1998-12-21 18:52:47 +08:00
|
|
|
/* ssl/s3_pkt.c */
|
1998-12-21 18:56:39 +08:00
|
|
|
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
|
1998-12-21 18:52:47 +08:00
|
|
|
* All rights reserved.
|
|
|
|
*
|
|
|
|
* This package is an SSL implementation written
|
|
|
|
* by Eric Young (eay@cryptsoft.com).
|
|
|
|
* The implementation was written so as to conform with Netscapes SSL.
|
|
|
|
*
|
|
|
|
* This library is free for commercial and non-commercial use as long as
|
|
|
|
* the following conditions are aheared to. The following conditions
|
|
|
|
* apply to all code found in this distribution, be it the RC4, RSA,
|
|
|
|
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
|
|
|
|
* included with this distribution is covered by the same copyright terms
|
|
|
|
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
|
|
|
|
*
|
|
|
|
* Copyright remains Eric Young's, and as such any Copyright notices in
|
|
|
|
* the code are not to be removed.
|
|
|
|
* If this package is used in a product, Eric Young should be given attribution
|
|
|
|
* as the author of the parts of the library used.
|
|
|
|
* This can be in the form of a textual message at program startup or
|
|
|
|
* in documentation (online or textual) provided with the package.
|
|
|
|
*
|
|
|
|
* Redistribution and use in source and binary forms, with or without
|
|
|
|
* modification, are permitted provided that the following conditions
|
|
|
|
* are met:
|
|
|
|
* 1. Redistributions of source code must retain the copyright
|
|
|
|
* notice, this list of conditions and the following disclaimer.
|
|
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
|
|
* documentation and/or other materials provided with the distribution.
|
|
|
|
* 3. All advertising materials mentioning features or use of this software
|
|
|
|
* must display the following acknowledgement:
|
|
|
|
* "This product includes cryptographic software written by
|
|
|
|
* Eric Young (eay@cryptsoft.com)"
|
|
|
|
* The word 'cryptographic' can be left out if the rouines from the library
|
|
|
|
* being used are not cryptographic related :-).
|
|
|
|
* 4. If you include any Windows specific code (or a derivative thereof) from
|
|
|
|
* the apps directory (application code) you must include an acknowledgement:
|
|
|
|
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
|
|
|
|
*
|
|
|
|
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
|
|
|
|
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
|
|
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
|
|
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
|
|
|
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
|
|
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
|
|
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
|
|
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
|
|
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
|
|
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
|
|
* SUCH DAMAGE.
|
|
|
|
*
|
|
|
|
* The licence and distribution terms for any publically available version or
|
|
|
|
* derivative of this code cannot be changed. i.e. this code cannot simply be
|
|
|
|
* copied and put under another distribution licence
|
|
|
|
* [including the GNU Public Licence.]
|
|
|
|
*/
|
2000-01-11 09:07:26 +08:00
|
|
|
/* ====================================================================
|
|
|
|
* Copyright (c) 1998-1999 The OpenSSL Project. All rights reserved.
|
|
|
|
*
|
|
|
|
* Redistribution and use in source and binary forms, with or without
|
|
|
|
* modification, are permitted provided that the following conditions
|
|
|
|
* are met:
|
|
|
|
*
|
|
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
|
|
* notice, this list of conditions and the following disclaimer.
|
|
|
|
*
|
|
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
|
|
* notice, this list of conditions and the following disclaimer in
|
|
|
|
* the documentation and/or other materials provided with the
|
|
|
|
* distribution.
|
|
|
|
*
|
|
|
|
* 3. All advertising materials mentioning features or use of this
|
|
|
|
* software must display the following acknowledgment:
|
|
|
|
* "This product includes software developed by the OpenSSL Project
|
|
|
|
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
|
|
|
|
*
|
|
|
|
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
|
|
|
|
* endorse or promote products derived from this software without
|
|
|
|
* prior written permission. For written permission, please contact
|
|
|
|
* openssl-core@openssl.org.
|
|
|
|
*
|
|
|
|
* 5. Products derived from this software may not be called "OpenSSL"
|
|
|
|
* nor may "OpenSSL" appear in their names without prior written
|
|
|
|
* permission of the OpenSSL Project.
|
|
|
|
*
|
|
|
|
* 6. Redistributions of any form whatsoever must retain the following
|
|
|
|
* acknowledgment:
|
|
|
|
* "This product includes software developed by the OpenSSL Project
|
|
|
|
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
|
|
|
|
*
|
|
|
|
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
|
|
|
|
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
|
|
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
|
|
|
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
|
|
|
|
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
|
|
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
|
|
|
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
|
|
|
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
|
|
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
|
|
|
|
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
|
|
|
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
|
|
|
* OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
|
|
* ====================================================================
|
|
|
|
*
|
|
|
|
* This product includes cryptographic software written by Eric Young
|
|
|
|
* (eay@cryptsoft.com). This product includes software written by Tim
|
|
|
|
* Hudson (tjh@cryptsoft.com).
|
|
|
|
*
|
|
|
|
*/
|
1998-12-21 18:52:47 +08:00
|
|
|
|
|
|
|
#include <stdio.h>
|
|
|
|
#include <errno.h>
|
|
|
|
#define USE_SOCKETS
|
1999-04-24 06:13:45 +08:00
|
|
|
#include <openssl/evp.h>
|
|
|
|
#include <openssl/buffer.h>
|
1998-12-21 18:52:47 +08:00
|
|
|
#include "ssl_locl.h"
|
|
|
|
|
1999-04-23 23:01:15 +08:00
|
|
|
static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
|
|
|
|
unsigned int len);
|
|
|
|
static int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
|
1999-04-18 05:25:43 +08:00
|
|
|
unsigned int len);
|
1998-12-21 18:52:47 +08:00
|
|
|
static int ssl3_get_record(SSL *s);
|
|
|
|
static int do_compress(SSL *ssl);
|
|
|
|
static int do_uncompress(SSL *ssl);
|
1998-12-21 18:56:39 +08:00
|
|
|
static int do_change_cipher_spec(SSL *ssl);
|
2000-01-11 09:07:26 +08:00
|
|
|
|
1999-04-20 05:31:43 +08:00
|
|
|
static int ssl3_read_n(SSL *s, int n, int max, int extend)
|
1998-12-21 18:52:47 +08:00
|
|
|
{
|
2000-01-11 09:07:26 +08:00
|
|
|
/* If extend == 0, obtain new n-byte packet; if extend == 1, increase
|
|
|
|
* packet by another n bytes.
|
|
|
|
* The packet will be in the sub-array of s->s3->rbuf.buf specified
|
|
|
|
* by s->packet and s->packet_length.
|
|
|
|
* (If s->read_ahead is set, 'max' bytes may be stored in rbuf
|
|
|
|
* [plus s->packet_length bytes if extend == 1].)
