wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Indent ssl/

Browse source 
Run util/openssl-format-source on ssl/

Some comments and hand-formatted tables were fixed up
manually by disabling auto-formatting.

Reviewed-by: Rich Salz <rsalz@openssl.org>
This commit is contained in:
Emilia Kasper 2016-08-05 19:03:17 +02:00
parent 604f6eff31
commit a230b26e09
39 changed files with 1217 additions and 1404 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

25
ssl/d1_lib.c
View file

@ -338,8 +338,7 @@ int dtls1_check_timeout_num(SSL *s)
if (s->d1->timeout.num_alerts > 2
&& !(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU)) {
mtu =
BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_GET_FALLBACK_MTU, 0,
NULL);
BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_GET_FALLBACK_MTU, 0, NULL);
if (mtu < s->d1->mtu)
s->d1->mtu = mtu;
}
@ -391,10 +390,13 @@ static void get_current_time(struct timeval *t)
GetSystemTime(&st);
SystemTimeToFileTime(&st, &now.ft);
/* re-bias to 1/1/1970 */
# ifdef __MINGW32__
now.ul -= 116444736000000000ULL;
# else
now.ul -= 116444736000000000UI64; /* re-bias to 1/1/1970 */
/* *INDENT-OFF* */
now.ul -= 116444736000000000UI64;
/* *INDENT-ON* */
# endif
t->tv_sec = (long)(now.ul / 10000000);
t->tv_usec = ((int)(now.ul % 10000000)) / 10;
@ -408,7 +410,6 @@ static void get_current_time(struct timeval *t)
#endif
}
#define LISTEN_SUCCESS 2
#define LISTEN_SEND_VERIFY_REQUEST 1
@ -531,7 +532,7 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client)
goto end;
}
if (rectype != SSL3_RT_HANDSHAKE) {
if (rectype != SSL3_RT_HANDSHAKE) {
SSLerr(SSL_F_DTLSV1_LISTEN, SSL_R_UNEXPECTED_MESSAGE);
goto end;
}
@ -744,7 +745,6 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client)
s->msg_callback(1, 0, SSL3_RT_HEADER, buf,
DTLS1_RT_HEADER_LENGTH, s, s->msg_callback_arg);
if ((tmpclient = BIO_ADDR_new()) == NULL) {
SSLerr(SSL_F_DTLSV1_LISTEN, ERR_R_MALLOC_FAILURE);
goto end;
@ -805,13 +805,15 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client)
*/
ossl_statem_set_hello_verify_done(s);
/* Some BIOs may not support this. If we fail we clear the client address */
/*
* Some BIOs may not support this. If we fail we clear the client address
*/
if (BIO_dgram_get_peer(rbio, client) <= 0)
BIO_ADDR_clear(client);
ret = 1;
clearpkt = 0;
end:
end:
BIO_ADDR_free(tmpclient);
BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_PEEK_MODE, 0, NULL);
if (clearpkt) {
@ -842,12 +844,12 @@ static int dtls1_handshake_write(SSL *s)
#ifndef OPENSSL_NO_HEARTBEATS
#define HEARTBEAT_SIZE(payload, padding) ( \
# define HEARTBEAT_SIZE(payload, padding) ( \
1 /* heartbeat type */ + \
2 /* heartbeat length */ + \
(payload) + (padding))
#define HEARTBEAT_SIZE_STD(payload) HEARTBEAT_SIZE(payload, 16)
# define HEARTBEAT_SIZE_STD(payload) HEARTBEAT_SIZE(payload, 16)
int dtls1_process_heartbeat(SSL *s, unsigned char *p, unsigned int length)
{
@ -987,8 +989,7 @@ int dtls1_heartbeat(SSL *s)
if (ret >= 0) {
if (s->msg_callback)
s->msg_callback(1, s->version, DTLS1_RT_HEARTBEAT,
buf, size,
s, s->msg_callback_arg);
buf, size, s, s->msg_callback_arg);
dtls1_start_timer(s);
s->tlsext_hb_pending = 1;

21
ssl/d1_srtp.c
View file

@ -30,11 +30,11 @@ static SRTP_PROTECTION_PROFILE srtp_known_profiles[] = {
},
{
"SRTP_AEAD_AES_128_GCM",
SRTP_AEAD_AES_128_GCM
SRTP_AEAD_AES_128_GCM,
},
{
"SRTP_AEAD_AES_256_GCM",
SRTP_AEAD_AES_256_GCM
SRTP_AEAD_AES_256_GCM,
},
{0}
};
@ -76,8 +76,7 @@ static int ssl_ctx_make_profiles(const char *profiles_string,
do {
col = strchr(ptr, ':');
if (!find_profile_by_name(ptr, &p,
col ? col - ptr : (int)strlen(ptr))) {
if (!find_profile_by_name(ptr, &p, col ? col - ptr : (int)strlen(ptr))) {
if (sk_SRTP_PROTECTION_PROFILE_find(profiles, p) >= 0) {
SSLerr(SSL_F_SSL_CTX_MAKE_PROFILES,
SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
@ -104,7 +103,7 @@ static int ssl_ctx_make_profiles(const char *profiles_string,
*out = profiles;
return 0;
err:
err:
sk_SRTP_PROTECTION_PROFILE_free(profiles);
return 1;
}
@ -190,8 +189,7 @@ int ssl_parse_clienthello_use_srtp_ext(SSL *s, PACKET *pkt, int *al)
/* Pull off the length of the cipher suite list and check it is even */
if (!PACKET_get_net_2(pkt, &ct)
|| (ct & 1) != 0
|| !PACKET_get_sub_packet(pkt, &subpkt, ct)) {
|| (ct & 1) != 0 || !PACKET_get_sub_packet(pkt, &subpkt, ct)) {
SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT,
SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
*al = SSL_AD_DECODE_ERROR;
@ -238,7 +236,7 @@ int ssl_parse_clienthello_use_srtp_ext(SSL *s, PACKET *pkt, int *al)
}
if (!PACKET_forward(pkt, mki_len)
|| PACKET_remaining(pkt)) {
|| PACKET_remaining(pkt)) {
SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT,
SSL_R_BAD_SRTP_MKI_VALUE);
*al = SSL_AD_DECODE_ERROR;
@ -281,10 +279,9 @@ int ssl_parse_serverhello_use_srtp_ext(SSL *s, PACKET *pkt, int *al)
SRTP_PROTECTION_PROFILE *prof;
if (!PACKET_get_net_2(pkt, &ct)
|| ct != 2
|| !PACKET_get_net_2(pkt, &id)
|| !PACKET_get_1(pkt, &mki)
|| PACKET_remaining(pkt) != 0) {
|| ct != 2 || !PACKET_get_net_2(pkt, &id)
|| !PACKET_get_1(pkt, &mki)
|| PACKET_remaining(pkt) != 0) {
SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT,
SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
*al = SSL_AD_DECODE_ERROR;

108
ssl/methods.c
View file

@ -11,7 +11,7 @@
#include <openssl/objects.h>
#include "ssl_locl.h"
/*
/*-
* TLS/SSLv3 methods
*/
@ -19,201 +19,148 @@ IMPLEMENT_tls_meth_func(TLS_ANY_VERSION, 0, 0,
TLS_method,
ossl_statem_accept,
ossl_statem_connect, TLSv1_2_enc_data)
#ifndef OPENSSL_NO_TLS1_2_METHOD
IMPLEMENT_tls_meth_func(TLS1_2_VERSION, 0, SSL_OP_NO_TLSv1_2,
tlsv1_2_method,
ossl_statem_accept,
ossl_statem_connect, TLSv1_2_enc_data)
#endif
#ifndef OPENSSL_NO_TLS1_1_METHOD
IMPLEMENT_tls_meth_func(TLS1_1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_TLSv1_1,
tlsv1_1_method,
ossl_statem_accept,
ossl_statem_connect, TLSv1_1_enc_data)
#endif
#ifndef OPENSSL_NO_TLS1_METHOD
IMPLEMENT_tls_meth_func(TLS1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_TLSv1,
tlsv1_method,
ossl_statem_accept,
ossl_statem_connect, TLSv1_enc_data)
ossl_statem_accept, ossl_statem_connect, TLSv1_enc_data)
#endif
#ifndef OPENSSL_NO_SSL3_METHOD
IMPLEMENT_ssl3_meth_func(sslv3_method, ossl_statem_accept, ossl_statem_connect)
#endif
/*
/*-
* TLS/SSLv3 server methods
*/
IMPLEMENT_tls_meth_func(TLS_ANY_VERSION, 0, 0,
TLS_server_method,
ossl_statem_accept,
ssl_undefined_function,
TLSv1_2_enc_data)
ssl_undefined_function, TLSv1_2_enc_data)
#ifndef OPENSSL_NO_TLS1_2_METHOD
IMPLEMENT_tls_meth_func(TLS1_2_VERSION, 0, SSL_OP_NO_TLSv1_2,
tlsv1_2_server_method,
ossl_statem_accept,
ssl_undefined_function,
TLSv1_2_enc_data)
ssl_undefined_function, TLSv1_2_enc_data)
#endif
#ifndef OPENSSL_NO_TLS1_1_METHOD
IMPLEMENT_tls_meth_func(TLS1_1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_TLSv1_1,
tlsv1_1_server_method,
ossl_statem_accept,
ssl_undefined_function,
TLSv1_1_enc_data)
ssl_undefined_function, TLSv1_1_enc_data)
#endif
#ifndef OPENSSL_NO_TLS1_METHOD
IMPLEMENT_tls_meth_func(TLS1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_TLSv1,
tlsv1_server_method,
ossl_statem_accept,
ssl_undefined_function,
TLSv1_enc_data)
ssl_undefined_function, TLSv1_enc_data)
#endif
#ifndef OPENSSL_NO_SSL3_METHOD
IMPLEMENT_ssl3_meth_func(sslv3_server_method,
ossl_statem_accept,
ssl_undefined_function)
ossl_statem_accept, ssl_undefined_function)
#endif
/*
/*-
* TLS/SSLv3 client methods
*/
IMPLEMENT_tls_meth_func(TLS_ANY_VERSION, 0, 0,
TLS_client_method,
ssl_undefined_function,
ossl_statem_connect,
TLSv1_2_enc_data)
ossl_statem_connect, TLSv1_2_enc_data)
#ifndef OPENSSL_NO_TLS1_2_METHOD
IMPLEMENT_tls_meth_func(TLS1_2_VERSION, 0, SSL_OP_NO_TLSv1_2,
tlsv1_2_client_method,
ssl_undefined_function,
ossl_statem_connect,
TLSv1_2_enc_data)
ossl_statem_connect, TLSv1_2_enc_data)
#endif
#ifndef OPENSSL_NO_TLS1_1_METHOD
IMPLEMENT_tls_meth_func(TLS1_1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_TLSv1_1,
tlsv1_1_client_method,
ssl_undefined_function,
ossl_statem_connect,
TLSv1_1_enc_data)
ossl_statem_connect, TLSv1_1_enc_data)
#endif
#ifndef OPENSSL_NO_TLS1_METHOD
IMPLEMENT_tls_meth_func(TLS1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_TLSv1,
tlsv1_client_method,
ssl_undefined_function,
ossl_statem_connect,
TLSv1_enc_data)
ossl_statem_connect, TLSv1_enc_data)
#endif
#ifndef OPENSSL_NO_SSL3_METHOD
IMPLEMENT_ssl3_meth_func(sslv3_client_method,
ssl_undefined_function,
ossl_statem_connect)
ssl_undefined_function, ossl_statem_connect)
#endif
/*
/*-
* DTLS methods
*/
#ifndef OPENSSL_NO_DTLS1_METHOD
IMPLEMENT_dtls1_meth_func(DTLS1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_DTLSv1,
dtlsv1_method,
ossl_statem_accept,
ossl_statem_connect,
DTLSv1_enc_data)
ossl_statem_connect, DTLSv1_enc_data)
#endif
#ifndef OPENSSL_NO_DTLS1_2_METHOD
IMPLEMENT_dtls1_meth_func(DTLS1_2_VERSION, 0, SSL_OP_NO_DTLSv1_2,
dtlsv1_2_method,
ossl_statem_accept,
ossl_statem_connect,
DTLSv1_2_enc_data)
ossl_statem_connect, DTLSv1_2_enc_data)
#endif
IMPLEMENT_dtls1_meth_func(DTLS_ANY_VERSION, 0, 0,
DTLS_method,
ossl_statem_accept,
ossl_statem_connect,
DTLSv1_2_enc_data)
ossl_statem_connect, DTLSv1_2_enc_data)
/*
/*-
* DTLS server methods
*/
#ifndef OPENSSL_NO_DTLS1_METHOD
IMPLEMENT_dtls1_meth_func(DTLS1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_DTLSv1,
dtlsv1_server_method,
ossl_statem_accept,
ssl_undefined_function,
DTLSv1_enc_data)
ssl_undefined_function, DTLSv1_enc_data)
#endif
#ifndef OPENSSL_NO_DTLS1_2_METHOD
IMPLEMENT_dtls1_meth_func(DTLS1_2_VERSION, 0, SSL_OP_NO_DTLSv1_2,
dtlsv1_2_server_method,
ossl_statem_accept,
ssl_undefined_function,
DTLSv1_2_enc_data)
ssl_undefined_function, DTLSv1_2_enc_data)
#endif
IMPLEMENT_dtls1_meth_func(DTLS_ANY_VERSION, 0, 0,
DTLS_server_method,
ossl_statem_accept,
ssl_undefined_function,
DTLSv1_2_enc_data)
ssl_undefined_function, DTLSv1_2_enc_data)
/*
/*-
* DTLS client methods
*/
#ifndef OPENSSL_NO_DTLS1_METHOD
IMPLEMENT_dtls1_meth_func(DTLS1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_DTLSv1,
dtlsv1_client_method,
ssl_undefined_function,
ossl_statem_connect,
DTLSv1_enc_data)
ossl_statem_connect, DTLSv1_enc_data)
IMPLEMENT_dtls1_meth_func(DTLS1_BAD_VER, SSL_METHOD_NO_SUITEB, SSL_OP_NO_DTLSv1,
dtls_bad_ver_client_method,
ssl_undefined_function,
ossl_statem_connect,
DTLSv1_enc_data)
ossl_statem_connect, DTLSv1_enc_data)
#endif
#ifndef OPENSSL_NO_DTLS1_2_METHOD
IMPLEMENT_dtls1_meth_func(DTLS1_2_VERSION, 0, SSL_OP_NO_DTLSv1_2,
dtlsv1_2_client_method,
ssl_undefined_function,
ossl_statem_connect,
DTLSv1_2_enc_data)
ossl_statem_connect, DTLSv1_2_enc_data)
#endif
IMPLEMENT_dtls1_meth_func(DTLS_ANY_VERSION, 0, 0,
DTLS_client_method,
ssl_undefined_function,
ossl_statem_connect,
DTLSv1_2_enc_data)
ossl_statem_connect, DTLSv1_2_enc_data)
#if OPENSSL_API_COMPAT < 0x10100000L
# ifndef OPENSSL_NO_TLS1_2_METHOD
const SSL_METHOD *TLSv1_2_method(void)
{
@ -317,4 +264,3 @@ const SSL_METHOD *DTLSv1_client_method(void)
# endif
#endif

72
ssl/packet_locl.h
View file

@ -54,6 +54,7 @@ static ossl_inline const unsigned char *PACKET_end(const PACKET *pkt)
{
return pkt->curr + pkt->remaining;
}
/*
* Returns a pointer to the PACKET's current position.
* For use in non-PACKETized APIs.
@ -107,8 +108,7 @@ __owur static ossl_inline int PACKET_equal(const PACKET *pkt, const void *ptr,
* the original |pkt|, so data wrapped by |pkt| must outlive the |subpkt|.
*/
__owur static ossl_inline int PACKET_peek_sub_packet(const PACKET *pkt,
PACKET *subpkt,
size_t len)
PACKET *subpkt, size_t len)
{
if (PACKET_remaining(pkt) < len)
return 0;
@ -122,8 +122,7 @@ __owur static ossl_inline int PACKET_peek_sub_packet(const PACKET *pkt,
* original |pkt|, so data wrapped by |pkt| must outlive the |subpkt|.
*/
__owur static ossl_inline int PACKET_get_sub_packet(PACKET *pkt,
PACKET *subpkt,
size_t len)
PACKET *subpkt, size_t len)
{
if (!PACKET_peek_sub_packet(pkt, subpkt, len))
return 0;
@ -151,8 +150,7 @@ __owur static ossl_inline int PACKET_peek_net_2(const PACKET *pkt,
/* Equivalent of n2s */
/* Get 2 bytes in network order from |pkt| and store the value in |*data| */
__owur static ossl_inline int PACKET_get_net_2(PACKET *pkt,
unsigned int *data)
__owur static ossl_inline int PACKET_get_net_2(PACKET *pkt, unsigned int *data)
{
if (!PACKET_peek_net_2(pkt, data))
return 0;
@ -181,8 +179,7 @@ __owur static ossl_inline int PACKET_peek_net_3(const PACKET *pkt,
/* Equivalent of n2l3 */
/* Get 3 bytes in network order from |pkt| and store the value in |*data| */
__owur static ossl_inline int PACKET_get_net_3(PACKET *pkt,
unsigned long *data)
__owur static ossl_inline int PACKET_get_net_3(PACKET *pkt, unsigned long *data)
{
if (!PACKET_peek_net_3(pkt, data))
return 0;
@ -212,8 +209,7 @@ __owur static ossl_inline int PACKET_peek_net_4(const PACKET *pkt,
/* Equivalent of n2l */
/* Get 4 bytes in network order from |pkt| and store the value in |*data| */
__owur static ossl_inline int PACKET_get_net_4(PACKET *pkt,
unsigned long *data)
__owur static ossl_inline int PACKET_get_net_4(PACKET *pkt, unsigned long *data)
{
if (!PACKET_peek_net_4(pkt, data))
return 0;
@ -333,8 +329,7 @@ __owur static ossl_inline int PACKET_peek_copy_bytes(const PACKET *pkt,
* The caller is responsible for ensuring that |data| can hold |len| bytes.
*/
__owur static ossl_inline int PACKET_copy_bytes(PACKET *pkt,
unsigned char *data,
size_t len)
unsigned char *data, size_t len)
{
if (!PACKET_peek_copy_bytes(pkt, data, len))
return 0;
@ -417,7 +412,7 @@ __owur static ossl_inline int PACKET_strndup(const PACKET *pkt, char **data)
/* Returns 1 if |pkt| contains at least one 0-byte, 0 otherwise. */
static ossl_inline int PACKET_contains_zero_byte(const PACKET *pkt)
{
return memchr(pkt->curr, 0, pkt->remaining) != NULL;
return memchr(pkt->curr, 0, pkt->remaining) != NULL;
}
/* Move the current reading position forward |len| bytes */
@ -460,22 +455,23 @@ __owur static ossl_inline int PACKET_get_length_prefixed_1(PACKET *pkt,
* Like PACKET_get_length_prefixed_1, but additionally, fails when there are
* leftover bytes in |pkt|.
*/
__owur static ossl_inline int PACKET_as_length_prefixed_1(PACKET *pkt, PACKET *subpkt)
__owur static ossl_inline int PACKET_as_length_prefixed_1(PACKET *pkt,
PACKET *subpkt)
{
unsigned int length;
const unsigned char *data;
PACKET tmp = *pkt;
if (!PACKET_get_1(&tmp, &length) ||
!PACKET_get_bytes(&tmp, &data, (size_t)length) ||
PACKET_remaining(&tmp) != 0) {
return 0;
}
unsigned int length;
const unsigned char *data;
PACKET tmp = *pkt;
if (!PACKET_get_1(&tmp, &length) ||
!PACKET_get_bytes(&tmp, &data, (size_t)length) ||
PACKET_remaining(&tmp) != 0) {
return 0;
}
*pkt = tmp;
subpkt->curr = data;
subpkt->remaining = length;
*pkt = tmp;
subpkt->curr = data;
subpkt->remaining = length;
return 1;
return 1;
}
/*
@ -511,21 +507,21 @@ __owur static ossl_inline int PACKET_get_length_prefixed_2(PACKET *pkt,
__owur static ossl_inline int PACKET_as_length_prefixed_2(PACKET *pkt,
PACKET *subpkt)
{
unsigned int length;
const unsigned char *data;
PACKET tmp = *pkt;
unsigned int length;
const unsigned char *data;
PACKET tmp = *pkt;
if (!PACKET_get_net_2(&tmp, &length) ||
!PACKET_get_bytes(&tmp, &data, (size_t)length) ||
PACKET_remaining(&tmp) != 0) {
return 0;
}
if (!PACKET_get_net_2(&tmp, &length) ||
!PACKET_get_bytes(&tmp, &data, (size_t)length) ||
PACKET_remaining(&tmp) != 0) {
return 0;
}
*pkt = tmp;
subpkt->curr = data;
subpkt->remaining = length;
*pkt = tmp;
subpkt->curr = data;
subpkt->remaining = length;
return 1;
return 1;
}
/*

56
ssl/record/rec_layer_d1.c
View file

@ -22,7 +22,6 @@ int DTLS_RECORD_LAYER_new(RECORD_LAYER *rl)
if ((d = OPENSSL_malloc(sizeof(*d))) == NULL)
return (0);
rl->d = d;
d->unprocessed_rcds.q = pqueue_new();
@ -97,18 +96,14 @@ void DTLS_RECORD_LAYER_set_saved_w_epoch(RECORD_LAYER *rl, unsigned short e)
{
if (e == rl->d->w_epoch - 1) {
memcpy(rl->d->curr_write_sequence,
rl->write_sequence,
sizeof(rl->write_sequence));
rl->write_sequence, sizeof(rl->write_sequence));
memcpy(rl->write_sequence,
rl->d->last_write_sequence,
sizeof(rl->write_sequence));
rl->d->last_write_sequence, sizeof(rl->write_sequence));
} else if (e == rl->d->w_epoch + 1) {
memcpy(rl->d->last_write_sequence,
rl->write_sequence,
sizeof(unsigned char[8]));
rl->write_sequence, sizeof(unsigned char[8]));
memcpy(rl->write_sequence,
rl->d->curr_write_sequence,
sizeof(rl->write_sequence));
rl->d->curr_write_sequence, sizeof(rl->write_sequence));
}
rl->d->w_epoch = e;
}
@ -118,7 +113,6 @@ void DTLS_RECORD_LAYER_resync_write(RECORD_LAYER *rl)
memcpy(rl->write_sequence, rl->read_sequence, sizeof(rl->write_sequence));
}
void DTLS_RECORD_LAYER_set_write_sequence(RECORD_LAYER *rl, unsigned char *seq)
{
memcpy(rl->write_sequence, seq, SEQ_NUM_SIZE);
@ -232,7 +226,6 @@ int dtls1_retrieve_buffered_record(SSL *s, record_pqueue *queue)
dtls1_retrieve_buffered_record((s), \
&((s)->rlayer.d->unprocessed_rcds))
int dtls1_process_buffered_records(SSL *s)
{
pitem *item;
@ -249,7 +242,8 @@ int dtls1_process_buffered_records(SSL *s)
if (!dtls1_process_record(s))
return (0);
if (dtls1_buffer_record(s, &(s->rlayer.d->processed_rcds),
SSL3_RECORD_get_seq_num(s->rlayer.rrec)) < 0)
SSL3_RECORD_get_seq_num(s->rlayer.rrec)) <
0)
return -1;
}
}
@ -264,7 +258,6 @@ int dtls1_process_buffered_records(SSL *s)
return (1);
}
/*-
* Return up to 'len' payload bytes received in 'type' records.
* 'type' is one of the following:
@ -390,7 +383,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
/* get new packet if necessary */
if ((SSL3_RECORD_get_length(rr) == 0)
|| (s->rlayer.rstate == SSL_ST_READ_BODY)) {
|| (s->rlayer.rstate == SSL_ST_READ_BODY)) {
ret = dtls1_get_record(s);
if (ret <= 0) {
ret = dtls1_read_failed(s, ret);
@ -413,7 +406,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
* data for later processing rather than dropping the connection.
*/
if (dtls1_buffer_record(s, &(s->rlayer.d->buffered_app_data),
SSL3_RECORD_get_seq_num(rr)) < 0) {
SSL3_RECORD_get_seq_num(rr)) < 0) {
SSLerr(SSL_F_DTLS1_READ_BYTES, ERR_R_INTERNAL_ERROR);
return -1;
}
@ -432,8 +425,8 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
}
if (type == SSL3_RECORD_get_type(rr)
|| (SSL3_RECORD_get_type(rr) == SSL3_RT_CHANGE_CIPHER_SPEC
&& type == SSL3_RT_HANDSHAKE && recvd_type != NULL)) {
|| (SSL3_RECORD_get_type(rr) == SSL3_RT_CHANGE_CIPHER_SPEC
&& type == SSL3_RT_HANDSHAKE && recvd_type != NULL)) {
/*
* SSL3_RT_APPLICATION_DATA or
* SSL3_RT_HANDSHAKE or
@ -525,7 +518,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
else if (SSL3_RECORD_get_type(rr) == DTLS1_RT_HEARTBEAT) {
/* We allow a 0 return */
if (dtls1_process_heartbeat(s, SSL3_RECORD_get_data(rr),
SSL3_RECORD_get_length(rr)) < 0) {
SSL3_RECORD_get_length(rr)) < 0) {
return -1;
}
/* Exit and notify application to read again */
@ -542,7 +535,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
* Application data while renegotiating is allowed. Try again
* reading.
*/
if (SSL3_RECORD_get_type(rr) == SSL3_RT_APPLICATION_DATA) {
if (SSL3_RECORD_get_type(rr) == SSL3_RT_APPLICATION_DATA) {
BIO *bio;
s->s3->in_read_app_data = 2;
bio = SSL_get_rbio(s);
@ -563,14 +556,14 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
* XDTLS: In a pathological case, the Client Hello may be
* fragmented--don't always expect dest_maxlen bytes
*/
if (SSL3_RECORD_get_length(rr) < dest_maxlen) {
if (SSL3_RECORD_get_length(rr) < dest_maxlen) {
#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE
/*
* for normal alerts rr->length is 2, while
* dest_maxlen is 7 if we were to handle this
* non-existing alert...
*/
FIX ME
FIX ME;
#endif
s->rlayer.rstate = SSL_ST_READ_HEADER;
SSL3_RECORD_set_length(rr, 0);
@ -628,8 +621,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
if (i < 0)
return (i);
if (i == 0) {
SSLerr(SSL_F_DTLS1_READ_BYTES,
SSL_R_SSL_HANDSHAKE_FAILURE);
SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE);
return (-1);
}
@ -734,8 +726,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
s->rwstate = SSL_NOTHING;
s->s3->fatal_alert = alert_descr;
SSLerr(SSL_F_DTLS1_READ_BYTES,
SSL_AD_REASON_OFFSET + alert_descr);
SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_AD_REASON_OFFSET + alert_descr);
BIO_snprintf(tmp, sizeof tmp, "%d", alert_descr);
ERR_add_error_data(2, "SSL alert number ", tmp);
s->shutdown |= SSL_RECEIVED_SHUTDOWN;
@ -874,7 +865,6 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
return (-1);
}
/*
* this only happens when a client hello is received and a handshake
* is started.
@ -884,7 +874,7 @@ static int have_handshake_fragment(SSL *s, int type, unsigned char *buf,
{
if ((type == SSL3_RT_HANDSHAKE)
&& (s->rlayer.d->handshake_fragment_len > 0))
&& (s->rlayer.d->handshake_fragment_len > 0))
/* (partially) satisfy request from storage */
{
unsigned char *src = s->rlayer.d->handshake_fragment;
@ -981,7 +971,7 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf,
* header: otherwise some clients will ignore it.
*/
if (s->method->version == DTLS_ANY_VERSION &&
s->max_proto_version != DTLS1_BAD_VER) {
s->max_proto_version != DTLS1_BAD_VER) {
*(p++) = DTLS1_VERSION >> 8;
*(p++) = DTLS1_VERSION & 0xff;
} else {
@ -1040,7 +1030,8 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf,
if (mac_size != 0) {
if (s->method->ssl3_enc->mac(s, &wr,
&(p[SSL3_RECORD_get_length(&wr) + eivlen]), 1) < 0)
&(p[SSL3_RECORD_get_length(&wr) + eivlen]),
1) < 0)
goto err;
SSL3_RECORD_add_length(&wr, mac_size);
}
@ -1115,7 +1106,7 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf,
}
DTLS1_BITMAP *dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr,
unsigned int *is_next_epoch)
unsigned int *is_next_epoch)
{
*is_next_epoch = 0;
@ -1126,7 +1117,7 @@ DTLS1_BITMAP *dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr,
/* Only HM and ALERT messages can be from the next epoch */
else if (rr->epoch == (unsigned long)(s->rlayer.d->r_epoch + 1) &&
(rr->type == SSL3_RT_HANDSHAKE || rr->type == SSL3_RT_ALERT)) {
(rr->type == SSL3_RT_HANDSHAKE || rr->type == SSL3_RT_ALERT)) {
*is_next_epoch = 1;
return &s->rlayer.d->next_bitmap;
}
@ -1144,8 +1135,7 @@ void dtls1_reset_seq_numbers(SSL *s, int rw)
s->rlayer.d->r_epoch++;
memcpy(&s->rlayer.d->bitmap, &s->rlayer.d->next_bitmap,
sizeof(s->rlayer.d->bitmap));
memset(&s->rlayer.d->next_bitmap, 0,
sizeof(s->rlayer.d->next_bitmap));
memset(&s->rlayer.d->next_bitmap, 0, sizeof(s->rlayer.d->next_bitmap));
} else {
seq = s->rlayer.write_sequence;
memcpy(s->rlayer.d->last_write_sequence, seq,

82
ssl/record/rec_layer_s3.c
View file

@ -43,7 +43,8 @@ void RECORD_LAYER_clear(RECORD_LAYER *rl)
rl->rstate = SSL_ST_READ_HEADER;
/* Do I need to clear read_ahead? As far as I can tell read_ahead did not
/*
* Do I need to clear read_ahead? As far as I can tell read_ahead did not
* previously get reset by SSL_clear...so I'll keep it that way..but is
* that right?
*/
@ -91,7 +92,7 @@ int RECORD_LAYER_read_pending(const RECORD_LAYER *rl)
int RECORD_LAYER_write_pending(const RECORD_LAYER *rl)
{
return (rl->numwpipes > 0)
&& SSL3_BUFFER_get_left(&rl->wbuf[rl->numwpipes-1]) != 0;
&& SSL3_BUFFER_get_left(&rl->wbuf[rl->numwpipes - 1]) != 0;
}
int RECORD_LAYER_set_data(RECORD_LAYER *rl, const unsigned char *buf, int len)
@ -130,7 +131,7 @@ int ssl3_pending(const SSL *s)
for (i = 0; i < RECORD_LAYER_get_numrpipes(&s->rlayer); i++) {
if (SSL3_RECORD_get_type(&s->rlayer.rrec[i])
!= SSL3_RT_APPLICATION_DATA)
!= SSL3_RT_APPLICATION_DATA)
return 0;
num += SSL3_RECORD_get_length(&s->rlayer.rrec[i]);
}
@ -262,7 +263,7 @@ int ssl3_read_n(SSL *s, int n, int max, int extend, int clearold)
* Move any available bytes to front of buffer: 'len' bytes already
* pointed to by 'packet', 'left' extra ones at the end
*/
if (s->rlayer.packet != pkt && clearold == 1) { /* len > 0 */
if (s->rlayer.packet != pkt && clearold == 1) { /* len > 0 */
memmove(pkt, s->rlayer.packet, len + left);
s->rlayer.packet = pkt;
rb->offset = len + align;
@ -327,7 +328,6 @@ int ssl3_read_n(SSL *s, int n, int max, int extend, int clearold)
return (n);
}
/*
* Call this to write data in records of type 'type' It will return <= 0 if
* not all data has been sent or non-blocking IO.
@ -365,7 +365,6 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len)
return -1;
}
s->rlayer.wnum = 0;
if (SSL_in_init(s) && !ossl_statem_get_in_handshake(s)) {
@ -538,22 +537,22 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len)
/*
* We should have prevented this when we set max_pipelines so we
* shouldn't get here
*/
*/
SSLerr(SSL_F_SSL3_WRITE_BYTES, ERR_R_INTERNAL_ERROR);
return -1;
}
if (maxpipes == 0
|| s->enc_write_ctx == NULL
|| !(EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(s->enc_write_ctx))
& EVP_CIPH_FLAG_PIPELINE)
|| !SSL_USE_EXPLICIT_IV(s))
|| s->enc_write_ctx == NULL
|| !(EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(s->enc_write_ctx))
& EVP_CIPH_FLAG_PIPELINE)
|| !SSL_USE_EXPLICIT_IV(s))
maxpipes = 1;
if (s->max_send_fragment == 0 || split_send_fragment > s->max_send_fragment
|| split_send_fragment == 0) {
|| split_send_fragment == 0) {
/*
* We should have prevented this when we set the split and max send
* fragments so we shouldn't get here
*/
*/
SSLerr(SSL_F_SSL3_WRITE_BYTES, ERR_R_INTERNAL_ERROR);
return -1;
}
@ -658,8 +657,7 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
sess = s->session;
if ((sess == NULL) ||
(s->enc_write_ctx == NULL) ||
(EVP_MD_CTX_md(s->write_hash) == NULL)) {
(s->enc_write_ctx == NULL) || (EVP_MD_CTX_md(s->write_hash) == NULL)) {
clear = s->enc_write_ctx ? 0 : 1; /* must be AEAD cipher */
mac_size = 0;
} else {
@ -691,8 +689,7 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
goto err;
if (prefix_len >
(SSL3_RT_HEADER_LENGTH + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD))
{
(SSL3_RT_HEADER_LENGTH + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD)) {
/* insufficient space */
SSLerr(SSL_F_DO_SSL3_WRITE, ERR_R_INTERNAL_ERROR);
goto err;
@ -718,9 +715,9 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
} else if (prefix_len) {
wb = &s->rlayer.wbuf[0];
outbuf[0] = SSL3_BUFFER_get_buf(wb) + SSL3_BUFFER_get_offset(wb)
+ prefix_len;
+ prefix_len;
} else {
for (j=0; j < numpipes; j++) {
for (j = 0; j < numpipes; j++) {
wb = &s->rlayer.wbuf[j];
#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0
align = (size_t)SSL3_BUFFER_get_buf(wb) + SSL3_RT_HEADER_LENGTH;
@ -749,11 +746,10 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
} else
eivlen = 0;
totlen = 0;
/* Clear our SSL3_RECORD structures */
memset(wr, 0, sizeof wr);
for (j=0; j < numpipes; j++) {
for (j = 0; j < numpipes; j++) {
/* write the header */
*(outbuf[j]++) = type & 0xff;
SSL3_RECORD_set_type(&wr[j], type);
@ -802,12 +798,12 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
if (!SSL_USE_ETM(s) && mac_size != 0) {
if (s->method->ssl3_enc->mac(s, &wr[j],
&(outbuf[j][wr[j].length + eivlen]), 1) < 0)
&(outbuf[j][wr[j].length + eivlen]),
1) < 0)
goto err;
SSL3_RECORD_add_length(&wr[j], mac_size);
}
SSL3_RECORD_set_data(&wr[j], outbuf[j]);
SSL3_RECORD_reset_input(&wr[j]);
@ -822,7 +818,7 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
if (s->method->ssl3_enc->enc(s, wr, numpipes, 1) < 1)
goto err;
for (j=0; j < numpipes; j++) {
for (j = 0; j < numpipes; j++) {
if (SSL_USE_ETM(s) && mac_size != 0) {
if (s->method->ssl3_enc->mac(s, &wr[j],
outbuf[j] + wr[j].length, 1) < 0)
@ -841,7 +837,8 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
* we should now have wr->data pointing to the encrypted data, which is
* wr->length long
*/
SSL3_RECORD_set_type(&wr[j], type); /* not needed but helps for debugging */
SSL3_RECORD_set_type(&wr[j], type); /* not needed but helps for
* debugging */
SSL3_RECORD_add_length(&wr[j], SSL3_RT_HEADER_LENGTH);
if (create_empty_fragment) {
@ -859,11 +856,9 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
/* now let's set up wb */
SSL3_BUFFER_set_left(&s->rlayer.wbuf[j],
prefix_len + SSL3_RECORD_get_length(&wr[j]));
prefix_len + SSL3_RECORD_get_length(&wr[j]));
}
/*
* memorize arguments so that ssl3_write_pending can detect bad write
* retries later
@ -899,17 +894,17 @@ int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
for (;;) {
/* Loop until we find a buffer we haven't written out yet */
if (SSL3_BUFFER_get_left(&wb[currbuf]) == 0
&& currbuf < s->rlayer.numwpipes - 1) {
&& currbuf < s->rlayer.numwpipes - 1) {
currbuf++;
continue;
}
clear_sys_error();
if (s->wbio != NULL) {
s->rwstate = SSL_WRITING;
i = BIO_write(s->wbio,
(char *)&(SSL3_BUFFER_get_buf(&wb[currbuf])[
SSL3_BUFFER_get_offset(&wb[currbuf])]),
(unsigned int)SSL3_BUFFER_get_left(&wb[currbuf]));
i = BIO_write(s->wbio, (char *)
&(SSL3_BUFFER_get_buf(&wb[currbuf])
[SSL3_BUFFER_get_offset(&wb[currbuf])]),
(unsigned int)SSL3_BUFFER_get_left(&wb[currbuf]));
} else {
SSLerr(SSL_F_SSL3_WRITE_PENDING, SSL_R_BIO_NOT_SET);
i = -1;
@ -1059,7 +1054,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
/* Skip over any records we have already read */
for (curr_rec = 0;
curr_rec < num_recs && SSL3_RECORD_is_read(&rr[curr_rec]);
curr_rec++);
curr_rec++) ;
if (curr_rec == num_recs) {
RECORD_LAYER_set_numrpipes(&s->rlayer, 0);
num_recs = 0;
@ -1089,8 +1084,8 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
}
if (type == SSL3_RECORD_get_type(rr)
|| (SSL3_RECORD_get_type(rr) == SSL3_RT_CHANGE_CIPHER_SPEC
&& type == SSL3_RT_HANDSHAKE && recvd_type != NULL)) {
|| (SSL3_RECORD_get_type(rr) == SSL3_RT_CHANGE_CIPHER_SPEC
&& type == SSL3_RT_HANDSHAKE && recvd_type != NULL)) {
/*
* SSL3_RT_APPLICATION_DATA or
* SSL3_RT_HANDSHAKE or
@ -1108,8 +1103,8 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
}
if (type == SSL3_RT_HANDSHAKE
&& SSL3_RECORD_get_type(rr) == SSL3_RT_CHANGE_CIPHER_SPEC
&& s->rlayer.handshake_fragment_len > 0) {
&& SSL3_RECORD_get_type(rr) == SSL3_RT_CHANGE_CIPHER_SPEC
&& s->rlayer.handshake_fragment_len > 0) {
al = SSL_AD_UNEXPECTED_MESSAGE;
SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_CCS_RECEIVED_EARLY);
goto f_err;
@ -1152,8 +1147,8 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
goto start;
}
if (!peek && curr_rec == num_recs
&& (s->mode & SSL_MODE_RELEASE_BUFFERS)
&& SSL3_BUFFER_get_left(rbuf) == 0)
&& (s->mode & SSL_MODE_RELEASE_BUFFERS)
&& SSL3_BUFFER_get_left(rbuf) == 0)
ssl3_release_read_buffer(s);
return read_bytes;
}
@ -1186,7 +1181,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
}
if (s->method->version == TLS_ANY_VERSION
&& (s->server || rr->type != SSL3_RT_ALERT)) {
&& (s->server || rr->type != SSL3_RT_ALERT)) {
/*
* If we've got this far and still haven't decided on what version
* we're using then this must be a client side alert we're dealing with
@ -1273,8 +1268,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
if (i < 0)
return (i);
if (i == 0) {
SSLerr(SSL_F_SSL3_READ_BYTES,
SSL_R_SSL_HANDSHAKE_FAILURE);
SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE);
return (-1);
}
@ -1405,7 +1399,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
* Unexpected handshake message (Client Hello, or protocol violation)
*/
if ((s->rlayer.handshake_fragment_len >= 4)
&& !ossl_statem_get_in_handshake(s)) {
&& !ossl_statem_get_in_handshake(s)) {
if (SSL_is_init_finished(s) &&
!(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)) {
ossl_statem_set_in_init(s, 1);

