QuasarApp/openssl
4
0
Fork 0
mirror of https://github.com/QuasarApp/openssl.git synced 2025-04-30 11:44:37 +00:00
Code Issues Projects Releases Wiki Activity

Indent ssl/

Browse Source 
Run util/openssl-format-source on ssl/

Some comments and hand-formatted tables were fixed up
manually by disabling auto-formatting.

Reviewed-by: Rich Salz <rsalz@openssl.org>
This commit is contained in:
Emilia Kasper 2016-08-05 19:03:17 +02:00
parent 604f6eff31
commit a230b26e09
39 changed files with 1217 additions and 1404 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
ssl/d1_lib.c
View File

@ -338,8 +338,7 @@ int dtls1_check_timeout_num(SSL *s)
if (s->d1->timeout.num_alerts > 2 if (s->d1->timeout.num_alerts > 2
&& !(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU)) { && !(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU)) {
mtu = mtu =
BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_GET_FALLBACK_MTU, 0, BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_GET_FALLBACK_MTU, 0, NULL);
NULL);
if (mtu < s->d1->mtu) if (mtu < s->d1->mtu)
s->d1->mtu = mtu; s->d1->mtu = mtu;
} }
@ -391,10 +390,13 @@ static void get_current_time(struct timeval *t)
GetSystemTime(&st); GetSystemTime(&st);
SystemTimeToFileTime(&st, &now.ft); SystemTimeToFileTime(&st, &now.ft);
/* re-bias to 1/1/1970 */
# ifdef __MINGW32__ # ifdef __MINGW32__
now.ul -= 116444736000000000ULL; now.ul -= 116444736000000000ULL;
# else # else
now.ul -= 116444736000000000UI64; /* re-bias to 1/1/1970 */ /* *INDENT-OFF* */
now.ul -= 116444736000000000UI64;
/* *INDENT-ON* */
# endif # endif
t->tv_sec = (long)(now.ul / 10000000); t->tv_sec = (long)(now.ul / 10000000);
t->tv_usec = ((int)(now.ul % 10000000)) / 10; t->tv_usec = ((int)(now.ul % 10000000)) / 10;
@ -408,7 +410,6 @@ static void get_current_time(struct timeval *t)
#endif #endif
} }
#define LISTEN_SUCCESS 2 #define LISTEN_SUCCESS 2
#define LISTEN_SEND_VERIFY_REQUEST 1 #define LISTEN_SEND_VERIFY_REQUEST 1
@ -531,7 +532,7 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client)
goto end; goto end;
} }
if (rectype != SSL3_RT_HANDSHAKE) { if (rectype != SSL3_RT_HANDSHAKE) {
SSLerr(SSL_F_DTLSV1_LISTEN, SSL_R_UNEXPECTED_MESSAGE); SSLerr(SSL_F_DTLSV1_LISTEN, SSL_R_UNEXPECTED_MESSAGE);
goto end; goto end;
} }
@ -744,7 +745,6 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client)
s->msg_callback(1, 0, SSL3_RT_HEADER, buf, s->msg_callback(1, 0, SSL3_RT_HEADER, buf,
DTLS1_RT_HEADER_LENGTH, s, s->msg_callback_arg); DTLS1_RT_HEADER_LENGTH, s, s->msg_callback_arg);
if ((tmpclient = BIO_ADDR_new()) == NULL) { if ((tmpclient = BIO_ADDR_new()) == NULL) {
SSLerr(SSL_F_DTLSV1_LISTEN, ERR_R_MALLOC_FAILURE); SSLerr(SSL_F_DTLSV1_LISTEN, ERR_R_MALLOC_FAILURE);
goto end; goto end;
@ -805,13 +805,15 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client)
*/ */
ossl_statem_set_hello_verify_done(s); ossl_statem_set_hello_verify_done(s);
/* Some BIOs may not support this. If we fail we clear the client address */ /*
* Some BIOs may not support this. If we fail we clear the client address
*/
if (BIO_dgram_get_peer(rbio, client) <= 0) if (BIO_dgram_get_peer(rbio, client) <= 0)
BIO_ADDR_clear(client); BIO_ADDR_clear(client);
ret = 1; ret = 1;
clearpkt = 0; clearpkt = 0;
end: end:
BIO_ADDR_free(tmpclient); BIO_ADDR_free(tmpclient);
BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_PEEK_MODE, 0, NULL); BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_PEEK_MODE, 0, NULL);
if (clearpkt) { if (clearpkt) {
@ -842,12 +844,12 @@ static int dtls1_handshake_write(SSL *s)
#ifndef OPENSSL_NO_HEARTBEATS #ifndef OPENSSL_NO_HEARTBEATS
#define HEARTBEAT_SIZE(payload, padding) ( \ # define HEARTBEAT_SIZE(payload, padding) ( \
1 /* heartbeat type */ + \ 1 /* heartbeat type */ + \
2 /* heartbeat length */ + \ 2 /* heartbeat length */ + \
(payload) + (padding)) (payload) + (padding))
#define HEARTBEAT_SIZE_STD(payload) HEARTBEAT_SIZE(payload, 16) # define HEARTBEAT_SIZE_STD(payload) HEARTBEAT_SIZE(payload, 16)
int dtls1_process_heartbeat(SSL *s, unsigned char *p, unsigned int length) int dtls1_process_heartbeat(SSL *s, unsigned char *p, unsigned int length)
{ {
@ -987,8 +989,7 @@ int dtls1_heartbeat(SSL *s)
if (ret >= 0) { if (ret >= 0) {
if (s->msg_callback) if (s->msg_callback)
s->msg_callback(1, s->version, DTLS1_RT_HEARTBEAT, s->msg_callback(1, s->version, DTLS1_RT_HEARTBEAT,
buf, size, buf, size, s, s->msg_callback_arg);
s, s->msg_callback_arg);
dtls1_start_timer(s); dtls1_start_timer(s);
s->tlsext_hb_pending = 1; s->tlsext_hb_pending = 1;

21
ssl/d1_srtp.c
View File

@ -30,11 +30,11 @@ static SRTP_PROTECTION_PROFILE srtp_known_profiles[] = {
}, },
{ {
"SRTP_AEAD_AES_128_GCM", "SRTP_AEAD_AES_128_GCM",
SRTP_AEAD_AES_128_GCM SRTP_AEAD_AES_128_GCM,
}, },
{ {
"SRTP_AEAD_AES_256_GCM", "SRTP_AEAD_AES_256_GCM",
SRTP_AEAD_AES_256_GCM SRTP_AEAD_AES_256_GCM,
}, },
{0} {0}
}; };
@ -76,8 +76,7 @@ static int ssl_ctx_make_profiles(const char *profiles_string,
do { do {
col = strchr(ptr, ':'); col = strchr(ptr, ':');
if (!find_profile_by_name(ptr, &p, if (!find_profile_by_name(ptr, &p, col ? col - ptr : (int)strlen(ptr))) {
col ? col - ptr : (int)strlen(ptr))) {
if (sk_SRTP_PROTECTION_PROFILE_find(profiles, p) >= 0) { if (sk_SRTP_PROTECTION_PROFILE_find(profiles, p) >= 0) {
SSLerr(SSL_F_SSL_CTX_MAKE_PROFILES, SSLerr(SSL_F_SSL_CTX_MAKE_PROFILES,
SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
@ -104,7 +103,7 @@ static int ssl_ctx_make_profiles(const char *profiles_string,
*out = profiles; *out = profiles;
return 0; return 0;
err: err:
sk_SRTP_PROTECTION_PROFILE_free(profiles); sk_SRTP_PROTECTION_PROFILE_free(profiles);
return 1; return 1;
} }
@ -190,8 +189,7 @@ int ssl_parse_clienthello_use_srtp_ext(SSL *s, PACKET *pkt, int *al)
/* Pull off the length of the cipher suite list and check it is even */ /* Pull off the length of the cipher suite list and check it is even */
if (!PACKET_get_net_2(pkt, &ct) if (!PACKET_get_net_2(pkt, &ct)
|| (ct & 1) != 0 || (ct & 1) != 0 || !PACKET_get_sub_packet(pkt, &subpkt, ct)) {
|| !PACKET_get_sub_packet(pkt, &subpkt, ct)) {
SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT, SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT,
SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
*al = SSL_AD_DECODE_ERROR; *al = SSL_AD_DECODE_ERROR;
@ -238,7 +236,7 @@ int ssl_parse_clienthello_use_srtp_ext(SSL *s, PACKET *pkt, int *al)
} }
if (!PACKET_forward(pkt, mki_len) if (!PACKET_forward(pkt, mki_len)
|| PACKET_remaining(pkt)) { || PACKET_remaining(pkt)) {
SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT, SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT,
SSL_R_BAD_SRTP_MKI_VALUE); SSL_R_BAD_SRTP_MKI_VALUE);
*al = SSL_AD_DECODE_ERROR; *al = SSL_AD_DECODE_ERROR;
@ -281,10 +279,9 @@ int ssl_parse_serverhello_use_srtp_ext(SSL *s, PACKET *pkt, int *al)
SRTP_PROTECTION_PROFILE *prof; SRTP_PROTECTION_PROFILE *prof;
if (!PACKET_get_net_2(pkt, &ct) if (!PACKET_get_net_2(pkt, &ct)
|| ct != 2 || ct != 2 || !PACKET_get_net_2(pkt, &id)
|| !PACKET_get_net_2(pkt, &id) || !PACKET_get_1(pkt, &mki)
|| !PACKET_get_1(pkt, &mki) || PACKET_remaining(pkt) != 0) {
|| PACKET_remaining(pkt) != 0) {
SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT, SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT,
SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
*al = SSL_AD_DECODE_ERROR; *al = SSL_AD_DECODE_ERROR;

108
ssl/methods.c
View File

@ -11,7 +11,7 @@
#include <openssl/objects.h> #include <openssl/objects.h>
#include "ssl_locl.h" #include "ssl_locl.h"
/* /*-
* TLS/SSLv3 methods * TLS/SSLv3 methods
*/ */
@ -19,201 +19,148 @@ IMPLEMENT_tls_meth_func(TLS_ANY_VERSION, 0, 0,
TLS_method, TLS_method,
ossl_statem_accept, ossl_statem_accept,
ossl_statem_connect, TLSv1_2_enc_data) ossl_statem_connect, TLSv1_2_enc_data)
#ifndef OPENSSL_NO_TLS1_2_METHOD #ifndef OPENSSL_NO_TLS1_2_METHOD
IMPLEMENT_tls_meth_func(TLS1_2_VERSION, 0, SSL_OP_NO_TLSv1_2, IMPLEMENT_tls_meth_func(TLS1_2_VERSION, 0, SSL_OP_NO_TLSv1_2,
tlsv1_2_method, tlsv1_2_method,
ossl_statem_accept, ossl_statem_accept,
ossl_statem_connect, TLSv1_2_enc_data) ossl_statem_connect, TLSv1_2_enc_data)
#endif #endif
#ifndef OPENSSL_NO_TLS1_1_METHOD #ifndef OPENSSL_NO_TLS1_1_METHOD
IMPLEMENT_tls_meth_func(TLS1_1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_TLSv1_1, IMPLEMENT_tls_meth_func(TLS1_1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_TLSv1_1,
tlsv1_1_method, tlsv1_1_method,
ossl_statem_accept, ossl_statem_accept,
ossl_statem_connect, TLSv1_1_enc_data) ossl_statem_connect, TLSv1_1_enc_data)
#endif #endif
#ifndef OPENSSL_NO_TLS1_METHOD #ifndef OPENSSL_NO_TLS1_METHOD
IMPLEMENT_tls_meth_func(TLS1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_TLSv1, IMPLEMENT_tls_meth_func(TLS1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_TLSv1,
tlsv1_method, tlsv1_method,
ossl_statem_accept, ossl_statem_accept, ossl_statem_connect, TLSv1_enc_data)
ossl_statem_connect, TLSv1_enc_data)
#endif #endif
#ifndef OPENSSL_NO_SSL3_METHOD #ifndef OPENSSL_NO_SSL3_METHOD
IMPLEMENT_ssl3_meth_func(sslv3_method, ossl_statem_accept, ossl_statem_connect) IMPLEMENT_ssl3_meth_func(sslv3_method, ossl_statem_accept, ossl_statem_connect)
#endif #endif
/*-
/*
* TLS/SSLv3 server methods * TLS/SSLv3 server methods
*/ */
IMPLEMENT_tls_meth_func(TLS_ANY_VERSION, 0, 0, IMPLEMENT_tls_meth_func(TLS_ANY_VERSION, 0, 0,
TLS_server_method, TLS_server_method,
ossl_statem_accept, ossl_statem_accept,
ssl_undefined_function, ssl_undefined_function, TLSv1_2_enc_data)
TLSv1_2_enc_data)
#ifndef OPENSSL_NO_TLS1_2_METHOD #ifndef OPENSSL_NO_TLS1_2_METHOD
IMPLEMENT_tls_meth_func(TLS1_2_VERSION, 0, SSL_OP_NO_TLSv1_2, IMPLEMENT_tls_meth_func(TLS1_2_VERSION, 0, SSL_OP_NO_TLSv1_2,
tlsv1_2_server_method, tlsv1_2_server_method,
ossl_statem_accept, ossl_statem_accept,
ssl_undefined_function, ssl_undefined_function, TLSv1_2_enc_data)
TLSv1_2_enc_data)
#endif #endif
#ifndef OPENSSL_NO_TLS1_1_METHOD #ifndef OPENSSL_NO_TLS1_1_METHOD
IMPLEMENT_tls_meth_func(TLS1_1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_TLSv1_1, IMPLEMENT_tls_meth_func(TLS1_1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_TLSv1_1,
tlsv1_1_server_method, tlsv1_1_server_method,
ossl_statem_accept, ossl_statem_accept,
ssl_undefined_function, ssl_undefined_function, TLSv1_1_enc_data)
TLSv1_1_enc_data)
#endif #endif
#ifndef OPENSSL_NO_TLS1_METHOD #ifndef OPENSSL_NO_TLS1_METHOD
IMPLEMENT_tls_meth_func(TLS1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_TLSv1, IMPLEMENT_tls_meth_func(TLS1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_TLSv1,
tlsv1_server_method, tlsv1_server_method,
ossl_statem_accept, ossl_statem_accept,
ssl_undefined_function, ssl_undefined_function, TLSv1_enc_data)
TLSv1_enc_data)
#endif #endif
#ifndef OPENSSL_NO_SSL3_METHOD #ifndef OPENSSL_NO_SSL3_METHOD
IMPLEMENT_ssl3_meth_func(sslv3_server_method, IMPLEMENT_ssl3_meth_func(sslv3_server_method,
ossl_statem_accept, ossl_statem_accept, ssl_undefined_function)
ssl_undefined_function)
#endif #endif
/*-
/*
* TLS/SSLv3 client methods * TLS/SSLv3 client methods
*/ */
IMPLEMENT_tls_meth_func(TLS_ANY_VERSION, 0, 0, IMPLEMENT_tls_meth_func(TLS_ANY_VERSION, 0, 0,
TLS_client_method, TLS_client_method,
ssl_undefined_function, ssl_undefined_function,
ossl_statem_connect, ossl_statem_connect, TLSv1_2_enc_data)
TLSv1_2_enc_data)
#ifndef OPENSSL_NO_TLS1_2_METHOD #ifndef OPENSSL_NO_TLS1_2_METHOD
IMPLEMENT_tls_meth_func(TLS1_2_VERSION, 0, SSL_OP_NO_TLSv1_2, IMPLEMENT_tls_meth_func(TLS1_2_VERSION, 0, SSL_OP_NO_TLSv1_2,
tlsv1_2_client_method, tlsv1_2_client_method,
ssl_undefined_function, ssl_undefined_function,
ossl_statem_connect, ossl_statem_connect, TLSv1_2_enc_data)
TLSv1_2_enc_data)
#endif #endif
#ifndef OPENSSL_NO_TLS1_1_METHOD #ifndef OPENSSL_NO_TLS1_1_METHOD
IMPLEMENT_tls_meth_func(TLS1_1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_TLSv1_1, IMPLEMENT_tls_meth_func(TLS1_1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_TLSv1_1,
tlsv1_1_client_method, tlsv1_1_client_method,
ssl_undefined_function, ssl_undefined_function,
ossl_statem_connect, ossl_statem_connect, TLSv1_1_enc_data)
TLSv1_1_enc_data)
#endif #endif
#ifndef OPENSSL_NO_TLS1_METHOD #ifndef OPENSSL_NO_TLS1_METHOD
IMPLEMENT_tls_meth_func(TLS1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_TLSv1, IMPLEMENT_tls_meth_func(TLS1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_TLSv1,
tlsv1_client_method, tlsv1_client_method,
ssl_undefined_function, ssl_undefined_function,
ossl_statem_connect, ossl_statem_connect, TLSv1_enc_data)
TLSv1_enc_data)
#endif #endif
#ifndef OPENSSL_NO_SSL3_METHOD #ifndef OPENSSL_NO_SSL3_METHOD
IMPLEMENT_ssl3_meth_func(sslv3_client_method, IMPLEMENT_ssl3_meth_func(sslv3_client_method,
ssl_undefined_function, ssl_undefined_function, ossl_statem_connect)
ossl_statem_connect)
#endif #endif
/*-
/*
* DTLS methods * DTLS methods
*/ */
#ifndef OPENSSL_NO_DTLS1_METHOD #ifndef OPENSSL_NO_DTLS1_METHOD
IMPLEMENT_dtls1_meth_func(DTLS1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_DTLSv1, IMPLEMENT_dtls1_meth_func(DTLS1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_DTLSv1,
dtlsv1_method, dtlsv1_method,
ossl_statem_accept, ossl_statem_accept,
ossl_statem_connect, ossl_statem_connect, DTLSv1_enc_data)
DTLSv1_enc_data)
#endif #endif
#ifndef OPENSSL_NO_DTLS1_2_METHOD #ifndef OPENSSL_NO_DTLS1_2_METHOD
IMPLEMENT_dtls1_meth_func(DTLS1_2_VERSION, 0, SSL_OP_NO_DTLSv1_2, IMPLEMENT_dtls1_meth_func(DTLS1_2_VERSION, 0, SSL_OP_NO_DTLSv1_2,
dtlsv1_2_method, dtlsv1_2_method,
ossl_statem_accept, ossl_statem_accept,
ossl_statem_connect, ossl_statem_connect, DTLSv1_2_enc_data)
DTLSv1_2_enc_data)
#endif #endif
IMPLEMENT_dtls1_meth_func(DTLS_ANY_VERSION, 0, 0, IMPLEMENT_dtls1_meth_func(DTLS_ANY_VERSION, 0, 0,
DTLS_method, DTLS_method,
ossl_statem_accept, ossl_statem_accept,
ossl_statem_connect, ossl_statem_connect, DTLSv1_2_enc_data)
DTLSv1_2_enc_data)
/* /*-
* DTLS server methods * DTLS server methods
*/ */
#ifndef OPENSSL_NO_DTLS1_METHOD #ifndef OPENSSL_NO_DTLS1_METHOD
IMPLEMENT_dtls1_meth_func(DTLS1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_DTLSv1, IMPLEMENT_dtls1_meth_func(DTLS1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_DTLSv1,
dtlsv1_server_method, dtlsv1_server_method,
ossl_statem_accept, ossl_statem_accept,
ssl_undefined_function, ssl_undefined_function, DTLSv1_enc_data)
DTLSv1_enc_data)
#endif #endif
#ifndef OPENSSL_NO_DTLS1_2_METHOD #ifndef OPENSSL_NO_DTLS1_2_METHOD
IMPLEMENT_dtls1_meth_func(DTLS1_2_VERSION, 0, SSL_OP_NO_DTLSv1_2, IMPLEMENT_dtls1_meth_func(DTLS1_2_VERSION, 0, SSL_OP_NO_DTLSv1_2,
dtlsv1_2_server_method, dtlsv1_2_server_method,
ossl_statem_accept, ossl_statem_accept,
ssl_undefined_function, ssl_undefined_function, DTLSv1_2_enc_data)
DTLSv1_2_enc_data)
#endif #endif
IMPLEMENT_dtls1_meth_func(DTLS_ANY_VERSION, 0, 0, IMPLEMENT_dtls1_meth_func(DTLS_ANY_VERSION, 0, 0,
DTLS_server_method, DTLS_server_method,
ossl_statem_accept, ossl_statem_accept,
ssl_undefined_function, ssl_undefined_function, DTLSv1_2_enc_data)
DTLSv1_2_enc_data)
/*-
/*
* DTLS client methods * DTLS client methods
*/ */
#ifndef OPENSSL_NO_DTLS1_METHOD #ifndef OPENSSL_NO_DTLS1_METHOD
IMPLEMENT_dtls1_meth_func(DTLS1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_DTLSv1, IMPLEMENT_dtls1_meth_func(DTLS1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_DTLSv1,
dtlsv1_client_method, dtlsv1_client_method,
ssl_undefined_function, ssl_undefined_function,
ossl_statem_connect, ossl_statem_connect, DTLSv1_enc_data)
DTLSv1_enc_data)
IMPLEMENT_dtls1_meth_func(DTLS1_BAD_VER, SSL_METHOD_NO_SUITEB, SSL_OP_NO_DTLSv1, IMPLEMENT_dtls1_meth_func(DTLS1_BAD_VER, SSL_METHOD_NO_SUITEB, SSL_OP_NO_DTLSv1,
dtls_bad_ver_client_method, dtls_bad_ver_client_method,
ssl_undefined_function, ssl_undefined_function,
ossl_statem_connect, ossl_statem_connect, DTLSv1_enc_data)
DTLSv1_enc_data)
#endif #endif
#ifndef OPENSSL_NO_DTLS1_2_METHOD #ifndef OPENSSL_NO_DTLS1_2_METHOD
IMPLEMENT_dtls1_meth_func(DTLS1_2_VERSION, 0, SSL_OP_NO_DTLSv1_2, IMPLEMENT_dtls1_meth_func(DTLS1_2_VERSION, 0, SSL_OP_NO_DTLSv1_2,
dtlsv1_2_client_method, dtlsv1_2_client_method,
ssl_undefined_function, ssl_undefined_function,
ossl_statem_connect, ossl_statem_connect, DTLSv1_2_enc_data)
DTLSv1_2_enc_data)
#endif #endif
IMPLEMENT_dtls1_meth_func(DTLS_ANY_VERSION, 0, 0, IMPLEMENT_dtls1_meth_func(DTLS_ANY_VERSION, 0, 0,
DTLS_client_method, DTLS_client_method,
ssl_undefined_function, ssl_undefined_function,
ossl_statem_connect, ossl_statem_connect, DTLSv1_2_enc_data)
DTLSv1_2_enc_data)
#if OPENSSL_API_COMPAT < 0x10100000L #if OPENSSL_API_COMPAT < 0x10100000L
# ifndef OPENSSL_NO_TLS1_2_METHOD # ifndef OPENSSL_NO_TLS1_2_METHOD
const SSL_METHOD *TLSv1_2_method(void) const SSL_METHOD *TLSv1_2_method(void)
{ {
@ -317,4 +264,3 @@ const SSL_METHOD *DTLSv1_client_method(void)
# endif # endif
#endif #endif

72
ssl/packet_locl.h
View File

@ -54,6 +54,7 @@ static ossl_inline const unsigned char *PACKET_end(const PACKET *pkt)
{ {
return pkt->curr + pkt->remaining; return pkt->curr + pkt->remaining;
} }
/* /*
* Returns a pointer to the PACKET's current position. * Returns a pointer to the PACKET's current position.
* For use in non-PACKETized APIs. * For use in non-PACKETized APIs.
@ -107,8 +108,7 @@ __owur static ossl_inline int PACKET_equal(const PACKET *pkt, const void *ptr,
* the original |pkt|, so data wrapped by |pkt| must outlive the |subpkt|. * the original |pkt|, so data wrapped by |pkt| must outlive the |subpkt|.
*/ */
__owur static ossl_inline int PACKET_peek_sub_packet(const PACKET *pkt, __owur static ossl_inline int PACKET_peek_sub_packet(const PACKET *pkt,
PACKET *subpkt, PACKET *subpkt, size_t len)
size_t len)
{ {
if (PACKET_remaining(pkt) < len) if (PACKET_remaining(pkt) < len)
return 0; return 0;
@ -122,8 +122,7 @@ __owur static ossl_inline int PACKET_peek_sub_packet(const PACKET *pkt,
* original |pkt|, so data wrapped by |pkt| must outlive the |subpkt|. * original |pkt|, so data wrapped by |pkt| must outlive the |subpkt|.
*/ */
__owur static ossl_inline int PACKET_get_sub_packet(PACKET *pkt, __owur static ossl_inline int PACKET_get_sub_packet(PACKET *pkt,
PACKET *subpkt, PACKET *subpkt, size_t len)
size_t len)
{ {
if (!PACKET_peek_sub_packet(pkt, subpkt, len)) if (!PACKET_peek_sub_packet(pkt, subpkt, len))
return 0; return 0;
@ -151,8 +150,7 @@ __owur static ossl_inline int PACKET_peek_net_2(const PACKET *pkt,
/* Equivalent of n2s */ /* Equivalent of n2s */
/* Get 2 bytes in network order from |pkt| and store the value in |*data| */ /* Get 2 bytes in network order from |pkt| and store the value in |*data| */
__owur static ossl_inline int PACKET_get_net_2(PACKET *pkt, __owur static ossl_inline int PACKET_get_net_2(PACKET *pkt, unsigned int *data)
unsigned int *data)
{ {
if (!PACKET_peek_net_2(pkt, data)) if (!PACKET_peek_net_2(pkt, data))
return 0; return 0;
@ -181,8 +179,7 @@ __owur static ossl_inline int PACKET_peek_net_3(const PACKET *pkt,
/* Equivalent of n2l3 */ /* Equivalent of n2l3 */
/* Get 3 bytes in network order from |pkt| and store the value in |*data| */ /* Get 3 bytes in network order from |pkt| and store the value in |*data| */
__owur static ossl_inline int PACKET_get_net_3(PACKET *pkt, __owur static ossl_inline int PACKET_get_net_3(PACKET *pkt, unsigned long *data)
unsigned long *data)
{ {
if (!PACKET_peek_net_3(pkt, data)) if (!PACKET_peek_net_3(pkt, data))
return 0; return 0;
@ -212,8 +209,7 @@ __owur static ossl_inline int PACKET_peek_net_4(const PACKET *pkt,
/* Equivalent of n2l */ /* Equivalent of n2l */
/* Get 4 bytes in network order from |pkt| and store the value in |*data| */ /* Get 4 bytes in network order from |pkt| and store the value in |*data| */
__owur static ossl_inline int PACKET_get_net_4(PACKET *pkt, __owur static ossl_inline int PACKET_get_net_4(PACKET *pkt, unsigned long *data)
unsigned long *data)
{ {
if (!PACKET_peek_net_4(pkt, data)) if (!PACKET_peek_net_4(pkt, data))
return 0; return 0;
@ -333,8 +329,7 @@ __owur static ossl_inline int PACKET_peek_copy_bytes(const PACKET *pkt,
* The caller is responsible for ensuring that |data| can hold |len| bytes. * The caller is responsible for ensuring that |data| can hold |len| bytes.
*/ */
__owur static ossl_inline int PACKET_copy_bytes(PACKET *pkt, __owur static ossl_inline int PACKET_copy_bytes(PACKET *pkt,
unsigned char *data, unsigned char *data, size_t len)
size_t len)
{ {
if (!PACKET_peek_copy_bytes(pkt, data, len)) if (!PACKET_peek_copy_bytes(pkt, data, len))
return 0; return 0;
@ -417,7 +412,7 @@ __owur static ossl_inline int PACKET_strndup(const PACKET *pkt, char **data)
/* Returns 1 if |pkt| contains at least one 0-byte, 0 otherwise. */ /* Returns 1 if |pkt| contains at least one 0-byte, 0 otherwise. */
static ossl_inline int PACKET_contains_zero_byte(const PACKET *pkt) static ossl_inline int PACKET_contains_zero_byte(const PACKET *pkt)
{ {
return memchr(pkt->curr, 0, pkt->remaining) != NULL; return memchr(pkt->curr, 0, pkt->remaining) != NULL;
} }
/* Move the current reading position forward |len| bytes */ /* Move the current reading position forward |len| bytes */
@ -460,22 +455,23 @@ __owur static ossl_inline int PACKET_get_length_prefixed_1(PACKET *pkt,
* Like PACKET_get_length_prefixed_1, but additionally, fails when there are * Like PACKET_get_length_prefixed_1, but additionally, fails when there are
* leftover bytes in |pkt|. * leftover bytes in |pkt|.
*/ */
__owur static ossl_inline int PACKET_as_length_prefixed_1(PACKET *pkt, PACKET *subpkt) __owur static ossl_inline int PACKET_as_length_prefixed_1(PACKET *pkt,
PACKET *subpkt)
{ {
unsigned int length; unsigned int length;
const unsigned char *data; const unsigned char *data;
PACKET tmp = *pkt; PACKET tmp = *pkt;
if (!PACKET_get_1(&tmp, &length) || if (!PACKET_get_1(&tmp, &length) ||
!PACKET_get_bytes(&tmp, &data, (size_t)length) || !PACKET_get_bytes(&tmp, &data, (size_t)length) ||
PACKET_remaining(&tmp) != 0) { PACKET_remaining(&tmp) != 0) {
return 0; return 0;
} }
*pkt = tmp; *pkt = tmp;
subpkt->curr = data; subpkt->curr = data;
subpkt->remaining = length; subpkt->remaining = length;
return 1; return 1;
} }
/* /*
@ -511,21 +507,21 @@ __owur static ossl_inline int PACKET_get_length_prefixed_2(PACKET *pkt,
__owur static ossl_inline int PACKET_as_length_prefixed_2(PACKET *pkt, __owur static ossl_inline int PACKET_as_length_prefixed_2(PACKET *pkt,
PACKET *subpkt) PACKET *subpkt)
{ {
unsigned int length; unsigned int length;
const unsigned char *data; const unsigned char *data;
PACKET tmp = *pkt; PACKET tmp = *pkt;
if (!PACKET_get_net_2(&tmp, &length) || if (!PACKET_get_net_2(&tmp, &length) ||
!PACKET_get_bytes(&tmp, &data, (size_t)length) || !PACKET_get_bytes(&tmp, &data, (size_t)length) ||
PACKET_remaining(&tmp) != 0) { PACKET_remaining(&tmp) != 0) {
return 0; return 0;
} }
*pkt = tmp; *pkt = tmp;
subpkt->curr = data; subpkt->curr = data;
subpkt->remaining = length; subpkt->remaining = length;
return 1; return 1;
} }
/* /*

56
ssl/record/rec_layer_d1.c
View File

@ -22,7 +22,6 @@ int DTLS_RECORD_LAYER_new(RECORD_LAYER *rl)
if ((d = OPENSSL_malloc(sizeof(*d))) == NULL) if ((d = OPENSSL_malloc(sizeof(*d))) == NULL)
return (0); return (0);
rl->d = d; rl->d = d;
d->unprocessed_rcds.q = pqueue_new(); d->unprocessed_rcds.q = pqueue_new();
@ -97,18 +96,14 @@ void DTLS_RECORD_LAYER_set_saved_w_epoch(RECORD_LAYER *rl, unsigned short e)
{ {
if (e == rl->d->w_epoch - 1) { if (e == rl->d->w_epoch - 1) {
memcpy(rl->d->curr_write_sequence, memcpy(rl->d->curr_write_sequence,
rl->write_sequence, rl->write_sequence, sizeof(rl->write_sequence));
sizeof(rl->write_sequence));
memcpy(rl->write_sequence, memcpy(rl->write_sequence,
rl->d->last_write_sequence, rl->d->last_write_sequence, sizeof(rl->write_sequence));
sizeof(rl->write_sequence));
} else if (e == rl->d->w_epoch + 1) { } else if (e == rl->d->w_epoch + 1) {
memcpy(rl->d->last_write_sequence, memcpy(rl->d->last_write_sequence,
rl->write_sequence, rl->write_sequence, sizeof(unsigned char[8]));
sizeof(unsigned char[8]));
memcpy(rl->write_sequence, memcpy(rl->write_sequence,
rl->d->curr_write_sequence, rl->d->curr_write_sequence, sizeof(rl->write_sequence));
sizeof(rl->write_sequence));
} }
rl->d->w_epoch = e; rl->d->w_epoch = e;
} }
@ -118,7 +113,6 @@ void DTLS_RECORD_LAYER_resync_write(RECORD_LAYER *rl)
memcpy(rl->write_sequence, rl->read_sequence, sizeof(rl->write_sequence)); memcpy(rl->write_sequence, rl->read_sequence, sizeof(rl->write_sequence));
} }
void DTLS_RECORD_LAYER_set_write_sequence(RECORD_LAYER *rl, unsigned char *seq) void DTLS_RECORD_LAYER_set_write_sequence(RECORD_LAYER *rl, unsigned char *seq)
{ {
memcpy(rl->write_sequence, seq, SEQ_NUM_SIZE); memcpy(rl->write_sequence, seq, SEQ_NUM_SIZE);
@ -232,7 +226,6 @@ int dtls1_retrieve_buffered_record(SSL *s, record_pqueue *queue)
dtls1_retrieve_buffered_record((s), \ dtls1_retrieve_buffered_record((s), \
&((s)->rlayer.d->unprocessed_rcds)) &((s)->rlayer.d->unprocessed_rcds))
int dtls1_process_buffered_records(SSL *s) int dtls1_process_buffered_records(SSL *s)
{ {
pitem *item; pitem *item;
@ -249,7 +242,8 @@ int dtls1_process_buffered_records(SSL *s)
if (!dtls1_process_record(s)) if (!dtls1_process_record(s))
return (0); return (0);
if (dtls1_buffer_record(s, &(s->rlayer.d->processed_rcds), if (dtls1_buffer_record(s, &(s->rlayer.d->processed_rcds),
SSL3_RECORD_get_seq_num(s->rlayer.rrec)) < 0) SSL3_RECORD_get_seq_num(s->rlayer.rrec)) <
0)
return -1; return -1;
} }
} }
@ -264,7 +258,6 @@ int dtls1_process_buffered_records(SSL *s)
return (1); return (1);
} }
/*- /*-
* Return up to 'len' payload bytes received in 'type' records. * Return up to 'len' payload bytes received in 'type' records.
* 'type' is one of the following: * 'type' is one of the following:
@ -390,7 +383,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
/* get new packet if necessary */ /* get new packet if necessary */
if ((SSL3_RECORD_get_length(rr) == 0) if ((SSL3_RECORD_get_length(rr) == 0)
|| (s->rlayer.rstate == SSL_ST_READ_BODY)) { || (s->rlayer.rstate == SSL_ST_READ_BODY)) {
ret = dtls1_get_record(s); ret = dtls1_get_record(s);
if (ret <= 0) { if (ret <= 0) {
ret = dtls1_read_failed(s, ret); ret = dtls1_read_failed(s, ret);
@ -413,7 +406,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
* data for later processing rather than dropping the connection. * data for later processing rather than dropping the connection.
*/ */
if (dtls1_buffer_record(s, &(s->rlayer.d->buffered_app_data), if (dtls1_buffer_record(s, &(s->rlayer.d->buffered_app_data),
SSL3_RECORD_get_seq_num(rr)) < 0) { SSL3_RECORD_get_seq_num(rr)) < 0) {
SSLerr(SSL_F_DTLS1_READ_BYTES, ERR_R_INTERNAL_ERROR); SSLerr(SSL_F_DTLS1_READ_BYTES, ERR_R_INTERNAL_ERROR);
return -1; return -1;
} }
@ -432,8 +425,8 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
} }
if (type == SSL3_RECORD_get_type(rr) if (type == SSL3_RECORD_get_type(rr)
|| (SSL3_RECORD_get_type(rr) == SSL3_RT_CHANGE_CIPHER_SPEC || (SSL3_RECORD_get_type(rr) == SSL3_RT_CHANGE_CIPHER_SPEC
&& type == SSL3_RT_HANDSHAKE && recvd_type != NULL)) { && type == SSL3_RT_HANDSHAKE && recvd_type != NULL)) {
/* /*
* SSL3_RT_APPLICATION_DATA or * SSL3_RT_APPLICATION_DATA or
* SSL3_RT_HANDSHAKE or * SSL3_RT_HANDSHAKE or
@ -525,7 +518,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
else if (SSL3_RECORD_get_type(rr) == DTLS1_RT_HEARTBEAT) { else if (SSL3_RECORD_get_type(rr) == DTLS1_RT_HEARTBEAT) {
/* We allow a 0 return */ /* We allow a 0 return */
if (dtls1_process_heartbeat(s, SSL3_RECORD_get_data(rr), if (dtls1_process_heartbeat(s, SSL3_RECORD_get_data(rr),
SSL3_RECORD_get_length(rr)) < 0) { SSL3_RECORD_get_length(rr)) < 0) {
return -1; return -1;
} }
/* Exit and notify application to read again */ /* Exit and notify application to read again */
@ -542,7 +535,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
* Application data while renegotiating is allowed. Try again * Application data while renegotiating is allowed. Try again
* reading. * reading.
*/ */
if (SSL3_RECORD_get_type(rr) == SSL3_RT_APPLICATION_DATA) { if (SSL3_RECORD_get_type(rr) == SSL3_RT_APPLICATION_DATA) {
BIO *bio; BIO *bio;
s->s3->in_read_app_data = 2; s->s3->in_read_app_data = 2;
bio = SSL_get_rbio(s); bio = SSL_get_rbio(s);
@ -563,14 +556,14 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
* XDTLS: In a pathological case, the Client Hello may be * XDTLS: In a pathological case, the Client Hello may be
* fragmented--don't always expect dest_maxlen bytes * fragmented--don't always expect dest_maxlen bytes
*/ */
if (SSL3_RECORD_get_length(rr) < dest_maxlen) { if (SSL3_RECORD_get_length(rr) < dest_maxlen) {
#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE #ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE
/* /*
* for normal alerts rr->length is 2, while * for normal alerts rr->length is 2, while
* dest_maxlen is 7 if we were to handle this * dest_maxlen is 7 if we were to handle this
* non-existing alert... * non-existing alert...
*/ */
FIX ME FIX ME;
#endif #endif
s->rlayer.rstate = SSL_ST_READ_HEADER; s->rlayer.rstate = SSL_ST_READ_HEADER;
SSL3_RECORD_set_length(rr, 0); SSL3_RECORD_set_length(rr, 0);
@ -628,8 +621,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
if (i < 0) if (i < 0)
return (i); return (i);
if (i == 0) { if (i == 0) {
SSLerr(SSL_F_DTLS1_READ_BYTES, SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE);
SSL_R_SSL_HANDSHAKE_FAILURE);
return (-1); return (-1);
} }
@ -734,8 +726,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
s->rwstate = SSL_NOTHING; s->rwstate = SSL_NOTHING;
s->s3->fatal_alert = alert_descr; s->s3->fatal_alert = alert_descr;
SSLerr(SSL_F_DTLS1_READ_BYTES, SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_AD_REASON_OFFSET + alert_descr);
SSL_AD_REASON_OFFSET + alert_descr);
BIO_snprintf(tmp, sizeof tmp, "%d", alert_descr); BIO_snprintf(tmp, sizeof tmp, "%d", alert_descr);
ERR_add_error_data(2, "SSL alert number ", tmp); ERR_add_error_data(2, "SSL alert number ", tmp);
s->shutdown |= SSL_RECEIVED_SHUTDOWN; s->shutdown |= SSL_RECEIVED_SHUTDOWN;
@ -874,7 +865,6 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
return (-1); return (-1);
} }
/* /*
* this only happens when a client hello is received and a handshake * this only happens when a client hello is received and a handshake
* is started. * is started.
@ -884,7 +874,7 @@ static int have_handshake_fragment(SSL *s, int type, unsigned char *buf,
{ {
if ((type == SSL3_RT_HANDSHAKE) if ((type == SSL3_RT_HANDSHAKE)
&& (s->rlayer.d->handshake_fragment_len > 0)) && (s->rlayer.d->handshake_fragment_len > 0))
/* (partially) satisfy request from storage */ /* (partially) satisfy request from storage */
{ {
unsigned char *src = s->rlayer.d->handshake_fragment; unsigned char *src = s->rlayer.d->handshake_fragment;
@ -981,7 +971,7 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf,
* header: otherwise some clients will ignore it. * header: otherwise some clients will ignore it.
*/ */
if (s->method->version == DTLS_ANY_VERSION && if (s->method->version == DTLS_ANY_VERSION &&
s->max_proto_version != DTLS1_BAD_VER) { s->max_proto_version != DTLS1_BAD_VER) {
*(p++) = DTLS1_VERSION >> 8; *(p++) = DTLS1_VERSION >> 8;
*(p++) = DTLS1_VERSION & 0xff; *(p++) = DTLS1_VERSION & 0xff;
} else { } else {
@ -1040,7 +1030,8 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf,
if (mac_size != 0) { if (mac_size != 0) {
if (s->method->ssl3_enc->mac(s, &wr, if (s->method->ssl3_enc->mac(s, &wr,
&(p[SSL3_RECORD_get_length(&wr) + eivlen]), 1) < 0) &(p[SSL3_RECORD_get_length(&wr) + eivlen]),
1) < 0)
goto err; goto err;
SSL3_RECORD_add_length(&wr, mac_size); SSL3_RECORD_add_length(&wr, mac_size);
} }
@ -1115,7 +1106,7 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf,
} }
DTLS1_BITMAP *dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr, DTLS1_BITMAP *dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr,
unsigned int *is_next_epoch) unsigned int *is_next_epoch)
{ {
*is_next_epoch = 0; *is_next_epoch = 0;
@ -1126,7 +1117,7 @@ DTLS1_BITMAP *dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr,
/* Only HM and ALERT messages can be from the next epoch */ /* Only HM and ALERT messages can be from the next epoch */
else if (rr->epoch == (unsigned long)(s->rlayer.d->r_epoch + 1) && else if (rr->epoch == (unsigned long)(s->rlayer.d->r_epoch + 1) &&
(rr->type == SSL3_RT_HANDSHAKE || rr->type == SSL3_RT_ALERT)) { (rr->type == SSL3_RT_HANDSHAKE || rr->type == SSL3_RT_ALERT)) {
*is_next_epoch = 1; *is_next_epoch = 1;
return &s->rlayer.d->next_bitmap; return &s->rlayer.d->next_bitmap;
} }
@ -1144,8 +1135,7 @@ void dtls1_reset_seq_numbers(SSL *s, int rw)
s->rlayer.d->r_epoch++; s->rlayer.d->r_epoch++;
memcpy(&s->rlayer.d->bitmap, &s->rlayer.d->next_bitmap, memcpy(&s->rlayer.d->bitmap, &s->rlayer.d->next_bitmap,
sizeof(s->rlayer.d->bitmap)); sizeof(s->rlayer.d->bitmap));
memset(&s->rlayer.d->next_bitmap, 0, memset(&s->rlayer.d->next_bitmap, 0, sizeof(s->rlayer.d->next_bitmap));
sizeof(s->rlayer.d->next_bitmap));
} else { } else {
seq = s->rlayer.write_sequence; seq = s->rlayer.write_sequence;
memcpy(s->rlayer.d->last_write_sequence, seq, memcpy(s->rlayer.d->last_write_sequence, seq,

82
ssl/record/rec_layer_s3.c
View File

@ -43,7 +43,8 @@ void RECORD_LAYER_clear(RECORD_LAYER *rl)
rl->rstate = SSL_ST_READ_HEADER; rl->rstate = SSL_ST_READ_HEADER;
/* Do I need to clear read_ahead? As far as I can tell read_ahead did not /*
* Do I need to clear read_ahead? As far as I can tell read_ahead did not
* previously get reset by SSL_clear...so I'll keep it that way..but is * previously get reset by SSL_clear...so I'll keep it that way..but is
* that right? * that right?
*/ */
@ -91,7 +92,7 @@ int RECORD_LAYER_read_pending(const RECORD_LAYER *rl)
int RECORD_LAYER_write_pending(const RECORD_LAYER *rl) int RECORD_LAYER_write_pending(const RECORD_LAYER *rl)
{ {
return (rl->numwpipes > 0) return (rl->numwpipes > 0)
&& SSL3_BUFFER_get_left(&rl->wbuf[rl->numwpipes-1]) != 0; && SSL3_BUFFER_get_left(&rl->wbuf[rl->numwpipes - 1]) != 0;
} }
int RECORD_LAYER_set_data(RECORD_LAYER *rl, const unsigned char *buf, int len) int RECORD_LAYER_set_data(RECORD_LAYER *rl, const unsigned char *buf, int len)
@ -130,7 +131,7 @@ int ssl3_pending(const SSL *s)
for (i = 0; i < RECORD_LAYER_get_numrpipes(&s->rlayer); i++) { for (i = 0; i < RECORD_LAYER_get_numrpipes(&s->rlayer); i++) {
if (SSL3_RECORD_get_type(&s->rlayer.rrec[i]) if (SSL3_RECORD_get_type(&s->rlayer.rrec[i])
!= SSL3_RT_APPLICATION_DATA) != SSL3_RT_APPLICATION_DATA)
return 0; return 0;
num += SSL3_RECORD_get_length(&s->rlayer.rrec[i]); num += SSL3_RECORD_get_length(&s->rlayer.rrec[i]);
} }
@ -262,7 +263,7 @@ int ssl3_read_n(SSL *s, int n, int max, int extend, int clearold)
* Move any available bytes to front of buffer: 'len' bytes already * Move any available bytes to front of buffer: 'len' bytes already
* pointed to by 'packet', 'left' extra ones at the end * pointed to by 'packet', 'left' extra ones at the end
*/ */
if (s->rlayer.packet != pkt && clearold == 1) { /* len > 0 */ if (s->rlayer.packet != pkt && clearold == 1) { /* len > 0 */
memmove(pkt, s->rlayer.packet, len + left); memmove(pkt, s->rlayer.packet, len + left);
s->rlayer.packet = pkt; s->rlayer.packet = pkt;
rb->offset = len + align; rb->offset = len + align;
@ -327,7 +328,6 @@ int ssl3_read_n(SSL *s, int n, int max, int extend, int clearold)
return (n); return (n);
} }
/* /*
* Call this to write data in records of type 'type' It will return <= 0 if * Call this to write data in records of type 'type' It will return <= 0 if
* not all data has been sent or non-blocking IO. * not all data has been sent or non-blocking IO.
@ -365,7 +365,6 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len)
return -1; return -1;
} }
s->rlayer.wnum = 0; s->rlayer.wnum = 0;
if (SSL_in_init(s) && !ossl_statem_get_in_handshake(s)) { if (SSL_in_init(s) && !ossl_statem_get_in_handshake(s)) {
@ -538,22 +537,22 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len)
/* /*
* We should have prevented this when we set max_pipelines so we * We should have prevented this when we set max_pipelines so we
* shouldn't get here * shouldn't get here
*/ */
SSLerr(SSL_F_SSL3_WRITE_BYTES, ERR_R_INTERNAL_ERROR); SSLerr(SSL_F_SSL3_WRITE_BYTES, ERR_R_INTERNAL_ERROR);
return -1; return -1;
} }
if (maxpipes == 0 if (maxpipes == 0
|| s->enc_write_ctx == NULL || s->enc_write_ctx == NULL
|| !(EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(s->enc_write_ctx)) || !(EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(s->enc_write_ctx))
& EVP_CIPH_FLAG_PIPELINE) & EVP_CIPH_FLAG_PIPELINE)
|| !SSL_USE_EXPLICIT_IV(s)) || !SSL_USE_EXPLICIT_IV(s))
maxpipes = 1; maxpipes = 1;
if (s->max_send_fragment == 0 || split_send_fragment > s->max_send_fragment if (s->max_send_fragment == 0 || split_send_fragment > s->max_send_fragment
|| split_send_fragment == 0) { || split_send_fragment == 0) {
/* /*
* We should have prevented this when we set the split and max send * We should have prevented this when we set the split and max send
* fragments so we shouldn't get here * fragments so we shouldn't get here
*/ */
SSLerr(SSL_F_SSL3_WRITE_BYTES, ERR_R_INTERNAL_ERROR); SSLerr(SSL_F_SSL3_WRITE_BYTES, ERR_R_INTERNAL_ERROR);
return -1; return -1;
} }
@ -658,8 +657,7 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
sess = s->session; sess = s->session;
if ((sess == NULL) || if ((sess == NULL) ||
(s->enc_write_ctx == NULL) || (s->enc_write_ctx == NULL) || (EVP_MD_CTX_md(s->write_hash) == NULL)) {
(EVP_MD_CTX_md(s->write_hash) == NULL)) {
clear = s->enc_write_ctx ? 0 : 1; /* must be AEAD cipher */ clear = s->enc_write_ctx ? 0 : 1; /* must be AEAD cipher */
mac_size = 0; mac_size = 0;
} else { } else {
@ -691,8 +689,7 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
goto err; goto err;
if (prefix_len > if (prefix_len >
(SSL3_RT_HEADER_LENGTH + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD)) (SSL3_RT_HEADER_LENGTH + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD)) {
{
/* insufficient space */ /* insufficient space */
SSLerr(SSL_F_DO_SSL3_WRITE, ERR_R_INTERNAL_ERROR); SSLerr(SSL_F_DO_SSL3_WRITE, ERR_R_INTERNAL_ERROR);
goto err; goto err;
@ -718,9 +715,9 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
} else if (prefix_len) { } else if (prefix_len) {
wb = &s->rlayer.wbuf[0]; wb = &s->rlayer.wbuf[0];
outbuf[0] = SSL3_BUFFER_get_buf(wb) + SSL3_BUFFER_get_offset(wb) outbuf[0] = SSL3_BUFFER_get_buf(wb) + SSL3_BUFFER_get_offset(wb)
+ prefix_len; + prefix_len;
} else { } else {
for (j=0; j < numpipes; j++) { for (j = 0; j < numpipes; j++) {
wb = &s->rlayer.wbuf[j]; wb = &s->rlayer.wbuf[j];
#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0 #if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0
align = (size_t)SSL3_BUFFER_get_buf(wb) + SSL3_RT_HEADER_LENGTH; align = (size_t)SSL3_BUFFER_get_buf(wb) + SSL3_RT_HEADER_LENGTH;
@ -749,11 +746,10 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
} else } else
eivlen = 0; eivlen = 0;
totlen = 0; totlen = 0;
/* Clear our SSL3_RECORD structures */ /* Clear our SSL3_RECORD structures */
memset(wr, 0, sizeof wr); memset(wr, 0, sizeof wr);
for (j=0; j < numpipes; j++) { for (j = 0; j < numpipes; j++) {
/* write the header */ /* write the header */
*(outbuf[j]++) = type & 0xff; *(outbuf[j]++) = type & 0xff;
SSL3_RECORD_set_type(&wr[j], type); SSL3_RECORD_set_type(&wr[j], type);
@ -802,12 +798,12 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
if (!SSL_USE_ETM(s) && mac_size != 0) { if (!SSL_USE_ETM(s) && mac_size != 0) {
if (s->method->ssl3_enc->mac(s, &wr[j], if (s->method->ssl3_enc->mac(s, &wr[j],
&(outbuf[j][wr[j].length + eivlen]), 1) < 0) &(outbuf[j][wr[j].length + eivlen]),
1) < 0)
goto err; goto err;
SSL3_RECORD_add_length(&wr[j], mac_size); SSL3_RECORD_add_length(&wr[j], mac_size);
} }
SSL3_RECORD_set_data(&wr[j], outbuf[j]); SSL3_RECORD_set_data(&wr[j], outbuf[j]);
SSL3_RECORD_reset_input(&wr[j]); SSL3_RECORD_reset_input(&wr[j]);
@ -822,7 +818,7 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
if (s->method->ssl3_enc->enc(s, wr, numpipes, 1) < 1) if (s->method->ssl3_enc->enc(s, wr, numpipes, 1) < 1)
goto err; goto err;
for (j=0; j < numpipes; j++) { for (j = 0; j < numpipes; j++) {
if (SSL_USE_ETM(s) && mac_size != 0) { if (SSL_USE_ETM(s) && mac_size != 0) {
if (s->method->ssl3_enc->mac(s, &wr[j], if (s->method->ssl3_enc->mac(s, &wr[j],
outbuf[j] + wr[j].length, 1) < 0) outbuf[j] + wr[j].length, 1) < 0)
@ -841,7 +837,8 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
* we should now have wr->data pointing to the encrypted data, which is * we should now have wr->data pointing to the encrypted data, which is
* wr->length long * wr->length long
*/ */
SSL3_RECORD_set_type(&wr[j], type); /* not needed but helps for debugging */ SSL3_RECORD_set_type(&wr[j], type); /* not needed but helps for
* debugging */
SSL3_RECORD_add_length(&wr[j], SSL3_RT_HEADER_LENGTH); SSL3_RECORD_add_length(&wr[j], SSL3_RT_HEADER_LENGTH);
if (create_empty_fragment) { if (create_empty_fragment) {
@ -859,11 +856,9 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
/* now let's set up wb */ /* now let's set up wb */
SSL3_BUFFER_set_left(&s->rlayer.wbuf[j], SSL3_BUFFER_set_left(&s->rlayer.wbuf[j],
prefix_len + SSL3_RECORD_get_length(&wr[j])); prefix_len + SSL3_RECORD_get_length(&wr[j]));
} }
/* /*
* memorize arguments so that ssl3_write_pending can detect bad write * memorize arguments so that ssl3_write_pending can detect bad write
* retries later * retries later
@ -899,17 +894,17 @@ int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
for (;;) { for (;;) {
/* Loop until we find a buffer we haven't written out yet */ /* Loop until we find a buffer we haven't written out yet */
if (SSL3_BUFFER_get_left(&wb[currbuf]) == 0 if (SSL3_BUFFER_get_left(&wb[currbuf]) == 0
&& currbuf < s->rlayer.numwpipes - 1) { && currbuf < s->rlayer.numwpipes - 1) {
currbuf++; currbuf++;
continue; continue;
} }
clear_sys_error(); clear_sys_error();
if (s->wbio != NULL) { if (s->wbio != NULL) {
s->rwstate = SSL_WRITING; s->rwstate = SSL_WRITING;
i = BIO_write(s->wbio, i = BIO_write(s->wbio, (char *)
(char *)&(SSL3_BUFFER_get_buf(&wb[currbuf])[ &(SSL3_BUFFER_get_buf(&wb[currbuf])
SSL3_BUFFER_get_offset(&wb[currbuf])]), [SSL3_BUFFER_get_offset(&wb[currbuf])]),
(unsigned int)SSL3_BUFFER_get_left(&wb[currbuf])); (unsigned int)SSL3_BUFFER_get_left(&wb[currbuf]));
} else { } else {
SSLerr(SSL_F_SSL3_WRITE_PENDING, SSL_R_BIO_NOT_SET); SSLerr(SSL_F_SSL3_WRITE_PENDING, SSL_R_BIO_NOT_SET);
i = -1; i = -1;
@ -1059,7 +1054,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
/* Skip over any records we have already read */ /* Skip over any records we have already read */
for (curr_rec = 0; for (curr_rec = 0;
curr_rec < num_recs && SSL3_RECORD_is_read(&rr[curr_rec]); curr_rec < num_recs && SSL3_RECORD_is_read(&rr[curr_rec]);
curr_rec++); curr_rec++) ;
if (curr_rec == num_recs) { if (curr_rec == num_recs) {
RECORD_LAYER_set_numrpipes(&s->rlayer, 0); RECORD_LAYER_set_numrpipes(&s->rlayer, 0);
num_recs = 0; num_recs = 0;
@ -1089,8 +1084,8 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
} }
if (type == SSL3_RECORD_get_type(rr) if (type == SSL3_RECORD_get_type(rr)
|| (SSL3_RECORD_get_type(rr) == SSL3_RT_CHANGE_CIPHER_SPEC || (SSL3_RECORD_get_type(rr) == SSL3_RT_CHANGE_CIPHER_SPEC
&& type == SSL3_RT_HANDSHAKE && recvd_type != NULL)) { && type == SSL3_RT_HANDSHAKE && recvd_type != NULL)) {
/* /*
* SSL3_RT_APPLICATION_DATA or * SSL3_RT_APPLICATION_DATA or
* SSL3_RT_HANDSHAKE or * SSL3_RT_HANDSHAKE or
@ -1108,8 +1103,8 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
} }
if (type == SSL3_RT_HANDSHAKE if (type == SSL3_RT_HANDSHAKE
&& SSL3_RECORD_get_type(rr) == SSL3_RT_CHANGE_CIPHER_SPEC && SSL3_RECORD_get_type(rr) == SSL3_RT_CHANGE_CIPHER_SPEC
&& s->rlayer.handshake_fragment_len > 0) { && s->rlayer.handshake_fragment_len > 0) {
al = SSL_AD_UNEXPECTED_MESSAGE; al = SSL_AD_UNEXPECTED_MESSAGE;
SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_CCS_RECEIVED_EARLY); SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_CCS_RECEIVED_EARLY);
goto f_err; goto f_err;
@ -1152,8 +1147,8 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
goto start; goto start;
} }
if (!peek && curr_rec == num_recs if (!peek && curr_rec == num_recs
&& (s->mode & SSL_MODE_RELEASE_BUFFERS) && (s->mode & SSL_MODE_RELEASE_BUFFERS)
&& SSL3_BUFFER_get_left(rbuf) == 0) && SSL3_BUFFER_get_left(rbuf) == 0)
ssl3_release_read_buffer(s); ssl3_release_read_buffer(s);
return read_bytes; return read_bytes;
} }
@ -1186,7 +1181,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
} }
if (s->method->version == TLS_ANY_VERSION if (s->method->version == TLS_ANY_VERSION
&& (s->server || rr->type != SSL3_RT_ALERT)) { && (s->server || rr->type != SSL3_RT_ALERT)) {
/* /*
* If we've got this far and still haven't decided on what version * If we've got this far and still haven't decided on what version
* we're using then this must be a client side alert we're dealing with * we're using then this must be a client side alert we're dealing with
@ -1273,8 +1268,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
if (i < 0) if (i < 0)
return (i); return (i);
if (i == 0) { if (i == 0) {
SSLerr(SSL_F_SSL3_READ_BYTES, SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE);
SSL_R_SSL_HANDSHAKE_FAILURE);
return (-1); return (-1);
} }
@ -1405,7 +1399,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
* Unexpected handshake message (Client Hello, or protocol violation) * Unexpected handshake message (Client Hello, or protocol violation)
*/ */
if ((s->rlayer.handshake_fragment_len >= 4) if ((s->rlayer.handshake_fragment_len >= 4)
&& !ossl_statem_get_in_handshake(s)) { && !ossl_statem_get_in_handshake(s)) {
if (SSL_is_init_finished(s) && if (SSL_is_init_finished(s) &&
!(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)) { !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)) {
ossl_statem_set_in_init(s, 1); ossl_statem_set_in_init(s, 1);

