mirror of
https://github.com/openssl/openssl.git
synced 2024-11-24 18:43:34 +08:00
Change ssl3_get_message and the functions using it so that complete
'Handshake' protocol structures are kept in memory, including 'msg_type' and 'length'. (This is in preparation of future support for callbacks that get to peek at handshake messages and the like.)
This commit is contained in:
Bodo Möller
parent
dbec19622e
commit
48948d53b6
9
CHANGES
9
CHANGES
@ -12,6 +12,15 @@
|
||||
*) applies to 0.9.6a/0.9.6b/0.9.6c and 0.9.7
|
||||
+) applies to 0.9.7 only
|
||||
|
||||
+) Change ssl3_get_message (ssl/s3_both.c) and the functions using it
|
||||
so that complete 'Handshake' protocol structures are kept in memory
|
||||
instead of overwriting 'msg_type' and 'length' with 'body' data.
|
||||
[Bodo Moeller]
|
||||
|
||||
*) Fix ssl3_get_message (ssl/s3_both.c) to handle message fragmentation
|
||||
correctly.
|
||||
[Bodo Moeller]
|
||||
|
||||
+) Add an implementation of SSL_add_dir_cert_subjects_to_stack for Win32.
|
||||
[Massimo Santin via Richard Levitte]
|
||||
|
||||
|
||||
@ -202,7 +202,7 @@ int ssl23_get_client_hello(SSL *s)
|
||||
* 9/10 client_version /
|
||||
*/
|
||||
char *buf= &(buf_space[0]);
|
||||
unsigned char *p,*d,*dd;
|
||||
unsigned char *p,*d,*d_len,*dd;
|
||||
unsigned int i;
|
||||
unsigned int csl,sil,cl;
|
||||
int n=0,j;
|
||||
@ -365,6 +365,14 @@ int ssl23_get_client_hello(SSL *s)
|
||||
goto err;
|
||||
}
|
||||
|
||||
/* record header: version ... */
|
||||
*(d++) = SSL3_VERSION_MAJOR; /* == v[0] */
|
||||
*(d++) = v[1];
|
||||
/* ... and length (actual value will be written later) */
|
||||
d_len = d++;
|
||||
d++;
|
||||
|
||||
/* client_version */
|
||||
*(d++) = SSL3_VERSION_MAJOR; /* == v[0] */
|
||||
*(d++) = v[1];
|
||||
|
||||
@ -396,6 +404,7 @@ int ssl23_get_client_hello(SSL *s)
|
||||
*(d++)=0;
|
||||
|
||||
i=(d-(unsigned char *)s->init_buf->data);
|
||||
s2n(i, d_len);
|
||||
|
||||
/* get the data reused from the init_buf */
|
||||
s->s3->tmp.reuse_message=1;
|
||||
|
||||
@ -109,6 +109,7 @@
|
||||
*
|
||||
*/
|
||||
|
||||
#include <limits.h>
|
||||
#include <string.h>
|
||||
#include <stdio.h>
|
||||
#include <openssl/buffer.h>
|
||||
@ -205,7 +206,7 @@ int ssl3_get_finished(SSL *s, int a, int b)
|
||||
}
|
||||
s->s3->change_cipher_spec=0;
|
||||
|
||||
p = (unsigned char *)s->init_buf->data;
|
||||
p = (unsigned char *)s->init_msg;
|
||||
i = s->s3->tmp.peer_finish_md_len;
|
||||
|
||||
if (i != n)
|
||||
@ -355,6 +356,7 @@ long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
|
||||
goto f_err;
|
||||
}
|
||||
*ok=1;
|
||||
s->init_msg = s->init_buf->data + 4;
|
||||
return((int)s->s3->tmp.message_size);
|
||||
}
|
||||
|
||||
@ -415,8 +417,6 @@ long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
|
||||
ssl3_init_finished_mac(s);
|
||||
}
|
||||
|
||||
ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, 4);
|
||||
|
||||
s->s3->tmp.message_type= *(p++);
|
||||
|
||||
n2l3(p,l);
|
||||
@ -426,7 +426,13 @@ long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
|
||||
SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_EXCESSIVE_MESSAGE_SIZE);
|
||||
goto f_err;
|
||||
}
|
||||
if (l && !BUF_MEM_grow(s->init_buf,(int)l))
|
||||
if (l > (INT_MAX-4)) /* BUF_MEM_grow takes an 'int' parameter */
|
||||
{
|
||||
al=SSL_AD_ILLEGAL_PARAMETER;
|
||||
SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_EXCESSIVE_MESSAGE_SIZE);
|
||||
goto f_err;
|
||||
}
|
||||
if (l && !BUF_MEM_grow(s->init_buf,(int)l+4))
|
||||
{
|
||||
SSLerr(SSL_F_SSL3_GET_MESSAGE,ERR_R_BUF_LIB);
|
||||
goto err;
|
||||
@ -434,13 +440,13 @@ long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