34
ssl/record/record.h
View file

@ -33,46 +33,36 @@ typedef struct ssl3_record_st {
/* Record layer version */
/* r */
int rec_version;
/* type of record */
/* r */
int type;
/* How many bytes available */
/* rw */
unsigned int length;
/*
* How many bytes were available before padding was removed? This is used
* to implement the MAC check in constant time for CBC records.
*/
/* rw */
unsigned int orig_len;
/* read/write offset into 'buf' */
/* r */
unsigned int off;
/* pointer to the record data */
/* rw */
unsigned char *data;
/* where the decode bytes are */
/* rw */
unsigned char *input;
/* only used with decompression - malloc()ed */
/* r */
unsigned char *comp;
/* Whether the data from this record has already been read or not */
/* r */
unsigned int read;
/* epoch number, needed by DTLS1 */
/* r */
unsigned long epoch;
/* sequence number, needed by DTLS1 */
/* r */
unsigned char seq_num[SEQ_NUM_SIZE];
@ -81,7 +71,6 @@ typedef struct ssl3_record_st {
typedef struct dtls1_bitmap_st {
/* Track 32 packets on 32-bit systems and 64 - on 64-bit systems */
unsigned long map;
/* Max record number seen so far, 64-bit value in big-endian encoding */
unsigned char max_seq_num[SEQ_NUM_SIZE];
} DTLS1_BITMAP;
@ -96,12 +85,11 @@ typedef struct dtls1_record_data_st {
unsigned int packet_length;
SSL3_BUFFER rbuf;
SSL3_RECORD rrec;
# ifndef OPENSSL_NO_SCTP
#ifndef OPENSSL_NO_SCTP
struct bio_dgram_sctp_rcvinfo recordinfo;
# endif
#endif
} DTLS1_RECORD_DATA;
typedef struct dtls_record_layer_st {
/*
* The current data and handshake epoch. This is initially
@ -110,12 +98,10 @@ typedef struct dtls_record_layer_st {
*/
unsigned short r_epoch;
unsigned short w_epoch;
/* records being received in the current epoch */
DTLS1_BITMAP bitmap;
/* renegotiation starts a new set of sequence numbers */
DTLS1_BITMAP next_bitmap;
/* Received handshake records (processed and unprocessed) */
record_pqueue unprocessed_rcds;
record_pqueue processed_rcds;
@ -133,7 +119,6 @@ typedef struct dtls_record_layer_st {
unsigned int alert_fragment_len;
unsigned char handshake_fragment[DTLS1_HM_HEADER_LENGTH];
unsigned int handshake_fragment_len;
/* save last and current sequence numbers for retransmissions */
unsigned char last_write_sequence[8];
unsigned char curr_write_sequence[8];
@ -157,7 +142,6 @@ typedef struct record_layer_st {
int read_ahead;
/* where we are when reading */
int rstate;
/* How many pipelines can be used to read data */
unsigned int numrpipes;
/* How many pipelines can be used to write data */
@ -168,14 +152,11 @@ typedef struct record_layer_st {
SSL3_BUFFER wbuf[SSL_MAX_PIPELINES];
/* each decoded record goes in here */
SSL3_RECORD rrec[SSL_MAX_PIPELINES];
/* used internally to point at a raw packet */
unsigned char *packet;
unsigned int packet_length;
/* number of bytes sent so far */
unsigned int wnum;
/*
* storage for Alert/Handshake protocol data received but not yet
* processed by ssl3_read_bytes:
@ -184,10 +165,8 @@ typedef struct record_layer_st {
unsigned int alert_fragment_len;
unsigned char handshake_fragment[4];
unsigned int handshake_fragment_len;
/* The number of consecutive empty records we have received */
unsigned int empty_record_count;
/* partial write - check the numbers match */
/* number bytes written */
int wpend_tot;
@ -195,17 +174,13 @@ typedef struct record_layer_st {
/* number of bytes submitted */
int wpend_ret;
const unsigned char *wpend_buf;
unsigned char read_sequence[SEQ_NUM_SIZE];
unsigned char write_sequence[SEQ_NUM_SIZE];
/* Set to true if this is the first record in a connection */
unsigned int is_first_record;
DTLS_RECORD_LAYER *d;
} RECORD_LAYER;
/*****************************************************************************
* *
* The following macros/functions represent the libssl internal API to the *
@ -247,7 +222,7 @@ __owur int ssl3_setup_buffers(SSL *s);
__owur int ssl3_enc(SSL *s, SSL3_RECORD *inrecs, unsigned int n_recs, int send);
__owur int n_ssl3_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int send);
__owur int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
unsigned int len);
unsigned int len);
__owur int tls1_enc(SSL *s, SSL3_RECORD *recs, unsigned int n_recs, int send);
__owur int tls1_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int send);
int DTLS_RECORD_LAYER_new(RECORD_LAYER *rl);
@ -261,6 +236,5 @@ __owur int dtls1_read_bytes(SSL *s, int type, int *recvd_type,
unsigned char *buf, int len, int peek);
__owur int dtls1_write_bytes(SSL *s, int type, const void *buf, int len);
__owur int do_dtls1_write(SSL *s, int type, const unsigned char *buf,
unsigned int len, int create_empty_fragement);
unsigned int len, int create_empty_fragement);
void dtls1_reset_seq_numbers(SSL *s, int rw);

12
ssl/record/record_locl.h
View file

@ -40,11 +40,10 @@ __owur int ssl3_read_n(SSL *s, int n, int max, int extend, int clearold);
void RECORD_LAYER_set_write_sequence(RECORD_LAYER *rl, const unsigned char *ws);
DTLS1_BITMAP *dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr,
unsigned int *is_next_epoch);
unsigned int *is_next_epoch);
int dtls1_process_buffered_records(SSL *s);
int dtls1_retrieve_buffered_record(SSL *s, record_pqueue *queue);
int dtls1_buffer_record(SSL *s, record_pqueue *q,
unsigned char *priority);
int dtls1_buffer_record(SSL *s, record_pqueue *q, unsigned char *priority);
void ssl3_record_sequence_update(unsigned char *seq);
/* Functions provided by the DTLS1_BITMAP component */
@ -52,7 +51,6 @@ void ssl3_record_sequence_update(unsigned char *seq);
int dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap);
void dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap);
/* Macros/functions provided by the SSL3_BUFFER component */
#define SSL3_BUFFER_get_buf(b) ((b)->buf)
@ -108,9 +106,9 @@ __owur int ssl3_do_uncompress(SSL *ssl, SSL3_RECORD *rr);
void ssl3_cbc_copy_mac(unsigned char *out,
const SSL3_RECORD *rec, unsigned md_size);
__owur int ssl3_cbc_remove_padding(SSL3_RECORD *rec,
unsigned block_size, unsigned mac_size);
unsigned block_size, unsigned mac_size);
__owur int tls1_cbc_remove_padding(const SSL *s,
SSL3_RECORD *rec,
unsigned block_size, unsigned mac_size);
SSL3_RECORD *rec,
unsigned block_size, unsigned mac_size);
int dtls1_process_record(SSL *s);
__owur int dtls1_get_record(SSL *s);

88
ssl/record/ssl3_record.c
View file

@ -61,7 +61,6 @@ void SSL3_RECORD_set_seq_num(SSL3_RECORD *r, const unsigned char *seq_num)
memcpy(r->seq_num, seq_num, SEQ_NUM_SIZE);
}
/*
* Peeks ahead into "read_ahead" data to see if we have a whole record waiting
* for us in the buffer.
@ -151,9 +150,10 @@ int ssl3_get_record(SSL *s)
(RECORD_LAYER_get_packet_length(&s->rlayer)
< SSL3_RT_HEADER_LENGTH)) {
n = ssl3_read_n(s, SSL3_RT_HEADER_LENGTH,
SSL3_BUFFER_get_len(rbuf), 0, num_recs == 0 ? 1 : 0);
SSL3_BUFFER_get_len(rbuf), 0,
num_recs == 0 ? 1 : 0);
if (n <= 0)
return (n); /* error or non-blocking */
return (n); /* error or non-blocking */
RECORD_LAYER_set_rstate(&s->rlayer, SSL_ST_READ_BODY);
p = RECORD_LAYER_get_packet(&s->rlayer);
@ -162,7 +162,7 @@ int ssl3_get_record(SSL *s)
* The first record received by the server may be a V2ClientHello.
*/
if (s->server && RECORD_LAYER_is_first_record(&s->rlayer)
&& (p[0] & 0x80) && (p[2] == SSL2_MT_CLIENT_HELLO)) {
&& (p[0] & 0x80) && (p[2] == SSL2_MT_CLIENT_HELLO)) {
/*
* SSLv2 style record
*
@ -178,7 +178,7 @@ int ssl3_get_record(SSL *s)
rr[num_recs].length = ((p[0] & 0x7f) << 8) | p[1];
if (rr[num_recs].length > SSL3_BUFFER_get_len(rbuf)
- SSL2_RT_HEADER_LENGTH) {
- SSL2_RT_HEADER_LENGTH) {
al = SSL_AD_RECORD_OVERFLOW;
SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_PACKET_LENGTH_TOO_LONG);
goto f_err;
@ -217,7 +217,7 @@ int ssl3_get_record(SSL *s)
* shouldn't send a fatal alert back. We'll just
* end.
*/
goto err;
goto err;
}
/*
* Send back error using their minor version number :-)
@ -258,7 +258,7 @@ int ssl3_get_record(SSL *s)
}
if (rr[num_recs].length >
SSL3_BUFFER_get_len(rbuf) - SSL3_RT_HEADER_LENGTH) {
SSL3_BUFFER_get_len(rbuf) - SSL3_RT_HEADER_LENGTH) {
al = SSL_AD_RECORD_OVERFLOW;
SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_PACKET_LENGTH_TOO_LONG);
goto f_err;
@ -284,7 +284,7 @@ int ssl3_get_record(SSL *s)
n = ssl3_read_n(s, i, i, 1, 0);
if (n <= 0)
return (n); /* error or non-blocking io */
return (n); /* error or non-blocking io */
}
/* set state for later operations */
@ -335,14 +335,13 @@ int ssl3_get_record(SSL *s)
RECORD_LAYER_reset_packet_length(&s->rlayer);
RECORD_LAYER_clear_first_record(&s->rlayer);
} while (num_recs < max_recs
&& rr[num_recs-1].type == SSL3_RT_APPLICATION_DATA
&& rr[num_recs - 1].type == SSL3_RT_APPLICATION_DATA
&& SSL_USE_EXPLICIT_IV(s)
&& s->enc_read_ctx != NULL
&& (EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(s->enc_read_ctx))
& EVP_CIPH_FLAG_PIPELINE)
& EVP_CIPH_FLAG_PIPELINE)
&& ssl3_record_app_data_waiting(s));
/*
* If in encrypt-then-mac mode calculate mac from encrypted record. All
* the details below are public so no timing details can leak.
@ -402,7 +401,7 @@ int ssl3_get_record(SSL *s)
mac_size = EVP_MD_CTX_size(s->read_hash);
OPENSSL_assert(mac_size <= EVP_MAX_MD_SIZE);
for (j=0; j < num_recs; j++) {
for (j = 0; j < num_recs; j++) {
/*
* orig_len is the length of the record before any padding was
* removed. This is public information, as is the MAC in use,
@ -495,7 +494,7 @@ int ssl3_get_record(SSL *s)
if (rr[j].length == 0) {
RECORD_LAYER_inc_empty_record_count(&s->rlayer);
if (RECORD_LAYER_get_empty_record_count(&s->rlayer)
> MAX_EMPTY_RECORDS) {
> MAX_EMPTY_RECORDS) {
al = SSL_AD_UNEXPECTED_MESSAGE;
SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_RECORD_TOO_SMALL);
goto f_err;
@ -527,8 +526,7 @@ int ssl3_do_uncompress(SSL *ssl, SSL3_RECORD *rr)
return 0;
i = COMP_expand_block(ssl->expand, rr->comp,
SSL3_RT_MAX_PLAIN_LENGTH, rr->data,
(int)rr->length);
SSL3_RT_MAX_PLAIN_LENGTH, rr->data, (int)rr->length);
if (i < 0)
return 0;
else
@ -709,7 +707,7 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, unsigned int n_recs, int send)
if (n_recs > 1) {
if (!(EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ds))
& EVP_CIPH_FLAG_PIPELINE)) {
& EVP_CIPH_FLAG_PIPELINE)) {
/*
* We shouldn't have been called with pipeline data if the
* cipher doesn't support pipelining
@ -722,7 +720,7 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, unsigned int n_recs, int send)
reclen[ctr] = recs[ctr].length;
if (EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ds))
& EVP_CIPH_FLAG_AEAD_CIPHER) {
& EVP_CIPH_FLAG_AEAD_CIPHER) {
unsigned char *seq;
seq = send ? RECORD_LAYER_get_write_sequence(&s->rlayer)
@ -786,7 +784,7 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, unsigned int n_recs, int send)
data[ctr] = recs[ctr].data;
}
if (EVP_CIPHER_CTX_ctrl(ds, EVP_CTRL_SET_PIPELINE_OUTPUT_BUFS,
n_recs, data) <= 0) {
n_recs, data) <= 0) {
SSLerr(SSL_F_TLS1_ENC, SSL_R_PIPELINE_FAILURE);
}
/* Set the input buffers */
@ -794,9 +792,9 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, unsigned int n_recs, int send)
data[ctr] = recs[ctr].input;
}
if (EVP_CIPHER_CTX_ctrl(ds, EVP_CTRL_SET_PIPELINE_INPUT_BUFS,
n_recs, data) <= 0
n_recs, data) <= 0
|| EVP_CIPHER_CTX_ctrl(ds, EVP_CTRL_SET_PIPELINE_INPUT_LENS,
n_recs, reclen) <= 0) {
n_recs, reclen) <= 0) {
SSLerr(SSL_F_TLS1_ENC, SSL_R_PIPELINE_FAILURE);
return -1;
}
@ -804,7 +802,7 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, unsigned int n_recs, int send)
i = EVP_Cipher(ds, recs[0].data, recs[0].input, reclen[0]);
if ((EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ds))
& EVP_CIPH_FLAG_CUSTOM_CIPHER)
& EVP_CIPH_FLAG_CUSTOM_CIPHER)
? (i < 0)
: (i == 0))
return -1; /* AEAD can fail to verify MAC */
@ -924,18 +922,18 @@ int n_ssl3_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int send)
p = md;
s2n(rec->length, p);
if (EVP_MD_CTX_copy_ex(md_ctx, hash) <= 0
|| EVP_DigestUpdate(md_ctx, mac_sec, md_size) <= 0
|| EVP_DigestUpdate(md_ctx, ssl3_pad_1, npad) <= 0
|| EVP_DigestUpdate(md_ctx, seq, 8) <= 0
|| EVP_DigestUpdate(md_ctx, &rec_char, 1) <= 0
|| EVP_DigestUpdate(md_ctx, md, 2) <= 0
|| EVP_DigestUpdate(md_ctx, rec->input, rec->length) <= 0
|| EVP_DigestFinal_ex(md_ctx, md, NULL) <= 0
|| EVP_MD_CTX_copy_ex(md_ctx, hash) <= 0
|| EVP_DigestUpdate(md_ctx, mac_sec, md_size) <= 0
|| EVP_DigestUpdate(md_ctx, ssl3_pad_2, npad) <= 0
|| EVP_DigestUpdate(md_ctx, md, md_size) <= 0
|| EVP_DigestFinal_ex(md_ctx, md, &md_size_u) <= 0) {
|| EVP_DigestUpdate(md_ctx, mac_sec, md_size) <= 0
|| EVP_DigestUpdate(md_ctx, ssl3_pad_1, npad) <= 0
|| EVP_DigestUpdate(md_ctx, seq, 8) <= 0
|| EVP_DigestUpdate(md_ctx, &rec_char, 1) <= 0
|| EVP_DigestUpdate(md_ctx, md, 2) <= 0
|| EVP_DigestUpdate(md_ctx, rec->input, rec->length) <= 0
|| EVP_DigestFinal_ex(md_ctx, md, NULL) <= 0
|| EVP_MD_CTX_copy_ex(md_ctx, hash) <= 0
|| EVP_DigestUpdate(md_ctx, mac_sec, md_size) <= 0
|| EVP_DigestUpdate(md_ctx, ssl3_pad_2, npad) <= 0
|| EVP_DigestUpdate(md_ctx, md, md_size) <= 0
|| EVP_DigestFinal_ex(md_ctx, md, &md_size_u) <= 0) {
EVP_MD_CTX_reset(md_ctx);
return -1;
}
@ -977,8 +975,7 @@ int tls1_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int send)
mac_ctx = hash;
} else {
hmac = EVP_MD_CTX_new();
if (hmac == NULL
|| !EVP_MD_CTX_copy(hmac, hash))
if (hmac == NULL || !EVP_MD_CTX_copy(hmac, hash))
return -1;
mac_ctx = hmac;
}
@ -1020,8 +1017,8 @@ int tls1_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int send)
}
} else {
if (EVP_DigestSignUpdate(mac_ctx, header, sizeof(header)) <= 0
|| EVP_DigestSignUpdate(mac_ctx, rec->input, rec->length) <= 0
|| EVP_DigestSignFinal(mac_ctx, md, &md_size) <= 0) {
|| EVP_DigestSignUpdate(mac_ctx, rec->input, rec->length) <= 0
|| EVP_DigestSignFinal(mac_ctx, md, &md_size) <= 0) {
EVP_MD_CTX_free(hmac);
return -1;
}
@ -1031,7 +1028,7 @@ int tls1_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int send)
rec->length, rec->orig_len)) {
EVP_MD_CTX_free(hmac);
return -1;
}
}
}
EVP_MD_CTX_free(hmac);
@ -1138,7 +1135,8 @@ int tls1_cbc_remove_padding(const SSL *s,
padding_length = rec->data[rec->length - 1];
if (EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(s->enc_read_ctx)) & EVP_CIPH_FLAG_AEAD_CIPHER) {
if (EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(s->enc_read_ctx)) &
EVP_CIPH_FLAG_AEAD_CIPHER) {
/* padding is already verified */
rec->length -= padding_length + 1;
return 1;
@ -1439,7 +1437,6 @@ int dtls1_process_record(SSL *s)
return (0);
}
/*
* retrieve a buffered record that belongs to the current epoch, ie,
* processed
@ -1487,13 +1484,14 @@ int dtls1_get_record(SSL *s)
if ((RECORD_LAYER_get_rstate(&s->rlayer) != SSL_ST_READ_BODY) ||
(RECORD_LAYER_get_packet_length(&s->rlayer) < DTLS1_RT_HEADER_LENGTH)) {
n = ssl3_read_n(s, DTLS1_RT_HEADER_LENGTH,
SSL3_BUFFER_get_len(&s->rlayer.rbuf), 0, 1);
SSL3_BUFFER_get_len(&s->rlayer.rbuf), 0, 1);
/* read timeout is handled by dtls1_read_bytes */
if (n <= 0)
return (n); /* error or non-blocking */
/* this packet contained a partial record, dump it */
if (RECORD_LAYER_get_packet_length(&s->rlayer) != DTLS1_RT_HEADER_LENGTH) {
if (RECORD_LAYER_get_packet_length(&s->rlayer) !=
DTLS1_RT_HEADER_LENGTH) {
RECORD_LAYER_reset_packet_length(&s->rlayer);
goto again;
}
@ -1573,7 +1571,7 @@ int dtls1_get_record(SSL *s)
bitmap = dtls1_get_bitmap(s, rr, &is_next_epoch);
if (bitmap == NULL) {
rr->length = 0;
RECORD_LAYER_reset_packet_length(&s->rlayer); /* dump this record */
RECORD_LAYER_reset_packet_length(&s->rlayer); /* dump this record */
goto again; /* get another record */
}
#ifndef OPENSSL_NO_SCTP
@ -1603,7 +1601,7 @@ int dtls1_get_record(SSL *s)
if ((SSL_in_init(s) || ossl_statem_get_in_handshake(s))) {
if (dtls1_buffer_record
(s, &(DTLS_RECORD_LAYER_get_unprocessed_rcds(&s->rlayer)),
rr->seq_num) < 0)
rr->seq_num) < 0)
return -1;
/* Mark receipt of record. */
dtls1_record_bitmap_update(s, bitmap);
@ -1615,7 +1613,7 @@ int dtls1_get_record(SSL *s)
if (!dtls1_process_record(s)) {
rr->length = 0;
RECORD_LAYER_reset_packet_length(&s->rlayer); /* dump this record */
RECORD_LAYER_reset_packet_length(&s->rlayer); /* dump this record */
goto again; /* get another record */
}
dtls1_record_bitmap_update(s, bitmap); /* Mark receipt of record. */

30
ssl/s3_cbc.c
View file

@ -26,8 +26,6 @@
*/
#define MAX_HASH_BLOCK_SIZE 128
/*
* u32toLE serialises an unsigned, 32-bit number (n) as four bytes at (p) in
* little-endian order. The value of p is advanced by four.
@ -129,14 +127,14 @@ char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx)
* Returns 1 on success or 0 on error
*/
int ssl3_cbc_digest_record(const EVP_MD_CTX *ctx,
unsigned char *md_out,
size_t *md_out_size,
const unsigned char header[13],
const unsigned char *data,
size_t data_plus_mac_size,
size_t data_plus_mac_plus_padding_size,
const unsigned char *mac_secret,
unsigned mac_secret_length, char is_sslv3)
unsigned char *md_out,
size_t *md_out_size,
const unsigned char header[13],
const unsigned char *data,
size_t data_plus_mac_size,
size_t data_plus_mac_plus_padding_size,
const unsigned char *mac_secret,
unsigned mac_secret_length, char is_sslv3)
{
union {
double align;
@ -461,8 +459,8 @@ int ssl3_cbc_digest_record(const EVP_MD_CTX *ctx,
memset(hmac_pad, 0x5c, sslv3_pad_length);
if (EVP_DigestUpdate(md_ctx, mac_secret, mac_secret_length) <= 0
|| EVP_DigestUpdate(md_ctx, hmac_pad, sslv3_pad_length) <= 0
|| EVP_DigestUpdate(md_ctx, mac_out, md_size) <= 0)
|| EVP_DigestUpdate(md_ctx, hmac_pad, sslv3_pad_length) <= 0
|| EVP_DigestUpdate(md_ctx, mac_out, md_size) <= 0)
goto err;
} else {
/* Complete the HMAC in the standard manner. */
@ -470,7 +468,7 @@ int ssl3_cbc_digest_record(const EVP_MD_CTX *ctx,
hmac_pad[i] ^= 0x6a;
if (EVP_DigestUpdate(md_ctx, hmac_pad, md_block_size) <= 0
|| EVP_DigestUpdate(md_ctx, mac_out, md_size) <= 0)
|| EVP_DigestUpdate(md_ctx, mac_out, md_size) <= 0)
goto err;
}
ret = EVP_DigestFinal(md_ctx, md_out, &md_out_size_u);
@ -479,7 +477,7 @@ int ssl3_cbc_digest_record(const EVP_MD_CTX *ctx,
EVP_MD_CTX_free(md_ctx);
return 1;
err:
err:
EVP_MD_CTX_free(md_ctx);
return 0;
}
@ -491,8 +489,8 @@ err:
*/
int tls_fips_digest_extra(const EVP_CIPHER_CTX *cipher_ctx,
EVP_MD_CTX *mac_ctx, const unsigned char *data,
size_t data_len, size_t orig_len)
EVP_MD_CTX *mac_ctx, const unsigned char *data,
size_t data_len, size_t orig_len)
{
size_t block_size, digest_pad, blocks_data, blocks_orig;
if (EVP_CIPHER_CTX_mode(cipher_ctx) != EVP_CIPH_CBC_MODE)

50
ssl/s3_enc.c
View file

@ -140,8 +140,8 @@ int ssl3_change_cipher_state(SSL *s, int which)
dd = s->enc_read_ctx;
if (ssl_replace_hash(&s->read_hash, m) == NULL) {
SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR);
goto err2;
SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR);
goto err2;
}
#ifndef OPENSSL_NO_COMP
/* COMPRESS */
@ -170,8 +170,8 @@ int ssl3_change_cipher_state(SSL *s, int which)
EVP_CIPHER_CTX_reset(s->enc_write_ctx);
dd = s->enc_write_ctx;
if (ssl_replace_hash(&s->write_hash, m) == NULL) {
SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR);
goto err2;
SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR);
goto err2;
}
#ifndef OPENSSL_NO_COMP
/* COMPRESS */
@ -374,7 +374,8 @@ int ssl3_digest_cached_records(SSL *s, int keep)
if (s->s3->handshake_dgst == NULL) {
hdatalen = BIO_get_mem_data(s->s3->handshake_buffer, &hdata);
if (hdatalen <= 0) {
SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS, SSL_R_BAD_HANDSHAKE_LENGTH);
SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS,
SSL_R_BAD_HANDSHAKE_LENGTH);
return 0;
}
@ -385,10 +386,8 @@ int ssl3_digest_cached_records(SSL *s, int keep)
}
md = ssl_handshake_md(s);
if ( md == NULL
|| !EVP_DigestInit_ex(s->s3->handshake_dgst, md, NULL)
|| !EVP_DigestUpdate(s->s3->handshake_dgst, hdata, hdatalen))
{
if (md == NULL || !EVP_DigestInit_ex(s->s3->handshake_dgst, md, NULL)
|| !EVP_DigestUpdate(s->s3->handshake_dgst, hdata, hdatalen)) {
SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS, ERR_R_INTERNAL_ERROR);
return 0;
}
@ -431,10 +430,10 @@ int ssl3_final_finish_mac(SSL *s, const char *sender, int len, unsigned char *p)
}
if ((sender != NULL && EVP_DigestUpdate(ctx, sender, len) <= 0)
|| EVP_MD_CTX_ctrl(ctx, EVP_CTRL_SSL3_MASTER_SECRET,
s->session->master_key_length,
s->session->master_key) <= 0
|| EVP_DigestFinal_ex(ctx, p, NULL) <= 0) {
|| EVP_MD_CTX_ctrl(ctx, EVP_CTRL_SSL3_MASTER_SECRET,
s->session->master_key_length,
s->session->master_key) <= 0
|| EVP_DigestFinal_ex(ctx, p, NULL) <= 0) {
SSLerr(SSL_F_SSL3_FINAL_FINISH_MAC, ERR_R_INTERNAL_ERROR);
ret = 0;
}
@ -472,19 +471,18 @@ int ssl3_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
}
for (i = 0; i < 3; i++) {
if (EVP_DigestInit_ex(ctx, s->ctx->sha1, NULL) <= 0
|| EVP_DigestUpdate(ctx, salt[i],
strlen((const char *)salt[i])) <= 0
|| EVP_DigestUpdate(ctx, p, len) <= 0
|| EVP_DigestUpdate(ctx, &(s->s3->client_random[0]),
SSL3_RANDOM_SIZE) <= 0
|| EVP_DigestUpdate(ctx, &(s->s3->server_random[0]),
SSL3_RANDOM_SIZE) <= 0
|| EVP_DigestFinal_ex(ctx, buf, &n) <= 0
|| EVP_DigestInit_ex(ctx, s->ctx->md5, NULL) <= 0
|| EVP_DigestUpdate(ctx, p, len) <= 0
|| EVP_DigestUpdate(ctx, buf, n) <= 0
|| EVP_DigestFinal_ex(ctx, out, &n) <= 0) {
|| EVP_DigestUpdate(ctx, salt[i],
strlen((const char *)salt[i])) <= 0
|| EVP_DigestUpdate(ctx, p, len) <= 0
|| EVP_DigestUpdate(ctx, &(s->s3->client_random[0]),
SSL3_RANDOM_SIZE) <= 0
|| EVP_DigestUpdate(ctx, &(s->s3->server_random[0]),
SSL3_RANDOM_SIZE) <= 0
|| EVP_DigestFinal_ex(ctx, buf, &n) <= 0
|| EVP_DigestInit_ex(ctx, s->ctx->md5, NULL) <= 0
|| EVP_DigestUpdate(ctx, p, len) <= 0
|| EVP_DigestUpdate(ctx, buf, n) <= 0
|| EVP_DigestFinal_ex(ctx, out, &n) <= 0) {
SSLerr(SSL_F_SSL3_GENERATE_MASTER_SECRET, ERR_R_INTERNAL_ERROR);
ret = 0;
break;