34
ssl/record/record.h
View File

@ -33,46 +33,36 @@ typedef struct ssl3_record_st {
/* Record layer version */ /* Record layer version */
/* r */ /* r */
int rec_version; int rec_version;
/* type of record */ /* type of record */
/* r */ /* r */
int type; int type;
/* How many bytes available */ /* How many bytes available */
/* rw */ /* rw */
unsigned int length; unsigned int length;
/* /*
* How many bytes were available before padding was removed? This is used * How many bytes were available before padding was removed? This is used
* to implement the MAC check in constant time for CBC records. * to implement the MAC check in constant time for CBC records.
*/ */
/* rw */ /* rw */
unsigned int orig_len; unsigned int orig_len;
/* read/write offset into 'buf' */ /* read/write offset into 'buf' */
/* r */ /* r */
unsigned int off; unsigned int off;
/* pointer to the record data */ /* pointer to the record data */
/* rw */ /* rw */
unsigned char *data; unsigned char *data;
/* where the decode bytes are */ /* where the decode bytes are */
/* rw */ /* rw */
unsigned char *input; unsigned char *input;
/* only used with decompression - malloc()ed */ /* only used with decompression - malloc()ed */
/* r */ /* r */
unsigned char *comp; unsigned char *comp;
/* Whether the data from this record has already been read or not */ /* Whether the data from this record has already been read or not */
/* r */ /* r */
unsigned int read; unsigned int read;
/* epoch number, needed by DTLS1 */ /* epoch number, needed by DTLS1 */
/* r */ /* r */
unsigned long epoch; unsigned long epoch;
/* sequence number, needed by DTLS1 */ /* sequence number, needed by DTLS1 */
/* r */ /* r */
unsigned char seq_num[SEQ_NUM_SIZE]; unsigned char seq_num[SEQ_NUM_SIZE];
@ -81,7 +71,6 @@ typedef struct ssl3_record_st {
typedef struct dtls1_bitmap_st { typedef struct dtls1_bitmap_st {
/* Track 32 packets on 32-bit systems and 64 - on 64-bit systems */ /* Track 32 packets on 32-bit systems and 64 - on 64-bit systems */
unsigned long map; unsigned long map;
/* Max record number seen so far, 64-bit value in big-endian encoding */ /* Max record number seen so far, 64-bit value in big-endian encoding */
unsigned char max_seq_num[SEQ_NUM_SIZE]; unsigned char max_seq_num[SEQ_NUM_SIZE];
} DTLS1_BITMAP; } DTLS1_BITMAP;
@ -96,12 +85,11 @@ typedef struct dtls1_record_data_st {
unsigned int packet_length; unsigned int packet_length;
SSL3_BUFFER rbuf; SSL3_BUFFER rbuf;
SSL3_RECORD rrec; SSL3_RECORD rrec;
# ifndef OPENSSL_NO_SCTP #ifndef OPENSSL_NO_SCTP
struct bio_dgram_sctp_rcvinfo recordinfo; struct bio_dgram_sctp_rcvinfo recordinfo;
# endif #endif
} DTLS1_RECORD_DATA; } DTLS1_RECORD_DATA;
typedef struct dtls_record_layer_st { typedef struct dtls_record_layer_st {
/* /*
* The current data and handshake epoch. This is initially * The current data and handshake epoch. This is initially
@ -110,12 +98,10 @@ typedef struct dtls_record_layer_st {
*/ */
unsigned short r_epoch; unsigned short r_epoch;
unsigned short w_epoch; unsigned short w_epoch;
/* records being received in the current epoch */ /* records being received in the current epoch */
DTLS1_BITMAP bitmap; DTLS1_BITMAP bitmap;
/* renegotiation starts a new set of sequence numbers */ /* renegotiation starts a new set of sequence numbers */
DTLS1_BITMAP next_bitmap; DTLS1_BITMAP next_bitmap;
/* Received handshake records (processed and unprocessed) */ /* Received handshake records (processed and unprocessed) */
record_pqueue unprocessed_rcds; record_pqueue unprocessed_rcds;
record_pqueue processed_rcds; record_pqueue processed_rcds;
@ -133,7 +119,6 @@ typedef struct dtls_record_layer_st {
unsigned int alert_fragment_len; unsigned int alert_fragment_len;
unsigned char handshake_fragment[DTLS1_HM_HEADER_LENGTH]; unsigned char handshake_fragment[DTLS1_HM_HEADER_LENGTH];
unsigned int handshake_fragment_len; unsigned int handshake_fragment_len;
/* save last and current sequence numbers for retransmissions */ /* save last and current sequence numbers for retransmissions */
unsigned char last_write_sequence[8]; unsigned char last_write_sequence[8];
unsigned char curr_write_sequence[8]; unsigned char curr_write_sequence[8];
@ -157,7 +142,6 @@ typedef struct record_layer_st {
int read_ahead; int read_ahead;
/* where we are when reading */ /* where we are when reading */
int rstate; int rstate;
/* How many pipelines can be used to read data */ /* How many pipelines can be used to read data */
unsigned int numrpipes; unsigned int numrpipes;
/* How many pipelines can be used to write data */ /* How many pipelines can be used to write data */
@ -168,14 +152,11 @@ typedef struct record_layer_st {
SSL3_BUFFER wbuf[SSL_MAX_PIPELINES]; SSL3_BUFFER wbuf[SSL_MAX_PIPELINES];
/* each decoded record goes in here */ /* each decoded record goes in here */
SSL3_RECORD rrec[SSL_MAX_PIPELINES]; SSL3_RECORD rrec[SSL_MAX_PIPELINES];
/* used internally to point at a raw packet */ /* used internally to point at a raw packet */
unsigned char *packet; unsigned char *packet;
unsigned int packet_length; unsigned int packet_length;
/* number of bytes sent so far */ /* number of bytes sent so far */
unsigned int wnum; unsigned int wnum;
/* /*
* storage for Alert/Handshake protocol data received but not yet * storage for Alert/Handshake protocol data received but not yet
* processed by ssl3_read_bytes: * processed by ssl3_read_bytes:
@ -184,10 +165,8 @@ typedef struct record_layer_st {
unsigned int alert_fragment_len; unsigned int alert_fragment_len;
unsigned char handshake_fragment[4]; unsigned char handshake_fragment[4];
unsigned int handshake_fragment_len; unsigned int handshake_fragment_len;
/* The number of consecutive empty records we have received */ /* The number of consecutive empty records we have received */
unsigned int empty_record_count; unsigned int empty_record_count;
/* partial write - check the numbers match */ /* partial write - check the numbers match */
/* number bytes written */ /* number bytes written */
int wpend_tot; int wpend_tot;
@ -195,17 +174,13 @@ typedef struct record_layer_st {
/* number of bytes submitted */ /* number of bytes submitted */
int wpend_ret; int wpend_ret;
const unsigned char *wpend_buf; const unsigned char *wpend_buf;
unsigned char read_sequence[SEQ_NUM_SIZE]; unsigned char read_sequence[SEQ_NUM_SIZE];
unsigned char write_sequence[SEQ_NUM_SIZE]; unsigned char write_sequence[SEQ_NUM_SIZE];
/* Set to true if this is the first record in a connection */ /* Set to true if this is the first record in a connection */
unsigned int is_first_record; unsigned int is_first_record;
DTLS_RECORD_LAYER *d; DTLS_RECORD_LAYER *d;
} RECORD_LAYER; } RECORD_LAYER;
/***************************************************************************** /*****************************************************************************
* * * *
* The following macros/functions represent the libssl internal API to the * * The following macros/functions represent the libssl internal API to the *
@ -247,7 +222,7 @@ __owur int ssl3_setup_buffers(SSL *s);
__owur int ssl3_enc(SSL *s, SSL3_RECORD *inrecs, unsigned int n_recs, int send); __owur int ssl3_enc(SSL *s, SSL3_RECORD *inrecs, unsigned int n_recs, int send);
__owur int n_ssl3_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int send); __owur int n_ssl3_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int send);
__owur int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, __owur int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
unsigned int len); unsigned int len);
__owur int tls1_enc(SSL *s, SSL3_RECORD *recs, unsigned int n_recs, int send); __owur int tls1_enc(SSL *s, SSL3_RECORD *recs, unsigned int n_recs, int send);
__owur int tls1_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int send); __owur int tls1_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int send);
int DTLS_RECORD_LAYER_new(RECORD_LAYER *rl); int DTLS_RECORD_LAYER_new(RECORD_LAYER *rl);
@ -261,6 +236,5 @@ __owur int dtls1_read_bytes(SSL *s, int type, int *recvd_type,
unsigned char *buf, int len, int peek); unsigned char *buf, int len, int peek);
__owur int dtls1_write_bytes(SSL *s, int type, const void *buf, int len); __owur int dtls1_write_bytes(SSL *s, int type, const void *buf, int len);
__owur int do_dtls1_write(SSL *s, int type, const unsigned char *buf, __owur int do_dtls1_write(SSL *s, int type, const unsigned char *buf,
unsigned int len, int create_empty_fragement); unsigned int len, int create_empty_fragement);
void dtls1_reset_seq_numbers(SSL *s, int rw); void dtls1_reset_seq_numbers(SSL *s, int rw);

12
ssl/record/record_locl.h
View File

@ -40,11 +40,10 @@ __owur int ssl3_read_n(SSL *s, int n, int max, int extend, int clearold);
void RECORD_LAYER_set_write_sequence(RECORD_LAYER *rl, const unsigned char *ws); void RECORD_LAYER_set_write_sequence(RECORD_LAYER *rl, const unsigned char *ws);
DTLS1_BITMAP *dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr, DTLS1_BITMAP *dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr,
unsigned int *is_next_epoch); unsigned int *is_next_epoch);
int dtls1_process_buffered_records(SSL *s); int dtls1_process_buffered_records(SSL *s);
int dtls1_retrieve_buffered_record(SSL *s, record_pqueue *queue); int dtls1_retrieve_buffered_record(SSL *s, record_pqueue *queue);
int dtls1_buffer_record(SSL *s, record_pqueue *q, int dtls1_buffer_record(SSL *s, record_pqueue *q, unsigned char *priority);
unsigned char *priority);
void ssl3_record_sequence_update(unsigned char *seq); void ssl3_record_sequence_update(unsigned char *seq);
/* Functions provided by the DTLS1_BITMAP component */ /* Functions provided by the DTLS1_BITMAP component */
@ -52,7 +51,6 @@ void ssl3_record_sequence_update(unsigned char *seq);
int dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap); int dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap);
void dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap); void dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap);
/* Macros/functions provided by the SSL3_BUFFER component */ /* Macros/functions provided by the SSL3_BUFFER component */
#define SSL3_BUFFER_get_buf(b) ((b)->buf) #define SSL3_BUFFER_get_buf(b) ((b)->buf)
@ -108,9 +106,9 @@ __owur int ssl3_do_uncompress(SSL *ssl, SSL3_RECORD *rr);
void ssl3_cbc_copy_mac(unsigned char *out, void ssl3_cbc_copy_mac(unsigned char *out,
const SSL3_RECORD *rec, unsigned md_size); const SSL3_RECORD *rec, unsigned md_size);
__owur int ssl3_cbc_remove_padding(SSL3_RECORD *rec, __owur int ssl3_cbc_remove_padding(SSL3_RECORD *rec,
unsigned block_size, unsigned mac_size); unsigned block_size, unsigned mac_size);
__owur int tls1_cbc_remove_padding(const SSL *s, __owur int tls1_cbc_remove_padding(const SSL *s,
SSL3_RECORD *rec, SSL3_RECORD *rec,
unsigned block_size, unsigned mac_size); unsigned block_size, unsigned mac_size);
int dtls1_process_record(SSL *s); int dtls1_process_record(SSL *s);
__owur int dtls1_get_record(SSL *s); __owur int dtls1_get_record(SSL *s);

88
ssl/record/ssl3_record.c
View File

@ -61,7 +61,6 @@ void SSL3_RECORD_set_seq_num(SSL3_RECORD *r, const unsigned char *seq_num)
memcpy(r->seq_num, seq_num, SEQ_NUM_SIZE); memcpy(r->seq_num, seq_num, SEQ_NUM_SIZE);
} }
/* /*
* Peeks ahead into "read_ahead" data to see if we have a whole record waiting * Peeks ahead into "read_ahead" data to see if we have a whole record waiting
* for us in the buffer. * for us in the buffer.
@ -151,9 +150,10 @@ int ssl3_get_record(SSL *s)
(RECORD_LAYER_get_packet_length(&s->rlayer) (RECORD_LAYER_get_packet_length(&s->rlayer)
< SSL3_RT_HEADER_LENGTH)) { < SSL3_RT_HEADER_LENGTH)) {
n = ssl3_read_n(s, SSL3_RT_HEADER_LENGTH, n = ssl3_read_n(s, SSL3_RT_HEADER_LENGTH,
SSL3_BUFFER_get_len(rbuf), 0, num_recs == 0 ? 1 : 0); SSL3_BUFFER_get_len(rbuf), 0,
num_recs == 0 ? 1 : 0);
if (n <= 0) if (n <= 0)
return (n); /* error or non-blocking */ return (n); /* error or non-blocking */
RECORD_LAYER_set_rstate(&s->rlayer, SSL_ST_READ_BODY); RECORD_LAYER_set_rstate(&s->rlayer, SSL_ST_READ_BODY);
p = RECORD_LAYER_get_packet(&s->rlayer); p = RECORD_LAYER_get_packet(&s->rlayer);
@ -162,7 +162,7 @@ int ssl3_get_record(SSL *s)
* The first record received by the server may be a V2ClientHello. * The first record received by the server may be a V2ClientHello.
*/ */
if (s->server && RECORD_LAYER_is_first_record(&s->rlayer) if (s->server && RECORD_LAYER_is_first_record(&s->rlayer)
&& (p[0] & 0x80) && (p[2] == SSL2_MT_CLIENT_HELLO)) { && (p[0] & 0x80) && (p[2] == SSL2_MT_CLIENT_HELLO)) {
/* /*
* SSLv2 style record * SSLv2 style record
* *
@ -178,7 +178,7 @@ int ssl3_get_record(SSL *s)
rr[num_recs].length = ((p[0] & 0x7f) << 8) | p[1]; rr[num_recs].length = ((p[0] & 0x7f) << 8) | p[1];
if (rr[num_recs].length > SSL3_BUFFER_get_len(rbuf) if (rr[num_recs].length > SSL3_BUFFER_get_len(rbuf)
- SSL2_RT_HEADER_LENGTH) { - SSL2_RT_HEADER_LENGTH) {
al = SSL_AD_RECORD_OVERFLOW; al = SSL_AD_RECORD_OVERFLOW;
SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_PACKET_LENGTH_TOO_LONG); SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_PACKET_LENGTH_TOO_LONG);
goto f_err; goto f_err;
@ -217,7 +217,7 @@ int ssl3_get_record(SSL *s)
* shouldn't send a fatal alert back. We'll just * shouldn't send a fatal alert back. We'll just
* end. * end.
*/ */
goto err; goto err;
} }
/* /*
* Send back error using their minor version number :-) * Send back error using their minor version number :-)
@ -258,7 +258,7 @@ int ssl3_get_record(SSL *s)
} }
if (rr[num_recs].length > if (rr[num_recs].length >
SSL3_BUFFER_get_len(rbuf) - SSL3_RT_HEADER_LENGTH) { SSL3_BUFFER_get_len(rbuf) - SSL3_RT_HEADER_LENGTH) {
al = SSL_AD_RECORD_OVERFLOW; al = SSL_AD_RECORD_OVERFLOW;
SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_PACKET_LENGTH_TOO_LONG); SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_PACKET_LENGTH_TOO_LONG);
goto f_err; goto f_err;
@ -284,7 +284,7 @@ int ssl3_get_record(SSL *s)
n = ssl3_read_n(s, i, i, 1, 0); n = ssl3_read_n(s, i, i, 1, 0);
if (n <= 0) if (n <= 0)
return (n); /* error or non-blocking io */ return (n); /* error or non-blocking io */
} }
/* set state for later operations */ /* set state for later operations */
@ -335,14 +335,13 @@ int ssl3_get_record(SSL *s)
RECORD_LAYER_reset_packet_length(&s->rlayer); RECORD_LAYER_reset_packet_length(&s->rlayer);
RECORD_LAYER_clear_first_record(&s->rlayer); RECORD_LAYER_clear_first_record(&s->rlayer);
} while (num_recs < max_recs } while (num_recs < max_recs
&& rr[num_recs-1].type == SSL3_RT_APPLICATION_DATA && rr[num_recs - 1].type == SSL3_RT_APPLICATION_DATA
&& SSL_USE_EXPLICIT_IV(s) && SSL_USE_EXPLICIT_IV(s)
&& s->enc_read_ctx != NULL && s->enc_read_ctx != NULL
&& (EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(s->enc_read_ctx)) && (EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(s->enc_read_ctx))
& EVP_CIPH_FLAG_PIPELINE) & EVP_CIPH_FLAG_PIPELINE)
&& ssl3_record_app_data_waiting(s)); && ssl3_record_app_data_waiting(s));
/* /*
* If in encrypt-then-mac mode calculate mac from encrypted record. All * If in encrypt-then-mac mode calculate mac from encrypted record. All
* the details below are public so no timing details can leak. * the details below are public so no timing details can leak.
@ -402,7 +401,7 @@ int ssl3_get_record(SSL *s)
mac_size = EVP_MD_CTX_size(s->read_hash); mac_size = EVP_MD_CTX_size(s->read_hash);
OPENSSL_assert(mac_size <= EVP_MAX_MD_SIZE); OPENSSL_assert(mac_size <= EVP_MAX_MD_SIZE);
for (j=0; j < num_recs; j++) { for (j = 0; j < num_recs; j++) {
/* /*
* orig_len is the length of the record before any padding was * orig_len is the length of the record before any padding was
* removed. This is public information, as is the MAC in use, * removed. This is public information, as is the MAC in use,
@ -495,7 +494,7 @@ int ssl3_get_record(SSL *s)
if (rr[j].length == 0) { if (rr[j].length == 0) {
RECORD_LAYER_inc_empty_record_count(&s->rlayer); RECORD_LAYER_inc_empty_record_count(&s->rlayer);
if (RECORD_LAYER_get_empty_record_count(&s->rlayer) if (RECORD_LAYER_get_empty_record_count(&s->rlayer)
> MAX_EMPTY_RECORDS) { > MAX_EMPTY_RECORDS) {
al = SSL_AD_UNEXPECTED_MESSAGE; al = SSL_AD_UNEXPECTED_MESSAGE;
SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_RECORD_TOO_SMALL); SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_RECORD_TOO_SMALL);
goto f_err; goto f_err;
@ -527,8 +526,7 @@ int ssl3_do_uncompress(SSL *ssl, SSL3_RECORD *rr)
return 0; return 0;
i = COMP_expand_block(ssl->expand, rr->comp, i = COMP_expand_block(ssl->expand, rr->comp,
SSL3_RT_MAX_PLAIN_LENGTH, rr->data, SSL3_RT_MAX_PLAIN_LENGTH, rr->data, (int)rr->length);
(int)rr->length);
if (i < 0) if (i < 0)
return 0; return 0;
else else
@ -709,7 +707,7 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, unsigned int n_recs, int send)
if (n_recs > 1) { if (n_recs > 1) {
if (!(EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ds)) if (!(EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ds))
& EVP_CIPH_FLAG_PIPELINE)) { & EVP_CIPH_FLAG_PIPELINE)) {
/* /*
* We shouldn't have been called with pipeline data if the * We shouldn't have been called with pipeline data if the
* cipher doesn't support pipelining * cipher doesn't support pipelining
@ -722,7 +720,7 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, unsigned int n_recs, int send)
reclen[ctr] = recs[ctr].length; reclen[ctr] = recs[ctr].length;
if (EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ds)) if (EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ds))
& EVP_CIPH_FLAG_AEAD_CIPHER) { & EVP_CIPH_FLAG_AEAD_CIPHER) {
unsigned char *seq; unsigned char *seq;
seq = send ? RECORD_LAYER_get_write_sequence(&s->rlayer) seq = send ? RECORD_LAYER_get_write_sequence(&s->rlayer)
@ -786,7 +784,7 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, unsigned int n_recs, int send)
data[ctr] = recs[ctr].data; data[ctr] = recs[ctr].data;
} }
if (EVP_CIPHER_CTX_ctrl(ds, EVP_CTRL_SET_PIPELINE_OUTPUT_BUFS, if (EVP_CIPHER_CTX_ctrl(ds, EVP_CTRL_SET_PIPELINE_OUTPUT_BUFS,
n_recs, data) <= 0) { n_recs, data) <= 0) {
SSLerr(SSL_F_TLS1_ENC, SSL_R_PIPELINE_FAILURE); SSLerr(SSL_F_TLS1_ENC, SSL_R_PIPELINE_FAILURE);
} }
/* Set the input buffers */ /* Set the input buffers */
@ -794,9 +792,9 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, unsigned int n_recs, int send)
data[ctr] = recs[ctr].input; data[ctr] = recs[ctr].input;
} }
if (EVP_CIPHER_CTX_ctrl(ds, EVP_CTRL_SET_PIPELINE_INPUT_BUFS, if (EVP_CIPHER_CTX_ctrl(ds, EVP_CTRL_SET_PIPELINE_INPUT_BUFS,
n_recs, data) <= 0 n_recs, data) <= 0
|| EVP_CIPHER_CTX_ctrl(ds, EVP_CTRL_SET_PIPELINE_INPUT_LENS, || EVP_CIPHER_CTX_ctrl(ds, EVP_CTRL_SET_PIPELINE_INPUT_LENS,
n_recs, reclen) <= 0) { n_recs, reclen) <= 0) {
SSLerr(SSL_F_TLS1_ENC, SSL_R_PIPELINE_FAILURE); SSLerr(SSL_F_TLS1_ENC, SSL_R_PIPELINE_FAILURE);
return -1; return -1;
} }
@ -804,7 +802,7 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, unsigned int n_recs, int send)
i = EVP_Cipher(ds, recs[0].data, recs[0].input, reclen[0]); i = EVP_Cipher(ds, recs[0].data, recs[0].input, reclen[0]);
if ((EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ds)) if ((EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ds))
& EVP_CIPH_FLAG_CUSTOM_CIPHER) & EVP_CIPH_FLAG_CUSTOM_CIPHER)
? (i < 0) ? (i < 0)
: (i == 0)) : (i == 0))
return -1; /* AEAD can fail to verify MAC */ return -1; /* AEAD can fail to verify MAC */
@ -924,18 +922,18 @@ int n_ssl3_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int send)
p = md; p = md;
s2n(rec->length, p); s2n(rec->length, p);
if (EVP_MD_CTX_copy_ex(md_ctx, hash) <= 0 if (EVP_MD_CTX_copy_ex(md_ctx, hash) <= 0
|| EVP_DigestUpdate(md_ctx, mac_sec, md_size) <= 0 || EVP_DigestUpdate(md_ctx, mac_sec, md_size) <= 0
|| EVP_DigestUpdate(md_ctx, ssl3_pad_1, npad) <= 0 || EVP_DigestUpdate(md_ctx, ssl3_pad_1, npad) <= 0
|| EVP_DigestUpdate(md_ctx, seq, 8) <= 0 || EVP_DigestUpdate(md_ctx, seq, 8) <= 0
|| EVP_DigestUpdate(md_ctx, &rec_char, 1) <= 0 || EVP_DigestUpdate(md_ctx, &rec_char, 1) <= 0
|| EVP_DigestUpdate(md_ctx, md, 2) <= 0 || EVP_DigestUpdate(md_ctx, md, 2) <= 0
|| EVP_DigestUpdate(md_ctx, rec->input, rec->length) <= 0 || EVP_DigestUpdate(md_ctx, rec->input, rec->length) <= 0
|| EVP_DigestFinal_ex(md_ctx, md, NULL) <= 0 || EVP_DigestFinal_ex(md_ctx, md, NULL) <= 0
|| EVP_MD_CTX_copy_ex(md_ctx, hash) <= 0 || EVP_MD_CTX_copy_ex(md_ctx, hash) <= 0
|| EVP_DigestUpdate(md_ctx, mac_sec, md_size) <= 0 || EVP_DigestUpdate(md_ctx, mac_sec, md_size) <= 0
|| EVP_DigestUpdate(md_ctx, ssl3_pad_2, npad) <= 0 || EVP_DigestUpdate(md_ctx, ssl3_pad_2, npad) <= 0
|| EVP_DigestUpdate(md_ctx, md, md_size) <= 0 || EVP_DigestUpdate(md_ctx, md, md_size) <= 0
|| EVP_DigestFinal_ex(md_ctx, md, &md_size_u) <= 0) { || EVP_DigestFinal_ex(md_ctx, md, &md_size_u) <= 0) {
EVP_MD_CTX_reset(md_ctx); EVP_MD_CTX_reset(md_ctx);
return -1; return -1;
} }
@ -977,8 +975,7 @@ int tls1_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int send)
mac_ctx = hash; mac_ctx = hash;
} else { } else {
hmac = EVP_MD_CTX_new(); hmac = EVP_MD_CTX_new();
if (hmac == NULL if (hmac == NULL || !EVP_MD_CTX_copy(hmac, hash))
|| !EVP_MD_CTX_copy(hmac, hash))
return -1; return -1;
mac_ctx = hmac; mac_ctx = hmac;
} }
@ -1020,8 +1017,8 @@ int tls1_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int send)
} }
} else { } else {
if (EVP_DigestSignUpdate(mac_ctx, header, sizeof(header)) <= 0 if (EVP_DigestSignUpdate(mac_ctx, header, sizeof(header)) <= 0
|| EVP_DigestSignUpdate(mac_ctx, rec->input, rec->length) <= 0 || EVP_DigestSignUpdate(mac_ctx, rec->input, rec->length) <= 0
|| EVP_DigestSignFinal(mac_ctx, md, &md_size) <= 0) { || EVP_DigestSignFinal(mac_ctx, md, &md_size) <= 0) {
EVP_MD_CTX_free(hmac); EVP_MD_CTX_free(hmac);
return -1; return -1;
} }
@ -1031,7 +1028,7 @@ int tls1_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int send)
rec->length, rec->orig_len)) { rec->length, rec->orig_len)) {
EVP_MD_CTX_free(hmac); EVP_MD_CTX_free(hmac);
return -1; return -1;
} }
} }
EVP_MD_CTX_free(hmac); EVP_MD_CTX_free(hmac);
@ -1138,7 +1135,8 @@ int tls1_cbc_remove_padding(const SSL *s,
padding_length = rec->data[rec->length - 1]; padding_length = rec->data[rec->length - 1];
if (EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(s->enc_read_ctx)) & EVP_CIPH_FLAG_AEAD_CIPHER) { if (EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(s->enc_read_ctx)) &
EVP_CIPH_FLAG_AEAD_CIPHER) {
/* padding is already verified */ /* padding is already verified */
rec->length -= padding_length + 1; rec->length -= padding_length + 1;
return 1; return 1;
@ -1439,7 +1437,6 @@ int dtls1_process_record(SSL *s)
return (0); return (0);
} }
/* /*
* retrieve a buffered record that belongs to the current epoch, ie, * retrieve a buffered record that belongs to the current epoch, ie,
* processed * processed
@ -1487,13 +1484,14 @@ int dtls1_get_record(SSL *s)
if ((RECORD_LAYER_get_rstate(&s->rlayer) != SSL_ST_READ_BODY) || if ((RECORD_LAYER_get_rstate(&s->rlayer) != SSL_ST_READ_BODY) ||
(RECORD_LAYER_get_packet_length(&s->rlayer) < DTLS1_RT_HEADER_LENGTH)) { (RECORD_LAYER_get_packet_length(&s->rlayer) < DTLS1_RT_HEADER_LENGTH)) {
n = ssl3_read_n(s, DTLS1_RT_HEADER_LENGTH, n = ssl3_read_n(s, DTLS1_RT_HEADER_LENGTH,
SSL3_BUFFER_get_len(&s->rlayer.rbuf), 0, 1); SSL3_BUFFER_get_len(&s->rlayer.rbuf), 0, 1);
/* read timeout is handled by dtls1_read_bytes */ /* read timeout is handled by dtls1_read_bytes */
if (n <= 0) if (n <= 0)
return (n); /* error or non-blocking */ return (n); /* error or non-blocking */
/* this packet contained a partial record, dump it */ /* this packet contained a partial record, dump it */
if (RECORD_LAYER_get_packet_length(&s->rlayer) != DTLS1_RT_HEADER_LENGTH) { if (RECORD_LAYER_get_packet_length(&s->rlayer) !=
DTLS1_RT_HEADER_LENGTH) {
RECORD_LAYER_reset_packet_length(&s->rlayer); RECORD_LAYER_reset_packet_length(&s->rlayer);
goto again; goto again;
} }
@ -1573,7 +1571,7 @@ int dtls1_get_record(SSL *s)
bitmap = dtls1_get_bitmap(s, rr, &is_next_epoch); bitmap = dtls1_get_bitmap(s, rr, &is_next_epoch);
if (bitmap == NULL) { if (bitmap == NULL) {
rr->length = 0; rr->length = 0;
RECORD_LAYER_reset_packet_length(&s->rlayer); /* dump this record */ RECORD_LAYER_reset_packet_length(&s->rlayer); /* dump this record */
goto again; /* get another record */ goto again; /* get another record */
} }
#ifndef OPENSSL_NO_SCTP #ifndef OPENSSL_NO_SCTP
@ -1603,7 +1601,7 @@ int dtls1_get_record(SSL *s)
if ((SSL_in_init(s) || ossl_statem_get_in_handshake(s))) { if ((SSL_in_init(s) || ossl_statem_get_in_handshake(s))) {
if (dtls1_buffer_record if (dtls1_buffer_record
(s, &(DTLS_RECORD_LAYER_get_unprocessed_rcds(&s->rlayer)), (s, &(DTLS_RECORD_LAYER_get_unprocessed_rcds(&s->rlayer)),
rr->seq_num) < 0) rr->seq_num) < 0)
return -1; return -1;
/* Mark receipt of record. */ /* Mark receipt of record. */
dtls1_record_bitmap_update(s, bitmap); dtls1_record_bitmap_update(s, bitmap);
@ -1615,7 +1613,7 @@ int dtls1_get_record(SSL *s)
if (!dtls1_process_record(s)) { if (!dtls1_process_record(s)) {
rr->length = 0; rr->length = 0;
RECORD_LAYER_reset_packet_length(&s->rlayer); /* dump this record */ RECORD_LAYER_reset_packet_length(&s->rlayer); /* dump this record */
goto again; /* get another record */ goto again; /* get another record */
} }
dtls1_record_bitmap_update(s, bitmap); /* Mark receipt of record. */ dtls1_record_bitmap_update(s, bitmap); /* Mark receipt of record. */

30
ssl/s3_cbc.c
View File

@ -26,8 +26,6 @@
*/ */
#define MAX_HASH_BLOCK_SIZE 128 #define MAX_HASH_BLOCK_SIZE 128
/* /*
* u32toLE serialises an unsigned, 32-bit number (n) as four bytes at (p) in * u32toLE serialises an unsigned, 32-bit number (n) as four bytes at (p) in
* little-endian order. The value of p is advanced by four. * little-endian order. The value of p is advanced by four.
@ -129,14 +127,14 @@ char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx)
* Returns 1 on success or 0 on error * Returns 1 on success or 0 on error
*/ */
int ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, int ssl3_cbc_digest_record(const EVP_MD_CTX *ctx,
unsigned char *md_out, unsigned char *md_out,
size_t *md_out_size, size_t *md_out_size,
const unsigned char header[13], const unsigned char header[13],
const unsigned char *data, const unsigned char *data,
size_t data_plus_mac_size, size_t data_plus_mac_size,
size_t data_plus_mac_plus_padding_size, size_t data_plus_mac_plus_padding_size,
const unsigned char *mac_secret, const unsigned char *mac_secret,
unsigned mac_secret_length, char is_sslv3) unsigned mac_secret_length, char is_sslv3)
{ {
union { union {
double align; double align;
@ -461,8 +459,8 @@ int ssl3_cbc_digest_record(const EVP_MD_CTX *ctx,
memset(hmac_pad, 0x5c, sslv3_pad_length); memset(hmac_pad, 0x5c, sslv3_pad_length);
if (EVP_DigestUpdate(md_ctx, mac_secret, mac_secret_length) <= 0 if (EVP_DigestUpdate(md_ctx, mac_secret, mac_secret_length) <= 0
|| EVP_DigestUpdate(md_ctx, hmac_pad, sslv3_pad_length) <= 0 || EVP_DigestUpdate(md_ctx, hmac_pad, sslv3_pad_length) <= 0
|| EVP_DigestUpdate(md_ctx, mac_out, md_size) <= 0) || EVP_DigestUpdate(md_ctx, mac_out, md_size) <= 0)
goto err; goto err;
} else { } else {
/* Complete the HMAC in the standard manner. */ /* Complete the HMAC in the standard manner. */
@ -470,7 +468,7 @@ int ssl3_cbc_digest_record(const EVP_MD_CTX *ctx,
hmac_pad[i] ^= 0x6a; hmac_pad[i] ^= 0x6a;
if (EVP_DigestUpdate(md_ctx, hmac_pad, md_block_size) <= 0 if (EVP_DigestUpdate(md_ctx, hmac_pad, md_block_size) <= 0
|| EVP_DigestUpdate(md_ctx, mac_out, md_size) <= 0) || EVP_DigestUpdate(md_ctx, mac_out, md_size) <= 0)
goto err; goto err;
} }
ret = EVP_DigestFinal(md_ctx, md_out, &md_out_size_u); ret = EVP_DigestFinal(md_ctx, md_out, &md_out_size_u);
@ -479,7 +477,7 @@ int ssl3_cbc_digest_record(const EVP_MD_CTX *ctx,
EVP_MD_CTX_free(md_ctx); EVP_MD_CTX_free(md_ctx);
return 1; return 1;
err: err:
EVP_MD_CTX_free(md_ctx); EVP_MD_CTX_free(md_ctx);
return 0; return 0;
} }
@ -491,8 +489,8 @@ err:
*/ */
int tls_fips_digest_extra(const EVP_CIPHER_CTX *cipher_ctx, int tls_fips_digest_extra(const EVP_CIPHER_CTX *cipher_ctx,
EVP_MD_CTX *mac_ctx, const unsigned char *data, EVP_MD_CTX *mac_ctx, const unsigned char *data,
size_t data_len, size_t orig_len) size_t data_len, size_t orig_len)
{ {
size_t block_size, digest_pad, blocks_data, blocks_orig; size_t block_size, digest_pad, blocks_data, blocks_orig;
if (EVP_CIPHER_CTX_mode(cipher_ctx) != EVP_CIPH_CBC_MODE) if (EVP_CIPHER_CTX_mode(cipher_ctx) != EVP_CIPH_CBC_MODE)

50
ssl/s3_enc.c
View File

@ -140,8 +140,8 @@ int ssl3_change_cipher_state(SSL *s, int which)
dd = s->enc_read_ctx; dd = s->enc_read_ctx;
if (ssl_replace_hash(&s->read_hash, m) == NULL) { if (ssl_replace_hash(&s->read_hash, m) == NULL) {
SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR); SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR);
goto err2; goto err2;
} }
#ifndef OPENSSL_NO_COMP #ifndef OPENSSL_NO_COMP
/* COMPRESS */ /* COMPRESS */
@ -170,8 +170,8 @@ int ssl3_change_cipher_state(SSL *s, int which)
EVP_CIPHER_CTX_reset(s->enc_write_ctx); EVP_CIPHER_CTX_reset(s->enc_write_ctx);
dd = s->enc_write_ctx; dd = s->enc_write_ctx;
if (ssl_replace_hash(&s->write_hash, m) == NULL) { if (ssl_replace_hash(&s->write_hash, m) == NULL) {
SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR); SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR);
goto err2; goto err2;
} }
#ifndef OPENSSL_NO_COMP #ifndef OPENSSL_NO_COMP
/* COMPRESS */ /* COMPRESS */
@ -374,7 +374,8 @@ int ssl3_digest_cached_records(SSL *s, int keep)
if (s->s3->handshake_dgst == NULL) { if (s->s3->handshake_dgst == NULL) {
hdatalen = BIO_get_mem_data(s->s3->handshake_buffer, &hdata); hdatalen = BIO_get_mem_data(s->s3->handshake_buffer, &hdata);
if (hdatalen <= 0) { if (hdatalen <= 0) {
SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS, SSL_R_BAD_HANDSHAKE_LENGTH); SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS,
SSL_R_BAD_HANDSHAKE_LENGTH);
return 0; return 0;
} }
@ -385,10 +386,8 @@ int ssl3_digest_cached_records(SSL *s, int keep)
} }
md = ssl_handshake_md(s); md = ssl_handshake_md(s);
if ( md == NULL if (md == NULL || !EVP_DigestInit_ex(s->s3->handshake_dgst, md, NULL)
|| !EVP_DigestInit_ex(s->s3->handshake_dgst, md, NULL) || !EVP_DigestUpdate(s->s3->handshake_dgst, hdata, hdatalen)) {
|| !EVP_DigestUpdate(s->s3->handshake_dgst, hdata, hdatalen))
{
SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS, ERR_R_INTERNAL_ERROR); SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS, ERR_R_INTERNAL_ERROR);
return 0; return 0;
} }
@ -431,10 +430,10 @@ int ssl3_final_finish_mac(SSL *s, const char *sender, int len, unsigned char *p)
} }
if ((sender != NULL && EVP_DigestUpdate(ctx, sender, len) <= 0) if ((sender != NULL && EVP_DigestUpdate(ctx, sender, len) <= 0)
|| EVP_MD_CTX_ctrl(ctx, EVP_CTRL_SSL3_MASTER_SECRET, || EVP_MD_CTX_ctrl(ctx, EVP_CTRL_SSL3_MASTER_SECRET,
s->session->master_key_length, s->session->master_key_length,
s->session->master_key) <= 0 s->session->master_key) <= 0
|| EVP_DigestFinal_ex(ctx, p, NULL) <= 0) { || EVP_DigestFinal_ex(ctx, p, NULL) <= 0) {
SSLerr(SSL_F_SSL3_FINAL_FINISH_MAC, ERR_R_INTERNAL_ERROR); SSLerr(SSL_F_SSL3_FINAL_FINISH_MAC, ERR_R_INTERNAL_ERROR);
ret = 0; ret = 0;
} }
@ -472,19 +471,18 @@ int ssl3_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
} }
for (i = 0; i < 3; i++) { for (i = 0; i < 3; i++) {
if (EVP_DigestInit_ex(ctx, s->ctx->sha1, NULL) <= 0 if (EVP_DigestInit_ex(ctx, s->ctx->sha1, NULL) <= 0
|| EVP_DigestUpdate(ctx, salt[i], || EVP_DigestUpdate(ctx, salt[i],
strlen((const char *)salt[i])) <= 0 strlen((const char *)salt[i])) <= 0
|| EVP_DigestUpdate(ctx, p, len) <= 0 || EVP_DigestUpdate(ctx, p, len) <= 0
|| EVP_DigestUpdate(ctx, &(s->s3->client_random[0]), || EVP_DigestUpdate(ctx, &(s->s3->client_random[0]),
SSL3_RANDOM_SIZE) <= 0 SSL3_RANDOM_SIZE) <= 0
|| EVP_DigestUpdate(ctx, &(s->s3->server_random[0]), || EVP_DigestUpdate(ctx, &(s->s3->server_random[0]),
SSL3_RANDOM_SIZE) <= 0 SSL3_RANDOM_SIZE) <= 0
|| EVP_DigestFinal_ex(ctx, buf, &n) <= 0 || EVP_DigestFinal_ex(ctx, buf, &n) <= 0
|| EVP_DigestInit_ex(ctx, s->ctx->md5, NULL) <= 0
|| EVP_DigestInit_ex(ctx, s->ctx->md5, NULL) <= 0 || EVP_DigestUpdate(ctx, p, len) <= 0
|| EVP_DigestUpdate(ctx, p, len) <= 0 || EVP_DigestUpdate(ctx, buf, n) <= 0
|| EVP_DigestUpdate(ctx, buf, n) <= 0 || EVP_DigestFinal_ex(ctx, out, &n) <= 0) {
|| EVP_DigestFinal_ex(ctx, out, &n) <= 0) {
SSLerr(SSL_F_SSL3_GENERATE_MASTER_SECRET, ERR_R_INTERNAL_ERROR); SSLerr(SSL_F_SSL3_GENERATE_MASTER_SECRET, ERR_R_INTERNAL_ERROR);
ret = 0; ret = 0;
break; break;