|
|
|
|
*/
|
1998-12-21 18:52:47 +08:00
|
|
|
int i,off,newb;
|
|
|
|
|
2000-01-11 09:07:26 +08:00
|
|
|
if (!extend)
|
|
|
|
{
|
|
|
|
/* start with empty packet ... */
|
|
|
|
if (s->s3->rbuf.left == 0)
|
|
|
|
s->s3->rbuf.offset = 0;
|
|
|
|
s->packet = s->s3->rbuf.buf + s->s3->rbuf.offset;
|
|
|
|
s->packet_length = 0;
|
|
|
|
/* ... now we can act as if 'extend' was set */
|
|
|
|
}
|
|
|
|
|
|
|
|
/* if there is enough in the buffer from a previous read, take some */
|
1998-12-21 18:52:47 +08:00
|
|
|
if (s->s3->rbuf.left >= (int)n)
|
|
|
|
{
|
2000-01-11 09:07:26 +08:00
|
|
|
s->packet_length+=n;
|
1998-12-21 18:52:47 +08:00
|
|
|
s->s3->rbuf.left-=n;
|
|
|
|
s->s3->rbuf.offset+=n;
|
|
|
|
return(n);
|
|
|
|
}
|
|
|
|
|
|
|
|
/* else we need to read more data */
|
2000-01-11 09:07:26 +08:00
|
|
|
if (!s->read_ahead)
|
|
|
|
max=n;
|
1998-12-21 18:52:47 +08:00
|
|
|
|
2000-01-11 09:07:26 +08:00
|
|
|
{
|
|
|
|
/* avoid buffer overflow */
|
|
|
|
int max_max = SSL3_RT_MAX_PACKET_SIZE - s->packet_length;
|
|
|
|
if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER)
|
|
|
|
max_max += SSL3_RT_MAX_EXTRA;
|
|
|
|
if (max > max_max)
|
|
|
|
max = max_max;
|
|
|
|
}
|
2000-01-11 16:18:55 +08:00
|
|
|
if (n > max) /* does not happen */
|
|
|
|
{
|
|
|
|
SSLerr(SSL_F_SSL3_READ_N,SSL_R_INTERNAL_ERROR);
|
|
|
|
return -1;
|
|
|
|
}
|
1998-12-21 18:52:47 +08:00
|
|
|
|
2000-01-11 09:07:26 +08:00
|
|
|
off = s->packet_length;
|
|
|
|
newb = s->s3->rbuf.left;
|
|
|
|
/* Move any available bytes to front of buffer:
|
|
|
|
* 'off' bytes already pointed to by 'packet',
|
|
|
|
* 'newb' extra ones at the end */
|
|
|
|
if (s->packet != s->s3->rbuf.buf)
|
|
|
|
{
|
|
|
|
/* off > 0 */
|
|
|
|
memmove(s->s3->rbuf.buf, s->packet, off+newb);
|
|
|
|
s->packet = s->s3->rbuf.buf;
|
|
|
|
}
|
|
|
|
|
1998-12-21 18:52:47 +08:00
|
|
|
while (newb < n)
|
|
|
|
{
|
2000-01-11 09:07:26 +08:00
|
|
|
/* Now we have off+newb bytes at the front of s->s3->rbuf.buf and need
|
|
|
|
* to read in more until we have off+n (up to off+max if possible) */
|
|
|
|
|
1998-12-21 18:56:39 +08:00
|
|
|
clear_sys_error();
|
1998-12-21 18:52:47 +08:00
|
|
|
if (s->rbio != NULL)
|
|
|
|
{
|
|
|
|
s->rwstate=SSL_READING;
|
2000-01-11 09:07:26 +08:00
|
|
|
i=BIO_read(s->rbio, &(s->s3->rbuf.buf[off+newb]), max-newb);
|
1998-12-21 18:52:47 +08:00
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
SSLerr(SSL_F_SSL3_READ_N,SSL_R_READ_BIO_NOT_SET);
|
2000-01-11 09:07:26 +08:00
|
|
|
i = -1;
|
1998-12-21 18:52:47 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
if (i <= 0)
|
|
|
|
{
|
2000-01-11 09:07:26 +08:00
|
|
|
s->s3->rbuf.left = newb;
|
1998-12-21 18:52:47 +08:00
|
|
|
return(i);
|
|
|
|
}
|
|
|
|
newb+=i;
|
|
|
|
}
|
|
|
|
|
2000-01-11 09:07:26 +08:00
|
|
|
/* done reading, now the book-keeping */
|
|
|
|
s->s3->rbuf.offset = off + n;
|
|
|
|
s->s3->rbuf.left = newb - n;
|
|
|
|
s->packet_length += n;
|
1998-12-21 18:52:47 +08:00
|
|
|
return(n);
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Call this to get a new input record.
|
|
|
|
* It will return <= 0 if more data is needed, normally due to an error
|
|
|
|
* or non-blocking IO.
|
|
|
|
* When it finishes, one packet has been decoded and can be found in
|
2000-01-11 09:07:26 +08:00
|
|
|
* ssl->s3->rrec.type - is the type of record
|
|
|
|
* ssl->s3->rrec.data, - data
|
1998-12-21 18:52:47 +08:00
|
|
|
* ssl->s3->rrec.length, - number of bytes
|
|
|
|
*/
|
1999-04-20 05:31:43 +08:00
|
|
|
static int ssl3_get_record(SSL *s)
|
1998-12-21 18:52:47 +08:00
|
|
|
{
|
|
|
|
int ssl_major,ssl_minor,al;
|
|
|
|
int n,i,ret= -1;
|
|
|
|
SSL3_BUFFER *rb;
|
|
|
|
SSL3_RECORD *rr;
|
|
|
|
SSL_SESSION *sess;
|
|
|
|
unsigned char *p;
|
|
|
|
unsigned char md[EVP_MAX_MD_SIZE];
|
|
|
|
short version;
|
|
|
|
unsigned int mac_size;
|
|
|
|
int clear=0,extra;
|
|
|
|
|
|
|
|
rr= &(s->s3->rrec);
|
|
|
|
rb= &(s->s3->rbuf);
|
|
|
|
sess=s->session;
|
|
|
|
|
1998-12-21 18:56:39 +08:00
|
|
|
if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER)
|
1998-12-21 18:52:47 +08:00
|
|
|
extra=SSL3_RT_MAX_EXTRA;
|
|
|
|
else
|
|
|
|
extra=0;
|
|
|
|
|
|
|
|
again:
|
|
|
|
/* check if we have the header */
|
|
|
|
if ( (s->rstate != SSL_ST_READ_BODY) ||
|
|
|
|
(s->packet_length < SSL3_RT_HEADER_LENGTH))
|
|
|
|
{
|
|
|
|
n=ssl3_read_n(s,SSL3_RT_HEADER_LENGTH,
|
|
|
|
SSL3_RT_MAX_PACKET_SIZE,0);
|
|
|
|
if (n <= 0) return(n); /* error or non-blocking */
|
|
|
|
s->rstate=SSL_ST_READ_BODY;
|
|
|
|
|
|
|
|
p=s->packet;
|
|
|
|
|
|
|
|
/* Pull apart the header into the SSL3_RECORD */
|
|
|
|
rr->type= *(p++);
|
|
|
|
ssl_major= *(p++);
|
|
|
|
ssl_minor= *(p++);
|
|
|
|
version=(ssl_major<<8)|ssl_minor;
|
|
|
|
n2s(p,rr->length);
|
|
|
|
|
|
|
|
/* Lets check version */
|
|
|
|
if (s->first_packet)
|
|
|
|
{
|
|
|
|
s->first_packet=0;
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
1998-12-21 18:56:39 +08:00
|
|
|
if (version != s->version)
|
|
|
|
{
|
|
|
|
SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER);
|
|
|
|
/* Send back error using their
|
|
|
|
* version number :-) */
|
|
|
|
s->version=version;
|
|
|
|
al=SSL_AD_PROTOCOL_VERSION;
|
|
|
|
goto f_err;
|
|
|
|
}
|
1998-12-21 18:52:47 +08:00
|
|
|
}
|
|
|
|
|
1998-12-21 18:56:39 +08:00
|
|
|
if ((version>>8) != SSL3_VERSION_MAJOR)
|
1998-12-21 18:52:47 +08:00
|
|
|
{
|
1998-12-21 18:56:39 +08:00
|
|
|
SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER);
|
1998-12-21 18:52:47 +08:00
|
|
|