148
ssl/s3_lib.c
View file

@ -66,8 +66,7 @@
* Cipher families: Chacha/poly, Camellila, Gost, IDEA, SEED
* Weak ciphers
*/
static SSL_CIPHER ssl3_ciphers[] =
{
static SSL_CIPHER ssl3_ciphers[] = {
{
1,
SSL3_TXT_RSA_NULL_MD5,
@ -1135,7 +1134,7 @@ static SSL_CIPHER ssl3_ciphers[] =
256,
256,
},
#endif /* OPENSSL_NO_EC */
#endif /* OPENSSL_NO_EC */
#ifndef OPENSSL_NO_PSK
{
@ -1709,8 +1708,8 @@ static SSL_CIPHER ssl3_ciphers[] =
0,
0,
},
# endif /* OPENSSL_NO_EC */
#endif /* OPENSSL_NO_PSK */
# endif /* OPENSSL_NO_EC */
#endif /* OPENSSL_NO_PSK */
#ifndef OPENSSL_NO_SRP
{
@ -1848,7 +1847,7 @@ static SSL_CIPHER ssl3_ciphers[] =
256,
256,
},
#endif /* OPENSSL_NO_SRP */
#endif /* OPENSSL_NO_SRP */
#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
# ifndef OPENSSL_NO_RSA
@ -1867,7 +1866,7 @@ static SSL_CIPHER ssl3_ciphers[] =
256,
256,
},
# endif /* OPENSSL_NO_RSA */
# endif /* OPENSSL_NO_RSA */
# ifndef OPENSSL_NO_EC
{
@ -1900,7 +1899,7 @@ static SSL_CIPHER ssl3_ciphers[] =
256,
256,
},
# endif /* OPENSSL_NO_EC */
# endif /* OPENSSL_NO_EC */
# ifndef OPENSSL_NO_PSK
{
@ -1963,8 +1962,9 @@ static SSL_CIPHER ssl3_ciphers[] =
256,
256,
},
# endif /* OPENSSL_NO_PSK */
#endif /* !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) */
# endif /* OPENSSL_NO_PSK */
#endif /* !defined(OPENSSL_NO_CHACHA) &&
* !defined(OPENSSL_NO_POLY1305) */
#ifndef OPENSSL_NO_CAMELLIA
{
@ -2222,8 +2222,8 @@ static SSL_CIPHER ssl3_ciphers[] =
SSL_NOT_DEFAULT | SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
128,
128
},
128,
},
{
1,
TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
@ -2237,8 +2237,8 @@ static SSL_CIPHER ssl3_ciphers[] =
SSL_NOT_DEFAULT | SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
256,
256
},
256,
},
{
1,
TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
@ -2252,8 +2252,8 @@ static SSL_CIPHER ssl3_ciphers[] =
SSL_NOT_DEFAULT | SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
128,
128
},
128,
},
{
1,
TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
@ -2267,9 +2267,9 @@ static SSL_CIPHER ssl3_ciphers[] =
SSL_NOT_DEFAULT | SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
256,
256
},
# endif /* OPENSSL_NO_EC */
256,
},
# endif /* OPENSSL_NO_EC */
# ifndef OPENSSL_NO_PSK
{
@ -2285,8 +2285,8 @@ static SSL_CIPHER ssl3_ciphers[] =
SSL_NOT_DEFAULT | SSL_HIGH,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
128
},
128,
},
{
1,
TLS1_TXT_PSK_WITH_CAMELLIA_256_CBC_SHA384,
@ -2300,8 +2300,8 @@ static SSL_CIPHER ssl3_ciphers[] =
SSL_NOT_DEFAULT | SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
256,
256
},
256,
},
{
1,
TLS1_TXT_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
@ -2315,8 +2315,8 @@ static SSL_CIPHER ssl3_ciphers[] =
SSL_NOT_DEFAULT | SSL_HIGH,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
128
},
128,
},
{
1,
TLS1_TXT_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
@ -2330,8 +2330,8 @@ static SSL_CIPHER ssl3_ciphers[] =
SSL_NOT_DEFAULT | SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
256,
256
},
256,
},
{
1,
TLS1_TXT_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
@ -2345,8 +2345,8 @@ static SSL_CIPHER ssl3_ciphers[] =
SSL_NOT_DEFAULT | SSL_HIGH,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
128
},
128,
},
{
1,
TLS1_TXT_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
@ -2360,8 +2360,8 @@ static SSL_CIPHER ssl3_ciphers[] =
SSL_NOT_DEFAULT | SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
256,
256
},
256,
},
{
1,
TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
@ -2375,8 +2375,8 @@ static SSL_CIPHER ssl3_ciphers[] =
SSL_NOT_DEFAULT | SSL_HIGH,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
128
},
128,
},
{
1,
TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
@ -2390,11 +2390,11 @@ static SSL_CIPHER ssl3_ciphers[] =
SSL_NOT_DEFAULT | SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
256,
256
},
# endif /* OPENSSL_NO_PSK */
256,
},
# endif /* OPENSSL_NO_PSK */
#endif /* OPENSSL_NO_CAMELLIA */
#endif /* OPENSSL_NO_CAMELLIA */
#ifndef OPENSSL_NO_GOST
{
@ -2410,8 +2410,8 @@ static SSL_CIPHER ssl3_ciphers[] =
SSL_HIGH,
SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94 | TLS1_STREAM_MAC,
256,
256
},
256,
},
{
1,
"GOST2001-NULL-GOST94",
@ -2425,8 +2425,8 @@ static SSL_CIPHER ssl3_ciphers[] =
SSL_STRONG_NONE,
SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94,
0,
0
},
0,
},
{
1,
"GOST2012-GOST8912-GOST8912",
@ -2440,8 +2440,8 @@ static SSL_CIPHER ssl3_ciphers[] =
SSL_HIGH,
SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
256,
256
},
256,
},
{
1,
"GOST2012-NULL-GOST12",
@ -2455,8 +2455,9 @@ static SSL_CIPHER ssl3_ciphers[] =
SSL_STRONG_NONE,
SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
0,
0},
#endif /* OPENSSL_NO_GOST */
0,
},
#endif /* OPENSSL_NO_GOST */
#ifndef OPENSSL_NO_IDEA
{
@ -2537,7 +2538,7 @@ static SSL_CIPHER ssl3_ciphers[] =
128,
128,
},
#endif /* OPENSSL_NO_SEED */
#endif /* OPENSSL_NO_SEED */
#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
{
@ -2647,7 +2648,7 @@ static SSL_CIPHER ssl3_ciphers[] =
128,
128,
},
# endif /* OPENSSL_NO_EC */
# endif /* OPENSSL_NO_EC */
# ifndef OPENSSL_NO_PSK
{
@ -2695,13 +2696,12 @@ static SSL_CIPHER ssl3_ciphers[] =
128,
128,
},
# endif /* OPENSSL_NO_PSK */
# endif /* OPENSSL_NO_PSK */
#endif /* OPENSSL_NO_WEAK_SSL_CIPHERS */
#endif /* OPENSSL_NO_WEAK_SSL_CIPHERS */
};
static int cipher_compare(const void *a, const void *b)
{
const SSL_CIPHER *ap = (const SSL_CIPHER *)a;
@ -2716,7 +2716,6 @@ void ssl_sort_cipher_list(void)
cipher_compare);
}
const SSL3_ENC_METHOD SSLv3_enc_data = {
ssl3_enc,
n_ssl3_mac,
@ -2767,7 +2766,7 @@ int ssl3_set_handshake_header(SSL *s, int htype, unsigned long len)
s->init_num = (int)len + SSL3_HM_HEADER_LENGTH;
s->init_off = 0;
return 1;
return 1;
}
int ssl3_handshake_write(SSL *s)
@ -2785,7 +2784,7 @@ int ssl3_new(SSL *s)
#ifndef OPENSSL_NO_SRP
if (!SSL_SRP_CTX_init(s))
goto err;
goto err;
#endif
s->method->ssl_clear(s);
return (1);
@ -2833,7 +2832,7 @@ void ssl3_clear(SSL *s)
#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
EVP_PKEY_free(s->s3->tmp.pkey);
EVP_PKEY_free(s->s3->peer_tmp);
#endif /* !OPENSSL_NO_EC */
#endif /* !OPENSSL_NO_EC */
ssl3_free_digest_list(s);
@ -2861,8 +2860,7 @@ static char *srp_password_from_info_cb(SSL *s, void *arg)
}
#endif
static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p,
size_t len);
static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len);
long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
{
@ -3102,13 +3100,11 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
case SSL_CTRL_SET_CURVES:
return tls1_set_curves(&s->tlsext_ellipticcurvelist,
&s->tlsext_ellipticcurvelist_length,
parg, larg);
&s->tlsext_ellipticcurvelist_length, parg, larg);
case SSL_CTRL_SET_CURVES_LIST:
return tls1_set_curves_list(&s->tlsext_ellipticcurvelist,
&s->tlsext_ellipticcurvelist_length,
parg);
&s->tlsext_ellipticcurvelist_length, parg);
case SSL_CTRL_GET_SHARED_CURVE:
return tls1_shared_curve(s, larg);
@ -3300,7 +3296,8 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
{
unsigned char *keys = parg;
long tlsext_tick_keylen = (sizeof(ctx->tlsext_tick_key_name) +
sizeof(ctx->tlsext_tick_hmac_key) + sizeof(ctx->tlsext_tick_aes_key));
sizeof(ctx->tlsext_tick_hmac_key) +
sizeof(ctx->tlsext_tick_aes_key));
if (keys == NULL)
return tlsext_tick_keylen;
if (larg != tlsext_tick_keylen) {
@ -3314,7 +3311,8 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
keys + sizeof(ctx->tlsext_tick_key_name),
sizeof(ctx->tlsext_tick_hmac_key));
memcpy(ctx->tlsext_tick_aes_key,
keys + sizeof(ctx->tlsext_tick_key_name) + sizeof(ctx->tlsext_tick_hmac_key),
keys + sizeof(ctx->tlsext_tick_key_name) +
sizeof(ctx->tlsext_tick_hmac_key),
sizeof(ctx->tlsext_tick_aes_key));
} else {
memcpy(keys, ctx->tlsext_tick_key_name,
@ -3322,7 +3320,8 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
memcpy(keys + sizeof(ctx->tlsext_tick_key_name),
ctx->tlsext_tick_hmac_key,
sizeof(ctx->tlsext_tick_hmac_key));
memcpy(keys + sizeof(ctx->tlsext_tick_key_name) + sizeof(ctx->tlsext_tick_hmac_key),
memcpy(keys + sizeof(ctx->tlsext_tick_key_name) +
sizeof(ctx->tlsext_tick_hmac_key),
ctx->tlsext_tick_aes_key,
sizeof(ctx->tlsext_tick_aes_key));
}
@ -3355,8 +3354,7 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
ctx->srp_ctx.login = NULL;
if (parg == NULL)
break;
if (strlen((const char *)parg) > 255
|| strlen((const char *)parg) < 1) {
if (strlen((const char *)parg) > 255 || strlen((const char *)parg) < 1) {
SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_SRP_USERNAME);
return 0;
}
@ -3560,7 +3558,7 @@ int ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
* Returns the selected cipher or NULL when no common ciphers.
*/
const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
STACK_OF(SSL_CIPHER) *srvr)
STACK_OF(SSL_CIPHER) *srvr)
{
const SSL_CIPHER *c, *ret = NULL;
STACK_OF(SSL_CIPHER) *prio, *allow;
@ -3611,11 +3609,11 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
/* Skip ciphers not supported by the protocol version */
if (!SSL_IS_DTLS(s) &&
((s->version < c->min_tls) || (s->version > c->max_tls)))
((s->version < c->min_tls) || (s->version > c->max_tls)))
continue;
if (SSL_IS_DTLS(s) &&
(DTLS_VERSION_LT(s->version, c->min_dtls) ||
DTLS_VERSION_GT(s->version, c->max_dtls)))
(DTLS_VERSION_LT(s->version, c->min_dtls) ||
DTLS_VERSION_GT(s->version, c->max_dtls)))
continue;
mask_k = s->s3->tmp.mask_k;
@ -3642,14 +3640,14 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
alg_a, mask_k, mask_a, (void *)c, c->name);
#endif
# ifndef OPENSSL_NO_EC
#ifndef OPENSSL_NO_EC
/*
* if we are considering an ECC cipher suite that uses an ephemeral
* EC key check it
*/
if (alg_k & SSL_kECDHE)
ok = ok && tls1_check_ec_tmp_key(s, c->id);
# endif /* OPENSSL_NO_EC */
#endif /* OPENSSL_NO_EC */
if (!ok)
continue;
@ -3803,8 +3801,7 @@ int ssl3_write(SSL *s, const void *buf, int len)
if (s->s3->renegotiate)
ssl3_renegotiate_check(s);
return s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA,
buf, len);
return s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len);
}
static int ssl3_read_internal(SSL *s, void *buf, int len, int peek)
@ -4040,11 +4037,12 @@ EVP_PKEY *ssl_generate_pkey_curve(int id)
pkey = NULL;
}
err:
err:
EVP_PKEY_CTX_free(pctx);
return pkey;
}
#endif
/* Derive premaster or master secret for ECDH/DH */
int ssl_derive(SSL *s, EVP_PKEY *privkey, EVP_PKEY *pubkey)
{
@ -4083,7 +4081,7 @@ int ssl_derive(SSL *s, EVP_PKEY *privkey, EVP_PKEY *pubkey)
rv = 1;
}
err:
err:
OPENSSL_clear_free(pms, pmslen);
EVP_PKEY_CTX_free(pctx);
return rv;

3
ssl/s3_msg.c
View file

@ -24,8 +24,7 @@ int ssl3_do_change_cipher_spec(SSL *s)
if (s->s3->tmp.key_block == NULL) {
if (s->session == NULL || s->session->master_key_length == 0) {
/* might happen if dtls1_read_bytes() calls this */
SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC,
SSL_R_CCS_RECEIVED_EARLY);
SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC, SSL_R_CCS_RECEIVED_EARLY);
return (0);
}

2
ssl/ssl_asn1.c
View file

@ -359,7 +359,7 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
*pp = p;
return ret;
err:
err:
M_ASN1_free_of(as, SSL_SESSION_ASN1);
if ((a == NULL) || (*a != ret))
SSL_SESSION_free(ret);

41
ssl/ssl_cert.c
View file

@ -31,8 +31,8 @@
#include "ssl_locl.h"
#include "internal/thread_once.h"
static int ssl_security_default_callback(const SSL *s, const SSL_CTX *ctx, int op,
int bits, int nid, void *other,
static int ssl_security_default_callback(const SSL *s, const SSL_CTX *ctx,
int op, int bits, int nid, void *other,
void *ex);
static CRYPTO_ONCE ssl_x509_store_ctx_once = CRYPTO_ONCE_STATIC_INIT;
@ -41,8 +41,8 @@ static volatile int ssl_x509_store_ctx_idx = -1;
DEFINE_RUN_ONCE_STATIC(ssl_x509_store_ctx_init)
{
ssl_x509_store_ctx_idx = X509_STORE_CTX_get_ex_new_index(0,
"SSL for verify callback",
NULL, NULL, NULL);
"SSL for verify callback",
NULL, NULL, NULL);
return ssl_x509_store_ctx_idx >= 0;
}
@ -96,7 +96,6 @@ CERT *ssl_cert_dup(CERT *cert)
OPENSSL_free(ret);
return NULL;
}
#ifndef OPENSSL_NO_DH
if (cert->dh_tmp != NULL) {
ret->dh_tmp = cert->dh_tmp;
@ -134,11 +133,9 @@ CERT *ssl_cert_dup(CERT *cert)
SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_MALLOC_FAILURE);
goto err;
}
ret->pkeys[i].serverinfo_length =
cert->pkeys[i].serverinfo_length;
ret->pkeys[i].serverinfo_length = cert->pkeys[i].serverinfo_length;
memcpy(ret->pkeys[i].serverinfo,
cert->pkeys[i].serverinfo,
cert->pkeys[i].serverinfo_length);
cert->pkeys[i].serverinfo, cert->pkeys[i].serverinfo_length);
}
}
@ -412,7 +409,8 @@ int ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk)
/* Set suite B flags if needed */
X509_STORE_CTX_set_flags(ctx, tls1_suiteb(s));
if (!X509_STORE_CTX_set_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx(), s)) {
if (!X509_STORE_CTX_set_ex_data
(ctx, SSL_get_ex_data_X509_STORE_CTX_idx(), s)) {
goto end;
}
@ -454,7 +452,7 @@ int ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk)
/* Move peername from the store context params to the SSL handle's */
X509_VERIFY_PARAM_move_peername(s->param, param);
end:
end:
X509_STORE_CTX_free(ctx);
return i;
}
@ -505,7 +503,7 @@ STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *ctx)
STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s)
{
if (!s->server) { /* we are in the client */
if (!s->server) { /* we are in the client */
if (((s->version >> 8) == SSL3_VERSION_MAJOR) && (s->s3 != NULL))
return (s->s3->tmp.ca_names);
else
@ -576,8 +574,7 @@ STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file)
X509 *x = NULL;
X509_NAME *xn = NULL;
STACK_OF(X509_NAME) *ret = NULL;
LHASH_OF(X509_NAME) *name_hash =
lh_X509_NAME_new(xname_hash, xname_cmp);
LHASH_OF(X509_NAME) *name_hash = lh_X509_NAME_new(xname_hash, xname_cmp);
if ((name_hash == NULL) || (in == NULL)) {
SSLerr(SSL_F_SSL_LOAD_CLIENT_CA_FILE, ERR_R_MALLOC_FAILURE);
@ -651,8 +648,7 @@ int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
in = BIO_new(BIO_s_file());
if (in == NULL) {
SSLerr(SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK,
ERR_R_MALLOC_FAILURE);
SSLerr(SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK, ERR_R_MALLOC_FAILURE);
goto err;
}
@ -806,7 +802,7 @@ int ssl_add_cert_chain(SSL *s, CERT_PKEY *cpk, unsigned long *l)
chain_store = s->ctx->cert_store;
if (chain_store) {
X509_STORE_CTX* xs_ctx = X509_STORE_CTX_new();
X509_STORE_CTX *xs_ctx = X509_STORE_CTX_new();
if (xs_ctx == NULL) {
SSLerr(SSL_F_SSL_ADD_CERT_CHAIN, ERR_R_MALLOC_FAILURE);
@ -823,10 +819,10 @@ int ssl_add_cert_chain(SSL *s, CERT_PKEY *cpk, unsigned long *l)
* ignore the error return from this call. We're not actually verifying
* the cert - we're just building as much of the chain as we can
*/
(void) X509_verify_cert(xs_ctx);
(void)X509_verify_cert(xs_ctx);
/* Don't leave errors in the queue */
ERR_clear_error();
chain = X509_STORE_CTX_get0_chain(xs_ctx);
chain = X509_STORE_CTX_get0_chain(xs_ctx);
i = ssl_security_cert_chain(s, chain, NULL, 0);
if (i != 1) {
#if 0
@ -892,8 +888,7 @@ int ssl_build_cert_chain(SSL *s, SSL_CTX *ctx, int flags)
if (!X509_STORE_add_cert(chain_store, x)) {
error = ERR_peek_last_error();
if (ERR_GET_LIB(error) != ERR_LIB_X509 ||
ERR_GET_REASON(error) !=
X509_R_CERT_ALREADY_IN_HASH_TABLE)
ERR_GET_REASON(error) != X509_R_CERT_ALREADY_IN_HASH_TABLE)
goto err;
ERR_clear_error();
}
@ -1001,8 +996,8 @@ int ssl_cert_set_cert_store(CERT *c, X509_STORE *store, int chain, int ref)
return 1;
}
static int ssl_security_default_callback(const SSL *s, const SSL_CTX *ctx, int op,
int bits, int nid, void *other,
static int ssl_security_default_callback(const SSL *s, const SSL_CTX *ctx,
int op, int bits, int nid, void *other,
void *ex)
{
int level, minbits;

104
ssl/ssl_ciph.c
View file

@ -131,9 +131,9 @@ static const ssl_cipher_table ssl_cipher_table_mac[SSL_MD_NUM_IDX] = {
{SSL_GOST89MAC, NID_id_Gost28147_89_MAC}, /* SSL_MD_GOST89MAC_IDX 3 */
{SSL_SHA256, NID_sha256}, /* SSL_MD_SHA256_IDX 4 */
{SSL_SHA384, NID_sha384}, /* SSL_MD_SHA384_IDX 5 */
{SSL_GOST12_256, NID_id_GostR3411_2012_256}, /* SSL_MD_GOST12_256_IDX 6 */
{SSL_GOST89MAC12, NID_gost_mac_12}, /* SSL_MD_GOST89MAC12_IDX 7 */
{SSL_GOST12_512, NID_id_GostR3411_2012_512}, /* SSL_MD_GOST12_512_IDX 8 */
{SSL_GOST12_256, NID_id_GostR3411_2012_256}, /* SSL_MD_GOST12_256_IDX 6 */
{SSL_GOST89MAC12, NID_gost_mac_12}, /* SSL_MD_GOST89MAC12_IDX 7 */
{SSL_GOST12_512, NID_id_GostR3411_2012_512}, /* SSL_MD_GOST12_512_IDX 8 */
{0, NID_md5_sha1}, /* SSL_MD_MD5_SHA1_IDX 9 */
{0, NID_sha224}, /* SSL_MD_SHA224_IDX 10 */
{0, NID_sha512} /* SSL_MD_SHA512_IDX 11 */
@ -143,28 +143,30 @@ static const EVP_MD *ssl_digest_methods[SSL_MD_NUM_IDX] = {
NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL
};
/* *INDENT-OFF* */
static const ssl_cipher_table ssl_cipher_table_kx[] = {
{ SSL_kRSA, NID_kx_rsa },
{ SSL_kECDHE, NID_kx_ecdhe },
{ SSL_kDHE, NID_kx_dhe },
{ SSL_kECDHEPSK, NID_kx_ecdhe_psk },
{ SSL_kDHEPSK, NID_kx_dhe_psk },
{ SSL_kRSAPSK, NID_kx_rsa_psk },
{ SSL_kPSK, NID_kx_psk },
{ SSL_kSRP, NID_kx_srp },
{ SSL_kGOST, NID_kx_gost }
{SSL_kRSA, NID_kx_rsa},
{SSL_kECDHE, NID_kx_ecdhe},
{SSL_kDHE, NID_kx_dhe},
{SSL_kECDHEPSK, NID_kx_ecdhe_psk},
{SSL_kDHEPSK, NID_kx_dhe_psk},
{SSL_kRSAPSK, NID_kx_rsa_psk},
{SSL_kPSK, NID_kx_psk},
{SSL_kSRP, NID_kx_srp},
{SSL_kGOST, NID_kx_gost}
};
static const ssl_cipher_table ssl_cipher_table_auth[] = {
{ SSL_aRSA, NID_auth_rsa },
{ SSL_aECDSA, NID_auth_ecdsa },
{ SSL_aPSK, NID_auth_psk },
{ SSL_aDSS, NID_auth_dss },
{ SSL_aGOST01, NID_auth_gost01 },
{ SSL_aGOST12, NID_auth_gost12 },
{ SSL_aSRP, NID_auth_srp },
{ SSL_aNULL, NID_auth_null }
{SSL_aRSA, NID_auth_rsa},
{SSL_aECDSA, NID_auth_ecdsa},
{SSL_aPSK, NID_auth_psk},
{SSL_aDSS, NID_auth_dss},
{SSL_aGOST01, NID_auth_gost01},
{SSL_aGOST12, NID_auth_gost12},
{SSL_aSRP, NID_auth_srp},
{SSL_aNULL, NID_auth_null}
};
/* *INDENT-ON* */
/* Utility function for table lookup */
static int ssl_cipher_info_find(const ssl_cipher_table * table,
@ -286,9 +288,11 @@ static const SSL_CIPHER cipher_aliases[] = {
{0, SSL_TXT_eNULL, 0, 0, 0, SSL_eNULL, 0, 0, 0, 0, 0, 0, 0, 0, 0},
{0, SSL_TXT_GOST, 0, 0, 0, SSL_eGOST2814789CNT | SSL_eGOST2814789CNT12, 0,
0, 0, 0, 0, 0, 0, 0, 0},
{0, SSL_TXT_AES128, 0, 0, 0, SSL_AES128 | SSL_AES128GCM | SSL_AES128CCM | SSL_AES128CCM8, 0,
{0, SSL_TXT_AES128, 0, 0, 0,
SSL_AES128 | SSL_AES128GCM | SSL_AES128CCM | SSL_AES128CCM8, 0,
0, 0, 0, 0, 0, 0, 0, 0},
{0, SSL_TXT_AES256, 0, 0, 0, SSL_AES256 | SSL_AES256GCM | SSL_AES256CCM | SSL_AES256CCM8, 0,
{0, SSL_TXT_AES256, 0, 0, 0,
SSL_AES256 | SSL_AES256GCM | SSL_AES256CCM | SSL_AES256CCM8, 0,
0, 0, 0, 0, 0, 0, 0, 0},
{0, SSL_TXT_AES, 0, 0, 0, SSL_AES, 0, 0, 0, 0, 0, 0, 0, 0, 0},
{0, SSL_TXT_AES_GCM, 0, 0, 0, SSL_AES128GCM | SSL_AES256GCM, 0, 0, 0, 0,
@ -303,7 +307,7 @@ static const SSL_CIPHER cipher_aliases[] = {
{0, SSL_TXT_CAMELLIA256, 0, 0, 0, SSL_CAMELLIA256, 0, 0, 0, 0, 0, 0, 0, 0,
0},
{0, SSL_TXT_CAMELLIA, 0, 0, 0, SSL_CAMELLIA, 0, 0, 0, 0, 0, 0, 0, 0, 0},
{0, SSL_TXT_CHACHA20, 0, 0, 0, SSL_CHACHA20, 0, 0, 0, 0, 0, 0, 0, 0, 0 },
{0, SSL_TXT_CHACHA20, 0, 0, 0, SSL_CHACHA20, 0, 0, 0, 0, 0, 0, 0, 0, 0},
/* MAC aliases */
{0, SSL_TXT_MD5, 0, 0, 0, 0, SSL_MD5, 0, 0, 0, 0, 0, 0, 0, 0},
@ -453,7 +457,8 @@ void ssl_load_ciphers(void)
disabled_mac_mask |= SSL_GOST89MAC;
}
ssl_mac_pkey_id[SSL_MD_GOST89MAC12_IDX] = get_optional_pkey_id("gost-mac-12");
ssl_mac_pkey_id[SSL_MD_GOST89MAC12_IDX] =
get_optional_pkey_id("gost-mac-12");
if (ssl_mac_pkey_id[SSL_MD_GOST89MAC12_IDX]) {
ssl_mac_secret_size[SSL_MD_GOST89MAC12_IDX] = 32;
} else {
@ -469,7 +474,8 @@ void ssl_load_ciphers(void)
/*
* Disable GOST key exchange if no GOST signature algs are available *
*/
if ((disabled_auth_mask & (SSL_aGOST01 | SSL_aGOST12)) == (SSL_aGOST01 | SSL_aGOST12))
if ((disabled_auth_mask & (SSL_aGOST01 | SSL_aGOST12)) ==
(SSL_aGOST01 | SSL_aGOST12))
disabled_mkey_mask |= SSL_kGOST;
}
@ -824,8 +830,8 @@ static void ssl_cipher_apply_rule(uint32_t cipher_id, uint32_t alg_mkey,
#endif
if (rule == CIPHER_DEL || rule == CIPHER_BUMP)
reverse = 1; /* needed to maintain sorting between
* currently deleted ciphers */
reverse = 1; /* needed to maintain sorting between currently
* deleted ciphers */
head = *head_p;
tail = *tail_p;
@ -1057,8 +1063,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
* it is no command or separator nor
* alphanumeric, so we call this an error.
*/
SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR,
SSL_R_INVALID_COMMAND);
SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR, SSL_R_INVALID_COMMAND);
retval = found = 0;
l++;
break;
@ -1216,8 +1221,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
ok = 1;
}
} else
SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR,
SSL_R_INVALID_COMMAND);
SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR, SSL_R_INVALID_COMMAND);
if (ok == 0)
retval = 0;
/*
@ -1293,8 +1297,7 @@ static int check_suiteb_cipher_list(const SSL_METHOD *meth, CERT *c,
}
return 1;
# else
SSLerr(SSL_F_CHECK_SUITEB_CIPHER_LIST,
SSL_R_ECDH_REQUIRED_FOR_SUITEB_MODE);
SSLerr(SSL_F_CHECK_SUITEB_CIPHER_LIST, SSL_R_ECDH_REQUIRED_FOR_SUITEB_MODE);
return 0;
# endif
}
@ -1347,8 +1350,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, STACK
ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers,
disabled_mkey, disabled_auth, disabled_enc,
disabled_mac, co_list, &head,
&tail);
disabled_mac, co_list, &head, &tail);
/* Now arrange all ciphers by preference. */
@ -1366,18 +1368,17 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, STACK
ssl_cipher_apply_rule(0, SSL_kECDHE, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head,
&tail);
/* Within each strength group, we prefer GCM over CHACHA... */
ssl_cipher_apply_rule(0, 0, 0, SSL_AESGCM, 0, 0, 0, CIPHER_ADD, -1,
&head, &tail);
ssl_cipher_apply_rule(0, 0, 0, SSL_CHACHA20, 0, 0, 0, CIPHER_ADD, -1,
&head, &tail);
/*
* ...and generally, our preferred cipher is AES.
* Note that AEADs will be bumped to take preference after sorting by
* strength.
*/
/*
* ...and generally, our preferred cipher is AES.
* Note that AEADs will be bumped to take preference after sorting by
* strength.
*/
ssl_cipher_apply_rule(0, 0, 0, SSL_AES ^ SSL_AESGCM, 0, 0, 0, CIPHER_ADD,
-1, &head, &tail);
@ -1441,9 +1442,9 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, STACK
ssl_cipher_apply_rule(0, 0, 0, 0, SSL_AEAD, 0, 0, CIPHER_BUMP, -1,
&head, &tail);
ssl_cipher_apply_rule(0, SSL_kDHE | SSL_kECDHE, 0, 0, 0, 0, 0,
CIPHER_BUMP, -1, &head, &tail);
CIPHER_BUMP, -1, &head, &tail);
ssl_cipher_apply_rule(0, SSL_kDHE | SSL_kECDHE, 0, 0, SSL_AEAD, 0, 0,
CIPHER_BUMP, -1, &head, &tail);
CIPHER_BUMP, -1, &head, &tail);
/* Now disable everything (maintaining the ordering!) */
ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail);
@ -1485,7 +1486,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, STACK
if (ok && (strlen(rule_p) > 0))
ok = ssl_cipher_process_rulestr(rule_p, &head, &tail, ca_list, c);
OPENSSL_free(ca_list); /* Not needed anymore */
OPENSSL_free(ca_list); /* Not needed anymore */
if (!ok) { /* Rule processing failure */
OPENSSL_free(co_list);
@ -1530,8 +1531,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, STACK
if (*cipher_list_by_id != NULL)
sk_SSL_CIPHER_free(*cipher_list_by_id);
*cipher_list_by_id = tmp_cipher_list;
(void)sk_SSL_CIPHER_set_cmp_func(*cipher_list_by_id,
ssl_cipher_ptr_id_cmp);
(void)sk_SSL_CIPHER_set_cmp_func(*cipher_list_by_id, ssl_cipher_ptr_id_cmp);
sk_SSL_CIPHER_sort(*cipher_list_by_id);
return (cipherstack);
@ -1542,8 +1542,7 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
const char *ver;
const char *kx, *au, *enc, *mac;
uint32_t alg_mkey, alg_auth, alg_enc, alg_mac;
static const char *format =
"%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s\n";
static const char *format = "%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s\n";
if (buf == NULL) {
len = 128;
@ -1753,8 +1752,8 @@ int SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits)
if (c != NULL) {
if (alg_bits != NULL)
*alg_bits = (int) c->alg_bits;
ret = (int) c->strength_bits;
*alg_bits = (int)c->alg_bits;
ret = (int)c->strength_bits;
}
return ret;
}
@ -1785,11 +1784,13 @@ STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void)
{
return NULL;
}
STACK_OF(SSL_COMP) *SSL_COMP_set0_compression_methods(STACK_OF(SSL_COMP)
*meths)
{
return meths;
}
int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm)
{
return 1;
@ -1861,8 +1862,7 @@ int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm)
SSL_R_DUPLICATE_COMPRESSION_ID);
return (1);
}
if (ssl_comp_methods == NULL
|| !sk_SSL_COMP_push(ssl_comp_methods, comp)) {
if (ssl_comp_methods == NULL || !sk_SSL_COMP_push(ssl_comp_methods, comp)) {
OPENSSL_free(comp);
CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD, ERR_R_MALLOC_FAILURE);

17
ssl/ssl_conf.c
View file

@ -116,7 +116,7 @@ static void ssl_set_option(SSL_CONF_CTX *cctx, unsigned int name_flags,
break;
case SSL_TFLAG_VFY:
pflags = cctx->pvfy_flags;
pflags = cctx->pvfy_flags;
break;
case SSL_TFLAG_OPTION:
@ -142,8 +142,7 @@ static int ssl_match_option(SSL_CONF_CTX *cctx, const ssl_flag_tbl *tbl,
if (namelen == -1) {
if (strcmp(tbl->name, name))
return 0;
} else if (tbl->namelen != namelen
|| strncasecmp(tbl->name, name, namelen))
} else if (tbl->namelen != namelen || strncasecmp(tbl->name, name, namelen))
return 0;
ssl_set_option(cctx, tbl->name_flags, tbl->option_value, onoff);
return 1;
@ -192,8 +191,7 @@ static int cmd_SignatureAlgorithms(SSL_CONF_CTX *cctx, const char *value)
}
/* Set supported client signature algorithms */
static int cmd_ClientSignatureAlgorithms(SSL_CONF_CTX *cctx,
const char *value)
static int cmd_ClientSignatureAlgorithms(SSL_CONF_CTX *cctx, const char *value)
{
int rv;
if (cctx->ssl)
@ -285,7 +283,8 @@ static int protocol_from_string(const char *value)
{"TLSv1.1", TLS1_1_VERSION},
{"TLSv1.2", TLS1_2_VERSION},
{"DTLSv1", DTLS1_VERSION},
{"DTLSv1.2", DTLS1_2_VERSION}};
{"DTLSv1.2", DTLS1_2_VERSION}
};
size_t i;
size_t n = OSSL_NELEM(versions);
@ -625,8 +624,7 @@ static int ssl_conf_cmd_skip_prefix(SSL_CONF_CTX *cctx, const char **pcmd)
}
/* Determine if a command is allowed according to cctx flags */
static int ssl_conf_cmd_allowed(SSL_CONF_CTX *cctx,
const ssl_conf_cmd_tbl * t)
static int ssl_conf_cmd_allowed(SSL_CONF_CTX *cctx, const ssl_conf_cmd_tbl * t)
{
unsigned int tfl = t->flags;
unsigned int cfl = cctx->flags;
@ -664,8 +662,7 @@ static const ssl_conf_cmd_tbl *ssl_conf_cmd_lookup(SSL_CONF_CTX *cctx,
return NULL;
}
static int ctrl_switch_option(SSL_CONF_CTX *cctx,
const ssl_conf_cmd_tbl * cmd)
static int ctrl_switch_option(SSL_CONF_CTX *cctx, const ssl_conf_cmd_tbl * cmd)
{
/* Find index of command in table */
size_t idx = cmd - ssl_conf_cmds;

30
ssl/ssl_init.c
View file

@ -26,7 +26,7 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_ssl_base)
{
#ifdef OPENSSL_INIT_DEBUG
fprintf(stderr, "OPENSSL_INIT: ossl_init_ssl_base: "
"Adding SSL ciphers and digests\n");
"Adding SSL ciphers and digests\n");
#endif
#ifndef OPENSSL_NO_DES
EVP_add_cipher(EVP_des_cbc());
@ -85,10 +85,10 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_ssl_base)
EVP_add_digest(EVP_sha384());
EVP_add_digest(EVP_sha512());
#ifndef OPENSSL_NO_COMP
#ifdef OPENSSL_INIT_DEBUG
# ifdef OPENSSL_INIT_DEBUG
fprintf(stderr, "OPENSSL_INIT: ossl_init_ssl_base: "
"SSL_COMP_get_compression_methods()\n");
#endif
"SSL_COMP_get_compression_methods()\n");
# endif
/*
* This will initialise the built-in compression algorithms. The value
* returned is a STACK_OF(SSL_COMP), but that can be discarded safely
@ -100,7 +100,7 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_ssl_base)
#ifdef OPENSSL_INIT_DEBUG
fprintf(stderr, "OPENSSL_INIT: ossl_init_ssl_base: "
"SSL_add_ssl_module()\n");
"SSL_add_ssl_module()\n");
#endif
SSL_add_ssl_module();
/*
@ -122,8 +122,8 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_load_ssl_strings)
*/
#if !defined(OPENSSL_NO_ERR) && !defined(OPENSSL_NO_AUTOERRINIT)
# ifdef OPENSSL_INIT_DEBUG
fprintf(stderr, "OPENSSL_INIT: ossl_init_load_ssl_strings: "
"ERR_load_SSL_strings()\n");
fprintf(stderr, "OPENSSL_INIT: ossl_init_load_ssl_strings: "
"ERR_load_SSL_strings()\n");
# endif
ERR_load_SSL_strings();
#endif
@ -146,10 +146,10 @@ static void ssl_library_stop(void)
if (ssl_base_inited) {
#ifndef OPENSSL_NO_COMP
#ifdef OPENSSL_INIT_DEBUG
# ifdef OPENSSL_INIT_DEBUG
fprintf(stderr, "OPENSSL_INIT: ssl_library_stop: "
"ssl_comp_free_compression_methods_int()\n");
#endif
"ssl_comp_free_compression_methods_int()\n");
# endif
ssl_comp_free_compression_methods_int();
#endif
}
@ -157,7 +157,7 @@ static void ssl_library_stop(void)
if (ssl_strings_inited) {
#ifdef OPENSSL_INIT_DEBUG
fprintf(stderr, "OPENSSL_INIT: ssl_library_stop: "
"err_free_strings_int()\n");
"err_free_strings_int()\n");
#endif
/*
* If both crypto and ssl error strings are inited we will end up
@ -169,13 +169,12 @@ static void ssl_library_stop(void)
}
}
/*
* If this function is called with a non NULL settings value then it must be
* called prior to any threads making calls to any OpenSSL functions,
* i.e. passing a non-null settings value is assumed to be single-threaded.
*/
int OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings)
int OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS * settings)
{
static int stoperrset = 0;
@ -200,13 +199,12 @@ int OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings)
return 0;
if ((opts & OPENSSL_INIT_NO_LOAD_SSL_STRINGS)
&& !RUN_ONCE(&ssl_strings, ossl_init_no_load_ssl_strings))
&& !RUN_ONCE(&ssl_strings, ossl_init_no_load_ssl_strings))
return 0;
if ((opts & OPENSSL_INIT_LOAD_SSL_STRINGS)
&& !RUN_ONCE(&ssl_strings, ossl_init_load_ssl_strings))
&& !RUN_ONCE(&ssl_strings, ossl_init_load_ssl_strings))
return 0;
return 1;
}