148
ssl/s3_lib.c
View File

@ -66,8 +66,7 @@
* Cipher families: Chacha/poly, Camellila, Gost, IDEA, SEED * Cipher families: Chacha/poly, Camellila, Gost, IDEA, SEED
* Weak ciphers * Weak ciphers
*/ */
static SSL_CIPHER ssl3_ciphers[] = static SSL_CIPHER ssl3_ciphers[] = {
{
{ {
1, 1,
SSL3_TXT_RSA_NULL_MD5, SSL3_TXT_RSA_NULL_MD5,
@ -1135,7 +1134,7 @@ static SSL_CIPHER ssl3_ciphers[] =
256, 256,
256, 256,
}, },
#endif /* OPENSSL_NO_EC */ #endif /* OPENSSL_NO_EC */
#ifndef OPENSSL_NO_PSK #ifndef OPENSSL_NO_PSK
{ {
@ -1709,8 +1708,8 @@ static SSL_CIPHER ssl3_ciphers[] =
0, 0,
0, 0,
}, },
# endif /* OPENSSL_NO_EC */ # endif /* OPENSSL_NO_EC */
#endif /* OPENSSL_NO_PSK */ #endif /* OPENSSL_NO_PSK */
#ifndef OPENSSL_NO_SRP #ifndef OPENSSL_NO_SRP
{ {
@ -1848,7 +1847,7 @@ static SSL_CIPHER ssl3_ciphers[] =
256, 256,
256, 256,
}, },
#endif /* OPENSSL_NO_SRP */ #endif /* OPENSSL_NO_SRP */
#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
# ifndef OPENSSL_NO_RSA # ifndef OPENSSL_NO_RSA
@ -1867,7 +1866,7 @@ static SSL_CIPHER ssl3_ciphers[] =
256, 256,
256, 256,
}, },
# endif /* OPENSSL_NO_RSA */ # endif /* OPENSSL_NO_RSA */
# ifndef OPENSSL_NO_EC # ifndef OPENSSL_NO_EC
{ {
@ -1900,7 +1899,7 @@ static SSL_CIPHER ssl3_ciphers[] =
256, 256,
256, 256,
}, },
# endif /* OPENSSL_NO_EC */ # endif /* OPENSSL_NO_EC */
# ifndef OPENSSL_NO_PSK # ifndef OPENSSL_NO_PSK
{ {
@ -1963,8 +1962,9 @@ static SSL_CIPHER ssl3_ciphers[] =
256, 256,
256, 256,
}, },
# endif /* OPENSSL_NO_PSK */ # endif /* OPENSSL_NO_PSK */
#endif /* !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) */ #endif /* !defined(OPENSSL_NO_CHACHA) &&
* !defined(OPENSSL_NO_POLY1305) */
#ifndef OPENSSL_NO_CAMELLIA #ifndef OPENSSL_NO_CAMELLIA
{ {
@ -2222,8 +2222,8 @@ static SSL_CIPHER ssl3_ciphers[] =
SSL_NOT_DEFAULT | SSL_HIGH, SSL_NOT_DEFAULT | SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
128, 128,
128 128,
}, },
{ {
1, 1,
TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
@ -2237,8 +2237,8 @@ static SSL_CIPHER ssl3_ciphers[] =
SSL_NOT_DEFAULT | SSL_HIGH, SSL_NOT_DEFAULT | SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
256, 256,
256 256,
}, },
{ {
1, 1,
TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
@ -2252,8 +2252,8 @@ static SSL_CIPHER ssl3_ciphers[] =
SSL_NOT_DEFAULT | SSL_HIGH, SSL_NOT_DEFAULT | SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
128, 128,
128 128,
}, },
{ {
1, 1,
TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384, TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
@ -2267,9 +2267,9 @@ static SSL_CIPHER ssl3_ciphers[] =
SSL_NOT_DEFAULT | SSL_HIGH, SSL_NOT_DEFAULT | SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
256, 256,
256 256,
}, },
# endif /* OPENSSL_NO_EC */ # endif /* OPENSSL_NO_EC */
# ifndef OPENSSL_NO_PSK # ifndef OPENSSL_NO_PSK
{ {
@ -2285,8 +2285,8 @@ static SSL_CIPHER ssl3_ciphers[] =
SSL_NOT_DEFAULT | SSL_HIGH, SSL_NOT_DEFAULT | SSL_HIGH,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128, 128,
128 128,
}, },
{ {
1, 1,
TLS1_TXT_PSK_WITH_CAMELLIA_256_CBC_SHA384, TLS1_TXT_PSK_WITH_CAMELLIA_256_CBC_SHA384,
@ -2300,8 +2300,8 @@ static SSL_CIPHER ssl3_ciphers[] =
SSL_NOT_DEFAULT | SSL_HIGH, SSL_NOT_DEFAULT | SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
256, 256,
256 256,
}, },
{ {
1, 1,
TLS1_TXT_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, TLS1_TXT_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
@ -2315,8 +2315,8 @@ static SSL_CIPHER ssl3_ciphers[] =
SSL_NOT_DEFAULT | SSL_HIGH, SSL_NOT_DEFAULT | SSL_HIGH,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128, 128,
128 128,
}, },
{ {
1, 1,
TLS1_TXT_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, TLS1_TXT_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
@ -2330,8 +2330,8 @@ static SSL_CIPHER ssl3_ciphers[] =
SSL_NOT_DEFAULT | SSL_HIGH, SSL_NOT_DEFAULT | SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
256, 256,
256 256,
}, },
{ {
1, 1,
TLS1_TXT_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256, TLS1_TXT_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
@ -2345,8 +2345,8 @@ static SSL_CIPHER ssl3_ciphers[] =
SSL_NOT_DEFAULT | SSL_HIGH, SSL_NOT_DEFAULT | SSL_HIGH,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128, 128,
128 128,
}, },
{ {
1, 1,
TLS1_TXT_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384, TLS1_TXT_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
@ -2360,8 +2360,8 @@ static SSL_CIPHER ssl3_ciphers[] =
SSL_NOT_DEFAULT | SSL_HIGH, SSL_NOT_DEFAULT | SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
256, 256,
256 256,
}, },
{ {
1, 1,
TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
@ -2375,8 +2375,8 @@ static SSL_CIPHER ssl3_ciphers[] =
SSL_NOT_DEFAULT | SSL_HIGH, SSL_NOT_DEFAULT | SSL_HIGH,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128, 128,
128 128,
}, },
{ {
1, 1,
TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
@ -2390,11 +2390,11 @@ static SSL_CIPHER ssl3_ciphers[] =
SSL_NOT_DEFAULT | SSL_HIGH, SSL_NOT_DEFAULT | SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
256, 256,
256 256,
}, },
# endif /* OPENSSL_NO_PSK */ # endif /* OPENSSL_NO_PSK */
#endif /* OPENSSL_NO_CAMELLIA */ #endif /* OPENSSL_NO_CAMELLIA */
#ifndef OPENSSL_NO_GOST #ifndef OPENSSL_NO_GOST
{ {
@ -2410,8 +2410,8 @@ static SSL_CIPHER ssl3_ciphers[] =
SSL_HIGH, SSL_HIGH,
SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94 | TLS1_STREAM_MAC, SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94 | TLS1_STREAM_MAC,
256, 256,
256 256,
}, },
{ {
1, 1,
"GOST2001-NULL-GOST94", "GOST2001-NULL-GOST94",
@ -2425,8 +2425,8 @@ static SSL_CIPHER ssl3_ciphers[] =
SSL_STRONG_NONE, SSL_STRONG_NONE,
SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94, SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94,
0, 0,
0 0,
}, },
{ {
1, 1,
"GOST2012-GOST8912-GOST8912", "GOST2012-GOST8912-GOST8912",
@ -2440,8 +2440,8 @@ static SSL_CIPHER ssl3_ciphers[] =
SSL_HIGH, SSL_HIGH,
SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC, SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
256, 256,
256 256,
}, },
{ {
1, 1,
"GOST2012-NULL-GOST12", "GOST2012-NULL-GOST12",
@ -2455,8 +2455,9 @@ static SSL_CIPHER ssl3_ciphers[] =
SSL_STRONG_NONE, SSL_STRONG_NONE,
SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC, SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
0, 0,
0}, 0,
#endif /* OPENSSL_NO_GOST */ },
#endif /* OPENSSL_NO_GOST */
#ifndef OPENSSL_NO_IDEA #ifndef OPENSSL_NO_IDEA
{ {
@ -2537,7 +2538,7 @@ static SSL_CIPHER ssl3_ciphers[] =
128, 128,
128, 128,
}, },
#endif /* OPENSSL_NO_SEED */ #endif /* OPENSSL_NO_SEED */
#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
{ {
@ -2647,7 +2648,7 @@ static SSL_CIPHER ssl3_ciphers[] =
128, 128,
128, 128,
}, },
# endif /* OPENSSL_NO_EC */ # endif /* OPENSSL_NO_EC */
# ifndef OPENSSL_NO_PSK # ifndef OPENSSL_NO_PSK
{ {
@ -2695,13 +2696,12 @@ static SSL_CIPHER ssl3_ciphers[] =
128, 128,
128, 128,
}, },
# endif /* OPENSSL_NO_PSK */ # endif /* OPENSSL_NO_PSK */
#endif /* OPENSSL_NO_WEAK_SSL_CIPHERS */ #endif /* OPENSSL_NO_WEAK_SSL_CIPHERS */
}; };
static int cipher_compare(const void *a, const void *b) static int cipher_compare(const void *a, const void *b)
{ {
const SSL_CIPHER *ap = (const SSL_CIPHER *)a; const SSL_CIPHER *ap = (const SSL_CIPHER *)a;
@ -2716,7 +2716,6 @@ void ssl_sort_cipher_list(void)
cipher_compare); cipher_compare);
} }
const SSL3_ENC_METHOD SSLv3_enc_data = { const SSL3_ENC_METHOD SSLv3_enc_data = {
ssl3_enc, ssl3_enc,
n_ssl3_mac, n_ssl3_mac,
@ -2767,7 +2766,7 @@ int ssl3_set_handshake_header(SSL *s, int htype, unsigned long len)
s->init_num = (int)len + SSL3_HM_HEADER_LENGTH; s->init_num = (int)len + SSL3_HM_HEADER_LENGTH;
s->init_off = 0; s->init_off = 0;
return 1; return 1;
} }
int ssl3_handshake_write(SSL *s) int ssl3_handshake_write(SSL *s)
@ -2785,7 +2784,7 @@ int ssl3_new(SSL *s)
#ifndef OPENSSL_NO_SRP #ifndef OPENSSL_NO_SRP
if (!SSL_SRP_CTX_init(s)) if (!SSL_SRP_CTX_init(s))
goto err; goto err;
#endif #endif
s->method->ssl_clear(s); s->method->ssl_clear(s);
return (1); return (1);
@ -2833,7 +2832,7 @@ void ssl3_clear(SSL *s)
#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH) #if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
EVP_PKEY_free(s->s3->tmp.pkey); EVP_PKEY_free(s->s3->tmp.pkey);
EVP_PKEY_free(s->s3->peer_tmp); EVP_PKEY_free(s->s3->peer_tmp);
#endif /* !OPENSSL_NO_EC */ #endif /* !OPENSSL_NO_EC */
ssl3_free_digest_list(s); ssl3_free_digest_list(s);
@ -2861,8 +2860,7 @@ static char *srp_password_from_info_cb(SSL *s, void *arg)
} }
#endif #endif
static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len);
size_t len);
long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
{ {
@ -3102,13 +3100,11 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
case SSL_CTRL_SET_CURVES: case SSL_CTRL_SET_CURVES:
return tls1_set_curves(&s->tlsext_ellipticcurvelist, return tls1_set_curves(&s->tlsext_ellipticcurvelist,
&s->tlsext_ellipticcurvelist_length, &s->tlsext_ellipticcurvelist_length, parg, larg);
parg, larg);
case SSL_CTRL_SET_CURVES_LIST: case SSL_CTRL_SET_CURVES_LIST:
return tls1_set_curves_list(&s->tlsext_ellipticcurvelist, return tls1_set_curves_list(&s->tlsext_ellipticcurvelist,
&s->tlsext_ellipticcurvelist_length, &s->tlsext_ellipticcurvelist_length, parg);
parg);
case SSL_CTRL_GET_SHARED_CURVE: case SSL_CTRL_GET_SHARED_CURVE:
return tls1_shared_curve(s, larg); return tls1_shared_curve(s, larg);
@ -3300,7 +3296,8 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
{ {
unsigned char *keys = parg; unsigned char *keys = parg;
long tlsext_tick_keylen = (sizeof(ctx->tlsext_tick_key_name) + long tlsext_tick_keylen = (sizeof(ctx->tlsext_tick_key_name) +
sizeof(ctx->tlsext_tick_hmac_key) + sizeof(ctx->tlsext_tick_aes_key)); sizeof(ctx->tlsext_tick_hmac_key) +
sizeof(ctx->tlsext_tick_aes_key));
if (keys == NULL) if (keys == NULL)
return tlsext_tick_keylen; return tlsext_tick_keylen;
if (larg != tlsext_tick_keylen) { if (larg != tlsext_tick_keylen) {
@ -3314,7 +3311,8 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
keys + sizeof(ctx->tlsext_tick_key_name), keys + sizeof(ctx->tlsext_tick_key_name),
sizeof(ctx->tlsext_tick_hmac_key)); sizeof(ctx->tlsext_tick_hmac_key));
memcpy(ctx->tlsext_tick_aes_key, memcpy(ctx->tlsext_tick_aes_key,
keys + sizeof(ctx->tlsext_tick_key_name) + sizeof(ctx->tlsext_tick_hmac_key), keys + sizeof(ctx->tlsext_tick_key_name) +
sizeof(ctx->tlsext_tick_hmac_key),
sizeof(ctx->tlsext_tick_aes_key)); sizeof(ctx->tlsext_tick_aes_key));
} else { } else {
memcpy(keys, ctx->tlsext_tick_key_name, memcpy(keys, ctx->tlsext_tick_key_name,
@ -3322,7 +3320,8 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
memcpy(keys + sizeof(ctx->tlsext_tick_key_name), memcpy(keys + sizeof(ctx->tlsext_tick_key_name),
ctx->tlsext_tick_hmac_key, ctx->tlsext_tick_hmac_key,
sizeof(ctx->tlsext_tick_hmac_key)); sizeof(ctx->tlsext_tick_hmac_key));
memcpy(keys + sizeof(ctx->tlsext_tick_key_name) + sizeof(ctx->tlsext_tick_hmac_key), memcpy(keys + sizeof(ctx->tlsext_tick_key_name) +
sizeof(ctx->tlsext_tick_hmac_key),
ctx->tlsext_tick_aes_key, ctx->tlsext_tick_aes_key,
sizeof(ctx->tlsext_tick_aes_key)); sizeof(ctx->tlsext_tick_aes_key));
} }
@ -3355,8 +3354,7 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
ctx->srp_ctx.login = NULL; ctx->srp_ctx.login = NULL;
if (parg == NULL) if (parg == NULL)
break; break;
if (strlen((const char *)parg) > 255 if (strlen((const char *)parg) > 255 || strlen((const char *)parg) < 1) {
|| strlen((const char *)parg) < 1) {
SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_SRP_USERNAME); SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_SRP_USERNAME);
return 0; return 0;
} }
@ -3560,7 +3558,7 @@ int ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
* Returns the selected cipher or NULL when no common ciphers. * Returns the selected cipher or NULL when no common ciphers.
*/ */
const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
STACK_OF(SSL_CIPHER) *srvr) STACK_OF(SSL_CIPHER) *srvr)
{ {
const SSL_CIPHER *c, *ret = NULL; const SSL_CIPHER *c, *ret = NULL;
STACK_OF(SSL_CIPHER) *prio, *allow; STACK_OF(SSL_CIPHER) *prio, *allow;
@ -3611,11 +3609,11 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
/* Skip ciphers not supported by the protocol version */ /* Skip ciphers not supported by the protocol version */
if (!SSL_IS_DTLS(s) && if (!SSL_IS_DTLS(s) &&
((s->version < c->min_tls) || (s->version > c->max_tls))) ((s->version < c->min_tls) || (s->version > c->max_tls)))
continue; continue;
if (SSL_IS_DTLS(s) && if (SSL_IS_DTLS(s) &&
(DTLS_VERSION_LT(s->version, c->min_dtls) || (DTLS_VERSION_LT(s->version, c->min_dtls) ||
DTLS_VERSION_GT(s->version, c->max_dtls))) DTLS_VERSION_GT(s->version, c->max_dtls)))
continue; continue;
mask_k = s->s3->tmp.mask_k; mask_k = s->s3->tmp.mask_k;
@ -3642,14 +3640,14 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
alg_a, mask_k, mask_a, (void *)c, c->name); alg_a, mask_k, mask_a, (void *)c, c->name);
#endif #endif
# ifndef OPENSSL_NO_EC #ifndef OPENSSL_NO_EC
/* /*
* if we are considering an ECC cipher suite that uses an ephemeral * if we are considering an ECC cipher suite that uses an ephemeral
* EC key check it * EC key check it
*/ */
if (alg_k & SSL_kECDHE) if (alg_k & SSL_kECDHE)
ok = ok && tls1_check_ec_tmp_key(s, c->id); ok = ok && tls1_check_ec_tmp_key(s, c->id);
# endif /* OPENSSL_NO_EC */ #endif /* OPENSSL_NO_EC */
if (!ok) if (!ok)
continue; continue;
@ -3803,8 +3801,7 @@ int ssl3_write(SSL *s, const void *buf, int len)
if (s->s3->renegotiate) if (s->s3->renegotiate)
ssl3_renegotiate_check(s); ssl3_renegotiate_check(s);
return s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA, return s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len);
buf, len);
} }
static int ssl3_read_internal(SSL *s, void *buf, int len, int peek) static int ssl3_read_internal(SSL *s, void *buf, int len, int peek)
@ -4040,11 +4037,12 @@ EVP_PKEY *ssl_generate_pkey_curve(int id)
pkey = NULL; pkey = NULL;
} }
err: err:
EVP_PKEY_CTX_free(pctx); EVP_PKEY_CTX_free(pctx);
return pkey; return pkey;
} }
#endif #endif
/* Derive premaster or master secret for ECDH/DH */ /* Derive premaster or master secret for ECDH/DH */
int ssl_derive(SSL *s, EVP_PKEY *privkey, EVP_PKEY *pubkey) int ssl_derive(SSL *s, EVP_PKEY *privkey, EVP_PKEY *pubkey)
{ {
@ -4083,7 +4081,7 @@ int ssl_derive(SSL *s, EVP_PKEY *privkey, EVP_PKEY *pubkey)
rv = 1; rv = 1;
} }
err: err:
OPENSSL_clear_free(pms, pmslen); OPENSSL_clear_free(pms, pmslen);
EVP_PKEY_CTX_free(pctx); EVP_PKEY_CTX_free(pctx);
return rv; return rv;

3
ssl/s3_msg.c
View File

@ -24,8 +24,7 @@ int ssl3_do_change_cipher_spec(SSL *s)
if (s->s3->tmp.key_block == NULL) { if (s->s3->tmp.key_block == NULL) {
if (s->session == NULL || s->session->master_key_length == 0) { if (s->session == NULL || s->session->master_key_length == 0) {
/* might happen if dtls1_read_bytes() calls this */ /* might happen if dtls1_read_bytes() calls this */
SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC, SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC, SSL_R_CCS_RECEIVED_EARLY);
SSL_R_CCS_RECEIVED_EARLY);
return (0); return (0);
} }

2
ssl/ssl_asn1.c
View File

@ -359,7 +359,7 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
*pp = p; *pp = p;
return ret; return ret;
err: err:
M_ASN1_free_of(as, SSL_SESSION_ASN1); M_ASN1_free_of(as, SSL_SESSION_ASN1);
if ((a == NULL) || (*a != ret)) if ((a == NULL) || (*a != ret))
SSL_SESSION_free(ret); SSL_SESSION_free(ret);

41
ssl/ssl_cert.c
View File

@ -31,8 +31,8 @@
#include "ssl_locl.h" #include "ssl_locl.h"
#include "internal/thread_once.h" #include "internal/thread_once.h"
static int ssl_security_default_callback(const SSL *s, const SSL_CTX *ctx, int op, static int ssl_security_default_callback(const SSL *s, const SSL_CTX *ctx,
int bits, int nid, void *other, int op, int bits, int nid, void *other,
void *ex); void *ex);
static CRYPTO_ONCE ssl_x509_store_ctx_once = CRYPTO_ONCE_STATIC_INIT; static CRYPTO_ONCE ssl_x509_store_ctx_once = CRYPTO_ONCE_STATIC_INIT;
@ -41,8 +41,8 @@ static volatile int ssl_x509_store_ctx_idx = -1;
DEFINE_RUN_ONCE_STATIC(ssl_x509_store_ctx_init) DEFINE_RUN_ONCE_STATIC(ssl_x509_store_ctx_init)
{ {
ssl_x509_store_ctx_idx = X509_STORE_CTX_get_ex_new_index(0, ssl_x509_store_ctx_idx = X509_STORE_CTX_get_ex_new_index(0,
"SSL for verify callback", "SSL for verify callback",
NULL, NULL, NULL); NULL, NULL, NULL);
return ssl_x509_store_ctx_idx >= 0; return ssl_x509_store_ctx_idx >= 0;
} }
@ -96,7 +96,6 @@ CERT *ssl_cert_dup(CERT *cert)
OPENSSL_free(ret); OPENSSL_free(ret);
return NULL; return NULL;
} }
#ifndef OPENSSL_NO_DH #ifndef OPENSSL_NO_DH
if (cert->dh_tmp != NULL) { if (cert->dh_tmp != NULL) {
ret->dh_tmp = cert->dh_tmp; ret->dh_tmp = cert->dh_tmp;
@ -134,11 +133,9 @@ CERT *ssl_cert_dup(CERT *cert)
SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_MALLOC_FAILURE); SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_MALLOC_FAILURE);
goto err; goto err;
} }
ret->pkeys[i].serverinfo_length = ret->pkeys[i].serverinfo_length = cert->pkeys[i].serverinfo_length;
cert->pkeys[i].serverinfo_length;
memcpy(ret->pkeys[i].serverinfo, memcpy(ret->pkeys[i].serverinfo,
cert->pkeys[i].serverinfo, cert->pkeys[i].serverinfo, cert->pkeys[i].serverinfo_length);
cert->pkeys[i].serverinfo_length);
} }
} }
@ -412,7 +409,8 @@ int ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk)
/* Set suite B flags if needed */ /* Set suite B flags if needed */
X509_STORE_CTX_set_flags(ctx, tls1_suiteb(s)); X509_STORE_CTX_set_flags(ctx, tls1_suiteb(s));
if (!X509_STORE_CTX_set_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx(), s)) { if (!X509_STORE_CTX_set_ex_data
(ctx, SSL_get_ex_data_X509_STORE_CTX_idx(), s)) {
goto end; goto end;
} }
@ -454,7 +452,7 @@ int ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk)
/* Move peername from the store context params to the SSL handle's */ /* Move peername from the store context params to the SSL handle's */
X509_VERIFY_PARAM_move_peername(s->param, param); X509_VERIFY_PARAM_move_peername(s->param, param);
end: end:
X509_STORE_CTX_free(ctx); X509_STORE_CTX_free(ctx);
return i; return i;
} }
@ -505,7 +503,7 @@ STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *ctx)
STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s) STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s)
{ {
if (!s->server) { /* we are in the client */ if (!s->server) { /* we are in the client */
if (((s->version >> 8) == SSL3_VERSION_MAJOR) && (s->s3 != NULL)) if (((s->version >> 8) == SSL3_VERSION_MAJOR) && (s->s3 != NULL))
return (s->s3->tmp.ca_names); return (s->s3->tmp.ca_names);
else else
@ -576,8 +574,7 @@ STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file)
X509 *x = NULL; X509 *x = NULL;
X509_NAME *xn = NULL; X509_NAME *xn = NULL;
STACK_OF(X509_NAME) *ret = NULL; STACK_OF(X509_NAME) *ret = NULL;
LHASH_OF(X509_NAME) *name_hash = LHASH_OF(X509_NAME) *name_hash = lh_X509_NAME_new(xname_hash, xname_cmp);
lh_X509_NAME_new(xname_hash, xname_cmp);
if ((name_hash == NULL) || (in == NULL)) { if ((name_hash == NULL) || (in == NULL)) {
SSLerr(SSL_F_SSL_LOAD_CLIENT_CA_FILE, ERR_R_MALLOC_FAILURE); SSLerr(SSL_F_SSL_LOAD_CLIENT_CA_FILE, ERR_R_MALLOC_FAILURE);
@ -651,8 +648,7 @@ int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
in = BIO_new(BIO_s_file()); in = BIO_new(BIO_s_file());
if (in == NULL) { if (in == NULL) {
SSLerr(SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK, SSLerr(SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK, ERR_R_MALLOC_FAILURE);
ERR_R_MALLOC_FAILURE);
goto err; goto err;
} }
@ -806,7 +802,7 @@ int ssl_add_cert_chain(SSL *s, CERT_PKEY *cpk, unsigned long *l)
chain_store = s->ctx->cert_store; chain_store = s->ctx->cert_store;
if (chain_store) { if (chain_store) {
X509_STORE_CTX* xs_ctx = X509_STORE_CTX_new(); X509_STORE_CTX *xs_ctx = X509_STORE_CTX_new();
if (xs_ctx == NULL) { if (xs_ctx == NULL) {
SSLerr(SSL_F_SSL_ADD_CERT_CHAIN, ERR_R_MALLOC_FAILURE); SSLerr(SSL_F_SSL_ADD_CERT_CHAIN, ERR_R_MALLOC_FAILURE);
@ -823,10 +819,10 @@ int ssl_add_cert_chain(SSL *s, CERT_PKEY *cpk, unsigned long *l)
* ignore the error return from this call. We're not actually verifying * ignore the error return from this call. We're not actually verifying
* the cert - we're just building as much of the chain as we can * the cert - we're just building as much of the chain as we can
*/ */
(void) X509_verify_cert(xs_ctx); (void)X509_verify_cert(xs_ctx);
/* Don't leave errors in the queue */ /* Don't leave errors in the queue */
ERR_clear_error(); ERR_clear_error();
chain = X509_STORE_CTX_get0_chain(xs_ctx); chain = X509_STORE_CTX_get0_chain(xs_ctx);
i = ssl_security_cert_chain(s, chain, NULL, 0); i = ssl_security_cert_chain(s, chain, NULL, 0);
if (i != 1) { if (i != 1) {
#if 0 #if 0
@ -892,8 +888,7 @@ int ssl_build_cert_chain(SSL *s, SSL_CTX *ctx, int flags)
if (!X509_STORE_add_cert(chain_store, x)) { if (!X509_STORE_add_cert(chain_store, x)) {
error = ERR_peek_last_error(); error = ERR_peek_last_error();
if (ERR_GET_LIB(error) != ERR_LIB_X509 || if (ERR_GET_LIB(error) != ERR_LIB_X509 ||
ERR_GET_REASON(error) != ERR_GET_REASON(error) != X509_R_CERT_ALREADY_IN_HASH_TABLE)
X509_R_CERT_ALREADY_IN_HASH_TABLE)
goto err; goto err;
ERR_clear_error(); ERR_clear_error();
} }
@ -1001,8 +996,8 @@ int ssl_cert_set_cert_store(CERT *c, X509_STORE *store, int chain, int ref)
return 1; return 1;
} }
static int ssl_security_default_callback(const SSL *s, const SSL_CTX *ctx, int op, static int ssl_security_default_callback(const SSL *s, const SSL_CTX *ctx,
int bits, int nid, void *other, int op, int bits, int nid, void *other,
void *ex) void *ex)
{ {
int level, minbits; int level, minbits;

104
ssl/ssl_ciph.c
View File

@ -131,9 +131,9 @@ static const ssl_cipher_table ssl_cipher_table_mac[SSL_MD_NUM_IDX] = {
{SSL_GOST89MAC, NID_id_Gost28147_89_MAC}, /* SSL_MD_GOST89MAC_IDX 3 */ {SSL_GOST89MAC, NID_id_Gost28147_89_MAC}, /* SSL_MD_GOST89MAC_IDX 3 */
{SSL_SHA256, NID_sha256}, /* SSL_MD_SHA256_IDX 4 */ {SSL_SHA256, NID_sha256}, /* SSL_MD_SHA256_IDX 4 */
{SSL_SHA384, NID_sha384}, /* SSL_MD_SHA384_IDX 5 */ {SSL_SHA384, NID_sha384}, /* SSL_MD_SHA384_IDX 5 */
{SSL_GOST12_256, NID_id_GostR3411_2012_256}, /* SSL_MD_GOST12_256_IDX 6 */ {SSL_GOST12_256, NID_id_GostR3411_2012_256}, /* SSL_MD_GOST12_256_IDX 6 */
{SSL_GOST89MAC12, NID_gost_mac_12}, /* SSL_MD_GOST89MAC12_IDX 7 */ {SSL_GOST89MAC12, NID_gost_mac_12}, /* SSL_MD_GOST89MAC12_IDX 7 */
{SSL_GOST12_512, NID_id_GostR3411_2012_512}, /* SSL_MD_GOST12_512_IDX 8 */ {SSL_GOST12_512, NID_id_GostR3411_2012_512}, /* SSL_MD_GOST12_512_IDX 8 */
{0, NID_md5_sha1}, /* SSL_MD_MD5_SHA1_IDX 9 */ {0, NID_md5_sha1}, /* SSL_MD_MD5_SHA1_IDX 9 */
{0, NID_sha224}, /* SSL_MD_SHA224_IDX 10 */ {0, NID_sha224}, /* SSL_MD_SHA224_IDX 10 */
{0, NID_sha512} /* SSL_MD_SHA512_IDX 11 */ {0, NID_sha512} /* SSL_MD_SHA512_IDX 11 */
@ -143,28 +143,30 @@ static const EVP_MD *ssl_digest_methods[SSL_MD_NUM_IDX] = {
NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL
}; };
/* *INDENT-OFF* */
static const ssl_cipher_table ssl_cipher_table_kx[] = { static const ssl_cipher_table ssl_cipher_table_kx[] = {
{ SSL_kRSA, NID_kx_rsa }, {SSL_kRSA, NID_kx_rsa},
{ SSL_kECDHE, NID_kx_ecdhe }, {SSL_kECDHE, NID_kx_ecdhe},
{ SSL_kDHE, NID_kx_dhe }, {SSL_kDHE, NID_kx_dhe},
{ SSL_kECDHEPSK, NID_kx_ecdhe_psk }, {SSL_kECDHEPSK, NID_kx_ecdhe_psk},
{ SSL_kDHEPSK, NID_kx_dhe_psk }, {SSL_kDHEPSK, NID_kx_dhe_psk},
{ SSL_kRSAPSK, NID_kx_rsa_psk }, {SSL_kRSAPSK, NID_kx_rsa_psk},
{ SSL_kPSK, NID_kx_psk }, {SSL_kPSK, NID_kx_psk},
{ SSL_kSRP, NID_kx_srp }, {SSL_kSRP, NID_kx_srp},
{ SSL_kGOST, NID_kx_gost } {SSL_kGOST, NID_kx_gost}
}; };
static const ssl_cipher_table ssl_cipher_table_auth[] = { static const ssl_cipher_table ssl_cipher_table_auth[] = {
{ SSL_aRSA, NID_auth_rsa }, {SSL_aRSA, NID_auth_rsa},
{ SSL_aECDSA, NID_auth_ecdsa }, {SSL_aECDSA, NID_auth_ecdsa},
{ SSL_aPSK, NID_auth_psk }, {SSL_aPSK, NID_auth_psk},
{ SSL_aDSS, NID_auth_dss }, {SSL_aDSS, NID_auth_dss},
{ SSL_aGOST01, NID_auth_gost01 }, {SSL_aGOST01, NID_auth_gost01},
{ SSL_aGOST12, NID_auth_gost12 }, {SSL_aGOST12, NID_auth_gost12},
{ SSL_aSRP, NID_auth_srp }, {SSL_aSRP, NID_auth_srp},
{ SSL_aNULL, NID_auth_null } {SSL_aNULL, NID_auth_null}
}; };
/* *INDENT-ON* */
/* Utility function for table lookup */ /* Utility function for table lookup */
static int ssl_cipher_info_find(const ssl_cipher_table * table, static int ssl_cipher_info_find(const ssl_cipher_table * table,
@ -286,9 +288,11 @@ static const SSL_CIPHER cipher_aliases[] = {
{0, SSL_TXT_eNULL, 0, 0, 0, SSL_eNULL, 0, 0, 0, 0, 0, 0, 0, 0, 0}, {0, SSL_TXT_eNULL, 0, 0, 0, SSL_eNULL, 0, 0, 0, 0, 0, 0, 0, 0, 0},
{0, SSL_TXT_GOST, 0, 0, 0, SSL_eGOST2814789CNT | SSL_eGOST2814789CNT12, 0, {0, SSL_TXT_GOST, 0, 0, 0, SSL_eGOST2814789CNT | SSL_eGOST2814789CNT12, 0,
0, 0, 0, 0, 0, 0, 0, 0}, 0, 0, 0, 0, 0, 0, 0, 0},
{0, SSL_TXT_AES128, 0, 0, 0, SSL_AES128 | SSL_AES128GCM | SSL_AES128CCM | SSL_AES128CCM8, 0, {0, SSL_TXT_AES128, 0, 0, 0,
SSL_AES128 | SSL_AES128GCM | SSL_AES128CCM | SSL_AES128CCM8, 0,
0, 0, 0, 0, 0, 0, 0, 0}, 0, 0, 0, 0, 0, 0, 0, 0},
{0, SSL_TXT_AES256, 0, 0, 0, SSL_AES256 | SSL_AES256GCM | SSL_AES256CCM | SSL_AES256CCM8, 0, {0, SSL_TXT_AES256, 0, 0, 0,
SSL_AES256 | SSL_AES256GCM | SSL_AES256CCM | SSL_AES256CCM8, 0,
0, 0, 0, 0, 0, 0, 0, 0}, 0, 0, 0, 0, 0, 0, 0, 0},
{0, SSL_TXT_AES, 0, 0, 0, SSL_AES, 0, 0, 0, 0, 0, 0, 0, 0, 0}, {0, SSL_TXT_AES, 0, 0, 0, SSL_AES, 0, 0, 0, 0, 0, 0, 0, 0, 0},
{0, SSL_TXT_AES_GCM, 0, 0, 0, SSL_AES128GCM | SSL_AES256GCM, 0, 0, 0, 0, {0, SSL_TXT_AES_GCM, 0, 0, 0, SSL_AES128GCM | SSL_AES256GCM, 0, 0, 0, 0,
@ -303,7 +307,7 @@ static const SSL_CIPHER cipher_aliases[] = {
{0, SSL_TXT_CAMELLIA256, 0, 0, 0, SSL_CAMELLIA256, 0, 0, 0, 0, 0, 0, 0, 0, {0, SSL_TXT_CAMELLIA256, 0, 0, 0, SSL_CAMELLIA256, 0, 0, 0, 0, 0, 0, 0, 0,
0}, 0},
{0, SSL_TXT_CAMELLIA, 0, 0, 0, SSL_CAMELLIA, 0, 0, 0, 0, 0, 0, 0, 0, 0}, {0, SSL_TXT_CAMELLIA, 0, 0, 0, SSL_CAMELLIA, 0, 0, 0, 0, 0, 0, 0, 0, 0},
{0, SSL_TXT_CHACHA20, 0, 0, 0, SSL_CHACHA20, 0, 0, 0, 0, 0, 0, 0, 0, 0 }, {0, SSL_TXT_CHACHA20, 0, 0, 0, SSL_CHACHA20, 0, 0, 0, 0, 0, 0, 0, 0, 0},
/* MAC aliases */ /* MAC aliases */
{0, SSL_TXT_MD5, 0, 0, 0, 0, SSL_MD5, 0, 0, 0, 0, 0, 0, 0, 0}, {0, SSL_TXT_MD5, 0, 0, 0, 0, SSL_MD5, 0, 0, 0, 0, 0, 0, 0, 0},
@ -453,7 +457,8 @@ void ssl_load_ciphers(void)
disabled_mac_mask |= SSL_GOST89MAC; disabled_mac_mask |= SSL_GOST89MAC;
} }
ssl_mac_pkey_id[SSL_MD_GOST89MAC12_IDX] = get_optional_pkey_id("gost-mac-12"); ssl_mac_pkey_id[SSL_MD_GOST89MAC12_IDX] =
get_optional_pkey_id("gost-mac-12");
if (ssl_mac_pkey_id[SSL_MD_GOST89MAC12_IDX]) { if (ssl_mac_pkey_id[SSL_MD_GOST89MAC12_IDX]) {
ssl_mac_secret_size[SSL_MD_GOST89MAC12_IDX] = 32; ssl_mac_secret_size[SSL_MD_GOST89MAC12_IDX] = 32;
} else { } else {
@ -469,7 +474,8 @@ void ssl_load_ciphers(void)
/* /*
* Disable GOST key exchange if no GOST signature algs are available * * Disable GOST key exchange if no GOST signature algs are available *
*/ */
if ((disabled_auth_mask & (SSL_aGOST01 | SSL_aGOST12)) == (SSL_aGOST01 | SSL_aGOST12)) if ((disabled_auth_mask & (SSL_aGOST01 | SSL_aGOST12)) ==
(SSL_aGOST01 | SSL_aGOST12))
disabled_mkey_mask |= SSL_kGOST; disabled_mkey_mask |= SSL_kGOST;
} }
@ -824,8 +830,8 @@ static void ssl_cipher_apply_rule(uint32_t cipher_id, uint32_t alg_mkey,
#endif #endif
if (rule == CIPHER_DEL || rule == CIPHER_BUMP) if (rule == CIPHER_DEL || rule == CIPHER_BUMP)
reverse = 1; /* needed to maintain sorting between reverse = 1; /* needed to maintain sorting between currently
* currently deleted ciphers */ * deleted ciphers */
head = *head_p; head = *head_p;
tail = *tail_p; tail = *tail_p;
@ -1057,8 +1063,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
* it is no command or separator nor * it is no command or separator nor
* alphanumeric, so we call this an error. * alphanumeric, so we call this an error.
*/ */
SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR, SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR, SSL_R_INVALID_COMMAND);
SSL_R_INVALID_COMMAND);
retval = found = 0; retval = found = 0;
l++; l++;
break; break;
@ -1216,8 +1221,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
ok = 1; ok = 1;
} }
} else } else
SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR, SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR, SSL_R_INVALID_COMMAND);
SSL_R_INVALID_COMMAND);
if (ok == 0) if (ok == 0)
retval = 0; retval = 0;
/* /*
@ -1293,8 +1297,7 @@ static int check_suiteb_cipher_list(const SSL_METHOD *meth, CERT *c,
} }
return 1; return 1;
# else # else
SSLerr(SSL_F_CHECK_SUITEB_CIPHER_LIST, SSLerr(SSL_F_CHECK_SUITEB_CIPHER_LIST, SSL_R_ECDH_REQUIRED_FOR_SUITEB_MODE);
SSL_R_ECDH_REQUIRED_FOR_SUITEB_MODE);
return 0; return 0;
# endif # endif
} }
@ -1347,8 +1350,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, STACK
ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers, ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers,
disabled_mkey, disabled_auth, disabled_enc, disabled_mkey, disabled_auth, disabled_enc,
disabled_mac, co_list, &head, disabled_mac, co_list, &head, &tail);
&tail);
/* Now arrange all ciphers by preference. */ /* Now arrange all ciphers by preference. */
@ -1366,18 +1368,17 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, STACK
ssl_cipher_apply_rule(0, SSL_kECDHE, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, ssl_cipher_apply_rule(0, SSL_kECDHE, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head,
&tail); &tail);
/* Within each strength group, we prefer GCM over CHACHA... */ /* Within each strength group, we prefer GCM over CHACHA... */
ssl_cipher_apply_rule(0, 0, 0, SSL_AESGCM, 0, 0, 0, CIPHER_ADD, -1, ssl_cipher_apply_rule(0, 0, 0, SSL_AESGCM, 0, 0, 0, CIPHER_ADD, -1,
&head, &tail); &head, &tail);
ssl_cipher_apply_rule(0, 0, 0, SSL_CHACHA20, 0, 0, 0, CIPHER_ADD, -1, ssl_cipher_apply_rule(0, 0, 0, SSL_CHACHA20, 0, 0, 0, CIPHER_ADD, -1,
&head, &tail); &head, &tail);
/* /*
* ...and generally, our preferred cipher is AES. * ...and generally, our preferred cipher is AES.
* Note that AEADs will be bumped to take preference after sorting by * Note that AEADs will be bumped to take preference after sorting by
* strength. * strength.
*/ */
ssl_cipher_apply_rule(0, 0, 0, SSL_AES ^ SSL_AESGCM, 0, 0, 0, CIPHER_ADD, ssl_cipher_apply_rule(0, 0, 0, SSL_AES ^ SSL_AESGCM, 0, 0, 0, CIPHER_ADD,
-1, &head, &tail); -1, &head, &tail);
@ -1441,9 +1442,9 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, STACK
ssl_cipher_apply_rule(0, 0, 0, 0, SSL_AEAD, 0, 0, CIPHER_BUMP, -1, ssl_cipher_apply_rule(0, 0, 0, 0, SSL_AEAD, 0, 0, CIPHER_BUMP, -1,
&head, &tail); &head, &tail);
ssl_cipher_apply_rule(0, SSL_kDHE | SSL_kECDHE, 0, 0, 0, 0, 0, ssl_cipher_apply_rule(0, SSL_kDHE | SSL_kECDHE, 0, 0, 0, 0, 0,
CIPHER_BUMP, -1, &head, &tail); CIPHER_BUMP, -1, &head, &tail);
ssl_cipher_apply_rule(0, SSL_kDHE | SSL_kECDHE, 0, 0, SSL_AEAD, 0, 0, ssl_cipher_apply_rule(0, SSL_kDHE | SSL_kECDHE, 0, 0, SSL_AEAD, 0, 0,
CIPHER_BUMP, -1, &head, &tail); CIPHER_BUMP, -1, &head, &tail);
/* Now disable everything (maintaining the ordering!) */ /* Now disable everything (maintaining the ordering!) */
ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail); ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail);
@ -1485,7 +1486,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, STACK
if (ok && (strlen(rule_p) > 0)) if (ok && (strlen(rule_p) > 0))
ok = ssl_cipher_process_rulestr(rule_p, &head, &tail, ca_list, c); ok = ssl_cipher_process_rulestr(rule_p, &head, &tail, ca_list, c);
OPENSSL_free(ca_list); /* Not needed anymore */ OPENSSL_free(ca_list); /* Not needed anymore */
if (!ok) { /* Rule processing failure */ if (!ok) { /* Rule processing failure */
OPENSSL_free(co_list); OPENSSL_free(co_list);
@ -1530,8 +1531,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, STACK
if (*cipher_list_by_id != NULL) if (*cipher_list_by_id != NULL)
sk_SSL_CIPHER_free(*cipher_list_by_id); sk_SSL_CIPHER_free(*cipher_list_by_id);
*cipher_list_by_id = tmp_cipher_list; *cipher_list_by_id = tmp_cipher_list;
(void)sk_SSL_CIPHER_set_cmp_func(*cipher_list_by_id, (void)sk_SSL_CIPHER_set_cmp_func(*cipher_list_by_id, ssl_cipher_ptr_id_cmp);
ssl_cipher_ptr_id_cmp);
sk_SSL_CIPHER_sort(*cipher_list_by_id); sk_SSL_CIPHER_sort(*cipher_list_by_id);
return (cipherstack); return (cipherstack);
@ -1542,8 +1542,7 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
const char *ver; const char *ver;
const char *kx, *au, *enc, *mac; const char *kx, *au, *enc, *mac;
uint32_t alg_mkey, alg_auth, alg_enc, alg_mac; uint32_t alg_mkey, alg_auth, alg_enc, alg_mac;
static const char *format = static const char *format = "%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s\n";
"%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s\n";
if (buf == NULL) { if (buf == NULL) {
len = 128; len = 128;
@ -1753,8 +1752,8 @@ int SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits)
if (c != NULL) { if (c != NULL) {
if (alg_bits != NULL) if (alg_bits != NULL)
*alg_bits = (int) c->alg_bits; *alg_bits = (int)c->alg_bits;
ret = (int) c->strength_bits; ret = (int)c->strength_bits;
} }
return ret; return ret;
} }
@ -1785,11 +1784,13 @@ STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void)
{ {
return NULL; return NULL;
} }
STACK_OF(SSL_COMP) *SSL_COMP_set0_compression_methods(STACK_OF(SSL_COMP) STACK_OF(SSL_COMP) *SSL_COMP_set0_compression_methods(STACK_OF(SSL_COMP)
*meths) *meths)
{ {
return meths; return meths;
} }
int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm) int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm)
{ {
return 1; return 1;
@ -1861,8 +1862,7 @@ int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm)
SSL_R_DUPLICATE_COMPRESSION_ID); SSL_R_DUPLICATE_COMPRESSION_ID);
return (1); return (1);
} }
if (ssl_comp_methods == NULL if (ssl_comp_methods == NULL || !sk_SSL_COMP_push(ssl_comp_methods, comp)) {
|| !sk_SSL_COMP_push(ssl_comp_methods, comp)) {
OPENSSL_free(comp); OPENSSL_free(comp);
CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE); CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD, ERR_R_MALLOC_FAILURE); SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD, ERR_R_MALLOC_FAILURE);

17
ssl/ssl_conf.c
View File

@ -116,7 +116,7 @@ static void ssl_set_option(SSL_CONF_CTX *cctx, unsigned int name_flags,
break; break;
case SSL_TFLAG_VFY: case SSL_TFLAG_VFY:
pflags = cctx->pvfy_flags; pflags = cctx->pvfy_flags;
break; break;
case SSL_TFLAG_OPTION: case SSL_TFLAG_OPTION:
@ -142,8 +142,7 @@ static int ssl_match_option(SSL_CONF_CTX *cctx, const ssl_flag_tbl *tbl,
if (namelen == -1) { if (namelen == -1) {
if (strcmp(tbl->name, name)) if (strcmp(tbl->name, name))
return 0; return 0;
} else if (tbl->namelen != namelen } else if (tbl->namelen != namelen || strncasecmp(tbl->name, name, namelen))
|| strncasecmp(tbl->name, name, namelen))
return 0; return 0;
ssl_set_option(cctx, tbl->name_flags, tbl->option_value, onoff); ssl_set_option(cctx, tbl->name_flags, tbl->option_value, onoff);
return 1; return 1;
@ -192,8 +191,7 @@ static int cmd_SignatureAlgorithms(SSL_CONF_CTX *cctx, const char *value)
} }
/* Set supported client signature algorithms */ /* Set supported client signature algorithms */
static int cmd_ClientSignatureAlgorithms(SSL_CONF_CTX *cctx, static int cmd_ClientSignatureAlgorithms(SSL_CONF_CTX *cctx, const char *value)
const char *value)
{ {
int rv; int rv;
if (cctx->ssl) if (cctx->ssl)
@ -285,7 +283,8 @@ static int protocol_from_string(const char *value)
{"TLSv1.1", TLS1_1_VERSION}, {"TLSv1.1", TLS1_1_VERSION},
{"TLSv1.2", TLS1_2_VERSION}, {"TLSv1.2", TLS1_2_VERSION},
{"DTLSv1", DTLS1_VERSION}, {"DTLSv1", DTLS1_VERSION},
{"DTLSv1.2", DTLS1_2_VERSION}}; {"DTLSv1.2", DTLS1_2_VERSION}
};
size_t i; size_t i;
size_t n = OSSL_NELEM(versions); size_t n = OSSL_NELEM(versions);
@ -625,8 +624,7 @@ static int ssl_conf_cmd_skip_prefix(SSL_CONF_CTX *cctx, const char **pcmd)
} }
/* Determine if a command is allowed according to cctx flags */ /* Determine if a command is allowed according to cctx flags */
static int ssl_conf_cmd_allowed(SSL_CONF_CTX *cctx, static int ssl_conf_cmd_allowed(SSL_CONF_CTX *cctx, const ssl_conf_cmd_tbl * t)
const ssl_conf_cmd_tbl * t)
{ {
unsigned int tfl = t->flags; unsigned int tfl = t->flags;
unsigned int cfl = cctx->flags; unsigned int cfl = cctx->flags;
@ -664,8 +662,7 @@ static const ssl_conf_cmd_tbl *ssl_conf_cmd_lookup(SSL_CONF_CTX *cctx,
return NULL; return NULL;
} }
static int ctrl_switch_option(SSL_CONF_CTX *cctx, static int ctrl_switch_option(SSL_CONF_CTX *cctx, const ssl_conf_cmd_tbl * cmd)
const ssl_conf_cmd_tbl * cmd)
{ {
/* Find index of command in table */ /* Find index of command in table */
size_t idx = cmd - ssl_conf_cmds; size_t idx = cmd - ssl_conf_cmds;

30
ssl/ssl_init.c
View File

@ -26,7 +26,7 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_ssl_base)
{ {
#ifdef OPENSSL_INIT_DEBUG #ifdef OPENSSL_INIT_DEBUG
fprintf(stderr, "OPENSSL_INIT: ossl_init_ssl_base: " fprintf(stderr, "OPENSSL_INIT: ossl_init_ssl_base: "
"Adding SSL ciphers and digests\n"); "Adding SSL ciphers and digests\n");
#endif #endif
#ifndef OPENSSL_NO_DES #ifndef OPENSSL_NO_DES
EVP_add_cipher(EVP_des_cbc()); EVP_add_cipher(EVP_des_cbc());
@ -85,10 +85,10 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_ssl_base)
EVP_add_digest(EVP_sha384()); EVP_add_digest(EVP_sha384());
EVP_add_digest(EVP_sha512()); EVP_add_digest(EVP_sha512());
#ifndef OPENSSL_NO_COMP #ifndef OPENSSL_NO_COMP
#ifdef OPENSSL_INIT_DEBUG # ifdef OPENSSL_INIT_DEBUG
fprintf(stderr, "OPENSSL_INIT: ossl_init_ssl_base: " fprintf(stderr, "OPENSSL_INIT: ossl_init_ssl_base: "
"SSL_COMP_get_compression_methods()\n"); "SSL_COMP_get_compression_methods()\n");
#endif # endif
/* /*
* This will initialise the built-in compression algorithms. The value * This will initialise the built-in compression algorithms. The value
* returned is a STACK_OF(SSL_COMP), but that can be discarded safely * returned is a STACK_OF(SSL_COMP), but that can be discarded safely
@ -100,7 +100,7 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_ssl_base)
#ifdef OPENSSL_INIT_DEBUG #ifdef OPENSSL_INIT_DEBUG
fprintf(stderr, "OPENSSL_INIT: ossl_init_ssl_base: " fprintf(stderr, "OPENSSL_INIT: ossl_init_ssl_base: "
"SSL_add_ssl_module()\n"); "SSL_add_ssl_module()\n");
#endif #endif
SSL_add_ssl_module(); SSL_add_ssl_module();
/* /*
@ -122,8 +122,8 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_load_ssl_strings)
*/ */
#if !defined(OPENSSL_NO_ERR) && !defined(OPENSSL_NO_AUTOERRINIT) #if !defined(OPENSSL_NO_ERR) && !defined(OPENSSL_NO_AUTOERRINIT)
# ifdef OPENSSL_INIT_DEBUG # ifdef OPENSSL_INIT_DEBUG
fprintf(stderr, "OPENSSL_INIT: ossl_init_load_ssl_strings: " fprintf(stderr, "OPENSSL_INIT: ossl_init_load_ssl_strings: "
"ERR_load_SSL_strings()\n"); "ERR_load_SSL_strings()\n");
# endif # endif
ERR_load_SSL_strings(); ERR_load_SSL_strings();
#endif #endif
@ -146,10 +146,10 @@ static void ssl_library_stop(void)
if (ssl_base_inited) { if (ssl_base_inited) {
#ifndef OPENSSL_NO_COMP #ifndef OPENSSL_NO_COMP
#ifdef OPENSSL_INIT_DEBUG # ifdef OPENSSL_INIT_DEBUG
fprintf(stderr, "OPENSSL_INIT: ssl_library_stop: " fprintf(stderr, "OPENSSL_INIT: ssl_library_stop: "
"ssl_comp_free_compression_methods_int()\n"); "ssl_comp_free_compression_methods_int()\n");
#endif # endif
ssl_comp_free_compression_methods_int(); ssl_comp_free_compression_methods_int();
#endif #endif
} }
@ -157,7 +157,7 @@ static void ssl_library_stop(void)
if (ssl_strings_inited) { if (ssl_strings_inited) {
#ifdef OPENSSL_INIT_DEBUG #ifdef OPENSSL_INIT_DEBUG
fprintf(stderr, "OPENSSL_INIT: ssl_library_stop: " fprintf(stderr, "OPENSSL_INIT: ssl_library_stop: "
"err_free_strings_int()\n"); "err_free_strings_int()\n");
#endif #endif
/* /*
* If both crypto and ssl error strings are inited we will end up * If both crypto and ssl error strings are inited we will end up
@ -169,13 +169,12 @@ static void ssl_library_stop(void)
} }
} }
/* /*
* If this function is called with a non NULL settings value then it must be * If this function is called with a non NULL settings value then it must be
* called prior to any threads making calls to any OpenSSL functions, * called prior to any threads making calls to any OpenSSL functions,
* i.e. passing a non-null settings value is assumed to be single-threaded. * i.e. passing a non-null settings value is assumed to be single-threaded.
*/ */
int OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings) int OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS * settings)
{ {
static int stoperrset = 0; static int stoperrset = 0;
@ -200,13 +199,12 @@ int OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings)
return 0; return 0;
if ((opts & OPENSSL_INIT_NO_LOAD_SSL_STRINGS) if ((opts & OPENSSL_INIT_NO_LOAD_SSL_STRINGS)
&& !RUN_ONCE(&ssl_strings, ossl_init_no_load_ssl_strings)) && !RUN_ONCE(&ssl_strings, ossl_init_no_load_ssl_strings))
return 0; return 0;
if ((opts & OPENSSL_INIT_LOAD_SSL_STRINGS) if ((opts & OPENSSL_INIT_LOAD_SSL_STRINGS)
&& !RUN_ONCE(&ssl_strings, ossl_init_load_ssl_strings)) && !RUN_ONCE(&ssl_strings, ossl_init_load_ssl_strings))
return 0; return 0;
return 1; return 1;
} }