|
||||
s->s3->tmp.message_size=l;
|
||||
s->state=stn;
|
||||
|
||||
s->init_num=0;
|
||||
s->init_msg = s->init_buf->data + 4;
|
||||
s->init_num = 0;
|
||||
}
|
||||
|
||||
/* next state (stn) */
|
||||
p=(unsigned char *)s->init_buf->data;
|
||||
n=s->s3->tmp.message_size;
|
||||
n -= s->init_num;
|
||||
p = s->init_msg;
|
||||
n = s->s3->tmp.message_size - s->init_num;
|
||||
while (n > 0)
|
||||
{
|
||||
i=ssl3_read_bytes(s,SSL3_RT_HANDSHAKE,&p[s->init_num],n,0);
|
||||
@ -453,7 +459,7 @@ long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
|
||||
s->init_num += i;
|
||||
n -= i;
|
||||
}
|
||||
ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, s->init_num);
|
||||
ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, s->init_num + 4);
|
||||
*ok=1;
|
||||
return s->init_num;
|
||||
f_err:
|
||||
|
||||
@ -554,7 +554,7 @@ static int ssl3_get_server_hello(SSL *s)
|
||||
&ok);
|
||||
|
||||
if (!ok) return((int)n);
|
||||
d=p=(unsigned char *)s->init_buf->data;
|
||||
d=p=(unsigned char *)s->init_msg;
|
||||
|
||||
if ((p[0] != (s->version>>8)) || (p[1] != (s->version&0xff)))
|
||||
{
|
||||
@ -710,7 +710,7 @@ static int ssl3_get_server_certificate(SSL *s)
|
||||
SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_BAD_MESSAGE_TYPE);
|
||||
goto f_err;
|
||||
}
|
||||
d=p=(unsigned char *)s->init_buf->data;
|
||||
d=p=(unsigned char *)s->init_msg;
|
||||
|
||||
if ((sk=sk_X509_new_null()) == NULL)
|
||||
{
|
||||
@ -895,7 +895,7 @@ static int ssl3_get_key_exchange(SSL *s)
|
||||
return(1);
|
||||
}
|
||||
|
||||
param=p=(unsigned char *)s->init_buf->data;
|
||||
param=p=(unsigned char *)s->init_msg;
|
||||
|
||||
if (s->session->sess_cert != NULL)
|
||||
{
|
||||
@ -1218,7 +1218,7 @@ static int ssl3_get_certificate_request(SSL *s)
|
||||
}
|
||||
}
|
||||
|
||||
d=p=(unsigned char *)s->init_buf->data;
|
||||
d=p=(unsigned char *)s->init_msg;
|
||||
|
||||
if ((ca_sk=sk_X509_NAME_new(ca_dn_cmp)) == NULL)
|
||||
{
|
||||
|
||||
@ -663,7 +663,7 @@ static int ssl3_get_client_hello(SSL *s)
|
||||
&ok);
|
||||
|
||||
if (!ok) return((int)n);
|
||||
d=p=(unsigned char *)s->init_buf->data;
|
||||
d=p=(unsigned char *)s->init_msg;
|
||||
|
||||
/* use version from inside client hello, not from record header
|
||||
* (may differ: see RFC 2246, Appendix E, second paragraph) */
|
||||
@ -1355,7 +1355,7 @@ static int ssl3_get_client_key_exchange(SSL *s)
|
||||
&ok);
|
||||
|
||||
if (!ok) return((int)n);
|
||||
p=(unsigned char *)s->init_buf->data;
|
||||
p=(unsigned char *)s->init_msg;
|
||||
|
||||
l=s->s3->tmp.new_cipher->algorithms;
|
||||
|
||||
@ -1756,7 +1756,7 @@ static int ssl3_get_cert_verify(SSL *s)
|
||||
}
|
||||
|
||||
/* we now have a signature that we need to verify */
|
||||
p=(unsigned char *)s->init_buf->data;
|
||||
p=(unsigned char *)s->init_msg;
|
||||
n2s(p,i);
|
||||
n-=2;
|
||||
if (i > n)
|
||||
@ -1872,7 +1872,7 @@ static int ssl3_get_client_certificate(SSL *s)
|
||||
SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_WRONG_MESSAGE_TYPE);
|
||||
goto f_err;
|
||||
}
|
||||
d=p=(unsigned char *)s->init_buf->data;
|
||||
d=p=(unsigned char *)s->init_msg;
|
||||
|
||||
if ((sk=sk_X509_new_null()) == NULL)
|
||||
{
|
||||
|
||||
@ -652,6 +652,7 @@ struct ssl_st
|
||||
int rstate; /* where we are when reading */
|
||||
|
||||
BUF_MEM *init_buf; /* buffer used during init */
|
||||
void *init_msg; /* pointer to handshake message body, set by ssl3_get_message() */
|
||||
int init_num; /* amount read/written */
|
||||
int init_off; /* amount read/written */
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user