209
ssl/ssl_lib.c
View file

@ -82,22 +82,28 @@ struct ssl_async_args {
SSL *s;
void *buf;
int num;
enum { READFUNC, WRITEFUNC, OTHERFUNC} type;
enum { READFUNC, WRITEFUNC, OTHERFUNC } type;
union {
int (*func_read)(SSL *, void *, int);
int (*func_write)(SSL *, const void *, int);
int (*func_other)(SSL *);
int (*func_read) (SSL *, void *, int);
int (*func_write) (SSL *, const void *, int);
int (*func_other) (SSL *);
} f;
};
static const struct {
uint8_t mtype;
uint8_t ord;
int nid;
int nid;
} dane_mds[] = {
{ DANETLS_MATCHING_FULL, 0, NID_undef },
{ DANETLS_MATCHING_2256, 1, NID_sha256 },
{ DANETLS_MATCHING_2512, 2, NID_sha512 },
{
DANETLS_MATCHING_FULL, 0, NID_undef
},
{
DANETLS_MATCHING_2256, 1, NID_sha256
},
{
DANETLS_MATCHING_2512, 2, NID_sha512
},
};
static int dane_ctx_enable(struct dane_ctx_st *dctx)
@ -105,7 +111,7 @@ static int dane_ctx_enable(struct dane_ctx_st *dctx)
const EVP_MD **mdevp;
uint8_t *mdord;
uint8_t mdmax = DANETLS_MATCHING_LAST;
int n = ((int) mdmax) + 1; /* int to handle PrivMatch(255) */
int n = ((int)mdmax) + 1; /* int to handle PrivMatch(255) */
size_t i;
if (dctx->mdevp != NULL)
@ -194,7 +200,7 @@ static int ssl_dane_dup(SSL *to, SSL *from)
return 0;
}
num = sk_danetls_record_num(from->dane.trecs);
num = sk_danetls_record_num(from->dane.trecs);
for (i = 0; i < num; ++i) {
danetls_record *t = sk_danetls_record_value(from->dane.trecs, i);
@ -205,24 +211,20 @@ static int ssl_dane_dup(SSL *to, SSL *from)
return 1;
}
static int dane_mtype_set(
struct dane_ctx_st *dctx,
const EVP_MD *md,
uint8_t mtype,
uint8_t ord)
static int dane_mtype_set(struct dane_ctx_st *dctx,
const EVP_MD *md, uint8_t mtype, uint8_t ord)
{
int i;
if (mtype == DANETLS_MATCHING_FULL && md != NULL) {
SSLerr(SSL_F_DANE_MTYPE_SET,
SSL_R_DANE_CANNOT_OVERRIDE_MTYPE_FULL);
SSLerr(SSL_F_DANE_MTYPE_SET, SSL_R_DANE_CANNOT_OVERRIDE_MTYPE_FULL);
return 0;
}
if (mtype > dctx->mdmax) {
const EVP_MD **mdevp;
uint8_t *mdord;
int n = ((int) mtype) + 1;
int n = ((int)mtype) + 1;
mdevp = OPENSSL_realloc(dctx->mdevp, n * sizeof(*mdevp));
if (mdevp == NULL) {
@ -239,7 +241,7 @@ static int dane_mtype_set(
dctx->mdord = mdord;
/* Zero-fill any gaps */
for (i = dctx->mdmax+1; i < mtype; ++i) {
for (i = dctx->mdmax + 1; i < mtype; ++i) {
mdevp[i] = NULL;
mdord[i] = 0;
}
@ -261,13 +263,10 @@ static const EVP_MD *tlsa_md_get(SSL_DANE *dane, uint8_t mtype)
return dane->dctx->mdevp[mtype];
}
static int dane_tlsa_add(
SSL_DANE *dane,
uint8_t usage,
uint8_t selector,
uint8_t mtype,
unsigned char *data,
size_t dlen)
static int dane_tlsa_add(SSL_DANE *dane,
uint8_t usage,
uint8_t selector,
uint8_t mtype, unsigned char *data, size_t dlen)
{
danetls_record *t;
const EVP_MD *md = NULL;
@ -512,8 +511,7 @@ int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth)
&(ctx->cipher_list_by_id),
SSL_DEFAULT_CIPHER_LIST, ctx->cert);
if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) {
SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION,
SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);
SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);
return (0);
}
return (1);
@ -603,7 +601,7 @@ SSL *SSL_new(SSL_CTX *ctx)
s->tlsext_ocsp_resplen = -1;
SSL_CTX_up_ref(ctx);
s->initial_ctx = ctx;
# ifndef OPENSSL_NO_EC
#ifndef OPENSSL_NO_EC
if (ctx->tlsext_ecpointformatlist) {
s->tlsext_ecpointformatlist =
OPENSSL_memdup(ctx->tlsext_ecpointformatlist,
@ -622,10 +620,10 @@ SSL *SSL_new(SSL_CTX *ctx)
s->tlsext_ellipticcurvelist_length =
ctx->tlsext_ellipticcurvelist_length;
}
# endif
# ifndef OPENSSL_NO_NEXTPROTONEG
#endif
#ifndef OPENSSL_NO_NEXTPROTONEG
s->next_proto_negotiated = NULL;
# endif
#endif
if (s->ctx->alpn_client_proto_list) {
s->alpn_client_proto_list =
@ -665,7 +663,7 @@ SSL *SSL_new(SSL_CTX *ctx)
#ifndef OPENSSL_NO_CT
if (!SSL_set_ct_validation_callback(s, ctx->ct_validation_callback,
ctx->ct_validation_callback_arg))
ctx->ct_validation_callback_arg))
goto err;
#endif
@ -930,7 +928,8 @@ int SSL_dane_tlsa_add(SSL *s, uint8_t usage, uint8_t selector,
return dane_tlsa_add(&s->dane, usage, selector, mtype, data, dlen);
}
int SSL_CTX_dane_mtype_set(SSL_CTX *ctx, const EVP_MD *md, uint8_t mtype, uint8_t ord)
int SSL_CTX_dane_mtype_set(SSL_CTX *ctx, const EVP_MD *md, uint8_t mtype,
uint8_t ord)
{
return dane_mtype_set(&ctx->dane, md, mtype, ord);
}
@ -1004,7 +1003,7 @@ void SSL_free(SSL *s)
#ifndef OPENSSL_NO_EC
OPENSSL_free(s->tlsext_ecpointformatlist);
OPENSSL_free(s->tlsext_ellipticcurvelist);
#endif /* OPENSSL_NO_EC */
#endif /* OPENSSL_NO_EC */
sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts, X509_EXTENSION_free);
#ifndef OPENSSL_NO_OCSP
sk_OCSP_RESPID_pop_free(s->tlsext_ocsp_ids, OCSP_RESPID_free);
@ -1389,15 +1388,12 @@ int SSL_copy_session_id(SSL *t, const SSL *f)
/* Fix this so it checks all the valid key/cert options */
int SSL_CTX_check_private_key(const SSL_CTX *ctx)
{
if ((ctx == NULL) ||
(ctx->cert->key->x509 == NULL)) {
SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY,
SSL_R_NO_CERTIFICATE_ASSIGNED);
if ((ctx == NULL) || (ctx->cert->key->x509 == NULL)) {
SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY, SSL_R_NO_CERTIFICATE_ASSIGNED);
return (0);
}
if (ctx->cert->key->privatekey == NULL) {
SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY,
SSL_R_NO_PRIVATE_KEY_ASSIGNED);
SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY, SSL_R_NO_PRIVATE_KEY_ASSIGNED);
return (0);
}
return (X509_check_private_key
@ -1477,7 +1473,8 @@ long SSL_get_default_timeout(const SSL *s)
}
static int ssl_start_async_job(SSL *s, struct ssl_async_args *args,
int (*func)(void *)) {
int (*func) (void *))
{
int ret;
if (s->waitctx == NULL) {
s->waitctx = ASYNC_WAIT_CTX_new();
@ -1485,7 +1482,7 @@ static int ssl_start_async_job(SSL *s, struct ssl_async_args *args,
return -1;
}
switch (ASYNC_start_job(&s->job, s->waitctx, &ret, func, args,
sizeof(struct ssl_async_args))) {
sizeof(struct ssl_async_args))) {
case ASYNC_ERR:
s->rwstate = SSL_NOTHING;
SSLerr(SSL_F_SSL_START_ASYNC_JOB, SSL_R_FAILED_TO_INIT_ASYNC);
@ -1736,7 +1733,7 @@ long SSL_ctrl(SSL *s, int cmd, long larg, void *parg)
}
case SSL_CTRL_GET_EXTMS_SUPPORT:
if (!s->session || SSL_in_init(s) || ossl_statem_get_in_handshake(s))
return -1;
return -1;
if (s->session->flags & SSL_SESS_FLAG_EXTMS)
return 1;
else
@ -2122,8 +2119,7 @@ int SSL_get_servername_type(const SSL *s)
int SSL_select_next_proto(unsigned char **out, unsigned char *outlen,
const unsigned char *server,
unsigned int server_len,
const unsigned char *client,
unsigned int client_len)
const unsigned char *client, unsigned int client_len)
{
unsigned int i, j;
const unsigned char *result;
@ -2294,7 +2290,6 @@ void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data,
*len = ssl->s3->alpn_selected_len;
}
int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen,
const char *label, size_t llen,
const unsigned char *p, size_t plen,
@ -2399,9 +2394,9 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
goto err;
#endif
if (!ssl_create_cipher_list(ret->method,
&ret->cipher_list, &ret->cipher_list_by_id,
SSL_DEFAULT_CIPHER_LIST, ret->cert)
|| sk_SSL_CIPHER_num(ret->cipher_list) <= 0) {
&ret->cipher_list, &ret->cipher_list_by_id,
SSL_DEFAULT_CIPHER_LIST, ret->cert)
|| sk_SSL_CIPHER_num(ret->cipher_list) <= 0) {
SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_LIBRARY_HAS_NO_CIPHERS);
goto err2;
}
@ -2433,9 +2428,12 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
ret->split_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH;
/* Setup RFC5077 ticket keys */
if ((RAND_bytes(ret->tlsext_tick_key_name, sizeof(ret->tlsext_tick_key_name)) <= 0)
|| (RAND_bytes(ret->tlsext_tick_hmac_key, sizeof(ret->tlsext_tick_hmac_key)) <= 0)
|| (RAND_bytes(ret->tlsext_tick_aes_key, sizeof(ret->tlsext_tick_aes_key)) <= 0))
if ((RAND_bytes(ret->tlsext_tick_key_name,
sizeof(ret->tlsext_tick_key_name)) <= 0)
|| (RAND_bytes(ret->tlsext_tick_hmac_key,
sizeof(ret->tlsext_tick_hmac_key)) <= 0)
|| (RAND_bytes(ret->tlsext_tick_aes_key,
sizeof(ret->tlsext_tick_aes_key)) <= 0))
ret->options |= SSL_OP_NO_TICKET;
#ifndef OPENSSL_NO_SRP
@ -2616,8 +2614,7 @@ void SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth)
X509_VERIFY_PARAM_set_depth(ctx->param, depth);
}
void SSL_CTX_set_cert_cb(SSL_CTX *c, int (*cb) (SSL *ssl, void *arg),
void *arg)
void SSL_CTX_set_cert_cb(SSL_CTX *c, int (*cb) (SSL *ssl, void *arg), void *arg)
{
ssl_cert_set_cert_cb(c->cert, cb, arg);
}
@ -2802,8 +2799,7 @@ EVP_PKEY *ssl_get_sign_pkey(SSL *s, const SSL_CIPHER *cipher,
alg_a = cipher->algorithm_auth;
c = s->cert;
if ((alg_a & SSL_aDSS) &&
(c->pkeys[SSL_PKEY_DSA_SIGN].privatekey != NULL))
if ((alg_a & SSL_aDSS) && (c->pkeys[SSL_PKEY_DSA_SIGN].privatekey != NULL))
idx = SSL_PKEY_DSA_SIGN;
else if (alg_a & SSL_aRSA) {
if (c->pkeys[SSL_PKEY_RSA_SIGN].privatekey != NULL)
@ -2889,7 +2885,7 @@ int SSL_set_ssl_method(SSL *s, const SSL_METHOD *meth)
if (s->method != meth) {
const SSL_METHOD *sm = s->method;
int (*hf)(SSL *) = s->handshake_func;
int (*hf) (SSL *) = s->handshake_func;
if (sm->version == meth->version)
s->method = meth;
@ -3412,7 +3408,7 @@ SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX *ctx)
}
SSL_CTX_up_ref(ctx);
SSL_CTX_free(ssl->ctx); /* decrement reference count */
SSL_CTX_free(ssl->ctx); /* decrement reference count */
ssl->ctx = ctx;
return ssl->ctx;
@ -3507,7 +3503,7 @@ size_t SSL_get_server_random(const SSL *ssl, unsigned char *out, size_t outlen)
}
size_t SSL_SESSION_get_master_key(const SSL_SESSION *session,
unsigned char *out, size_t outlen)
unsigned char *out, size_t outlen)
{
if (session->master_key_length < 0) {
/* Should never happen */
@ -3587,8 +3583,7 @@ void SSL_set_tmp_dh_callback(SSL *ssl, DH *(*dh) (SSL *ssl, int is_export,
int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint)
{
if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN) {
SSLerr(SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT,
SSL_R_DATA_LENGTH_TOO_LONG);
SSLerr(SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT, SSL_R_DATA_LENGTH_TOO_LONG);
return 0;
}
OPENSSL_free(ctx->cert->psk_identity_hint);
@ -3641,8 +3636,7 @@ void SSL_set_psk_client_callback(SSL *s,
unsigned int
max_identity_len,
unsigned char *psk,
unsigned int
max_psk_len))
unsigned int max_psk_len))
{
s->psk_client_callback = cb;
}
@ -3664,8 +3658,7 @@ void SSL_set_psk_server_callback(SSL *s,
unsigned int (*cb) (SSL *ssl,
const char *identity,
unsigned char *psk,
unsigned int
max_psk_len))
unsigned int max_psk_len))
{
s->psk_server_callback = cb;
}
@ -3783,7 +3776,6 @@ void SSL_set_debug(SSL *s, int debug)
}
#endif
void SSL_set_security_level(SSL *s, int level)
{
s->cert->sec_level = level;
@ -3795,16 +3787,17 @@ int SSL_get_security_level(const SSL *s)
}
void SSL_set_security_callback(SSL *s,
int (*cb) (const SSL *s, const SSL_CTX *ctx, int op,
int bits, int nid, void *other,
void *ex))
int (*cb) (const SSL *s, const SSL_CTX *ctx,
int op, int bits, int nid,
void *other, void *ex))
{
s->cert->sec_cb = cb;
}
int (*SSL_get_security_callback(const SSL *s)) (const SSL *s, const SSL_CTX *ctx, int op,
int bits, int nid,
void *other, void *ex) {
int (*SSL_get_security_callback(const SSL *s)) (const SSL *s,
const SSL_CTX *ctx, int op,
int bits, int nid, void *other,
void *ex) {
return s->cert->sec_cb;
}
@ -3829,9 +3822,9 @@ int SSL_CTX_get_security_level(const SSL_CTX *ctx)
}
void SSL_CTX_set_security_callback(SSL_CTX *ctx,
int (*cb) (const SSL *s, const SSL_CTX *ctx, int op,
int bits, int nid, void *other,
void *ex))
int (*cb) (const SSL *s, const SSL_CTX *ctx,
int op, int bits, int nid,
void *other, void *ex))
{
ctx->cert->sec_cb = cb;
}
@ -3855,7 +3848,6 @@ void *SSL_CTX_get0_security_ex_data(const SSL_CTX *ctx)
return ctx->cert->sec_ex;
}
/*
* Get/Set/Clear options in SSL_CTX or SSL, formerly macros, now functions that
* can return unsigned long, instead of the generic long return value from the
@ -3865,22 +3857,27 @@ unsigned long SSL_CTX_get_options(const SSL_CTX *ctx)
{
return ctx->options;
}
unsigned long SSL_get_options(const SSL* s)
unsigned long SSL_get_options(const SSL *s)
{
return s->options;
}
unsigned long SSL_CTX_set_options(SSL_CTX *ctx, unsigned long op)
{
return ctx->options |= op;
}
unsigned long SSL_set_options(SSL *s, unsigned long op)
{
return s->options |= op;
}
unsigned long SSL_CTX_clear_options(SSL_CTX *ctx, unsigned long op)
{
return ctx->options &= ~op;
}
unsigned long SSL_clear_options(SSL *s, unsigned long op)
{
return s->options &= ~op;
@ -3902,7 +3899,8 @@ IMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER, ssl_cipher_id);
* the caller.
* Returns the number of SCTs moved, or a negative integer if an error occurs.
*/
static int ct_move_scts(STACK_OF(SCT) **dst, STACK_OF(SCT) *src, sct_source_t origin)
static int ct_move_scts(STACK_OF(SCT) **dst, STACK_OF(SCT) *src,
sct_source_t origin)
{
int scts_moved = 0;
SCT *sct = NULL;
@ -3925,16 +3923,16 @@ static int ct_move_scts(STACK_OF(SCT) **dst, STACK_OF(SCT) *src, sct_source_t or
}
return scts_moved;
err:
err:
if (sct != NULL)
sk_SCT_push(src, sct); /* Put the SCT back */
sk_SCT_push(src, sct); /* Put the SCT back */
return -1;
}
/*
* Look for data collected during ServerHello and parse if found.
* Return 1 on success, 0 on failure.
*/
* Look for data collected during ServerHello and parse if found.
* Return 1 on success, 0 on failure.
*/
static int ct_extract_tls_extension_scts(SSL *s)
{
int scts_extracted = 0;
@ -3961,7 +3959,7 @@ static int ct_extract_tls_extension_scts(SSL *s)
*/
static int ct_extract_ocsp_response_scts(SSL *s)
{
#ifndef OPENSSL_NO_OCSP
# ifndef OPENSSL_NO_OCSP
int scts_extracted = 0;
const unsigned char *p;
OCSP_BASICRESP *br = NULL;
@ -3987,21 +3985,22 @@ static int ct_extract_ocsp_response_scts(SSL *s)
if (single == NULL)
continue;
scts = OCSP_SINGLERESP_get1_ext_d2i(single, NID_ct_cert_scts, NULL, NULL);
scts_extracted = ct_move_scts(&s->scts, scts,
SCT_SOURCE_OCSP_STAPLED_RESPONSE);
scts =
OCSP_SINGLERESP_get1_ext_d2i(single, NID_ct_cert_scts, NULL, NULL);
scts_extracted =
ct_move_scts(&s->scts, scts, SCT_SOURCE_OCSP_STAPLED_RESPONSE);
if (scts_extracted < 0)
goto err;
}
err:
err:
SCT_LIST_free(scts);
OCSP_BASICRESP_free(br);
OCSP_RESPONSE_free(rsp);
return scts_extracted;
#else
# else
/* Behave as if no OCSP response exists */
return 0;
#endif
# endif
}
/*
@ -4043,17 +4042,17 @@ const STACK_OF(SCT) *SSL_get0_peer_scts(SSL *s)
s->scts_parsed = 1;
}
return s->scts;
err:
err:
return NULL;
}
static int ct_permissive(const CT_POLICY_EVAL_CTX *ctx,
static int ct_permissive(const CT_POLICY_EVAL_CTX * ctx,
const STACK_OF(SCT) *scts, void *unused_arg)
{
return 1;
}
static int ct_strict(const CT_POLICY_EVAL_CTX *ctx,
static int ct_strict(const CT_POLICY_EVAL_CTX * ctx,
const STACK_OF(SCT) *scts, void *unused_arg)
{
int count = scts != NULL ? sk_SCT_num(scts) : 0;
@ -4078,14 +4077,17 @@ int SSL_set_ct_validation_callback(SSL *s, ssl_ct_validation_cb callback,
* for this and throw an error if they have already registered to use CT.
*/
if (callback != NULL && SSL_CTX_has_client_custom_ext(s->ctx,
TLSEXT_TYPE_signed_certificate_timestamp)) {
TLSEXT_TYPE_signed_certificate_timestamp))
{
SSLerr(SSL_F_SSL_SET_CT_VALIDATION_CALLBACK,
SSL_R_CUSTOM_EXT_HANDLER_ALREADY_INSTALLED);
return 0;
}
if (callback != NULL) {
/* If we are validating CT, then we MUST accept SCTs served via OCSP */
/*
* If we are validating CT, then we MUST accept SCTs served via OCSP
*/
if (!SSL_set_tlsext_status_type(s, TLSEXT_STATUSTYPE_ocsp))
return 0;
}
@ -4097,15 +4099,15 @@ int SSL_set_ct_validation_callback(SSL *s, ssl_ct_validation_cb callback,
}
int SSL_CTX_set_ct_validation_callback(SSL_CTX *ctx,
ssl_ct_validation_cb callback,
void *arg)
ssl_ct_validation_cb callback, void *arg)
{
/*
* Since code exists that uses the custom extension handler for CT, look for
* this and throw an error if they have already registered to use CT.
*/
if (callback != NULL && SSL_CTX_has_client_custom_ext(ctx,
TLSEXT_TYPE_signed_certificate_timestamp)) {
TLSEXT_TYPE_signed_certificate_timestamp))
{
SSLerr(SSL_F_SSL_CTX_SET_CT_VALIDATION_CALLBACK,
SSL_R_CUSTOM_EXT_HANDLER_ALREADY_INSTALLED);
return 0;
@ -4148,8 +4150,7 @@ int ssl_validate_ct(SSL *s)
*/
if (s->ct_validation_callback == NULL || cert == NULL ||
s->verify_result != X509_V_OK ||
s->verified_chain == NULL ||
sk_X509_num(s->verified_chain) <= 1)
s->verified_chain == NULL || sk_X509_num(s->verified_chain) <= 1)
return 1;
/*
@ -4198,9 +4199,9 @@ int ssl_validate_ct(SSL *s)
ret = s->ct_validation_callback(ctx, scts, s->ct_validation_callback_arg);
if (ret < 0)
ret = 0; /* This function returns 0 on failure */
ret = 0; /* This function returns 0 on failure */
end:
end:
CT_POLICY_EVAL_CTX_free(ctx);
/*
* With SSL_VERIFY_NONE the session may be cached and re-used despite a
@ -4258,7 +4259,7 @@ int SSL_CTX_set_ctlog_list_file(SSL_CTX *ctx, const char *path)
return CTLOG_STORE_load_file(ctx->ctlog_store, path);
}
void SSL_CTX_set0_ctlog_store(SSL_CTX *ctx, CTLOG_STORE *logs)
void SSL_CTX_set0_ctlog_store(SSL_CTX *ctx, CTLOG_STORE * logs)
{
CTLOG_STORE_free(ctx->ctlog_store);
ctx->ctlog_store = logs;