209
ssl/ssl_lib.c
View File

@ -82,22 +82,28 @@ struct ssl_async_args {
SSL *s; SSL *s;
void *buf; void *buf;
int num; int num;
enum { READFUNC, WRITEFUNC, OTHERFUNC} type; enum { READFUNC, WRITEFUNC, OTHERFUNC } type;
union { union {
int (*func_read)(SSL *, void *, int); int (*func_read) (SSL *, void *, int);
int (*func_write)(SSL *, const void *, int); int (*func_write) (SSL *, const void *, int);
int (*func_other)(SSL *); int (*func_other) (SSL *);
} f; } f;
}; };
static const struct { static const struct {
uint8_t mtype; uint8_t mtype;
uint8_t ord; uint8_t ord;
int nid; int nid;
} dane_mds[] = { } dane_mds[] = {
{ DANETLS_MATCHING_FULL, 0, NID_undef }, {
{ DANETLS_MATCHING_2256, 1, NID_sha256 }, DANETLS_MATCHING_FULL, 0, NID_undef
{ DANETLS_MATCHING_2512, 2, NID_sha512 }, },
{
DANETLS_MATCHING_2256, 1, NID_sha256
},
{
DANETLS_MATCHING_2512, 2, NID_sha512
},
}; };
static int dane_ctx_enable(struct dane_ctx_st *dctx) static int dane_ctx_enable(struct dane_ctx_st *dctx)
@ -105,7 +111,7 @@ static int dane_ctx_enable(struct dane_ctx_st *dctx)
const EVP_MD **mdevp; const EVP_MD **mdevp;
uint8_t *mdord; uint8_t *mdord;
uint8_t mdmax = DANETLS_MATCHING_LAST; uint8_t mdmax = DANETLS_MATCHING_LAST;
int n = ((int) mdmax) + 1; /* int to handle PrivMatch(255) */ int n = ((int)mdmax) + 1; /* int to handle PrivMatch(255) */
size_t i; size_t i;
if (dctx->mdevp != NULL) if (dctx->mdevp != NULL)
@ -194,7 +200,7 @@ static int ssl_dane_dup(SSL *to, SSL *from)
return 0; return 0;
} }
num = sk_danetls_record_num(from->dane.trecs); num = sk_danetls_record_num(from->dane.trecs);
for (i = 0; i < num; ++i) { for (i = 0; i < num; ++i) {
danetls_record *t = sk_danetls_record_value(from->dane.trecs, i); danetls_record *t = sk_danetls_record_value(from->dane.trecs, i);
@ -205,24 +211,20 @@ static int ssl_dane_dup(SSL *to, SSL *from)
return 1; return 1;
} }
static int dane_mtype_set( static int dane_mtype_set(struct dane_ctx_st *dctx,
struct dane_ctx_st *dctx, const EVP_MD *md, uint8_t mtype, uint8_t ord)
const EVP_MD *md,
uint8_t mtype,
uint8_t ord)
{ {
int i; int i;
if (mtype == DANETLS_MATCHING_FULL && md != NULL) { if (mtype == DANETLS_MATCHING_FULL && md != NULL) {
SSLerr(SSL_F_DANE_MTYPE_SET, SSLerr(SSL_F_DANE_MTYPE_SET, SSL_R_DANE_CANNOT_OVERRIDE_MTYPE_FULL);
SSL_R_DANE_CANNOT_OVERRIDE_MTYPE_FULL);
return 0; return 0;
} }
if (mtype > dctx->mdmax) { if (mtype > dctx->mdmax) {
const EVP_MD **mdevp; const EVP_MD **mdevp;
uint8_t *mdord; uint8_t *mdord;
int n = ((int) mtype) + 1; int n = ((int)mtype) + 1;
mdevp = OPENSSL_realloc(dctx->mdevp, n * sizeof(*mdevp)); mdevp = OPENSSL_realloc(dctx->mdevp, n * sizeof(*mdevp));
if (mdevp == NULL) { if (mdevp == NULL) {
@ -239,7 +241,7 @@ static int dane_mtype_set(
dctx->mdord = mdord; dctx->mdord = mdord;
/* Zero-fill any gaps */ /* Zero-fill any gaps */
for (i = dctx->mdmax+1; i < mtype; ++i) { for (i = dctx->mdmax + 1; i < mtype; ++i) {
mdevp[i] = NULL; mdevp[i] = NULL;
mdord[i] = 0; mdord[i] = 0;
} }
@ -261,13 +263,10 @@ static const EVP_MD *tlsa_md_get(SSL_DANE *dane, uint8_t mtype)
return dane->dctx->mdevp[mtype]; return dane->dctx->mdevp[mtype];
} }
static int dane_tlsa_add( static int dane_tlsa_add(SSL_DANE *dane,
SSL_DANE *dane, uint8_t usage,
uint8_t usage, uint8_t selector,
uint8_t selector, uint8_t mtype, unsigned char *data, size_t dlen)
uint8_t mtype,
unsigned char *data,
size_t dlen)
{ {
danetls_record *t; danetls_record *t;
const EVP_MD *md = NULL; const EVP_MD *md = NULL;
@ -512,8 +511,7 @@ int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth)
&(ctx->cipher_list_by_id), &(ctx->cipher_list_by_id),
SSL_DEFAULT_CIPHER_LIST, ctx->cert); SSL_DEFAULT_CIPHER_LIST, ctx->cert);
if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) { if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) {
SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION, SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);
SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);
return (0); return (0);
} }
return (1); return (1);
@ -603,7 +601,7 @@ SSL *SSL_new(SSL_CTX *ctx)
s->tlsext_ocsp_resplen = -1; s->tlsext_ocsp_resplen = -1;
SSL_CTX_up_ref(ctx); SSL_CTX_up_ref(ctx);
s->initial_ctx = ctx; s->initial_ctx = ctx;
# ifndef OPENSSL_NO_EC #ifndef OPENSSL_NO_EC
if (ctx->tlsext_ecpointformatlist) { if (ctx->tlsext_ecpointformatlist) {
s->tlsext_ecpointformatlist = s->tlsext_ecpointformatlist =
OPENSSL_memdup(ctx->tlsext_ecpointformatlist, OPENSSL_memdup(ctx->tlsext_ecpointformatlist,
@ -622,10 +620,10 @@ SSL *SSL_new(SSL_CTX *ctx)
s->tlsext_ellipticcurvelist_length = s->tlsext_ellipticcurvelist_length =
ctx->tlsext_ellipticcurvelist_length; ctx->tlsext_ellipticcurvelist_length;
} }
# endif #endif
# ifndef OPENSSL_NO_NEXTPROTONEG #ifndef OPENSSL_NO_NEXTPROTONEG
s->next_proto_negotiated = NULL; s->next_proto_negotiated = NULL;
# endif #endif
if (s->ctx->alpn_client_proto_list) { if (s->ctx->alpn_client_proto_list) {
s->alpn_client_proto_list = s->alpn_client_proto_list =
@ -665,7 +663,7 @@ SSL *SSL_new(SSL_CTX *ctx)
#ifndef OPENSSL_NO_CT #ifndef OPENSSL_NO_CT
if (!SSL_set_ct_validation_callback(s, ctx->ct_validation_callback, if (!SSL_set_ct_validation_callback(s, ctx->ct_validation_callback,
ctx->ct_validation_callback_arg)) ctx->ct_validation_callback_arg))
goto err; goto err;
#endif #endif
@ -930,7 +928,8 @@ int SSL_dane_tlsa_add(SSL *s, uint8_t usage, uint8_t selector,
return dane_tlsa_add(&s->dane, usage, selector, mtype, data, dlen); return dane_tlsa_add(&s->dane, usage, selector, mtype, data, dlen);
} }
int SSL_CTX_dane_mtype_set(SSL_CTX *ctx, const EVP_MD *md, uint8_t mtype, uint8_t ord) int SSL_CTX_dane_mtype_set(SSL_CTX *ctx, const EVP_MD *md, uint8_t mtype,
uint8_t ord)
{ {
return dane_mtype_set(&ctx->dane, md, mtype, ord); return dane_mtype_set(&ctx->dane, md, mtype, ord);
} }
@ -1004,7 +1003,7 @@ void SSL_free(SSL *s)
#ifndef OPENSSL_NO_EC #ifndef OPENSSL_NO_EC
OPENSSL_free(s->tlsext_ecpointformatlist); OPENSSL_free(s->tlsext_ecpointformatlist);
OPENSSL_free(s->tlsext_ellipticcurvelist); OPENSSL_free(s->tlsext_ellipticcurvelist);
#endif /* OPENSSL_NO_EC */ #endif /* OPENSSL_NO_EC */
sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts, X509_EXTENSION_free); sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts, X509_EXTENSION_free);
#ifndef OPENSSL_NO_OCSP #ifndef OPENSSL_NO_OCSP
sk_OCSP_RESPID_pop_free(s->tlsext_ocsp_ids, OCSP_RESPID_free); sk_OCSP_RESPID_pop_free(s->tlsext_ocsp_ids, OCSP_RESPID_free);
@ -1389,15 +1388,12 @@ int SSL_copy_session_id(SSL *t, const SSL *f)
/* Fix this so it checks all the valid key/cert options */ /* Fix this so it checks all the valid key/cert options */
int SSL_CTX_check_private_key(const SSL_CTX *ctx) int SSL_CTX_check_private_key(const SSL_CTX *ctx)
{ {
if ((ctx == NULL) || if ((ctx == NULL) || (ctx->cert->key->x509 == NULL)) {
(ctx->cert->key->x509 == NULL)) { SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY, SSL_R_NO_CERTIFICATE_ASSIGNED);
SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY,
SSL_R_NO_CERTIFICATE_ASSIGNED);
return (0); return (0);
} }
if (ctx->cert->key->privatekey == NULL) { if (ctx->cert->key->privatekey == NULL) {
SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY, SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY, SSL_R_NO_PRIVATE_KEY_ASSIGNED);
SSL_R_NO_PRIVATE_KEY_ASSIGNED);
return (0); return (0);
} }
return (X509_check_private_key return (X509_check_private_key
@ -1477,7 +1473,8 @@ long SSL_get_default_timeout(const SSL *s)
} }
static int ssl_start_async_job(SSL *s, struct ssl_async_args *args, static int ssl_start_async_job(SSL *s, struct ssl_async_args *args,
int (*func)(void *)) { int (*func) (void *))
{
int ret; int ret;
if (s->waitctx == NULL) { if (s->waitctx == NULL) {
s->waitctx = ASYNC_WAIT_CTX_new(); s->waitctx = ASYNC_WAIT_CTX_new();
@ -1485,7 +1482,7 @@ static int ssl_start_async_job(SSL *s, struct ssl_async_args *args,
return -1; return -1;
} }
switch (ASYNC_start_job(&s->job, s->waitctx, &ret, func, args, switch (ASYNC_start_job(&s->job, s->waitctx, &ret, func, args,
sizeof(struct ssl_async_args))) { sizeof(struct ssl_async_args))) {
case ASYNC_ERR: case ASYNC_ERR:
s->rwstate = SSL_NOTHING; s->rwstate = SSL_NOTHING;
SSLerr(SSL_F_SSL_START_ASYNC_JOB, SSL_R_FAILED_TO_INIT_ASYNC); SSLerr(SSL_F_SSL_START_ASYNC_JOB, SSL_R_FAILED_TO_INIT_ASYNC);
@ -1736,7 +1733,7 @@ long SSL_ctrl(SSL *s, int cmd, long larg, void *parg)
} }
case SSL_CTRL_GET_EXTMS_SUPPORT: case SSL_CTRL_GET_EXTMS_SUPPORT:
if (!s->session || SSL_in_init(s) || ossl_statem_get_in_handshake(s)) if (!s->session || SSL_in_init(s) || ossl_statem_get_in_handshake(s))
return -1; return -1;
if (s->session->flags & SSL_SESS_FLAG_EXTMS) if (s->session->flags & SSL_SESS_FLAG_EXTMS)
return 1; return 1;
else else
@ -2122,8 +2119,7 @@ int SSL_get_servername_type(const SSL *s)
int SSL_select_next_proto(unsigned char **out, unsigned char *outlen, int SSL_select_next_proto(unsigned char **out, unsigned char *outlen,
const unsigned char *server, const unsigned char *server,
unsigned int server_len, unsigned int server_len,
const unsigned char *client, const unsigned char *client, unsigned int client_len)
unsigned int client_len)
{ {
unsigned int i, j; unsigned int i, j;
const unsigned char *result; const unsigned char *result;
@ -2294,7 +2290,6 @@ void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data,
*len = ssl->s3->alpn_selected_len; *len = ssl->s3->alpn_selected_len;
} }
int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen, int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen,
const char *label, size_t llen, const char *label, size_t llen,
const unsigned char *p, size_t plen, const unsigned char *p, size_t plen,
@ -2399,9 +2394,9 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
goto err; goto err;
#endif #endif
if (!ssl_create_cipher_list(ret->method, if (!ssl_create_cipher_list(ret->method,
&ret->cipher_list, &ret->cipher_list_by_id, &ret->cipher_list, &ret->cipher_list_by_id,
SSL_DEFAULT_CIPHER_LIST, ret->cert) SSL_DEFAULT_CIPHER_LIST, ret->cert)
|| sk_SSL_CIPHER_num(ret->cipher_list) <= 0) { || sk_SSL_CIPHER_num(ret->cipher_list) <= 0) {
SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_LIBRARY_HAS_NO_CIPHERS); SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_LIBRARY_HAS_NO_CIPHERS);
goto err2; goto err2;
} }
@ -2433,9 +2428,12 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
ret->split_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH; ret->split_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH;
/* Setup RFC5077 ticket keys */ /* Setup RFC5077 ticket keys */
if ((RAND_bytes(ret->tlsext_tick_key_name, sizeof(ret->tlsext_tick_key_name)) <= 0) if ((RAND_bytes(ret->tlsext_tick_key_name,
|| (RAND_bytes(ret->tlsext_tick_hmac_key, sizeof(ret->tlsext_tick_hmac_key)) <= 0) sizeof(ret->tlsext_tick_key_name)) <= 0)
|| (RAND_bytes(ret->tlsext_tick_aes_key, sizeof(ret->tlsext_tick_aes_key)) <= 0)) || (RAND_bytes(ret->tlsext_tick_hmac_key,
sizeof(ret->tlsext_tick_hmac_key)) <= 0)
|| (RAND_bytes(ret->tlsext_tick_aes_key,
sizeof(ret->tlsext_tick_aes_key)) <= 0))
ret->options |= SSL_OP_NO_TICKET; ret->options |= SSL_OP_NO_TICKET;
#ifndef OPENSSL_NO_SRP #ifndef OPENSSL_NO_SRP
@ -2616,8 +2614,7 @@ void SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth)
X509_VERIFY_PARAM_set_depth(ctx->param, depth); X509_VERIFY_PARAM_set_depth(ctx->param, depth);
} }
void SSL_CTX_set_cert_cb(SSL_CTX *c, int (*cb) (SSL *ssl, void *arg), void SSL_CTX_set_cert_cb(SSL_CTX *c, int (*cb) (SSL *ssl, void *arg), void *arg)
void *arg)
{ {
ssl_cert_set_cert_cb(c->cert, cb, arg); ssl_cert_set_cert_cb(c->cert, cb, arg);
} }
@ -2802,8 +2799,7 @@ EVP_PKEY *ssl_get_sign_pkey(SSL *s, const SSL_CIPHER *cipher,
alg_a = cipher->algorithm_auth; alg_a = cipher->algorithm_auth;
c = s->cert; c = s->cert;
if ((alg_a & SSL_aDSS) && if ((alg_a & SSL_aDSS) && (c->pkeys[SSL_PKEY_DSA_SIGN].privatekey != NULL))
(c->pkeys[SSL_PKEY_DSA_SIGN].privatekey != NULL))
idx = SSL_PKEY_DSA_SIGN; idx = SSL_PKEY_DSA_SIGN;
else if (alg_a & SSL_aRSA) { else if (alg_a & SSL_aRSA) {
if (c->pkeys[SSL_PKEY_RSA_SIGN].privatekey != NULL) if (c->pkeys[SSL_PKEY_RSA_SIGN].privatekey != NULL)
@ -2889,7 +2885,7 @@ int SSL_set_ssl_method(SSL *s, const SSL_METHOD *meth)
if (s->method != meth) { if (s->method != meth) {
const SSL_METHOD *sm = s->method; const SSL_METHOD *sm = s->method;
int (*hf)(SSL *) = s->handshake_func; int (*hf) (SSL *) = s->handshake_func;
if (sm->version == meth->version) if (sm->version == meth->version)
s->method = meth; s->method = meth;
@ -3412,7 +3408,7 @@ SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX *ctx)
} }
SSL_CTX_up_ref(ctx); SSL_CTX_up_ref(ctx);
SSL_CTX_free(ssl->ctx); /* decrement reference count */ SSL_CTX_free(ssl->ctx); /* decrement reference count */
ssl->ctx = ctx; ssl->ctx = ctx;
return ssl->ctx; return ssl->ctx;
@ -3507,7 +3503,7 @@ size_t SSL_get_server_random(const SSL *ssl, unsigned char *out, size_t outlen)
} }
size_t SSL_SESSION_get_master_key(const SSL_SESSION *session, size_t SSL_SESSION_get_master_key(const SSL_SESSION *session,
unsigned char *out, size_t outlen) unsigned char *out, size_t outlen)
{ {
if (session->master_key_length < 0) { if (session->master_key_length < 0) {
/* Should never happen */ /* Should never happen */
@ -3587,8 +3583,7 @@ void SSL_set_tmp_dh_callback(SSL *ssl, DH *(*dh) (SSL *ssl, int is_export,
int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint) int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint)
{ {
if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN) { if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN) {
SSLerr(SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT, SSLerr(SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT, SSL_R_DATA_LENGTH_TOO_LONG);
SSL_R_DATA_LENGTH_TOO_LONG);
return 0; return 0;
} }
OPENSSL_free(ctx->cert->psk_identity_hint); OPENSSL_free(ctx->cert->psk_identity_hint);
@ -3641,8 +3636,7 @@ void SSL_set_psk_client_callback(SSL *s,
unsigned int unsigned int
max_identity_len, max_identity_len,
unsigned char *psk, unsigned char *psk,
unsigned int unsigned int max_psk_len))
max_psk_len))
{ {
s->psk_client_callback = cb; s->psk_client_callback = cb;
} }
@ -3664,8 +3658,7 @@ void SSL_set_psk_server_callback(SSL *s,
unsigned int (*cb) (SSL *ssl, unsigned int (*cb) (SSL *ssl,
const char *identity, const char *identity,
unsigned char *psk, unsigned char *psk,
unsigned int unsigned int max_psk_len))
max_psk_len))
{ {
s->psk_server_callback = cb; s->psk_server_callback = cb;
} }
@ -3783,7 +3776,6 @@ void SSL_set_debug(SSL *s, int debug)
} }
#endif #endif
void SSL_set_security_level(SSL *s, int level) void SSL_set_security_level(SSL *s, int level)
{ {
s->cert->sec_level = level; s->cert->sec_level = level;
@ -3795,16 +3787,17 @@ int SSL_get_security_level(const SSL *s)
} }
void SSL_set_security_callback(SSL *s, void SSL_set_security_callback(SSL *s,
int (*cb) (const SSL *s, const SSL_CTX *ctx, int op, int (*cb) (const SSL *s, const SSL_CTX *ctx,
int bits, int nid, void *other, int op, int bits, int nid,
void *ex)) void *other, void *ex))
{ {
s->cert->sec_cb = cb; s->cert->sec_cb = cb;
} }
int (*SSL_get_security_callback(const SSL *s)) (const SSL *s, const SSL_CTX *ctx, int op, int (*SSL_get_security_callback(const SSL *s)) (const SSL *s,
int bits, int nid, const SSL_CTX *ctx, int op,
void *other, void *ex) { int bits, int nid, void *other,
void *ex) {
return s->cert->sec_cb; return s->cert->sec_cb;
} }
@ -3829,9 +3822,9 @@ int SSL_CTX_get_security_level(const SSL_CTX *ctx)
} }
void SSL_CTX_set_security_callback(SSL_CTX *ctx, void SSL_CTX_set_security_callback(SSL_CTX *ctx,
int (*cb) (const SSL *s, const SSL_CTX *ctx, int op, int (*cb) (const SSL *s, const SSL_CTX *ctx,
int bits, int nid, void *other, int op, int bits, int nid,
void *ex)) void *other, void *ex))
{ {
ctx->cert->sec_cb = cb; ctx->cert->sec_cb = cb;
} }
@ -3855,7 +3848,6 @@ void *SSL_CTX_get0_security_ex_data(const SSL_CTX *ctx)
return ctx->cert->sec_ex; return ctx->cert->sec_ex;
} }
/* /*
* Get/Set/Clear options in SSL_CTX or SSL, formerly macros, now functions that * Get/Set/Clear options in SSL_CTX or SSL, formerly macros, now functions that
* can return unsigned long, instead of the generic long return value from the * can return unsigned long, instead of the generic long return value from the
@ -3865,22 +3857,27 @@ unsigned long SSL_CTX_get_options(const SSL_CTX *ctx)
{ {
return ctx->options; return ctx->options;
} }
unsigned long SSL_get_options(const SSL* s)
unsigned long SSL_get_options(const SSL *s)
{ {
return s->options; return s->options;
} }
unsigned long SSL_CTX_set_options(SSL_CTX *ctx, unsigned long op) unsigned long SSL_CTX_set_options(SSL_CTX *ctx, unsigned long op)
{ {
return ctx->options |= op; return ctx->options |= op;
} }
unsigned long SSL_set_options(SSL *s, unsigned long op) unsigned long SSL_set_options(SSL *s, unsigned long op)
{ {
return s->options |= op; return s->options |= op;
} }
unsigned long SSL_CTX_clear_options(SSL_CTX *ctx, unsigned long op) unsigned long SSL_CTX_clear_options(SSL_CTX *ctx, unsigned long op)
{ {
return ctx->options &= ~op; return ctx->options &= ~op;
} }
unsigned long SSL_clear_options(SSL *s, unsigned long op) unsigned long SSL_clear_options(SSL *s, unsigned long op)
{ {
return s->options &= ~op; return s->options &= ~op;
@ -3902,7 +3899,8 @@ IMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER, ssl_cipher_id);
* the caller. * the caller.
* Returns the number of SCTs moved, or a negative integer if an error occurs. * Returns the number of SCTs moved, or a negative integer if an error occurs.
*/ */
static int ct_move_scts(STACK_OF(SCT) **dst, STACK_OF(SCT) *src, sct_source_t origin) static int ct_move_scts(STACK_OF(SCT) **dst, STACK_OF(SCT) *src,
sct_source_t origin)
{ {
int scts_moved = 0; int scts_moved = 0;
SCT *sct = NULL; SCT *sct = NULL;
@ -3925,16 +3923,16 @@ static int ct_move_scts(STACK_OF(SCT) **dst, STACK_OF(SCT) *src, sct_source_t or
} }
return scts_moved; return scts_moved;
err: err:
if (sct != NULL) if (sct != NULL)
sk_SCT_push(src, sct); /* Put the SCT back */ sk_SCT_push(src, sct); /* Put the SCT back */
return -1; return -1;
} }
/* /*
* Look for data collected during ServerHello and parse if found. * Look for data collected during ServerHello and parse if found.
* Return 1 on success, 0 on failure. * Return 1 on success, 0 on failure.
*/ */
static int ct_extract_tls_extension_scts(SSL *s) static int ct_extract_tls_extension_scts(SSL *s)
{ {
int scts_extracted = 0; int scts_extracted = 0;
@ -3961,7 +3959,7 @@ static int ct_extract_tls_extension_scts(SSL *s)
*/ */
static int ct_extract_ocsp_response_scts(SSL *s) static int ct_extract_ocsp_response_scts(SSL *s)
{ {
#ifndef OPENSSL_NO_OCSP # ifndef OPENSSL_NO_OCSP
int scts_extracted = 0; int scts_extracted = 0;
const unsigned char *p; const unsigned char *p;
OCSP_BASICRESP *br = NULL; OCSP_BASICRESP *br = NULL;
@ -3987,21 +3985,22 @@ static int ct_extract_ocsp_response_scts(SSL *s)
if (single == NULL) if (single == NULL)
continue; continue;
scts = OCSP_SINGLERESP_get1_ext_d2i(single, NID_ct_cert_scts, NULL, NULL); scts =
scts_extracted = ct_move_scts(&s->scts, scts, OCSP_SINGLERESP_get1_ext_d2i(single, NID_ct_cert_scts, NULL, NULL);
SCT_SOURCE_OCSP_STAPLED_RESPONSE); scts_extracted =
ct_move_scts(&s->scts, scts, SCT_SOURCE_OCSP_STAPLED_RESPONSE);
if (scts_extracted < 0) if (scts_extracted < 0)
goto err; goto err;
} }
err: err:
SCT_LIST_free(scts); SCT_LIST_free(scts);
OCSP_BASICRESP_free(br); OCSP_BASICRESP_free(br);
OCSP_RESPONSE_free(rsp); OCSP_RESPONSE_free(rsp);
return scts_extracted; return scts_extracted;
#else # else
/* Behave as if no OCSP response exists */ /* Behave as if no OCSP response exists */
return 0; return 0;
#endif # endif
} }
/* /*
@ -4043,17 +4042,17 @@ const STACK_OF(SCT) *SSL_get0_peer_scts(SSL *s)
s->scts_parsed = 1; s->scts_parsed = 1;
} }
return s->scts; return s->scts;
err: err:
return NULL; return NULL;
} }
static int ct_permissive(const CT_POLICY_EVAL_CTX *ctx, static int ct_permissive(const CT_POLICY_EVAL_CTX * ctx,
const STACK_OF(SCT) *scts, void *unused_arg) const STACK_OF(SCT) *scts, void *unused_arg)
{ {
return 1; return 1;
} }
static int ct_strict(const CT_POLICY_EVAL_CTX *ctx, static int ct_strict(const CT_POLICY_EVAL_CTX * ctx,
const STACK_OF(SCT) *scts, void *unused_arg) const STACK_OF(SCT) *scts, void *unused_arg)
{ {
int count = scts != NULL ? sk_SCT_num(scts) : 0; int count = scts != NULL ? sk_SCT_num(scts) : 0;
@ -4078,14 +4077,17 @@ int SSL_set_ct_validation_callback(SSL *s, ssl_ct_validation_cb callback,
* for this and throw an error if they have already registered to use CT. * for this and throw an error if they have already registered to use CT.
*/ */
if (callback != NULL && SSL_CTX_has_client_custom_ext(s->ctx, if (callback != NULL && SSL_CTX_has_client_custom_ext(s->ctx,
TLSEXT_TYPE_signed_certificate_timestamp)) { TLSEXT_TYPE_signed_certificate_timestamp))
{
SSLerr(SSL_F_SSL_SET_CT_VALIDATION_CALLBACK, SSLerr(SSL_F_SSL_SET_CT_VALIDATION_CALLBACK,
SSL_R_CUSTOM_EXT_HANDLER_ALREADY_INSTALLED); SSL_R_CUSTOM_EXT_HANDLER_ALREADY_INSTALLED);
return 0; return 0;
} }
if (callback != NULL) { if (callback != NULL) {
/* If we are validating CT, then we MUST accept SCTs served via OCSP */ /*
* If we are validating CT, then we MUST accept SCTs served via OCSP
*/
if (!SSL_set_tlsext_status_type(s, TLSEXT_STATUSTYPE_ocsp)) if (!SSL_set_tlsext_status_type(s, TLSEXT_STATUSTYPE_ocsp))
return 0; return 0;
} }
@ -4097,15 +4099,15 @@ int SSL_set_ct_validation_callback(SSL *s, ssl_ct_validation_cb callback,
} }
int SSL_CTX_set_ct_validation_callback(SSL_CTX *ctx, int SSL_CTX_set_ct_validation_callback(SSL_CTX *ctx,
ssl_ct_validation_cb callback, ssl_ct_validation_cb callback, void *arg)
void *arg)
{ {
/* /*
* Since code exists that uses the custom extension handler for CT, look for * Since code exists that uses the custom extension handler for CT, look for
* this and throw an error if they have already registered to use CT. * this and throw an error if they have already registered to use CT.
*/ */
if (callback != NULL && SSL_CTX_has_client_custom_ext(ctx, if (callback != NULL && SSL_CTX_has_client_custom_ext(ctx,
TLSEXT_TYPE_signed_certificate_timestamp)) { TLSEXT_TYPE_signed_certificate_timestamp))
{
SSLerr(SSL_F_SSL_CTX_SET_CT_VALIDATION_CALLBACK, SSLerr(SSL_F_SSL_CTX_SET_CT_VALIDATION_CALLBACK,
SSL_R_CUSTOM_EXT_HANDLER_ALREADY_INSTALLED); SSL_R_CUSTOM_EXT_HANDLER_ALREADY_INSTALLED);
return 0; return 0;
@ -4148,8 +4150,7 @@ int ssl_validate_ct(SSL *s)
*/ */
if (s->ct_validation_callback == NULL || cert == NULL || if (s->ct_validation_callback == NULL || cert == NULL ||
s->verify_result != X509_V_OK || s->verify_result != X509_V_OK ||
s->verified_chain == NULL || s->verified_chain == NULL || sk_X509_num(s->verified_chain) <= 1)
sk_X509_num(s->verified_chain) <= 1)
return 1; return 1;
/* /*
@ -4198,9 +4199,9 @@ int ssl_validate_ct(SSL *s)
ret = s->ct_validation_callback(ctx, scts, s->ct_validation_callback_arg); ret = s->ct_validation_callback(ctx, scts, s->ct_validation_callback_arg);
if (ret < 0) if (ret < 0)
ret = 0; /* This function returns 0 on failure */ ret = 0; /* This function returns 0 on failure */
end: end:
CT_POLICY_EVAL_CTX_free(ctx); CT_POLICY_EVAL_CTX_free(ctx);
/* /*
* With SSL_VERIFY_NONE the session may be cached and re-used despite a * With SSL_VERIFY_NONE the session may be cached and re-used despite a
@ -4258,7 +4259,7 @@ int SSL_CTX_set_ctlog_list_file(SSL_CTX *ctx, const char *path)
return CTLOG_STORE_load_file(ctx->ctlog_store, path); return CTLOG_STORE_load_file(ctx->ctlog_store, path);
} }
void SSL_CTX_set0_ctlog_store(SSL_CTX *ctx, CTLOG_STORE *logs) void SSL_CTX_set0_ctlog_store(SSL_CTX *ctx, CTLOG_STORE * logs)
{ {
CTLOG_STORE_free(ctx->ctlog_store); CTLOG_STORE_free(ctx->ctlog_store);
ctx->ctlog_store = logs; ctx->ctlog_store = logs;