goto err;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (rr->length >
|
|
|
|
(unsigned int)SSL3_RT_MAX_ENCRYPTED_LENGTH+extra)
|
|
|
|
{
|
1998-12-21 18:56:39 +08:00
|
|
|
al=SSL_AD_RECORD_OVERFLOW;
|
1998-12-21 18:52:47 +08:00
|
|
|
SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_PACKET_LENGTH_TOO_LONG);
|
|
|
|
goto f_err;
|
|
|
|
}
|
|
|
|
|
2000-01-11 16:09:27 +08:00
|
|
|
/* now s->rstate == SSL_ST_READ_BODY; */
|
1998-12-21 18:52:47 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
/* get and decode the data */
|
|
|
|
if (s->rstate == SSL_ST_READ_BODY)
|
|
|
|
{
|
|
|
|
if (rr->length > (s->packet_length-SSL3_RT_HEADER_LENGTH))
|
|
|
|
{
|
|
|
|
i=rr->length;
|
|
|
|
n=ssl3_read_n(s,i,i,1);
|
|
|
|
if (n <= 0) return(n); /* error or non-blocking io */
|
|
|
|
}
|
|
|
|
s->rstate=SSL_ST_READ_HEADER;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* At this point, we have the data in s->packet and there should be
|
|
|
|
* s->packet_length bytes, we must not 'overrun' this buffer :-)
|
|
|
|
* One of the following functions will copy the data from the
|
|
|
|
* s->packet buffer */
|
|
|
|
|
|
|
|
rr->input= &(s->packet[SSL3_RT_HEADER_LENGTH]);
|
|
|
|
|
|
|
|
/* ok, we can now read from 's->packet' data into 'rr'
|
|
|
|
* rr->input points at rr->length bytes, which
|
|
|
|
* need to be copied into rr->data by either
|
|
|
|
* the decryption or by the decompression
|
|
|
|
* When the data is 'copied' into the rr->data buffer,
|
|
|
|
* rr->input will be pointed at the new buffer */
|
|
|
|
|
|
|
|
/* Set the state for the following operations */
|
|
|
|
s->rstate=SSL_ST_READ_HEADER;
|
|
|
|
|
|
|
|
/* We now have - encrypted [ MAC [ compressed [ plain ] ] ]
|
|
|
|
* rr->length bytes of encrypted compressed stuff. */
|
|
|
|
|
|
|
|
/* check is not needed I belive */
|
|
|
|
if (rr->length > (unsigned int)SSL3_RT_MAX_ENCRYPTED_LENGTH+extra)
|
|
|
|
{
|
1998-12-21 18:56:39 +08:00
|
|
|
al=SSL_AD_RECORD_OVERFLOW;
|
1998-12-21 18:52:47 +08:00
|
|
|
SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_ENCRYPTED_LENGTH_TOO_LONG);
|
|
|
|
goto f_err;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* decrypt in place in 'rr->input' */
|
|
|
|
rr->data=rr->input;
|
|
|
|
|
1998-12-21 18:56:39 +08:00
|
|
|
if (!s->method->ssl3_enc->enc(s,0))
|
1998-12-21 18:52:47 +08:00
|
|
|
{
|
1998-12-21 18:56:39 +08:00
|
|
|
al=SSL_AD_DECRYPT_ERROR;
|
1998-12-21 18:52:47 +08:00
|
|
|
goto f_err;
|
|
|
|
}
|
1998-12-21 18:56:39 +08:00
|
|
|
#ifdef TLS_DEBUG
|
|
|
|
printf("dec %d\n",rr->length);
|
1998-12-21 19:00:56 +08:00
|
|
|
{ unsigned int z; for (z=0; z<rr->length; z++) printf("%02X%c",rr->data[z],((z+1)%16)?' ':'\n'); }
|
1998-12-21 18:56:39 +08:00
|
|
|
printf("\n");
|
|
|
|
#endif
|
1998-12-21 18:52:47 +08:00
|
|
|
/* r->length is now the compressed data plus mac */
|
|
|
|
if ( (sess == NULL) ||
|
|
|
|
(s->enc_read_ctx == NULL) ||
|
|
|
|
(s->read_hash == NULL))
|
|
|
|
clear=1;
|
|
|
|
|
|
|
|
if (!clear)
|
|
|
|
{
|
|
|
|
mac_size=EVP_MD_size(s->read_hash);
|
|
|
|
|
|
|
|
if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+extra+mac_size)
|
|
|
|
{
|
1998-12-21 18:56:39 +08:00
|
|
|
al=SSL_AD_RECORD_OVERFLOW;
|
1998-12-21 18:52:47 +08:00
|
|
|
SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_PRE_MAC_LENGTH_TOO_LONG);
|
|
|
|
goto f_err;
|
|
|
|
}
|
|
|
|
/* check MAC for rr->input' */
|
|
|
|
if (rr->length < mac_size)
|
|
|
|
{
|
1998-12-21 18:56:39 +08:00
|
|
|
al=SSL_AD_DECODE_ERROR;
|
1998-12-21 18:52:47 +08:00
|
|
|
SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_LENGTH_TOO_SHORT);
|
|
|
|
goto f_err;
|
|
|
|
}
|
|
|
|
rr->length-=mac_size;
|
1998-12-21 18:56:39 +08:00
|
|
|
i=s->method->ssl3_enc->mac(s,md,0);
|
1998-12-21 18:52:47 +08:00
|
|
|
if (memcmp(md,&(rr->data[rr->length]),mac_size) != 0)
|
|
|
|
{
|
1998-12-21 18:56:39 +08:00
|
|
|
al=SSL_AD_BAD_RECORD_MAC;
|
1998-12-21 18:52:47 +08:00
|
|
|
SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_BAD_MAC_DECODE);
|
1998-12-21 18:56:39 +08:00
|
|
|
ret= -1;
|
1998-12-21 18:52:47 +08:00
|
|
|
goto f_err;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/* r->length is now just compressed */
|
1998-12-21 19:00:56 +08:00
|
|
|
if (s->expand != NULL)
|
1998-12-21 18:52:47 +08:00
|
|
|
{
|
|
|
|
if (rr->length >
|
|
|
|
(unsigned int)SSL3_RT_MAX_COMPRESSED_LENGTH+extra)
|
|
|
|
{
|
1998-12-21 18:56:39 +08:00
|
|
|
al=SSL_AD_RECORD_OVERFLOW;
|
1998-12-21 18:52:47 +08:00
|
|
|
SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_COMPRESSED_LENGTH_TOO_LONG);
|
|
|
|
goto f_err;
|
|
|
|
}
|
|
|
|
if (!do_uncompress(s))
|
|
|
|
{
|
1998-12-21 18:56:39 +08:00
|
|
|
al=SSL_AD_DECOMPRESSION_FAILURE;
|
1998-12-21 18:52:47 +08:00
|
|
|
SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_BAD_DECOMPRESSION);
|
|
|
|
goto f_err;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if (rr->length > (unsigned int)SSL3_RT_MAX_PLAIN_LENGTH+extra)
|
|
|
|
{
|
1998-12-21 18:56:39 +08:00
|
|
|
al=SSL_AD_RECORD_OVERFLOW;
|
1998-12-21 18:52:47 +08:00
|
|
|
SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_DATA_LENGTH_TOO_LONG);
|
|
|
|
goto f_err;
|
|
|
|
}
|
|
|
|
|
|
|
|
rr->off=0;
|
|
|
|
/* So at this point the following is true
|
|
|
|
* ssl->s3->rrec.type is the type of record
|
|
|
|
* ssl->s3->rrec.length == number of bytes in record
|
|
|
|
* ssl->s3->rrec.off == offset to first valid byte
|
|
|
|
* ssl->s3->rrec.data == where to take bytes from, increment
|
|
|
|
* after use :-).