343
ssl/ssl_locl.h
View file

@ -48,7 +48,7 @@
# include "e_os.h"
# if defined(__unix) || defined(__unix__)
# include <sys/time.h> /* struct timeval for DTLS */
# include <sys/time.h> /* struct timeval for DTLS */
# endif
# include <openssl/buffer.h>
@ -62,10 +62,10 @@
# include <openssl/async.h>
# include <openssl/symhacks.h>
# include <openssl/ct.h>
#include "record/record.h"
#include "statem/statem.h"
#include "packet_locl.h"
#include "internal/dane.h"
# include "record/record.h"
# include "statem/statem.h"
# include "packet_locl.h"
# include "internal/dane.h"
# ifdef OPENSSL_BUILD_SHLIBSSL
# undef OPENSSL_EXTERN
@ -164,13 +164,15 @@
(c)[1]=(unsigned char)(((l)>> 8)&0xff), \
(c)[2]=(unsigned char)(((l) )&0xff)),(c)+=3)
/* DTLS version numbers are strange because they're inverted. Except
* for DTLS1_BAD_VER, which should be considered "lower" than the rest. */
#define dtls_ver_ordinal(v1) (((v1) == DTLS1_BAD_VER) ? 0xff00 : (v1))
#define DTLS_VERSION_GT(v1, v2) (dtls_ver_ordinal(v1) < dtls_ver_ordinal(v2))
#define DTLS_VERSION_GE(v1, v2) (dtls_ver_ordinal(v1) <= dtls_ver_ordinal(v2))
#define DTLS_VERSION_LT(v1, v2) (dtls_ver_ordinal(v1) > dtls_ver_ordinal(v2))
#define DTLS_VERSION_LE(v1, v2) (dtls_ver_ordinal(v1) >= dtls_ver_ordinal(v2))
/*
* DTLS version numbers are strange because they're inverted. Except for
* DTLS1_BAD_VER, which should be considered "lower" than the rest.
*/
# define dtls_ver_ordinal(v1) (((v1) == DTLS1_BAD_VER) ? 0xff00 : (v1))
# define DTLS_VERSION_GT(v1, v2) (dtls_ver_ordinal(v1) < dtls_ver_ordinal(v2))
# define DTLS_VERSION_GE(v1, v2) (dtls_ver_ordinal(v1) <= dtls_ver_ordinal(v2))
# define DTLS_VERSION_LT(v1, v2) (dtls_ver_ordinal(v1) > dtls_ver_ordinal(v2))
# define DTLS_VERSION_LE(v1, v2) (dtls_ver_ordinal(v1) >= dtls_ver_ordinal(v2))
/* LOCAL STUFF */
@ -224,7 +226,7 @@
/* all PSK */
#define SSL_PSK (SSL_kPSK | SSL_kRSAPSK | SSL_kECDHEPSK | SSL_kDHEPSK)
# define SSL_PSK (SSL_kPSK | SSL_kRSAPSK | SSL_kECDHEPSK | SSL_kDHEPSK)
/* Bits for algorithm_auth (server authentication) */
/* RSA auth */
@ -376,7 +378,7 @@
# define SSL_CLIENT_USE_SIGALGS(s) \
SSL_CLIENT_USE_TLS1_2_CIPHERS(s)
# define SSL_USE_ETM(s) (s->s3->flags & TLS1_FLAGS_ENCRYPT_THEN_MAC)
# define SSL_USE_ETM(s) (s->s3->flags & TLS1_FLAGS_ENCRYPT_THEN_MAC)
/* Mostly for SSLv3 */
# define SSL_PKEY_RSA_ENC 0
@ -407,30 +409,29 @@
#define CERT_PRIVATE_KEY 2
*/
/* CipherSuite length. SSLv3 and all TLS versions. */
#define TLS_CIPHER_LEN 2
# define TLS_CIPHER_LEN 2
/* used to hold info on the particular ciphers used */
struct ssl_cipher_st {
uint32_t valid;
const char *name; /* text name */
uint32_t id; /* id, 4 bytes, first is version */
const char *name; /* text name */
uint32_t id; /* id, 4 bytes, first is version */
/*
* changed in 1.0.0: these four used to be portions of a single value
* 'algorithms'
*/
uint32_t algorithm_mkey; /* key exchange algorithm */
uint32_t algorithm_auth; /* server authentication */
uint32_t algorithm_enc; /* symmetric encryption */
uint32_t algorithm_mac; /* symmetric authentication */
int min_tls; /* minimum SSL/TLS protocol version */
int max_tls; /* maximum SSL/TLS protocol version */
int min_dtls; /* minimum DTLS protocol version */
int max_dtls; /* maximum DTLS protocol version */
uint32_t algo_strength; /* strength and export flags */
uint32_t algorithm2; /* Extra flags */
int32_t strength_bits; /* Number of bits really used */
uint32_t alg_bits; /* Number of bits for algorithm */
uint32_t algorithm_mkey; /* key exchange algorithm */
uint32_t algorithm_auth; /* server authentication */
uint32_t algorithm_enc; /* symmetric encryption */
uint32_t algorithm_mac; /* symmetric authentication */
int min_tls; /* minimum SSL/TLS protocol version */
int max_tls; /* maximum SSL/TLS protocol version */
int min_dtls; /* minimum DTLS protocol version */
int max_dtls; /* maximum DTLS protocol version */
uint32_t algo_strength; /* strength and export flags */
uint32_t algorithm2; /* Extra flags */
int32_t strength_bits; /* Number of bits really used */
uint32_t alg_bits; /* Number of bits for algorithm */
};
/* Used to hold SSL/TLS functions */
@ -494,8 +495,8 @@ struct ssl_method_st {
* I'm using EXPLICIT tags so I can read the damn things using asn1parse :-).
*/
struct ssl_session_st {
int ssl_version; /* what ssl version session info is being
* kept in here? */
int ssl_version; /* what ssl version session info is being kept
* in here? */
int master_key_length;
unsigned char master_key[SSL_MAX_MASTER_KEY_LENGTH];
/* session_id - valid? */
@ -533,8 +534,8 @@ struct ssl_session_st {
long time;
unsigned int compress_meth; /* Need to lookup the method */
const SSL_CIPHER *cipher;
unsigned long cipher_id; /* when ASN.1 loaded, this needs to be used
* to load the 'cipher' structure */
unsigned long cipher_id; /* when ASN.1 loaded, this needs to be used to
* load the 'cipher' structure */
STACK_OF(SSL_CIPHER) *ciphers; /* shared ciphers? */
CRYPTO_EX_DATA ex_data; /* application specific data */
/*
@ -548,11 +549,12 @@ struct ssl_session_st {
unsigned char *tlsext_ecpointformatlist; /* peer's list */
size_t tlsext_ellipticcurvelist_length;
unsigned char *tlsext_ellipticcurvelist; /* peer's list */
# endif /* OPENSSL_NO_EC */
# endif /* OPENSSL_NO_EC */
/* RFC4507 info */
unsigned char *tlsext_tick; /* Session ticket */
size_t tlsext_ticklen; /* Session ticket length */
unsigned long tlsext_tick_lifetime_hint; /* Session lifetime hint in seconds */
unsigned long tlsext_tick_lifetime_hint; /* Session lifetime hint in
* seconds */
# ifndef OPENSSL_NO_SRP
char *srp_username;
# endif
@ -561,8 +563,7 @@ struct ssl_session_st {
};
/* Extended master secret support */
# define SSL_SESS_FLAG_EXTMS 0x1
# define SSL_SESS_FLAG_EXTMS 0x1
# ifndef OPENSSL_NO_SRP
@ -595,7 +596,7 @@ DEFINE_LHASH_OF(SSL_SESSION);
/* Needed in ssl_cert.c */
DEFINE_LHASH_OF(X509_NAME);
#define TLSEXT_KEYNAME_LENGTH 16
# define TLSEXT_KEYNAME_LENGTH 16
struct ssl_ctx_st {
const SSL_METHOD *method;
@ -650,9 +651,9 @@ struct ssl_ctx_st {
int sess_hit; /* session reuse actually done */
int sess_cb_hit; /* session-id that was not in the cache was
* passed back via the callback. This
* indicates that the application is
* supplying session-id's from other
* processes - spooky :-) */
* indicates that the application is supplying
* session-id's from other processes - spooky
* :-) */
} stats;
int references;
@ -730,15 +731,15 @@ struct ssl_ctx_st {
int quiet_shutdown;
# ifndef OPENSSL_NO_CT
CTLOG_STORE *ctlog_store; /* CT Log Store */
# ifndef OPENSSL_NO_CT
CTLOG_STORE *ctlog_store; /* CT Log Store */
/*
* Validates that the SCTs (Signed Certificate Timestamps) are sufficient.
* If they are not, the connection should be aborted.
*/
* Validates that the SCTs (Signed Certificate Timestamps) are sufficient.
* If they are not, the connection should be aborted.
*/
ssl_ct_validation_cb ct_validation_callback;
void *ct_validation_callback_arg;
# endif
# endif
/*
* If we're using more than one pipeline how should we divide the data
@ -757,12 +758,12 @@ struct ssl_ctx_st {
/* The default read buffer length to use (0 means not set) */
size_t default_read_buf_len;
# ifndef OPENSSL_NO_ENGINE
# ifndef OPENSSL_NO_ENGINE
/*
* Engine to pass requests for client certs to
*/
ENGINE *client_cert_engine;
# endif
# endif
/* TLS extensions servername callback */
int (*tlsext_servername_callback) (SSL *, int *, void *);
@ -774,15 +775,14 @@ struct ssl_ctx_st {
/* Callback to support customisation of ticket key setting */
int (*tlsext_ticket_key_cb) (SSL *ssl,
unsigned char *name, unsigned char *iv,
EVP_CIPHER_CTX *ectx,
HMAC_CTX *hctx, int enc);
EVP_CIPHER_CTX *ectx, HMAC_CTX *hctx, int enc);
/* certificate status request info */
/* Callback for status request */
int (*tlsext_status_cb) (SSL *ssl, void *arg);
void *tlsext_status_arg;
# ifndef OPENSSL_NO_PSK
# ifndef OPENSSL_NO_PSK
unsigned int (*psk_client_callback) (SSL *ssl, const char *hint,
char *identity,
unsigned int max_identity_len,
@ -791,13 +791,13 @@ struct ssl_ctx_st {
unsigned int (*psk_server_callback) (SSL *ssl, const char *identity,
unsigned char *psk,
unsigned int max_psk_len);
# endif
# endif
# ifndef OPENSSL_NO_SRP
# ifndef OPENSSL_NO_SRP
SRP_CTX srp_ctx; /* ctx for SRP authentication */
# endif
# endif
# ifndef OPENSSL_NO_NEXTPROTONEG
# ifndef OPENSSL_NO_NEXTPROTONEG
/* Next protocol negotiation information */
/*
@ -816,7 +816,7 @@ struct ssl_ctx_st {
const unsigned char *in,
unsigned int inlen, void *arg);
void *next_proto_select_cb_arg;
# endif
# endif
/*
* ALPN information (we are in the process of transitioning from NPN to
@ -857,13 +857,13 @@ struct ssl_ctx_st {
* basis, depending on the chosen cipher.
*/
int (*not_resumable_session_cb) (SSL *ssl, int is_forward_secure);
# ifndef OPENSSL_NO_EC
# ifndef OPENSSL_NO_EC
/* EC extension values inherited by SSL structure */
size_t tlsext_ecpointformatlist_length;
unsigned char *tlsext_ecpointformatlist;
size_t tlsext_ellipticcurvelist_length;
unsigned char *tlsext_ellipticcurvelist;
# endif /* OPENSSL_NO_EC */
# endif /* OPENSSL_NO_EC */
/* ext status type used for CSR extension (OCSP Stapling) */
int tlsext_status_type;
@ -871,14 +871,12 @@ struct ssl_ctx_st {
CRYPTO_RWLOCK *lock;
};
struct ssl_st {
/*
* protocol version (one of SSL2_VERSION, SSL3_VERSION, TLS1_VERSION,
* DTLS1_VERSION)
*/
int version;
/* SSLv3 */
const SSL_METHOD *method;
/*
@ -897,7 +895,6 @@ struct ssl_st {
* request needs re-doing when in SSL_accept or SSL_connect
*/
int rwstate;
int (*handshake_func) (SSL *);
/*
* Imagine that here's a boolean member "init" that is switched as soon
@ -921,26 +918,21 @@ struct ssl_st {
int shutdown;
/* where we are */
OSSL_STATEM statem;
BUF_MEM *init_buf; /* buffer used during init */
void *init_msg; /* pointer to handshake message body, set by
* ssl3_get_message() */
int init_num; /* amount read/written */
int init_off; /* amount read/written */
struct ssl3_state_st *s3; /* SSLv3 variables */
struct dtls1_state_st *d1; /* DTLSv1 variables */
/* callback that allows applications to peek at protocol messages */
void (*msg_callback) (int write_p, int version, int content_type,
const void *buf, size_t len, SSL *ssl, void *arg);
void *msg_callback_arg;
int hit; /* reusing a previous session */
X509_VERIFY_PARAM *param;
/* Per connection DANE state */
SSL_DANE dane;
/* crypto */
STACK_OF(SSL_CIPHER) *cipher_list;
STACK_OF(SSL_CIPHER) *cipher_list_by_id;
@ -983,7 +975,7 @@ struct ssl_st {
int error;
/* actual code */
int error_code;
# ifndef OPENSSL_NO_PSK
# ifndef OPENSSL_NO_PSK
unsigned int (*psk_client_callback) (SSL *ssl, const char *hint,
char *identity,
unsigned int max_identity_len,
@ -992,7 +984,7 @@ struct ssl_st {
unsigned int (*psk_server_callback) (SSL *ssl, const char *identity,
unsigned char *psk,
unsigned int max_psk_len);
# endif
# endif
SSL_CTX *ctx;
/* Verified chain of peer */
STACK_OF(X509) *verified_chain;
@ -1012,7 +1004,6 @@ struct ssl_st {
int first_packet;
/* what was passed, used for SSLv3/TLS rollback check */
int client_version;
/*
* If we're using more than one pipeline how should we divide the data
* up between the pipes?
@ -1023,10 +1014,8 @@ struct ssl_st {
* be more than this due to padding and MAC overheads.
*/
unsigned int max_send_fragment;
/* Up to how many pipelines should we use? If 0 then 1 is assumed */
unsigned int max_pipelines;
/* TLS extension debug callback */
void (*tlsext_debug_cb) (SSL *s, int client_server, int type,
const unsigned char *data, int len, void *arg);
@ -1042,11 +1031,11 @@ struct ssl_st {
/* certificate status request info */
/* Status type or -1 if no status type */
int tlsext_status_type;
# ifndef OPENSSL_NO_CT
# ifndef OPENSSL_NO_CT
/*
* Validates that the SCTs (Signed Certificate Timestamps) are sufficient.
* If they are not, the connection should be aborted.
*/
* Validates that the SCTs (Signed Certificate Timestamps) are sufficient.
* If they are not, the connection should be aborted.
*/
ssl_ct_validation_cb ct_validation_callback;
/* User-supplied argument tha tis passed to the ct_validation_callback */
void *ct_validation_callback_arg;
@ -1061,7 +1050,7 @@ struct ssl_st {
uint16_t tlsext_scts_len;
/* Have we attempted to find/parse SCTs yet? */
int scts_parsed;
# endif
# endif
/* Expect OCSP CertificateStatus message */
int tlsext_status_expected;
/* OCSP status request only */
@ -1072,14 +1061,14 @@ struct ssl_st {
int tlsext_ocsp_resplen;
/* RFC4507 session ticket expected to be received or sent */
int tlsext_ticket_expected;
# ifndef OPENSSL_NO_EC
# ifndef OPENSSL_NO_EC
size_t tlsext_ecpointformatlist_length;
/* our list */
unsigned char *tlsext_ecpointformatlist;
size_t tlsext_ellipticcurvelist_length;
/* our list */
unsigned char *tlsext_ellipticcurvelist;
# endif /* OPENSSL_NO_EC */
# endif /* OPENSSL_NO_EC */
/* TLS Session Ticket extension override */
TLS_SESSION_TICKET_EXT *tlsext_session_ticket;
/* TLS Session Ticket extension callback */
@ -1089,7 +1078,7 @@ struct ssl_st {
tls_session_secret_cb_fn tls_session_secret_cb;
void *tls_session_secret_cb_arg;
SSL_CTX *initial_ctx; /* initial ctx, used to store sessions */
# ifndef OPENSSL_NO_NEXTPROTONEG
# ifndef OPENSSL_NO_NEXTPROTONEG
/*
* Next protocol negotiation. For the client, this is the protocol that
* we sent in NextProtocol and is set when handling ServerHello
@ -1099,8 +1088,8 @@ struct ssl_st {
*/
unsigned char *next_proto_negotiated;
unsigned char next_proto_negotiated_len;
# endif
# define session_ctx initial_ctx
# endif
# define session_ctx initial_ctx
/* What we'll do */
STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles;
/* What's been chosen */
@ -1122,39 +1111,32 @@ struct ssl_st {
*/
unsigned char *alpn_client_proto_list;
unsigned alpn_client_proto_list_len;
/*-
* 1 if we are renegotiating.
* 2 if we are a server and are inside a handshake
* (i.e. not just sending a HelloRequest)
*/
int renegotiate;
# ifndef OPENSSL_NO_SRP
# ifndef OPENSSL_NO_SRP
/* ctx for SRP authentication */
SRP_CTX srp_ctx;
# endif
# endif
/*
* Callback for disabling session caching and ticket support on a session
* basis, depending on the chosen cipher.
*/
int (*not_resumable_session_cb) (SSL *ssl, int is_forward_secure);
RECORD_LAYER rlayer;
/* Default password callback. */
pem_password_cb *default_passwd_callback;
/* Default password callback user data. */
void *default_passwd_callback_userdata;
/* Async Job info */
ASYNC_JOB *job;
ASYNC_WAIT_CTX *waitctx;
CRYPTO_RWLOCK *lock;
};
typedef struct ssl3_state_st {
long flags;
int read_mac_secret_size;
@ -1205,9 +1187,9 @@ typedef struct ssl3_state_st {
int message_type;
/* used to hold the new cipher we are going to use */
const SSL_CIPHER *new_cipher;
# if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
EVP_PKEY *pkey; /* holds short lived DH/ECDH key */
# endif
# if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
EVP_PKEY *pkey; /* holds short lived DH/ECDH key */
# endif
/* used for certificate requests */
int cert_req;
int ctype_num;
@ -1219,11 +1201,11 @@ typedef struct ssl3_state_st {
const EVP_MD *new_hash;
int new_mac_pkey_type;
int new_mac_secret_size;
# ifndef OPENSSL_NO_COMP
# ifndef OPENSSL_NO_COMP
const SSL_COMP *new_compression;
# else
# else
char *new_compression;
# endif
# endif
int cert_request;
/* Raw values of the cipher list from a client */
unsigned char *ciphers_raw;
@ -1231,11 +1213,11 @@ typedef struct ssl3_state_st {
/* Temporary storage for premaster secret */
unsigned char *pms;
size_t pmslen;
#ifndef OPENSSL_NO_PSK
# ifndef OPENSSL_NO_PSK
/* Temporary storage for PSK key */
unsigned char *psk;
size_t psklen;
#endif
# endif
/*
* signature algorithms peer reports: e.g. supported signature
* algorithms extension for server or as part of a certificate
@ -1277,12 +1259,12 @@ typedef struct ssl3_state_st {
unsigned char previous_server_finished_len;
int send_connection_binding; /* TODOEKR */
# ifndef OPENSSL_NO_NEXTPROTONEG
# ifndef OPENSSL_NO_NEXTPROTONEG
/*
* Set if we saw the Next Protocol Negotiation extension from our peer.
*/
int next_proto_neg_seen;
# endif
# endif
/*
* ALPN information (we are in the process of transitioning from NPN to
@ -1302,14 +1284,14 @@ typedef struct ssl3_state_st {
/* used by the client to know if it actually sent alpn */
int alpn_sent;
# ifndef OPENSSL_NO_EC
# ifndef OPENSSL_NO_EC
/*
* This is set to true if we believe that this is a version of Safari
* running on OS X 10.6 or newer. We wish to know this because Safari on
* 10.8 .. 10.8.3 has broken ECDHE-ECDSA support.
*/
char is_probably_safari;
# endif /* !OPENSSL_NO_EC */
# endif /* !OPENSSL_NO_EC */
/* For clients: peer temporary key */
# if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
@ -1318,21 +1300,20 @@ typedef struct ssl3_state_st {
} SSL3_STATE;
/* DTLS structures */
# ifndef OPENSSL_NO_SCTP
# define DTLS1_SCTP_AUTH_LABEL "EXPORTER_DTLS_OVER_SCTP"
# endif
# ifndef OPENSSL_NO_SCTP
# define DTLS1_SCTP_AUTH_LABEL "EXPORTER_DTLS_OVER_SCTP"
# endif
/* Max MTU overhead we know about so far is 40 for IPv6 + 8 for UDP */
# define DTLS1_MAX_MTU_OVERHEAD 48
# define DTLS1_MAX_MTU_OVERHEAD 48
/*
* Flag used in message reuse to indicate the buffer contains the record
* header as well as the the handshake message header.
*/
# define DTLS1_SKIP_RECORD_HEADER 2
# define DTLS1_SKIP_RECORD_HEADER 2
struct dtls1_retransmit_state {
EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */
@ -1380,7 +1361,7 @@ typedef struct pitem_st *piterator;
pitem *pitem_new(unsigned char *prio64be, void *data);
void pitem_free(pitem *item);
pqueue* pqueue_new(void);
pqueue *pqueue_new(void);
void pqueue_free(pqueue *pq);
pitem *pqueue_insert(pqueue *pq, pitem *item);
pitem *pqueue_peek(pqueue *pq);
@ -1394,17 +1375,14 @@ typedef struct dtls1_state_st {
unsigned char cookie[DTLS1_COOKIE_LENGTH];
unsigned int cookie_len;
unsigned int cookie_verified;
/* handshake message numbers */
unsigned short handshake_write_seq;
unsigned short next_handshake_write_seq;
unsigned short handshake_read_seq;
/* Buffered handshake messages */
pqueue *buffered_messages;
/* Buffered (sent) handshake records */
pqueue *sent_messages;
unsigned int link_mtu; /* max on-the-wire DTLS packet size */
unsigned int mtu; /* max DTLS packet size */
struct hm_header_st w_msg_hdr;
@ -1416,15 +1394,12 @@ typedef struct dtls1_state_st {
struct timeval next_timeout;
/* Timeout duration */
unsigned short timeout_duration;
unsigned int retransmitting;
# ifndef OPENSSL_NO_SCTP
# ifndef OPENSSL_NO_SCTP
int shutdown_received;
# endif
# endif
} DTLS1_STATE;
# ifndef OPENSSL_NO_EC
/*
* From ECC-TLS draft, used in encoding the curve type in ECParameters
@ -1439,7 +1414,6 @@ typedef struct cert_pkey_st {
EVP_PKEY *privatekey;
/* Chain for this certificate */
STACK_OF(X509) *chain;
/*-
* serverinfo data for this certificate. The data is in TLS Extension
* wire format, specifically it's a series of records like:
@ -1559,10 +1533,10 @@ typedef struct cert_st {
/* Security level */
int sec_level;
void *sec_ex;
#ifndef OPENSSL_NO_PSK
# ifndef OPENSSL_NO_PSK
/* If not NULL psk identity hint to use for servers */
char *psk_identity_hint;
#endif
# endif
int references; /* >1 only if SSL_copy_session_id is used */
CRYPTO_RWLOCK *lock;
} CERT;
@ -1680,8 +1654,8 @@ extern const SSL3_ENC_METHOD DTLSv1_2_enc_data;
/*
* Flags for SSL methods
*/
#define SSL_METHOD_NO_FIPS (1U<<0)
#define SSL_METHOD_NO_SUITEB (1U<<1)
# define SSL_METHOD_NO_FIPS (1U<<0)
# define SSL_METHOD_NO_SUITEB (1U<<1)
# define IMPLEMENT_tls_meth_func(version, flags, mask, func_name, s_accept, \
s_connect, enc_data) \
@ -1801,7 +1775,7 @@ struct openssl_ssl_test_functions {
int (*p_ssl3_setup_buffers) (SSL *s);
# ifndef OPENSSL_NO_HEARTBEATS
int (*p_dtls1_process_heartbeat) (SSL *s,
unsigned char *p, unsigned int length);
unsigned char *p, unsigned int length);
# endif
};
@ -1822,17 +1796,21 @@ __owur SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket);
__owur int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b);
DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER, ssl_cipher_id);
__owur int ssl_cipher_ptr_id_cmp(const SSL_CIPHER *const *ap,
const SSL_CIPHER *const *bp);
const SSL_CIPHER *const *bp);
__owur STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *meth,
STACK_OF(SSL_CIPHER) **pref,
STACK_OF(SSL_CIPHER) **sorted,
const char *rule_str, CERT *c);
STACK_OF(SSL_CIPHER) **pref,
STACK_OF(SSL_CIPHER)
**sorted,
const char *rule_str,
CERT *c);
void ssl_update_cache(SSL *s, int mode);
__owur int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
const EVP_MD **md, int *mac_pkey_type,
int *mac_secret_size, SSL_COMP **comp, int use_etm);
const EVP_MD **md, int *mac_pkey_type,
int *mac_secret_size, SSL_COMP **comp,
int use_etm);
__owur int ssl_cipher_get_cert_index(const SSL_CIPHER *c);
__owur const SSL_CIPHER *ssl_get_cipher_by_char(SSL *ssl, const unsigned char *ptr);
__owur const SSL_CIPHER *ssl_get_cipher_by_char(SSL *ssl,
const unsigned char *ptr);
__owur int ssl_cert_set0_chain(SSL *s, SSL_CTX *ctx, STACK_OF(X509) *chain);
__owur int ssl_cert_set1_chain(SSL *s, SSL_CTX *ctx, STACK_OF(X509) *chain);
__owur int ssl_cert_add0_chain_cert(SSL *s, SSL_CTX *ctx, X509 *x);
@ -1840,31 +1818,35 @@ __owur int ssl_cert_add1_chain_cert(SSL *s, SSL_CTX *ctx, X509 *x);
__owur int ssl_cert_select_current(CERT *c, X509 *x);
__owur int ssl_cert_set_current(CERT *c, long arg);
__owur X509 *ssl_cert_get0_next_certificate(CERT *c, int first);
void ssl_cert_set_cert_cb(CERT *c, int (*cb) (SSL *ssl, void *arg),
void *arg);
void ssl_cert_set_cert_cb(CERT *c, int (*cb) (SSL *ssl, void *arg), void *arg);
__owur int ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk);
__owur int ssl_add_cert_chain(SSL *s, CERT_PKEY *cpk, unsigned long *l);
__owur int ssl_build_cert_chain(SSL *s, SSL_CTX *ctx, int flags);
__owur int ssl_cert_set_cert_store(CERT *c, X509_STORE *store, int chain, int ref);
__owur int ssl_cert_set_cert_store(CERT *c, X509_STORE *store, int chain,
int ref);
__owur int ssl_security(const SSL *s, int op, int bits, int nid, void *other);
__owur int ssl_ctx_security(const SSL_CTX *ctx, int op, int bits, int nid, void *other);
__owur int ssl_ctx_security(const SSL_CTX *ctx, int op, int bits, int nid,
void *other);
int ssl_undefined_function(SSL *s);
__owur int ssl_undefined_void_function(void);
__owur int ssl_undefined_const_function(const SSL *s);
__owur CERT_PKEY *ssl_get_server_send_pkey(SSL *s);
__owur int ssl_get_server_cert_serverinfo(SSL *s, const unsigned char **serverinfo,
size_t *serverinfo_length);
__owur EVP_PKEY *ssl_get_sign_pkey(SSL *s, const SSL_CIPHER *c, const EVP_MD **pmd);
__owur int ssl_get_server_cert_serverinfo(SSL *s,
const unsigned char **serverinfo,
size_t *serverinfo_length);
__owur EVP_PKEY *ssl_get_sign_pkey(SSL *s, const SSL_CIPHER *c,
const EVP_MD **pmd);
__owur int ssl_cert_type(const X509 *x, const EVP_PKEY *pkey);
void ssl_set_masks(SSL *s);
__owur STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s);
__owur int ssl_verify_alarm_type(long type);
void ssl_sort_cipher_list(void);
void ssl_load_ciphers(void);
__owur int ssl_fill_hello_random(SSL *s, int server, unsigned char *field, int len);
__owur int ssl_fill_hello_random(SSL *s, int server, unsigned char *field,
int len);
__owur int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen,
int free_pms);
__owur EVP_PKEY *ssl_generate_pkey(EVP_PKEY *pm);
@ -1880,7 +1862,7 @@ void ssl3_cleanup_key_block(SSL *s);
__owur int ssl3_do_write(SSL *s, int type);
int ssl3_send_alert(SSL *s, int level, int desc);
__owur int ssl3_generate_master_secret(SSL *s, unsigned char *out,
unsigned char *p, int len);
unsigned char *p, int len);
__owur int ssl3_get_req_cert_type(SSL *s, unsigned char *p);
__owur int ssl3_num_ciphers(void);
__owur const SSL_CIPHER *ssl3_get_cipher(unsigned int u);
@ -1888,7 +1870,7 @@ int ssl3_renegotiate(SSL *ssl);
int ssl3_renegotiate_check(SSL *ssl);
__owur int ssl3_dispatch_alert(SSL *s);
__owur int ssl3_final_finish_mac(SSL *s, const char *sender, int slen,
unsigned char *p);
unsigned char *p);
__owur int ssl3_finish_mac(SSL *s, const unsigned char *buf, int len);
void ssl3_free_digest_list(SSL *s);
__owur unsigned long ssl3_output_cert_chain(SSL *s, CERT_PKEY *cpk);
@ -1923,17 +1905,18 @@ __owur int ssl_check_version_downgrade(SSL *s);
__owur int ssl_set_version_bound(int method_version, int version, int *bound);
__owur int ssl_choose_server_version(SSL *s);
__owur int ssl_choose_client_version(SSL *s, int version);
int ssl_get_client_min_max_version(const SSL *s, int *min_version, int *max_version);
int ssl_get_client_min_max_version(const SSL *s, int *min_version,
int *max_version);
__owur long tls1_default_timeout(void);
__owur int dtls1_do_write(SSL *s, int type);
void dtls1_set_message_header(SSL *s,
unsigned char mt,
unsigned long len,
unsigned long frag_off,
unsigned long frag_len);
unsigned long frag_off, unsigned long frag_len);
__owur int dtls1_write_app_data_bytes(SSL *s, int type, const void *buf, int len);
__owur int dtls1_write_app_data_bytes(SSL *s, int type, const void *buf,
int len);
__owur int dtls1_read_failed(SSL *s, int code);
__owur int dtls1_buffer_message(SSL *s, int ccs);
@ -1979,13 +1962,13 @@ void ssl_free_wbio_buffer(SSL *s);
__owur int tls1_change_cipher_state(SSL *s, int which);
__owur int tls1_setup_key_block(SSL *s);
__owur int tls1_final_finish_mac(SSL *s,
const char *str, int slen, unsigned char *p);
const char *str, int slen, unsigned char *p);
__owur int tls1_generate_master_secret(SSL *s, unsigned char *out,
unsigned char *p, int len);
unsigned char *p, int len);
__owur int tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen,
const char *label, size_t llen,
const unsigned char *p, size_t plen,
int use_context);
const char *label, size_t llen,
const unsigned char *p, size_t plen,
int use_context);
__owur int tls1_alert_code(int code);
__owur int ssl3_alert_code(int code);
__owur int ssl_ok(SSL *s);
@ -2008,20 +1991,20 @@ __owur int tls1_ec_nid2curve_id(int nid);
__owur int tls1_check_curve(SSL *s, const unsigned char *p, size_t len);
__owur int tls1_shared_curve(SSL *s, int nmatch);
__owur int tls1_set_curves(unsigned char **pext, size_t *pextlen,
int *curves, size_t ncurves);
int *curves, size_t ncurves);
__owur int tls1_set_curves_list(unsigned char **pext, size_t *pextlen,
const char *str);
const char *str);
__owur int tls1_check_ec_tmp_key(SSL *s, unsigned long id);
__owur EVP_PKEY *ssl_generate_pkey_curve(int id);
# endif /* OPENSSL_NO_EC */
__owur int tls1_shared_list(SSL *s,
const unsigned char *l1, size_t l1len,
const unsigned char *l2, size_t l2len, int nmatch);
const unsigned char *l1, size_t l1len,
const unsigned char *l2, size_t l2len, int nmatch);
__owur unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf,
unsigned char *limit, int *al);
unsigned char *limit, int *al);
__owur unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf,
unsigned char *limit, int *al);
unsigned char *limit, int *al);
__owur int ssl_parse_clienthello_tlsext(SSL *s, PACKET *pkt);
void ssl_set_default_md(SSL *s);
__owur int tls1_set_server_sigalgs(SSL *s);
@ -2032,7 +2015,8 @@ __owur int ssl_prepare_serverhello_tlsext(SSL *s);
# ifndef OPENSSL_NO_HEARTBEATS
__owur int dtls1_heartbeat(SSL *s);
__owur int dtls1_process_heartbeat(SSL *s, unsigned char *p, unsigned int length);
__owur int dtls1_process_heartbeat(SSL *s, unsigned char *p,
unsigned int length);
# endif
__owur int tls_check_serverhello_tlsext_early(SSL *s, const PACKET *ext,
@ -2040,53 +2024,54 @@ __owur int tls_check_serverhello_tlsext_early(SSL *s, const PACKET *ext,
SSL_SESSION **ret);
__owur int tls12_get_sigandhash(unsigned char *p, const EVP_PKEY *pk,
const EVP_MD *md);
const EVP_MD *md);
__owur int tls12_get_sigid(const EVP_PKEY *pk);
__owur const EVP_MD *tls12_get_hash(unsigned char hash_alg);
void ssl_set_sig_mask(uint32_t *pmask_a, SSL *s, int op);
__owur int tls1_set_sigalgs_list(CERT *c, const char *str, int client);
__owur int tls1_set_sigalgs(CERT *c, const int *salg, size_t salglen, int client);
__owur int tls1_set_sigalgs(CERT *c, const int *salg, size_t salglen,
int client);
int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain,
int idx);
void tls1_set_cert_validity(SSL *s);
#ifndef OPENSSL_NO_CT
# ifndef OPENSSL_NO_CT
__owur int ssl_validate_ct(SSL *s);
#endif
# endif
# ifndef OPENSSL_NO_DH
__owur DH *ssl_get_auto_dh(SSL *s);
# endif
__owur int ssl_security_cert(SSL *s, SSL_CTX *ctx, X509 *x, int vfy, int is_ee);
__owur int ssl_security_cert_chain(SSL *s, STACK_OF(X509) *sk, X509 *ex, int vfy);
__owur int ssl_security_cert_chain(SSL *s, STACK_OF(X509) *sk, X509 *ex,
int vfy);
__owur EVP_MD_CTX *ssl_replace_hash(EVP_MD_CTX **hash, const EVP_MD *md);
void ssl_clear_hash_ctx(EVP_MD_CTX **hash);
__owur int ssl_add_serverhello_renegotiate_ext(SSL *s, unsigned char *p, int *len,
int maxlen);
__owur int ssl_parse_serverhello_renegotiate_ext(SSL *s, PACKET *pkt,
int *al);
__owur int ssl_add_clienthello_renegotiate_ext(SSL *s, unsigned char *p, int *len,
int maxlen);
__owur int ssl_add_serverhello_renegotiate_ext(SSL *s, unsigned char *p,
int *len, int maxlen);
__owur int ssl_parse_serverhello_renegotiate_ext(SSL *s, PACKET *pkt, int *al);
__owur int ssl_add_clienthello_renegotiate_ext(SSL *s, unsigned char *p,
int *len, int maxlen);
__owur int ssl_parse_clienthello_renegotiate_ext(SSL *s, PACKET *pkt, int *al);
__owur long ssl_get_algorithm2(SSL *s);
__owur size_t tls12_copy_sigalgs(SSL *s, unsigned char *out,
const unsigned char *psig, size_t psiglen);
const unsigned char *psig, size_t psiglen);
__owur int tls1_save_sigalgs(SSL *s, const unsigned char *data, int dsize);
__owur int tls1_process_sigalgs(SSL *s);
__owur size_t tls12_get_psigalgs(SSL *s, const unsigned char **psigs);
__owur int tls12_check_peer_sigalg(const EVP_MD **pmd, SSL *s,
const unsigned char *sig, EVP_PKEY *pkey);
const unsigned char *sig, EVP_PKEY *pkey);
void ssl_set_client_disabled(SSL *s);
__owur int ssl_cipher_disabled(SSL *s, const SSL_CIPHER *c, int op);
__owur int ssl_add_clienthello_use_srtp_ext(SSL *s, unsigned char *p, int *len,
int maxlen);
int maxlen);
__owur int ssl_parse_clienthello_use_srtp_ext(SSL *s, PACKET *pkt, int *al);
__owur int ssl_add_serverhello_use_srtp_ext(SSL *s, unsigned char *p, int *len,
int maxlen);
int maxlen);
__owur int ssl_parse_serverhello_use_srtp_ext(SSL *s, PACKET *pkt, int *al);
__owur int ssl_handshake_hash(SSL *s, unsigned char *out, int outlen);
@ -2119,12 +2104,14 @@ __owur int srp_verify_server_param(SSL *s, int *al);
void custom_ext_init(custom_ext_methods *meths);
__owur int custom_ext_parse(SSL *s, int server,
unsigned int ext_type,
const unsigned char *ext_data, size_t ext_size, int *al);
__owur int custom_ext_add(SSL *s, int server,
unsigned char **pret, unsigned char *limit, int *al);
unsigned int ext_type,
const unsigned char *ext_data, size_t ext_size,
int *al);
__owur int custom_ext_add(SSL *s, int server, unsigned char **pret,
unsigned char *limit, int *al);
__owur int custom_exts_copy(custom_ext_methods *dst, const custom_ext_methods *src);
__owur int custom_exts_copy(custom_ext_methods *dst,
const custom_ext_methods *src);
void custom_exts_free(custom_ext_methods *exts);
void ssl_comp_free_compression_methods_int(void);

13
ssl/ssl_mcnf.c
View file

@ -77,7 +77,8 @@ static int ssl_module_init(CONF_IMODULE *md, const CONF *cnf)
STACK_OF(CONF_VALUE) *cmds = NCONF_get_section(cnf, sect->value);
if (sk_CONF_VALUE_num(cmds) <= 0) {
if (cmds == NULL)
SSLerr(SSL_F_SSL_MODULE_INIT, SSL_R_SSL_COMMAND_SECTION_NOT_FOUND);
SSLerr(SSL_F_SSL_MODULE_INIT,
SSL_R_SSL_COMMAND_SECTION_NOT_FOUND);
else
SSLerr(SSL_F_SSL_MODULE_INIT, SSL_R_SSL_COMMAND_SECTION_EMPTY);
ERR_add_error_data(4, "name=", sect->name, ", value=", sect->value);
@ -109,7 +110,7 @@ static int ssl_module_init(CONF_IMODULE *md, const CONF *cnf)
}
rv = 1;
err:
err:
if (rv == 0)
ssl_module_free(md);
return rv;
@ -165,9 +166,9 @@ static int ssl_do_config(SSL *s, SSL_CTX *ctx, const char *name)
SSL_CONF_CTX_set_ssl_ctx(cctx, ctx);
}
if (meth->ssl_accept != ssl_undefined_function)
flags |= SSL_CONF_FLAG_SERVER;
flags |= SSL_CONF_FLAG_SERVER;
if (meth->ssl_connect != ssl_undefined_function)
flags |= SSL_CONF_FLAG_CLIENT;
flags |= SSL_CONF_FLAG_CLIENT;
SSL_CONF_CTX_set_flags(cctx, flags);
for (i = 0, cmd = nm->cmds; i < nm->cmd_count; i++, cmd++) {
rv = SSL_CONF_cmd(cctx, cmd->cmd, cmd->arg);
@ -177,12 +178,12 @@ static int ssl_do_config(SSL *s, SSL_CTX *ctx, const char *name)
else
SSLerr(SSL_F_SSL_DO_CONFIG, SSL_R_BAD_VALUE);
ERR_add_error_data(6, "section=", name, ", cmd=", cmd->cmd,
", arg=", cmd->arg);
", arg=", cmd->arg);
goto err;
}
}
rv = SSL_CONF_CTX_finish(cctx);
err:
err:
SSL_CONF_CTX_free(cctx);
return rv <= 0 ? 0 : 1;
}

18
ssl/ssl_rsa.c
View file

@ -147,7 +147,7 @@ static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey)
* cards.
*/
if (EVP_PKEY_id(pkey) == EVP_PKEY_RSA
&& RSA_flags(EVP_PKEY_get0_RSA(pkey)) & RSA_METHOD_FLAG_NO_CHECK);
&& RSA_flags(EVP_PKEY_get0_RSA(pkey)) & RSA_METHOD_FLAG_NO_CHECK) ;
else
#endif
if (!X509_check_private_key(c->pkeys[i].x509, pkey)) {
@ -345,7 +345,7 @@ static int ssl_set_cert(CERT *c, X509 *x)
*/
if (EVP_PKEY_id(c->pkeys[i].privatekey) == EVP_PKEY_RSA
&& RSA_flags(EVP_PKEY_get0_RSA(c->pkeys[i].privatekey)) &
RSA_METHOD_FLAG_NO_CHECK) ;
RSA_METHOD_FLAG_NO_CHECK) ;
else
#endif /* OPENSSL_NO_RSA */
if (!X509_check_private_key(x, c->pkeys[i].privatekey)) {
@ -410,8 +410,7 @@ int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type)
return (ret);
}
int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len,
const unsigned char *d)
int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d)
{
X509 *x;
int ret;
@ -649,7 +648,7 @@ static int use_certificate_chain_file(SSL_CTX *ctx, SSL *ssl, const char *file)
while ((ca = PEM_read_bio_X509(in, NULL, passwd_callback,
passwd_callback_userdata))
!= NULL) {
!= NULL) {
if (ctx)
r = SSL_CTX_add0_chain_cert(ctx, ca);
else
@ -892,8 +891,7 @@ int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file)
size_t num_extensions = 0;
if (ctx == NULL || file == NULL) {
SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE,
ERR_R_PASSED_NULL_PARAMETER);
SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, ERR_R_PASSED_NULL_PARAMETER);
goto end;
}
@ -922,8 +920,7 @@ int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file)
}
/* Check that PEM name starts with "BEGIN SERVERINFO FOR " */
if (strlen(name) < strlen(namePrefix)) {
SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE,
SSL_R_PEM_NAME_TOO_SHORT);
SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, SSL_R_PEM_NAME_TOO_SHORT);
goto end;
}
if (strncmp(name, namePrefix, strlen(namePrefix)) != 0) {
@ -940,8 +937,7 @@ int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file)
goto end;
}
/* Append the decoded extension to the serverinfo buffer */
tmp =
OPENSSL_realloc(serverinfo, serverinfo_length + extension_length);
tmp = OPENSSL_realloc(serverinfo, serverinfo_length + extension_length);
if (tmp == NULL) {
SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, ERR_R_MALLOC_FAILURE);
goto end;

39
ssl/ssl_sess.c
View file

@ -158,7 +158,6 @@ SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket)
if (dest->peer_chain == NULL)
goto err;
}
#ifndef OPENSSL_NO_PSK
if (src->psk_identity_hint) {
dest->psk_identity_hint = OPENSSL_strdup(src->psk_identity_hint);
@ -181,7 +180,7 @@ SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket)
}
if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL_SESSION,
&dest->ex_data, &src->ex_data)) {
&dest->ex_data, &src->ex_data)) {
goto err;
}
@ -195,21 +194,22 @@ SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket)
if (src->tlsext_ecpointformatlist) {
dest->tlsext_ecpointformatlist =
OPENSSL_memdup(src->tlsext_ecpointformatlist,
src->tlsext_ecpointformatlist_length);
src->tlsext_ecpointformatlist_length);
if (dest->tlsext_ecpointformatlist == NULL)
goto err;
}
if (src->tlsext_ellipticcurvelist) {
dest->tlsext_ellipticcurvelist =
OPENSSL_memdup(src->tlsext_ellipticcurvelist,
src->tlsext_ellipticcurvelist_length);
src->tlsext_ellipticcurvelist_length);
if (dest->tlsext_ellipticcurvelist == NULL)
goto err;
}
#endif
if (ticket != 0) {
dest->tlsext_tick = OPENSSL_memdup(src->tlsext_tick, src->tlsext_ticklen);
dest->tlsext_tick =
OPENSSL_memdup(src->tlsext_tick, src->tlsext_ticklen);
if (dest->tlsext_tick == NULL)
goto err;
} else {
@ -227,14 +227,13 @@ SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket)
#endif
return dest;
err:
err:
SSLerr(SSL_F_SSL_SESSION_DUP, ERR_R_MALLOC_FAILURE);
SSL_SESSION_free(dest);
return NULL;
}
const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s,
unsigned int *len)
const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len)
{
if (len)
*len = s->session_id_length;
@ -481,8 +480,7 @@ int ssl_get_prev_session(SSL *s, const PACKET *ext, const PACKET *session_id)
data.ssl_version = s->version;
memset(data.session_id, 0, sizeof(data.session_id));
if (!PACKET_copy_all(session_id, data.session_id,
sizeof(data.session_id),
&local_len)) {
sizeof(data.session_id), &local_len)) {
goto err;
}
data.session_id_length = local_len;
@ -684,8 +682,7 @@ int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c)
ret = 1;
if (SSL_CTX_sess_get_cache_size(ctx) > 0) {
while (SSL_CTX_sess_number(ctx) >
SSL_CTX_sess_get_cache_size(ctx)) {
while (SSL_CTX_sess_number(ctx) > SSL_CTX_sess_get_cache_size(ctx)) {
if (!remove_session_lock(ctx, ctx->session_cache_tail, 0))
break;
else
@ -757,7 +754,7 @@ void SSL_SESSION_free(SSL_SESSION *ss)
OPENSSL_free(ss->tlsext_ecpointformatlist);
ss->tlsext_ellipticcurvelist_length = 0;
OPENSSL_free(ss->tlsext_ellipticcurvelist);
#endif /* OPENSSL_NO_EC */
#endif /* OPENSSL_NO_EC */
#ifndef OPENSSL_NO_PSK
OPENSSL_free(ss->psk_identity_hint);
OPENSSL_free(ss->psk_identity);
@ -868,7 +865,7 @@ unsigned long SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION *s)
}
void SSL_SESSION_get0_ticket(const SSL_SESSION *s, const unsigned char **tick,
size_t *len)
size_t *len)
{
*len = s->tlsext_ticklen;
if (tick != NULL)
@ -1068,8 +1065,7 @@ static void SSL_SESSION_list_add(SSL_CTX *ctx, SSL_SESSION *s)
}
void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx,
int (*cb) (struct ssl_st *ssl,
SSL_SESSION *sess))
int (*cb) (struct ssl_st *ssl, SSL_SESSION *sess))
{
ctx->new_session_cb = cb;
}
@ -1098,8 +1094,9 @@ void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx,
}
SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx)) (SSL *ssl,
const unsigned char *data,
int len, int *copy) {
const unsigned char
*data, int len,
int *copy) {
return ctx->get_session_cb;
}
@ -1153,11 +1150,11 @@ void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx,
}
void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx,
int (*cb) (SSL *ssl, const unsigned char *cookie,
int (*cb) (SSL *ssl,
const unsigned char *cookie,
unsigned int cookie_len))
{
ctx->app_verify_cookie_cb = cb;
}
IMPLEMENT_PEM_rw(SSL_SESSION, SSL_SESSION, PEM_STRING_SSL_SESSION,
SSL_SESSION)
IMPLEMENT_PEM_rw(SSL_SESSION, SSL_SESSION, PEM_STRING_SSL_SESSION, SSL_SESSION)