343
ssl/ssl_locl.h
View File

@ -48,7 +48,7 @@
# include "e_os.h" # include "e_os.h"
# if defined(__unix) || defined(__unix__) # if defined(__unix) || defined(__unix__)
# include <sys/time.h> /* struct timeval for DTLS */ # include <sys/time.h> /* struct timeval for DTLS */
# endif # endif
# include <openssl/buffer.h> # include <openssl/buffer.h>
@ -62,10 +62,10 @@
# include <openssl/async.h> # include <openssl/async.h>
# include <openssl/symhacks.h> # include <openssl/symhacks.h>
# include <openssl/ct.h> # include <openssl/ct.h>
#include "record/record.h" # include "record/record.h"
#include "statem/statem.h" # include "statem/statem.h"
#include "packet_locl.h" # include "packet_locl.h"
#include "internal/dane.h" # include "internal/dane.h"
# ifdef OPENSSL_BUILD_SHLIBSSL # ifdef OPENSSL_BUILD_SHLIBSSL
# undef OPENSSL_EXTERN # undef OPENSSL_EXTERN
@ -164,13 +164,15 @@
(c)[1]=(unsigned char)(((l)>> 8)&0xff), \ (c)[1]=(unsigned char)(((l)>> 8)&0xff), \
(c)[2]=(unsigned char)(((l) )&0xff)),(c)+=3) (c)[2]=(unsigned char)(((l) )&0xff)),(c)+=3)
/* DTLS version numbers are strange because they're inverted. Except /*
* for DTLS1_BAD_VER, which should be considered "lower" than the rest. */ * DTLS version numbers are strange because they're inverted. Except for
#define dtls_ver_ordinal(v1) (((v1) == DTLS1_BAD_VER) ? 0xff00 : (v1)) * DTLS1_BAD_VER, which should be considered "lower" than the rest.
#define DTLS_VERSION_GT(v1, v2) (dtls_ver_ordinal(v1) < dtls_ver_ordinal(v2)) */
#define DTLS_VERSION_GE(v1, v2) (dtls_ver_ordinal(v1) <= dtls_ver_ordinal(v2)) # define dtls_ver_ordinal(v1) (((v1) == DTLS1_BAD_VER) ? 0xff00 : (v1))
#define DTLS_VERSION_LT(v1, v2) (dtls_ver_ordinal(v1) > dtls_ver_ordinal(v2)) # define DTLS_VERSION_GT(v1, v2) (dtls_ver_ordinal(v1) < dtls_ver_ordinal(v2))
#define DTLS_VERSION_LE(v1, v2) (dtls_ver_ordinal(v1) >= dtls_ver_ordinal(v2)) # define DTLS_VERSION_GE(v1, v2) (dtls_ver_ordinal(v1) <= dtls_ver_ordinal(v2))
# define DTLS_VERSION_LT(v1, v2) (dtls_ver_ordinal(v1) > dtls_ver_ordinal(v2))
# define DTLS_VERSION_LE(v1, v2) (dtls_ver_ordinal(v1) >= dtls_ver_ordinal(v2))
/* LOCAL STUFF */ /* LOCAL STUFF */
@ -224,7 +226,7 @@
/* all PSK */ /* all PSK */
#define SSL_PSK (SSL_kPSK | SSL_kRSAPSK | SSL_kECDHEPSK | SSL_kDHEPSK) # define SSL_PSK (SSL_kPSK | SSL_kRSAPSK | SSL_kECDHEPSK | SSL_kDHEPSK)
/* Bits for algorithm_auth (server authentication) */ /* Bits for algorithm_auth (server authentication) */
/* RSA auth */ /* RSA auth */
@ -376,7 +378,7 @@
# define SSL_CLIENT_USE_SIGALGS(s) \ # define SSL_CLIENT_USE_SIGALGS(s) \
SSL_CLIENT_USE_TLS1_2_CIPHERS(s) SSL_CLIENT_USE_TLS1_2_CIPHERS(s)
# define SSL_USE_ETM(s) (s->s3->flags & TLS1_FLAGS_ENCRYPT_THEN_MAC) # define SSL_USE_ETM(s) (s->s3->flags & TLS1_FLAGS_ENCRYPT_THEN_MAC)
/* Mostly for SSLv3 */ /* Mostly for SSLv3 */
# define SSL_PKEY_RSA_ENC 0 # define SSL_PKEY_RSA_ENC 0
@ -407,30 +409,29 @@
#define CERT_PRIVATE_KEY 2 #define CERT_PRIVATE_KEY 2
*/ */
/* CipherSuite length. SSLv3 and all TLS versions. */ /* CipherSuite length. SSLv3 and all TLS versions. */
#define TLS_CIPHER_LEN 2 # define TLS_CIPHER_LEN 2
/* used to hold info on the particular ciphers used */ /* used to hold info on the particular ciphers used */
struct ssl_cipher_st { struct ssl_cipher_st {
uint32_t valid; uint32_t valid;
const char *name; /* text name */ const char *name; /* text name */
uint32_t id; /* id, 4 bytes, first is version */ uint32_t id; /* id, 4 bytes, first is version */
/* /*
* changed in 1.0.0: these four used to be portions of a single value * changed in 1.0.0: these four used to be portions of a single value
* 'algorithms' * 'algorithms'
*/ */
uint32_t algorithm_mkey; /* key exchange algorithm */ uint32_t algorithm_mkey; /* key exchange algorithm */
uint32_t algorithm_auth; /* server authentication */ uint32_t algorithm_auth; /* server authentication */
uint32_t algorithm_enc; /* symmetric encryption */ uint32_t algorithm_enc; /* symmetric encryption */
uint32_t algorithm_mac; /* symmetric authentication */ uint32_t algorithm_mac; /* symmetric authentication */
int min_tls; /* minimum SSL/TLS protocol version */ int min_tls; /* minimum SSL/TLS protocol version */
int max_tls; /* maximum SSL/TLS protocol version */ int max_tls; /* maximum SSL/TLS protocol version */
int min_dtls; /* minimum DTLS protocol version */ int min_dtls; /* minimum DTLS protocol version */
int max_dtls; /* maximum DTLS protocol version */ int max_dtls; /* maximum DTLS protocol version */
uint32_t algo_strength; /* strength and export flags */ uint32_t algo_strength; /* strength and export flags */
uint32_t algorithm2; /* Extra flags */ uint32_t algorithm2; /* Extra flags */
int32_t strength_bits; /* Number of bits really used */ int32_t strength_bits; /* Number of bits really used */
uint32_t alg_bits; /* Number of bits for algorithm */ uint32_t alg_bits; /* Number of bits for algorithm */
}; };
/* Used to hold SSL/TLS functions */ /* Used to hold SSL/TLS functions */
@ -494,8 +495,8 @@ struct ssl_method_st {
* I'm using EXPLICIT tags so I can read the damn things using asn1parse :-). * I'm using EXPLICIT tags so I can read the damn things using asn1parse :-).
*/ */
struct ssl_session_st { struct ssl_session_st {
int ssl_version; /* what ssl version session info is being int ssl_version; /* what ssl version session info is being kept
* kept in here? */ * in here? */
int master_key_length; int master_key_length;
unsigned char master_key[SSL_MAX_MASTER_KEY_LENGTH]; unsigned char master_key[SSL_MAX_MASTER_KEY_LENGTH];
/* session_id - valid? */ /* session_id - valid? */
@ -533,8 +534,8 @@ struct ssl_session_st {
long time; long time;
unsigned int compress_meth; /* Need to lookup the method */ unsigned int compress_meth; /* Need to lookup the method */
const SSL_CIPHER *cipher; const SSL_CIPHER *cipher;
unsigned long cipher_id; /* when ASN.1 loaded, this needs to be used unsigned long cipher_id; /* when ASN.1 loaded, this needs to be used to
* to load the 'cipher' structure */ * load the 'cipher' structure */
STACK_OF(SSL_CIPHER) *ciphers; /* shared ciphers? */ STACK_OF(SSL_CIPHER) *ciphers; /* shared ciphers? */
CRYPTO_EX_DATA ex_data; /* application specific data */ CRYPTO_EX_DATA ex_data; /* application specific data */
/* /*
@ -548,11 +549,12 @@ struct ssl_session_st {
unsigned char *tlsext_ecpointformatlist; /* peer's list */ unsigned char *tlsext_ecpointformatlist; /* peer's list */
size_t tlsext_ellipticcurvelist_length; size_t tlsext_ellipticcurvelist_length;
unsigned char *tlsext_ellipticcurvelist; /* peer's list */ unsigned char *tlsext_ellipticcurvelist; /* peer's list */
# endif /* OPENSSL_NO_EC */ # endif /* OPENSSL_NO_EC */
/* RFC4507 info */ /* RFC4507 info */
unsigned char *tlsext_tick; /* Session ticket */ unsigned char *tlsext_tick; /* Session ticket */
size_t tlsext_ticklen; /* Session ticket length */ size_t tlsext_ticklen; /* Session ticket length */
unsigned long tlsext_tick_lifetime_hint; /* Session lifetime hint in seconds */ unsigned long tlsext_tick_lifetime_hint; /* Session lifetime hint in
* seconds */
# ifndef OPENSSL_NO_SRP # ifndef OPENSSL_NO_SRP
char *srp_username; char *srp_username;
# endif # endif
@ -561,8 +563,7 @@ struct ssl_session_st {
}; };
/* Extended master secret support */ /* Extended master secret support */
# define SSL_SESS_FLAG_EXTMS 0x1 # define SSL_SESS_FLAG_EXTMS 0x1
# ifndef OPENSSL_NO_SRP # ifndef OPENSSL_NO_SRP
@ -595,7 +596,7 @@ DEFINE_LHASH_OF(SSL_SESSION);
/* Needed in ssl_cert.c */ /* Needed in ssl_cert.c */
DEFINE_LHASH_OF(X509_NAME); DEFINE_LHASH_OF(X509_NAME);
#define TLSEXT_KEYNAME_LENGTH 16 # define TLSEXT_KEYNAME_LENGTH 16
struct ssl_ctx_st { struct ssl_ctx_st {
const SSL_METHOD *method; const SSL_METHOD *method;
@ -650,9 +651,9 @@ struct ssl_ctx_st {
int sess_hit; /* session reuse actually done */ int sess_hit; /* session reuse actually done */
int sess_cb_hit; /* session-id that was not in the cache was int sess_cb_hit; /* session-id that was not in the cache was
* passed back via the callback. This * passed back via the callback. This
* indicates that the application is * indicates that the application is supplying
* supplying session-id's from other * session-id's from other processes - spooky
* processes - spooky :-) */ * :-) */
} stats; } stats;
int references; int references;
@ -730,15 +731,15 @@ struct ssl_ctx_st {
int quiet_shutdown; int quiet_shutdown;
# ifndef OPENSSL_NO_CT # ifndef OPENSSL_NO_CT
CTLOG_STORE *ctlog_store; /* CT Log Store */ CTLOG_STORE *ctlog_store; /* CT Log Store */
/* /*
* Validates that the SCTs (Signed Certificate Timestamps) are sufficient. * Validates that the SCTs (Signed Certificate Timestamps) are sufficient.
* If they are not, the connection should be aborted. * If they are not, the connection should be aborted.
*/ */
ssl_ct_validation_cb ct_validation_callback; ssl_ct_validation_cb ct_validation_callback;
void *ct_validation_callback_arg; void *ct_validation_callback_arg;
# endif # endif
/* /*
* If we're using more than one pipeline how should we divide the data * If we're using more than one pipeline how should we divide the data
@ -757,12 +758,12 @@ struct ssl_ctx_st {
/* The default read buffer length to use (0 means not set) */ /* The default read buffer length to use (0 means not set) */
size_t default_read_buf_len; size_t default_read_buf_len;
# ifndef OPENSSL_NO_ENGINE # ifndef OPENSSL_NO_ENGINE
/* /*
* Engine to pass requests for client certs to * Engine to pass requests for client certs to
*/ */
ENGINE *client_cert_engine; ENGINE *client_cert_engine;
# endif # endif
/* TLS extensions servername callback */ /* TLS extensions servername callback */
int (*tlsext_servername_callback) (SSL *, int *, void *); int (*tlsext_servername_callback) (SSL *, int *, void *);
@ -774,15 +775,14 @@ struct ssl_ctx_st {
/* Callback to support customisation of ticket key setting */ /* Callback to support customisation of ticket key setting */
int (*tlsext_ticket_key_cb) (SSL *ssl, int (*tlsext_ticket_key_cb) (SSL *ssl,
unsigned char *name, unsigned char *iv, unsigned char *name, unsigned char *iv,
EVP_CIPHER_CTX *ectx, EVP_CIPHER_CTX *ectx, HMAC_CTX *hctx, int enc);
HMAC_CTX *hctx, int enc);
/* certificate status request info */ /* certificate status request info */
/* Callback for status request */ /* Callback for status request */
int (*tlsext_status_cb) (SSL *ssl, void *arg); int (*tlsext_status_cb) (SSL *ssl, void *arg);
void *tlsext_status_arg; void *tlsext_status_arg;
# ifndef OPENSSL_NO_PSK # ifndef OPENSSL_NO_PSK
unsigned int (*psk_client_callback) (SSL *ssl, const char *hint, unsigned int (*psk_client_callback) (SSL *ssl, const char *hint,
char *identity, char *identity,
unsigned int max_identity_len, unsigned int max_identity_len,
@ -791,13 +791,13 @@ struct ssl_ctx_st {
unsigned int (*psk_server_callback) (SSL *ssl, const char *identity, unsigned int (*psk_server_callback) (SSL *ssl, const char *identity,
unsigned char *psk, unsigned char *psk,
unsigned int max_psk_len); unsigned int max_psk_len);
# endif # endif
# ifndef OPENSSL_NO_SRP # ifndef OPENSSL_NO_SRP
SRP_CTX srp_ctx; /* ctx for SRP authentication */ SRP_CTX srp_ctx; /* ctx for SRP authentication */
# endif # endif
# ifndef OPENSSL_NO_NEXTPROTONEG # ifndef OPENSSL_NO_NEXTPROTONEG
/* Next protocol negotiation information */ /* Next protocol negotiation information */
/* /*
@ -816,7 +816,7 @@ struct ssl_ctx_st {
const unsigned char *in, const unsigned char *in,
unsigned int inlen, void *arg); unsigned int inlen, void *arg);
void *next_proto_select_cb_arg; void *next_proto_select_cb_arg;
# endif # endif
/* /*
* ALPN information (we are in the process of transitioning from NPN to * ALPN information (we are in the process of transitioning from NPN to
@ -857,13 +857,13 @@ struct ssl_ctx_st {
* basis, depending on the chosen cipher. * basis, depending on the chosen cipher.
*/ */
int (*not_resumable_session_cb) (SSL *ssl, int is_forward_secure); int (*not_resumable_session_cb) (SSL *ssl, int is_forward_secure);
# ifndef OPENSSL_NO_EC # ifndef OPENSSL_NO_EC
/* EC extension values inherited by SSL structure */ /* EC extension values inherited by SSL structure */
size_t tlsext_ecpointformatlist_length; size_t tlsext_ecpointformatlist_length;
unsigned char *tlsext_ecpointformatlist; unsigned char *tlsext_ecpointformatlist;
size_t tlsext_ellipticcurvelist_length; size_t tlsext_ellipticcurvelist_length;
unsigned char *tlsext_ellipticcurvelist; unsigned char *tlsext_ellipticcurvelist;
# endif /* OPENSSL_NO_EC */ # endif /* OPENSSL_NO_EC */
/* ext status type used for CSR extension (OCSP Stapling) */ /* ext status type used for CSR extension (OCSP Stapling) */
int tlsext_status_type; int tlsext_status_type;
@ -871,14 +871,12 @@ struct ssl_ctx_st {
CRYPTO_RWLOCK *lock; CRYPTO_RWLOCK *lock;
}; };
struct ssl_st { struct ssl_st {
/* /*
* protocol version (one of SSL2_VERSION, SSL3_VERSION, TLS1_VERSION, * protocol version (one of SSL2_VERSION, SSL3_VERSION, TLS1_VERSION,
* DTLS1_VERSION) * DTLS1_VERSION)
*/ */
int version; int version;
/* SSLv3 */ /* SSLv3 */
const SSL_METHOD *method; const SSL_METHOD *method;
/* /*
@ -897,7 +895,6 @@ struct ssl_st {
* request needs re-doing when in SSL_accept or SSL_connect * request needs re-doing when in SSL_accept or SSL_connect
*/ */
int rwstate; int rwstate;
int (*handshake_func) (SSL *); int (*handshake_func) (SSL *);
/* /*
* Imagine that here's a boolean member "init" that is switched as soon * Imagine that here's a boolean member "init" that is switched as soon
@ -921,26 +918,21 @@ struct ssl_st {
int shutdown; int shutdown;
/* where we are */ /* where we are */
OSSL_STATEM statem; OSSL_STATEM statem;
BUF_MEM *init_buf; /* buffer used during init */ BUF_MEM *init_buf; /* buffer used during init */
void *init_msg; /* pointer to handshake message body, set by void *init_msg; /* pointer to handshake message body, set by
* ssl3_get_message() */ * ssl3_get_message() */
int init_num; /* amount read/written */ int init_num; /* amount read/written */
int init_off; /* amount read/written */ int init_off; /* amount read/written */
struct ssl3_state_st *s3; /* SSLv3 variables */ struct ssl3_state_st *s3; /* SSLv3 variables */
struct dtls1_state_st *d1; /* DTLSv1 variables */ struct dtls1_state_st *d1; /* DTLSv1 variables */
/* callback that allows applications to peek at protocol messages */ /* callback that allows applications to peek at protocol messages */
void (*msg_callback) (int write_p, int version, int content_type, void (*msg_callback) (int write_p, int version, int content_type,
const void *buf, size_t len, SSL *ssl, void *arg); const void *buf, size_t len, SSL *ssl, void *arg);
void *msg_callback_arg; void *msg_callback_arg;
int hit; /* reusing a previous session */ int hit; /* reusing a previous session */
X509_VERIFY_PARAM *param; X509_VERIFY_PARAM *param;
/* Per connection DANE state */ /* Per connection DANE state */
SSL_DANE dane; SSL_DANE dane;
/* crypto */ /* crypto */
STACK_OF(SSL_CIPHER) *cipher_list; STACK_OF(SSL_CIPHER) *cipher_list;
STACK_OF(SSL_CIPHER) *cipher_list_by_id; STACK_OF(SSL_CIPHER) *cipher_list_by_id;
@ -983,7 +975,7 @@ struct ssl_st {
int error; int error;
/* actual code */ /* actual code */
int error_code; int error_code;
# ifndef OPENSSL_NO_PSK # ifndef OPENSSL_NO_PSK
unsigned int (*psk_client_callback) (SSL *ssl, const char *hint, unsigned int (*psk_client_callback) (SSL *ssl, const char *hint,
char *identity, char *identity,
unsigned int max_identity_len, unsigned int max_identity_len,
@ -992,7 +984,7 @@ struct ssl_st {
unsigned int (*psk_server_callback) (SSL *ssl, const char *identity, unsigned int (*psk_server_callback) (SSL *ssl, const char *identity,
unsigned char *psk, unsigned char *psk,
unsigned int max_psk_len); unsigned int max_psk_len);
# endif # endif
SSL_CTX *ctx; SSL_CTX *ctx;
/* Verified chain of peer */ /* Verified chain of peer */
STACK_OF(X509) *verified_chain; STACK_OF(X509) *verified_chain;
@ -1012,7 +1004,6 @@ struct ssl_st {
int first_packet; int first_packet;
/* what was passed, used for SSLv3/TLS rollback check */ /* what was passed, used for SSLv3/TLS rollback check */
int client_version; int client_version;
/* /*
* If we're using more than one pipeline how should we divide the data * If we're using more than one pipeline how should we divide the data
* up between the pipes? * up between the pipes?
@ -1023,10 +1014,8 @@ struct ssl_st {
* be more than this due to padding and MAC overheads. * be more than this due to padding and MAC overheads.
*/ */
unsigned int max_send_fragment; unsigned int max_send_fragment;
/* Up to how many pipelines should we use? If 0 then 1 is assumed */ /* Up to how many pipelines should we use? If 0 then 1 is assumed */
unsigned int max_pipelines; unsigned int max_pipelines;
/* TLS extension debug callback */ /* TLS extension debug callback */
void (*tlsext_debug_cb) (SSL *s, int client_server, int type, void (*tlsext_debug_cb) (SSL *s, int client_server, int type,
const unsigned char *data, int len, void *arg); const unsigned char *data, int len, void *arg);
@ -1042,11 +1031,11 @@ struct ssl_st {
/* certificate status request info */ /* certificate status request info */
/* Status type or -1 if no status type */ /* Status type or -1 if no status type */
int tlsext_status_type; int tlsext_status_type;
# ifndef OPENSSL_NO_CT # ifndef OPENSSL_NO_CT
/* /*
* Validates that the SCTs (Signed Certificate Timestamps) are sufficient. * Validates that the SCTs (Signed Certificate Timestamps) are sufficient.
* If they are not, the connection should be aborted. * If they are not, the connection should be aborted.
*/ */
ssl_ct_validation_cb ct_validation_callback; ssl_ct_validation_cb ct_validation_callback;
/* User-supplied argument tha tis passed to the ct_validation_callback */ /* User-supplied argument tha tis passed to the ct_validation_callback */
void *ct_validation_callback_arg; void *ct_validation_callback_arg;
@ -1061,7 +1050,7 @@ struct ssl_st {
uint16_t tlsext_scts_len; uint16_t tlsext_scts_len;
/* Have we attempted to find/parse SCTs yet? */ /* Have we attempted to find/parse SCTs yet? */
int scts_parsed; int scts_parsed;
# endif # endif
/* Expect OCSP CertificateStatus message */ /* Expect OCSP CertificateStatus message */
int tlsext_status_expected; int tlsext_status_expected;
/* OCSP status request only */ /* OCSP status request only */
@ -1072,14 +1061,14 @@ struct ssl_st {
int tlsext_ocsp_resplen; int tlsext_ocsp_resplen;
/* RFC4507 session ticket expected to be received or sent */ /* RFC4507 session ticket expected to be received or sent */
int tlsext_ticket_expected; int tlsext_ticket_expected;
# ifndef OPENSSL_NO_EC # ifndef OPENSSL_NO_EC
size_t tlsext_ecpointformatlist_length; size_t tlsext_ecpointformatlist_length;
/* our list */ /* our list */
unsigned char *tlsext_ecpointformatlist; unsigned char *tlsext_ecpointformatlist;
size_t tlsext_ellipticcurvelist_length; size_t tlsext_ellipticcurvelist_length;
/* our list */ /* our list */
unsigned char *tlsext_ellipticcurvelist; unsigned char *tlsext_ellipticcurvelist;
# endif /* OPENSSL_NO_EC */ # endif /* OPENSSL_NO_EC */
/* TLS Session Ticket extension override */ /* TLS Session Ticket extension override */
TLS_SESSION_TICKET_EXT *tlsext_session_ticket; TLS_SESSION_TICKET_EXT *tlsext_session_ticket;
/* TLS Session Ticket extension callback */ /* TLS Session Ticket extension callback */
@ -1089,7 +1078,7 @@ struct ssl_st {
tls_session_secret_cb_fn tls_session_secret_cb; tls_session_secret_cb_fn tls_session_secret_cb;
void *tls_session_secret_cb_arg; void *tls_session_secret_cb_arg;
SSL_CTX *initial_ctx; /* initial ctx, used to store sessions */ SSL_CTX *initial_ctx; /* initial ctx, used to store sessions */
# ifndef OPENSSL_NO_NEXTPROTONEG # ifndef OPENSSL_NO_NEXTPROTONEG
/* /*
* Next protocol negotiation. For the client, this is the protocol that * Next protocol negotiation. For the client, this is the protocol that
* we sent in NextProtocol and is set when handling ServerHello * we sent in NextProtocol and is set when handling ServerHello
@ -1099,8 +1088,8 @@ struct ssl_st {
*/ */
unsigned char *next_proto_negotiated; unsigned char *next_proto_negotiated;
unsigned char next_proto_negotiated_len; unsigned char next_proto_negotiated_len;
# endif # endif
# define session_ctx initial_ctx # define session_ctx initial_ctx
/* What we'll do */ /* What we'll do */
STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles; STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles;
/* What's been chosen */ /* What's been chosen */
@ -1122,39 +1111,32 @@ struct ssl_st {
*/ */
unsigned char *alpn_client_proto_list; unsigned char *alpn_client_proto_list;
unsigned alpn_client_proto_list_len; unsigned alpn_client_proto_list_len;
/*- /*-
* 1 if we are renegotiating. * 1 if we are renegotiating.
* 2 if we are a server and are inside a handshake * 2 if we are a server and are inside a handshake
* (i.e. not just sending a HelloRequest) * (i.e. not just sending a HelloRequest)
*/ */
int renegotiate; int renegotiate;
# ifndef OPENSSL_NO_SRP # ifndef OPENSSL_NO_SRP
/* ctx for SRP authentication */ /* ctx for SRP authentication */
SRP_CTX srp_ctx; SRP_CTX srp_ctx;
# endif # endif
/* /*
* Callback for disabling session caching and ticket support on a session * Callback for disabling session caching and ticket support on a session
* basis, depending on the chosen cipher. * basis, depending on the chosen cipher.
*/ */
int (*not_resumable_session_cb) (SSL *ssl, int is_forward_secure); int (*not_resumable_session_cb) (SSL *ssl, int is_forward_secure);
RECORD_LAYER rlayer; RECORD_LAYER rlayer;
/* Default password callback. */ /* Default password callback. */
pem_password_cb *default_passwd_callback; pem_password_cb *default_passwd_callback;
/* Default password callback user data. */ /* Default password callback user data. */
void *default_passwd_callback_userdata; void *default_passwd_callback_userdata;
/* Async Job info */ /* Async Job info */
ASYNC_JOB *job; ASYNC_JOB *job;
ASYNC_WAIT_CTX *waitctx; ASYNC_WAIT_CTX *waitctx;
CRYPTO_RWLOCK *lock; CRYPTO_RWLOCK *lock;
}; };
typedef struct ssl3_state_st { typedef struct ssl3_state_st {
long flags; long flags;
int read_mac_secret_size; int read_mac_secret_size;
@ -1205,9 +1187,9 @@ typedef struct ssl3_state_st {
int message_type; int message_type;
/* used to hold the new cipher we are going to use */ /* used to hold the new cipher we are going to use */
const SSL_CIPHER *new_cipher; const SSL_CIPHER *new_cipher;
# if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH) # if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
EVP_PKEY *pkey; /* holds short lived DH/ECDH key */ EVP_PKEY *pkey; /* holds short lived DH/ECDH key */
# endif # endif
/* used for certificate requests */ /* used for certificate requests */
int cert_req; int cert_req;
int ctype_num; int ctype_num;
@ -1219,11 +1201,11 @@ typedef struct ssl3_state_st {
const EVP_MD *new_hash; const EVP_MD *new_hash;
int new_mac_pkey_type; int new_mac_pkey_type;
int new_mac_secret_size; int new_mac_secret_size;
# ifndef OPENSSL_NO_COMP # ifndef OPENSSL_NO_COMP
const SSL_COMP *new_compression; const SSL_COMP *new_compression;
# else # else
char *new_compression; char *new_compression;
# endif # endif
int cert_request; int cert_request;
/* Raw values of the cipher list from a client */ /* Raw values of the cipher list from a client */
unsigned char *ciphers_raw; unsigned char *ciphers_raw;
@ -1231,11 +1213,11 @@ typedef struct ssl3_state_st {
/* Temporary storage for premaster secret */ /* Temporary storage for premaster secret */
unsigned char *pms; unsigned char *pms;
size_t pmslen; size_t pmslen;
#ifndef OPENSSL_NO_PSK # ifndef OPENSSL_NO_PSK
/* Temporary storage for PSK key */ /* Temporary storage for PSK key */
unsigned char *psk; unsigned char *psk;
size_t psklen; size_t psklen;
#endif # endif
/* /*
* signature algorithms peer reports: e.g. supported signature * signature algorithms peer reports: e.g. supported signature
* algorithms extension for server or as part of a certificate * algorithms extension for server or as part of a certificate
@ -1277,12 +1259,12 @@ typedef struct ssl3_state_st {
unsigned char previous_server_finished_len; unsigned char previous_server_finished_len;
int send_connection_binding; /* TODOEKR */ int send_connection_binding; /* TODOEKR */
# ifndef OPENSSL_NO_NEXTPROTONEG # ifndef OPENSSL_NO_NEXTPROTONEG
/* /*
* Set if we saw the Next Protocol Negotiation extension from our peer. * Set if we saw the Next Protocol Negotiation extension from our peer.
*/ */
int next_proto_neg_seen; int next_proto_neg_seen;
# endif # endif
/* /*
* ALPN information (we are in the process of transitioning from NPN to * ALPN information (we are in the process of transitioning from NPN to
@ -1302,14 +1284,14 @@ typedef struct ssl3_state_st {
/* used by the client to know if it actually sent alpn */ /* used by the client to know if it actually sent alpn */
int alpn_sent; int alpn_sent;
# ifndef OPENSSL_NO_EC # ifndef OPENSSL_NO_EC
/* /*
* This is set to true if we believe that this is a version of Safari * This is set to true if we believe that this is a version of Safari
* running on OS X 10.6 or newer. We wish to know this because Safari on * running on OS X 10.6 or newer. We wish to know this because Safari on
* 10.8 .. 10.8.3 has broken ECDHE-ECDSA support. * 10.8 .. 10.8.3 has broken ECDHE-ECDSA support.
*/ */
char is_probably_safari; char is_probably_safari;
# endif /* !OPENSSL_NO_EC */ # endif /* !OPENSSL_NO_EC */
/* For clients: peer temporary key */ /* For clients: peer temporary key */
# if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH) # if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
@ -1318,21 +1300,20 @@ typedef struct ssl3_state_st {
} SSL3_STATE; } SSL3_STATE;
/* DTLS structures */ /* DTLS structures */
# ifndef OPENSSL_NO_SCTP # ifndef OPENSSL_NO_SCTP
# define DTLS1_SCTP_AUTH_LABEL "EXPORTER_DTLS_OVER_SCTP" # define DTLS1_SCTP_AUTH_LABEL "EXPORTER_DTLS_OVER_SCTP"
# endif # endif
/* Max MTU overhead we know about so far is 40 for IPv6 + 8 for UDP */ /* Max MTU overhead we know about so far is 40 for IPv6 + 8 for UDP */
# define DTLS1_MAX_MTU_OVERHEAD 48 # define DTLS1_MAX_MTU_OVERHEAD 48
/* /*
* Flag used in message reuse to indicate the buffer contains the record * Flag used in message reuse to indicate the buffer contains the record
* header as well as the the handshake message header. * header as well as the the handshake message header.
*/ */
# define DTLS1_SKIP_RECORD_HEADER 2 # define DTLS1_SKIP_RECORD_HEADER 2
struct dtls1_retransmit_state { struct dtls1_retransmit_state {
EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */ EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */
@ -1380,7 +1361,7 @@ typedef struct pitem_st *piterator;
pitem *pitem_new(unsigned char *prio64be, void *data); pitem *pitem_new(unsigned char *prio64be, void *data);
void pitem_free(pitem *item); void pitem_free(pitem *item);
pqueue* pqueue_new(void); pqueue *pqueue_new(void);
void pqueue_free(pqueue *pq); void pqueue_free(pqueue *pq);
pitem *pqueue_insert(pqueue *pq, pitem *item); pitem *pqueue_insert(pqueue *pq, pitem *item);
pitem *pqueue_peek(pqueue *pq); pitem *pqueue_peek(pqueue *pq);
@ -1394,17 +1375,14 @@ typedef struct dtls1_state_st {
unsigned char cookie[DTLS1_COOKIE_LENGTH]; unsigned char cookie[DTLS1_COOKIE_LENGTH];
unsigned int cookie_len; unsigned int cookie_len;
unsigned int cookie_verified; unsigned int cookie_verified;
/* handshake message numbers */ /* handshake message numbers */
unsigned short handshake_write_seq; unsigned short handshake_write_seq;
unsigned short next_handshake_write_seq; unsigned short next_handshake_write_seq;
unsigned short handshake_read_seq; unsigned short handshake_read_seq;
/* Buffered handshake messages */ /* Buffered handshake messages */
pqueue *buffered_messages; pqueue *buffered_messages;
/* Buffered (sent) handshake records */ /* Buffered (sent) handshake records */
pqueue *sent_messages; pqueue *sent_messages;
unsigned int link_mtu; /* max on-the-wire DTLS packet size */ unsigned int link_mtu; /* max on-the-wire DTLS packet size */
unsigned int mtu; /* max DTLS packet size */ unsigned int mtu; /* max DTLS packet size */
struct hm_header_st w_msg_hdr; struct hm_header_st w_msg_hdr;
@ -1416,15 +1394,12 @@ typedef struct dtls1_state_st {
struct timeval next_timeout; struct timeval next_timeout;
/* Timeout duration */ /* Timeout duration */
unsigned short timeout_duration; unsigned short timeout_duration;
unsigned int retransmitting; unsigned int retransmitting;
# ifndef OPENSSL_NO_SCTP # ifndef OPENSSL_NO_SCTP
int shutdown_received; int shutdown_received;
# endif # endif
} DTLS1_STATE; } DTLS1_STATE;
# ifndef OPENSSL_NO_EC # ifndef OPENSSL_NO_EC
/* /*
* From ECC-TLS draft, used in encoding the curve type in ECParameters * From ECC-TLS draft, used in encoding the curve type in ECParameters
@ -1439,7 +1414,6 @@ typedef struct cert_pkey_st {
EVP_PKEY *privatekey; EVP_PKEY *privatekey;
/* Chain for this certificate */ /* Chain for this certificate */
STACK_OF(X509) *chain; STACK_OF(X509) *chain;
/*- /*-
* serverinfo data for this certificate. The data is in TLS Extension * serverinfo data for this certificate. The data is in TLS Extension
* wire format, specifically it's a series of records like: * wire format, specifically it's a series of records like:
@ -1559,10 +1533,10 @@ typedef struct cert_st {
/* Security level */ /* Security level */
int sec_level; int sec_level;
void *sec_ex; void *sec_ex;
#ifndef OPENSSL_NO_PSK # ifndef OPENSSL_NO_PSK
/* If not NULL psk identity hint to use for servers */ /* If not NULL psk identity hint to use for servers */
char *psk_identity_hint; char *psk_identity_hint;
#endif # endif
int references; /* >1 only if SSL_copy_session_id is used */ int references; /* >1 only if SSL_copy_session_id is used */
CRYPTO_RWLOCK *lock; CRYPTO_RWLOCK *lock;
} CERT; } CERT;
@ -1680,8 +1654,8 @@ extern const SSL3_ENC_METHOD DTLSv1_2_enc_data;
/* /*
* Flags for SSL methods * Flags for SSL methods
*/ */
#define SSL_METHOD_NO_FIPS (1U<<0) # define SSL_METHOD_NO_FIPS (1U<<0)
#define SSL_METHOD_NO_SUITEB (1U<<1) # define SSL_METHOD_NO_SUITEB (1U<<1)
# define IMPLEMENT_tls_meth_func(version, flags, mask, func_name, s_accept, \ # define IMPLEMENT_tls_meth_func(version, flags, mask, func_name, s_accept, \
s_connect, enc_data) \ s_connect, enc_data) \
@ -1801,7 +1775,7 @@ struct openssl_ssl_test_functions {
int (*p_ssl3_setup_buffers) (SSL *s); int (*p_ssl3_setup_buffers) (SSL *s);
# ifndef OPENSSL_NO_HEARTBEATS # ifndef OPENSSL_NO_HEARTBEATS
int (*p_dtls1_process_heartbeat) (SSL *s, int (*p_dtls1_process_heartbeat) (SSL *s,
unsigned char *p, unsigned int length); unsigned char *p, unsigned int length);
# endif # endif
}; };
@ -1822,17 +1796,21 @@ __owur SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket);
__owur int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b); __owur int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b);
DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER, ssl_cipher_id); DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER, ssl_cipher_id);
__owur int ssl_cipher_ptr_id_cmp(const SSL_CIPHER *const *ap, __owur int ssl_cipher_ptr_id_cmp(const SSL_CIPHER *const *ap,
const SSL_CIPHER *const *bp); const SSL_CIPHER *const *bp);
__owur STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *meth, __owur STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *meth,
STACK_OF(SSL_CIPHER) **pref, STACK_OF(SSL_CIPHER) **pref,
STACK_OF(SSL_CIPHER) **sorted, STACK_OF(SSL_CIPHER)
const char *rule_str, CERT *c); **sorted,
const char *rule_str,
CERT *c);
void ssl_update_cache(SSL *s, int mode); void ssl_update_cache(SSL *s, int mode);
__owur int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, __owur int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
const EVP_MD **md, int *mac_pkey_type, const EVP_MD **md, int *mac_pkey_type,
int *mac_secret_size, SSL_COMP **comp, int use_etm); int *mac_secret_size, SSL_COMP **comp,
int use_etm);
__owur int ssl_cipher_get_cert_index(const SSL_CIPHER *c); __owur int ssl_cipher_get_cert_index(const SSL_CIPHER *c);
__owur const SSL_CIPHER *ssl_get_cipher_by_char(SSL *ssl, const unsigned char *ptr); __owur const SSL_CIPHER *ssl_get_cipher_by_char(SSL *ssl,
const unsigned char *ptr);
__owur int ssl_cert_set0_chain(SSL *s, SSL_CTX *ctx, STACK_OF(X509) *chain); __owur int ssl_cert_set0_chain(SSL *s, SSL_CTX *ctx, STACK_OF(X509) *chain);
__owur int ssl_cert_set1_chain(SSL *s, SSL_CTX *ctx, STACK_OF(X509) *chain); __owur int ssl_cert_set1_chain(SSL *s, SSL_CTX *ctx, STACK_OF(X509) *chain);
__owur int ssl_cert_add0_chain_cert(SSL *s, SSL_CTX *ctx, X509 *x); __owur int ssl_cert_add0_chain_cert(SSL *s, SSL_CTX *ctx, X509 *x);
@ -1840,31 +1818,35 @@ __owur int ssl_cert_add1_chain_cert(SSL *s, SSL_CTX *ctx, X509 *x);
__owur int ssl_cert_select_current(CERT *c, X509 *x); __owur int ssl_cert_select_current(CERT *c, X509 *x);
__owur int ssl_cert_set_current(CERT *c, long arg); __owur int ssl_cert_set_current(CERT *c, long arg);
__owur X509 *ssl_cert_get0_next_certificate(CERT *c, int first); __owur X509 *ssl_cert_get0_next_certificate(CERT *c, int first);
void ssl_cert_set_cert_cb(CERT *c, int (*cb) (SSL *ssl, void *arg), void ssl_cert_set_cert_cb(CERT *c, int (*cb) (SSL *ssl, void *arg), void *arg);
void *arg);
__owur int ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk); __owur int ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk);
__owur int ssl_add_cert_chain(SSL *s, CERT_PKEY *cpk, unsigned long *l); __owur int ssl_add_cert_chain(SSL *s, CERT_PKEY *cpk, unsigned long *l);
__owur int ssl_build_cert_chain(SSL *s, SSL_CTX *ctx, int flags); __owur int ssl_build_cert_chain(SSL *s, SSL_CTX *ctx, int flags);
__owur int ssl_cert_set_cert_store(CERT *c, X509_STORE *store, int chain, int ref); __owur int ssl_cert_set_cert_store(CERT *c, X509_STORE *store, int chain,
int ref);
__owur int ssl_security(const SSL *s, int op, int bits, int nid, void *other); __owur int ssl_security(const SSL *s, int op, int bits, int nid, void *other);
__owur int ssl_ctx_security(const SSL_CTX *ctx, int op, int bits, int nid, void *other); __owur int ssl_ctx_security(const SSL_CTX *ctx, int op, int bits, int nid,
void *other);
int ssl_undefined_function(SSL *s); int ssl_undefined_function(SSL *s);
__owur int ssl_undefined_void_function(void); __owur int ssl_undefined_void_function(void);
__owur int ssl_undefined_const_function(const SSL *s); __owur int ssl_undefined_const_function(const SSL *s);
__owur CERT_PKEY *ssl_get_server_send_pkey(SSL *s); __owur CERT_PKEY *ssl_get_server_send_pkey(SSL *s);
__owur int ssl_get_server_cert_serverinfo(SSL *s, const unsigned char **serverinfo, __owur int ssl_get_server_cert_serverinfo(SSL *s,
size_t *serverinfo_length); const unsigned char **serverinfo,
__owur EVP_PKEY *ssl_get_sign_pkey(SSL *s, const SSL_CIPHER *c, const EVP_MD **pmd); size_t *serverinfo_length);
__owur EVP_PKEY *ssl_get_sign_pkey(SSL *s, const SSL_CIPHER *c,
const EVP_MD **pmd);
__owur int ssl_cert_type(const X509 *x, const EVP_PKEY *pkey); __owur int ssl_cert_type(const X509 *x, const EVP_PKEY *pkey);
void ssl_set_masks(SSL *s); void ssl_set_masks(SSL *s);
__owur STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s); __owur STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s);
__owur int ssl_verify_alarm_type(long type); __owur int ssl_verify_alarm_type(long type);
void ssl_sort_cipher_list(void); void ssl_sort_cipher_list(void);
void ssl_load_ciphers(void); void ssl_load_ciphers(void);
__owur int ssl_fill_hello_random(SSL *s, int server, unsigned char *field, int len); __owur int ssl_fill_hello_random(SSL *s, int server, unsigned char *field,
int len);
__owur int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen, __owur int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen,
int free_pms); int free_pms);
__owur EVP_PKEY *ssl_generate_pkey(EVP_PKEY *pm); __owur EVP_PKEY *ssl_generate_pkey(EVP_PKEY *pm);
@ -1880,7 +1862,7 @@ void ssl3_cleanup_key_block(SSL *s);
__owur int ssl3_do_write(SSL *s, int type); __owur int ssl3_do_write(SSL *s, int type);
int ssl3_send_alert(SSL *s, int level, int desc); int ssl3_send_alert(SSL *s, int level, int desc);
__owur int ssl3_generate_master_secret(SSL *s, unsigned char *out, __owur int ssl3_generate_master_secret(SSL *s, unsigned char *out,
unsigned char *p, int len); unsigned char *p, int len);
__owur int ssl3_get_req_cert_type(SSL *s, unsigned char *p); __owur int ssl3_get_req_cert_type(SSL *s, unsigned char *p);
__owur int ssl3_num_ciphers(void); __owur int ssl3_num_ciphers(void);
__owur const SSL_CIPHER *ssl3_get_cipher(unsigned int u); __owur const SSL_CIPHER *ssl3_get_cipher(unsigned int u);
@ -1888,7 +1870,7 @@ int ssl3_renegotiate(SSL *ssl);
int ssl3_renegotiate_check(SSL *ssl); int ssl3_renegotiate_check(SSL *ssl);
__owur int ssl3_dispatch_alert(SSL *s); __owur int ssl3_dispatch_alert(SSL *s);
__owur int ssl3_final_finish_mac(SSL *s, const char *sender, int slen, __owur int ssl3_final_finish_mac(SSL *s, const char *sender, int slen,
unsigned char *p); unsigned char *p);
__owur int ssl3_finish_mac(SSL *s, const unsigned char *buf, int len); __owur int ssl3_finish_mac(SSL *s, const unsigned char *buf, int len);
void ssl3_free_digest_list(SSL *s); void ssl3_free_digest_list(SSL *s);
__owur unsigned long ssl3_output_cert_chain(SSL *s, CERT_PKEY *cpk); __owur unsigned long ssl3_output_cert_chain(SSL *s, CERT_PKEY *cpk);
@ -1923,17 +1905,18 @@ __owur int ssl_check_version_downgrade(SSL *s);
__owur int ssl_set_version_bound(int method_version, int version, int *bound); __owur int ssl_set_version_bound(int method_version, int version, int *bound);
__owur int ssl_choose_server_version(SSL *s); __owur int ssl_choose_server_version(SSL *s);
__owur int ssl_choose_client_version(SSL *s, int version); __owur int ssl_choose_client_version(SSL *s, int version);
int ssl_get_client_min_max_version(const SSL *s, int *min_version, int *max_version); int ssl_get_client_min_max_version(const SSL *s, int *min_version,
int *max_version);
__owur long tls1_default_timeout(void); __owur long tls1_default_timeout(void);
__owur int dtls1_do_write(SSL *s, int type); __owur int dtls1_do_write(SSL *s, int type);
void dtls1_set_message_header(SSL *s, void dtls1_set_message_header(SSL *s,
unsigned char mt, unsigned char mt,
unsigned long len, unsigned long len,
unsigned long frag_off, unsigned long frag_off, unsigned long frag_len);
unsigned long frag_len);
__owur int dtls1_write_app_data_bytes(SSL *s, int type, const void *buf, int len); __owur int dtls1_write_app_data_bytes(SSL *s, int type, const void *buf,
int len);
__owur int dtls1_read_failed(SSL *s, int code); __owur int dtls1_read_failed(SSL *s, int code);
__owur int dtls1_buffer_message(SSL *s, int ccs); __owur int dtls1_buffer_message(SSL *s, int ccs);
@ -1979,13 +1962,13 @@ void ssl_free_wbio_buffer(SSL *s);
__owur int tls1_change_cipher_state(SSL *s, int which); __owur int tls1_change_cipher_state(SSL *s, int which);
__owur int tls1_setup_key_block(SSL *s); __owur int tls1_setup_key_block(SSL *s);
__owur int tls1_final_finish_mac(SSL *s, __owur int tls1_final_finish_mac(SSL *s,
const char *str, int slen, unsigned char *p); const char *str, int slen, unsigned char *p);
__owur int tls1_generate_master_secret(SSL *s, unsigned char *out, __owur int tls1_generate_master_secret(SSL *s, unsigned char *out,
unsigned char *p, int len); unsigned char *p, int len);
__owur int tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen, __owur int tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen,
const char *label, size_t llen, const char *label, size_t llen,
const unsigned char *p, size_t plen, const unsigned char *p, size_t plen,
int use_context); int use_context);
__owur int tls1_alert_code(int code); __owur int tls1_alert_code(int code);
__owur int ssl3_alert_code(int code); __owur int ssl3_alert_code(int code);
__owur int ssl_ok(SSL *s); __owur int ssl_ok(SSL *s);
@ -2008,20 +1991,20 @@ __owur int tls1_ec_nid2curve_id(int nid);
__owur int tls1_check_curve(SSL *s, const unsigned char *p, size_t len); __owur int tls1_check_curve(SSL *s, const unsigned char *p, size_t len);
__owur int tls1_shared_curve(SSL *s, int nmatch); __owur int tls1_shared_curve(SSL *s, int nmatch);
__owur int tls1_set_curves(unsigned char **pext, size_t *pextlen, __owur int tls1_set_curves(unsigned char **pext, size_t *pextlen,
int *curves, size_t ncurves); int *curves, size_t ncurves);
__owur int tls1_set_curves_list(unsigned char **pext, size_t *pextlen, __owur int tls1_set_curves_list(unsigned char **pext, size_t *pextlen,
const char *str); const char *str);
__owur int tls1_check_ec_tmp_key(SSL *s, unsigned long id); __owur int tls1_check_ec_tmp_key(SSL *s, unsigned long id);
__owur EVP_PKEY *ssl_generate_pkey_curve(int id); __owur EVP_PKEY *ssl_generate_pkey_curve(int id);
# endif /* OPENSSL_NO_EC */ # endif /* OPENSSL_NO_EC */
__owur int tls1_shared_list(SSL *s, __owur int tls1_shared_list(SSL *s,
const unsigned char *l1, size_t l1len, const unsigned char *l1, size_t l1len,
const unsigned char *l2, size_t l2len, int nmatch); const unsigned char *l2, size_t l2len, int nmatch);
__owur unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, __owur unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf,
unsigned char *limit, int *al); unsigned char *limit, int *al);
__owur unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf, __owur unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf,
unsigned char *limit, int *al); unsigned char *limit, int *al);
__owur int ssl_parse_clienthello_tlsext(SSL *s, PACKET *pkt); __owur int ssl_parse_clienthello_tlsext(SSL *s, PACKET *pkt);
void ssl_set_default_md(SSL *s); void ssl_set_default_md(SSL *s);
__owur int tls1_set_server_sigalgs(SSL *s); __owur int tls1_set_server_sigalgs(SSL *s);
@ -2032,7 +2015,8 @@ __owur int ssl_prepare_serverhello_tlsext(SSL *s);
# ifndef OPENSSL_NO_HEARTBEATS # ifndef OPENSSL_NO_HEARTBEATS
__owur int dtls1_heartbeat(SSL *s); __owur int dtls1_heartbeat(SSL *s);
__owur int dtls1_process_heartbeat(SSL *s, unsigned char *p, unsigned int length); __owur int dtls1_process_heartbeat(SSL *s, unsigned char *p,
unsigned int length);
# endif # endif
__owur int tls_check_serverhello_tlsext_early(SSL *s, const PACKET *ext, __owur int tls_check_serverhello_tlsext_early(SSL *s, const PACKET *ext,
@ -2040,53 +2024,54 @@ __owur int tls_check_serverhello_tlsext_early(SSL *s, const PACKET *ext,
SSL_SESSION **ret); SSL_SESSION **ret);
__owur int tls12_get_sigandhash(unsigned char *p, const EVP_PKEY *pk, __owur int tls12_get_sigandhash(unsigned char *p, const EVP_PKEY *pk,
const EVP_MD *md); const EVP_MD *md);
__owur int tls12_get_sigid(const EVP_PKEY *pk); __owur int tls12_get_sigid(const EVP_PKEY *pk);
__owur const EVP_MD *tls12_get_hash(unsigned char hash_alg); __owur const EVP_MD *tls12_get_hash(unsigned char hash_alg);
void ssl_set_sig_mask(uint32_t *pmask_a, SSL *s, int op); void ssl_set_sig_mask(uint32_t *pmask_a, SSL *s, int op);
__owur int tls1_set_sigalgs_list(CERT *c, const char *str, int client); __owur int tls1_set_sigalgs_list(CERT *c, const char *str, int client);
__owur int tls1_set_sigalgs(CERT *c, const int *salg, size_t salglen, int client); __owur int tls1_set_sigalgs(CERT *c, const int *salg, size_t salglen,
int client);
int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain, int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain,
int idx); int idx);
void tls1_set_cert_validity(SSL *s); void tls1_set_cert_validity(SSL *s);
#ifndef OPENSSL_NO_CT # ifndef OPENSSL_NO_CT
__owur int ssl_validate_ct(SSL *s); __owur int ssl_validate_ct(SSL *s);
#endif # endif
# ifndef OPENSSL_NO_DH # ifndef OPENSSL_NO_DH
__owur DH *ssl_get_auto_dh(SSL *s); __owur DH *ssl_get_auto_dh(SSL *s);
# endif # endif
__owur int ssl_security_cert(SSL *s, SSL_CTX *ctx, X509 *x, int vfy, int is_ee); __owur int ssl_security_cert(SSL *s, SSL_CTX *ctx, X509 *x, int vfy, int is_ee);
__owur int ssl_security_cert_chain(SSL *s, STACK_OF(X509) *sk, X509 *ex, int vfy); __owur int ssl_security_cert_chain(SSL *s, STACK_OF(X509) *sk, X509 *ex,
int vfy);
__owur EVP_MD_CTX *ssl_replace_hash(EVP_MD_CTX **hash, const EVP_MD *md); __owur EVP_MD_CTX *ssl_replace_hash(EVP_MD_CTX **hash, const EVP_MD *md);
void ssl_clear_hash_ctx(EVP_MD_CTX **hash); void ssl_clear_hash_ctx(EVP_MD_CTX **hash);
__owur int ssl_add_serverhello_renegotiate_ext(SSL *s, unsigned char *p, int *len, __owur int ssl_add_serverhello_renegotiate_ext(SSL *s, unsigned char *p,
int maxlen); int *len, int maxlen);
__owur int ssl_parse_serverhello_renegotiate_ext(SSL *s, PACKET *pkt, __owur int ssl_parse_serverhello_renegotiate_ext(SSL *s, PACKET *pkt, int *al);
int *al); __owur int ssl_add_clienthello_renegotiate_ext(SSL *s, unsigned char *p,
__owur int ssl_add_clienthello_renegotiate_ext(SSL *s, unsigned char *p, int *len, int *len, int maxlen);
int maxlen);
__owur int ssl_parse_clienthello_renegotiate_ext(SSL *s, PACKET *pkt, int *al); __owur int ssl_parse_clienthello_renegotiate_ext(SSL *s, PACKET *pkt, int *al);
__owur long ssl_get_algorithm2(SSL *s); __owur long ssl_get_algorithm2(SSL *s);
__owur size_t tls12_copy_sigalgs(SSL *s, unsigned char *out, __owur size_t tls12_copy_sigalgs(SSL *s, unsigned char *out,
const unsigned char *psig, size_t psiglen); const unsigned char *psig, size_t psiglen);
__owur int tls1_save_sigalgs(SSL *s, const unsigned char *data, int dsize); __owur int tls1_save_sigalgs(SSL *s, const unsigned char *data, int dsize);
__owur int tls1_process_sigalgs(SSL *s); __owur int tls1_process_sigalgs(SSL *s);
__owur size_t tls12_get_psigalgs(SSL *s, const unsigned char **psigs); __owur size_t tls12_get_psigalgs(SSL *s, const unsigned char **psigs);
__owur int tls12_check_peer_sigalg(const EVP_MD **pmd, SSL *s, __owur int tls12_check_peer_sigalg(const EVP_MD **pmd, SSL *s,
const unsigned char *sig, EVP_PKEY *pkey); const unsigned char *sig, EVP_PKEY *pkey);
void ssl_set_client_disabled(SSL *s); void ssl_set_client_disabled(SSL *s);
__owur int ssl_cipher_disabled(SSL *s, const SSL_CIPHER *c, int op); __owur int ssl_cipher_disabled(SSL *s, const SSL_CIPHER *c, int op);
__owur int ssl_add_clienthello_use_srtp_ext(SSL *s, unsigned char *p, int *len, __owur int ssl_add_clienthello_use_srtp_ext(SSL *s, unsigned char *p, int *len,
int maxlen); int maxlen);
__owur int ssl_parse_clienthello_use_srtp_ext(SSL *s, PACKET *pkt, int *al); __owur int ssl_parse_clienthello_use_srtp_ext(SSL *s, PACKET *pkt, int *al);
__owur int ssl_add_serverhello_use_srtp_ext(SSL *s, unsigned char *p, int *len, __owur int ssl_add_serverhello_use_srtp_ext(SSL *s, unsigned char *p, int *len,
int maxlen); int maxlen);
__owur int ssl_parse_serverhello_use_srtp_ext(SSL *s, PACKET *pkt, int *al); __owur int ssl_parse_serverhello_use_srtp_ext(SSL *s, PACKET *pkt, int *al);
__owur int ssl_handshake_hash(SSL *s, unsigned char *out, int outlen); __owur int ssl_handshake_hash(SSL *s, unsigned char *out, int outlen);
@ -2119,12 +2104,14 @@ __owur int srp_verify_server_param(SSL *s, int *al);
void custom_ext_init(custom_ext_methods *meths); void custom_ext_init(custom_ext_methods *meths);
__owur int custom_ext_parse(SSL *s, int server, __owur int custom_ext_parse(SSL *s, int server,
unsigned int ext_type, unsigned int ext_type,
const unsigned char *ext_data, size_t ext_size, int *al); const unsigned char *ext_data, size_t ext_size,
__owur int custom_ext_add(SSL *s, int server, int *al);
unsigned char **pret, unsigned char *limit, int *al); __owur int custom_ext_add(SSL *s, int server, unsigned char **pret,
unsigned char *limit, int *al);
__owur int custom_exts_copy(custom_ext_methods *dst, const custom_ext_methods *src); __owur int custom_exts_copy(custom_ext_methods *dst,
const custom_ext_methods *src);
void custom_exts_free(custom_ext_methods *exts); void custom_exts_free(custom_ext_methods *exts);
void ssl_comp_free_compression_methods_int(void); void ssl_comp_free_compression_methods_int(void);

13
ssl/ssl_mcnf.c
View File

@ -77,7 +77,8 @@ static int ssl_module_init(CONF_IMODULE *md, const CONF *cnf)
STACK_OF(CONF_VALUE) *cmds = NCONF_get_section(cnf, sect->value); STACK_OF(CONF_VALUE) *cmds = NCONF_get_section(cnf, sect->value);
if (sk_CONF_VALUE_num(cmds) <= 0) { if (sk_CONF_VALUE_num(cmds) <= 0) {
if (cmds == NULL) if (cmds == NULL)
SSLerr(SSL_F_SSL_MODULE_INIT, SSL_R_SSL_COMMAND_SECTION_NOT_FOUND); SSLerr(SSL_F_SSL_MODULE_INIT,
SSL_R_SSL_COMMAND_SECTION_NOT_FOUND);
else else
SSLerr(SSL_F_SSL_MODULE_INIT, SSL_R_SSL_COMMAND_SECTION_EMPTY); SSLerr(SSL_F_SSL_MODULE_INIT, SSL_R_SSL_COMMAND_SECTION_EMPTY);
ERR_add_error_data(4, "name=", sect->name, ", value=", sect->value); ERR_add_error_data(4, "name=", sect->name, ", value=", sect->value);
@ -109,7 +110,7 @@ static int ssl_module_init(CONF_IMODULE *md, const CONF *cnf)
} }
rv = 1; rv = 1;
err: err:
if (rv == 0) if (rv == 0)
ssl_module_free(md); ssl_module_free(md);
return rv; return rv;
@ -165,9 +166,9 @@ static int ssl_do_config(SSL *s, SSL_CTX *ctx, const char *name)
SSL_CONF_CTX_set_ssl_ctx(cctx, ctx); SSL_CONF_CTX_set_ssl_ctx(cctx, ctx);
} }
if (meth->ssl_accept != ssl_undefined_function) if (meth->ssl_accept != ssl_undefined_function)
flags |= SSL_CONF_FLAG_SERVER; flags |= SSL_CONF_FLAG_SERVER;
if (meth->ssl_connect != ssl_undefined_function) if (meth->ssl_connect != ssl_undefined_function)
flags |= SSL_CONF_FLAG_CLIENT; flags |= SSL_CONF_FLAG_CLIENT;
SSL_CONF_CTX_set_flags(cctx, flags); SSL_CONF_CTX_set_flags(cctx, flags);
for (i = 0, cmd = nm->cmds; i < nm->cmd_count; i++, cmd++) { for (i = 0, cmd = nm->cmds; i < nm->cmd_count; i++, cmd++) {
rv = SSL_CONF_cmd(cctx, cmd->cmd, cmd->arg); rv = SSL_CONF_cmd(cctx, cmd->cmd, cmd->arg);
@ -177,12 +178,12 @@ static int ssl_do_config(SSL *s, SSL_CTX *ctx, const char *name)
else else
SSLerr(SSL_F_SSL_DO_CONFIG, SSL_R_BAD_VALUE); SSLerr(SSL_F_SSL_DO_CONFIG, SSL_R_BAD_VALUE);
ERR_add_error_data(6, "section=", name, ", cmd=", cmd->cmd, ERR_add_error_data(6, "section=", name, ", cmd=", cmd->cmd,
", arg=", cmd->arg); ", arg=", cmd->arg);
goto err; goto err;
} }
} }
rv = SSL_CONF_CTX_finish(cctx); rv = SSL_CONF_CTX_finish(cctx);
err: err:
SSL_CONF_CTX_free(cctx); SSL_CONF_CTX_free(cctx);
return rv <= 0 ? 0 : 1; return rv <= 0 ? 0 : 1;
} }

18
ssl/ssl_rsa.c
View File

@ -147,7 +147,7 @@ static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey)
* cards. * cards.
*/ */
if (EVP_PKEY_id(pkey) == EVP_PKEY_RSA if (EVP_PKEY_id(pkey) == EVP_PKEY_RSA
&& RSA_flags(EVP_PKEY_get0_RSA(pkey)) & RSA_METHOD_FLAG_NO_CHECK); && RSA_flags(EVP_PKEY_get0_RSA(pkey)) & RSA_METHOD_FLAG_NO_CHECK) ;
else else
#endif #endif
if (!X509_check_private_key(c->pkeys[i].x509, pkey)) { if (!X509_check_private_key(c->pkeys[i].x509, pkey)) {
@ -345,7 +345,7 @@ static int ssl_set_cert(CERT *c, X509 *x)
*/ */
if (EVP_PKEY_id(c->pkeys[i].privatekey) == EVP_PKEY_RSA if (EVP_PKEY_id(c->pkeys[i].privatekey) == EVP_PKEY_RSA
&& RSA_flags(EVP_PKEY_get0_RSA(c->pkeys[i].privatekey)) & && RSA_flags(EVP_PKEY_get0_RSA(c->pkeys[i].privatekey)) &
RSA_METHOD_FLAG_NO_CHECK) ; RSA_METHOD_FLAG_NO_CHECK) ;
else else
#endif /* OPENSSL_NO_RSA */ #endif /* OPENSSL_NO_RSA */
if (!X509_check_private_key(x, c->pkeys[i].privatekey)) { if (!X509_check_private_key(x, c->pkeys[i].privatekey)) {
@ -410,8 +410,7 @@ int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type)
return (ret); return (ret);
} }
int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d)
const unsigned char *d)
{ {
X509 *x; X509 *x;
int ret; int ret;
@ -649,7 +648,7 @@ static int use_certificate_chain_file(SSL_CTX *ctx, SSL *ssl, const char *file)
while ((ca = PEM_read_bio_X509(in, NULL, passwd_callback, while ((ca = PEM_read_bio_X509(in, NULL, passwd_callback,
passwd_callback_userdata)) passwd_callback_userdata))
!= NULL) { != NULL) {
if (ctx) if (ctx)
r = SSL_CTX_add0_chain_cert(ctx, ca); r = SSL_CTX_add0_chain_cert(ctx, ca);
else else
@ -892,8 +891,7 @@ int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file)
size_t num_extensions = 0; size_t num_extensions = 0;
if (ctx == NULL || file == NULL) { if (ctx == NULL || file == NULL) {
SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, ERR_R_PASSED_NULL_PARAMETER);
ERR_R_PASSED_NULL_PARAMETER);
goto end; goto end;
} }
@ -922,8 +920,7 @@ int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file)
} }
/* Check that PEM name starts with "BEGIN SERVERINFO FOR " */ /* Check that PEM name starts with "BEGIN SERVERINFO FOR " */
if (strlen(name) < strlen(namePrefix)) { if (strlen(name) < strlen(namePrefix)) {
SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, SSL_R_PEM_NAME_TOO_SHORT);
SSL_R_PEM_NAME_TOO_SHORT);
goto end; goto end;
} }
if (strncmp(name, namePrefix, strlen(namePrefix)) != 0) { if (strncmp(name, namePrefix, strlen(namePrefix)) != 0) {
@ -940,8 +937,7 @@ int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file)
goto end; goto end;
} }
/* Append the decoded extension to the serverinfo buffer */ /* Append the decoded extension to the serverinfo buffer */
tmp = tmp = OPENSSL_realloc(serverinfo, serverinfo_length + extension_length);
OPENSSL_realloc(serverinfo, serverinfo_length + extension_length);
if (tmp == NULL) { if (tmp == NULL) {
SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, ERR_R_MALLOC_FAILURE); SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, ERR_R_MALLOC_FAILURE);
goto end; goto end;

39
ssl/ssl_sess.c
View File

@ -158,7 +158,6 @@ SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket)
if (dest->peer_chain == NULL) if (dest->peer_chain == NULL)
goto err; goto err;
} }
#ifndef OPENSSL_NO_PSK #ifndef OPENSSL_NO_PSK
if (src->psk_identity_hint) { if (src->psk_identity_hint) {
dest->psk_identity_hint = OPENSSL_strdup(src->psk_identity_hint); dest->psk_identity_hint = OPENSSL_strdup(src->psk_identity_hint);
@ -181,7 +180,7 @@ SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket)
} }
if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL_SESSION,
&dest->ex_data, &src->ex_data)) { &dest->ex_data, &src->ex_data)) {
goto err; goto err;
} }
@ -195,21 +194,22 @@ SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket)
if (src->tlsext_ecpointformatlist) { if (src->tlsext_ecpointformatlist) {
dest->tlsext_ecpointformatlist = dest->tlsext_ecpointformatlist =
OPENSSL_memdup(src->tlsext_ecpointformatlist, OPENSSL_memdup(src->tlsext_ecpointformatlist,
src->tlsext_ecpointformatlist_length); src->tlsext_ecpointformatlist_length);
if (dest->tlsext_ecpointformatlist == NULL) if (dest->tlsext_ecpointformatlist == NULL)
goto err; goto err;
} }
if (src->tlsext_ellipticcurvelist) { if (src->tlsext_ellipticcurvelist) {
dest->tlsext_ellipticcurvelist = dest->tlsext_ellipticcurvelist =
OPENSSL_memdup(src->tlsext_ellipticcurvelist, OPENSSL_memdup(src->tlsext_ellipticcurvelist,
src->tlsext_ellipticcurvelist_length); src->tlsext_ellipticcurvelist_length);
if (dest->tlsext_ellipticcurvelist == NULL) if (dest->tlsext_ellipticcurvelist == NULL)
goto err; goto err;
} }
#endif #endif
if (ticket != 0) { if (ticket != 0) {
dest->tlsext_tick = OPENSSL_memdup(src->tlsext_tick, src->tlsext_ticklen); dest->tlsext_tick =
OPENSSL_memdup(src->tlsext_tick, src->tlsext_ticklen);
if (dest->tlsext_tick == NULL) if (dest->tlsext_tick == NULL)
goto err; goto err;
} else { } else {
@ -227,14 +227,13 @@ SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket)
#endif #endif
return dest; return dest;
err: err:
SSLerr(SSL_F_SSL_SESSION_DUP, ERR_R_MALLOC_FAILURE); SSLerr(SSL_F_SSL_SESSION_DUP, ERR_R_MALLOC_FAILURE);
SSL_SESSION_free(dest); SSL_SESSION_free(dest);
return NULL; return NULL;
} }
const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len)
unsigned int *len)
{ {
if (len) if (len)
*len = s->session_id_length; *len = s->session_id_length;
@ -481,8 +480,7 @@ int ssl_get_prev_session(SSL *s, const PACKET *ext, const PACKET *session_id)
data.ssl_version = s->version; data.ssl_version = s->version;
memset(data.session_id, 0, sizeof(data.session_id)); memset(data.session_id, 0, sizeof(data.session_id));
if (!PACKET_copy_all(session_id, data.session_id, if (!PACKET_copy_all(session_id, data.session_id,
sizeof(data.session_id), sizeof(data.session_id), &local_len)) {
&local_len)) {
goto err; goto err;
} }
data.session_id_length = local_len; data.session_id_length = local_len;
@ -684,8 +682,7 @@ int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c)
ret = 1; ret = 1;
if (SSL_CTX_sess_get_cache_size(ctx) > 0) { if (SSL_CTX_sess_get_cache_size(ctx) > 0) {
while (SSL_CTX_sess_number(ctx) > while (SSL_CTX_sess_number(ctx) > SSL_CTX_sess_get_cache_size(ctx)) {
SSL_CTX_sess_get_cache_size(ctx)) {
if (!remove_session_lock(ctx, ctx->session_cache_tail, 0)) if (!remove_session_lock(ctx, ctx->session_cache_tail, 0))
break; break;
else else
@ -757,7 +754,7 @@ void SSL_SESSION_free(SSL_SESSION *ss)
OPENSSL_free(ss->tlsext_ecpointformatlist); OPENSSL_free(ss->tlsext_ecpointformatlist);
ss->tlsext_ellipticcurvelist_length = 0; ss->tlsext_ellipticcurvelist_length = 0;
OPENSSL_free(ss->tlsext_ellipticcurvelist); OPENSSL_free(ss->tlsext_ellipticcurvelist);
#endif /* OPENSSL_NO_EC */ #endif /* OPENSSL_NO_EC */
#ifndef OPENSSL_NO_PSK #ifndef OPENSSL_NO_PSK
OPENSSL_free(ss->psk_identity_hint); OPENSSL_free(ss->psk_identity_hint);
OPENSSL_free(ss->psk_identity); OPENSSL_free(ss->psk_identity);
@ -868,7 +865,7 @@ unsigned long SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION *s)
} }
void SSL_SESSION_get0_ticket(const SSL_SESSION *s, const unsigned char **tick, void SSL_SESSION_get0_ticket(const SSL_SESSION *s, const unsigned char **tick,
size_t *len) size_t *len)
{ {
*len = s->tlsext_ticklen; *len = s->tlsext_ticklen;
if (tick != NULL) if (tick != NULL)
@ -1068,8 +1065,7 @@ static void SSL_SESSION_list_add(SSL_CTX *ctx, SSL_SESSION *s)
} }
void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx, void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx,
int (*cb) (struct ssl_st *ssl, int (*cb) (struct ssl_st *ssl, SSL_SESSION *sess))
SSL_SESSION *sess))
{ {
ctx->new_session_cb = cb; ctx->new_session_cb = cb;
} }
@ -1098,8 +1094,9 @@ void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx,
} }
SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx)) (SSL *ssl, SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx)) (SSL *ssl,
const unsigned char *data, const unsigned char
int len, int *copy) { *data, int len,
int *copy) {
return ctx->get_session_cb; return ctx->get_session_cb;
} }
@ -1153,11 +1150,11 @@ void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx,
} }
void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx,
int (*cb) (SSL *ssl, const unsigned char *cookie, int (*cb) (SSL *ssl,
const unsigned char *cookie,
unsigned int cookie_len)) unsigned int cookie_len))
{ {
ctx->app_verify_cookie_cb = cb; ctx->app_verify_cookie_cb = cb;
} }
IMPLEMENT_PEM_rw(SSL_SESSION, SSL_SESSION, PEM_STRING_SSL_SESSION, IMPLEMENT_PEM_rw(SSL_SESSION, SSL_SESSION, PEM_STRING_SSL_SESSION, SSL_SESSION)
SSL_SESSION)

3
ssl/ssl_stat.c
View File

@ -110,7 +110,6 @@ const char *SSL_state_string_long(const SSL *s)
} }
} }
const char *SSL_state_string(const SSL *s) const char *SSL_state_string(const SSL *s)
{ {
if (ossl_statem_in_error(s)) if (ossl_statem_in_error(s))
@ -335,7 +334,7 @@ const char *SSL_alert_desc_string_long(int value)
return "bad certificate hash value"; return "bad certificate hash value";
case TLS1_AD_UNKNOWN_PSK_IDENTITY: case TLS1_AD_UNKNOWN_PSK_IDENTITY:
return "unknown PSK identity"; return "unknown PSK identity";
case TLS1_AD_NO_APPLICATION_PROTOCOL: case TLS1_AD_NO_APPLICATION_PROTOCOL:
return "no application protocol"; return "no application protocol";
default: default:
return "unknown"; return "unknown";

9
ssl/ssl_txt.c
View File

@ -128,11 +128,11 @@ int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x)
if (x->tlsext_tick) { if (x->tlsext_tick) {
if (BIO_puts(bp, "\n TLS session ticket:\n") <= 0) if (BIO_puts(bp, "\n TLS session ticket:\n") <= 0)
goto err; goto err;
if (BIO_dump_indent(bp, (const char *)x->tlsext_tick, x->tlsext_ticklen, 4) if (BIO_dump_indent
(bp, (const char *)x->tlsext_tick, x->tlsext_ticklen, 4)
<= 0) <= 0)
goto err; goto err;
} }
#ifndef OPENSSL_NO_COMP #ifndef OPENSSL_NO_COMP
if (x->compress_meth != 0) { if (x->compress_meth != 0) {
SSL_COMP *comp = NULL; SSL_COMP *comp = NULL;
@ -140,12 +140,11 @@ int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x)
if (!ssl_cipher_get_evp(x, NULL, NULL, NULL, NULL, &comp, 0)) if (!ssl_cipher_get_evp(x, NULL, NULL, NULL, NULL, &comp, 0))
goto err; goto err;
if (comp == NULL) { if (comp == NULL) {
if (BIO_printf(bp, "\n Compression: %d", x->compress_meth) <= if (BIO_printf(bp, "\n Compression: %d", x->compress_meth) <= 0)
0)
goto err; goto err;
} else { } else {
if (BIO_printf(bp, "\n Compression: %d (%s)", comp->id, if (BIO_printf(bp, "\n Compression: %d (%s)", comp->id,
comp->name) <= 0) comp->name) <= 0)
goto err; goto err;
} }
} }

37
ssl/statem/statem.c
View File

@ -46,7 +46,7 @@
*/ */
/* Sub state machine return values */ /* Sub state machine return values */
typedef enum { typedef enum {
/* Something bad happened or NBIO */ /* Something bad happened or NBIO */
SUB_STATE_ERROR, SUB_STATE_ERROR,
/* Sub state finished go to the next sub state */ /* Sub state finished go to the next sub state */
@ -165,7 +165,8 @@ void ossl_statem_set_hello_verify_done(SSL *s)
s->statem.hand_state = TLS_ST_SR_CLNT_HELLO; s->statem.hand_state = TLS_ST_SR_CLNT_HELLO;
} }
int ossl_statem_connect(SSL *s) { int ossl_statem_connect(SSL *s)
{
return state_machine(s, 0); return state_machine(s, 0);
} }
@ -174,7 +175,9 @@ int ossl_statem_accept(SSL *s)
return state_machine(s, 1); return state_machine(s, 1);
} }
static void (*get_callback(SSL *s))(const SSL *, int, int) typedef void (*info_cb) (const SSL *, int, int);
static info_cb get_callback(SSL *s)
{ {
if (s->info_callback != NULL) if (s->info_callback != NULL)
return s->info_callback; return s->info_callback;
@ -237,7 +240,6 @@ static int state_machine(SSL *s, int server)
if (!SSL_clear(s)) if (!SSL_clear(s))
return -1; return -1;
} }
#ifndef OPENSSL_NO_SCTP #ifndef OPENSSL_NO_SCTP
if (SSL_IS_DTLS(s)) { if (SSL_IS_DTLS(s)) {
/* /*
@ -282,8 +284,7 @@ static int state_machine(SSL *s, int server)
if (SSL_IS_DTLS(s)) { if (SSL_IS_DTLS(s)) {
if ((s->version & 0xff00) != (DTLS1_VERSION & 0xff00) && if ((s->version & 0xff00) != (DTLS1_VERSION & 0xff00) &&
(server (server || (s->version & 0xff00) != (DTLS1_BAD_VER & 0xff00))) {
|| (s->version & 0xff00) != (DTLS1_BAD_VER & 0xff00))) {
SSLerr(SSL_F_STATE_MACHINE, ERR_R_INTERNAL_ERROR); SSLerr(SSL_F_STATE_MACHINE, ERR_R_INTERNAL_ERROR);
goto end; goto end;
} }
@ -320,7 +321,6 @@ static int state_machine(SSL *s, int server)
*/ */
s->s3->change_cipher_spec = 0; s->s3->change_cipher_spec = 0;
/* /*
* Ok, we now need to push on a buffering BIO ...but not with * Ok, we now need to push on a buffering BIO ...but not with
* SCTP * SCTP
@ -471,15 +471,16 @@ static void init_read_state_machine(SSL *s)
* control returns to the calling application. When this function is recalled we * control returns to the calling application. When this function is recalled we
* will resume in the same state where we left off. * will resume in the same state where we left off.
*/ */
static SUB_STATE_RETURN read_state_machine(SSL *s) { static SUB_STATE_RETURN read_state_machine(SSL *s)
{
OSSL_STATEM *st = &s->statem; OSSL_STATEM *st = &s->statem;
int ret, mt; int ret, mt;
unsigned long len = 0; unsigned long len = 0;
int (*transition)(SSL *s, int mt); int (*transition) (SSL *s, int mt);
PACKET pkt; PACKET pkt;
MSG_PROCESS_RETURN (*process_message)(SSL *s, PACKET *pkt); MSG_PROCESS_RETURN(*process_message) (SSL *s, PACKET *pkt);
WORK_STATE (*post_process_message)(SSL *s, WORK_STATE wst); WORK_STATE(*post_process_message) (SSL *s, WORK_STATE wst);
unsigned long (*max_message_size)(SSL *s); unsigned long (*max_message_size) (SSL *s);
void (*cb) (const SSL *ssl, int type, int val) = NULL; void (*cb) (const SSL *ssl, int type, int val) = NULL;
cb = get_callback(s); cb = get_callback(s);
@ -620,7 +621,7 @@ static int statem_do_write(SSL *s)
OSSL_STATEM *st = &s->statem; OSSL_STATEM *st = &s->statem;
if (st->hand_state == TLS_ST_CW_CHANGE if (st->hand_state == TLS_ST_CW_CHANGE
|| st->hand_state == TLS_ST_SW_CHANGE) { || st->hand_state == TLS_ST_SW_CHANGE) {
if (SSL_IS_DTLS(s)) if (SSL_IS_DTLS(s))
return dtls1_do_write(s, SSL3_RT_CHANGE_CIPHER_SPEC); return dtls1_do_write(s, SSL3_RT_CHANGE_CIPHER_SPEC);
else else
@ -675,10 +676,10 @@ static SUB_STATE_RETURN write_state_machine(SSL *s)
{ {
OSSL_STATEM *st = &s->statem; OSSL_STATEM *st = &s->statem;
int ret; int ret;
WRITE_TRAN (*transition)(SSL *s); WRITE_TRAN(*transition) (SSL *s);
WORK_STATE (*pre_work)(SSL *s, WORK_STATE wst); WORK_STATE(*pre_work) (SSL *s, WORK_STATE wst);
WORK_STATE (*post_work)(SSL *s, WORK_STATE wst); WORK_STATE(*post_work) (SSL *s, WORK_STATE wst);
int (*construct_message)(SSL *s); int (*construct_message) (SSL *s);
void (*cb) (const SSL *ssl, int type, int val) = NULL; void (*cb) (const SSL *ssl, int type, int val) = NULL;
cb = get_callback(s); cb = get_callback(s);
@ -807,7 +808,7 @@ int ossl_statem_app_data_allowed(SSL *s)
* ServerHello yet then we allow app data * ServerHello yet then we allow app data
*/ */
if (st->hand_state == TLS_ST_BEFORE if (st->hand_state == TLS_ST_BEFORE
|| st->hand_state == TLS_ST_SR_CLNT_HELLO) || st->hand_state == TLS_ST_SR_CLNT_HELLO)
return 1; return 1;
} else { } else {
/* /*