|
|
|
|
*/
|
|
|
|
|
|
|
|
/* we have pulled in a full packet so zero things */
|
|
|
|
s->packet_length=0;
|
|
|
|
|
|
|
|
/* just read a 0 length packet */
|
|
|
|
if (rr->length == 0) goto again;
|
|
|
|
|
|
|
|
return(1);
|
|
|
|
f_err:
|
|
|
|
ssl3_send_alert(s,SSL3_AL_FATAL,al);
|
|
|
|
err:
|
|
|
|
return(ret);
|
|
|
|
}
|
|
|
|
|
1999-04-20 05:31:43 +08:00
|
|
|
static int do_uncompress(SSL *ssl)
|
1998-12-21 18:52:47 +08:00
|
|
|
{
|
1998-12-21 19:00:56 +08:00
|
|
|
int i;
|
|
|
|
SSL3_RECORD *rr;
|
|
|
|
|
|
|
|
rr= &(ssl->s3->rrec);
|
|
|
|
i=COMP_expand_block(ssl->expand,rr->comp,
|
|
|
|
SSL3_RT_MAX_PLAIN_LENGTH,rr->data,(int)rr->length);
|
|
|
|
if (i < 0)
|
|
|
|
return(0);
|
|
|
|
else
|
|
|
|
rr->length=i;
|
|
|
|
rr->data=rr->comp;
|
|
|
|
|
1998-12-21 18:52:47 +08:00
|
|
|
return(1);
|
|
|
|
}
|
|
|
|
|
1999-04-20 05:31:43 +08:00
|
|
|
static int do_compress(SSL *ssl)
|
1998-12-21 18:52:47 +08:00
|
|
|
{
|
1998-12-21 19:00:56 +08:00
|
|
|
int i;
|
|
|
|
SSL3_RECORD *wr;
|
|
|
|
|
|
|
|
wr= &(ssl->s3->wrec);
|
|
|
|
i=COMP_compress_block(ssl->compress,wr->data,
|
|
|
|
SSL3_RT_MAX_COMPRESSED_LENGTH,
|
|
|
|
wr->input,(int)wr->length);
|
|
|
|
if (i < 0)
|
|
|
|
return(0);
|
|
|
|
else
|
|
|
|
wr->length=i;
|
|
|
|
|
|
|
|
wr->input=wr->data;
|
1998-12-21 18:52:47 +08:00
|
|
|
return(1);
|
|
|
|
}
|
|
|
|
|
1998-12-21 18:56:39 +08:00
|
|
|
/* Call this to write data
|
1998-12-21 18:52:47 +08:00
|
|
|
* It will return <= 0 if not all data has been sent or non-blocking IO.
|
|
|
|
*/
|
1999-04-23 23:01:15 +08:00
|
|
|
int ssl3_write_bytes(SSL *s, int type, const void *_buf, int len)
|
1998-12-21 18:52:47 +08:00
|
|
|
{
|
1999-04-23 23:01:15 +08:00
|
|
|
const unsigned char *buf=_buf;
|
1998-12-21 18:52:47 +08:00
|
|
|
unsigned int tot,n,nw;
|
|
|
|
int i;
|
|
|
|
|
|
|
|
s->rwstate=SSL_NOTHING;
|
|
|
|
tot=s->s3->wnum;
|
|
|
|
s->s3->wnum=0;
|
|
|
|
|
|
|
|
if (SSL_in_init(s) && !s->in_handshake)
|
|
|
|
{
|
|
|
|
i=s->handshake_func(s);
|
|
|
|
if (i < 0) return(i);
|
|
|
|
if (i == 0)
|
|
|
|
{
|
|
|
|
SSLerr(SSL_F_SSL3_WRITE_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE);
|
|
|
|
return(-1);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
n=(len-tot);
|
|
|
|
for (;;)
|
|
|
|
{
|
|
|
|
if (n > SSL3_RT_MAX_PLAIN_LENGTH)
|
|
|
|
nw=SSL3_RT_MAX_PLAIN_LENGTH;
|
|
|
|
else
|
|
|
|
nw=n;
|
1998-12-21 18:56:39 +08:00
|
|
|
|
1998-12-21 18:52:47 +08:00
|
|
|
i=do_ssl3_write(s,type,&(buf[tot]),nw);
|
|
|
|
if (i <= 0)
|
|
|
|
{
|
|
|
|
s->s3->wnum=tot;
|
|
|
|
return(i);
|
|
|
|
}
|
|
|
|
|
|
|
|
if (type == SSL3_RT_HANDSHAKE)
|
1999-04-18 05:25:43 +08:00
|
|
|
ssl3_finish_mac(s,&(buf[tot]),i);
|
1998-12-21 18:52:47 +08:00
|
|
|
|
1999-07-02 21:55:32 +08:00
|
|
|
if ((i == (int)n) ||
|
|
|
|
(type == SSL3_RT_APPLICATION_DATA &&
|
1999-07-03 01:52:21 +08:00
|
|
|
(s->mode & SSL_MODE_ENABLE_PARTIAL_WRITE)))
|
1999-07-02 21:55:32 +08:00
|
|
|
{
|
|
|
|
return(tot+i);
|
|
|
|
}
|
1998-12-21 18:52:47 +08:00
|
|
|
|
|
|
|
n-=i;
|
|
|
|
tot+=i;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
1999-04-23 23:01:15 +08:00
|
|
|
static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
|
|
|
|
unsigned int len)
|
1998-12-21 18:52:47 +08:00
|
|
|
{
|
|
|
|
unsigned char *p,*plen;
|
|
|
|
int i,mac_size,clear=0;
|
|
|
|
SSL3_RECORD *wr;
|
|
|
|
SSL3_BUFFER *wb;
|
|
|
|
SSL_SESSION *sess;
|
|
|
|
|
|
|
|
/* first check is there is a SSL3_RECORD still being written
|
|
|
|
* out. This will happen with non blocking IO */
|
|
|
|
if (s->s3->wbuf.left != 0)
|
|
|
|
return(ssl3_write_pending(s,type,buf,len));
|
|
|
|
|
|
|
|
/* If we have an alert to send, lets send it */
|
|
|
|
if (s->s3->alert_dispatch)
|
|
|
|
{
|
|
|
|
i=ssl3_dispatch_alert(s);
|
|
|
|
if (i <= 0)
|
|
|
|
return(i);
|
|
|
|
/* if it went, fall through and send more stuff */
|
|
|
|
}
|
|
|
|
|
|
|
|
if (len <= 0) return(len);
|
|
|
|
|
|
|
|
wr= &(s->s3->wrec);
|
|
|
|
wb= &(s->s3->wbuf);
|
|
|
|
sess=s->session;
|
|
|
|
|
|
|
|
if ( (sess == NULL) ||
|
|
|
|
(s->enc_write_ctx == NULL) ||
|
|
|
|
(s->write_hash == NULL))
|
|
|
|
clear=1;
|
|
|
|
|
|
|
|
if (clear)
|
|
|
|
mac_size=0;
|
|
|
|
else
|
|
|
|