3
ssl/ssl_stat.c
View file

@ -110,7 +110,6 @@ const char *SSL_state_string_long(const SSL *s)
}
}
const char *SSL_state_string(const SSL *s)
{
if (ossl_statem_in_error(s))
@ -335,7 +334,7 @@ const char *SSL_alert_desc_string_long(int value)
return "bad certificate hash value";
case TLS1_AD_UNKNOWN_PSK_IDENTITY:
return "unknown PSK identity";
case TLS1_AD_NO_APPLICATION_PROTOCOL:
case TLS1_AD_NO_APPLICATION_PROTOCOL:
return "no application protocol";
default:
return "unknown";

9
ssl/ssl_txt.c
View file

@ -128,11 +128,11 @@ int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x)
if (x->tlsext_tick) {
if (BIO_puts(bp, "\n TLS session ticket:\n") <= 0)
goto err;
if (BIO_dump_indent(bp, (const char *)x->tlsext_tick, x->tlsext_ticklen, 4)
if (BIO_dump_indent
(bp, (const char *)x->tlsext_tick, x->tlsext_ticklen, 4)
<= 0)
goto err;
}
#ifndef OPENSSL_NO_COMP
if (x->compress_meth != 0) {
SSL_COMP *comp = NULL;
@ -140,12 +140,11 @@ int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x)
if (!ssl_cipher_get_evp(x, NULL, NULL, NULL, NULL, &comp, 0))
goto err;
if (comp == NULL) {
if (BIO_printf(bp, "\n Compression: %d", x->compress_meth) <=
0)
if (BIO_printf(bp, "\n Compression: %d", x->compress_meth) <= 0)
goto err;
} else {
if (BIO_printf(bp, "\n Compression: %d (%s)", comp->id,
comp->name) <= 0)
comp->name) <= 0)
goto err;
}
}

37
ssl/statem/statem.c
View file

@ -46,7 +46,7 @@
*/
/* Sub state machine return values */
typedef enum {
typedef enum {
/* Something bad happened or NBIO */
SUB_STATE_ERROR,
/* Sub state finished go to the next sub state */
@ -165,7 +165,8 @@ void ossl_statem_set_hello_verify_done(SSL *s)
s->statem.hand_state = TLS_ST_SR_CLNT_HELLO;
}
int ossl_statem_connect(SSL *s) {
int ossl_statem_connect(SSL *s)
{
return state_machine(s, 0);
}
@ -174,7 +175,9 @@ int ossl_statem_accept(SSL *s)
return state_machine(s, 1);
}
static void (*get_callback(SSL *s))(const SSL *, int, int)
typedef void (*info_cb) (const SSL *, int, int);
static info_cb get_callback(SSL *s)
{
if (s->info_callback != NULL)
return s->info_callback;
@ -237,7 +240,6 @@ static int state_machine(SSL *s, int server)
if (!SSL_clear(s))
return -1;
}
#ifndef OPENSSL_NO_SCTP
if (SSL_IS_DTLS(s)) {
/*
@ -282,8 +284,7 @@ static int state_machine(SSL *s, int server)
if (SSL_IS_DTLS(s)) {
if ((s->version & 0xff00) != (DTLS1_VERSION & 0xff00) &&
(server
|| (s->version & 0xff00) != (DTLS1_BAD_VER & 0xff00))) {
(server || (s->version & 0xff00) != (DTLS1_BAD_VER & 0xff00))) {
SSLerr(SSL_F_STATE_MACHINE, ERR_R_INTERNAL_ERROR);
goto end;
}
@ -320,7 +321,6 @@ static int state_machine(SSL *s, int server)
*/
s->s3->change_cipher_spec = 0;
/*
* Ok, we now need to push on a buffering BIO ...but not with
* SCTP
@ -471,15 +471,16 @@ static void init_read_state_machine(SSL *s)
* control returns to the calling application. When this function is recalled we
* will resume in the same state where we left off.
*/
static SUB_STATE_RETURN read_state_machine(SSL *s) {
static SUB_STATE_RETURN read_state_machine(SSL *s)
{
OSSL_STATEM *st = &s->statem;
int ret, mt;
unsigned long len = 0;
int (*transition)(SSL *s, int mt);
int (*transition) (SSL *s, int mt);
PACKET pkt;
MSG_PROCESS_RETURN (*process_message)(SSL *s, PACKET *pkt);
WORK_STATE (*post_process_message)(SSL *s, WORK_STATE wst);
unsigned long (*max_message_size)(SSL *s);
MSG_PROCESS_RETURN(*process_message) (SSL *s, PACKET *pkt);
WORK_STATE(*post_process_message) (SSL *s, WORK_STATE wst);
unsigned long (*max_message_size) (SSL *s);
void (*cb) (const SSL *ssl, int type, int val) = NULL;
cb = get_callback(s);
@ -620,7 +621,7 @@ static int statem_do_write(SSL *s)
OSSL_STATEM *st = &s->statem;
if (st->hand_state == TLS_ST_CW_CHANGE
|| st->hand_state == TLS_ST_SW_CHANGE) {
|| st->hand_state == TLS_ST_SW_CHANGE) {
if (SSL_IS_DTLS(s))
return dtls1_do_write(s, SSL3_RT_CHANGE_CIPHER_SPEC);
else
@ -675,10 +676,10 @@ static SUB_STATE_RETURN write_state_machine(SSL *s)
{
OSSL_STATEM *st = &s->statem;
int ret;
WRITE_TRAN (*transition)(SSL *s);
WORK_STATE (*pre_work)(SSL *s, WORK_STATE wst);
WORK_STATE (*post_work)(SSL *s, WORK_STATE wst);
int (*construct_message)(SSL *s);
WRITE_TRAN(*transition) (SSL *s);
WORK_STATE(*pre_work) (SSL *s, WORK_STATE wst);
WORK_STATE(*post_work) (SSL *s, WORK_STATE wst);
int (*construct_message) (SSL *s);
void (*cb) (const SSL *ssl, int type, int val) = NULL;
cb = get_callback(s);
@ -807,7 +808,7 @@ int ossl_statem_app_data_allowed(SSL *s)
* ServerHello yet then we allow app data
*/
if (st->hand_state == TLS_ST_BEFORE
|| st->hand_state == TLS_ST_SR_CLNT_HELLO)
|| st->hand_state == TLS_ST_SR_CLNT_HELLO)
return 1;
} else {
/*

7
ssl/statem/statem.h
View file

@ -71,7 +71,6 @@ typedef enum {
WRITE_STATE_POST_WORK
} WRITE_STATE;
/*****************************************************************************
* *
* This structure should be considered "opaque" to anything outside of the *
@ -89,13 +88,10 @@ struct ossl_statem_st {
OSSL_HANDSHAKE_STATE hand_state;
int in_init;
int read_state_first_init;
/* true when we are actually in SSL_accept() or SSL_connect() */
int in_handshake;
/* Should we skip the CertificateVerify message? */
unsigned int no_cert_verify;
int use_timer;
#ifndef OPENSSL_NO_SCTP
int in_sctp_read_sock;
@ -103,7 +99,6 @@ struct ossl_statem_st {
};
typedef struct ossl_statem_st OSSL_STATEM;
/*****************************************************************************
* *
* The following macros/functions represent the libssl internal API to the *
@ -126,5 +121,3 @@ __owur int ossl_statem_app_data_allowed(SSL *s);
void ossl_statem_set_sctp_read_sock(SSL *s, int read_sock);
__owur int ossl_statem_in_sctp_read_sock(SSL *s);
#endif

407
ssl/statem/statem_clnt.c
View file

@ -65,7 +65,6 @@ static int ca_dn_cmp(const X509_NAME *const *a, const X509_NAME *const *b);
static int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk,
unsigned char *p);
/*
* Is a CertificateRequest message allowed at the moment or not?
*
@ -77,8 +76,8 @@ static ossl_inline int cert_req_allowed(SSL *s)
{
/* TLS does not like anon-DH with client cert */
if ((s->version > SSL3_VERSION
&& (s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL))
|| (s->s3->tmp.new_cipher->algorithm_auth & (SSL_aSRP | SSL_aPSK)))
&& (s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL))
|| (s->s3->tmp.new_cipher->algorithm_auth & (SSL_aSRP | SSL_aPSK)))
return 0;
return 1;
@ -122,7 +121,7 @@ int ossl_statem_client_read_transition(SSL *s, int mt)
OSSL_STATEM *st = &s->statem;
int ske_expected;
switch(st->hand_state) {
switch (st->hand_state) {
case TLS_ST_CW_CLNT_HELLO:
if (mt == SSL3_MT_SERVER_HELLO) {
st->hand_state = TLS_ST_CR_SRVR_HELLO;
@ -153,9 +152,9 @@ int ossl_statem_client_read_transition(SSL *s, int mt)
st->hand_state = DTLS_ST_CR_HELLO_VERIFY_REQUEST;
return 1;
} else if (s->version >= TLS1_VERSION
&& s->tls_session_secret_cb != NULL
&& s->session->tlsext_tick != NULL
&& mt == SSL3_MT_CHANGE_CIPHER_SPEC) {
&& s->tls_session_secret_cb != NULL
&& s->session->tlsext_tick != NULL
&& mt == SSL3_MT_CHANGE_CIPHER_SPEC) {
/*
* Normally, we can tell if the server is resuming the session
* from the session ID. EAP-FAST (RFC 4851), however, relies on
@ -166,7 +165,7 @@ int ossl_statem_client_read_transition(SSL *s, int mt)
st->hand_state = TLS_ST_CR_CHANGE;
return 1;
} else if (!(s->s3->tmp.new_cipher->algorithm_auth
& (SSL_aNULL | SSL_aSRP | SSL_aPSK))) {
& (SSL_aNULL | SSL_aSRP | SSL_aPSK))) {
if (mt == SSL3_MT_CERTIFICATE) {
st->hand_state = TLS_ST_CR_CERT;
return 1;
@ -175,19 +174,19 @@ int ossl_statem_client_read_transition(SSL *s, int mt)
ske_expected = key_exchange_expected(s);
/* SKE is optional for some PSK ciphersuites */
if (ske_expected
|| ((s->s3->tmp.new_cipher->algorithm_mkey & SSL_PSK)
&& mt == SSL3_MT_SERVER_KEY_EXCHANGE)) {
|| ((s->s3->tmp.new_cipher->algorithm_mkey & SSL_PSK)
&& mt == SSL3_MT_SERVER_KEY_EXCHANGE)) {
if (mt == SSL3_MT_SERVER_KEY_EXCHANGE) {
st->hand_state = TLS_ST_CR_KEY_EXCH;
return 1;
}
} else if (mt == SSL3_MT_CERTIFICATE_REQUEST
&& cert_req_allowed(s)) {
st->hand_state = TLS_ST_CR_CERT_REQ;
return 1;
&& cert_req_allowed(s)) {
st->hand_state = TLS_ST_CR_CERT_REQ;
return 1;
} else if (mt == SSL3_MT_SERVER_DONE) {
st->hand_state = TLS_ST_CR_SRVR_DONE;
return 1;
st->hand_state = TLS_ST_CR_SRVR_DONE;
return 1;
}
}
}
@ -207,9 +206,8 @@ int ossl_statem_client_read_transition(SSL *s, int mt)
case TLS_ST_CR_CERT_STATUS:
ske_expected = key_exchange_expected(s);
/* SKE is optional for some PSK ciphersuites */
if (ske_expected
|| ((s->s3->tmp.new_cipher->algorithm_mkey & SSL_PSK)
&& mt == SSL3_MT_SERVER_KEY_EXCHANGE)) {
if (ske_expected || ((s->s3->tmp.new_cipher->algorithm_mkey & SSL_PSK)
&& mt == SSL3_MT_SERVER_KEY_EXCHANGE)) {
if (mt == SSL3_MT_SERVER_KEY_EXCHANGE) {
st->hand_state = TLS_ST_CR_KEY_EXCH;
return 1;
@ -280,99 +278,99 @@ WRITE_TRAN ossl_statem_client_write_transition(SSL *s)
{
OSSL_STATEM *st = &s->statem;
switch(st->hand_state) {
case TLS_ST_OK:
/* Renegotiation - fall through */
case TLS_ST_BEFORE:
st->hand_state = TLS_ST_CW_CLNT_HELLO;
return WRITE_TRAN_CONTINUE;
switch (st->hand_state) {
case TLS_ST_OK:
/* Renegotiation - fall through */
case TLS_ST_BEFORE:
st->hand_state = TLS_ST_CW_CLNT_HELLO;
return WRITE_TRAN_CONTINUE;
case TLS_ST_CW_CLNT_HELLO:
/*
* No transition at the end of writing because we don't know what
* we will be sent
*/
return WRITE_TRAN_FINISHED;
case TLS_ST_CW_CLNT_HELLO:
/*
* No transition at the end of writing because we don't know what
* we will be sent
*/
return WRITE_TRAN_FINISHED;
case DTLS_ST_CR_HELLO_VERIFY_REQUEST:
st->hand_state = TLS_ST_CW_CLNT_HELLO;
return WRITE_TRAN_CONTINUE;
case DTLS_ST_CR_HELLO_VERIFY_REQUEST:
st->hand_state = TLS_ST_CW_CLNT_HELLO;
return WRITE_TRAN_CONTINUE;
case TLS_ST_CR_SRVR_DONE:
if (s->s3->tmp.cert_req)
st->hand_state = TLS_ST_CW_CERT;
else
st->hand_state = TLS_ST_CW_KEY_EXCH;
return WRITE_TRAN_CONTINUE;
case TLS_ST_CW_CERT:
case TLS_ST_CR_SRVR_DONE:
if (s->s3->tmp.cert_req)
st->hand_state = TLS_ST_CW_CERT;
else
st->hand_state = TLS_ST_CW_KEY_EXCH;
return WRITE_TRAN_CONTINUE;
return WRITE_TRAN_CONTINUE;
case TLS_ST_CW_KEY_EXCH:
/*
* For TLS, cert_req is set to 2, so a cert chain of nothing is
* sent, but no verify packet is sent
*/
/*
* XXX: For now, we do not support client authentication in ECDH
* cipher suites with ECDH (rather than ECDSA) certificates. We
* need to skip the certificate verify message when client's
* ECDH public key is sent inside the client certificate.
*/
if (s->s3->tmp.cert_req == 1) {
st->hand_state = TLS_ST_CW_CERT_VRFY;
} else {
st->hand_state = TLS_ST_CW_CHANGE;
}
if (s->s3->flags & TLS1_FLAGS_SKIP_CERT_VERIFY) {
st->hand_state = TLS_ST_CW_CHANGE;
}
return WRITE_TRAN_CONTINUE;
case TLS_ST_CW_CERT:
st->hand_state = TLS_ST_CW_KEY_EXCH;
return WRITE_TRAN_CONTINUE;
case TLS_ST_CW_CERT_VRFY:
case TLS_ST_CW_KEY_EXCH:
/*
* For TLS, cert_req is set to 2, so a cert chain of nothing is
* sent, but no verify packet is sent
*/
/*
* XXX: For now, we do not support client authentication in ECDH
* cipher suites with ECDH (rather than ECDSA) certificates. We
* need to skip the certificate verify message when client's
* ECDH public key is sent inside the client certificate.
*/
if (s->s3->tmp.cert_req == 1) {
st->hand_state = TLS_ST_CW_CERT_VRFY;
} else {
st->hand_state = TLS_ST_CW_CHANGE;
return WRITE_TRAN_CONTINUE;
}
if (s->s3->flags & TLS1_FLAGS_SKIP_CERT_VERIFY) {
st->hand_state = TLS_ST_CW_CHANGE;
}
return WRITE_TRAN_CONTINUE;
case TLS_ST_CW_CHANGE:
case TLS_ST_CW_CERT_VRFY:
st->hand_state = TLS_ST_CW_CHANGE;
return WRITE_TRAN_CONTINUE;
case TLS_ST_CW_CHANGE:
#if defined(OPENSSL_NO_NEXTPROTONEG)
st->hand_state = TLS_ST_CW_FINISHED;
st->hand_state = TLS_ST_CW_FINISHED;
#else
if (!SSL_IS_DTLS(s) && s->s3->next_proto_neg_seen)
st->hand_state = TLS_ST_CW_NEXT_PROTO;
else
st->hand_state = TLS_ST_CW_FINISHED;
if (!SSL_IS_DTLS(s) && s->s3->next_proto_neg_seen)
st->hand_state = TLS_ST_CW_NEXT_PROTO;
else
st->hand_state = TLS_ST_CW_FINISHED;
#endif
return WRITE_TRAN_CONTINUE;
return WRITE_TRAN_CONTINUE;
#if !defined(OPENSSL_NO_NEXTPROTONEG)
case TLS_ST_CW_NEXT_PROTO:
st->hand_state = TLS_ST_CW_FINISHED;
return WRITE_TRAN_CONTINUE;
case TLS_ST_CW_NEXT_PROTO:
st->hand_state = TLS_ST_CW_FINISHED;
return WRITE_TRAN_CONTINUE;
#endif
case TLS_ST_CW_FINISHED:
if (s->hit) {
st->hand_state = TLS_ST_OK;
ossl_statem_set_in_init(s, 0);
return WRITE_TRAN_CONTINUE;
} else {
return WRITE_TRAN_FINISHED;
}
case TLS_ST_CW_FINISHED:
if (s->hit) {
st->hand_state = TLS_ST_OK;
ossl_statem_set_in_init(s, 0);
return WRITE_TRAN_CONTINUE;
} else {
return WRITE_TRAN_FINISHED;
}
case TLS_ST_CR_FINISHED:
if (s->hit) {
st->hand_state = TLS_ST_CW_CHANGE;
return WRITE_TRAN_CONTINUE;
} else {
st->hand_state = TLS_ST_OK;
ossl_statem_set_in_init(s, 0);
return WRITE_TRAN_CONTINUE;
}
case TLS_ST_CR_FINISHED:
if (s->hit) {
st->hand_state = TLS_ST_CW_CHANGE;
return WRITE_TRAN_CONTINUE;
} else {
st->hand_state = TLS_ST_OK;
ossl_statem_set_in_init(s, 0);
return WRITE_TRAN_CONTINUE;
}
default:
/* Shouldn't happen */
return WRITE_TRAN_ERROR;
default:
/* Shouldn't happen */
return WRITE_TRAN_ERROR;
}
}
@ -384,7 +382,7 @@ WORK_STATE ossl_statem_client_pre_work(SSL *s, WORK_STATE wst)
{
OSSL_STATEM *st = &s->statem;
switch(st->hand_state) {
switch (st->hand_state) {
case TLS_ST_CW_CLNT_HELLO:
s->shutdown = 0;
if (SSL_IS_DTLS(s)) {
@ -433,7 +431,7 @@ WORK_STATE ossl_statem_client_post_work(SSL *s, WORK_STATE wst)
s->init_num = 0;
switch(st->hand_state) {
switch (st->hand_state) {
case TLS_ST_CW_CLNT_HELLO:
if (wst == WORK_MORE_A && statem_flush(s) != 1)
return WORK_MORE_A;
@ -516,7 +514,7 @@ int ossl_statem_client_construct_message(SSL *s)
{
OSSL_STATEM *st = &s->statem;
switch(st->hand_state) {
switch (st->hand_state) {
case TLS_ST_CW_CLNT_HELLO:
return tls_construct_client_hello(s);
@ -562,46 +560,47 @@ unsigned long ossl_statem_client_max_message_size(SSL *s)
{
OSSL_STATEM *st = &s->statem;
switch(st->hand_state) {
case TLS_ST_CR_SRVR_HELLO:
return SERVER_HELLO_MAX_LENGTH;
switch (st->hand_state) {
case TLS_ST_CR_SRVR_HELLO:
return SERVER_HELLO_MAX_LENGTH;
case DTLS_ST_CR_HELLO_VERIFY_REQUEST:
return HELLO_VERIFY_REQUEST_MAX_LENGTH;
case DTLS_ST_CR_HELLO_VERIFY_REQUEST:
return HELLO_VERIFY_REQUEST_MAX_LENGTH;
case TLS_ST_CR_CERT:
return s->max_cert_list;
case TLS_ST_CR_CERT:
return s->max_cert_list;
case TLS_ST_CR_CERT_STATUS:
return SSL3_RT_MAX_PLAIN_LENGTH;
case TLS_ST_CR_CERT_STATUS:
return SSL3_RT_MAX_PLAIN_LENGTH;
case TLS_ST_CR_KEY_EXCH:
return SERVER_KEY_EXCH_MAX_LENGTH;
case TLS_ST_CR_KEY_EXCH:
return SERVER_KEY_EXCH_MAX_LENGTH;
case TLS_ST_CR_CERT_REQ:
/* Set to s->max_cert_list for compatibility with previous releases.
* In practice these messages can get quite long if servers are
* configured to provide a long list of acceptable CAs
*/
return s->max_cert_list;
case TLS_ST_CR_CERT_REQ:
/*
* Set to s->max_cert_list for compatibility with previous releases. In
* practice these messages can get quite long if servers are configured
* to provide a long list of acceptable CAs
*/
return s->max_cert_list;
case TLS_ST_CR_SRVR_DONE:
return SERVER_HELLO_DONE_MAX_LENGTH;
case TLS_ST_CR_SRVR_DONE:
return SERVER_HELLO_DONE_MAX_LENGTH;
case TLS_ST_CR_CHANGE:
if (s->version == DTLS1_BAD_VER)
return 3;
return CCS_MAX_LENGTH;
case TLS_ST_CR_CHANGE:
if (s->version == DTLS1_BAD_VER)
return 3;
return CCS_MAX_LENGTH;
case TLS_ST_CR_SESSION_TICKET:
return SSL3_RT_MAX_PLAIN_LENGTH;
case TLS_ST_CR_SESSION_TICKET:
return SSL3_RT_MAX_PLAIN_LENGTH;
case TLS_ST_CR_FINISHED:
return FINISHED_MAX_LENGTH;
case TLS_ST_CR_FINISHED:
return FINISHED_MAX_LENGTH;
default:
/* Shouldn't happen */
break;
default:
/* Shouldn't happen */
break;
}
return 0;
@ -614,40 +613,40 @@ MSG_PROCESS_RETURN ossl_statem_client_process_message(SSL *s, PACKET *pkt)
{
OSSL_STATEM *st = &s->statem;
switch(st->hand_state) {
case TLS_ST_CR_SRVR_HELLO:
return tls_process_server_hello(s, pkt);
switch (st->hand_state) {
case TLS_ST_CR_SRVR_HELLO:
return tls_process_server_hello(s, pkt);
case DTLS_ST_CR_HELLO_VERIFY_REQUEST:
return dtls_process_hello_verify(s, pkt);
case DTLS_ST_CR_HELLO_VERIFY_REQUEST:
return dtls_process_hello_verify(s, pkt);
case TLS_ST_CR_CERT:
return tls_process_server_certificate(s, pkt);
case TLS_ST_CR_CERT:
return tls_process_server_certificate(s, pkt);
case TLS_ST_CR_CERT_STATUS:
return tls_process_cert_status(s, pkt);
case TLS_ST_CR_CERT_STATUS:
return tls_process_cert_status(s, pkt);
case TLS_ST_CR_KEY_EXCH:
return tls_process_key_exchange(s, pkt);
case TLS_ST_CR_KEY_EXCH:
return tls_process_key_exchange(s, pkt);
case TLS_ST_CR_CERT_REQ:
return tls_process_certificate_request(s, pkt);
case TLS_ST_CR_CERT_REQ:
return tls_process_certificate_request(s, pkt);
case TLS_ST_CR_SRVR_DONE:
return tls_process_server_done(s, pkt);
case TLS_ST_CR_SRVR_DONE:
return tls_process_server_done(s, pkt);
case TLS_ST_CR_CHANGE:
return tls_process_change_cipher_spec(s, pkt);
case TLS_ST_CR_CHANGE:
return tls_process_change_cipher_spec(s, pkt);
case TLS_ST_CR_SESSION_TICKET:
return tls_process_new_session_ticket(s, pkt);
case TLS_ST_CR_SESSION_TICKET:
return tls_process_new_session_ticket(s, pkt);
case TLS_ST_CR_FINISHED:
return tls_process_finished(s, pkt);
case TLS_ST_CR_FINISHED:
return tls_process_finished(s, pkt);
default:
/* Shouldn't happen */
break;
default:
/* Shouldn't happen */
break;
}
return MSG_PROCESS_ERROR;
@ -661,7 +660,7 @@ WORK_STATE ossl_statem_client_post_process_message(SSL *s, WORK_STATE wst)
{
OSSL_STATEM *st = &s->statem;
switch(st->hand_state) {
switch (st->hand_state) {
case TLS_ST_CR_CERT_REQ:
return tls_prepare_client_certificate(s, wst);
@ -711,8 +710,7 @@ int tls_construct_client_hello(SSL *s)
goto err;
}
if ((sess == NULL) ||
!ssl_version_supported(s, sess->ssl_version) ||
if ((sess == NULL) || !ssl_version_supported(s, sess->ssl_version) ||
/*
* In the case of EAP-FAST, we can have a pre-shared
* "ticket" without a session ID.
@ -742,8 +740,7 @@ int tls_construct_client_hello(SSL *s)
} else
i = 1;
if (i && ssl_fill_hello_random(s, 0, p,
sizeof(s->s3->client_random)) <= 0)
if (i && ssl_fill_hello_random(s, 0, p, sizeof(s->s3->client_random)) <= 0)
goto err;
/* Do the message type and length last */
@ -846,7 +843,7 @@ int tls_construct_client_hello(SSL *s)
*(p++) = comp->id;
}
#endif
*(p++) = 0; /* Add the NULL method */
*(p++) = 0; /* Add the NULL method */
/* TLS extensions */
if (ssl_prepare_clienthello_tlsext(s) <= 0) {
@ -881,7 +878,7 @@ MSG_PROCESS_RETURN dtls_process_hello_verify(SSL *s, PACKET *pkt)
PACKET cookiepkt;
if (!PACKET_forward(pkt, 2)
|| !PACKET_get_length_prefixed_1(pkt, &cookiepkt)) {
|| !PACKET_get_length_prefixed_1(pkt, &cookiepkt)) {
al = SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_DTLS_PROCESS_HELLO_VERIFY, SSL_R_LENGTH_MISMATCH);
goto f_err;
@ -1145,7 +1142,6 @@ MSG_PROCESS_RETURN tls_process_server_hello(SSL *s, PACKET *pkt)
SSLerr(SSL_F_TLS_PROCESS_SERVER_HELLO, SSL_R_BAD_PACKET_LENGTH);
goto f_err;
}
#ifndef OPENSSL_NO_SCTP
if (SSL_IS_DTLS(s) && s->hit) {
unsigned char sctpauthkey[64];
@ -1159,10 +1155,9 @@ MSG_PROCESS_RETURN tls_process_server_hello(SSL *s, PACKET *pkt)
sizeof(DTLS1_SCTP_AUTH_LABEL));
if (SSL_export_keying_material(s, sctpauthkey,
sizeof(sctpauthkey),
labelbuffer,
sizeof(labelbuffer), NULL, 0,
0) <= 0)
sizeof(sctpauthkey),
labelbuffer,
sizeof(labelbuffer), NULL, 0, 0) <= 0)
goto err;
BIO_ctrl(SSL_get_wbio(s),
@ -1194,14 +1189,14 @@ MSG_PROCESS_RETURN tls_process_server_certificate(SSL *s, PACKET *pkt)
}
if (!PACKET_get_net_3(pkt, &cert_list_len)
|| PACKET_remaining(pkt) != cert_list_len) {
|| PACKET_remaining(pkt) != cert_list_len) {
al = SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_TLS_PROCESS_SERVER_CERTIFICATE, SSL_R_LENGTH_MISMATCH);
goto f_err;
}
while (PACKET_remaining(pkt)) {
if (!PACKET_get_net_3(pkt, &cert_len)
|| !PACKET_get_bytes(pkt, &certbytes, cert_len)) {
|| !PACKET_get_bytes(pkt, &certbytes, cert_len)) {
al = SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_TLS_PROCESS_SERVER_CERTIFICATE,
SSL_R_CERT_LENGTH_MISMATCH);
@ -1274,9 +1269,9 @@ MSG_PROCESS_RETURN tls_process_server_certificate(SSL *s, PACKET *pkt)
exp_idx = ssl_cipher_get_cert_index(s->s3->tmp.new_cipher);
if (exp_idx >= 0 && i != exp_idx
&& (exp_idx != SSL_PKEY_GOST_EC ||
(i != SSL_PKEY_GOST12_512 && i != SSL_PKEY_GOST12_256
&& i != SSL_PKEY_GOST01))) {
&& (exp_idx != SSL_PKEY_GOST_EC ||
(i != SSL_PKEY_GOST12_512 && i != SSL_PKEY_GOST12_256
&& i != SSL_PKEY_GOST01))) {
x = NULL;
al = SSL_AD_ILLEGAL_PARAMETER;
SSLerr(SSL_F_TLS_PROCESS_SERVER_CERTIFICATE,
@ -1333,7 +1328,7 @@ static int tls_process_ske_psk_preamble(SSL *s, PACKET *pkt, int *al)
OPENSSL_free(s->session->psk_identity_hint);
s->session->psk_identity_hint = NULL;
} else if (!PACKET_strndup(&psk_identity_hint,
&s->session->psk_identity_hint)) {
&s->session->psk_identity_hint)) {
*al = SSL_AD_INTERNAL_ERROR;
return 0;
}
@ -1384,7 +1379,7 @@ static int tls_process_ske_srp(SSL *s, PACKET *pkt, EVP_PKEY **pkey, int *al)
}
/* We must check if there is a certificate */
if (s->s3->tmp.new_cipher->algorithm_auth & (SSL_aRSA|SSL_aDSS))
if (s->s3->tmp.new_cipher->algorithm_auth & (SSL_aRSA | SSL_aDSS))
*pkey = X509_get0_pubkey(s->session->peer);
return 1;
@ -1422,8 +1417,7 @@ static int tls_process_ske_dhe(SSL *s, PACKET *pkt, EVP_PKEY **pkey, int *al)
}
p = BN_bin2bn(PACKET_data(&prime), PACKET_remaining(&prime), NULL);
g = BN_bin2bn(PACKET_data(&generator), PACKET_remaining(&generator),
NULL);
g = BN_bin2bn(PACKET_data(&generator), PACKET_remaining(&generator), NULL);
bnpub_key = BN_bin2bn(PACKET_data(&pub_key), PACKET_remaining(&pub_key),
NULL);
if (p == NULL || g == NULL || bnpub_key == NULL) {
@ -1470,7 +1464,7 @@ static int tls_process_ske_dhe(SSL *s, PACKET *pkt, EVP_PKEY **pkey, int *al)
* FIXME: This makes assumptions about which ciphersuites come with
* public keys. We should have a less ad-hoc way of doing this
*/
if (s->s3->tmp.new_cipher->algorithm_auth & (SSL_aRSA|SSL_aDSS))
if (s->s3->tmp.new_cipher->algorithm_auth & (SSL_aRSA | SSL_aDSS))
*pkey = X509_get0_pubkey(s->session->peer);
/* else anonymous DH, so no certificate or pkey. */
@ -1522,7 +1516,7 @@ static int tls_process_ske_ecdhe(SSL *s, PACKET *pkt, EVP_PKEY **pkey, int *al)
curve_nid = tls1_ec_curve_id2nid(*(ecparams + 2), &curve_flags);
if (curve_nid == 0) {
if (curve_nid == 0) {
*al = SSL_AD_INTERNAL_ERROR;
SSLerr(SSL_F_TLS_PROCESS_SKE_ECDHE,
SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS);
@ -1689,7 +1683,8 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt)
if (PACKET_remaining(&signature) > (size_t)maxsig) {
/* wrong packet length */
al = SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, SSL_R_WRONG_SIGNATURE_LENGTH);
SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE,
SSL_R_WRONG_SIGNATURE_LENGTH);
goto err;
}
@ -1701,12 +1696,12 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt)
}
if (EVP_VerifyInit_ex(md_ctx, md, NULL) <= 0
|| EVP_VerifyUpdate(md_ctx, &(s->s3->client_random[0]),
SSL3_RANDOM_SIZE) <= 0
|| EVP_VerifyUpdate(md_ctx, &(s->s3->server_random[0]),
SSL3_RANDOM_SIZE) <= 0
|| EVP_VerifyUpdate(md_ctx, PACKET_data(&params),
PACKET_remaining(&params)) <= 0) {
|| EVP_VerifyUpdate(md_ctx, &(s->s3->client_random[0]),
SSL3_RANDOM_SIZE) <= 0
|| EVP_VerifyUpdate(md_ctx, &(s->s3->server_random[0]),
SSL3_RANDOM_SIZE) <= 0
|| EVP_VerifyUpdate(md_ctx, PACKET_data(&params),
PACKET_remaining(&params)) <= 0) {
EVP_MD_CTX_free(md_ctx);
al = SSL_AD_INTERNAL_ERROR;
SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, ERR_R_EVP_LIB);
@ -1724,7 +1719,7 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt)
} else {
/* aNULL, aSRP or PSK do not need public keys */
if (!(s->s3->tmp.new_cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP))
&& !(alg_k & SSL_PSK)) {
&& !(alg_k & SSL_PSK)) {
/* Might be wrong key type, check it */
if (ssl3_check_cert_and_algorithm(s)) {
/* Otherwise this shouldn't happen */
@ -1767,7 +1762,7 @@ MSG_PROCESS_RETURN tls_process_certificate_request(SSL *s, PACKET *pkt)
/* get the certificate types */
if (!PACKET_get_1(pkt, &ctype_num)
|| !PACKET_get_bytes(pkt, &data, ctype_num)) {
|| !PACKET_get_bytes(pkt, &data, ctype_num)) {
ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
SSLerr(SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST, SSL_R_LENGTH_MISMATCH);
goto err;
@ -1790,7 +1785,7 @@ MSG_PROCESS_RETURN tls_process_certificate_request(SSL *s, PACKET *pkt)
if (SSL_USE_SIGALGS(s)) {
if (!PACKET_get_net_2(pkt, &list_len)
|| !PACKET_get_bytes(pkt, &data, list_len)) {
|| !PACKET_get_bytes(pkt, &data, list_len)) {
ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
SSLerr(SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST,
SSL_R_LENGTH_MISMATCH);
@ -1819,7 +1814,7 @@ MSG_PROCESS_RETURN tls_process_certificate_request(SSL *s, PACKET *pkt)
/* get the CA RDNs */
if (!PACKET_get_net_2(pkt, &list_len)
|| PACKET_remaining(pkt) != list_len) {
|| PACKET_remaining(pkt) != list_len) {
ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
SSLerr(SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST, SSL_R_LENGTH_MISMATCH);
goto err;
@ -1827,7 +1822,7 @@ MSG_PROCESS_RETURN tls_process_certificate_request(SSL *s, PACKET *pkt)
while (PACKET_remaining(pkt)) {
if (!PACKET_get_net_2(pkt, &name_len)
|| !PACKET_get_bytes(pkt, &namebytes, name_len)) {
|| !PACKET_get_bytes(pkt, &namebytes, name_len)) {
ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
SSLerr(SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST,
SSL_R_LENGTH_MISMATCH);
@ -1885,8 +1880,8 @@ MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL *s, PACKET *pkt)
unsigned long ticket_lifetime_hint;
if (!PACKET_get_net_4(pkt, &ticket_lifetime_hint)
|| !PACKET_get_net_2(pkt, &ticklen)
|| PACKET_remaining(pkt) != ticklen) {
|| !PACKET_get_net_2(pkt, &ticklen)
|| PACKET_remaining(pkt) != ticklen) {
al = SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_TLS_PROCESS_NEW_SESSION_TICKET, SSL_R_LENGTH_MISMATCH);
goto f_err;
@ -1968,13 +1963,13 @@ MSG_PROCESS_RETURN tls_process_cert_status(SSL *s, PACKET *pkt)
unsigned int type;
if (!PACKET_get_1(pkt, &type)
|| type != TLSEXT_STATUSTYPE_ocsp) {
|| type != TLSEXT_STATUSTYPE_ocsp) {
al = SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_TLS_PROCESS_CERT_STATUS, SSL_R_UNSUPPORTED_STATUS_TYPE);
goto f_err;
}
if (!PACKET_get_net_3(pkt, &resplen)
|| PACKET_remaining(pkt) != resplen) {
|| PACKET_remaining(pkt) != resplen) {
al = SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_TLS_PROCESS_CERT_STATUS, SSL_R_LENGTH_MISMATCH);
goto f_err;
@ -2007,7 +2002,6 @@ MSG_PROCESS_RETURN tls_process_server_done(SSL *s, PACKET *pkt)
ossl_statem_set_error(s);
return MSG_PROCESS_ERROR;
}
#ifndef OPENSSL_NO_SRP
if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kSRP) {
if (SRP_Calc_A_param(s) <= 0) {
@ -2050,7 +2044,6 @@ MSG_PROCESS_RETURN tls_process_server_done(SSL *s, PACKET *pkt)
return MSG_PROCESS_ERROR;
}
}
#ifndef OPENSSL_NO_CT
if (s->ct_validation_callback != NULL) {
/* Note we validate the SCTs whether or not we abort on error */
@ -2064,7 +2057,7 @@ MSG_PROCESS_RETURN tls_process_server_done(SSL *s, PACKET *pkt)
#ifndef OPENSSL_NO_SCTP
/* Only applies to renegotiation */
if (SSL_IS_DTLS(s) && BIO_dgram_is_sctp(SSL_get_wbio(s))
&& s->renegotiate != 0)
&& s->renegotiate != 0)
return MSG_PROCESS_CONTINUE_PROCESSING;
else
#endif
@ -2379,8 +2372,8 @@ static int tls_construct_cke_gost(SSL *s, unsigned char **p, int *len, int *al)
}
if (EVP_PKEY_encrypt_init(pkey_ctx) <= 0
/* Generate session key */
|| RAND_bytes(pms, pmslen) <= 0) {
/* Generate session key */
|| RAND_bytes(pms, pmslen) <= 0) {
*al = SSL_AD_INTERNAL_ERROR;
SSLerr(SSL_F_TLS_CONSTRUCT_CKE_GOST, ERR_R_INTERNAL_ERROR);
goto err;
@ -2389,8 +2382,7 @@ static int tls_construct_cke_gost(SSL *s, unsigned char **p, int *len, int *al)
* If we have client certificate, use its secret as peer key
*/
if (s->s3->tmp.cert_req && s->cert->key->privatekey) {
if (EVP_PKEY_derive_set_peer
(pkey_ctx, s->cert->key->privatekey) <= 0) {
if (EVP_PKEY_derive_set_peer(pkey_ctx, s->cert->key->privatekey) <= 0) {
/*
* If there was an error - just ignore it. Ephemeral key
* * would be used
@ -2404,12 +2396,12 @@ static int tls_construct_cke_gost(SSL *s, unsigned char **p, int *len, int *al)
*/
ukm_hash = EVP_MD_CTX_new();
if (ukm_hash == NULL
|| EVP_DigestInit(ukm_hash, EVP_get_digestbynid(dgst_nid)) <= 0
|| EVP_DigestUpdate(ukm_hash, s->s3->client_random,
SSL3_RANDOM_SIZE) <= 0
|| EVP_DigestUpdate(ukm_hash, s->s3->server_random,
SSL3_RANDOM_SIZE) <= 0
|| EVP_DigestFinal_ex(ukm_hash, shared_ukm, &md_len) <= 0) {
|| EVP_DigestInit(ukm_hash, EVP_get_digestbynid(dgst_nid)) <= 0
|| EVP_DigestUpdate(ukm_hash, s->s3->client_random,
SSL3_RANDOM_SIZE) <= 0
|| EVP_DigestUpdate(ukm_hash, s->s3->server_random,
SSL3_RANDOM_SIZE) <= 0
|| EVP_DigestFinal_ex(ukm_hash, shared_ukm, &md_len) <= 0) {
*al = SSL_AD_INTERNAL_ERROR;
SSLerr(SSL_F_TLS_CONSTRUCT_CKE_GOST, ERR_R_INTERNAL_ERROR);
goto err;
@ -2506,7 +2498,7 @@ int tls_construct_client_key_exchange(SSL *s)
p = ssl_handshake_start(s);
if ((alg_k & SSL_PSK)
&& !tls_construct_cke_psk_preamble(s, &p, &pskhdrlen, &al))
&& !tls_construct_cke_psk_preamble(s, &p, &pskhdrlen, &al))
goto err;
if (alg_k & SSL_kPSK) {
@ -2603,8 +2595,8 @@ int tls_client_key_exchange_post_work(SSL *s)
sizeof(DTLS1_SCTP_AUTH_LABEL));
if (SSL_export_keying_material(s, sctpauthkey,
sizeof(sctpauthkey), labelbuffer,
sizeof(labelbuffer), NULL, 0, 0) <= 0)
sizeof(sctpauthkey), labelbuffer,
sizeof(labelbuffer), NULL, 0, 0) <= 0)
goto err;
BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY,
@ -2917,8 +2909,7 @@ int ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey)
return i;
}
int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk,
unsigned char *p)
int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, unsigned char *p)
{
int i, j = 0;
const SSL_CIPHER *c;

