'Handshake' protocol structures are kept in memory, including
'msg_type' and 'length'.
(This is in preparation of future support for callbacks that get to
peek at handshake messages and the like.)
*) applies to 0.9.6a/0.9.6b/0.9.6c and 0.9.7
+) applies to 0.9.7 only
*) applies to 0.9.6a/0.9.6b/0.9.6c and 0.9.7
+) applies to 0.9.7 only
+ +) Change ssl3_get_message (ssl/s3_both.c) and the functions using it
+ so that complete 'Handshake' protocol structures are kept in memory
+ instead of overwriting 'msg_type' and 'length' with 'body' data.
+ [Bodo Moeller]
+
+ *) Fix ssl3_get_message (ssl/s3_both.c) to handle message fragmentation
+ correctly.
+ [Bodo Moeller]
+
+) Add an implementation of SSL_add_dir_cert_subjects_to_stack for Win32.
[Massimo Santin via Richard Levitte]
+) Add an implementation of SSL_add_dir_cert_subjects_to_stack for Win32.
[Massimo Santin via Richard Levitte]
* 9/10 client_version /
*/
char *buf= &(buf_space[0]);
* 9/10 client_version /
*/
char *buf= &(buf_space[0]);
- unsigned char *p,*d,*dd;
+ unsigned char *p,*d,*d_len,*dd;
unsigned int i;
unsigned int csl,sil,cl;
int n=0,j;
unsigned int i;
unsigned int csl,sil,cl;
int n=0,j;
+ /* record header: version ... */
+ *(d++) = SSL3_VERSION_MAJOR; /* == v[0] */
+ *(d++) = v[1];
+ /* ... and length (actual value will be written later) */
+ d_len = d++;
+ d++;
+
+ /* client_version */
*(d++) = SSL3_VERSION_MAJOR; /* == v[0] */
*(d++) = v[1];
*(d++) = SSL3_VERSION_MAJOR; /* == v[0] */
*(d++) = v[1];
*(d++)=0;
i=(d-(unsigned char *)s->init_buf->data);
*(d++)=0;
i=(d-(unsigned char *)s->init_buf->data);
/* get the data reused from the init_buf */
s->s3->tmp.reuse_message=1;
/* get the data reused from the init_buf */
s->s3->tmp.reuse_message=1;
#include <string.h>
#include <stdio.h>
#include <openssl/buffer.h>
#include <string.h>
#include <stdio.h>
#include <openssl/buffer.h>
}
s->s3->change_cipher_spec=0;
}
s->s3->change_cipher_spec=0;
- p = (unsigned char *)s->init_buf->data;
+ p = (unsigned char *)s->init_msg;
i = s->s3->tmp.peer_finish_md_len;
if (i != n)
i = s->s3->tmp.peer_finish_md_len;
if (i != n)
+ s->init_msg = s->init_buf->data + 4;
return((int)s->s3->tmp.message_size);
}
return((int)s->s3->tmp.message_size);
}
ssl3_init_finished_mac(s);
}
ssl3_init_finished_mac(s);
}
- ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, 4);
-
s->s3->tmp.message_type= *(p++);
n2l3(p,l);
s->s3->tmp.message_type= *(p++);
n2l3(p,l);
SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_EXCESSIVE_MESSAGE_SIZE);
goto f_err;
}
SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_EXCESSIVE_MESSAGE_SIZE);
goto f_err;
}
- if (l && !BUF_MEM_grow(s->init_buf,(int)l))
+ if (l > (INT_MAX-4)) /* BUF_MEM_grow takes an 'int' parameter */
+ {
+ al=SSL_AD_ILLEGAL_PARAMETER;
+ SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_EXCESSIVE_MESSAGE_SIZE);
+ goto f_err;
+ }
+ if (l && !BUF_MEM_grow(s->init_buf,(int)l+4))
{
SSLerr(SSL_F_SSL3_GET_MESSAGE,ERR_R_BUF_LIB);
goto err;
{
SSLerr(SSL_F_SSL3_GET_MESSAGE,ERR_R_BUF_LIB);
goto err;
s->s3->tmp.message_size=l;
s->state=stn;
s->s3->tmp.message_size=l;
s->state=stn;
+ s->init_msg = s->init_buf->data + 4;
+ s->init_num = 0;