mac_size=EVP_MD_size(s->write_hash);
|
|
|
|
|
|
|
|
p=wb->buf;
|
|
|
|
|
|
|
|
/* write the header */
|
|
|
|
*(p++)=type&0xff;
|
|
|
|
wr->type=type;
|
|
|
|
|
1998-12-21 18:56:39 +08:00
|
|
|
*(p++)=(s->version>>8);
|
|
|
|
*(p++)=s->version&0xff;
|
1998-12-21 18:52:47 +08:00
|
|
|
|
|
|
|
/* record where we are to write out packet length */
|
|
|
|
plen=p;
|
|
|
|
p+=2;
|
|
|
|
|
|
|
|
/* lets setup the record stuff. */
|
|
|
|
wr->data=p;
|
|
|
|
wr->length=(int)len;
|
|
|
|
wr->input=(unsigned char *)buf;
|
|
|
|
|
|
|
|
/* we now 'read' from wr->input, wr->length bytes into
|
|
|
|
* wr->data */
|
|
|
|
|
|
|
|
/* first we compress */
|
1998-12-21 19:00:56 +08:00
|
|
|
if (s->compress != NULL)
|
1998-12-21 18:52:47 +08:00
|
|
|
{
|
|
|
|
if (!do_compress(s))
|
|
|
|
{
|
|
|
|
SSLerr(SSL_F_DO_SSL3_WRITE,SSL_R_COMPRESSION_FAILURE);
|
|
|
|
goto err;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
memcpy(wr->data,wr->input,wr->length);
|
|
|
|
wr->input=wr->data;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* we should still have the output to wr->data and the input
|
|
|
|
* from wr->input. Length should be wr->length.
|
|
|
|
* wr->data still points in the wb->buf */
|
|
|
|
|
|
|
|
if (mac_size != 0)
|
|
|
|
{
|
1998-12-21 18:56:39 +08:00
|
|
|
s->method->ssl3_enc->mac(s,&(p[wr->length]),1);
|
1998-12-21 18:52:47 +08:00
|
|
|
wr->length+=mac_size;
|
|
|
|
wr->input=p;
|
|
|
|
wr->data=p;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* ssl3_enc can only have an error on read */
|
1998-12-21 18:56:39 +08:00
|
|
|
s->method->ssl3_enc->enc(s,1);
|
1998-12-21 18:52:47 +08:00
|
|
|
|
|
|
|
/* record length after mac and block padding */
|
|
|
|
s2n(wr->length,plen);
|
|
|
|
|
|
|
|
/* we should now have
|
|
|
|
* wr->data pointing to the encrypted data, which is
|
|
|
|
* wr->length long */
|
|
|
|
wr->type=type; /* not needed but helps for debugging */
|
|
|
|
wr->length+=SSL3_RT_HEADER_LENGTH;
|
|
|
|
|
|
|
|
/* Now lets setup wb */
|
|
|
|
wb->left=wr->length;
|
|
|
|
wb->offset=0;
|
|
|
|
|
|
|
|
s->s3->wpend_tot=len;
|
|
|
|
s->s3->wpend_buf=buf;
|
|
|
|
s->s3->wpend_type=type;
|
|
|
|
s->s3->wpend_ret=len;
|
|
|
|
|
|
|
|
/* we now just need to write the buffer */
|
|
|
|
return(ssl3_write_pending(s,type,buf,len));
|
|
|
|
err:
|
|
|
|
return(-1);
|
|
|
|
}
|
|
|
|
|
|
|
|
/* if s->s3->wbuf.left != 0, we need to call this */
|
1999-04-23 23:01:15 +08:00
|
|
|
static int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
|
|
|
|
unsigned int len)
|
1998-12-21 18:52:47 +08:00
|
|
|
{
|
|
|
|
int i;
|
|
|
|
|
1998-12-21 18:56:39 +08:00
|
|
|
/* XXXX */
|
1999-07-02 21:55:32 +08:00
|
|
|
if ((s->s3->wpend_tot > (int)len)
|
|
|
|
|| ((s->s3->wpend_buf != buf) &&
|
1999-07-02 22:23:33 +08:00
|
|
|
!(s->mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER))
|
1998-12-21 18:52:47 +08:00
|
|
|
|| (s->s3->wpend_type != type))
|
|
|
|
{
|
|
|
|
SSLerr(SSL_F_SSL3_WRITE_PENDING,SSL_R_BAD_WRITE_RETRY);
|
1998-12-21 18:56:39 +08:00
|
|
|
return(-1);
|
1998-12-21 18:52:47 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
for (;;)
|
|
|
|
{
|
1998-12-21 18:56:39 +08:00
|
|
|
clear_sys_error();
|
1998-12-21 18:52:47 +08:00
|
|
|
if (s->wbio != NULL)
|
|
|
|
{
|
|
|
|
s->rwstate=SSL_WRITING;
|
|
|
|
i=BIO_write(s->wbio,
|
|
|
|
(char *)&(s->s3->wbuf.buf[s->s3->wbuf.offset]),
|
|
|
|
(unsigned int)s->s3->wbuf.left);
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
SSLerr(SSL_F_SSL3_WRITE_PENDING,SSL_R_BIO_NOT_SET);
|
|
|
|
i= -1;
|
|
|
|
}
|
|
|
|
if (i == s->s3->wbuf.left)
|
|
|
|
{
|
|
|
|
s->s3->wbuf.left=0;
|
|
|
|
s->rwstate=SSL_NOTHING;
|
|
|
|
return(s->s3->wpend_ret);
|
|
|
|
}
|
|
|
|
else if (i <= 0)
|
|
|
|
return(i);
|
|
|
|
s->s3->wbuf.offset+=i;
|
|
|
|
s->s3->wbuf.left-=i;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
1999-04-23 23:01:15 +08:00
|
|
|
int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len)
|
1998-12-21 18:52:47 +08:00
|
|
|
{
|
|
|
|
int al,i,j,n,ret;
|
|
|
|
SSL3_RECORD *rr;
|
|
|
|
void (*cb)()=NULL;
|
1998-12-21 18:56:39 +08:00
|
|
|
BIO *bio;
|
1998-12-21 18:52:47 +08:00
|
|
|
|
2000-01-11 09:07:26 +08:00
|
|
|
if (s->s3->rbuf.buf == NULL) /* Not initialized yet */