42
ssl/statem/statem_dtls.c
View file

@ -124,8 +124,7 @@ int dtls1_do_write(SSL *s, int type)
if (s->init_off == 0 && type == SSL3_RT_HANDSHAKE)
OPENSSL_assert(s->init_num ==
(int)s->d1->w_msg_hdr.msg_len +
DTLS1_HM_HEADER_LENGTH);
(int)s->d1->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH);
if (s->write_hash) {
if (s->enc_write_ctx
@ -230,16 +229,14 @@ int dtls1_do_write(SSL *s, int type)
*/
return -1;
}
dtls1_fix_message_header(s, frag_off,
len - DTLS1_HM_HEADER_LENGTH);
dtls1_fix_message_header(s, frag_off, len - DTLS1_HM_HEADER_LENGTH);
dtls1_write_message_header(s,
(unsigned char *)&s->init_buf->
data[s->init_off]);
}
ret = dtls1_write_bytes(s, type, &s->init_buf->data[s->init_off],
len);
ret = dtls1_write_bytes(s, type, &s->init_buf->data[s->init_off], len);
if (ret < 0) {
/*
* might need to update MTU here, but we don't know which
@ -339,8 +336,7 @@ int dtls_get_message(SSL *s, int *mt, unsigned long *len)
again:
ok = dtls_get_reassembled_message(s, &tmplen);
if (tmplen == DTLS1_HM_BAD_FRAGMENT
|| tmplen == DTLS1_HM_FRAGMENT_RETRY) {
if (tmplen == DTLS1_HM_BAD_FRAGMENT || tmplen == DTLS1_HM_FRAGMENT_RETRY) {
/* bad fragment received */
goto again;
} else if (tmplen <= 0 && !ok) {
@ -386,7 +382,6 @@ int dtls_get_message(SSL *s, int *mt, unsigned long *len)
s->d1->handshake_read_seq++;
s->init_msg = s->init_buf->data + DTLS1_HM_HEADER_LENGTH;
*len = s->init_num;
@ -412,8 +407,7 @@ static int dtls1_preprocess_fragment(SSL *s, struct hm_header_st *msg_hdr)
* msg_len is limited to 2^24, but is effectively checked against max
* above
*/
if (!BUF_MEM_grow_clean
(s->init_buf, msg_len + DTLS1_HM_HEADER_LENGTH)) {
if (!BUF_MEM_grow_clean(s->init_buf, msg_len + DTLS1_HM_HEADER_LENGTH)) {
SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT, ERR_R_BUF_LIB);
return SSL_AD_INTERNAL_ERROR;
}
@ -639,8 +633,7 @@ dtls1_process_out_of_seq_message(SSL *s, const struct hm_header_st *msg_hdr,
*/
if (msg_hdr->seq <= s->d1->handshake_read_seq ||
msg_hdr->seq > s->d1->handshake_read_seq + 10 || item != NULL ||
(s->d1->handshake_read_seq == 0 && msg_hdr->type == SSL3_MT_FINISHED))
{
(s->d1->handshake_read_seq == 0 && msg_hdr->type == SSL3_MT_FINISHED)) {
unsigned char devnull[256];
while (frag_len) {
@ -975,8 +968,7 @@ int dtls1_retransmit_buffered_messages(SSL *s)
if (dtls1_retransmit_message(s, (unsigned short)
dtls1_get_queue_priority
(frag->msg_header.seq,
frag->msg_header.is_ccs),
&found) <= 0)
frag->msg_header.is_ccs), &found) <= 0)
return -1;
}
@ -1004,7 +996,8 @@ int dtls1_buffer_message(SSL *s, int is_ccs)
if (is_ccs) {
/* For DTLS1_BAD_VER the header length is non-standard */
OPENSSL_assert(s->d1->w_msg_hdr.msg_len +
((s->version==DTLS1_BAD_VER)?3:DTLS1_CCS_HEADER_LENGTH)
((s->version ==
DTLS1_BAD_VER) ? 3 : DTLS1_CCS_HEADER_LENGTH)
== (unsigned int)s->init_num);
} else {
OPENSSL_assert(s->d1->w_msg_hdr.msg_len +
@ -1046,8 +1039,7 @@ int dtls1_buffer_message(SSL *s, int is_ccs)
return 1;
}
int
dtls1_retransmit_message(SSL *s, unsigned short seq, int *found)
int dtls1_retransmit_message(SSL *s, unsigned short seq, int *found)
{
int ret;
/* XDTLS: for now assuming that read/writes are blocking */
@ -1106,7 +1098,8 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, int *found)
s->compress = frag->msg_header.saved_retransmit_state.compress;
s->session = frag->msg_header.saved_retransmit_state.session;
DTLS_RECORD_LAYER_set_saved_w_epoch(&s->rlayer,
frag->msg_header.saved_retransmit_state.epoch);
frag->msg_header.
saved_retransmit_state.epoch);
ret = dtls1_do_write(s, frag->msg_header.is_ccs ?
SSL3_RT_CHANGE_CIPHER_SPEC : SSL3_RT_HANDSHAKE);
@ -1138,8 +1131,7 @@ void dtls1_clear_record_buffer(SSL *s)
void dtls1_set_message_header(SSL *s,
unsigned char mt, unsigned long len,
unsigned long frag_off,
unsigned long frag_len)
unsigned long frag_off, unsigned long frag_len)
{
if (frag_off == 0) {
s->d1->handshake_write_seq = s->d1->next_handshake_write_seq;
@ -1166,8 +1158,7 @@ dtls1_set_message_header_int(SSL *s, unsigned char mt,
}
static void
dtls1_fix_message_header(SSL *s, unsigned long frag_off,
unsigned long frag_len)
dtls1_fix_message_header(SSL *s, unsigned long frag_off, unsigned long frag_len)
{
struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;
@ -1189,8 +1180,7 @@ static unsigned char *dtls1_write_message_header(SSL *s, unsigned char *p)
return p;
}
void
dtls1_get_message_header(unsigned char *data, struct hm_header_st *msg_hdr)
void dtls1_get_message_header(unsigned char *data, struct hm_header_st *msg_hdr)
{
memset(msg_hdr, 0, sizeof(*msg_hdr));
msg_hdr->type = *(data++);
@ -1200,5 +1190,3 @@ dtls1_get_message_header(unsigned char *data, struct hm_header_st *msg_hdr)
n2l3(data, msg_hdr->frag_off);
n2l3(data, msg_hdr->frag_len);
}

77
ssl/statem/statem_lib.c
View file

@ -138,13 +138,13 @@ MSG_PROCESS_RETURN tls_process_change_cipher_spec(SSL *s, PACKET *pkt)
*/
if (SSL_IS_DTLS(s)) {
if ((s->version == DTLS1_BAD_VER
&& remain != DTLS1_CCS_HEADER_LENGTH + 1)
|| (s->version != DTLS1_BAD_VER
&& remain != DTLS1_CCS_HEADER_LENGTH - 1)) {
al = SSL_AD_ILLEGAL_PARAMETER;
SSLerr(SSL_F_TLS_PROCESS_CHANGE_CIPHER_SPEC,
SSL_R_BAD_CHANGE_CIPHER_SPEC);
goto f_err;
&& remain != DTLS1_CCS_HEADER_LENGTH + 1)
|| (s->version != DTLS1_BAD_VER
&& remain != DTLS1_CCS_HEADER_LENGTH - 1)) {
al = SSL_AD_ILLEGAL_PARAMETER;
SSLerr(SSL_F_TLS_PROCESS_CHANGE_CIPHER_SPEC,
SSL_R_BAD_CHANGE_CIPHER_SPEC);
goto f_err;
}
} else {
if (remain != 0) {
@ -349,16 +349,18 @@ int tls_get_message_header(SSL *s, int *mt)
do {
while (s->init_num < SSL3_HM_HEADER_LENGTH) {
i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, &recvd_type,
&p[s->init_num], SSL3_HM_HEADER_LENGTH - s->init_num, 0);
&p[s->init_num],
SSL3_HM_HEADER_LENGTH - s->init_num,
0);
if (i <= 0) {
s->rwstate = SSL_READING;
return 0;
}
if (recvd_type == SSL3_RT_CHANGE_CIPHER_SPEC) {
/*
* A ChangeCipherSpec must be a single byte and may not occur
* in the middle of a handshake message.
*/
* A ChangeCipherSpec must be a single byte and may not occur
* in the middle of a handshake message.
*/
if (s->init_num != 0 || i != 1 || p[0] != SSL3_MT_CCS) {
al = SSL_AD_UNEXPECTED_MESSAGE;
SSLerr(SSL_F_TLS_GET_MESSAGE_HEADER,
@ -428,7 +430,7 @@ int tls_get_message_header(SSL *s, int *mt)
goto f_err;
}
if (l && !BUF_MEM_grow_clean(s->init_buf,
(int)l + SSL3_HM_HEADER_LENGTH)) {
(int)l + SSL3_HM_HEADER_LENGTH)) {
SSLerr(SSL_F_TLS_GET_MESSAGE_HEADER, ERR_R_BUF_LIB);
goto err;
}
@ -490,11 +492,11 @@ int tls_get_message_body(SSL *s, unsigned long *len)
return 0;
}
if (s->msg_callback)
s->msg_callback(0, SSL2_VERSION, 0, s->init_buf->data,
s->msg_callback(0, SSL2_VERSION, 0, s->init_buf->data,
(size_t)s->init_num, s, s->msg_callback_arg);
} else {
if (!ssl3_finish_mac(s, (unsigned char *)s->init_buf->data,
s->init_num + SSL3_HM_HEADER_LENGTH)) {
s->init_num + SSL3_HM_HEADER_LENGTH)) {
SSLerr(SSL_F_TLS_GET_MESSAGE_BODY, ERR_R_EVP_LIB);
ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
*len = 0;
@ -522,8 +524,7 @@ int tls_get_message_body(SSL *s, unsigned long *len)
int ssl_cert_type(const X509 *x, const EVP_PKEY *pk)
{
if (pk == NULL &&
(pk = X509_get0_pubkey(x)) == NULL)
if (pk == NULL && (pk = X509_get0_pubkey(x)) == NULL)
return -1;
switch (EVP_PKEY_id(pk)) {
@ -637,8 +638,8 @@ static int version_cmp(const SSL *s, int a, int b)
typedef struct {
int version;
const SSL_METHOD *(*cmeth)(void);
const SSL_METHOD *(*smeth)(void);
const SSL_METHOD *(*cmeth) (void);
const SSL_METHOD *(*smeth) (void);
} version_info;
#if TLS_MAX_VERSION != TLS1_2_VERSION
@ -647,26 +648,26 @@ typedef struct {
static const version_info tls_version_table[] = {
#ifndef OPENSSL_NO_TLS1_2
{ TLS1_2_VERSION, tlsv1_2_client_method, tlsv1_2_server_method },
{TLS1_2_VERSION, tlsv1_2_client_method, tlsv1_2_server_method},
#else
{ TLS1_2_VERSION, NULL, NULL },
{TLS1_2_VERSION, NULL, NULL},
#endif
#ifndef OPENSSL_NO_TLS1_1
{ TLS1_1_VERSION, tlsv1_1_client_method, tlsv1_1_server_method },
{TLS1_1_VERSION, tlsv1_1_client_method, tlsv1_1_server_method},
#else
{ TLS1_1_VERSION, NULL, NULL },
{TLS1_1_VERSION, NULL, NULL},
#endif
#ifndef OPENSSL_NO_TLS1
{ TLS1_VERSION, tlsv1_client_method, tlsv1_server_method },
{TLS1_VERSION, tlsv1_client_method, tlsv1_server_method},
#else
{ TLS1_VERSION, NULL, NULL },
{TLS1_VERSION, NULL, NULL},
#endif
#ifndef OPENSSL_NO_SSL3
{ SSL3_VERSION, sslv3_client_method, sslv3_server_method },
{SSL3_VERSION, sslv3_client_method, sslv3_server_method},
#else
{ SSL3_VERSION, NULL, NULL },
{SSL3_VERSION, NULL, NULL},
#endif
{ 0, NULL, NULL },
{0, NULL, NULL},
};
#if DTLS_MAX_VERSION != DTLS1_2_VERSION
@ -675,18 +676,18 @@ static const version_info tls_version_table[] = {
static const version_info dtls_version_table[] = {
#ifndef OPENSSL_NO_DTLS1_2
{ DTLS1_2_VERSION, dtlsv1_2_client_method, dtlsv1_2_server_method },
{DTLS1_2_VERSION, dtlsv1_2_client_method, dtlsv1_2_server_method},
#else
{ DTLS1_2_VERSION, NULL, NULL },
{DTLS1_2_VERSION, NULL, NULL},
#endif
#ifndef OPENSSL_NO_DTLS1
{ DTLS1_VERSION, dtlsv1_client_method, dtlsv1_server_method },
{ DTLS1_BAD_VER, dtls_bad_ver_client_method, NULL },
{DTLS1_VERSION, dtlsv1_client_method, dtlsv1_server_method},
{DTLS1_BAD_VER, dtls_bad_ver_client_method, NULL},
#else
{ DTLS1_VERSION, NULL, NULL },
{ DTLS1_BAD_VER, NULL, NULL },
{DTLS1_VERSION, NULL, NULL},
{DTLS1_BAD_VER, NULL, NULL},
#endif
{ 0, NULL, NULL },
{0, NULL, NULL},
};
/*
@ -707,7 +708,7 @@ static int ssl_method_error(const SSL *s, const SSL_METHOD *method)
return SSL_R_VERSION_TOO_LOW;
if (s->max_proto_version != 0 &&
version_cmp(s, version, s->max_proto_version) > 0)
version_cmp(s, version, s->max_proto_version) > 0)
return SSL_R_VERSION_TOO_HIGH;
if ((s->options & method->mask) != 0)
@ -794,8 +795,7 @@ int ssl_check_version_downgrade(SSL *s)
}
for (vent = table; vent->version != 0; ++vent) {
if (vent->smeth != NULL &&
ssl_method_error(s, vent->smeth()) == 0)
if (vent->smeth != NULL && ssl_method_error(s, vent->smeth()) == 0)
return s->version == vent->version;
}
return 0;
@ -995,7 +995,8 @@ int ssl_choose_client_version(SSL *s, int version)
* Returns 0 on success or an SSL error reason number on failure. On failure
* min_version and max_version will also be set to 0.
*/
int ssl_get_client_min_max_version(const SSL *s, int *min_version, int *max_version)
int ssl_get_client_min_max_version(const SSL *s, int *min_version,
int *max_version)
{
int version;
int hole;

11
ssl/statem/statem_locl.h
View file

@ -96,13 +96,12 @@ __owur int ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey);
__owur int tls_construct_client_key_exchange(SSL *s);
__owur int tls_client_key_exchange_post_work(SSL *s);
__owur int tls_construct_cert_status(SSL *s);
__owur MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s,
PACKET *pkt);
__owur MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt);
__owur MSG_PROCESS_RETURN tls_process_server_certificate(SSL *s, PACKET *pkt);
__owur int ssl3_check_cert_and_algorithm(SSL *s);
# ifndef OPENSSL_NO_NEXTPROTONEG
#ifndef OPENSSL_NO_NEXTPROTONEG
__owur int tls_construct_next_proto(SSL *s);
# endif
#endif
__owur MSG_PROCESS_RETURN dtls_process_hello_verify(SSL *s, PACKET *pkt);
/* some server-only functions */
@ -119,7 +118,7 @@ __owur MSG_PROCESS_RETURN tls_process_client_certificate(SSL *s, PACKET *pkt);
__owur MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt);
__owur WORK_STATE tls_post_process_client_key_exchange(SSL *s, WORK_STATE wst);
__owur MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt);
# ifndef OPENSSL_NO_NEXTPROTONEG
#ifndef OPENSSL_NO_NEXTPROTONEG
__owur MSG_PROCESS_RETURN tls_process_next_proto(SSL *s, PACKET *pkt);
# endif
#endif
__owur int tls_construct_new_session_ticket(SSL *s);

195
ssl/statem/statem_srvr.c
View file

@ -47,7 +47,6 @@
* OTHERWISE.
*/
#include <stdio.h>
#include "../ssl_locl.h"
#include "statem_locl.h"
@ -64,8 +63,9 @@
static STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,
PACKET *cipher_suites,
STACK_OF(SSL_CIPHER) **skp,
int sslv2format, int *al);
STACK_OF(SSL_CIPHER)
**skp, int sslv2format,
int *al);
/*
* server_read_transition() encapsulates the logic for the allowed handshake
@ -237,7 +237,7 @@ static int send_server_key_exchange(SSL *s)
* the server certificate contains the server's public key for
* key exchange.
*/
if (alg_k & (SSL_kDHE|SSL_kECDHE)
if (alg_k & (SSL_kDHE | SSL_kECDHE)
/*
* PSK: send ServerKeyExchange if PSK identity hint if
* provided
@ -253,7 +253,7 @@ static int send_server_key_exchange(SSL *s)
/* SRP: send ServerKeyExchange */
|| (alg_k & SSL_kSRP)
#endif
) {
) {
return 1;
}
@ -284,11 +284,11 @@ static int send_certificate_request(SSL *s)
* RFC 2246):
*/
&& (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL)
/*
* ... except when the application insists on
* verification (against the specs, but statem_clnt.c accepts
* this for SSL 3)
*/
/*
* ... except when the application insists on
* verification (against the specs, but statem_clnt.c accepts
* this for SSL 3)
*/
|| (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT))
/* don't request certificate for SRP auth */
&& !(s->s3->tmp.new_cipher->algorithm_auth & SSL_aSRP)
@ -313,7 +313,7 @@ WRITE_TRAN ossl_statem_server_write_transition(SSL *s)
switch (st->hand_state) {
case TLS_ST_BEFORE:
/* Just go straight to trying to read from the client */;
/* Just go straight to trying to read from the client */
return WRITE_TRAN_FINISHED;
case TLS_ST_OK:
@ -328,7 +328,7 @@ WRITE_TRAN ossl_statem_server_write_transition(SSL *s)
case TLS_ST_SR_CLNT_HELLO:
if (SSL_IS_DTLS(s) && !s->d1->cookie_verified
&& (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE))
&& (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE))
st->hand_state = DTLS_ST_SW_HELLO_VERIFY_REQUEST;
else
st->hand_state = TLS_ST_SW_SRVR_HELLO;
@ -347,7 +347,7 @@ WRITE_TRAN ossl_statem_server_write_transition(SSL *s)
/* Check if it is anon DH or anon ECDH, */
/* normal PSK or SRP */
if (!(s->s3->tmp.new_cipher->algorithm_auth &
(SSL_aNULL | SSL_aSRP | SSL_aPSK))) {
(SSL_aNULL | SSL_aSRP | SSL_aPSK))) {
st->hand_state = TLS_ST_SW_CERT;
} else if (send_server_key_exchange(s)) {
st->hand_state = TLS_ST_SW_KEY_EXCH;
@ -549,8 +549,9 @@ WORK_STATE ossl_statem_server_post_work(SSL *s, WORK_STATE wst)
sizeof(DTLS1_SCTP_AUTH_LABEL));
if (SSL_export_keying_material(s, sctpauthkey,
sizeof(sctpauthkey), labelbuffer,
sizeof(labelbuffer), NULL, 0, 0) <= 0) {
sizeof(sctpauthkey), labelbuffer,
sizeof(labelbuffer), NULL, 0,
0) <= 0) {
ossl_statem_set_error(s);
return WORK_ERROR;
}
@ -573,7 +574,8 @@ WORK_STATE ossl_statem_server_post_work(SSL *s, WORK_STATE wst)
}
#endif
if (!s->method->ssl3_enc->change_cipher_state(s,
SSL3_CHANGE_CIPHER_SERVER_WRITE)) {
SSL3_CHANGE_CIPHER_SERVER_WRITE))
{
ossl_statem_set_error(s);
return WORK_ERROR;
}
@ -786,11 +788,10 @@ WORK_STATE ossl_statem_server_post_process_message(SSL *s, WORK_STATE wst)
case TLS_ST_SR_CERT_VRFY:
#ifndef OPENSSL_NO_SCTP
if ( /* Is this SCTP? */
BIO_dgram_is_sctp(SSL_get_wbio(s))
/* Are we renegotiating? */
&& s->renegotiate
&& BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s))) {
if ( /* Is this SCTP? */
BIO_dgram_is_sctp(SSL_get_wbio(s))
/* Are we renegotiating? */
&& s->renegotiate && BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s))) {
s->s3->in_read_app_data = 2;
s->rwstate = SSL_READING;
BIO_clear_retry_flags(SSL_get_rbio(s));
@ -847,8 +848,8 @@ int tls_construct_hello_request(SSL *s)
}
unsigned int dtls_raw_hello_verify_request(unsigned char *buf,
unsigned char *cookie,
unsigned char cookie_len)
unsigned char *cookie,
unsigned char cookie_len)
{
unsigned int msg_len;
unsigned char *p;
@ -884,10 +885,9 @@ int dtls_construct_hello_verify_request(SSL *s)
}
len = dtls_raw_hello_verify_request(&buf[DTLS1_HM_HEADER_LENGTH],
s->d1->cookie, s->d1->cookie_len);
s->d1->cookie, s->d1->cookie_len);
dtls1_set_message_header(s, DTLS1_MT_HELLO_VERIFY_REQUEST, len, 0,
len);
dtls1_set_message_header(s, DTLS1_MT_HELLO_VERIFY_REQUEST, len, 0, len);
len += DTLS1_HM_HEADER_LENGTH;
/* number of bytes to write */
@ -936,7 +936,7 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt)
*/
if (!PACKET_get_1(pkt, &mt)
|| mt != SSL2_MT_CLIENT_HELLO) {
|| mt != SSL2_MT_CLIENT_HELLO) {
/*
* Should never happen. We should have tested this in the record
* layer in order to have determined that this is a SSLv2 record
@ -1012,8 +1012,8 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt)
PACKET challenge;
if (!PACKET_get_net_2(pkt, &cipher_len)
|| !PACKET_get_net_2(pkt, &session_id_len)
|| !PACKET_get_net_2(pkt, &challenge_len)) {
|| !PACKET_get_net_2(pkt, &session_id_len)
|| !PACKET_get_net_2(pkt, &challenge_len)) {
SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO,
SSL_R_RECORD_LENGTH_MISMATCH);
al = SSL_AD_DECODE_ERROR;
@ -1080,15 +1080,15 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt)
*/
if (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) {
if (PACKET_remaining(&cookie) == 0)
return 1;
return 1;
}
}
if (!PACKET_get_length_prefixed_2(pkt, &cipher_suites)
|| !PACKET_get_length_prefixed_1(pkt, &compression)) {
al = SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH);
goto f_err;
al = SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH);
goto f_err;
}
/* Could be empty. */
extensions = *pkt;
@ -1099,16 +1099,16 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt)
if (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) {
if (s->ctx->app_verify_cookie_cb != NULL) {
if (s->ctx->app_verify_cookie_cb(s, PACKET_data(&cookie),
PACKET_remaining(&cookie)) == 0) {
PACKET_remaining(&cookie)) ==
0) {
al = SSL_AD_HANDSHAKE_FAILURE;
SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO,
SSL_R_COOKIE_MISMATCH);
goto f_err;
/* else cookie verification succeeded */
}
/* default verification */
} else if (!PACKET_equal(&cookie, s->d1->cookie,
s->d1->cookie_len)) {
/* default verification */
} else if (!PACKET_equal(&cookie, s->d1->cookie, s->d1->cookie_len)) {
al = SSL_AD_HANDSHAKE_FAILURE;
SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO, SSL_R_COOKIE_MISMATCH);
goto f_err;
@ -1183,8 +1183,7 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt)
id = s->session->cipher->id;
#ifdef CIPHER_DEBUG
fprintf(stderr, "client sent %d ciphers\n",
sk_SSL_CIPHER_num(ciphers));
fprintf(stderr, "client sent %d ciphers\n", sk_SSL_CIPHER_num(ciphers));
#endif
for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) {
c = sk_SSL_CIPHER_value(ciphers, i);
@ -1405,7 +1404,8 @@ WORK_STATE tls_post_process_client_hello(SSL *s, WORK_STATE wst)
int rv = s->cert->cert_cb(s, s->cert->cert_cb_arg);
if (rv == 0) {
al = SSL_AD_INTERNAL_ERROR;
SSLerr(SSL_F_TLS_POST_PROCESS_CLIENT_HELLO, SSL_R_CERT_CB_ERROR);
SSLerr(SSL_F_TLS_POST_PROCESS_CLIENT_HELLO,
SSL_R_CERT_CB_ERROR);
goto f_err;
}
if (rv < 0) {
@ -1414,17 +1414,19 @@ WORK_STATE tls_post_process_client_hello(SSL *s, WORK_STATE wst)
}
s->rwstate = SSL_NOTHING;
}
cipher = ssl3_choose_cipher(s, s->session->ciphers, SSL_get_ciphers(s));
cipher =
ssl3_choose_cipher(s, s->session->ciphers, SSL_get_ciphers(s));
if (cipher == NULL) {
SSLerr(SSL_F_TLS_POST_PROCESS_CLIENT_HELLO, SSL_R_NO_SHARED_CIPHER);
SSLerr(SSL_F_TLS_POST_PROCESS_CLIENT_HELLO,
SSL_R_NO_SHARED_CIPHER);
goto f_err;
}
s->s3->tmp.new_cipher = cipher;
/* check whether we should disable session resumption */
if (s->not_resumable_session_cb != NULL)
s->session->not_resumable = s->not_resumable_session_cb(s,
((cipher->algorithm_mkey & (SSL_kDHE | SSL_kECDHE)) != 0));
((cipher->algorithm_mkey & (SSL_kDHE | SSL_kECDHE)) != 0));
if (s->session->not_resumable)
/* do not send a session ticket */
s->tlsext_ticket_expected = 0;
@ -1480,7 +1482,7 @@ WORK_STATE tls_post_process_client_hello(SSL *s, WORK_STATE wst)
*/
if (al != TLS1_AD_UNKNOWN_PSK_IDENTITY)
SSLerr(SSL_F_TLS_POST_PROCESS_CLIENT_HELLO,
SSL_R_CLIENTHELLO_TLSEXT);
SSL_R_CLIENTHELLO_TLSEXT);
goto f_err;
}
}
@ -1799,7 +1801,7 @@ int tls_construct_server_key_exchange(SSL *s)
else
#endif
#ifndef OPENSSL_NO_DH
/*
/*-
* for interoperability with some versions of the Microsoft TLS
* stack, we need to zero pad the DHE pub key to the same length
* as the prime, so use the length of the prime here
@ -1811,7 +1813,7 @@ int tls_construct_server_key_exchange(SSL *s)
n += 2 + nr[i];
}
if (!(s->s3->tmp.new_cipher->algorithm_auth & (SSL_aNULL|SSL_aSRP))
if (!(s->s3->tmp.new_cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP))
&& !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_PSK)) {
if ((pkey = ssl_get_sign_pkey(s, s->s3->tmp.new_cipher, &md))
== NULL) {
@ -1866,7 +1868,7 @@ int tls_construct_server_key_exchange(SSL *s)
} else
#endif
#ifndef OPENSSL_NO_DH
/*
/*-
* for interoperability with some versions of the Microsoft TLS
* stack, we need to zero pad the DHE pub key to the same length
* as the prime
@ -1929,13 +1931,13 @@ int tls_construct_server_key_exchange(SSL *s)
fprintf(stderr, "Using hash %s\n", EVP_MD_name(md));
#endif
if (EVP_SignInit_ex(md_ctx, md, NULL) <= 0
|| EVP_SignUpdate(md_ctx, &(s->s3->client_random[0]),
SSL3_RANDOM_SIZE) <= 0
|| EVP_SignUpdate(md_ctx, &(s->s3->server_random[0]),
SSL3_RANDOM_SIZE) <= 0
|| EVP_SignUpdate(md_ctx, d, n) <= 0
|| EVP_SignFinal(md_ctx, &(p[2]),
(unsigned int *)&i, pkey) <= 0) {
|| EVP_SignUpdate(md_ctx, &(s->s3->client_random[0]),
SSL3_RANDOM_SIZE) <= 0
|| EVP_SignUpdate(md_ctx, &(s->s3->server_random[0]),
SSL3_RANDOM_SIZE) <= 0
|| EVP_SignUpdate(md_ctx, d, n) <= 0
|| EVP_SignFinal(md_ctx, &(p[2]),
(unsigned int *)&i, pkey) <= 0) {
SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, ERR_LIB_EVP);
al = SSL_AD_INTERNAL_ERROR;
goto f_err;
@ -2017,10 +2019,8 @@ int tls_construct_certificate_request(SSL *s)
for (i = 0; i < sk_X509_NAME_num(sk); i++) {
name = sk_X509_NAME_value(sk, i);
j = i2d_X509_NAME(name, NULL);
if (!BUF_MEM_grow_clean
(buf, SSL_HM_HEADER_LENGTH(s) + n + j + 2)) {
SSLerr(SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST,
ERR_R_BUF_LIB);
if (!BUF_MEM_grow_clean(buf, SSL_HM_HEADER_LENGTH(s) + n + j + 2)) {
SSLerr(SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST, ERR_R_BUF_LIB);
goto err;
}
p = ssl_handshake_start(s) + n;
@ -2066,8 +2066,7 @@ static int tls_process_cke_psk_preamble(SSL *s, PACKET *pkt, int *al)
}
if (s->psk_server_callback == NULL) {
*al = SSL_AD_INTERNAL_ERROR;
SSLerr(SSL_F_TLS_PROCESS_CKE_PSK_PREAMBLE,
SSL_R_PSK_NO_SERVER_CB);
SSLerr(SSL_F_TLS_PROCESS_CKE_PSK_PREAMBLE, SSL_R_PSK_NO_SERVER_CB);
return 0;
}
@ -2078,7 +2077,7 @@ static int tls_process_cke_psk_preamble(SSL *s, PACKET *pkt, int *al)
}
psklen = s->psk_server_callback(s, s->session->psk_identity,
psk, sizeof(psk));
psk, sizeof(psk));
if (psklen > PSK_MAX_PSK_LEN) {
*al = SSL_AD_INTERNAL_ERROR;
@ -2115,7 +2114,6 @@ static int tls_process_cke_psk_preamble(SSL *s, PACKET *pkt, int *al)
#endif
}
static int tls_process_cke_rsa(SSL *s, PACKET *pkt, int *al)
{
#ifndef OPENSSL_NO_RSA
@ -2174,8 +2172,7 @@ static int tls_process_cke_rsa(SSL *s, PACKET *pkt, int *al)
* fails. See https://tools.ietf.org/html/rfc5246#section-7.4.7.1
*/
if (RAND_bytes(rand_premaster_secret,
sizeof(rand_premaster_secret)) <= 0)
if (RAND_bytes(rand_premaster_secret, sizeof(rand_premaster_secret)) <= 0)
goto err;
/*
@ -2203,7 +2200,7 @@ static int tls_process_cke_rsa(SSL *s, PACKET *pkt, int *al)
padding_len = decrypt_len - SSL_MAX_MASTER_KEY_LENGTH;
decrypt_good = constant_time_eq_int_8(rsa_decrypt[0], 0) &
constant_time_eq_int_8(rsa_decrypt[1], 2);
constant_time_eq_int_8(rsa_decrypt[1], 2);
for (j = 2; j < padding_len - 1; j++) {
decrypt_good &= ~constant_time_is_zero_8(rsa_decrypt[j]);
}
@ -2419,7 +2416,7 @@ static int tls_process_cke_srp(SSL *s, PACKET *pkt, int *al)
const unsigned char *data;
if (!PACKET_get_net_2(pkt, &i)
|| !PACKET_get_bytes(pkt, &data, i)) {
|| !PACKET_get_bytes(pkt, &data, i)) {
*al = SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_TLS_PROCESS_CKE_SRP, SSL_R_BAD_SRP_A_LENGTH);
return 0;
@ -2428,8 +2425,7 @@ static int tls_process_cke_srp(SSL *s, PACKET *pkt, int *al)
SSLerr(SSL_F_TLS_PROCESS_CKE_SRP, ERR_R_BN_LIB);
return 0;
}
if (BN_ucmp(s->srp_ctx.A, s->srp_ctx.N) >= 0
|| BN_is_zero(s->srp_ctx.A)) {
if (BN_ucmp(s->srp_ctx.A, s->srp_ctx.N) >= 0 || BN_is_zero(s->srp_ctx.A)) {
*al = SSL_AD_ILLEGAL_PARAMETER;
SSLerr(SSL_F_TLS_PROCESS_CKE_SRP, SSL_R_BAD_SRP_PARAMETERS);
return 0;
@ -2516,10 +2512,9 @@ static int tls_process_cke_gost(SSL *s, PACKET *pkt, int *al)
SSLerr(SSL_F_TLS_PROCESS_CKE_GOST, ERR_R_INTERNAL_ERROR);
goto err;
}
if (ASN1_get_object ((const unsigned char **)&data, &Tlen, &Ttag,
&Tclass, sess_key_len) != V_ASN1_CONSTRUCTED
|| Ttag != V_ASN1_SEQUENCE
|| Tclass != V_ASN1_UNIVERSAL) {
if (ASN1_get_object((const unsigned char **)&data, &Tlen, &Ttag,
&Tclass, sess_key_len) != V_ASN1_CONSTRUCTED
|| Ttag != V_ASN1_SEQUENCE || Tclass != V_ASN1_UNIVERSAL) {
*al = SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_TLS_PROCESS_CKE_GOST, SSL_R_DECRYPTION_FAILED);
goto err;
@ -2571,7 +2566,8 @@ MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt)
/* Identity extracted earlier: should be nothing left */
if (PACKET_remaining(pkt) != 0) {
al = SSL_AD_HANDSHAKE_FAILURE;
SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, SSL_R_LENGTH_MISMATCH);
SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE,
SSL_R_LENGTH_MISMATCH);
goto err;
}
/* PSK handled by ssl_generate_master_secret */
@ -2597,7 +2593,8 @@ MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt)
goto err;
} else {
al = SSL_AD_HANDSHAKE_FAILURE;
SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, SSL_R_UNKNOWN_CIPHER_TYPE);
SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE,
SSL_R_UNKNOWN_CIPHER_TYPE);
goto err;
}
@ -2628,8 +2625,9 @@ WORK_STATE tls_post_process_client_key_exchange(SSL *s, WORK_STATE wst)
sizeof(DTLS1_SCTP_AUTH_LABEL));
if (SSL_export_keying_material(s, sctpauthkey,
sizeof(sctpauthkey), labelbuffer,
sizeof(labelbuffer), NULL, 0, 0) <= 0) {
sizeof(sctpauthkey), labelbuffer,
sizeof(labelbuffer), NULL, 0,
0) <= 0) {
ossl_statem_set_error(s);
return WORK_ERROR;;
}
@ -2641,13 +2639,13 @@ WORK_STATE tls_post_process_client_key_exchange(SSL *s, WORK_STATE wst)
}
if ((wst == WORK_MORE_B)
/* Is this SCTP? */
&& BIO_dgram_is_sctp(SSL_get_wbio(s))
/* Are we renegotiating? */
&& s->renegotiate
/* Are we going to skip the CertificateVerify? */
&& (s->session->peer == NULL || s->statem.no_cert_verify)
&& BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s))) {
/* Is this SCTP? */
&& BIO_dgram_is_sctp(SSL_get_wbio(s))
/* Are we renegotiating? */
&& s->renegotiate
/* Are we going to skip the CertificateVerify? */
&& (s->session->peer == NULL || s->statem.no_cert_verify)
&& BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s))) {
s->s3->in_read_app_data = 2;
s->rwstate = SSL_READING;
BIO_clear_retry_flags(SSL_get_rbio(s));
@ -2660,8 +2658,9 @@ WORK_STATE tls_post_process_client_key_exchange(SSL *s, WORK_STATE wst)
#endif
if (s->statem.no_cert_verify || !s->session->peer) {
/* No certificate verify or no peer certificate so we no longer need the
* handshake_buffer
/*
* No certificate verify or no peer certificate so we no longer need
* the handshake_buffer
*/
if (!ssl3_digest_cached_records(s, 0)) {
ossl_statem_set_error(s);
@ -2771,7 +2770,7 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt)
}
j = EVP_PKEY_size(pkey);
if (((int)len > j) || ((int)PACKET_remaining(pkt) > j)
|| (PACKET_remaining(pkt) == 0)) {
|| (PACKET_remaining(pkt) == 0)) {
SSLerr(SSL_F_TLS_PROCESS_CERT_VERIFY, SSL_R_WRONG_SIGNATURE_SIZE);
al = SSL_AD_DECODE_ERROR;
goto f_err;
@ -2797,7 +2796,6 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt)
al = SSL_AD_INTERNAL_ERROR;
goto f_err;
}
#ifndef OPENSSL_NO_GOST
{
int pktype = EVP_PKEY_id(pkey);
@ -2860,8 +2858,8 @@ MSG_PROCESS_RETURN tls_process_client_certificate(SSL *s, PACKET *pkt)
}
if (!PACKET_get_net_3(pkt, &llen)
|| !PACKET_get_sub_packet(pkt, &spkt, llen)
|| PACKET_remaining(pkt) != 0) {
|| !PACKET_get_sub_packet(pkt, &spkt, llen)
|| PACKET_remaining(pkt) != 0) {
al = SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE, SSL_R_LENGTH_MISMATCH);
goto f_err;
@ -2869,7 +2867,7 @@ MSG_PROCESS_RETURN tls_process_client_certificate(SSL *s, PACKET *pkt)
while (PACKET_remaining(&spkt) > 0) {
if (!PACKET_get_net_3(&spkt, &l)
|| !PACKET_get_bytes(&spkt, &certbytes, l)) {
|| !PACKET_get_bytes(&spkt, &certbytes, l)) {
al = SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE,
SSL_R_CERT_LENGTH_MISMATCH);
@ -3065,9 +3063,10 @@ int tls_construct_new_session_ticket(SSL *s)
hctx, 1);
if (ret == 0) {
l2n(0, p); /* timeout */
s2n(0, p); /* length */
if (!ssl_set_handshake_header(s, SSL3_MT_NEWSESSION_TICKET, p - ssl_handshake_start(s)))
l2n(0, p); /* timeout */
s2n(0, p); /* length */
if (!ssl_set_handshake_header
(s, SSL3_MT_NEWSESSION_TICKET, p - ssl_handshake_start(s)))
goto err;
OPENSSL_free(senc);
EVP_CIPHER_CTX_free(ctx);
@ -3205,8 +3204,7 @@ MSG_PROCESS_RETURN tls_process_next_proto(SSL *s, PACKET *pkt)
goto err;
}
if (!PACKET_memdup(&next_proto, &s->next_proto_negotiated,
&next_proto_len)) {
if (!PACKET_memdup(&next_proto, &s->next_proto_negotiated, &next_proto_len)) {
s->next_proto_negotiated_len = 0;
goto err;
}
@ -3214,7 +3212,7 @@ MSG_PROCESS_RETURN tls_process_next_proto(SSL *s, PACKET *pkt)
s->next_proto_negotiated_len = (unsigned char)next_proto_len;
return MSG_PROCESS_CONTINUE_READING;
err:
err:
ossl_statem_set_error(s);
return MSG_PROCESS_ERROR;
}
@ -3225,8 +3223,7 @@ err:
STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,
PACKET *cipher_suites,
STACK_OF(SSL_CIPHER) **skp,
int sslv2format, int *al
)
int sslv2format, int *al)
{
const SSL_CIPHER *c;
STACK_OF(SSL_CIPHER) *sk;
@ -3276,7 +3273,7 @@ STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,
* first byte. We don't support any true SSLv2 ciphers, so skip them.
*/
if (sslv2format && cipher[0] != '\0')
continue;
continue;
/* Check for TLS_EMPTY_RENEGOTIATION_INFO_SCSV */
if ((cipher[n - 2] == ((SSL3_CK_SCSV >> 8) & 0xff)) &&