7
ssl/statem/statem.h
View File

@ -71,7 +71,6 @@ typedef enum {
WRITE_STATE_POST_WORK WRITE_STATE_POST_WORK
} WRITE_STATE; } WRITE_STATE;
/***************************************************************************** /*****************************************************************************
* * * *
* This structure should be considered "opaque" to anything outside of the * * This structure should be considered "opaque" to anything outside of the *
@ -89,13 +88,10 @@ struct ossl_statem_st {
OSSL_HANDSHAKE_STATE hand_state; OSSL_HANDSHAKE_STATE hand_state;
int in_init; int in_init;
int read_state_first_init; int read_state_first_init;
/* true when we are actually in SSL_accept() or SSL_connect() */ /* true when we are actually in SSL_accept() or SSL_connect() */
int in_handshake; int in_handshake;
/* Should we skip the CertificateVerify message? */ /* Should we skip the CertificateVerify message? */
unsigned int no_cert_verify; unsigned int no_cert_verify;
int use_timer; int use_timer;
#ifndef OPENSSL_NO_SCTP #ifndef OPENSSL_NO_SCTP
int in_sctp_read_sock; int in_sctp_read_sock;
@ -103,7 +99,6 @@ struct ossl_statem_st {
}; };
typedef struct ossl_statem_st OSSL_STATEM; typedef struct ossl_statem_st OSSL_STATEM;
/***************************************************************************** /*****************************************************************************
* * * *
* The following macros/functions represent the libssl internal API to the * * The following macros/functions represent the libssl internal API to the *
@ -126,5 +121,3 @@ __owur int ossl_statem_app_data_allowed(SSL *s);
void ossl_statem_set_sctp_read_sock(SSL *s, int read_sock); void ossl_statem_set_sctp_read_sock(SSL *s, int read_sock);
__owur int ossl_statem_in_sctp_read_sock(SSL *s); __owur int ossl_statem_in_sctp_read_sock(SSL *s);
#endif #endif

407
ssl/statem/statem_clnt.c
View File

@ -65,7 +65,6 @@ static int ca_dn_cmp(const X509_NAME *const *a, const X509_NAME *const *b);
static int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, static int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk,
unsigned char *p); unsigned char *p);
/* /*
* Is a CertificateRequest message allowed at the moment or not? * Is a CertificateRequest message allowed at the moment or not?
* *
@ -77,8 +76,8 @@ static ossl_inline int cert_req_allowed(SSL *s)
{ {
/* TLS does not like anon-DH with client cert */ /* TLS does not like anon-DH with client cert */
if ((s->version > SSL3_VERSION if ((s->version > SSL3_VERSION
&& (s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL)) && (s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL))
|| (s->s3->tmp.new_cipher->algorithm_auth & (SSL_aSRP | SSL_aPSK))) || (s->s3->tmp.new_cipher->algorithm_auth & (SSL_aSRP | SSL_aPSK)))
return 0; return 0;
return 1; return 1;
@ -122,7 +121,7 @@ int ossl_statem_client_read_transition(SSL *s, int mt)
OSSL_STATEM *st = &s->statem; OSSL_STATEM *st = &s->statem;
int ske_expected; int ske_expected;
switch(st->hand_state) { switch (st->hand_state) {
case TLS_ST_CW_CLNT_HELLO: case TLS_ST_CW_CLNT_HELLO:
if (mt == SSL3_MT_SERVER_HELLO) { if (mt == SSL3_MT_SERVER_HELLO) {
st->hand_state = TLS_ST_CR_SRVR_HELLO; st->hand_state = TLS_ST_CR_SRVR_HELLO;
@ -153,9 +152,9 @@ int ossl_statem_client_read_transition(SSL *s, int mt)
st->hand_state = DTLS_ST_CR_HELLO_VERIFY_REQUEST; st->hand_state = DTLS_ST_CR_HELLO_VERIFY_REQUEST;
return 1; return 1;
} else if (s->version >= TLS1_VERSION } else if (s->version >= TLS1_VERSION
&& s->tls_session_secret_cb != NULL && s->tls_session_secret_cb != NULL
&& s->session->tlsext_tick != NULL && s->session->tlsext_tick != NULL
&& mt == SSL3_MT_CHANGE_CIPHER_SPEC) { && mt == SSL3_MT_CHANGE_CIPHER_SPEC) {
/* /*
* Normally, we can tell if the server is resuming the session * Normally, we can tell if the server is resuming the session
* from the session ID. EAP-FAST (RFC 4851), however, relies on * from the session ID. EAP-FAST (RFC 4851), however, relies on
@ -166,7 +165,7 @@ int ossl_statem_client_read_transition(SSL *s, int mt)
st->hand_state = TLS_ST_CR_CHANGE; st->hand_state = TLS_ST_CR_CHANGE;
return 1; return 1;
} else if (!(s->s3->tmp.new_cipher->algorithm_auth } else if (!(s->s3->tmp.new_cipher->algorithm_auth
& (SSL_aNULL | SSL_aSRP | SSL_aPSK))) { & (SSL_aNULL | SSL_aSRP | SSL_aPSK))) {
if (mt == SSL3_MT_CERTIFICATE) { if (mt == SSL3_MT_CERTIFICATE) {
st->hand_state = TLS_ST_CR_CERT; st->hand_state = TLS_ST_CR_CERT;
return 1; return 1;
@ -175,19 +174,19 @@ int ossl_statem_client_read_transition(SSL *s, int mt)
ske_expected = key_exchange_expected(s); ske_expected = key_exchange_expected(s);
/* SKE is optional for some PSK ciphersuites */ /* SKE is optional for some PSK ciphersuites */
if (ske_expected if (ske_expected
|| ((s->s3->tmp.new_cipher->algorithm_mkey & SSL_PSK) || ((s->s3->tmp.new_cipher->algorithm_mkey & SSL_PSK)
&& mt == SSL3_MT_SERVER_KEY_EXCHANGE)) { && mt == SSL3_MT_SERVER_KEY_EXCHANGE)) {
if (mt == SSL3_MT_SERVER_KEY_EXCHANGE) { if (mt == SSL3_MT_SERVER_KEY_EXCHANGE) {
st->hand_state = TLS_ST_CR_KEY_EXCH; st->hand_state = TLS_ST_CR_KEY_EXCH;
return 1; return 1;
} }
} else if (mt == SSL3_MT_CERTIFICATE_REQUEST } else if (mt == SSL3_MT_CERTIFICATE_REQUEST
&& cert_req_allowed(s)) { && cert_req_allowed(s)) {
st->hand_state = TLS_ST_CR_CERT_REQ; st->hand_state = TLS_ST_CR_CERT_REQ;
return 1; return 1;
} else if (mt == SSL3_MT_SERVER_DONE) { } else if (mt == SSL3_MT_SERVER_DONE) {
st->hand_state = TLS_ST_CR_SRVR_DONE; st->hand_state = TLS_ST_CR_SRVR_DONE;
return 1; return 1;
} }
} }
} }
@ -207,9 +206,8 @@ int ossl_statem_client_read_transition(SSL *s, int mt)
case TLS_ST_CR_CERT_STATUS: case TLS_ST_CR_CERT_STATUS:
ske_expected = key_exchange_expected(s); ske_expected = key_exchange_expected(s);
/* SKE is optional for some PSK ciphersuites */ /* SKE is optional for some PSK ciphersuites */
if (ske_expected if (ske_expected || ((s->s3->tmp.new_cipher->algorithm_mkey & SSL_PSK)
|| ((s->s3->tmp.new_cipher->algorithm_mkey & SSL_PSK) && mt == SSL3_MT_SERVER_KEY_EXCHANGE)) {
&& mt == SSL3_MT_SERVER_KEY_EXCHANGE)) {
if (mt == SSL3_MT_SERVER_KEY_EXCHANGE) { if (mt == SSL3_MT_SERVER_KEY_EXCHANGE) {
st->hand_state = TLS_ST_CR_KEY_EXCH; st->hand_state = TLS_ST_CR_KEY_EXCH;
return 1; return 1;
@ -280,99 +278,99 @@ WRITE_TRAN ossl_statem_client_write_transition(SSL *s)
{ {
OSSL_STATEM *st = &s->statem; OSSL_STATEM *st = &s->statem;
switch(st->hand_state) { switch (st->hand_state) {
case TLS_ST_OK: case TLS_ST_OK:
/* Renegotiation - fall through */ /* Renegotiation - fall through */
case TLS_ST_BEFORE: case TLS_ST_BEFORE:
st->hand_state = TLS_ST_CW_CLNT_HELLO; st->hand_state = TLS_ST_CW_CLNT_HELLO;
return WRITE_TRAN_CONTINUE; return WRITE_TRAN_CONTINUE;
case TLS_ST_CW_CLNT_HELLO: case TLS_ST_CW_CLNT_HELLO:
/* /*
* No transition at the end of writing because we don't know what * No transition at the end of writing because we don't know what
* we will be sent * we will be sent
*/ */
return WRITE_TRAN_FINISHED; return WRITE_TRAN_FINISHED;
case DTLS_ST_CR_HELLO_VERIFY_REQUEST: case DTLS_ST_CR_HELLO_VERIFY_REQUEST:
st->hand_state = TLS_ST_CW_CLNT_HELLO; st->hand_state = TLS_ST_CW_CLNT_HELLO;
return WRITE_TRAN_CONTINUE; return WRITE_TRAN_CONTINUE;
case TLS_ST_CR_SRVR_DONE: case TLS_ST_CR_SRVR_DONE:
if (s->s3->tmp.cert_req) if (s->s3->tmp.cert_req)
st->hand_state = TLS_ST_CW_CERT; st->hand_state = TLS_ST_CW_CERT;
else else
st->hand_state = TLS_ST_CW_KEY_EXCH;
return WRITE_TRAN_CONTINUE;
case TLS_ST_CW_CERT:
st->hand_state = TLS_ST_CW_KEY_EXCH; st->hand_state = TLS_ST_CW_KEY_EXCH;
return WRITE_TRAN_CONTINUE; return WRITE_TRAN_CONTINUE;
case TLS_ST_CW_KEY_EXCH: case TLS_ST_CW_CERT:
/* st->hand_state = TLS_ST_CW_KEY_EXCH;
* For TLS, cert_req is set to 2, so a cert chain of nothing is return WRITE_TRAN_CONTINUE;
* sent, but no verify packet is sent
*/
/*
* XXX: For now, we do not support client authentication in ECDH
* cipher suites with ECDH (rather than ECDSA) certificates. We
* need to skip the certificate verify message when client's
* ECDH public key is sent inside the client certificate.
*/
if (s->s3->tmp.cert_req == 1) {
st->hand_state = TLS_ST_CW_CERT_VRFY;
} else {
st->hand_state = TLS_ST_CW_CHANGE;
}
if (s->s3->flags & TLS1_FLAGS_SKIP_CERT_VERIFY) {
st->hand_state = TLS_ST_CW_CHANGE;
}
return WRITE_TRAN_CONTINUE;
case TLS_ST_CW_CERT_VRFY: case TLS_ST_CW_KEY_EXCH:
/*
* For TLS, cert_req is set to 2, so a cert chain of nothing is
* sent, but no verify packet is sent
*/
/*
* XXX: For now, we do not support client authentication in ECDH
* cipher suites with ECDH (rather than ECDSA) certificates. We
* need to skip the certificate verify message when client's
* ECDH public key is sent inside the client certificate.
*/
if (s->s3->tmp.cert_req == 1) {
st->hand_state = TLS_ST_CW_CERT_VRFY;
} else {
st->hand_state = TLS_ST_CW_CHANGE; st->hand_state = TLS_ST_CW_CHANGE;
return WRITE_TRAN_CONTINUE; }
if (s->s3->flags & TLS1_FLAGS_SKIP_CERT_VERIFY) {
st->hand_state = TLS_ST_CW_CHANGE;
}
return WRITE_TRAN_CONTINUE;
case TLS_ST_CW_CHANGE: case TLS_ST_CW_CERT_VRFY:
st->hand_state = TLS_ST_CW_CHANGE;
return WRITE_TRAN_CONTINUE;
case TLS_ST_CW_CHANGE:
#if defined(OPENSSL_NO_NEXTPROTONEG) #if defined(OPENSSL_NO_NEXTPROTONEG)
st->hand_state = TLS_ST_CW_FINISHED; st->hand_state = TLS_ST_CW_FINISHED;
#else #else
if (!SSL_IS_DTLS(s) && s->s3->next_proto_neg_seen) if (!SSL_IS_DTLS(s) && s->s3->next_proto_neg_seen)
st->hand_state = TLS_ST_CW_NEXT_PROTO; st->hand_state = TLS_ST_CW_NEXT_PROTO;
else else
st->hand_state = TLS_ST_CW_FINISHED; st->hand_state = TLS_ST_CW_FINISHED;
#endif #endif
return WRITE_TRAN_CONTINUE; return WRITE_TRAN_CONTINUE;
#if !defined(OPENSSL_NO_NEXTPROTONEG) #if !defined(OPENSSL_NO_NEXTPROTONEG)
case TLS_ST_CW_NEXT_PROTO: case TLS_ST_CW_NEXT_PROTO:
st->hand_state = TLS_ST_CW_FINISHED; st->hand_state = TLS_ST_CW_FINISHED;
return WRITE_TRAN_CONTINUE; return WRITE_TRAN_CONTINUE;
#endif #endif
case TLS_ST_CW_FINISHED: case TLS_ST_CW_FINISHED:
if (s->hit) { if (s->hit) {
st->hand_state = TLS_ST_OK; st->hand_state = TLS_ST_OK;
ossl_statem_set_in_init(s, 0); ossl_statem_set_in_init(s, 0);
return WRITE_TRAN_CONTINUE; return WRITE_TRAN_CONTINUE;
} else { } else {
return WRITE_TRAN_FINISHED; return WRITE_TRAN_FINISHED;
} }
case TLS_ST_CR_FINISHED: case TLS_ST_CR_FINISHED:
if (s->hit) { if (s->hit) {
st->hand_state = TLS_ST_CW_CHANGE; st->hand_state = TLS_ST_CW_CHANGE;
return WRITE_TRAN_CONTINUE; return WRITE_TRAN_CONTINUE;
} else { } else {
st->hand_state = TLS_ST_OK; st->hand_state = TLS_ST_OK;
ossl_statem_set_in_init(s, 0); ossl_statem_set_in_init(s, 0);
return WRITE_TRAN_CONTINUE; return WRITE_TRAN_CONTINUE;
} }
default: default:
/* Shouldn't happen */ /* Shouldn't happen */
return WRITE_TRAN_ERROR; return WRITE_TRAN_ERROR;
} }
} }
@ -384,7 +382,7 @@ WORK_STATE ossl_statem_client_pre_work(SSL *s, WORK_STATE wst)
{ {
OSSL_STATEM *st = &s->statem; OSSL_STATEM *st = &s->statem;
switch(st->hand_state) { switch (st->hand_state) {
case TLS_ST_CW_CLNT_HELLO: case TLS_ST_CW_CLNT_HELLO:
s->shutdown = 0; s->shutdown = 0;
if (SSL_IS_DTLS(s)) { if (SSL_IS_DTLS(s)) {
@ -433,7 +431,7 @@ WORK_STATE ossl_statem_client_post_work(SSL *s, WORK_STATE wst)
s->init_num = 0; s->init_num = 0;
switch(st->hand_state) { switch (st->hand_state) {
case TLS_ST_CW_CLNT_HELLO: case TLS_ST_CW_CLNT_HELLO:
if (wst == WORK_MORE_A && statem_flush(s) != 1) if (wst == WORK_MORE_A && statem_flush(s) != 1)
return WORK_MORE_A; return WORK_MORE_A;
@ -516,7 +514,7 @@ int ossl_statem_client_construct_message(SSL *s)
{ {
OSSL_STATEM *st = &s->statem; OSSL_STATEM *st = &s->statem;
switch(st->hand_state) { switch (st->hand_state) {
case TLS_ST_CW_CLNT_HELLO: case TLS_ST_CW_CLNT_HELLO:
return tls_construct_client_hello(s); return tls_construct_client_hello(s);
@ -562,46 +560,47 @@ unsigned long ossl_statem_client_max_message_size(SSL *s)
{ {
OSSL_STATEM *st = &s->statem; OSSL_STATEM *st = &s->statem;
switch(st->hand_state) { switch (st->hand_state) {
case TLS_ST_CR_SRVR_HELLO: case TLS_ST_CR_SRVR_HELLO:
return SERVER_HELLO_MAX_LENGTH; return SERVER_HELLO_MAX_LENGTH;
case DTLS_ST_CR_HELLO_VERIFY_REQUEST: case DTLS_ST_CR_HELLO_VERIFY_REQUEST:
return HELLO_VERIFY_REQUEST_MAX_LENGTH; return HELLO_VERIFY_REQUEST_MAX_LENGTH;
case TLS_ST_CR_CERT: case TLS_ST_CR_CERT:
return s->max_cert_list; return s->max_cert_list;
case TLS_ST_CR_CERT_STATUS: case TLS_ST_CR_CERT_STATUS:
return SSL3_RT_MAX_PLAIN_LENGTH; return SSL3_RT_MAX_PLAIN_LENGTH;
case TLS_ST_CR_KEY_EXCH: case TLS_ST_CR_KEY_EXCH:
return SERVER_KEY_EXCH_MAX_LENGTH; return SERVER_KEY_EXCH_MAX_LENGTH;
case TLS_ST_CR_CERT_REQ: case TLS_ST_CR_CERT_REQ:
/* Set to s->max_cert_list for compatibility with previous releases. /*
* In practice these messages can get quite long if servers are * Set to s->max_cert_list for compatibility with previous releases. In
* configured to provide a long list of acceptable CAs * practice these messages can get quite long if servers are configured
*/ * to provide a long list of acceptable CAs
return s->max_cert_list; */
return s->max_cert_list;
case TLS_ST_CR_SRVR_DONE: case TLS_ST_CR_SRVR_DONE:
return SERVER_HELLO_DONE_MAX_LENGTH; return SERVER_HELLO_DONE_MAX_LENGTH;
case TLS_ST_CR_CHANGE: case TLS_ST_CR_CHANGE:
if (s->version == DTLS1_BAD_VER) if (s->version == DTLS1_BAD_VER)
return 3; return 3;
return CCS_MAX_LENGTH; return CCS_MAX_LENGTH;
case TLS_ST_CR_SESSION_TICKET: case TLS_ST_CR_SESSION_TICKET:
return SSL3_RT_MAX_PLAIN_LENGTH; return SSL3_RT_MAX_PLAIN_LENGTH;
case TLS_ST_CR_FINISHED: case TLS_ST_CR_FINISHED:
return FINISHED_MAX_LENGTH; return FINISHED_MAX_LENGTH;
default: default:
/* Shouldn't happen */ /* Shouldn't happen */
break; break;
} }
return 0; return 0;
@ -614,40 +613,40 @@ MSG_PROCESS_RETURN ossl_statem_client_process_message(SSL *s, PACKET *pkt)
{ {
OSSL_STATEM *st = &s->statem; OSSL_STATEM *st = &s->statem;
switch(st->hand_state) { switch (st->hand_state) {
case TLS_ST_CR_SRVR_HELLO: case TLS_ST_CR_SRVR_HELLO:
return tls_process_server_hello(s, pkt); return tls_process_server_hello(s, pkt);
case DTLS_ST_CR_HELLO_VERIFY_REQUEST: case DTLS_ST_CR_HELLO_VERIFY_REQUEST:
return dtls_process_hello_verify(s, pkt); return dtls_process_hello_verify(s, pkt);
case TLS_ST_CR_CERT: case TLS_ST_CR_CERT:
return tls_process_server_certificate(s, pkt); return tls_process_server_certificate(s, pkt);
case TLS_ST_CR_CERT_STATUS: case TLS_ST_CR_CERT_STATUS:
return tls_process_cert_status(s, pkt); return tls_process_cert_status(s, pkt);
case TLS_ST_CR_KEY_EXCH: case TLS_ST_CR_KEY_EXCH:
return tls_process_key_exchange(s, pkt); return tls_process_key_exchange(s, pkt);
case TLS_ST_CR_CERT_REQ: case TLS_ST_CR_CERT_REQ:
return tls_process_certificate_request(s, pkt); return tls_process_certificate_request(s, pkt);
case TLS_ST_CR_SRVR_DONE: case TLS_ST_CR_SRVR_DONE:
return tls_process_server_done(s, pkt); return tls_process_server_done(s, pkt);
case TLS_ST_CR_CHANGE: case TLS_ST_CR_CHANGE:
return tls_process_change_cipher_spec(s, pkt); return tls_process_change_cipher_spec(s, pkt);
case TLS_ST_CR_SESSION_TICKET: case TLS_ST_CR_SESSION_TICKET:
return tls_process_new_session_ticket(s, pkt); return tls_process_new_session_ticket(s, pkt);
case TLS_ST_CR_FINISHED: case TLS_ST_CR_FINISHED:
return tls_process_finished(s, pkt); return tls_process_finished(s, pkt);
default: default:
/* Shouldn't happen */ /* Shouldn't happen */
break; break;
} }
return MSG_PROCESS_ERROR; return MSG_PROCESS_ERROR;
@ -661,7 +660,7 @@ WORK_STATE ossl_statem_client_post_process_message(SSL *s, WORK_STATE wst)
{ {
OSSL_STATEM *st = &s->statem; OSSL_STATEM *st = &s->statem;
switch(st->hand_state) { switch (st->hand_state) {
case TLS_ST_CR_CERT_REQ: case TLS_ST_CR_CERT_REQ:
return tls_prepare_client_certificate(s, wst); return tls_prepare_client_certificate(s, wst);
@ -711,8 +710,7 @@ int tls_construct_client_hello(SSL *s)
goto err; goto err;
} }
if ((sess == NULL) || if ((sess == NULL) || !ssl_version_supported(s, sess->ssl_version) ||
!ssl_version_supported(s, sess->ssl_version) ||
/* /*
* In the case of EAP-FAST, we can have a pre-shared * In the case of EAP-FAST, we can have a pre-shared
* "ticket" without a session ID. * "ticket" without a session ID.
@ -742,8 +740,7 @@ int tls_construct_client_hello(SSL *s)
} else } else
i = 1; i = 1;
if (i && ssl_fill_hello_random(s, 0, p, if (i && ssl_fill_hello_random(s, 0, p, sizeof(s->s3->client_random)) <= 0)
sizeof(s->s3->client_random)) <= 0)
goto err; goto err;
/* Do the message type and length last */ /* Do the message type and length last */
@ -846,7 +843,7 @@ int tls_construct_client_hello(SSL *s)
*(p++) = comp->id; *(p++) = comp->id;
} }
#endif #endif
*(p++) = 0; /* Add the NULL method */ *(p++) = 0; /* Add the NULL method */
/* TLS extensions */ /* TLS extensions */
if (ssl_prepare_clienthello_tlsext(s) <= 0) { if (ssl_prepare_clienthello_tlsext(s) <= 0) {
@ -881,7 +878,7 @@ MSG_PROCESS_RETURN dtls_process_hello_verify(SSL *s, PACKET *pkt)
PACKET cookiepkt; PACKET cookiepkt;
if (!PACKET_forward(pkt, 2) if (!PACKET_forward(pkt, 2)
|| !PACKET_get_length_prefixed_1(pkt, &cookiepkt)) { || !PACKET_get_length_prefixed_1(pkt, &cookiepkt)) {
al = SSL_AD_DECODE_ERROR; al = SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_DTLS_PROCESS_HELLO_VERIFY, SSL_R_LENGTH_MISMATCH); SSLerr(SSL_F_DTLS_PROCESS_HELLO_VERIFY, SSL_R_LENGTH_MISMATCH);
goto f_err; goto f_err;
@ -1145,7 +1142,6 @@ MSG_PROCESS_RETURN tls_process_server_hello(SSL *s, PACKET *pkt)
SSLerr(SSL_F_TLS_PROCESS_SERVER_HELLO, SSL_R_BAD_PACKET_LENGTH); SSLerr(SSL_F_TLS_PROCESS_SERVER_HELLO, SSL_R_BAD_PACKET_LENGTH);
goto f_err; goto f_err;
} }
#ifndef OPENSSL_NO_SCTP #ifndef OPENSSL_NO_SCTP
if (SSL_IS_DTLS(s) && s->hit) { if (SSL_IS_DTLS(s) && s->hit) {
unsigned char sctpauthkey[64]; unsigned char sctpauthkey[64];
@ -1159,10 +1155,9 @@ MSG_PROCESS_RETURN tls_process_server_hello(SSL *s, PACKET *pkt)
sizeof(DTLS1_SCTP_AUTH_LABEL)); sizeof(DTLS1_SCTP_AUTH_LABEL));
if (SSL_export_keying_material(s, sctpauthkey, if (SSL_export_keying_material(s, sctpauthkey,
sizeof(sctpauthkey), sizeof(sctpauthkey),
labelbuffer, labelbuffer,
sizeof(labelbuffer), NULL, 0, sizeof(labelbuffer), NULL, 0, 0) <= 0)
0) <= 0)
goto err; goto err;
BIO_ctrl(SSL_get_wbio(s), BIO_ctrl(SSL_get_wbio(s),
@ -1194,14 +1189,14 @@ MSG_PROCESS_RETURN tls_process_server_certificate(SSL *s, PACKET *pkt)
} }
if (!PACKET_get_net_3(pkt, &cert_list_len) if (!PACKET_get_net_3(pkt, &cert_list_len)
|| PACKET_remaining(pkt) != cert_list_len) { || PACKET_remaining(pkt) != cert_list_len) {
al = SSL_AD_DECODE_ERROR; al = SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_TLS_PROCESS_SERVER_CERTIFICATE, SSL_R_LENGTH_MISMATCH); SSLerr(SSL_F_TLS_PROCESS_SERVER_CERTIFICATE, SSL_R_LENGTH_MISMATCH);
goto f_err; goto f_err;
} }
while (PACKET_remaining(pkt)) { while (PACKET_remaining(pkt)) {
if (!PACKET_get_net_3(pkt, &cert_len) if (!PACKET_get_net_3(pkt, &cert_len)
|| !PACKET_get_bytes(pkt, &certbytes, cert_len)) { || !PACKET_get_bytes(pkt, &certbytes, cert_len)) {
al = SSL_AD_DECODE_ERROR; al = SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_TLS_PROCESS_SERVER_CERTIFICATE, SSLerr(SSL_F_TLS_PROCESS_SERVER_CERTIFICATE,
SSL_R_CERT_LENGTH_MISMATCH); SSL_R_CERT_LENGTH_MISMATCH);
@ -1274,9 +1269,9 @@ MSG_PROCESS_RETURN tls_process_server_certificate(SSL *s, PACKET *pkt)
exp_idx = ssl_cipher_get_cert_index(s->s3->tmp.new_cipher); exp_idx = ssl_cipher_get_cert_index(s->s3->tmp.new_cipher);
if (exp_idx >= 0 && i != exp_idx if (exp_idx >= 0 && i != exp_idx
&& (exp_idx != SSL_PKEY_GOST_EC || && (exp_idx != SSL_PKEY_GOST_EC ||
(i != SSL_PKEY_GOST12_512 && i != SSL_PKEY_GOST12_256 (i != SSL_PKEY_GOST12_512 && i != SSL_PKEY_GOST12_256
&& i != SSL_PKEY_GOST01))) { && i != SSL_PKEY_GOST01))) {
x = NULL; x = NULL;
al = SSL_AD_ILLEGAL_PARAMETER; al = SSL_AD_ILLEGAL_PARAMETER;
SSLerr(SSL_F_TLS_PROCESS_SERVER_CERTIFICATE, SSLerr(SSL_F_TLS_PROCESS_SERVER_CERTIFICATE,
@ -1333,7 +1328,7 @@ static int tls_process_ske_psk_preamble(SSL *s, PACKET *pkt, int *al)
OPENSSL_free(s->session->psk_identity_hint); OPENSSL_free(s->session->psk_identity_hint);
s->session->psk_identity_hint = NULL; s->session->psk_identity_hint = NULL;
} else if (!PACKET_strndup(&psk_identity_hint, } else if (!PACKET_strndup(&psk_identity_hint,
&s->session->psk_identity_hint)) { &s->session->psk_identity_hint)) {
*al = SSL_AD_INTERNAL_ERROR; *al = SSL_AD_INTERNAL_ERROR;
return 0; return 0;
} }
@ -1384,7 +1379,7 @@ static int tls_process_ske_srp(SSL *s, PACKET *pkt, EVP_PKEY **pkey, int *al)
} }
/* We must check if there is a certificate */ /* We must check if there is a certificate */
if (s->s3->tmp.new_cipher->algorithm_auth & (SSL_aRSA|SSL_aDSS)) if (s->s3->tmp.new_cipher->algorithm_auth & (SSL_aRSA | SSL_aDSS))
*pkey = X509_get0_pubkey(s->session->peer); *pkey = X509_get0_pubkey(s->session->peer);
return 1; return 1;
@ -1422,8 +1417,7 @@ static int tls_process_ske_dhe(SSL *s, PACKET *pkt, EVP_PKEY **pkey, int *al)
} }
p = BN_bin2bn(PACKET_data(&prime), PACKET_remaining(&prime), NULL); p = BN_bin2bn(PACKET_data(&prime), PACKET_remaining(&prime), NULL);
g = BN_bin2bn(PACKET_data(&generator), PACKET_remaining(&generator), g = BN_bin2bn(PACKET_data(&generator), PACKET_remaining(&generator), NULL);
NULL);
bnpub_key = BN_bin2bn(PACKET_data(&pub_key), PACKET_remaining(&pub_key), bnpub_key = BN_bin2bn(PACKET_data(&pub_key), PACKET_remaining(&pub_key),
NULL); NULL);
if (p == NULL || g == NULL || bnpub_key == NULL) { if (p == NULL || g == NULL || bnpub_key == NULL) {
@ -1470,7 +1464,7 @@ static int tls_process_ske_dhe(SSL *s, PACKET *pkt, EVP_PKEY **pkey, int *al)
* FIXME: This makes assumptions about which ciphersuites come with * FIXME: This makes assumptions about which ciphersuites come with
* public keys. We should have a less ad-hoc way of doing this * public keys. We should have a less ad-hoc way of doing this
*/ */
if (s->s3->tmp.new_cipher->algorithm_auth & (SSL_aRSA|SSL_aDSS)) if (s->s3->tmp.new_cipher->algorithm_auth & (SSL_aRSA | SSL_aDSS))
*pkey = X509_get0_pubkey(s->session->peer); *pkey = X509_get0_pubkey(s->session->peer);
/* else anonymous DH, so no certificate or pkey. */ /* else anonymous DH, so no certificate or pkey. */
@ -1522,7 +1516,7 @@ static int tls_process_ske_ecdhe(SSL *s, PACKET *pkt, EVP_PKEY **pkey, int *al)
curve_nid = tls1_ec_curve_id2nid(*(ecparams + 2), &curve_flags); curve_nid = tls1_ec_curve_id2nid(*(ecparams + 2), &curve_flags);
if (curve_nid == 0) { if (curve_nid == 0) {
*al = SSL_AD_INTERNAL_ERROR; *al = SSL_AD_INTERNAL_ERROR;
SSLerr(SSL_F_TLS_PROCESS_SKE_ECDHE, SSLerr(SSL_F_TLS_PROCESS_SKE_ECDHE,
SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS); SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS);
@ -1689,7 +1683,8 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt)
if (PACKET_remaining(&signature) > (size_t)maxsig) { if (PACKET_remaining(&signature) > (size_t)maxsig) {
/* wrong packet length */ /* wrong packet length */
al = SSL_AD_DECODE_ERROR; al = SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, SSL_R_WRONG_SIGNATURE_LENGTH); SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE,
SSL_R_WRONG_SIGNATURE_LENGTH);
goto err; goto err;
} }
@ -1701,12 +1696,12 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt)
} }
if (EVP_VerifyInit_ex(md_ctx, md, NULL) <= 0 if (EVP_VerifyInit_ex(md_ctx, md, NULL) <= 0
|| EVP_VerifyUpdate(md_ctx, &(s->s3->client_random[0]), || EVP_VerifyUpdate(md_ctx, &(s->s3->client_random[0]),
SSL3_RANDOM_SIZE) <= 0 SSL3_RANDOM_SIZE) <= 0
|| EVP_VerifyUpdate(md_ctx, &(s->s3->server_random[0]), || EVP_VerifyUpdate(md_ctx, &(s->s3->server_random[0]),
SSL3_RANDOM_SIZE) <= 0 SSL3_RANDOM_SIZE) <= 0
|| EVP_VerifyUpdate(md_ctx, PACKET_data(&params), || EVP_VerifyUpdate(md_ctx, PACKET_data(&params),
PACKET_remaining(&params)) <= 0) { PACKET_remaining(&params)) <= 0) {
EVP_MD_CTX_free(md_ctx); EVP_MD_CTX_free(md_ctx);
al = SSL_AD_INTERNAL_ERROR; al = SSL_AD_INTERNAL_ERROR;
SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, ERR_R_EVP_LIB); SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, ERR_R_EVP_LIB);
@ -1724,7 +1719,7 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt)
} else { } else {
/* aNULL, aSRP or PSK do not need public keys */ /* aNULL, aSRP or PSK do not need public keys */
if (!(s->s3->tmp.new_cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP)) if (!(s->s3->tmp.new_cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP))
&& !(alg_k & SSL_PSK)) { && !(alg_k & SSL_PSK)) {
/* Might be wrong key type, check it */ /* Might be wrong key type, check it */
if (ssl3_check_cert_and_algorithm(s)) { if (ssl3_check_cert_and_algorithm(s)) {
/* Otherwise this shouldn't happen */ /* Otherwise this shouldn't happen */
@ -1767,7 +1762,7 @@ MSG_PROCESS_RETURN tls_process_certificate_request(SSL *s, PACKET *pkt)
/* get the certificate types */ /* get the certificate types */
if (!PACKET_get_1(pkt, &ctype_num) if (!PACKET_get_1(pkt, &ctype_num)
|| !PACKET_get_bytes(pkt, &data, ctype_num)) { || !PACKET_get_bytes(pkt, &data, ctype_num)) {
ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
SSLerr(SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST, SSL_R_LENGTH_MISMATCH); SSLerr(SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST, SSL_R_LENGTH_MISMATCH);
goto err; goto err;
@ -1790,7 +1785,7 @@ MSG_PROCESS_RETURN tls_process_certificate_request(SSL *s, PACKET *pkt)
if (SSL_USE_SIGALGS(s)) { if (SSL_USE_SIGALGS(s)) {
if (!PACKET_get_net_2(pkt, &list_len) if (!PACKET_get_net_2(pkt, &list_len)
|| !PACKET_get_bytes(pkt, &data, list_len)) { || !PACKET_get_bytes(pkt, &data, list_len)) {
ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
SSLerr(SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST, SSLerr(SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST,
SSL_R_LENGTH_MISMATCH); SSL_R_LENGTH_MISMATCH);
@ -1819,7 +1814,7 @@ MSG_PROCESS_RETURN tls_process_certificate_request(SSL *s, PACKET *pkt)
/* get the CA RDNs */ /* get the CA RDNs */
if (!PACKET_get_net_2(pkt, &list_len) if (!PACKET_get_net_2(pkt, &list_len)
|| PACKET_remaining(pkt) != list_len) { || PACKET_remaining(pkt) != list_len) {
ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
SSLerr(SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST, SSL_R_LENGTH_MISMATCH); SSLerr(SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST, SSL_R_LENGTH_MISMATCH);
goto err; goto err;
@ -1827,7 +1822,7 @@ MSG_PROCESS_RETURN tls_process_certificate_request(SSL *s, PACKET *pkt)
while (PACKET_remaining(pkt)) { while (PACKET_remaining(pkt)) {
if (!PACKET_get_net_2(pkt, &name_len) if (!PACKET_get_net_2(pkt, &name_len)
|| !PACKET_get_bytes(pkt, &namebytes, name_len)) { || !PACKET_get_bytes(pkt, &namebytes, name_len)) {
ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
SSLerr(SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST, SSLerr(SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST,
SSL_R_LENGTH_MISMATCH); SSL_R_LENGTH_MISMATCH);
@ -1885,8 +1880,8 @@ MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL *s, PACKET *pkt)
unsigned long ticket_lifetime_hint; unsigned long ticket_lifetime_hint;
if (!PACKET_get_net_4(pkt, &ticket_lifetime_hint) if (!PACKET_get_net_4(pkt, &ticket_lifetime_hint)
|| !PACKET_get_net_2(pkt, &ticklen) || !PACKET_get_net_2(pkt, &ticklen)
|| PACKET_remaining(pkt) != ticklen) { || PACKET_remaining(pkt) != ticklen) {
al = SSL_AD_DECODE_ERROR; al = SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_TLS_PROCESS_NEW_SESSION_TICKET, SSL_R_LENGTH_MISMATCH); SSLerr(SSL_F_TLS_PROCESS_NEW_SESSION_TICKET, SSL_R_LENGTH_MISMATCH);
goto f_err; goto f_err;
@ -1968,13 +1963,13 @@ MSG_PROCESS_RETURN tls_process_cert_status(SSL *s, PACKET *pkt)
unsigned int type; unsigned int type;
if (!PACKET_get_1(pkt, &type) if (!PACKET_get_1(pkt, &type)
|| type != TLSEXT_STATUSTYPE_ocsp) { || type != TLSEXT_STATUSTYPE_ocsp) {
al = SSL_AD_DECODE_ERROR; al = SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_TLS_PROCESS_CERT_STATUS, SSL_R_UNSUPPORTED_STATUS_TYPE); SSLerr(SSL_F_TLS_PROCESS_CERT_STATUS, SSL_R_UNSUPPORTED_STATUS_TYPE);
goto f_err; goto f_err;
} }
if (!PACKET_get_net_3(pkt, &resplen) if (!PACKET_get_net_3(pkt, &resplen)
|| PACKET_remaining(pkt) != resplen) { || PACKET_remaining(pkt) != resplen) {
al = SSL_AD_DECODE_ERROR; al = SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_TLS_PROCESS_CERT_STATUS, SSL_R_LENGTH_MISMATCH); SSLerr(SSL_F_TLS_PROCESS_CERT_STATUS, SSL_R_LENGTH_MISMATCH);
goto f_err; goto f_err;
@ -2007,7 +2002,6 @@ MSG_PROCESS_RETURN tls_process_server_done(SSL *s, PACKET *pkt)
ossl_statem_set_error(s); ossl_statem_set_error(s);
return MSG_PROCESS_ERROR; return MSG_PROCESS_ERROR;
} }
#ifndef OPENSSL_NO_SRP #ifndef OPENSSL_NO_SRP
if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kSRP) { if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kSRP) {
if (SRP_Calc_A_param(s) <= 0) { if (SRP_Calc_A_param(s) <= 0) {
@ -2050,7 +2044,6 @@ MSG_PROCESS_RETURN tls_process_server_done(SSL *s, PACKET *pkt)
return MSG_PROCESS_ERROR; return MSG_PROCESS_ERROR;
} }
} }
#ifndef OPENSSL_NO_CT #ifndef OPENSSL_NO_CT
if (s->ct_validation_callback != NULL) { if (s->ct_validation_callback != NULL) {
/* Note we validate the SCTs whether or not we abort on error */ /* Note we validate the SCTs whether or not we abort on error */
@ -2064,7 +2057,7 @@ MSG_PROCESS_RETURN tls_process_server_done(SSL *s, PACKET *pkt)
#ifndef OPENSSL_NO_SCTP #ifndef OPENSSL_NO_SCTP
/* Only applies to renegotiation */ /* Only applies to renegotiation */
if (SSL_IS_DTLS(s) && BIO_dgram_is_sctp(SSL_get_wbio(s)) if (SSL_IS_DTLS(s) && BIO_dgram_is_sctp(SSL_get_wbio(s))
&& s->renegotiate != 0) && s->renegotiate != 0)
return MSG_PROCESS_CONTINUE_PROCESSING; return MSG_PROCESS_CONTINUE_PROCESSING;
else else
#endif #endif
@ -2379,8 +2372,8 @@ static int tls_construct_cke_gost(SSL *s, unsigned char **p, int *len, int *al)
} }
if (EVP_PKEY_encrypt_init(pkey_ctx) <= 0 if (EVP_PKEY_encrypt_init(pkey_ctx) <= 0
/* Generate session key */ /* Generate session key */
|| RAND_bytes(pms, pmslen) <= 0) { || RAND_bytes(pms, pmslen) <= 0) {
*al = SSL_AD_INTERNAL_ERROR; *al = SSL_AD_INTERNAL_ERROR;
SSLerr(SSL_F_TLS_CONSTRUCT_CKE_GOST, ERR_R_INTERNAL_ERROR); SSLerr(SSL_F_TLS_CONSTRUCT_CKE_GOST, ERR_R_INTERNAL_ERROR);
goto err; goto err;
@ -2389,8 +2382,7 @@ static int tls_construct_cke_gost(SSL *s, unsigned char **p, int *len, int *al)
* If we have client certificate, use its secret as peer key * If we have client certificate, use its secret as peer key
*/ */
if (s->s3->tmp.cert_req && s->cert->key->privatekey) { if (s->s3->tmp.cert_req && s->cert->key->privatekey) {
if (EVP_PKEY_derive_set_peer if (EVP_PKEY_derive_set_peer(pkey_ctx, s->cert->key->privatekey) <= 0) {
(pkey_ctx, s->cert->key->privatekey) <= 0) {
/* /*
* If there was an error - just ignore it. Ephemeral key * If there was an error - just ignore it. Ephemeral key
* * would be used * * would be used
@ -2404,12 +2396,12 @@ static int tls_construct_cke_gost(SSL *s, unsigned char **p, int *len, int *al)
*/ */
ukm_hash = EVP_MD_CTX_new(); ukm_hash = EVP_MD_CTX_new();
if (ukm_hash == NULL if (ukm_hash == NULL
|| EVP_DigestInit(ukm_hash, EVP_get_digestbynid(dgst_nid)) <= 0 || EVP_DigestInit(ukm_hash, EVP_get_digestbynid(dgst_nid)) <= 0
|| EVP_DigestUpdate(ukm_hash, s->s3->client_random, || EVP_DigestUpdate(ukm_hash, s->s3->client_random,
SSL3_RANDOM_SIZE) <= 0 SSL3_RANDOM_SIZE) <= 0
|| EVP_DigestUpdate(ukm_hash, s->s3->server_random, || EVP_DigestUpdate(ukm_hash, s->s3->server_random,
SSL3_RANDOM_SIZE) <= 0 SSL3_RANDOM_SIZE) <= 0
|| EVP_DigestFinal_ex(ukm_hash, shared_ukm, &md_len) <= 0) { || EVP_DigestFinal_ex(ukm_hash, shared_ukm, &md_len) <= 0) {
*al = SSL_AD_INTERNAL_ERROR; *al = SSL_AD_INTERNAL_ERROR;
SSLerr(SSL_F_TLS_CONSTRUCT_CKE_GOST, ERR_R_INTERNAL_ERROR); SSLerr(SSL_F_TLS_CONSTRUCT_CKE_GOST, ERR_R_INTERNAL_ERROR);
goto err; goto err;
@ -2506,7 +2498,7 @@ int tls_construct_client_key_exchange(SSL *s)
p = ssl_handshake_start(s); p = ssl_handshake_start(s);
if ((alg_k & SSL_PSK) if ((alg_k & SSL_PSK)
&& !tls_construct_cke_psk_preamble(s, &p, &pskhdrlen, &al)) && !tls_construct_cke_psk_preamble(s, &p, &pskhdrlen, &al))
goto err; goto err;
if (alg_k & SSL_kPSK) { if (alg_k & SSL_kPSK) {
@ -2603,8 +2595,8 @@ int tls_client_key_exchange_post_work(SSL *s)
sizeof(DTLS1_SCTP_AUTH_LABEL)); sizeof(DTLS1_SCTP_AUTH_LABEL));
if (SSL_export_keying_material(s, sctpauthkey, if (SSL_export_keying_material(s, sctpauthkey,
sizeof(sctpauthkey), labelbuffer, sizeof(sctpauthkey), labelbuffer,
sizeof(labelbuffer), NULL, 0, 0) <= 0) sizeof(labelbuffer), NULL, 0, 0) <= 0)
goto err; goto err;
BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY, BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY,
@ -2917,8 +2909,7 @@ int ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey)
return i; return i;
} }
int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, unsigned char *p)
unsigned char *p)
{ {
int i, j = 0; int i, j = 0;
const SSL_CIPHER *c; const SSL_CIPHER *c;

42
ssl/statem/statem_dtls.c
View File

@ -124,8 +124,7 @@ int dtls1_do_write(SSL *s, int type)
if (s->init_off == 0 && type == SSL3_RT_HANDSHAKE) if (s->init_off == 0 && type == SSL3_RT_HANDSHAKE)
OPENSSL_assert(s->init_num == OPENSSL_assert(s->init_num ==
(int)s->d1->w_msg_hdr.msg_len + (int)s->d1->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH);
DTLS1_HM_HEADER_LENGTH);
if (s->write_hash) { if (s->write_hash) {
if (s->enc_write_ctx if (s->enc_write_ctx
@ -230,16 +229,14 @@ int dtls1_do_write(SSL *s, int type)
*/ */
return -1; return -1;
} }
dtls1_fix_message_header(s, frag_off, dtls1_fix_message_header(s, frag_off, len - DTLS1_HM_HEADER_LENGTH);
len - DTLS1_HM_HEADER_LENGTH);
dtls1_write_message_header(s, dtls1_write_message_header(s,
(unsigned char *)&s->init_buf-> (unsigned char *)&s->init_buf->
data[s->init_off]); data[s->init_off]);
} }
ret = dtls1_write_bytes(s, type, &s->init_buf->data[s->init_off], ret = dtls1_write_bytes(s, type, &s->init_buf->data[s->init_off], len);
len);
if (ret < 0) { if (ret < 0) {
/* /*
* might need to update MTU here, but we don't know which * might need to update MTU here, but we don't know which
@ -339,8 +336,7 @@ int dtls_get_message(SSL *s, int *mt, unsigned long *len)
again: again:
ok = dtls_get_reassembled_message(s, &tmplen); ok = dtls_get_reassembled_message(s, &tmplen);
if (tmplen == DTLS1_HM_BAD_FRAGMENT if (tmplen == DTLS1_HM_BAD_FRAGMENT || tmplen == DTLS1_HM_FRAGMENT_RETRY) {
|| tmplen == DTLS1_HM_FRAGMENT_RETRY) {
/* bad fragment received */ /* bad fragment received */
goto again; goto again;
} else if (tmplen <= 0 && !ok) { } else if (tmplen <= 0 && !ok) {
@ -386,7 +382,6 @@ int dtls_get_message(SSL *s, int *mt, unsigned long *len)
s->d1->handshake_read_seq++; s->d1->handshake_read_seq++;
s->init_msg = s->init_buf->data + DTLS1_HM_HEADER_LENGTH; s->init_msg = s->init_buf->data + DTLS1_HM_HEADER_LENGTH;
*len = s->init_num; *len = s->init_num;
@ -412,8 +407,7 @@ static int dtls1_preprocess_fragment(SSL *s, struct hm_header_st *msg_hdr)
* msg_len is limited to 2^24, but is effectively checked against max * msg_len is limited to 2^24, but is effectively checked against max
* above * above
*/ */
if (!BUF_MEM_grow_clean if (!BUF_MEM_grow_clean(s->init_buf, msg_len + DTLS1_HM_HEADER_LENGTH)) {
(s->init_buf, msg_len + DTLS1_HM_HEADER_LENGTH)) {
SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT, ERR_R_BUF_LIB); SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT, ERR_R_BUF_LIB);
return SSL_AD_INTERNAL_ERROR; return SSL_AD_INTERNAL_ERROR;
} }
@ -639,8 +633,7 @@ dtls1_process_out_of_seq_message(SSL *s, const struct hm_header_st *msg_hdr,
*/ */
if (msg_hdr->seq <= s->d1->handshake_read_seq || if (msg_hdr->seq <= s->d1->handshake_read_seq ||
msg_hdr->seq > s->d1->handshake_read_seq + 10 || item != NULL || msg_hdr->seq > s->d1->handshake_read_seq + 10 || item != NULL ||
(s->d1->handshake_read_seq == 0 && msg_hdr->type == SSL3_MT_FINISHED)) (s->d1->handshake_read_seq == 0 && msg_hdr->type == SSL3_MT_FINISHED)) {
{
unsigned char devnull[256]; unsigned char devnull[256];
while (frag_len) { while (frag_len) {
@ -975,8 +968,7 @@ int dtls1_retransmit_buffered_messages(SSL *s)
if (dtls1_retransmit_message(s, (unsigned short) if (dtls1_retransmit_message(s, (unsigned short)
dtls1_get_queue_priority dtls1_get_queue_priority
(frag->msg_header.seq, (frag->msg_header.seq,
frag->msg_header.is_ccs), frag->msg_header.is_ccs), &found) <= 0)
&found) <= 0)
return -1; return -1;
} }
@ -1004,7 +996,8 @@ int dtls1_buffer_message(SSL *s, int is_ccs)
if (is_ccs) { if (is_ccs) {
/* For DTLS1_BAD_VER the header length is non-standard */ /* For DTLS1_BAD_VER the header length is non-standard */
OPENSSL_assert(s->d1->w_msg_hdr.msg_len + OPENSSL_assert(s->d1->w_msg_hdr.msg_len +
((s->version==DTLS1_BAD_VER)?3:DTLS1_CCS_HEADER_LENGTH) ((s->version ==
DTLS1_BAD_VER) ? 3 : DTLS1_CCS_HEADER_LENGTH)
== (unsigned int)s->init_num); == (unsigned int)s->init_num);
} else { } else {
OPENSSL_assert(s->d1->w_msg_hdr.msg_len + OPENSSL_assert(s->d1->w_msg_hdr.msg_len +
@ -1046,8 +1039,7 @@ int dtls1_buffer_message(SSL *s, int is_ccs)
return 1; return 1;
} }
int int dtls1_retransmit_message(SSL *s, unsigned short seq, int *found)
dtls1_retransmit_message(SSL *s, unsigned short seq, int *found)
{ {
int ret; int ret;
/* XDTLS: for now assuming that read/writes are blocking */ /* XDTLS: for now assuming that read/writes are blocking */
@ -1106,7 +1098,8 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, int *found)
s->compress = frag->msg_header.saved_retransmit_state.compress; s->compress = frag->msg_header.saved_retransmit_state.compress;
s->session = frag->msg_header.saved_retransmit_state.session; s->session = frag->msg_header.saved_retransmit_state.session;
DTLS_RECORD_LAYER_set_saved_w_epoch(&s->rlayer, DTLS_RECORD_LAYER_set_saved_w_epoch(&s->rlayer,
frag->msg_header.saved_retransmit_state.epoch); frag->msg_header.
saved_retransmit_state.epoch);
ret = dtls1_do_write(s, frag->msg_header.is_ccs ? ret = dtls1_do_write(s, frag->msg_header.is_ccs ?
SSL3_RT_CHANGE_CIPHER_SPEC : SSL3_RT_HANDSHAKE); SSL3_RT_CHANGE_CIPHER_SPEC : SSL3_RT_HANDSHAKE);
@ -1138,8 +1131,7 @@ void dtls1_clear_record_buffer(SSL *s)
void dtls1_set_message_header(SSL *s, void dtls1_set_message_header(SSL *s,
unsigned char mt, unsigned long len, unsigned char mt, unsigned long len,
unsigned long frag_off, unsigned long frag_off, unsigned long frag_len)
unsigned long frag_len)
{ {
if (frag_off == 0) { if (frag_off == 0) {
s->d1->handshake_write_seq = s->d1->next_handshake_write_seq; s->d1->handshake_write_seq = s->d1->next_handshake_write_seq;
@ -1166,8 +1158,7 @@ dtls1_set_message_header_int(SSL *s, unsigned char mt,
} }
static void static void
dtls1_fix_message_header(SSL *s, unsigned long frag_off, dtls1_fix_message_header(SSL *s, unsigned long frag_off, unsigned long frag_len)
unsigned long frag_len)
{ {
struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr; struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;
@ -1189,8 +1180,7 @@ static unsigned char *dtls1_write_message_header(SSL *s, unsigned char *p)
return p; return p;
} }
void void dtls1_get_message_header(unsigned char *data, struct hm_header_st *msg_hdr)
dtls1_get_message_header(unsigned char *data, struct hm_header_st *msg_hdr)
{ {
memset(msg_hdr, 0, sizeof(*msg_hdr)); memset(msg_hdr, 0, sizeof(*msg_hdr));
msg_hdr->type = *(data++); msg_hdr->type = *(data++);
@ -1200,5 +1190,3 @@ dtls1_get_message_header(unsigned char *data, struct hm_header_st *msg_hdr)
n2l3(data, msg_hdr->frag_off); n2l3(data, msg_hdr->frag_off);
n2l3(data, msg_hdr->frag_len); n2l3(data, msg_hdr->frag_len);
} }