|
1998-12-21 18:52:47 +08:00
|
|
|
if (!ssl3_setup_buffers(s))
|
|
|
|
return(-1);
|
|
|
|
|
1998-12-21 18:56:39 +08:00
|
|
|
if (!s->in_handshake && SSL_in_init(s))
|
1998-12-21 18:52:47 +08:00
|
|
|
{
|
|
|
|
i=s->handshake_func(s);
|
|
|
|
if (i < 0) return(i);
|
|
|
|
if (i == 0)
|
|
|
|
{
|
|
|
|
SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE);
|
|
|
|
return(-1);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
start:
|
|
|
|
s->rwstate=SSL_NOTHING;
|
|
|
|
|
2000-01-11 09:07:26 +08:00
|
|
|
/* s->s3->rrec.type - is the type of record
|
|
|
|
* s->s3->rrec.data, - data
|
|
|
|
* s->s3->rrec.off, - offset into 'data' for next read
|
|
|
|
* s->s3->rrec.length, - number of bytes. */
|
1998-12-21 18:52:47 +08:00
|
|
|
rr= &(s->s3->rrec);
|
|
|
|
|
|
|
|
/* get new packet */
|
|
|
|
if ((rr->length == 0) || (s->rstate == SSL_ST_READ_BODY))
|
|
|
|
{
|
|
|
|
ret=ssl3_get_record(s);
|
|
|
|
if (ret <= 0) return(ret);
|
|
|
|
}
|
|
|
|
|
|
|
|
/* we now have a packet which can be read and processed */
|
|
|
|
|
|
|
|
if (s->s3->change_cipher_spec && (rr->type != SSL3_RT_HANDSHAKE))
|
|
|
|
{
|
1998-12-21 18:56:39 +08:00
|
|
|
al=SSL_AD_UNEXPECTED_MESSAGE;
|
1998-12-21 18:52:47 +08:00
|
|
|
SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_DATA_BETWEEN_CCS_AND_FINISHED);
|
|
|
|
goto err;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* If the other end has shutdown, throw anything we read away */
|
|
|
|
if (s->shutdown & SSL_RECEIVED_SHUTDOWN)
|
|
|
|
{
|
|
|
|
rr->length=0;
|
|
|
|
s->rwstate=SSL_NOTHING;
|
|
|
|
return(0);
|
|
|
|
}
|
|
|
|
|
2000-01-11 09:07:26 +08:00
|
|
|
/* Check for an incoming 'Hello Request' message from client */
|
1998-12-21 18:52:47 +08:00
|
|
|
if ((rr->type == SSL3_RT_HANDSHAKE) && (rr->length == 4) &&
|
2000-01-11 09:07:26 +08:00
|
|
|
(rr->data[0] == SSL3_MT_HELLO_REQUEST) &&
|
1998-12-21 18:52:47 +08:00
|
|
|
(s->session != NULL) && (s->session->cipher != NULL))
|
|
|
|
{
|
|
|
|
if ((rr->data[1] != 0) || (rr->data[2] != 0) ||
|
|
|
|
(rr->data[3] != 0))
|
|
|
|
{
|
1998-12-21 18:56:39 +08:00
|
|
|
al=SSL_AD_DECODE_ERROR;
|
2000-01-11 09:07:26 +08:00
|
|
|
SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_BAD_HELLO_REQUEST);
|
1998-12-21 18:52:47 +08:00
|
|
|
goto err;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (SSL_is_init_finished(s) &&
|
1998-12-21 18:56:39 +08:00
|
|
|
!(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) &&
|
|
|
|
!s->s3->renegotiate)
|
1998-12-21 18:52:47 +08:00
|
|
|
{
|
|
|
|
ssl3_renegotiate(s);
|
1998-12-21 18:56:39 +08:00
|
|
|
if (ssl3_renegotiate_check(s))
|
1998-12-21 18:52:47 +08:00
|
|
|
{
|
1998-12-21 18:56:39 +08:00
|
|
|
n=s->handshake_func(s);
|
|
|
|
if (n < 0) return(n);
|
|
|
|
if (n == 0)
|
|
|
|
{
|
|
|
|
SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE);
|
|
|
|
return(-1);
|
|
|
|
}
|
1998-12-21 18:52:47 +08:00
|
|
|
}
|
|
|
|
}
|
|
|
|
rr->length=0;
|
|
|
|
/* ZZZ */ goto start;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* if it is not the type we want, or we have shutdown and want
|
|
|
|
* the peer shutdown */
|
|
|
|
if ((rr->type != type) || (s->shutdown & SSL_SENT_SHUTDOWN))
|
|
|
|
{
|
|
|
|
if (rr->type == SSL3_RT_ALERT)
|
|
|
|
{
|
|
|
|
if ((rr->length != 2) || (rr->off != 0))
|
|
|
|
{
|
1998-12-21 18:56:39 +08:00
|
|
|
al=SSL_AD_DECODE_ERROR;
|
1998-12-21 18:52:47 +08:00
|
|
|
SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_BAD_ALERT_RECORD);
|
|
|
|
goto f_err;
|
|
|
|
}
|
|
|
|
|
|
|
|
i=rr->data[0];
|
|
|
|
n=rr->data[1];
|
|
|
|
|
|
|
|
/* clear from buffer */
|
|
|
|
rr->length=0;
|
|
|
|
|
|
|
|
if (s->info_callback != NULL)
|
|
|
|
cb=s->info_callback;
|
|
|
|
else if (s->ctx->info_callback != NULL)
|
|
|
|
cb=s->ctx->info_callback;
|
|
|
|
|
|
|
|
if (cb != NULL)
|
|
|
|
{
|
|
|
|
j=(i<<8)|n;
|
|
|
|
cb(s,SSL_CB_READ_ALERT,j);
|
|
|
|
}
|
|
|
|
|
|
|
|
if (i == 1)
|
|
|
|
{
|
|
|
|
s->s3->warn_alert=n;
|
1998-12-21 18:56:39 +08:00
|
|
|
if (n == SSL_AD_CLOSE_NOTIFY)
|
1998-12-21 18:52:47 +08:00
|
|
|
{
|
|
|
|
s->shutdown|=SSL_RECEIVED_SHUTDOWN;
|
|
|
|
return(0);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
else if (i == 2)