- p=(unsigned char *)s->init_buf->data;
- n=s->s3->tmp.message_size;
- n -= s->init_num;
+ p = s->init_msg;
+ n = s->s3->tmp.message_size - s->init_num;
while (n > 0)
{
i=ssl3_read_bytes(s,SSL3_RT_HANDSHAKE,&p[s->init_num],n,0);
while (n > 0)
{
i=ssl3_read_bytes(s,SSL3_RT_HANDSHAKE,&p[s->init_num],n,0);
s->init_num += i;
n -= i;
}
s->init_num += i;
n -= i;
}
- ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, s->init_num);
+ ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, s->init_num + 4);
*ok=1;
return s->init_num;
f_err:
*ok=1;
return s->init_num;
f_err:
&ok);
if (!ok) return((int)n);
&ok);
if (!ok) return((int)n);
- d=p=(unsigned char *)s->init_buf->data;
+ d=p=(unsigned char *)s->init_msg;
if ((p[0] != (s->version>>8)) || (p[1] != (s->version&0xff)))
{
if ((p[0] != (s->version>>8)) || (p[1] != (s->version&0xff)))
{
SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_BAD_MESSAGE_TYPE);
goto f_err;
}
SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_BAD_MESSAGE_TYPE);
goto f_err;
}
- d=p=(unsigned char *)s->init_buf->data;
+ d=p=(unsigned char *)s->init_msg;
if ((sk=sk_X509_new_null()) == NULL)
{
if ((sk=sk_X509_new_null()) == NULL)
{
- param=p=(unsigned char *)s->init_buf->data;
+ param=p=(unsigned char *)s->init_msg;
if (s->session->sess_cert != NULL)
{
if (s->session->sess_cert != NULL)
{
- d=p=(unsigned char *)s->init_buf->data;
+ d=p=(unsigned char *)s->init_msg;
if ((ca_sk=sk_X509_NAME_new(ca_dn_cmp)) == NULL)
{
if ((ca_sk=sk_X509_NAME_new(ca_dn_cmp)) == NULL)
{
&ok);
if (!ok) return((int)n);
&ok);
if (!ok) return((int)n);
- d=p=(unsigned char *)s->init_buf->data;
+ d=p=(unsigned char *)s->init_msg;
/* use version from inside client hello, not from record header
* (may differ: see RFC 2246, Appendix E, second paragraph) */
/* use version from inside client hello, not from record header
* (may differ: see RFC 2246, Appendix E, second paragraph) */
&ok);
if (!ok) return((int)n);
&ok);
if (!ok) return((int)n);
- p=(unsigned char *)s->init_buf->data;
+ p=(unsigned char *)s->init_msg;
l=s->s3->tmp.new_cipher->algorithms;
l=s->s3->tmp.new_cipher->algorithms;
}
/* we now have a signature that we need to verify */
}
/* we now have a signature that we need to verify */
- p=(unsigned char *)s->init_buf->data;
+ p=(unsigned char *)s->init_msg;
n2s(p,i);
n-=2;
if (i > n)
n2s(p,i);
n-=2;
if (i > n)
SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_WRONG_MESSAGE_TYPE);
goto f_err;
}
SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_WRONG_MESSAGE_TYPE);
goto f_err;
}
- d=p=(unsigned char *)s->init_buf->data;
+ d=p=(unsigned char *)s->init_msg;
if ((sk=sk_X509_new_null()) == NULL)
{
if ((sk=sk_X509_new_null()) == NULL)
{
int rstate; /* where we are when reading */
BUF_MEM *init_buf; /* buffer used during init */
int rstate; /* where we are when reading */
BUF_MEM *init_buf; /* buffer used during init */
+ void *init_msg; /* pointer to handshake message body, set by ssl3_get_message() */
int init_num; /* amount read/written */
int init_off; /* amount read/written */
int init_num; /* amount read/written */
int init_off; /* amount read/written */
projects / openssl.git / commitdiff