL, NULL },
+    {TLS1_VERSION, NULL, NULL},
 #endif
 #ifndef OPENSSL_NO_SSL3
-    { SSL3_VERSION, sslv3_client_method, sslv3_server_method },
+    {SSL3_VERSION, sslv3_client_method, sslv3_server_method},
 #else
-    { SSL3_VERSION, NULL, NULL },
+    {SSL3_VERSION, NULL, NULL},
 #endif
-    { 0, NULL, NULL },
+    {0, NULL, NULL},
 };
 
 #if DTLS_MAX_VERSION != DTLS1_2_VERSION
@@ -663,16 +691,18 @@ static const version_info tls_version_table[] = {
 
 static const version_info dtls_version_table[] = {
 #ifndef OPENSSL_NO_DTLS1_2
-    { DTLS1_2_VERSION, dtlsv1_2_client_method, dtlsv1_2_server_method },
+    {DTLS1_2_VERSION, dtlsv1_2_client_method, dtlsv1_2_server_method},
 #else
-    { DTLS1_2_VERSION, NULL, NULL },
+    {DTLS1_2_VERSION, NULL, NULL},
 #endif
 #ifndef OPENSSL_NO_DTLS1
-    { DTLS1_VERSION, dtlsv1_client_method, dtlsv1_server_method },
+    {DTLS1_VERSION, dtlsv1_client_method, dtlsv1_server_method},
+    {DTLS1_BAD_VER, dtls_bad_ver_client_method, NULL},
 #else
-    { DTLS1_VERSION, NULL, NULL },
+    {DTLS1_VERSION, NULL, NULL},
+    {DTLS1_BAD_VER, NULL, NULL},
 #endif
-    { 0, NULL, NULL },
+    {0, NULL, NULL},
 };
 
 /*
@@ -693,7 +723,7 @@ static int ssl_method_error(const SSL *s, const SSL_METHOD *method)
         return SSL_R_VERSION_TOO_LOW;
 
     if (s->max_proto_version != 0 &&
-             version_cmp(s, version, s->max_proto_version) > 0)
+        version_cmp(s, version, s->max_proto_version) > 0)
         return SSL_R_VERSION_TOO_HIGH;
 
     if ((s->options & method->mask) != 0)
@@ -780,8 +810,7 @@ int ssl_check_version_downgrade(SSL *s)
     }
 
     for (vent = table; vent->version != 0; ++vent) {
-        if (vent->smeth != NULL &&
-            ssl_method_error(s, vent->smeth()) == 0)
+        if (vent->smeth != NULL && ssl_method_error(s, vent->smeth()) == 0)
             return s->version == vent->version;
     }
     return 0;
@@ -835,7 +864,7 @@ int ssl_set_version_bound(int method_version, int version, int *bound)
 
     case DTLS_ANY_VERSION:
         if (DTLS_VERSION_GT(version, DTLS_MAX_VERSION) ||
-            DTLS_VERSION_LT(version, DTLS1_VERSION))
+            DTLS_VERSION_LT(version, DTLS1_BAD_VER))
             return 0;
         break;
     }
@@ -981,7 +1010,8 @@ int ssl_choose_client_version(SSL *s, int version)
  * Returns 0 on success or an SSL error reason number on failure.  On failure
  * min_version and max_version will also be set to 0.
  */
-int ssl_get_client_min_max_version(const SSL *s, int *min_version, int *max_version)
+int ssl_get_client_min_max_version(const SSL *s, int *min_version,
+                                   int *max_version)
 {
     int version;
     int hole;