77
ssl/statem/statem_lib.c
View File

@ -138,13 +138,13 @@ MSG_PROCESS_RETURN tls_process_change_cipher_spec(SSL *s, PACKET *pkt)
*/ */
if (SSL_IS_DTLS(s)) { if (SSL_IS_DTLS(s)) {
if ((s->version == DTLS1_BAD_VER if ((s->version == DTLS1_BAD_VER
&& remain != DTLS1_CCS_HEADER_LENGTH + 1) && remain != DTLS1_CCS_HEADER_LENGTH + 1)
|| (s->version != DTLS1_BAD_VER || (s->version != DTLS1_BAD_VER
&& remain != DTLS1_CCS_HEADER_LENGTH - 1)) { && remain != DTLS1_CCS_HEADER_LENGTH - 1)) {
al = SSL_AD_ILLEGAL_PARAMETER; al = SSL_AD_ILLEGAL_PARAMETER;
SSLerr(SSL_F_TLS_PROCESS_CHANGE_CIPHER_SPEC, SSLerr(SSL_F_TLS_PROCESS_CHANGE_CIPHER_SPEC,
SSL_R_BAD_CHANGE_CIPHER_SPEC); SSL_R_BAD_CHANGE_CIPHER_SPEC);
goto f_err; goto f_err;
} }
} else { } else {
if (remain != 0) { if (remain != 0) {
@ -349,16 +349,18 @@ int tls_get_message_header(SSL *s, int *mt)
do { do {
while (s->init_num < SSL3_HM_HEADER_LENGTH) { while (s->init_num < SSL3_HM_HEADER_LENGTH) {
i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, &recvd_type, i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, &recvd_type,
&p[s->init_num], SSL3_HM_HEADER_LENGTH - s->init_num, 0); &p[s->init_num],
SSL3_HM_HEADER_LENGTH - s->init_num,
0);
if (i <= 0) { if (i <= 0) {
s->rwstate = SSL_READING; s->rwstate = SSL_READING;
return 0; return 0;
} }
if (recvd_type == SSL3_RT_CHANGE_CIPHER_SPEC) { if (recvd_type == SSL3_RT_CHANGE_CIPHER_SPEC) {
/* /*
* A ChangeCipherSpec must be a single byte and may not occur * A ChangeCipherSpec must be a single byte and may not occur
* in the middle of a handshake message. * in the middle of a handshake message.
*/ */
if (s->init_num != 0 || i != 1 || p[0] != SSL3_MT_CCS) { if (s->init_num != 0 || i != 1 || p[0] != SSL3_MT_CCS) {
al = SSL_AD_UNEXPECTED_MESSAGE; al = SSL_AD_UNEXPECTED_MESSAGE;
SSLerr(SSL_F_TLS_GET_MESSAGE_HEADER, SSLerr(SSL_F_TLS_GET_MESSAGE_HEADER,
@ -428,7 +430,7 @@ int tls_get_message_header(SSL *s, int *mt)
goto f_err; goto f_err;
} }
if (l && !BUF_MEM_grow_clean(s->init_buf, if (l && !BUF_MEM_grow_clean(s->init_buf,
(int)l + SSL3_HM_HEADER_LENGTH)) { (int)l + SSL3_HM_HEADER_LENGTH)) {
SSLerr(SSL_F_TLS_GET_MESSAGE_HEADER, ERR_R_BUF_LIB); SSLerr(SSL_F_TLS_GET_MESSAGE_HEADER, ERR_R_BUF_LIB);
goto err; goto err;
} }
@ -490,11 +492,11 @@ int tls_get_message_body(SSL *s, unsigned long *len)
return 0; return 0;
} }
if (s->msg_callback) if (s->msg_callback)
s->msg_callback(0, SSL2_VERSION, 0, s->init_buf->data, s->msg_callback(0, SSL2_VERSION, 0, s->init_buf->data,
(size_t)s->init_num, s, s->msg_callback_arg); (size_t)s->init_num, s, s->msg_callback_arg);
} else { } else {
if (!ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, if (!ssl3_finish_mac(s, (unsigned char *)s->init_buf->data,
s->init_num + SSL3_HM_HEADER_LENGTH)) { s->init_num + SSL3_HM_HEADER_LENGTH)) {
SSLerr(SSL_F_TLS_GET_MESSAGE_BODY, ERR_R_EVP_LIB); SSLerr(SSL_F_TLS_GET_MESSAGE_BODY, ERR_R_EVP_LIB);
ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR); ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
*len = 0; *len = 0;
@ -522,8 +524,7 @@ int tls_get_message_body(SSL *s, unsigned long *len)
int ssl_cert_type(const X509 *x, const EVP_PKEY *pk) int ssl_cert_type(const X509 *x, const EVP_PKEY *pk)
{ {
if (pk == NULL && if (pk == NULL && (pk = X509_get0_pubkey(x)) == NULL)
(pk = X509_get0_pubkey(x)) == NULL)
return -1; return -1;
switch (EVP_PKEY_id(pk)) { switch (EVP_PKEY_id(pk)) {
@ -637,8 +638,8 @@ static int version_cmp(const SSL *s, int a, int b)
typedef struct { typedef struct {
int version; int version;
const SSL_METHOD *(*cmeth)(void); const SSL_METHOD *(*cmeth) (void);
const SSL_METHOD *(*smeth)(void); const SSL_METHOD *(*smeth) (void);
} version_info; } version_info;
#if TLS_MAX_VERSION != TLS1_2_VERSION #if TLS_MAX_VERSION != TLS1_2_VERSION
@ -647,26 +648,26 @@ typedef struct {
static const version_info tls_version_table[] = { static const version_info tls_version_table[] = {
#ifndef OPENSSL_NO_TLS1_2 #ifndef OPENSSL_NO_TLS1_2
{ TLS1_2_VERSION, tlsv1_2_client_method, tlsv1_2_server_method }, {TLS1_2_VERSION, tlsv1_2_client_method, tlsv1_2_server_method},
#else #else
{ TLS1_2_VERSION, NULL, NULL }, {TLS1_2_VERSION, NULL, NULL},
#endif #endif
#ifndef OPENSSL_NO_TLS1_1 #ifndef OPENSSL_NO_TLS1_1
{ TLS1_1_VERSION, tlsv1_1_client_method, tlsv1_1_server_method }, {TLS1_1_VERSION, tlsv1_1_client_method, tlsv1_1_server_method},
#else #else
{ TLS1_1_VERSION, NULL, NULL }, {TLS1_1_VERSION, NULL, NULL},
#endif #endif
#ifndef OPENSSL_NO_TLS1 #ifndef OPENSSL_NO_TLS1
{ TLS1_VERSION, tlsv1_client_method, tlsv1_server_method }, {TLS1_VERSION, tlsv1_client_method, tlsv1_server_method},
#else #else
{ TLS1_VERSION, NULL, NULL }, {TLS1_VERSION, NULL, NULL},
#endif #endif
#ifndef OPENSSL_NO_SSL3 #ifndef OPENSSL_NO_SSL3
{ SSL3_VERSION, sslv3_client_method, sslv3_server_method }, {SSL3_VERSION, sslv3_client_method, sslv3_server_method},
#else #else
{ SSL3_VERSION, NULL, NULL }, {SSL3_VERSION, NULL, NULL},
#endif #endif
{ 0, NULL, NULL }, {0, NULL, NULL},
}; };
#if DTLS_MAX_VERSION != DTLS1_2_VERSION #if DTLS_MAX_VERSION != DTLS1_2_VERSION
@ -675,18 +676,18 @@ static const version_info tls_version_table[] = {
static const version_info dtls_version_table[] = { static const version_info dtls_version_table[] = {
#ifndef OPENSSL_NO_DTLS1_2 #ifndef OPENSSL_NO_DTLS1_2
{ DTLS1_2_VERSION, dtlsv1_2_client_method, dtlsv1_2_server_method }, {DTLS1_2_VERSION, dtlsv1_2_client_method, dtlsv1_2_server_method},
#else #else
{ DTLS1_2_VERSION, NULL, NULL }, {DTLS1_2_VERSION, NULL, NULL},
#endif #endif
#ifndef OPENSSL_NO_DTLS1 #ifndef OPENSSL_NO_DTLS1
{ DTLS1_VERSION, dtlsv1_client_method, dtlsv1_server_method }, {DTLS1_VERSION, dtlsv1_client_method, dtlsv1_server_method},
{ DTLS1_BAD_VER, dtls_bad_ver_client_method, NULL }, {DTLS1_BAD_VER, dtls_bad_ver_client_method, NULL},
#else #else
{ DTLS1_VERSION, NULL, NULL }, {DTLS1_VERSION, NULL, NULL},
{ DTLS1_BAD_VER, NULL, NULL }, {DTLS1_BAD_VER, NULL, NULL},
#endif #endif
{ 0, NULL, NULL }, {0, NULL, NULL},
}; };
/* /*
@ -707,7 +708,7 @@ static int ssl_method_error(const SSL *s, const SSL_METHOD *method)
return SSL_R_VERSION_TOO_LOW; return SSL_R_VERSION_TOO_LOW;
if (s->max_proto_version != 0 && if (s->max_proto_version != 0 &&
version_cmp(s, version, s->max_proto_version) > 0) version_cmp(s, version, s->max_proto_version) > 0)
return SSL_R_VERSION_TOO_HIGH; return SSL_R_VERSION_TOO_HIGH;
if ((s->options & method->mask) != 0) if ((s->options & method->mask) != 0)
@ -794,8 +795,7 @@ int ssl_check_version_downgrade(SSL *s)
} }
for (vent = table; vent->version != 0; ++vent) { for (vent = table; vent->version != 0; ++vent) {
if (vent->smeth != NULL && if (vent->smeth != NULL && ssl_method_error(s, vent->smeth()) == 0)
ssl_method_error(s, vent->smeth()) == 0)
return s->version == vent->version; return s->version == vent->version;
} }
return 0; return 0;
@ -995,7 +995,8 @@ int ssl_choose_client_version(SSL *s, int version)
* Returns 0 on success or an SSL error reason number on failure. On failure * Returns 0 on success or an SSL error reason number on failure. On failure
* min_version and max_version will also be set to 0. * min_version and max_version will also be set to 0.
*/ */
int ssl_get_client_min_max_version(const SSL *s, int *min_version, int *max_version) int ssl_get_client_min_max_version(const SSL *s, int *min_version,
int *max_version)
{ {
int version; int version;
int hole; int hole;

11
ssl/statem/statem_locl.h
View File

@ -96,13 +96,12 @@ __owur int ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey);
__owur int tls_construct_client_key_exchange(SSL *s); __owur int tls_construct_client_key_exchange(SSL *s);
__owur int tls_client_key_exchange_post_work(SSL *s); __owur int tls_client_key_exchange_post_work(SSL *s);
__owur int tls_construct_cert_status(SSL *s); __owur int tls_construct_cert_status(SSL *s);
__owur MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, __owur MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt);
PACKET *pkt);
__owur MSG_PROCESS_RETURN tls_process_server_certificate(SSL *s, PACKET *pkt); __owur MSG_PROCESS_RETURN tls_process_server_certificate(SSL *s, PACKET *pkt);
__owur int ssl3_check_cert_and_algorithm(SSL *s); __owur int ssl3_check_cert_and_algorithm(SSL *s);
# ifndef OPENSSL_NO_NEXTPROTONEG #ifndef OPENSSL_NO_NEXTPROTONEG
__owur int tls_construct_next_proto(SSL *s); __owur int tls_construct_next_proto(SSL *s);
# endif #endif
__owur MSG_PROCESS_RETURN dtls_process_hello_verify(SSL *s, PACKET *pkt); __owur MSG_PROCESS_RETURN dtls_process_hello_verify(SSL *s, PACKET *pkt);
/* some server-only functions */ /* some server-only functions */
@ -119,7 +118,7 @@ __owur MSG_PROCESS_RETURN tls_process_client_certificate(SSL *s, PACKET *pkt);
__owur MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt); __owur MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt);
__owur WORK_STATE tls_post_process_client_key_exchange(SSL *s, WORK_STATE wst); __owur WORK_STATE tls_post_process_client_key_exchange(SSL *s, WORK_STATE wst);
__owur MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt); __owur MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt);
# ifndef OPENSSL_NO_NEXTPROTONEG #ifndef OPENSSL_NO_NEXTPROTONEG
__owur MSG_PROCESS_RETURN tls_process_next_proto(SSL *s, PACKET *pkt); __owur MSG_PROCESS_RETURN tls_process_next_proto(SSL *s, PACKET *pkt);
# endif #endif
__owur int tls_construct_new_session_ticket(SSL *s); __owur int tls_construct_new_session_ticket(SSL *s);

195
ssl/statem/statem_srvr.c
View File

@ -47,7 +47,6 @@
* OTHERWISE. * OTHERWISE.
*/ */
#include <stdio.h> #include <stdio.h>
#include "../ssl_locl.h" #include "../ssl_locl.h"
#include "statem_locl.h" #include "statem_locl.h"
@ -64,8 +63,9 @@
static STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s, static STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,
PACKET *cipher_suites, PACKET *cipher_suites,
STACK_OF(SSL_CIPHER) **skp, STACK_OF(SSL_CIPHER)
int sslv2format, int *al); **skp, int sslv2format,
int *al);
/* /*
* server_read_transition() encapsulates the logic for the allowed handshake * server_read_transition() encapsulates the logic for the allowed handshake
@ -237,7 +237,7 @@ static int send_server_key_exchange(SSL *s)
* the server certificate contains the server's public key for * the server certificate contains the server's public key for
* key exchange. * key exchange.
*/ */
if (alg_k & (SSL_kDHE|SSL_kECDHE) if (alg_k & (SSL_kDHE | SSL_kECDHE)
/* /*
* PSK: send ServerKeyExchange if PSK identity hint if * PSK: send ServerKeyExchange if PSK identity hint if
* provided * provided
@ -253,7 +253,7 @@ static int send_server_key_exchange(SSL *s)
/* SRP: send ServerKeyExchange */ /* SRP: send ServerKeyExchange */
|| (alg_k & SSL_kSRP) || (alg_k & SSL_kSRP)
#endif #endif
) { ) {
return 1; return 1;
} }
@ -284,11 +284,11 @@ static int send_certificate_request(SSL *s)
* RFC 2246): * RFC 2246):
*/ */
&& (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) && (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL)
/* /*
* ... except when the application insists on * ... except when the application insists on
* verification (against the specs, but statem_clnt.c accepts * verification (against the specs, but statem_clnt.c accepts
* this for SSL 3) * this for SSL 3)
*/ */
|| (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) || (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT))
/* don't request certificate for SRP auth */ /* don't request certificate for SRP auth */
&& !(s->s3->tmp.new_cipher->algorithm_auth & SSL_aSRP) && !(s->s3->tmp.new_cipher->algorithm_auth & SSL_aSRP)
@ -313,7 +313,7 @@ WRITE_TRAN ossl_statem_server_write_transition(SSL *s)
switch (st->hand_state) { switch (st->hand_state) {
case TLS_ST_BEFORE: case TLS_ST_BEFORE:
/* Just go straight to trying to read from the client */; /* Just go straight to trying to read from the client */
return WRITE_TRAN_FINISHED; return WRITE_TRAN_FINISHED;
case TLS_ST_OK: case TLS_ST_OK:
@ -328,7 +328,7 @@ WRITE_TRAN ossl_statem_server_write_transition(SSL *s)
case TLS_ST_SR_CLNT_HELLO: case TLS_ST_SR_CLNT_HELLO:
if (SSL_IS_DTLS(s) && !s->d1->cookie_verified if (SSL_IS_DTLS(s) && !s->d1->cookie_verified
&& (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE)) && (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE))
st->hand_state = DTLS_ST_SW_HELLO_VERIFY_REQUEST; st->hand_state = DTLS_ST_SW_HELLO_VERIFY_REQUEST;
else else
st->hand_state = TLS_ST_SW_SRVR_HELLO; st->hand_state = TLS_ST_SW_SRVR_HELLO;
@ -347,7 +347,7 @@ WRITE_TRAN ossl_statem_server_write_transition(SSL *s)
/* Check if it is anon DH or anon ECDH, */ /* Check if it is anon DH or anon ECDH, */
/* normal PSK or SRP */ /* normal PSK or SRP */
if (!(s->s3->tmp.new_cipher->algorithm_auth & if (!(s->s3->tmp.new_cipher->algorithm_auth &
(SSL_aNULL | SSL_aSRP | SSL_aPSK))) { (SSL_aNULL | SSL_aSRP | SSL_aPSK))) {
st->hand_state = TLS_ST_SW_CERT; st->hand_state = TLS_ST_SW_CERT;
} else if (send_server_key_exchange(s)) { } else if (send_server_key_exchange(s)) {
st->hand_state = TLS_ST_SW_KEY_EXCH; st->hand_state = TLS_ST_SW_KEY_EXCH;
@ -549,8 +549,9 @@ WORK_STATE ossl_statem_server_post_work(SSL *s, WORK_STATE wst)
sizeof(DTLS1_SCTP_AUTH_LABEL)); sizeof(DTLS1_SCTP_AUTH_LABEL));
if (SSL_export_keying_material(s, sctpauthkey, if (SSL_export_keying_material(s, sctpauthkey,
sizeof(sctpauthkey), labelbuffer, sizeof(sctpauthkey), labelbuffer,
sizeof(labelbuffer), NULL, 0, 0) <= 0) { sizeof(labelbuffer), NULL, 0,
0) <= 0) {
ossl_statem_set_error(s); ossl_statem_set_error(s);
return WORK_ERROR; return WORK_ERROR;
} }
@ -573,7 +574,8 @@ WORK_STATE ossl_statem_server_post_work(SSL *s, WORK_STATE wst)
} }
#endif #endif
if (!s->method->ssl3_enc->change_cipher_state(s, if (!s->method->ssl3_enc->change_cipher_state(s,
SSL3_CHANGE_CIPHER_SERVER_WRITE)) { SSL3_CHANGE_CIPHER_SERVER_WRITE))
{
ossl_statem_set_error(s); ossl_statem_set_error(s);
return WORK_ERROR; return WORK_ERROR;
} }
@ -786,11 +788,10 @@ WORK_STATE ossl_statem_server_post_process_message(SSL *s, WORK_STATE wst)
case TLS_ST_SR_CERT_VRFY: case TLS_ST_SR_CERT_VRFY:
#ifndef OPENSSL_NO_SCTP #ifndef OPENSSL_NO_SCTP
if ( /* Is this SCTP? */ if ( /* Is this SCTP? */
BIO_dgram_is_sctp(SSL_get_wbio(s)) BIO_dgram_is_sctp(SSL_get_wbio(s))
/* Are we renegotiating? */ /* Are we renegotiating? */
&& s->renegotiate && s->renegotiate && BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s))) {
&& BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s))) {
s->s3->in_read_app_data = 2; s->s3->in_read_app_data = 2;
s->rwstate = SSL_READING; s->rwstate = SSL_READING;
BIO_clear_retry_flags(SSL_get_rbio(s)); BIO_clear_retry_flags(SSL_get_rbio(s));
@ -847,8 +848,8 @@ int tls_construct_hello_request(SSL *s)
} }
unsigned int dtls_raw_hello_verify_request(unsigned char *buf, unsigned int dtls_raw_hello_verify_request(unsigned char *buf,
unsigned char *cookie, unsigned char *cookie,
unsigned char cookie_len) unsigned char cookie_len)
{ {
unsigned int msg_len; unsigned int msg_len;
unsigned char *p; unsigned char *p;
@ -884,10 +885,9 @@ int dtls_construct_hello_verify_request(SSL *s)
} }
len = dtls_raw_hello_verify_request(&buf[DTLS1_HM_HEADER_LENGTH], len = dtls_raw_hello_verify_request(&buf[DTLS1_HM_HEADER_LENGTH],
s->d1->cookie, s->d1->cookie_len); s->d1->cookie, s->d1->cookie_len);
dtls1_set_message_header(s, DTLS1_MT_HELLO_VERIFY_REQUEST, len, 0, dtls1_set_message_header(s, DTLS1_MT_HELLO_VERIFY_REQUEST, len, 0, len);
len);
len += DTLS1_HM_HEADER_LENGTH; len += DTLS1_HM_HEADER_LENGTH;
/* number of bytes to write */ /* number of bytes to write */
@ -936,7 +936,7 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt)
*/ */
if (!PACKET_get_1(pkt, &mt) if (!PACKET_get_1(pkt, &mt)
|| mt != SSL2_MT_CLIENT_HELLO) { || mt != SSL2_MT_CLIENT_HELLO) {
/* /*
* Should never happen. We should have tested this in the record * Should never happen. We should have tested this in the record
* layer in order to have determined that this is a SSLv2 record * layer in order to have determined that this is a SSLv2 record
@ -1012,8 +1012,8 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt)
PACKET challenge; PACKET challenge;
if (!PACKET_get_net_2(pkt, &cipher_len) if (!PACKET_get_net_2(pkt, &cipher_len)
|| !PACKET_get_net_2(pkt, &session_id_len) || !PACKET_get_net_2(pkt, &session_id_len)
|| !PACKET_get_net_2(pkt, &challenge_len)) { || !PACKET_get_net_2(pkt, &challenge_len)) {
SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO, SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO,
SSL_R_RECORD_LENGTH_MISMATCH); SSL_R_RECORD_LENGTH_MISMATCH);
al = SSL_AD_DECODE_ERROR; al = SSL_AD_DECODE_ERROR;
@ -1080,15 +1080,15 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt)
*/ */
if (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) { if (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) {
if (PACKET_remaining(&cookie) == 0) if (PACKET_remaining(&cookie) == 0)
return 1; return 1;
} }
} }
if (!PACKET_get_length_prefixed_2(pkt, &cipher_suites) if (!PACKET_get_length_prefixed_2(pkt, &cipher_suites)
|| !PACKET_get_length_prefixed_1(pkt, &compression)) { || !PACKET_get_length_prefixed_1(pkt, &compression)) {
al = SSL_AD_DECODE_ERROR; al = SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH); SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH);
goto f_err; goto f_err;
} }
/* Could be empty. */ /* Could be empty. */
extensions = *pkt; extensions = *pkt;
@ -1099,16 +1099,16 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt)
if (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) { if (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) {
if (s->ctx->app_verify_cookie_cb != NULL) { if (s->ctx->app_verify_cookie_cb != NULL) {
if (s->ctx->app_verify_cookie_cb(s, PACKET_data(&cookie), if (s->ctx->app_verify_cookie_cb(s, PACKET_data(&cookie),
PACKET_remaining(&cookie)) == 0) { PACKET_remaining(&cookie)) ==
0) {
al = SSL_AD_HANDSHAKE_FAILURE; al = SSL_AD_HANDSHAKE_FAILURE;
SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO, SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO,
SSL_R_COOKIE_MISMATCH); SSL_R_COOKIE_MISMATCH);
goto f_err; goto f_err;
/* else cookie verification succeeded */ /* else cookie verification succeeded */
} }
/* default verification */ /* default verification */
} else if (!PACKET_equal(&cookie, s->d1->cookie, } else if (!PACKET_equal(&cookie, s->d1->cookie, s->d1->cookie_len)) {
s->d1->cookie_len)) {
al = SSL_AD_HANDSHAKE_FAILURE; al = SSL_AD_HANDSHAKE_FAILURE;
SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO, SSL_R_COOKIE_MISMATCH); SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO, SSL_R_COOKIE_MISMATCH);
goto f_err; goto f_err;
@ -1183,8 +1183,7 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt)
id = s->session->cipher->id; id = s->session->cipher->id;
#ifdef CIPHER_DEBUG #ifdef CIPHER_DEBUG
fprintf(stderr, "client sent %d ciphers\n", fprintf(stderr, "client sent %d ciphers\n", sk_SSL_CIPHER_num(ciphers));
sk_SSL_CIPHER_num(ciphers));
#endif #endif
for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) { for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) {
c = sk_SSL_CIPHER_value(ciphers, i); c = sk_SSL_CIPHER_value(ciphers, i);
@ -1405,7 +1404,8 @@ WORK_STATE tls_post_process_client_hello(SSL *s, WORK_STATE wst)
int rv = s->cert->cert_cb(s, s->cert->cert_cb_arg); int rv = s->cert->cert_cb(s, s->cert->cert_cb_arg);
if (rv == 0) { if (rv == 0) {
al = SSL_AD_INTERNAL_ERROR; al = SSL_AD_INTERNAL_ERROR;
SSLerr(SSL_F_TLS_POST_PROCESS_CLIENT_HELLO, SSL_R_CERT_CB_ERROR); SSLerr(SSL_F_TLS_POST_PROCESS_CLIENT_HELLO,
SSL_R_CERT_CB_ERROR);
goto f_err; goto f_err;
} }
if (rv < 0) { if (rv < 0) {
@ -1414,17 +1414,19 @@ WORK_STATE tls_post_process_client_hello(SSL *s, WORK_STATE wst)
} }
s->rwstate = SSL_NOTHING; s->rwstate = SSL_NOTHING;
} }
cipher = ssl3_choose_cipher(s, s->session->ciphers, SSL_get_ciphers(s)); cipher =
ssl3_choose_cipher(s, s->session->ciphers, SSL_get_ciphers(s));
if (cipher == NULL) { if (cipher == NULL) {
SSLerr(SSL_F_TLS_POST_PROCESS_CLIENT_HELLO, SSL_R_NO_SHARED_CIPHER); SSLerr(SSL_F_TLS_POST_PROCESS_CLIENT_HELLO,
SSL_R_NO_SHARED_CIPHER);
goto f_err; goto f_err;
} }
s->s3->tmp.new_cipher = cipher; s->s3->tmp.new_cipher = cipher;
/* check whether we should disable session resumption */ /* check whether we should disable session resumption */
if (s->not_resumable_session_cb != NULL) if (s->not_resumable_session_cb != NULL)
s->session->not_resumable = s->not_resumable_session_cb(s, s->session->not_resumable = s->not_resumable_session_cb(s,
((cipher->algorithm_mkey & (SSL_kDHE | SSL_kECDHE)) != 0)); ((cipher->algorithm_mkey & (SSL_kDHE | SSL_kECDHE)) != 0));
if (s->session->not_resumable) if (s->session->not_resumable)
/* do not send a session ticket */ /* do not send a session ticket */
s->tlsext_ticket_expected = 0; s->tlsext_ticket_expected = 0;
@ -1480,7 +1482,7 @@ WORK_STATE tls_post_process_client_hello(SSL *s, WORK_STATE wst)
*/ */
if (al != TLS1_AD_UNKNOWN_PSK_IDENTITY) if (al != TLS1_AD_UNKNOWN_PSK_IDENTITY)
SSLerr(SSL_F_TLS_POST_PROCESS_CLIENT_HELLO, SSLerr(SSL_F_TLS_POST_PROCESS_CLIENT_HELLO,
SSL_R_CLIENTHELLO_TLSEXT); SSL_R_CLIENTHELLO_TLSEXT);
goto f_err; goto f_err;
} }
} }
@ -1799,7 +1801,7 @@ int tls_construct_server_key_exchange(SSL *s)
else else
#endif #endif
#ifndef OPENSSL_NO_DH #ifndef OPENSSL_NO_DH
/* /*-
* for interoperability with some versions of the Microsoft TLS * for interoperability with some versions of the Microsoft TLS
* stack, we need to zero pad the DHE pub key to the same length * stack, we need to zero pad the DHE pub key to the same length
* as the prime, so use the length of the prime here * as the prime, so use the length of the prime here
@ -1811,7 +1813,7 @@ int tls_construct_server_key_exchange(SSL *s)
n += 2 + nr[i]; n += 2 + nr[i];
} }
if (!(s->s3->tmp.new_cipher->algorithm_auth & (SSL_aNULL|SSL_aSRP)) if (!(s->s3->tmp.new_cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP))
&& !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_PSK)) { && !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_PSK)) {
if ((pkey = ssl_get_sign_pkey(s, s->s3->tmp.new_cipher, &md)) if ((pkey = ssl_get_sign_pkey(s, s->s3->tmp.new_cipher, &md))
== NULL) { == NULL) {
@ -1866,7 +1868,7 @@ int tls_construct_server_key_exchange(SSL *s)
} else } else
#endif #endif
#ifndef OPENSSL_NO_DH #ifndef OPENSSL_NO_DH
/* /*-
* for interoperability with some versions of the Microsoft TLS * for interoperability with some versions of the Microsoft TLS
* stack, we need to zero pad the DHE pub key to the same length * stack, we need to zero pad the DHE pub key to the same length
* as the prime * as the prime
@ -1929,13 +1931,13 @@ int tls_construct_server_key_exchange(SSL *s)
fprintf(stderr, "Using hash %s\n", EVP_MD_name(md)); fprintf(stderr, "Using hash %s\n", EVP_MD_name(md));
#endif #endif
if (EVP_SignInit_ex(md_ctx, md, NULL) <= 0 if (EVP_SignInit_ex(md_ctx, md, NULL) <= 0
|| EVP_SignUpdate(md_ctx, &(s->s3->client_random[0]), || EVP_SignUpdate(md_ctx, &(s->s3->client_random[0]),
SSL3_RANDOM_SIZE) <= 0 SSL3_RANDOM_SIZE) <= 0
|| EVP_SignUpdate(md_ctx, &(s->s3->server_random[0]), || EVP_SignUpdate(md_ctx, &(s->s3->server_random[0]),
SSL3_RANDOM_SIZE) <= 0 SSL3_RANDOM_SIZE) <= 0
|| EVP_SignUpdate(md_ctx, d, n) <= 0 || EVP_SignUpdate(md_ctx, d, n) <= 0
|| EVP_SignFinal(md_ctx, &(p[2]), || EVP_SignFinal(md_ctx, &(p[2]),
(unsigned int *)&i, pkey) <= 0) { (unsigned int *)&i, pkey) <= 0) {
SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, ERR_LIB_EVP); SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, ERR_LIB_EVP);
al = SSL_AD_INTERNAL_ERROR; al = SSL_AD_INTERNAL_ERROR;
goto f_err; goto f_err;
@ -2017,10 +2019,8 @@ int tls_construct_certificate_request(SSL *s)
for (i = 0; i < sk_X509_NAME_num(sk); i++) { for (i = 0; i < sk_X509_NAME_num(sk); i++) {
name = sk_X509_NAME_value(sk, i); name = sk_X509_NAME_value(sk, i);
j = i2d_X509_NAME(name, NULL); j = i2d_X509_NAME(name, NULL);
if (!BUF_MEM_grow_clean if (!BUF_MEM_grow_clean(buf, SSL_HM_HEADER_LENGTH(s) + n + j + 2)) {
(buf, SSL_HM_HEADER_LENGTH(s) + n + j + 2)) { SSLerr(SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST, ERR_R_BUF_LIB);
SSLerr(SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST,
ERR_R_BUF_LIB);
goto err; goto err;
} }
p = ssl_handshake_start(s) + n; p = ssl_handshake_start(s) + n;
@ -2066,8 +2066,7 @@ static int tls_process_cke_psk_preamble(SSL *s, PACKET *pkt, int *al)
} }
if (s->psk_server_callback == NULL) { if (s->psk_server_callback == NULL) {
*al = SSL_AD_INTERNAL_ERROR; *al = SSL_AD_INTERNAL_ERROR;
SSLerr(SSL_F_TLS_PROCESS_CKE_PSK_PREAMBLE, SSLerr(SSL_F_TLS_PROCESS_CKE_PSK_PREAMBLE, SSL_R_PSK_NO_SERVER_CB);
SSL_R_PSK_NO_SERVER_CB);
return 0; return 0;
} }
@ -2078,7 +2077,7 @@ static int tls_process_cke_psk_preamble(SSL *s, PACKET *pkt, int *al)
} }
psklen = s->psk_server_callback(s, s->session->psk_identity, psklen = s->psk_server_callback(s, s->session->psk_identity,
psk, sizeof(psk)); psk, sizeof(psk));
if (psklen > PSK_MAX_PSK_LEN) { if (psklen > PSK_MAX_PSK_LEN) {
*al = SSL_AD_INTERNAL_ERROR; *al = SSL_AD_INTERNAL_ERROR;
@ -2115,7 +2114,6 @@ static int tls_process_cke_psk_preamble(SSL *s, PACKET *pkt, int *al)
#endif #endif
} }
static int tls_process_cke_rsa(SSL *s, PACKET *pkt, int *al) static int tls_process_cke_rsa(SSL *s, PACKET *pkt, int *al)
{ {
#ifndef OPENSSL_NO_RSA #ifndef OPENSSL_NO_RSA
@ -2174,8 +2172,7 @@ static int tls_process_cke_rsa(SSL *s, PACKET *pkt, int *al)
* fails. See https://tools.ietf.org/html/rfc5246#section-7.4.7.1 * fails. See https://tools.ietf.org/html/rfc5246#section-7.4.7.1
*/ */
if (RAND_bytes(rand_premaster_secret, if (RAND_bytes(rand_premaster_secret, sizeof(rand_premaster_secret)) <= 0)
sizeof(rand_premaster_secret)) <= 0)
goto err; goto err;
/* /*
@ -2203,7 +2200,7 @@ static int tls_process_cke_rsa(SSL *s, PACKET *pkt, int *al)
padding_len = decrypt_len - SSL_MAX_MASTER_KEY_LENGTH; padding_len = decrypt_len - SSL_MAX_MASTER_KEY_LENGTH;
decrypt_good = constant_time_eq_int_8(rsa_decrypt[0], 0) & decrypt_good = constant_time_eq_int_8(rsa_decrypt[0], 0) &
constant_time_eq_int_8(rsa_decrypt[1], 2); constant_time_eq_int_8(rsa_decrypt[1], 2);
for (j = 2; j < padding_len - 1; j++) { for (j = 2; j < padding_len - 1; j++) {
decrypt_good &= ~constant_time_is_zero_8(rsa_decrypt[j]); decrypt_good &= ~constant_time_is_zero_8(rsa_decrypt[j]);
} }
@ -2419,7 +2416,7 @@ static int tls_process_cke_srp(SSL *s, PACKET *pkt, int *al)
const unsigned char *data; const unsigned char *data;
if (!PACKET_get_net_2(pkt, &i) if (!PACKET_get_net_2(pkt, &i)
|| !PACKET_get_bytes(pkt, &data, i)) { || !PACKET_get_bytes(pkt, &data, i)) {
*al = SSL_AD_DECODE_ERROR; *al = SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_TLS_PROCESS_CKE_SRP, SSL_R_BAD_SRP_A_LENGTH); SSLerr(SSL_F_TLS_PROCESS_CKE_SRP, SSL_R_BAD_SRP_A_LENGTH);
return 0; return 0;
@ -2428,8 +2425,7 @@ static int tls_process_cke_srp(SSL *s, PACKET *pkt, int *al)
SSLerr(SSL_F_TLS_PROCESS_CKE_SRP, ERR_R_BN_LIB); SSLerr(SSL_F_TLS_PROCESS_CKE_SRP, ERR_R_BN_LIB);
return 0; return 0;
} }
if (BN_ucmp(s->srp_ctx.A, s->srp_ctx.N) >= 0 if (BN_ucmp(s->srp_ctx.A, s->srp_ctx.N) >= 0 || BN_is_zero(s->srp_ctx.A)) {
|| BN_is_zero(s->srp_ctx.A)) {
*al = SSL_AD_ILLEGAL_PARAMETER; *al = SSL_AD_ILLEGAL_PARAMETER;
SSLerr(SSL_F_TLS_PROCESS_CKE_SRP, SSL_R_BAD_SRP_PARAMETERS); SSLerr(SSL_F_TLS_PROCESS_CKE_SRP, SSL_R_BAD_SRP_PARAMETERS);
return 0; return 0;
@ -2516,10 +2512,9 @@ static int tls_process_cke_gost(SSL *s, PACKET *pkt, int *al)
SSLerr(SSL_F_TLS_PROCESS_CKE_GOST, ERR_R_INTERNAL_ERROR); SSLerr(SSL_F_TLS_PROCESS_CKE_GOST, ERR_R_INTERNAL_ERROR);
goto err; goto err;
} }
if (ASN1_get_object ((const unsigned char **)&data, &Tlen, &Ttag, if (ASN1_get_object((const unsigned char **)&data, &Tlen, &Ttag,
&Tclass, sess_key_len) != V_ASN1_CONSTRUCTED &Tclass, sess_key_len) != V_ASN1_CONSTRUCTED
|| Ttag != V_ASN1_SEQUENCE || Ttag != V_ASN1_SEQUENCE || Tclass != V_ASN1_UNIVERSAL) {
|| Tclass != V_ASN1_UNIVERSAL) {
*al = SSL_AD_DECODE_ERROR; *al = SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_TLS_PROCESS_CKE_GOST, SSL_R_DECRYPTION_FAILED); SSLerr(SSL_F_TLS_PROCESS_CKE_GOST, SSL_R_DECRYPTION_FAILED);
goto err; goto err;
@ -2571,7 +2566,8 @@ MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt)
/* Identity extracted earlier: should be nothing left */ /* Identity extracted earlier: should be nothing left */
if (PACKET_remaining(pkt) != 0) { if (PACKET_remaining(pkt) != 0) {
al = SSL_AD_HANDSHAKE_FAILURE; al = SSL_AD_HANDSHAKE_FAILURE;
SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, SSL_R_LENGTH_MISMATCH); SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE,
SSL_R_LENGTH_MISMATCH);
goto err; goto err;
} }
/* PSK handled by ssl_generate_master_secret */ /* PSK handled by ssl_generate_master_secret */
@ -2597,7 +2593,8 @@ MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt)
goto err; goto err;
} else { } else {
al = SSL_AD_HANDSHAKE_FAILURE; al = SSL_AD_HANDSHAKE_FAILURE;
SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, SSL_R_UNKNOWN_CIPHER_TYPE); SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE,
SSL_R_UNKNOWN_CIPHER_TYPE);
goto err; goto err;
} }
@ -2628,8 +2625,9 @@ WORK_STATE tls_post_process_client_key_exchange(SSL *s, WORK_STATE wst)
sizeof(DTLS1_SCTP_AUTH_LABEL)); sizeof(DTLS1_SCTP_AUTH_LABEL));
if (SSL_export_keying_material(s, sctpauthkey, if (SSL_export_keying_material(s, sctpauthkey,
sizeof(sctpauthkey), labelbuffer, sizeof(sctpauthkey), labelbuffer,
sizeof(labelbuffer), NULL, 0, 0) <= 0) { sizeof(labelbuffer), NULL, 0,
0) <= 0) {
ossl_statem_set_error(s); ossl_statem_set_error(s);
return WORK_ERROR;; return WORK_ERROR;;
} }
@ -2641,13 +2639,13 @@ WORK_STATE tls_post_process_client_key_exchange(SSL *s, WORK_STATE wst)
} }
if ((wst == WORK_MORE_B) if ((wst == WORK_MORE_B)
/* Is this SCTP? */ /* Is this SCTP? */
&& BIO_dgram_is_sctp(SSL_get_wbio(s)) && BIO_dgram_is_sctp(SSL_get_wbio(s))
/* Are we renegotiating? */ /* Are we renegotiating? */
&& s->renegotiate && s->renegotiate
/* Are we going to skip the CertificateVerify? */ /* Are we going to skip the CertificateVerify? */
&& (s->session->peer == NULL || s->statem.no_cert_verify) && (s->session->peer == NULL || s->statem.no_cert_verify)
&& BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s))) { && BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s))) {
s->s3->in_read_app_data = 2; s->s3->in_read_app_data = 2;
s->rwstate = SSL_READING; s->rwstate = SSL_READING;
BIO_clear_retry_flags(SSL_get_rbio(s)); BIO_clear_retry_flags(SSL_get_rbio(s));
@ -2660,8 +2658,9 @@ WORK_STATE tls_post_process_client_key_exchange(SSL *s, WORK_STATE wst)
#endif #endif
if (s->statem.no_cert_verify || !s->session->peer) { if (s->statem.no_cert_verify || !s->session->peer) {
/* No certificate verify or no peer certificate so we no longer need the /*
* handshake_buffer * No certificate verify or no peer certificate so we no longer need
* the handshake_buffer
*/ */
if (!ssl3_digest_cached_records(s, 0)) { if (!ssl3_digest_cached_records(s, 0)) {
ossl_statem_set_error(s); ossl_statem_set_error(s);
@ -2771,7 +2770,7 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt)
} }
j = EVP_PKEY_size(pkey); j = EVP_PKEY_size(pkey);
if (((int)len > j) || ((int)PACKET_remaining(pkt) > j) if (((int)len > j) || ((int)PACKET_remaining(pkt) > j)
|| (PACKET_remaining(pkt) == 0)) { || (PACKET_remaining(pkt) == 0)) {
SSLerr(SSL_F_TLS_PROCESS_CERT_VERIFY, SSL_R_WRONG_SIGNATURE_SIZE); SSLerr(SSL_F_TLS_PROCESS_CERT_VERIFY, SSL_R_WRONG_SIGNATURE_SIZE);
al = SSL_AD_DECODE_ERROR; al = SSL_AD_DECODE_ERROR;
goto f_err; goto f_err;
@ -2797,7 +2796,6 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt)
al = SSL_AD_INTERNAL_ERROR; al = SSL_AD_INTERNAL_ERROR;
goto f_err; goto f_err;
} }
#ifndef OPENSSL_NO_GOST #ifndef OPENSSL_NO_GOST
{ {
int pktype = EVP_PKEY_id(pkey); int pktype = EVP_PKEY_id(pkey);
@ -2860,8 +2858,8 @@ MSG_PROCESS_RETURN tls_process_client_certificate(SSL *s, PACKET *pkt)
} }
if (!PACKET_get_net_3(pkt, &llen) if (!PACKET_get_net_3(pkt, &llen)
|| !PACKET_get_sub_packet(pkt, &spkt, llen) || !PACKET_get_sub_packet(pkt, &spkt, llen)
|| PACKET_remaining(pkt) != 0) { || PACKET_remaining(pkt) != 0) {
al = SSL_AD_DECODE_ERROR; al = SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE, SSL_R_LENGTH_MISMATCH); SSLerr(SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE, SSL_R_LENGTH_MISMATCH);
goto f_err; goto f_err;
@ -2869,7 +2867,7 @@ MSG_PROCESS_RETURN tls_process_client_certificate(SSL *s, PACKET *pkt)
while (PACKET_remaining(&spkt) > 0) { while (PACKET_remaining(&spkt) > 0) {
if (!PACKET_get_net_3(&spkt, &l) if (!PACKET_get_net_3(&spkt, &l)
|| !PACKET_get_bytes(&spkt, &certbytes, l)) { || !PACKET_get_bytes(&spkt, &certbytes, l)) {
al = SSL_AD_DECODE_ERROR; al = SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE, SSLerr(SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE,
SSL_R_CERT_LENGTH_MISMATCH); SSL_R_CERT_LENGTH_MISMATCH);
@ -3065,9 +3063,10 @@ int tls_construct_new_session_ticket(SSL *s)
hctx, 1); hctx, 1);
if (ret == 0) { if (ret == 0) {
l2n(0, p); /* timeout */ l2n(0, p); /* timeout */
s2n(0, p); /* length */ s2n(0, p); /* length */
if (!ssl_set_handshake_header(s, SSL3_MT_NEWSESSION_TICKET, p - ssl_handshake_start(s))) if (!ssl_set_handshake_header
(s, SSL3_MT_NEWSESSION_TICKET, p - ssl_handshake_start(s)))
goto err; goto err;
OPENSSL_free(senc); OPENSSL_free(senc);
EVP_CIPHER_CTX_free(ctx); EVP_CIPHER_CTX_free(ctx);
@ -3205,8 +3204,7 @@ MSG_PROCESS_RETURN tls_process_next_proto(SSL *s, PACKET *pkt)
goto err; goto err;
} }
if (!PACKET_memdup(&next_proto, &s->next_proto_negotiated, if (!PACKET_memdup(&next_proto, &s->next_proto_negotiated, &next_proto_len)) {
&next_proto_len)) {
s->next_proto_negotiated_len = 0; s->next_proto_negotiated_len = 0;
goto err; goto err;
} }
@ -3214,7 +3212,7 @@ MSG_PROCESS_RETURN tls_process_next_proto(SSL *s, PACKET *pkt)
s->next_proto_negotiated_len = (unsigned char)next_proto_len; s->next_proto_negotiated_len = (unsigned char)next_proto_len;
return MSG_PROCESS_CONTINUE_READING; return MSG_PROCESS_CONTINUE_READING;
err: err:
ossl_statem_set_error(s); ossl_statem_set_error(s);
return MSG_PROCESS_ERROR; return MSG_PROCESS_ERROR;
} }
@ -3225,8 +3223,7 @@ err:
STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s, STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,
PACKET *cipher_suites, PACKET *cipher_suites,
STACK_OF(SSL_CIPHER) **skp, STACK_OF(SSL_CIPHER) **skp,
int sslv2format, int *al int sslv2format, int *al)
)
{ {
const SSL_CIPHER *c; const SSL_CIPHER *c;
STACK_OF(SSL_CIPHER) *sk; STACK_OF(SSL_CIPHER) *sk;
@ -3276,7 +3273,7 @@ STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,
* first byte. We don't support any true SSLv2 ciphers, so skip them. * first byte. We don't support any true SSLv2 ciphers, so skip them.
*/ */
if (sslv2format && cipher[0] != '\0') if (sslv2format && cipher[0] != '\0')
continue; continue;
/* Check for TLS_EMPTY_RENEGOTIATION_INFO_SCSV */ /* Check for TLS_EMPTY_RENEGOTIATION_INFO_SCSV */
if ((cipher[n - 2] == ((SSL3_CK_SCSV >> 8) & 0xff)) && if ((cipher[n - 2] == ((SSL3_CK_SCSV >> 8) & 0xff)) &&

24
ssl/t1_enc.c
View File

@ -83,7 +83,7 @@ static int tls1_PRF(SSL *s,
goto err; goto err;
ret = 1; ret = 1;
err: err:
EVP_PKEY_CTX_free(pctx); EVP_PKEY_CTX_free(pctx);
return ret; return ret;
} }
@ -253,7 +253,7 @@ int tls1_change_cipher_state(SSL *s, int which)
mac_key = EVP_PKEY_new_mac_key(mac_type, NULL, mac_key = EVP_PKEY_new_mac_key(mac_type, NULL,
mac_secret, *mac_secret_size); mac_secret, *mac_secret_size);
if (mac_key == NULL if (mac_key == NULL
|| EVP_DigestSignInit(mac_ctx, NULL, m, NULL, mac_key) <= 0) { || EVP_DigestSignInit(mac_ctx, NULL, m, NULL, mac_key) <= 0) {
EVP_PKEY_free(mac_key); EVP_PKEY_free(mac_key);
SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR); SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR);
goto err2; goto err2;
@ -277,7 +277,8 @@ int tls1_change_cipher_state(SSL *s, int which)
} }
} else if (EVP_CIPHER_mode(c) == EVP_CIPH_CCM_MODE) { } else if (EVP_CIPHER_mode(c) == EVP_CIPH_CCM_MODE) {
int taglen; int taglen;
if (s->s3->tmp.new_cipher->algorithm_enc & (SSL_AES128CCM8|SSL_AES256CCM8)) if (s->s3->tmp.
new_cipher->algorithm_enc & (SSL_AES128CCM8 | SSL_AES256CCM8))
taglen = 8; taglen = 8;
else else
taglen = 16; taglen = 16;
@ -377,8 +378,7 @@ int tls1_setup_key_block(SSL *s)
s->s3->tmp.new_hash = hash; s->s3->tmp.new_hash = hash;
s->s3->tmp.new_mac_pkey_type = mac_type; s->s3->tmp.new_mac_pkey_type = mac_type;
s->s3->tmp.new_mac_secret_size = mac_secret_size; s->s3->tmp.new_mac_secret_size = mac_secret_size;
num = num = EVP_CIPHER_key_length(c) + mac_secret_size + EVP_CIPHER_iv_length(c);
EVP_CIPHER_key_length(c) + mac_secret_size + EVP_CIPHER_iv_length(c);
num *= 2; num *= 2;
ssl3_cleanup_key_block(s); ssl3_cleanup_key_block(s);
@ -449,8 +449,7 @@ int tls1_setup_key_block(SSL *s)
return (ret); return (ret);
} }
int tls1_final_finish_mac(SSL *s, const char *str, int slen, int tls1_final_finish_mac(SSL *s, const char *str, int slen, unsigned char *out)
unsigned char *out)
{ {
int hashlen; int hashlen;
unsigned char hash[EVP_MAX_MD_SIZE]; unsigned char hash[EVP_MAX_MD_SIZE];
@ -477,10 +476,10 @@ int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
if (s->session->flags & SSL_SESS_FLAG_EXTMS) { if (s->session->flags & SSL_SESS_FLAG_EXTMS) {
unsigned char hash[EVP_MAX_MD_SIZE * 2]; unsigned char hash[EVP_MAX_MD_SIZE * 2];
int hashlen; int hashlen;
/* Digest cached records keeping record buffer (if present): /*
* this won't affect client auth because we're freezing the buffer * Digest cached records keeping record buffer (if present): this wont
* at the same point (after client key exchange and before certificate * affect client auth because we're freezing the buffer at the same
* verify) * point (after client key exchange and before certificate verify)
*/ */
if (!ssl3_digest_cached_records(s, 1)) if (!ssl3_digest_cached_records(s, 1))
return -1; return -1;
@ -611,8 +610,7 @@ int tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen,
goto ret; goto ret;
err1: err1:
SSLerr(SSL_F_TLS1_EXPORT_KEYING_MATERIAL, SSLerr(SSL_F_TLS1_EXPORT_KEYING_MATERIAL, SSL_R_TLS_ILLEGAL_EXPORTER_LABEL);
SSL_R_TLS_ILLEGAL_EXPORTER_LABEL);
rv = 0; rv = 0;
goto ret; goto ret;
err2: err2:

12
ssl/t1_ext.c
View File

@ -12,7 +12,6 @@
#include <openssl/ct.h> #include <openssl/ct.h>
#include "ssl_locl.h" #include "ssl_locl.h"
/* Find a custom extension from the list. */ /* Find a custom extension from the list. */
static custom_ext_method *custom_ext_find(const custom_ext_methods *exts, static custom_ext_method *custom_ext_find(const custom_ext_methods *exts,
unsigned int ext_type) unsigned int ext_type)
@ -68,8 +67,7 @@ int custom_ext_parse(SSL *s, int server,
if (!meth->parse_cb) if (!meth->parse_cb)
return 1; return 1;
return meth->parse_cb(s, ext_type, ext_data, ext_size, al, return meth->parse_cb(s, ext_type, ext_data, ext_size, al, meth->parse_arg);
meth->parse_arg);
} }
/* /*
@ -139,7 +137,7 @@ int custom_exts_copy(custom_ext_methods *dst, const custom_ext_methods *src)
if (src->meths_count) { if (src->meths_count) {
dst->meths = dst->meths =
OPENSSL_memdup(src->meths, OPENSSL_memdup(src->meths,
sizeof(custom_ext_method) * src->meths_count); sizeof(custom_ext_method) * src->meths_count);
if (dst->meths == NULL) if (dst->meths == NULL)
return 0; return 0;
dst->meths_count = src->meths_count; dst->meths_count = src->meths_count;
@ -214,8 +212,7 @@ int SSL_CTX_add_client_custom_ext(SSL_CTX *ctx, unsigned int ext_type,
custom_ext_add_cb add_cb, custom_ext_add_cb add_cb,
custom_ext_free_cb free_cb, custom_ext_free_cb free_cb,
void *add_arg, void *add_arg,
custom_ext_parse_cb parse_cb, custom_ext_parse_cb parse_cb, void *parse_arg)
void *parse_arg)
{ {
#ifndef OPENSSL_NO_CT #ifndef OPENSSL_NO_CT
/* /*
@ -235,8 +232,7 @@ int SSL_CTX_add_server_custom_ext(SSL_CTX *ctx, unsigned int ext_type,
custom_ext_add_cb add_cb, custom_ext_add_cb add_cb,
custom_ext_free_cb free_cb, custom_ext_free_cb free_cb,
void *add_arg, void *add_arg,
custom_ext_parse_cb parse_cb, custom_ext_parse_cb parse_cb, void *parse_arg)
void *parse_arg)
{ {
return custom_ext_meth_add(&ctx->cert->srv_ext, ext_type, return custom_ext_meth_add(&ctx->cert->srv_ext, ext_type,
add_cb, free_cb, add_arg, parse_cb, parse_arg); add_cb, free_cb, add_arg, parse_cb, parse_arg);