|
|
|
|
{
|
1998-12-21 18:56:39 +08:00
|
|
|
char tmp[16];
|
|
|
|
|
1998-12-21 18:52:47 +08:00
|
|
|
s->rwstate=SSL_NOTHING;
|
|
|
|
s->s3->fatal_alert=n;
|
1998-12-21 19:00:56 +08:00
|
|
|
SSLerr(SSL_F_SSL3_READ_BYTES,
|
|
|
|
SSL_AD_REASON_OFFSET+n);
|
1998-12-21 18:56:39 +08:00
|
|
|
sprintf(tmp,"%d",n);
|
|
|
|
ERR_add_error_data(2,"SSL alert number ",tmp);
|
1998-12-21 18:52:47 +08:00
|
|
|
s->shutdown|=SSL_RECEIVED_SHUTDOWN;
|
|
|
|
SSL_CTX_remove_session(s->ctx,s->session);
|
|
|
|
return(0);
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
1998-12-21 18:56:39 +08:00
|
|
|
al=SSL_AD_ILLEGAL_PARAMETER;
|
1998-12-21 18:52:47 +08:00
|
|
|
SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_UNKNOWN_ALERT_TYPE);
|
|
|
|
goto f_err;
|
|
|
|
}
|
|
|
|
|
|
|
|
rr->length=0;
|
|
|
|
goto start;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (s->shutdown & SSL_SENT_SHUTDOWN)
|
|
|
|
{
|
|
|
|
s->rwstate=SSL_NOTHING;
|
|
|
|
rr->length=0;
|
|
|
|
return(0);
|
|
|
|
}
|
|
|
|
|
|
|
|
if (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC)
|
|
|
|
{
|
|
|
|
if ( (rr->length != 1) || (rr->off != 0) ||
|
|
|
|
(rr->data[0] != SSL3_MT_CCS))
|
|
|
|
{
|
1998-12-21 18:56:39 +08:00
|
|
|
i=SSL_AD_ILLEGAL_PARAMETER;
|
1998-12-21 18:52:47 +08:00
|
|
|
SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_BAD_CHANGE_CIPHER_SPEC);
|
|
|
|
goto err;
|
|
|
|
}
|
|
|
|
|
|
|
|
rr->length=0;
|
|
|
|
s->s3->change_cipher_spec=1;
|
1998-12-21 18:56:39 +08:00
|
|
|
if (!do_change_cipher_spec(s))
|
1998-12-21 18:52:47 +08:00
|
|
|
goto err;
|
1998-12-21 18:56:39 +08:00
|
|
|
else
|
|
|
|
goto start;
|
1998-12-21 18:52:47 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
/* else we have a handshake */
|
|
|
|
if ((rr->type == SSL3_RT_HANDSHAKE) &&
|
|
|
|
!s->in_handshake)
|
|
|
|
{
|
|
|
|
if (((s->state&SSL_ST_MASK) == SSL_ST_OK) &&
|
|
|
|
!(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS))
|
|
|
|
{
|
Updates to the new SSL compression code
[Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)]
Fix so that the version number in the master secret, when passed
via RSA, checks that if TLS was proposed, but we roll back to SSLv3
(because the server will not accept higher), that the version number
is 0x03,0x01, not 0x03,0x00
[Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)]
Submitted by:
Reviewed by:
PR:
1999-02-16 17:22:21 +08:00
|
|
|
s->state=SSL_ST_BEFORE|(s->server)
|
|
|
|
?SSL_ST_ACCEPT
|
|
|
|
:SSL_ST_CONNECT;
|
1998-12-21 18:52:47 +08:00
|
|
|
s->new_session=1;
|
|
|
|
}
|
|
|
|
n=s->handshake_func(s);
|
|
|
|
if (n < 0) return(n);
|
|
|
|
if (n == 0)
|
|
|
|
{
|
|
|
|
SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE);
|
|
|
|
return(-1);
|
|
|
|
}
|
1998-12-21 18:56:39 +08:00
|
|
|
|
|
|
|
/* In the case where we try to read application data
|
|
|
|
* the first time, but we trigger an SSL handshake, we
|
|
|
|
* return -1 with the retry option set. I do this
|
|
|
|
* otherwise renegotiation can cause nasty problems
|
|
|
|
* in the non-blocking world */
|
|
|
|
|
|
|
|
s->rwstate=SSL_READING;
|
|
|
|
bio=SSL_get_rbio(s);
|
|
|
|
BIO_clear_retry_flags(bio);
|
|
|
|
BIO_set_retry_read(bio);
|
|
|
|
return(-1);
|
1998-12-21 18:52:47 +08:00
|
|
|
}
|
|
|
|
|
1998-12-21 18:56:39 +08:00
|
|
|
switch (rr->type)
|
|
|
|
{
|
|
|
|
default:
|
|
|
|
#ifndef NO_TLS
|
|
|
|
/* TLS just ignores unknown message types */
|
|
|
|
if (s->version == TLS1_VERSION)
|
|
|
|
{
|
|
|
|
goto start;
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
case SSL3_RT_CHANGE_CIPHER_SPEC:
|
|
|
|
case SSL3_RT_ALERT:
|
|
|
|
case SSL3_RT_HANDSHAKE:
|
|
|
|
al=SSL_AD_UNEXPECTED_MESSAGE;
|
|
|
|
SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_UNEXPECTED_RECORD);
|
|
|
|
goto f_err;
|
|
|
|
case SSL3_RT_APPLICATION_DATA:
|
|
|
|
/* At this point, we were expecting something else,
|
|
|
|
* but have application data. What we do is set the
|
|
|
|
* error, and return -1. On the way out, if the
|
|
|
|
* library was running inside ssl3_read() and it makes
|
|
|
|
* sense to read application data at this point, we
|
|
|
|
* will indulge it. This will mostly happen during
|
|
|
|
* session renegotiation.
|
|
|
|
*/
|
|
|
|
if (s->s3->in_read_app_data &&
|
|
|
|
(s->s3->total_renegotiations != 0) &&
|
|
|
|
((
|
|
|
|
(s->state & SSL_ST_CONNECT) &&
|
|
|
|
(s->state >= SSL3_ST_CW_CLNT_HELLO_A) &&
|
|
|
|
(s->state <= SSL3_ST_CR_SRVR_HELLO_A)
|
|
|
|
) || (
|
|
|
|
(s->state & SSL_ST_ACCEPT) &&
|
|
|
|
(s->state <= SSL3_ST_SW_HELLO_REQ_A) &&
|
|
|
|
(s->state >= SSL3_ST_SR_CLNT_HELLO_A)
|
|
|
|
)
|
|
|
|
))
|
|
|
|
{
|
|
|
|
s->s3->in_read_app_data=0;
|
|
|
|
return(-1);
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
al=SSL_AD_UNEXPECTED_MESSAGE;
|
|
|
|
SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_UNEXPECTED_RECORD);
|
|
|
|
goto f_err;
|
|
|
|
}
|
|
|
|
}
|
1998-12-21 18:52:47 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
/* make sure that we are not getting application data when we
|
|
|
|
* are doing a handshake for the first time */
|
|
|
|
if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) &&
|
|
|
|
(s->enc_read_ctx == NULL))
|
|
|
|
{
|
1998-12-21 18:56:39 +08:00
|
|
|
al=SSL_AD_UNEXPECTED_MESSAGE;
|
1998-12-21 18:52:47 +08:00
|
|
|
SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_APP_DATA_IN_HANDSHAKE);
|
|
|
|
goto f_err;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (len <= 0) return(len);
|
|
|
|
|
|
|
|
if ((unsigned int)len > rr->length)
|
|
|
|
n=rr->length;
|
|
|
|
else
|
|
|
|
n=len;
|
|
|
|
|
|
|
|
memcpy(buf,&(rr->data[rr->off]),(unsigned int)n);
|
|
|
|
rr->length-=n;
|
|
|
|
rr->off+=n;
|
|
|
|
if (rr->length <= 0)
|
1998-12-21 18:56:39 +08:00
|
|
|
{
|
1998-12-21 18:52:47 +08:00
|
|
|
s->rstate=SSL_ST_READ_HEADER;
|
1998-12-21 18:56:39 +08:00
|
|
|
rr->off=0;
|
|
|
|
}
|
1998-12-21 18:52:47 +08:00
|
|
|
|
|
|
|
if (type == SSL3_RT_HANDSHAKE)
|
1999-04-18 05:25:43 +08:00
|
|
|
ssl3_finish_mac(s,buf,n);
|
1998-12-21 18:52:47 +08:00
|
|
|
return(n);
|
|
|
|
f_err:
|
|
|
|
ssl3_send_alert(s,SSL3_AL_FATAL,al);
|
|
|
|
err:
|
|
|
|
return(-1);
|
|
|
|
}
|
|
|
|
|
1999-04-20 05:31:43 +08:00
|
|
|
static int do_change_cipher_spec(SSL *s)
|
1998-12-21 18:56:39 +08:00
|
|
|
{
|
|
|
|
int i;
|
2000-01-06 07:11:51 +08:00
|
|
|
const char *sender;
|
1998-12-21 18:56:39 +08:00
|
|
|
int slen;
|
|
|
|
|
|
|
|
if (s->state & SSL_ST_ACCEPT)
|
|
|
|
i=SSL3_CHANGE_CIPHER_SERVER_READ;
|
|
|
|
else
|
|
|
|
i=SSL3_CHANGE_CIPHER_CLIENT_READ;
|
|
|
|
|
|
|
|
if (s->s3->tmp.key_block == NULL)
|
|
|
|
{
|
|
|
|
s->session->cipher=s->s3->tmp.new_cipher;
|
|
|
|
if (!s->method->ssl3_enc->setup_key_block(s)) return(0);
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!s->method->ssl3_enc->change_cipher_state(s,i))
|
|
|
|
return(0);
|
|
|
|
|
|
|
|
/* we have to record the message digest at
|
|
|
|
* this point so we can get it before we read
|
|
|
|
* the finished message */
|
|
|
|
if (s->state & SSL_ST_CONNECT)
|
|
|
|
{
|
2000-01-06 07:11:51 +08:00
|
|
|
sender=s->method->ssl3_enc->server_finished_label;
|
|
|
|
slen=s->method->ssl3_enc->server_finished_label_len;
|
1998-12-21 18:56:39 +08:00
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
2000-01-06 07:11:51 +08:00
|
|
|
sender=s->method->ssl3_enc->client_finished_label;
|
|
|
|
slen=s->method->ssl3_enc->client_finished_label_len;
|
1998-12-21 18:56:39 +08:00
|
|
|
}
|
|
|
|
|
2000-01-06 08:41:22 +08:00
|
|
|
s->s3->tmp.peer_finish_md_len = s->method->ssl3_enc->final_finish_mac(s,
|
1998-12-21 18:56:39 +08:00
|
|
|
&(s->s3->finish_dgst1),
|
|
|
|
&(s->s3->finish_dgst2),
|
2000-01-06 08:41:22 +08:00
|
|
|
sender,slen,s->s3->tmp.peer_finish_md);
|
1998-12-21 18:56:39 +08:00
|
|
|
|
|
|
|
return(1);
|
|
|
|
}
|
|
|
|
|
1999-04-20 05:31:43 +08:00
|
|
|
int ssl3_do_write(SSL *s, int type)
|
1998-12-21 18:52:47 +08:00
|
|
|
{
|
|
|
|
int ret;
|
|
|
|
|
1999-04-23 23:01:15 +08:00
|
|
|
ret=ssl3_write_bytes(s,type,&s->init_buf->data[s->init_off],
|
|
|
|
s->init_num);
|
1998-12-21 18:52:47 +08:00
|
|
|
if (ret == s->init_num)
|
|
|
|
return(1);
|
|
|
|
if (ret < 0) return(-1);
|
|
|
|
s->init_off+=ret;
|
|
|
|
s->init_num-=ret;
|
|
|
|
return(0);
|
|
|
|
}
|
|
|
|
|
1999-04-20 05:31:43 +08:00
|
|
|
void ssl3_send_alert(SSL *s, int level, int desc)
|
1998-12-21 18:52:47 +08:00
|
|
|
{
|
1998-12-21 18:56:39 +08:00
|
|
|
/* Map tls/ssl alert value to correct one */
|
|
|
|
desc=s->method->ssl3_enc->alert_value(desc);
|
|
|
|
if (desc < 0) return;
|
1998-12-21 18:52:47 +08:00
|
|
|
/* If a fatal one, remove from cache */
|
|
|
|
if ((level == 2) && (s->session != NULL))
|
|
|
|
SSL_CTX_remove_session(s->ctx,s->session);
|
|
|
|
|
|
|
|
s->s3->alert_dispatch=1;
|
|
|
|
s->s3->send_alert[0]=level;
|
|
|
|
s->s3->send_alert[1]=desc;
|
|
|
|
if (s->s3->wbuf.left == 0) /* data still being written out */
|
|
|
|
ssl3_dispatch_alert(s);
|
|
|
|
/* else data is still being written out, we will get written
|
|
|
|
* some time in the future */
|
|
|
|
}
|
|
|
|
|
1999-04-20 05:31:43 +08:00
|
|
|
int ssl3_dispatch_alert(SSL *s)
|
1998-12-21 18:52:47 +08:00
|
|
|
{
|
|
|
|
int i,j;
|
|
|
|
void (*cb)()=NULL;
|
|
|
|
|
|
|
|
s->s3->alert_dispatch=0;
|
1999-04-23 23:01:15 +08:00
|
|
|
i=do_ssl3_write(s,SSL3_RT_ALERT,&s->s3->send_alert[0],2);
|
1998-12-21 18:52:47 +08:00
|
|
|
if (i <= 0)
|
|
|
|
{
|
|
|
|
s->s3->alert_dispatch=1;
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
/* If it is important, send it now. If the message
|
|
|
|
* does not get sent due to non-blocking IO, we will
|
|
|
|
* not worry too much. */
|
|
|
|
if (s->s3->send_alert[0] == SSL3_AL_FATAL)
|
1999-06-11 00:29:32 +08:00
|
|
|
(void)BIO_flush(s->wbio);
|
1998-12-21 18:52:47 +08:00
|
|
|
|
|
|
|
if (s->info_callback != NULL)
|
|
|
|
cb=s->info_callback;
|
|
|
|
else if (s->ctx->info_callback != NULL)
|
|
|
|
cb=s->ctx->info_callback;
|
|
|
|
|
|
|
|
if (cb != NULL)
|
|
|
|
{
|
|
|
|
j=(s->s3->send_alert[0]<<8)|s->s3->send_alert[1];
|
|
|
|
cb(s,SSL_CB_WRITE_ALERT,j);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return(i);
|
|
|
|
}
|