181
ssl/t1_lib.c
View File

@ -209,7 +209,6 @@ static const unsigned char eccurves_all[] = {
0, 3, /* sect163r2 (3) */ 0, 3, /* sect163r2 (3) */
}; };
static const unsigned char suiteb_curves[] = { static const unsigned char suiteb_curves[] = {
0, TLSEXT_curve_P_256, 0, TLSEXT_curve_P_256,
0, TLSEXT_curve_P_384 0, TLSEXT_curve_P_384
@ -250,8 +249,7 @@ int tls1_ec_nid2curve_id(int nid)
* so cannot happen in the 1.0.x series.) * so cannot happen in the 1.0.x series.)
*/ */
static int tls1_get_curvelist(SSL *s, int sess, static int tls1_get_curvelist(SSL *s, int sess,
const unsigned char **pcurves, const unsigned char **pcurves, size_t *num_curves)
size_t *num_curves)
{ {
size_t pcurveslen = 0; size_t pcurveslen = 0;
if (sess) { if (sess) {
@ -384,8 +382,7 @@ int tls1_shared_curve(SSL *s, int nmatch)
/* In practice, NID_undef == 0 but let's be precise. */ /* In practice, NID_undef == 0 but let's be precise. */
return nmatch == -1 ? 0 : NID_undef; return nmatch == -1 ? 0 : NID_undef;
if (!tls1_get_curvelist if (!tls1_get_curvelist
(s, !(s->options & SSL_OP_CIPHER_SERVER_PREFERENCE), &pref, (s, !(s->options & SSL_OP_CIPHER_SERVER_PREFERENCE), &pref, &num_pref))
&num_pref))
return nmatch == -1 ? 0 : NID_undef; return nmatch == -1 ? 0 : NID_undef;
/* /*
@ -396,7 +393,7 @@ int tls1_shared_curve(SSL *s, int nmatch)
supp = eccurves_all; supp = eccurves_all;
num_supp = sizeof(eccurves_all) / 2; num_supp = sizeof(eccurves_all) / 2;
} else if (num_pref == 0 && } else if (num_pref == 0 &&
(s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) == 0) { (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) == 0) {
pref = eccurves_all; pref = eccurves_all;
num_pref = sizeof(eccurves_all) / 2; num_pref = sizeof(eccurves_all) / 2;
} }
@ -489,8 +486,7 @@ static int nid_cb(const char *elem, int len, void *arg)
} }
/* Set curves based on a colon separate list */ /* Set curves based on a colon separate list */
int tls1_set_curves_list(unsigned char **pext, size_t *pextlen, int tls1_set_curves_list(unsigned char **pext, size_t *pextlen, const char *str)
const char *str)
{ {
nid_cb_st ncb; nid_cb_st ncb;
ncb.nidcnt = 0; ncb.nidcnt = 0;
@ -716,19 +712,19 @@ static int tls1_check_cert_param(SSL *s, X509 *x, int set_ee_md)
*/ */
#ifdef OPENSSL_NO_RSA #ifdef OPENSSL_NO_RSA
# define tlsext_sigalg_rsa(md) /* */ # define tlsext_sigalg_rsa(md) /* */
#else #else
# define tlsext_sigalg_rsa(md) md, TLSEXT_signature_rsa, # define tlsext_sigalg_rsa(md) md, TLSEXT_signature_rsa,
#endif #endif
#ifdef OPENSSL_NO_DSA #ifdef OPENSSL_NO_DSA
# define tlsext_sigalg_dsa(md) /* */ # define tlsext_sigalg_dsa(md) /* */
#else #else
# define tlsext_sigalg_dsa(md) md, TLSEXT_signature_dsa, # define tlsext_sigalg_dsa(md) md, TLSEXT_signature_dsa,
#endif #endif
#ifdef OPENSSL_NO_EC #ifdef OPENSSL_NO_EC
# define tlsext_sigalg_ecdsa(md) /* */ # define tlsext_sigalg_ecdsa(md)/* */
#else #else
# define tlsext_sigalg_ecdsa(md) md, TLSEXT_signature_ecdsa, # define tlsext_sigalg_ecdsa(md) md, TLSEXT_signature_ecdsa,
#endif #endif
@ -746,8 +742,8 @@ static const unsigned char tls12_sigalgs[] = {
tlsext_sigalg(TLSEXT_hash_sha1) tlsext_sigalg(TLSEXT_hash_sha1)
#ifndef OPENSSL_NO_GOST #ifndef OPENSSL_NO_GOST
TLSEXT_hash_gostr3411, TLSEXT_signature_gostr34102001, TLSEXT_hash_gostr3411, TLSEXT_signature_gostr34102001,
TLSEXT_hash_gostr34112012_256, TLSEXT_signature_gostr34102012_256, TLSEXT_hash_gostr34112012_256, TLSEXT_signature_gostr34102012_256,
TLSEXT_hash_gostr34112012_512, TLSEXT_signature_gostr34102012_512 TLSEXT_hash_gostr34112012_512, TLSEXT_signature_gostr34102012_512
#endif #endif
}; };
@ -862,8 +858,7 @@ int tls12_check_peer_sigalg(const EVP_MD **pmd, SSL *s,
} }
/* Make sure security callback allows algorithm */ /* Make sure security callback allows algorithm */
if (!ssl_security(s, SSL_SECOP_SIGALG_CHECK, if (!ssl_security(s, SSL_SECOP_SIGALG_CHECK,
EVP_MD_size(*pmd) * 4, EVP_MD_type(*pmd), EVP_MD_size(*pmd) * 4, EVP_MD_type(*pmd), (void *)sig)) {
(void *)sig)) {
SSLerr(SSL_F_TLS12_CHECK_PEER_SIGALG, SSL_R_WRONG_SIGNATURE_TYPE); SSLerr(SSL_F_TLS12_CHECK_PEER_SIGALG, SSL_R_WRONG_SIGNATURE_TYPE);
return 0; return 0;
} }
@ -890,13 +885,13 @@ void ssl_set_client_disabled(SSL *s)
s->s3->tmp.mask_k = 0; s->s3->tmp.mask_k = 0;
ssl_set_sig_mask(&s->s3->tmp.mask_a, s, SSL_SECOP_SIGALG_MASK); ssl_set_sig_mask(&s->s3->tmp.mask_a, s, SSL_SECOP_SIGALG_MASK);
ssl_get_client_min_max_version(s, &s->s3->tmp.min_ver, &s->s3->tmp.max_ver); ssl_get_client_min_max_version(s, &s->s3->tmp.min_ver, &s->s3->tmp.max_ver);
# ifndef OPENSSL_NO_PSK #ifndef OPENSSL_NO_PSK
/* with PSK there must be client callback set */ /* with PSK there must be client callback set */
if (!s->psk_client_callback) { if (!s->psk_client_callback) {
s->s3->tmp.mask_a |= SSL_aPSK; s->s3->tmp.mask_a |= SSL_aPSK;
s->s3->tmp.mask_k |= SSL_PSK; s->s3->tmp.mask_k |= SSL_PSK;
} }
#endif /* OPENSSL_NO_PSK */ #endif /* OPENSSL_NO_PSK */
#ifndef OPENSSL_NO_SRP #ifndef OPENSSL_NO_SRP
if (!(s->srp_ctx.srp_Mask & SSL_kSRP)) { if (!(s->srp_ctx.srp_Mask & SSL_kSRP)) {
s->s3->tmp.mask_a |= SSL_aSRP; s->s3->tmp.mask_a |= SSL_aSRP;
@ -921,10 +916,10 @@ int ssl_cipher_disabled(SSL *s, const SSL_CIPHER *c, int op)
if (s->s3->tmp.max_ver == 0) if (s->s3->tmp.max_ver == 0)
return 1; return 1;
if (!SSL_IS_DTLS(s) && ((c->min_tls > s->s3->tmp.max_ver) if (!SSL_IS_DTLS(s) && ((c->min_tls > s->s3->tmp.max_ver)
|| (c->max_tls < s->s3->tmp.min_ver))) || (c->max_tls < s->s3->tmp.min_ver)))
return 1; return 1;
if (SSL_IS_DTLS(s) && (DTLS_VERSION_GT(c->min_dtls, s->s3->tmp.max_ver) if (SSL_IS_DTLS(s) && (DTLS_VERSION_GT(c->min_dtls, s->s3->tmp.max_ver)
|| DTLS_VERSION_LT(c->max_dtls, s->s3->tmp.min_ver))) || DTLS_VERSION_LT(c->max_dtls, s->s3->tmp.min_ver)))
return 1; return 1;
return !ssl_security(s, op, c->strength_bits, 0, (void *)c); return !ssl_security(s, op, c->strength_bits, 0, (void *)c);
@ -937,7 +932,8 @@ static int tls_use_ticket(SSL *s)
return ssl_security(s, SSL_SECOP_TICKET, 0, 0, NULL); return ssl_security(s, SSL_SECOP_TICKET, 0, 0, NULL);
} }
static int compare_uint(const void *p1, const void *p2) { static int compare_uint(const void *p1, const void *p2)
{
unsigned int u1 = *((const unsigned int *)p1); unsigned int u1 = *((const unsigned int *)p1);
unsigned int u2 = *((const unsigned int *)p2); unsigned int u2 = *((const unsigned int *)p2);
if (u1 < u2) if (u1 < u2)
@ -956,7 +952,8 @@ static int compare_uint(const void *p1, const void *p2) {
* contain duplicates, could not be successfully parsed, or an internal error * contain duplicates, could not be successfully parsed, or an internal error
* occurred. * occurred.
*/ */
static int tls1_check_duplicate_extensions(const PACKET *packet) { static int tls1_check_duplicate_extensions(const PACKET *packet)
{
PACKET extensions = *packet; PACKET extensions = *packet;
size_t num_extensions = 0, i = 0; size_t num_extensions = 0, i = 0;
unsigned int *extension_types = NULL; unsigned int *extension_types = NULL;
@ -1030,7 +1027,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf,
alg_k = c->algorithm_mkey; alg_k = c->algorithm_mkey;
alg_a = c->algorithm_auth; alg_a = c->algorithm_auth;
if ((alg_k & (SSL_kECDHE | SSL_kECDHEPSK)) if ((alg_k & (SSL_kECDHE | SSL_kECDHEPSK))
|| (alg_a & SSL_aECDSA)) { || (alg_a & SSL_aECDSA)) {
using_ecc = 1; using_ecc = 1;
break; break;
} }
@ -1084,8 +1081,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf,
*/ */
if ((lenmax = limit - ret - 9) < 0 if ((lenmax = limit - ret - 9) < 0
|| (size_str = || (size_str = strlen(s->tlsext_hostname)) > (unsigned long)lenmax)
strlen(s->tlsext_hostname)) > (unsigned long)lenmax)
return NULL; return NULL;
/* extension type and length */ /* extension type and length */
@ -1191,7 +1187,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf,
s2n(curves_list_len, ret); s2n(curves_list_len, ret);
ret += curves_list_len; ret += curves_list_len;
} }
#endif /* OPENSSL_NO_EC */ #endif /* OPENSSL_NO_EC */
if (tls_use_ticket(s)) { if (tls_use_ticket(s)) {
int ticklen; int ticklen;
@ -1243,7 +1239,6 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf,
s2n(salglen, etmp); s2n(salglen, etmp);
ret += salglen; ret += salglen;
} }
#ifndef OPENSSL_NO_OCSP #ifndef OPENSSL_NO_OCSP
if (s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp) { if (s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp) {
int i; int i;
@ -1491,7 +1486,7 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf,
* Currently the server should not respond with a SupportedCurves * Currently the server should not respond with a SupportedCurves
* extension * extension
*/ */
#endif /* OPENSSL_NO_EC */ #endif /* OPENSSL_NO_EC */
if (s->tlsext_ticket_expected && tls_use_ticket(s)) { if (s->tlsext_ticket_expected && tls_use_ticket(s)) {
if ((long)(limit - ret - 4) < 0) if ((long)(limit - ret - 4) < 0)
@ -1499,7 +1494,10 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf,
s2n(TLSEXT_TYPE_session_ticket, ret); s2n(TLSEXT_TYPE_session_ticket, ret);
s2n(0, ret); s2n(0, ret);
} else { } else {
/* if we don't add the above TLSEXT, we can't add a session ticket later */ /*
* if we don't add the above TLSEXT, we can't add a session ticket
* later
*/
s->tlsext_ticket_expected = 0; s->tlsext_ticket_expected = 0;
} }
@ -1509,7 +1507,6 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf,
s2n(TLSEXT_TYPE_status_request, ret); s2n(TLSEXT_TYPE_status_request, ret);
s2n(0, ret); s2n(0, ret);
} }
#ifndef OPENSSL_NO_SRTP #ifndef OPENSSL_NO_SRTP
if (SSL_IS_DTLS(s) && s->srtp_profile) { if (SSL_IS_DTLS(s) && s->srtp_profile) {
int el; int el;
@ -1664,8 +1661,7 @@ static int tls1_alpn_handle_client_hello(SSL *s, PACKET *pkt, int *al)
} while (PACKET_remaining(&protocol_list) != 0); } while (PACKET_remaining(&protocol_list) != 0);
if (!PACKET_memdup(&save_protocol_list, if (!PACKET_memdup(&save_protocol_list,
&s->s3->alpn_proposed, &s->s3->alpn_proposed, &s->s3->alpn_proposed_len)) {
&s->s3->alpn_proposed_len)) {
*al = TLS1_AD_INTERNAL_ERROR; *al = TLS1_AD_INTERNAL_ERROR;
return 0; return 0;
} }
@ -1773,7 +1769,7 @@ static void ssl_check_for_safari(SSL *s, const PACKET *pkt)
s->s3->is_probably_safari = PACKET_equal(&tmppkt, kSafariExtensionsBlock, s->s3->is_probably_safari = PACKET_equal(&tmppkt, kSafariExtensionsBlock,
ext_len); ext_len);
} }
#endif /* !OPENSSL_NO_EC */ #endif /* !OPENSSL_NO_EC */
/* /*
* Parse ClientHello extensions and stash extension info in various parts of * Parse ClientHello extensions and stash extension info in various parts of
@ -1813,7 +1809,7 @@ static int ssl_scan_clienthello_tlsext(SSL *s, PACKET *pkt, int *al)
#ifndef OPENSSL_NO_EC #ifndef OPENSSL_NO_EC
if (s->options & SSL_OP_SAFARI_ECDHE_ECDSA_BUG) if (s->options & SSL_OP_SAFARI_ECDHE_ECDSA_BUG)
ssl_check_for_safari(s, pkt); ssl_check_for_safari(s, pkt);
# endif /* !OPENSSL_NO_EC */ #endif /* !OPENSSL_NO_EC */
/* Clear any signature algorithms extension received */ /* Clear any signature algorithms extension received */
OPENSSL_free(s->s3->tmp.peer_sigalgs); OPENSSL_free(s->s3->tmp.peer_sigalgs);
@ -1962,8 +1958,7 @@ static int ssl_scan_clienthello_tlsext(SSL *s, PACKET *pkt, int *al)
else if (type == TLSEXT_TYPE_ec_point_formats) { else if (type == TLSEXT_TYPE_ec_point_formats) {
PACKET ec_point_format_list; PACKET ec_point_format_list;
if (!PACKET_as_length_prefixed_1(&extension, if (!PACKET_as_length_prefixed_1(&extension, &ec_point_format_list)
&ec_point_format_list)
|| PACKET_remaining(&ec_point_format_list) == 0) { || PACKET_remaining(&ec_point_format_list) == 0) {
return 0; return 0;
} }
@ -1971,7 +1966,8 @@ static int ssl_scan_clienthello_tlsext(SSL *s, PACKET *pkt, int *al)
if (!s->hit) { if (!s->hit) {
if (!PACKET_memdup(&ec_point_format_list, if (!PACKET_memdup(&ec_point_format_list,
&s->session->tlsext_ecpointformatlist, &s->session->tlsext_ecpointformatlist,
&s->session->tlsext_ecpointformatlist_length)) { &s->
session->tlsext_ecpointformatlist_length)) {
*al = TLS1_AD_INTERNAL_ERROR; *al = TLS1_AD_INTERNAL_ERROR;
return 0; return 0;
} }
@ -1980,8 +1976,7 @@ static int ssl_scan_clienthello_tlsext(SSL *s, PACKET *pkt, int *al)
PACKET elliptic_curve_list; PACKET elliptic_curve_list;
/* Each NamedCurve is 2 bytes and we must have at least 1. */ /* Each NamedCurve is 2 bytes and we must have at least 1. */
if (!PACKET_as_length_prefixed_2(&extension, if (!PACKET_as_length_prefixed_2(&extension, &elliptic_curve_list)
&elliptic_curve_list)
|| PACKET_remaining(&elliptic_curve_list) == 0 || PACKET_remaining(&elliptic_curve_list) == 0
|| (PACKET_remaining(&elliptic_curve_list) % 2) != 0) { || (PACKET_remaining(&elliptic_curve_list) % 2) != 0) {
return 0; return 0;
@ -1990,18 +1985,20 @@ static int ssl_scan_clienthello_tlsext(SSL *s, PACKET *pkt, int *al)
if (!s->hit) { if (!s->hit) {
if (!PACKET_memdup(&elliptic_curve_list, if (!PACKET_memdup(&elliptic_curve_list,
&s->session->tlsext_ellipticcurvelist, &s->session->tlsext_ellipticcurvelist,
&s->session->tlsext_ellipticcurvelist_length)) { &s->
session->tlsext_ellipticcurvelist_length)) {
*al = TLS1_AD_INTERNAL_ERROR; *al = TLS1_AD_INTERNAL_ERROR;
return 0; return 0;
} }
} }
} }
#endif /* OPENSSL_NO_EC */ #endif /* OPENSSL_NO_EC */
else if (type == TLSEXT_TYPE_session_ticket) { else if (type == TLSEXT_TYPE_session_ticket) {
if (s->tls_session_ticket_ext_cb && if (s->tls_session_ticket_ext_cb &&
!s->tls_session_ticket_ext_cb(s, PACKET_data(&extension), !s->tls_session_ticket_ext_cb(s, PACKET_data(&extension),
PACKET_remaining(&extension), PACKET_remaining(&extension),
s->tls_session_ticket_ext_cb_arg)) { s->tls_session_ticket_ext_cb_arg))
{
*al = TLS1_AD_INTERNAL_ERROR; *al = TLS1_AD_INTERNAL_ERROR;
return 0; return 0;
} }
@ -2014,7 +2011,7 @@ static int ssl_scan_clienthello_tlsext(SSL *s, PACKET *pkt, int *al)
return 0; return 0;
} }
if (!s->hit) { if (!s->hit) {
if (!tls1_save_sigalgs(s, PACKET_data(&supported_sig_algs), if (!tls1_save_sigalgs(s, PACKET_data(&supported_sig_algs),
PACKET_remaining(&supported_sig_algs))) { PACKET_remaining(&supported_sig_algs))) {
return 0; return 0;
@ -2025,12 +2022,12 @@ static int ssl_scan_clienthello_tlsext(SSL *s, PACKET *pkt, int *al)
(unsigned int *)&s->tlsext_status_type)) { (unsigned int *)&s->tlsext_status_type)) {
return 0; return 0;
} }
#ifndef OPENSSL_NO_OCSP #ifndef OPENSSL_NO_OCSP
if (s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp) { if (s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp) {
const unsigned char *ext_data; const unsigned char *ext_data;
PACKET responder_id_list, exts; PACKET responder_id_list, exts;
if (!PACKET_get_length_prefixed_2(&extension, &responder_id_list)) if (!PACKET_get_length_prefixed_2
(&extension, &responder_id_list))
return 0; return 0;
while (PACKET_remaining(&responder_id_list) > 0) { while (PACKET_remaining(&responder_id_list) > 0) {
@ -2099,7 +2096,7 @@ static int ssl_scan_clienthello_tlsext(SSL *s, PACKET *pkt, int *al)
unsigned int hbtype; unsigned int hbtype;
if (!PACKET_get_1(&extension, &hbtype) if (!PACKET_get_1(&extension, &hbtype)
|| PACKET_remaining(&extension)) { || PACKET_remaining(&extension)) {
*al = SSL_AD_DECODE_ERROR; *al = SSL_AD_DECODE_ERROR;
return 0; return 0;
} }
@ -2177,7 +2174,9 @@ static int ssl_scan_clienthello_tlsext(SSL *s, PACKET *pkt, int *al)
} }
if (PACKET_remaining(pkt) != 0) { if (PACKET_remaining(pkt) != 0) {
/* tls1_check_duplicate_extensions should ensure this never happens. */ /*
* tls1_check_duplicate_extensions should ensure this never happens.
*/
*al = SSL_AD_INTERNAL_ERROR; *al = SSL_AD_INTERNAL_ERROR;
return 0; return 0;
} }
@ -2230,7 +2229,7 @@ static char ssl_next_proto_validate(PACKET *pkt)
while (PACKET_remaining(pkt)) { while (PACKET_remaining(pkt)) {
if (!PACKET_get_length_prefixed_1(pkt, &tmp_protocol) if (!PACKET_get_length_prefixed_1(pkt, &tmp_protocol)
|| PACKET_remaining(&tmp_protocol) == 0) || PACKET_remaining(&tmp_protocol) == 0)
return 0; return 0;
} }
@ -2278,7 +2277,7 @@ static int ssl_scan_serverhello_tlsext(SSL *s, PACKET *pkt, int *al)
PACKET spkt; PACKET spkt;
if (!PACKET_get_sub_packet(pkt, &spkt, size) if (!PACKET_get_sub_packet(pkt, &spkt, size)
|| !PACKET_peek_bytes(&spkt, &data, size)) || !PACKET_peek_bytes(&spkt, &data, size))
goto ri_check; goto ri_check;
if (s->tlsext_debug_cb) if (s->tlsext_debug_cb)
@ -2300,7 +2299,7 @@ static int ssl_scan_serverhello_tlsext(SSL *s, PACKET *pkt, int *al)
else if (type == TLSEXT_TYPE_ec_point_formats) { else if (type == TLSEXT_TYPE_ec_point_formats) {
unsigned int ecpointformatlist_length; unsigned int ecpointformatlist_length;
if (!PACKET_get_1(&spkt, &ecpointformatlist_length) if (!PACKET_get_1(&spkt, &ecpointformatlist_length)
|| ecpointformatlist_length != size - 1) { || ecpointformatlist_length != size - 1) {
*al = TLS1_AD_DECODE_ERROR; *al = TLS1_AD_DECODE_ERROR;
return 0; return 0;
} }
@ -2323,7 +2322,7 @@ static int ssl_scan_serverhello_tlsext(SSL *s, PACKET *pkt, int *al)
} }
} }
#endif /* OPENSSL_NO_EC */ #endif /* OPENSSL_NO_EC */
else if (type == TLSEXT_TYPE_session_ticket) { else if (type == TLSEXT_TYPE_session_ticket) {
if (s->tls_session_ticket_ext_cb && if (s->tls_session_ticket_ext_cb &&
@ -2338,8 +2337,7 @@ static int ssl_scan_serverhello_tlsext(SSL *s, PACKET *pkt, int *al)
return 0; return 0;
} }
s->tlsext_ticket_expected = 1; s->tlsext_ticket_expected = 1;
} } else if (type == TLSEXT_TYPE_status_request) {
else if (type == TLSEXT_TYPE_status_request) {
/* /*
* MUST be empty and only sent if we've requested a status * MUST be empty and only sent if we've requested a status
* request message. * request message.
@ -2390,10 +2388,10 @@ static int ssl_scan_serverhello_tlsext(SSL *s, PACKET *pkt, int *al)
*al = TLS1_AD_DECODE_ERROR; *al = TLS1_AD_DECODE_ERROR;
return 0; return 0;
} }
if (s-> if (s->ctx->next_proto_select_cb(s, &selected, &selected_len, data,
ctx->next_proto_select_cb(s, &selected, &selected_len, data, size,
size, s->
s->ctx->next_proto_select_cb_arg) != ctx->next_proto_select_cb_arg) !=
SSL_TLSEXT_ERR_OK) { SSL_TLSEXT_ERR_OK) {
*al = TLS1_AD_INTERNAL_ERROR; *al = TLS1_AD_INTERNAL_ERROR;
return 0; return 0;
@ -2423,9 +2421,8 @@ static int ssl_scan_serverhello_tlsext(SSL *s, PACKET *pkt, int *al)
* uint8 proto[proto_length]; * uint8 proto[proto_length];
*/ */
if (!PACKET_get_net_2(&spkt, &len) if (!PACKET_get_net_2(&spkt, &len)
|| PACKET_remaining(&spkt) != len || PACKET_remaining(&spkt) != len || !PACKET_get_1(&spkt, &len)
|| !PACKET_get_1(&spkt, &len) || PACKET_remaining(&spkt) != len) {
|| PACKET_remaining(&spkt) != len) {
*al = TLS1_AD_DECODE_ERROR; *al = TLS1_AD_DECODE_ERROR;
return 0; return 0;
} }
@ -2473,8 +2470,7 @@ static int ssl_scan_serverhello_tlsext(SSL *s, PACKET *pkt, int *al)
if (s->s3->tmp.new_cipher->algorithm_mac != SSL_AEAD if (s->s3->tmp.new_cipher->algorithm_mac != SSL_AEAD
&& s->s3->tmp.new_cipher->algorithm_enc != SSL_RC4) && s->s3->tmp.new_cipher->algorithm_enc != SSL_RC4)
s->s3->flags |= TLS1_FLAGS_ENCRYPT_THEN_MAC; s->s3->flags |= TLS1_FLAGS_ENCRYPT_THEN_MAC;
} } else if (type == TLSEXT_TYPE_extended_master_secret) {
else if (type == TLSEXT_TYPE_extended_master_secret) {
s->s3->flags |= TLS1_FLAGS_RECEIVED_EXTMS; s->s3->flags |= TLS1_FLAGS_RECEIVED_EXTMS;
if (!s->hit) if (!s->hit)
s->session->flags |= SSL_SESS_FLAG_EXTMS; s->session->flags |= SSL_SESS_FLAG_EXTMS;
@ -2495,7 +2491,8 @@ static int ssl_scan_serverhello_tlsext(SSL *s, PACKET *pkt, int *al)
if (!s->hit && tlsext_servername == 1) { if (!s->hit && tlsext_servername == 1) {
if (s->tlsext_hostname) { if (s->tlsext_hostname) {
if (s->session->tlsext_hostname == NULL) { if (s->session->tlsext_hostname == NULL) {
s->session->tlsext_hostname = OPENSSL_strdup(s->tlsext_hostname); s->session->tlsext_hostname =
OPENSSL_strdup(s->tlsext_hostname);
if (!s->session->tlsext_hostname) { if (!s->session->tlsext_hostname) {
*al = SSL_AD_UNRECOGNIZED_NAME; *al = SSL_AD_UNRECOGNIZED_NAME;
return 0; return 0;
@ -2534,7 +2531,7 @@ static int ssl_scan_serverhello_tlsext(SSL *s, PACKET *pkt, int *al)
*al = SSL_AD_HANDSHAKE_FAILURE; *al = SSL_AD_HANDSHAKE_FAILURE;
SSLerr(SSL_F_SSL_SCAN_SERVERHELLO_TLSEXT, SSL_R_INCONSISTENT_EXTMS); SSLerr(SSL_F_SSL_SCAN_SERVERHELLO_TLSEXT, SSL_R_INCONSISTENT_EXTMS);
return 0; return 0;
} }
} }
return 1; return 1;
@ -2593,6 +2590,7 @@ static int ssl_check_clienthello_tlsext_early(SSL *s)
return 1; return 1;
} }
} }
/* Initialise digests to default values */ /* Initialise digests to default values */
void ssl_set_default_md(SSL *s) void ssl_set_default_md(SSL *s)
{ {
@ -2743,7 +2741,7 @@ int ssl_check_serverhello_tlsext(SSL *s)
} }
} }
ret = SSL_TLSEXT_ERR_OK; ret = SSL_TLSEXT_ERR_OK;
#endif /* OPENSSL_NO_EC */ #endif /* OPENSSL_NO_EC */
if (s->ctx != NULL && s->ctx->tlsext_servername_callback != 0) if (s->ctx != NULL && s->ctx->tlsext_servername_callback != 0)
ret = ret =
@ -2864,7 +2862,7 @@ int tls_check_serverhello_tlsext_early(SSL *s, const PACKET *ext,
unsigned int type, size; unsigned int type, size;
if (!PACKET_get_net_2(&local_ext, &type) if (!PACKET_get_net_2(&local_ext, &type)
|| !PACKET_get_net_2(&local_ext, &size)) { || !PACKET_get_net_2(&local_ext, &size)) {
/* Shouldn't ever happen */ /* Shouldn't ever happen */
retv = -1; retv = -1;
goto end; goto end;
@ -2938,7 +2936,7 @@ int tls_check_serverhello_tlsext_early(SSL *s, const PACKET *ext,
} }
if (have_ticket == 0) if (have_ticket == 0)
retv = 0; retv = 0;
end: end:
return retv; return retv;
} }
@ -3005,11 +3003,12 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick,
if (HMAC_Init_ex(hctx, tctx->tlsext_tick_hmac_key, if (HMAC_Init_ex(hctx, tctx->tlsext_tick_hmac_key,
sizeof(tctx->tlsext_tick_hmac_key), sizeof(tctx->tlsext_tick_hmac_key),
EVP_sha256(), NULL) <= 0 EVP_sha256(), NULL) <= 0
|| EVP_DecryptInit_ex(ctx, EVP_aes_256_cbc(), NULL, || EVP_DecryptInit_ex(ctx, EVP_aes_256_cbc(), NULL,
tctx->tlsext_tick_aes_key, tctx->tlsext_tick_aes_key,
etick + sizeof(tctx->tlsext_tick_key_name)) <= 0) { etick + sizeof(tctx->tlsext_tick_key_name)) <=
0) {
goto err; goto err;
} }
} }
/* /*
* Attempt to process session ticket, first conduct sanity and integrity * Attempt to process session ticket, first conduct sanity and integrity
@ -3022,7 +3021,7 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick,
eticklen -= mlen; eticklen -= mlen;
/* Check HMAC of encrypted ticket */ /* Check HMAC of encrypted ticket */
if (HMAC_Update(hctx, etick, eticklen) <= 0 if (HMAC_Update(hctx, etick, eticklen) <= 0
|| HMAC_Final(hctx, tick_hmac, NULL) <= 0) { || HMAC_Final(hctx, tick_hmac, NULL) <= 0) {
goto err; goto err;
} }
HMAC_CTX_free(hctx); HMAC_CTX_free(hctx);
@ -3035,8 +3034,7 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick,
p = etick + 16 + EVP_CIPHER_CTX_iv_length(ctx); p = etick + 16 + EVP_CIPHER_CTX_iv_length(ctx);
eticklen -= 16 + EVP_CIPHER_CTX_iv_length(ctx); eticklen -= 16 + EVP_CIPHER_CTX_iv_length(ctx);
sdec = OPENSSL_malloc(eticklen); sdec = OPENSSL_malloc(eticklen);
if (sdec == NULL if (sdec == NULL || EVP_DecryptUpdate(ctx, sdec, &slen, p, eticklen) <= 0) {
|| EVP_DecryptUpdate(ctx, sdec, &slen, p, eticklen) <= 0) {
EVP_CIPHER_CTX_free(ctx); EVP_CIPHER_CTX_free(ctx);
OPENSSL_free(sdec); OPENSSL_free(sdec);
return -1; return -1;
@ -3074,7 +3072,7 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick,
* For session parse failure, indicate that we need to send a new ticket. * For session parse failure, indicate that we need to send a new ticket.
*/ */
return 2; return 2;
err: err:
EVP_CIPHER_CTX_free(ctx); EVP_CIPHER_CTX_free(ctx);
HMAC_CTX_free(hctx); HMAC_CTX_free(hctx);
return ret; return ret;
@ -3128,8 +3126,7 @@ static int tls12_find_nid(int id, const tls12_lookup *table, size_t tlen)
return NID_undef; return NID_undef;
} }
int tls12_get_sigandhash(unsigned char *p, const EVP_PKEY *pk, int tls12_get_sigandhash(unsigned char *p, const EVP_PKEY *pk, const EVP_MD *md)
const EVP_MD *md)
{ {
int sig_id, md_id; int sig_id, md_id;
if (!md) if (!md)
@ -3164,9 +3161,11 @@ static const tls12_hash_info tls12_md_info[] = {
{NID_sha256, 128, SSL_MD_SHA256_IDX, TLSEXT_hash_sha256}, {NID_sha256, 128, SSL_MD_SHA256_IDX, TLSEXT_hash_sha256},
{NID_sha384, 192, SSL_MD_SHA384_IDX, TLSEXT_hash_sha384}, {NID_sha384, 192, SSL_MD_SHA384_IDX, TLSEXT_hash_sha384},
{NID_sha512, 256, SSL_MD_SHA512_IDX, TLSEXT_hash_sha512}, {NID_sha512, 256, SSL_MD_SHA512_IDX, TLSEXT_hash_sha512},
{NID_id_GostR3411_94, 128, SSL_MD_GOST94_IDX, TLSEXT_hash_gostr3411}, {NID_id_GostR3411_94, 128, SSL_MD_GOST94_IDX, TLSEXT_hash_gostr3411},
{NID_id_GostR3411_2012_256, 128, SSL_MD_GOST12_256_IDX, TLSEXT_hash_gostr34112012_256}, {NID_id_GostR3411_2012_256, 128, SSL_MD_GOST12_256_IDX,
{NID_id_GostR3411_2012_512, 256, SSL_MD_GOST12_512_IDX, TLSEXT_hash_gostr34112012_512}, TLSEXT_hash_gostr34112012_256},
{NID_id_GostR3411_2012_512, 256, SSL_MD_GOST12_512_IDX,
TLSEXT_hash_gostr34112012_512},
}; };
static const tls12_hash_info *tls12_get_hash_info(unsigned char hash_alg) static const tls12_hash_info *tls12_get_hash_info(unsigned char hash_alg)
@ -3175,8 +3174,7 @@ static const tls12_hash_info *tls12_get_hash_info(unsigned char hash_alg)
if (hash_alg == 0) if (hash_alg == 0)
return NULL; return NULL;
for (i=0; i < OSSL_NELEM(tls12_md_info); i++) for (i = 0; i < OSSL_NELEM(tls12_md_info); i++) {
{
if (tls12_md_info[i].tlsext_hash == hash_alg) if (tls12_md_info[i].tlsext_hash == hash_alg)
return tls12_md_info + i; return tls12_md_info + i;
} }
@ -3210,7 +3208,7 @@ static int tls12_get_pkey_idx(unsigned char sig_alg)
case TLSEXT_signature_ecdsa: case TLSEXT_signature_ecdsa:
return SSL_PKEY_ECC; return SSL_PKEY_ECC;
#endif #endif
# ifndef OPENSSL_NO_GOST #ifndef OPENSSL_NO_GOST
case TLSEXT_signature_gostr34102001: case TLSEXT_signature_gostr34102001:
return SSL_PKEY_GOST01; return SSL_PKEY_GOST01;
@ -3219,7 +3217,7 @@ static int tls12_get_pkey_idx(unsigned char sig_alg)
case TLSEXT_signature_gostr34102012_512: case TLSEXT_signature_gostr34102012_512:
return SSL_PKEY_GOST12_512; return SSL_PKEY_GOST12_512;
# endif #endif
} }
return -1; return -1;
} }
@ -3243,8 +3241,7 @@ static void tls1_lookup_sigalg(int *phash_nid, int *psign_nid,
} }
if (psignhash_nid) { if (psignhash_nid) {
if (sign_nid == NID_undef || hash_nid == NID_undef if (sign_nid == NID_undef || hash_nid == NID_undef
|| OBJ_find_sigid_by_algs(psignhash_nid, hash_nid, || OBJ_find_sigid_by_algs(psignhash_nid, hash_nid, sign_nid) <= 0)
sign_nid) <= 0)
*psignhash_nid = NID_undef; *psignhash_nid = NID_undef;
} }
} }
@ -3470,14 +3467,16 @@ int tls1_process_sigalgs(SSL *s)
if (pmd[SSL_PKEY_ECC] == NULL) if (pmd[SSL_PKEY_ECC] == NULL)
pmd[SSL_PKEY_ECC] = EVP_sha1(); pmd[SSL_PKEY_ECC] = EVP_sha1();
#endif #endif
# ifndef OPENSSL_NO_GOST #ifndef OPENSSL_NO_GOST
if (pmd[SSL_PKEY_GOST01] == NULL) if (pmd[SSL_PKEY_GOST01] == NULL)
pmd[SSL_PKEY_GOST01] = EVP_get_digestbynid(NID_id_GostR3411_94); pmd[SSL_PKEY_GOST01] = EVP_get_digestbynid(NID_id_GostR3411_94);
if (pmd[SSL_PKEY_GOST12_256] == NULL) if (pmd[SSL_PKEY_GOST12_256] == NULL)
pmd[SSL_PKEY_GOST12_256] = EVP_get_digestbynid(NID_id_GostR3411_2012_256); pmd[SSL_PKEY_GOST12_256] =
EVP_get_digestbynid(NID_id_GostR3411_2012_256);
if (pmd[SSL_PKEY_GOST12_512] == NULL) if (pmd[SSL_PKEY_GOST12_512] == NULL)
pmd[SSL_PKEY_GOST12_512] = EVP_get_digestbynid(NID_id_GostR3411_2012_512); pmd[SSL_PKEY_GOST12_512] =
# endif EVP_get_digestbynid(NID_id_GostR3411_2012_512);
#endif
} }
return 1; return 1;
} }
@ -3598,8 +3597,7 @@ int tls1_set_sigalgs_list(CERT *c, const char *str, int client)
return tls1_set_sigalgs(c, sig.sigalgs, sig.sigalgcnt, client); return tls1_set_sigalgs(c, sig.sigalgs, sig.sigalgcnt, client);
} }
int tls1_set_sigalgs(CERT *c, const int *psig_nids, size_t salglen, int tls1_set_sigalgs(CERT *c, const int *psig_nids, size_t salglen, int client)
int client)
{ {
unsigned char *sigalgs, *sptr; unsigned char *sigalgs, *sptr;
int rhash, rsign; int rhash, rsign;
@ -3945,7 +3943,6 @@ int SSL_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain)
return tls1_check_chain(s, x, pk, chain, -1); return tls1_check_chain(s, x, pk, chain, -1);
} }
#ifndef OPENSSL_NO_DH #ifndef OPENSSL_NO_DH
DH *ssl_get_auto_dh(SSL *s) DH *ssl_get_auto_dh(SSL *s)
{ {

10
ssl/t1_reneg.c
View File

@ -45,7 +45,7 @@ int ssl_parse_clienthello_renegotiate_ext(SSL *s, PACKET *pkt, int *al)
/* Parse the length byte */ /* Parse the length byte */
if (!PACKET_get_1(pkt, &ilen) if (!PACKET_get_1(pkt, &ilen)
|| !PACKET_get_bytes(pkt, &d, ilen)) { || !PACKET_get_bytes(pkt, &d, ilen)) {
SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT, SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT,
SSL_R_RENEGOTIATION_ENCODING_ERR); SSL_R_RENEGOTIATION_ENCODING_ERR);
*al = SSL_AD_ILLEGAL_PARAMETER; *al = SSL_AD_ILLEGAL_PARAMETER;
@ -143,8 +143,8 @@ int ssl_parse_serverhello_renegotiate_ext(SSL *s, PACKET *pkt, int *al)
} }
if (!PACKET_get_bytes(pkt, &data, s->s3->previous_client_finished_len) if (!PACKET_get_bytes(pkt, &data, s->s3->previous_client_finished_len)
|| memcmp(data, s->s3->previous_client_finished, || memcmp(data, s->s3->previous_client_finished,
s->s3->previous_client_finished_len) != 0) { s->s3->previous_client_finished_len) != 0) {
SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT, SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,
SSL_R_RENEGOTIATION_MISMATCH); SSL_R_RENEGOTIATION_MISMATCH);
*al = SSL_AD_HANDSHAKE_FAILURE; *al = SSL_AD_HANDSHAKE_FAILURE;
@ -152,8 +152,8 @@ int ssl_parse_serverhello_renegotiate_ext(SSL *s, PACKET *pkt, int *al)
} }
if (!PACKET_get_bytes(pkt, &data, s->s3->previous_server_finished_len) if (!PACKET_get_bytes(pkt, &data, s->s3->previous_server_finished_len)
|| memcmp(data, s->s3->previous_server_finished, || memcmp(data, s->s3->previous_server_finished,
s->s3->previous_server_finished_len) != 0) { s->s3->previous_server_finished_len) != 0) {
SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT, SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,
SSL_R_RENEGOTIATION_MISMATCH); SSL_R_RENEGOTIATION_MISMATCH);
*al = SSL_AD_ILLEGAL_PARAMETER; *al = SSL_AD_ILLEGAL_PARAMETER;

46
ssl/t1_trce.c
View File

@ -415,13 +415,13 @@ static ssl_trace_tbl ssl_ciphers_tbl[] = {
{0xC0AD, "TLS_ECDHE_ECDSA_WITH_AES_256_CCM"}, {0xC0AD, "TLS_ECDHE_ECDSA_WITH_AES_256_CCM"},
{0xC0AE, "TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8"}, {0xC0AE, "TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8"},
{0xC0AF, "TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8"}, {0xC0AF, "TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8"},
{0xCCA8, "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305" }, {0xCCA8, "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305"},
{0xCCA9, "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305" }, {0xCCA9, "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305"},
{0xCCAA, "TLS_DHE_RSA_WITH_CHACHA20_POLY1305" }, {0xCCAA, "TLS_DHE_RSA_WITH_CHACHA20_POLY1305"},
{0xCCAB, "TLS_PSK_WITH_CHACHA20_POLY1305" }, {0xCCAB, "TLS_PSK_WITH_CHACHA20_POLY1305"},
{0xCCAC, "TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305" }, {0xCCAC, "TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305"},
{0xCCAD, "TLS_DHE_PSK_WITH_CHACHA20_POLY1305" }, {0xCCAD, "TLS_DHE_PSK_WITH_CHACHA20_POLY1305"},
{0xCCAE, "TLS_RSA_PSK_WITH_CHACHA20_POLY1305" }, {0xCCAE, "TLS_RSA_PSK_WITH_CHACHA20_POLY1305"},
{0xFEFE, "SSL_RSA_FIPS_WITH_DES_CBC_SHA"}, {0xFEFE, "SSL_RSA_FIPS_WITH_DES_CBC_SHA"},
{0xFEFF, "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA"}, {0xFEFF, "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA"},
}; };
@ -452,9 +452,9 @@ static ssl_trace_tbl ssl_exts_tbl[] = {
{TLSEXT_TYPE_heartbeat, "heartbeat"}, {TLSEXT_TYPE_heartbeat, "heartbeat"},
{TLSEXT_TYPE_session_ticket, "session_ticket"}, {TLSEXT_TYPE_session_ticket, "session_ticket"},
{TLSEXT_TYPE_renegotiate, "renegotiate"}, {TLSEXT_TYPE_renegotiate, "renegotiate"},
#ifndef OPENSSL_NO_NEXTPROTONEG # ifndef OPENSSL_NO_NEXTPROTONEG
{TLSEXT_TYPE_next_proto_neg, "next_proto_neg"}, {TLSEXT_TYPE_next_proto_neg, "next_proto_neg"},
#endif # endif
{TLSEXT_TYPE_signed_certificate_timestamp, "signed_certificate_timestamps"}, {TLSEXT_TYPE_signed_certificate_timestamp, "signed_certificate_timestamps"},
{TLSEXT_TYPE_padding, "padding"}, {TLSEXT_TYPE_padding, "padding"},
{TLSEXT_TYPE_encrypt_then_mac, "encrypt_then_mac"}, {TLSEXT_TYPE_encrypt_then_mac, "encrypt_then_mac"},
@ -657,8 +657,7 @@ static int ssl_print_extension(BIO *bio, int indent, int server, int extype,
xlen = ext[0]; xlen = ext[0];
if (extlen != xlen + 1) if (extlen != xlen + 1)
return 0; return 0;
return ssl_trace_list(bio, indent + 2, return ssl_trace_list(bio, indent + 2, ext + 1, xlen, 1, ssl_point_tbl);
ext + 1, xlen, 1, ssl_point_tbl);
case TLSEXT_TYPE_elliptic_curves: case TLSEXT_TYPE_elliptic_curves:
if (extlen < 2) if (extlen < 2)
@ -666,8 +665,7 @@ static int ssl_print_extension(BIO *bio, int indent, int server, int extype,
xlen = (ext[0] << 8) | ext[1]; xlen = (ext[0] << 8) | ext[1];
if (extlen != xlen + 2) if (extlen != xlen + 2)
return 0; return 0;
return ssl_trace_list(bio, indent + 2, return ssl_trace_list(bio, indent + 2, ext + 2, xlen, 2, ssl_curve_tbl);
ext + 2, xlen, 2, ssl_curve_tbl);
case TLSEXT_TYPE_signature_algorithms: case TLSEXT_TYPE_signature_algorithms:
@ -705,8 +703,7 @@ static int ssl_print_extension(BIO *bio, int indent, int server, int extype,
ssl_print_hex(bio, indent + 4, "client_verify_data", ext, xlen); ssl_print_hex(bio, indent + 4, "client_verify_data", ext, xlen);
if (server) { if (server) {
ext += xlen; ext += xlen;
ssl_print_hex(bio, indent + 4, ssl_print_hex(bio, indent + 4, "server_verify_data", ext, xlen);
"server_verify_data", ext, xlen);
} }
} else { } else {
BIO_indent(bio, indent + 4, 80); BIO_indent(bio, indent + 4, 80);
@ -758,8 +755,7 @@ static int ssl_print_extensions(BIO *bio, int indent, int server,
if (msglen < extlen + 4) if (msglen < extlen + 4)
return 0; return 0;
msg += 4; msg += 4;
if (!ssl_print_extension(bio, indent + 2, server, if (!ssl_print_extension(bio, indent + 2, server, extype, msg, extlen))
extype, msg, extlen))
return 0; return 0;
msg += extlen; msg += extlen;
msglen -= extlen + 4; msglen -= extlen + 4;
@ -823,8 +819,7 @@ static int ssl_print_client_hello(BIO *bio, SSL *ssl, int indent,
} }
static int dtls_print_hello_vfyrequest(BIO *bio, int indent, static int dtls_print_hello_vfyrequest(BIO *bio, int indent,
const unsigned char *msg, const unsigned char *msg, size_t msglen)
size_t msglen)
{ {
if (!ssl_print_version(bio, indent, "server_version", &msg, &msglen)) if (!ssl_print_version(bio, indent, "server_version", &msg, &msglen))
return 0; return 0;
@ -928,8 +923,7 @@ static int ssl_print_client_keyex(BIO *bio, int indent, SSL *ssl,
"EncyptedPreMasterSecret", msg, msglen); "EncyptedPreMasterSecret", msg, msglen);
} else { } else {
if (!ssl_print_hexbuf(bio, indent + 2, if (!ssl_print_hexbuf(bio, indent + 2,
"EncyptedPreMasterSecret", 2, "EncyptedPreMasterSecret", 2, &msg, &msglen))
&msg, &msglen))
return 0; return 0;
} }
break; break;
@ -967,8 +961,7 @@ static int ssl_print_server_keyex(BIO *bio, int indent, SSL *ssl,
switch (id) { switch (id) {
case SSL_kRSA: case SSL_kRSA:
if (!ssl_print_hexbuf(bio, indent + 2, "rsa_modulus", 2, if (!ssl_print_hexbuf(bio, indent + 2, "rsa_modulus", 2, &msg, &msglen))
&msg, &msglen))
return 0; return 0;
if (!ssl_print_hexbuf(bio, indent + 2, "rsa_exponent", 2, if (!ssl_print_hexbuf(bio, indent + 2, "rsa_exponent", 2,
&msg, &msglen)) &msg, &msglen))
@ -985,7 +978,7 @@ static int ssl_print_server_keyex(BIO *bio, int indent, SSL *ssl,
return 0; return 0;
break; break;
#ifndef OPENSSL_NO_EC # ifndef OPENSSL_NO_EC
case SSL_kECDHE: case SSL_kECDHE:
case SSL_kECDHEPSK: case SSL_kECDHEPSK:
if (msglen < 1) if (msglen < 1)
@ -1011,7 +1004,7 @@ static int ssl_print_server_keyex(BIO *bio, int indent, SSL *ssl,
return 0; return 0;
} }
break; break;
#endif # endif
case SSL_kPSK: case SSL_kPSK:
case SSL_kRSAPSK: case SSL_kRSAPSK:
@ -1292,8 +1285,7 @@ void SSL_trace(int write_p, int version, int content_type,
if (write_p == 2) { if (write_p == 2) {
BIO_puts(bio, "Session "); BIO_puts(bio, "Session ");
ssl_print_hex(bio, 0, ssl_print_hex(bio, 0,
ssl_trace_str(content_type, ssl_crypto_tbl), ssl_trace_str(content_type, ssl_crypto_tbl), msg, msglen);
msg, msglen);
return; return;
} }
switch (content_type) { switch (content_type) {

8
ssl/tls_srp.c
View File

@ -13,7 +13,7 @@
#include "ssl_locl.h" #include "ssl_locl.h"
#ifndef OPENSSL_NO_SRP #ifndef OPENSSL_NO_SRP
#include <openssl/srp.h> # include <openssl/srp.h>
int SSL_CTX_SRP_CTX_free(struct ssl_ctx_st *ctx) int SSL_CTX_SRP_CTX_free(struct ssl_ctx_st *ctx)
{ {
@ -325,8 +325,7 @@ int srp_generate_client_master_secret(SSL *s)
goto err; goto err;
if (! if (!
(passwd = (passwd =
s->srp_ctx.SRP_give_srp_client_pwd_callback(s, s->srp_ctx.SRP_give_srp_client_pwd_callback(s, s->srp_ctx.SRP_cb_arg)))
s->srp_ctx.SRP_cb_arg)))
goto err; goto err;
if ((x = SRP_Calc_x(s->srp_ctx.s, s->srp_ctx.login, passwd)) == NULL) if ((x = SRP_Calc_x(s->srp_ctx.s, s->srp_ctx.login, passwd)) == NULL)
goto err; goto err;
@ -388,8 +387,7 @@ int SRP_Calc_A_param(SSL *s)
s->srp_ctx.a = BN_bin2bn(rnd, sizeof(rnd), s->srp_ctx.a); s->srp_ctx.a = BN_bin2bn(rnd, sizeof(rnd), s->srp_ctx.a);
OPENSSL_cleanse(rnd, sizeof(rnd)); OPENSSL_cleanse(rnd, sizeof(rnd));
if (! if (!(s->srp_ctx.A = SRP_Calc_A(s->srp_ctx.a, s->srp_ctx.N, s->srp_ctx.g)))
(s->srp_ctx.A = SRP_Calc_A(s->srp_ctx.a, s->srp_ctx.N, s->srp_ctx.g)))
return 0; return 0;
return 1; return 1;

7
util/indent.pro
View File

@ -14,7 +14,7 @@
-i4 -i4
-il1 -il1
-ip0 -ip0
-l78 -l80
-lp -lp
-nbad -nbad
-nbc -nbc
@ -107,6 +107,7 @@
-T BIGNUM -T BIGNUM
-T BIO -T BIO
-T BIO_ACCEPT -T BIO_ACCEPT
-T BIO_ADDR
-T BIO_ASN1_BUF_CTX -T BIO_ASN1_BUF_CTX
-T BIO_ASN1_EX_FUNCS -T BIO_ASN1_EX_FUNCS
-T BIO_B64_CTX -T BIO_B64_CTX
@ -362,6 +363,7 @@
-T OPENSSL_PSTRING -T OPENSSL_PSTRING
-T OPENSSL_STRING -T OPENSSL_STRING
-T OPENSSL_STRING -T OPENSSL_STRING
-T OSSL_ASYNC_FD
-T OTHERNAME -T OTHERNAME
-T P256_POINT -T P256_POINT
-T P256_POINT_AFFINE -T P256_POINT_AFFINE
@ -442,6 +444,7 @@
-T SSL_COMP -T SSL_COMP
-T SSL_CONF_CTX -T SSL_CONF_CTX
-T SSL_CTX -T SSL_CTX
-T SSL_DANE
-T SSL_EXCERT -T SSL_EXCERT
-T SSL_METHOD -T SSL_METHOD
-T SSL_SESSION -T SSL_SESSION
@ -727,3 +730,5 @@
-T ASYNC_JOB -T ASYNC_JOB
-T intmax_t -T intmax_t
-T uintmax_t -T uintmax_t
-T pqueue
-T danetls_record