24
ssl/t1_enc.c
View file

@ -83,7 +83,7 @@ static int tls1_PRF(SSL *s,
goto err;
ret = 1;
err:
err:
EVP_PKEY_CTX_free(pctx);
return ret;
}
@ -253,7 +253,7 @@ int tls1_change_cipher_state(SSL *s, int which)
mac_key = EVP_PKEY_new_mac_key(mac_type, NULL,
mac_secret, *mac_secret_size);
if (mac_key == NULL
|| EVP_DigestSignInit(mac_ctx, NULL, m, NULL, mac_key) <= 0) {
|| EVP_DigestSignInit(mac_ctx, NULL, m, NULL, mac_key) <= 0) {
EVP_PKEY_free(mac_key);
SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR);
goto err2;
@ -277,7 +277,8 @@ int tls1_change_cipher_state(SSL *s, int which)
}
} else if (EVP_CIPHER_mode(c) == EVP_CIPH_CCM_MODE) {
int taglen;
if (s->s3->tmp.new_cipher->algorithm_enc & (SSL_AES128CCM8|SSL_AES256CCM8))
if (s->s3->tmp.
new_cipher->algorithm_enc & (SSL_AES128CCM8 | SSL_AES256CCM8))
taglen = 8;
else
taglen = 16;
@ -377,8 +378,7 @@ int tls1_setup_key_block(SSL *s)
s->s3->tmp.new_hash = hash;
s->s3->tmp.new_mac_pkey_type = mac_type;
s->s3->tmp.new_mac_secret_size = mac_secret_size;
num =
EVP_CIPHER_key_length(c) + mac_secret_size + EVP_CIPHER_iv_length(c);
num = EVP_CIPHER_key_length(c) + mac_secret_size + EVP_CIPHER_iv_length(c);
num *= 2;
ssl3_cleanup_key_block(s);
@ -449,8 +449,7 @@ int tls1_setup_key_block(SSL *s)
return (ret);
}
int tls1_final_finish_mac(SSL *s, const char *str, int slen,
unsigned char *out)
int tls1_final_finish_mac(SSL *s, const char *str, int slen, unsigned char *out)
{
int hashlen;
unsigned char hash[EVP_MAX_MD_SIZE];
@ -477,10 +476,10 @@ int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
if (s->session->flags & SSL_SESS_FLAG_EXTMS) {
unsigned char hash[EVP_MAX_MD_SIZE * 2];
int hashlen;
/* Digest cached records keeping record buffer (if present):
* this won't affect client auth because we're freezing the buffer
* at the same point (after client key exchange and before certificate
* verify)
/*
* Digest cached records keeping record buffer (if present): this wont
* affect client auth because we're freezing the buffer at the same
* point (after client key exchange and before certificate verify)
*/
if (!ssl3_digest_cached_records(s, 1))
return -1;
@ -611,8 +610,7 @@ int tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen,
goto ret;
err1:
SSLerr(SSL_F_TLS1_EXPORT_KEYING_MATERIAL,
SSL_R_TLS_ILLEGAL_EXPORTER_LABEL);
SSLerr(SSL_F_TLS1_EXPORT_KEYING_MATERIAL, SSL_R_TLS_ILLEGAL_EXPORTER_LABEL);
rv = 0;
goto ret;
err2:

12
ssl/t1_ext.c
View file

@ -12,7 +12,6 @@
#include <openssl/ct.h>
#include "ssl_locl.h"
/* Find a custom extension from the list. */
static custom_ext_method *custom_ext_find(const custom_ext_methods *exts,
unsigned int ext_type)
@ -68,8 +67,7 @@ int custom_ext_parse(SSL *s, int server,
if (!meth->parse_cb)
return 1;
return meth->parse_cb(s, ext_type, ext_data, ext_size, al,
meth->parse_arg);
return meth->parse_cb(s, ext_type, ext_data, ext_size, al, meth->parse_arg);
}
/*
@ -139,7 +137,7 @@ int custom_exts_copy(custom_ext_methods *dst, const custom_ext_methods *src)
if (src->meths_count) {
dst->meths =
OPENSSL_memdup(src->meths,
sizeof(custom_ext_method) * src->meths_count);
sizeof(custom_ext_method) * src->meths_count);
if (dst->meths == NULL)
return 0;
dst->meths_count = src->meths_count;
@ -214,8 +212,7 @@ int SSL_CTX_add_client_custom_ext(SSL_CTX *ctx, unsigned int ext_type,
custom_ext_add_cb add_cb,
custom_ext_free_cb free_cb,
void *add_arg,
custom_ext_parse_cb parse_cb,
void *parse_arg)
custom_ext_parse_cb parse_cb, void *parse_arg)
{
#ifndef OPENSSL_NO_CT
/*
@ -235,8 +232,7 @@ int SSL_CTX_add_server_custom_ext(SSL_CTX *ctx, unsigned int ext_type,
custom_ext_add_cb add_cb,
custom_ext_free_cb free_cb,
void *add_arg,
custom_ext_parse_cb parse_cb,
void *parse_arg)
custom_ext_parse_cb parse_cb, void *parse_arg)
{
return custom_ext_meth_add(&ctx->cert->srv_ext, ext_type,
add_cb, free_cb, add_arg, parse_cb, parse_arg);

181
ssl/t1_lib.c
View file

@ -209,7 +209,6 @@ static const unsigned char eccurves_all[] = {
0, 3, /* sect163r2 (3) */
};
static const unsigned char suiteb_curves[] = {
0, TLSEXT_curve_P_256,
0, TLSEXT_curve_P_384
@ -250,8 +249,7 @@ int tls1_ec_nid2curve_id(int nid)
* so cannot happen in the 1.0.x series.)
*/
static int tls1_get_curvelist(SSL *s, int sess,
const unsigned char **pcurves,
size_t *num_curves)
const unsigned char **pcurves, size_t *num_curves)
{
size_t pcurveslen = 0;
if (sess) {
@ -384,8 +382,7 @@ int tls1_shared_curve(SSL *s, int nmatch)
/* In practice, NID_undef == 0 but let's be precise. */
return nmatch == -1 ? 0 : NID_undef;
if (!tls1_get_curvelist
(s, !(s->options & SSL_OP_CIPHER_SERVER_PREFERENCE), &pref,
&num_pref))
(s, !(s->options & SSL_OP_CIPHER_SERVER_PREFERENCE), &pref, &num_pref))
return nmatch == -1 ? 0 : NID_undef;
/*
@ -396,7 +393,7 @@ int tls1_shared_curve(SSL *s, int nmatch)
supp = eccurves_all;
num_supp = sizeof(eccurves_all) / 2;
} else if (num_pref == 0 &&
(s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) == 0) {
(s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) == 0) {
pref = eccurves_all;
num_pref = sizeof(eccurves_all) / 2;
}
@ -489,8 +486,7 @@ static int nid_cb(const char *elem, int len, void *arg)
}
/* Set curves based on a colon separate list */
int tls1_set_curves_list(unsigned char **pext, size_t *pextlen,
const char *str)
int tls1_set_curves_list(unsigned char **pext, size_t *pextlen, const char *str)
{
nid_cb_st ncb;
ncb.nidcnt = 0;
@ -716,19 +712,19 @@ static int tls1_check_cert_param(SSL *s, X509 *x, int set_ee_md)
*/
#ifdef OPENSSL_NO_RSA
# define tlsext_sigalg_rsa(md) /* */
# define tlsext_sigalg_rsa(md) /* */
#else
# define tlsext_sigalg_rsa(md) md, TLSEXT_signature_rsa,
#endif
#ifdef OPENSSL_NO_DSA
# define tlsext_sigalg_dsa(md) /* */
# define tlsext_sigalg_dsa(md) /* */
#else
# define tlsext_sigalg_dsa(md) md, TLSEXT_signature_dsa,
#endif
#ifdef OPENSSL_NO_EC
# define tlsext_sigalg_ecdsa(md) /* */
# define tlsext_sigalg_ecdsa(md)/* */
#else
# define tlsext_sigalg_ecdsa(md) md, TLSEXT_signature_ecdsa,
#endif
@ -746,8 +742,8 @@ static const unsigned char tls12_sigalgs[] = {
tlsext_sigalg(TLSEXT_hash_sha1)
#ifndef OPENSSL_NO_GOST
TLSEXT_hash_gostr3411, TLSEXT_signature_gostr34102001,
TLSEXT_hash_gostr34112012_256, TLSEXT_signature_gostr34102012_256,
TLSEXT_hash_gostr34112012_512, TLSEXT_signature_gostr34102012_512
TLSEXT_hash_gostr34112012_256, TLSEXT_signature_gostr34102012_256,
TLSEXT_hash_gostr34112012_512, TLSEXT_signature_gostr34102012_512
#endif
};
@ -862,8 +858,7 @@ int tls12_check_peer_sigalg(const EVP_MD **pmd, SSL *s,
}
/* Make sure security callback allows algorithm */
if (!ssl_security(s, SSL_SECOP_SIGALG_CHECK,
EVP_MD_size(*pmd) * 4, EVP_MD_type(*pmd),
(void *)sig)) {
EVP_MD_size(*pmd) * 4, EVP_MD_type(*pmd), (void *)sig)) {
SSLerr(SSL_F_TLS12_CHECK_PEER_SIGALG, SSL_R_WRONG_SIGNATURE_TYPE);
return 0;
}
@ -890,13 +885,13 @@ void ssl_set_client_disabled(SSL *s)
s->s3->tmp.mask_k = 0;
ssl_set_sig_mask(&s->s3->tmp.mask_a, s, SSL_SECOP_SIGALG_MASK);
ssl_get_client_min_max_version(s, &s->s3->tmp.min_ver, &s->s3->tmp.max_ver);
# ifndef OPENSSL_NO_PSK
#ifndef OPENSSL_NO_PSK
/* with PSK there must be client callback set */
if (!s->psk_client_callback) {
s->s3->tmp.mask_a |= SSL_aPSK;
s->s3->tmp.mask_k |= SSL_PSK;
}
#endif /* OPENSSL_NO_PSK */
#endif /* OPENSSL_NO_PSK */
#ifndef OPENSSL_NO_SRP
if (!(s->srp_ctx.srp_Mask & SSL_kSRP)) {
s->s3->tmp.mask_a |= SSL_aSRP;
@ -921,10 +916,10 @@ int ssl_cipher_disabled(SSL *s, const SSL_CIPHER *c, int op)
if (s->s3->tmp.max_ver == 0)
return 1;
if (!SSL_IS_DTLS(s) && ((c->min_tls > s->s3->tmp.max_ver)
|| (c->max_tls < s->s3->tmp.min_ver)))
|| (c->max_tls < s->s3->tmp.min_ver)))
return 1;
if (SSL_IS_DTLS(s) && (DTLS_VERSION_GT(c->min_dtls, s->s3->tmp.max_ver)
|| DTLS_VERSION_LT(c->max_dtls, s->s3->tmp.min_ver)))
|| DTLS_VERSION_LT(c->max_dtls, s->s3->tmp.min_ver)))
return 1;
return !ssl_security(s, op, c->strength_bits, 0, (void *)c);
@ -937,7 +932,8 @@ static int tls_use_ticket(SSL *s)
return ssl_security(s, SSL_SECOP_TICKET, 0, 0, NULL);
}
static int compare_uint(const void *p1, const void *p2) {
static int compare_uint(const void *p1, const void *p2)
{
unsigned int u1 = *((const unsigned int *)p1);
unsigned int u2 = *((const unsigned int *)p2);
if (u1 < u2)
@ -956,7 +952,8 @@ static int compare_uint(const void *p1, const void *p2) {
* contain duplicates, could not be successfully parsed, or an internal error
* occurred.
*/
static int tls1_check_duplicate_extensions(const PACKET *packet) {
static int tls1_check_duplicate_extensions(const PACKET *packet)
{
PACKET extensions = *packet;
size_t num_extensions = 0, i = 0;
unsigned int *extension_types = NULL;
@ -1030,7 +1027,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf,
alg_k = c->algorithm_mkey;
alg_a = c->algorithm_auth;
if ((alg_k & (SSL_kECDHE | SSL_kECDHEPSK))
|| (alg_a & SSL_aECDSA)) {
|| (alg_a & SSL_aECDSA)) {
using_ecc = 1;
break;
}
@ -1084,8 +1081,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf,
*/
if ((lenmax = limit - ret - 9) < 0
|| (size_str =
strlen(s->tlsext_hostname)) > (unsigned long)lenmax)
|| (size_str = strlen(s->tlsext_hostname)) > (unsigned long)lenmax)
return NULL;
/* extension type and length */
@ -1191,7 +1187,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf,
s2n(curves_list_len, ret);
ret += curves_list_len;
}
#endif /* OPENSSL_NO_EC */
#endif /* OPENSSL_NO_EC */
if (tls_use_ticket(s)) {
int ticklen;
@ -1243,7 +1239,6 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf,
s2n(salglen, etmp);
ret += salglen;
}
#ifndef OPENSSL_NO_OCSP
if (s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp) {
int i;
@ -1491,7 +1486,7 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf,
* Currently the server should not respond with a SupportedCurves
* extension
*/
#endif /* OPENSSL_NO_EC */
#endif /* OPENSSL_NO_EC */
if (s->tlsext_ticket_expected && tls_use_ticket(s)) {
if ((long)(limit - ret - 4) < 0)
@ -1499,7 +1494,10 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf,
s2n(TLSEXT_TYPE_session_ticket, ret);
s2n(0, ret);
} else {
/* if we don't add the above TLSEXT, we can't add a session ticket later */
/*
* if we don't add the above TLSEXT, we can't add a session ticket
* later
*/
s->tlsext_ticket_expected = 0;
}
@ -1509,7 +1507,6 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf,
s2n(TLSEXT_TYPE_status_request, ret);
s2n(0, ret);
}
#ifndef OPENSSL_NO_SRTP
if (SSL_IS_DTLS(s) && s->srtp_profile) {
int el;
@ -1664,8 +1661,7 @@ static int tls1_alpn_handle_client_hello(SSL *s, PACKET *pkt, int *al)
} while (PACKET_remaining(&protocol_list) != 0);
if (!PACKET_memdup(&save_protocol_list,
&s->s3->alpn_proposed,
&s->s3->alpn_proposed_len)) {
&s->s3->alpn_proposed, &s->s3->alpn_proposed_len)) {
*al = TLS1_AD_INTERNAL_ERROR;
return 0;
}
@ -1773,7 +1769,7 @@ static void ssl_check_for_safari(SSL *s, const PACKET *pkt)
s->s3->is_probably_safari = PACKET_equal(&tmppkt, kSafariExtensionsBlock,
ext_len);
}
#endif /* !OPENSSL_NO_EC */
#endif /* !OPENSSL_NO_EC */
/*
* Parse ClientHello extensions and stash extension info in various parts of
@ -1813,7 +1809,7 @@ static int ssl_scan_clienthello_tlsext(SSL *s, PACKET *pkt, int *al)
#ifndef OPENSSL_NO_EC
if (s->options & SSL_OP_SAFARI_ECDHE_ECDSA_BUG)
ssl_check_for_safari(s, pkt);
# endif /* !OPENSSL_NO_EC */
#endif /* !OPENSSL_NO_EC */
/* Clear any signature algorithms extension received */
OPENSSL_free(s->s3->tmp.peer_sigalgs);
@ -1962,8 +1958,7 @@ static int ssl_scan_clienthello_tlsext(SSL *s, PACKET *pkt, int *al)
else if (type == TLSEXT_TYPE_ec_point_formats) {
PACKET ec_point_format_list;
if (!PACKET_as_length_prefixed_1(&extension,
&ec_point_format_list)
if (!PACKET_as_length_prefixed_1(&extension, &ec_point_format_list)
|| PACKET_remaining(&ec_point_format_list) == 0) {
return 0;
}
@ -1971,7 +1966,8 @@ static int ssl_scan_clienthello_tlsext(SSL *s, PACKET *pkt, int *al)
if (!s->hit) {
if (!PACKET_memdup(&ec_point_format_list,
&s->session->tlsext_ecpointformatlist,
&s->session->tlsext_ecpointformatlist_length)) {
&s->
session->tlsext_ecpointformatlist_length)) {
*al = TLS1_AD_INTERNAL_ERROR;
return 0;
}
@ -1980,8 +1976,7 @@ static int ssl_scan_clienthello_tlsext(SSL *s, PACKET *pkt, int *al)
PACKET elliptic_curve_list;
/* Each NamedCurve is 2 bytes and we must have at least 1. */
if (!PACKET_as_length_prefixed_2(&extension,
&elliptic_curve_list)
if (!PACKET_as_length_prefixed_2(&extension, &elliptic_curve_list)
|| PACKET_remaining(&elliptic_curve_list) == 0
|| (PACKET_remaining(&elliptic_curve_list) % 2) != 0) {
return 0;
@ -1990,18 +1985,20 @@ static int ssl_scan_clienthello_tlsext(SSL *s, PACKET *pkt, int *al)
if (!s->hit) {
if (!PACKET_memdup(&elliptic_curve_list,
&s->session->tlsext_ellipticcurvelist,
&s->session->tlsext_ellipticcurvelist_length)) {
&s->
session->tlsext_ellipticcurvelist_length)) {
*al = TLS1_AD_INTERNAL_ERROR;
return 0;
}
}
}
#endif /* OPENSSL_NO_EC */
#endif /* OPENSSL_NO_EC */
else if (type == TLSEXT_TYPE_session_ticket) {
if (s->tls_session_ticket_ext_cb &&
!s->tls_session_ticket_ext_cb(s, PACKET_data(&extension),
PACKET_remaining(&extension),
s->tls_session_ticket_ext_cb_arg)) {
s->tls_session_ticket_ext_cb_arg))
{
*al = TLS1_AD_INTERNAL_ERROR;
return 0;
}
@ -2014,7 +2011,7 @@ static int ssl_scan_clienthello_tlsext(SSL *s, PACKET *pkt, int *al)
return 0;
}
if (!s->hit) {
if (!s->hit) {
if (!tls1_save_sigalgs(s, PACKET_data(&supported_sig_algs),
PACKET_remaining(&supported_sig_algs))) {
return 0;
@ -2025,12 +2022,12 @@ static int ssl_scan_clienthello_tlsext(SSL *s, PACKET *pkt, int *al)
(unsigned int *)&s->tlsext_status_type)) {
return 0;
}
#ifndef OPENSSL_NO_OCSP
if (s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp) {
const unsigned char *ext_data;
PACKET responder_id_list, exts;
if (!PACKET_get_length_prefixed_2(&extension, &responder_id_list))
if (!PACKET_get_length_prefixed_2
(&extension, &responder_id_list))
return 0;
while (PACKET_remaining(&responder_id_list) > 0) {
@ -2099,7 +2096,7 @@ static int ssl_scan_clienthello_tlsext(SSL *s, PACKET *pkt, int *al)
unsigned int hbtype;
if (!PACKET_get_1(&extension, &hbtype)
|| PACKET_remaining(&extension)) {
|| PACKET_remaining(&extension)) {
*al = SSL_AD_DECODE_ERROR;
return 0;
}
@ -2177,7 +2174,9 @@ static int ssl_scan_clienthello_tlsext(SSL *s, PACKET *pkt, int *al)
}
if (PACKET_remaining(pkt) != 0) {
/* tls1_check_duplicate_extensions should ensure this never happens. */
/*
* tls1_check_duplicate_extensions should ensure this never happens.
*/
*al = SSL_AD_INTERNAL_ERROR;
return 0;
}
@ -2230,7 +2229,7 @@ static char ssl_next_proto_validate(PACKET *pkt)
while (PACKET_remaining(pkt)) {
if (!PACKET_get_length_prefixed_1(pkt, &tmp_protocol)
|| PACKET_remaining(&tmp_protocol) == 0)
|| PACKET_remaining(&tmp_protocol) == 0)
return 0;
}
@ -2278,7 +2277,7 @@ static int ssl_scan_serverhello_tlsext(SSL *s, PACKET *pkt, int *al)
PACKET spkt;
if (!PACKET_get_sub_packet(pkt, &spkt, size)
|| !PACKET_peek_bytes(&spkt, &data, size))
|| !PACKET_peek_bytes(&spkt, &data, size))
goto ri_check;
if (s->tlsext_debug_cb)
@ -2300,7 +2299,7 @@ static int ssl_scan_serverhello_tlsext(SSL *s, PACKET *pkt, int *al)
else if (type == TLSEXT_TYPE_ec_point_formats) {
unsigned int ecpointformatlist_length;
if (!PACKET_get_1(&spkt, &ecpointformatlist_length)
|| ecpointformatlist_length != size - 1) {
|| ecpointformatlist_length != size - 1) {
*al = TLS1_AD_DECODE_ERROR;
return 0;
}
@ -2323,7 +2322,7 @@ static int ssl_scan_serverhello_tlsext(SSL *s, PACKET *pkt, int *al)
}
}
#endif /* OPENSSL_NO_EC */
#endif /* OPENSSL_NO_EC */
else if (type == TLSEXT_TYPE_session_ticket) {
if (s->tls_session_ticket_ext_cb &&
@ -2338,8 +2337,7 @@ static int ssl_scan_serverhello_tlsext(SSL *s, PACKET *pkt, int *al)
return 0;
}
s->tlsext_ticket_expected = 1;
}
else if (type == TLSEXT_TYPE_status_request) {
} else if (type == TLSEXT_TYPE_status_request) {
/*
* MUST be empty and only sent if we've requested a status
* request message.
@ -2390,10 +2388,10 @@ static int ssl_scan_serverhello_tlsext(SSL *s, PACKET *pkt, int *al)
*al = TLS1_AD_DECODE_ERROR;
return 0;
}
if (s->
ctx->next_proto_select_cb(s, &selected, &selected_len, data,
size,
s->ctx->next_proto_select_cb_arg) !=
if (s->ctx->next_proto_select_cb(s, &selected, &selected_len, data,
size,
s->
ctx->next_proto_select_cb_arg) !=
SSL_TLSEXT_ERR_OK) {
*al = TLS1_AD_INTERNAL_ERROR;
return 0;
@ -2423,9 +2421,8 @@ static int ssl_scan_serverhello_tlsext(SSL *s, PACKET *pkt, int *al)
* uint8 proto[proto_length];
*/
if (!PACKET_get_net_2(&spkt, &len)
|| PACKET_remaining(&spkt) != len
|| !PACKET_get_1(&spkt, &len)
|| PACKET_remaining(&spkt) != len) {
|| PACKET_remaining(&spkt) != len || !PACKET_get_1(&spkt, &len)
|| PACKET_remaining(&spkt) != len) {
*al = TLS1_AD_DECODE_ERROR;
return 0;
}
@ -2473,8 +2470,7 @@ static int ssl_scan_serverhello_tlsext(SSL *s, PACKET *pkt, int *al)
if (s->s3->tmp.new_cipher->algorithm_mac != SSL_AEAD
&& s->s3->tmp.new_cipher->algorithm_enc != SSL_RC4)
s->s3->flags |= TLS1_FLAGS_ENCRYPT_THEN_MAC;
}
else if (type == TLSEXT_TYPE_extended_master_secret) {
} else if (type == TLSEXT_TYPE_extended_master_secret) {
s->s3->flags |= TLS1_FLAGS_RECEIVED_EXTMS;
if (!s->hit)
s->session->flags |= SSL_SESS_FLAG_EXTMS;
@ -2495,7 +2491,8 @@ static int ssl_scan_serverhello_tlsext(SSL *s, PACKET *pkt, int *al)
if (!s->hit && tlsext_servername == 1) {
if (s->tlsext_hostname) {
if (s->session->tlsext_hostname == NULL) {
s->session->tlsext_hostname = OPENSSL_strdup(s->tlsext_hostname);
s->session->tlsext_hostname =
OPENSSL_strdup(s->tlsext_hostname);
if (!s->session->tlsext_hostname) {
*al = SSL_AD_UNRECOGNIZED_NAME;
return 0;
@ -2534,7 +2531,7 @@ static int ssl_scan_serverhello_tlsext(SSL *s, PACKET *pkt, int *al)
*al = SSL_AD_HANDSHAKE_FAILURE;
SSLerr(SSL_F_SSL_SCAN_SERVERHELLO_TLSEXT, SSL_R_INCONSISTENT_EXTMS);
return 0;
}
}
}
return 1;
@ -2593,6 +2590,7 @@ static int ssl_check_clienthello_tlsext_early(SSL *s)
return 1;
}
}
/* Initialise digests to default values */
void ssl_set_default_md(SSL *s)
{
@ -2743,7 +2741,7 @@ int ssl_check_serverhello_tlsext(SSL *s)
}
}
ret = SSL_TLSEXT_ERR_OK;
#endif /* OPENSSL_NO_EC */
#endif /* OPENSSL_NO_EC */
if (s->ctx != NULL && s->ctx->tlsext_servername_callback != 0)
ret =
@ -2864,7 +2862,7 @@ int tls_check_serverhello_tlsext_early(SSL *s, const PACKET *ext,
unsigned int type, size;
if (!PACKET_get_net_2(&local_ext, &type)
|| !PACKET_get_net_2(&local_ext, &size)) {
|| !PACKET_get_net_2(&local_ext, &size)) {
/* Shouldn't ever happen */
retv = -1;
goto end;
@ -2938,7 +2936,7 @@ int tls_check_serverhello_tlsext_early(SSL *s, const PACKET *ext,
}
if (have_ticket == 0)
retv = 0;
end:
end:
return retv;
}
@ -3005,11 +3003,12 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick,
if (HMAC_Init_ex(hctx, tctx->tlsext_tick_hmac_key,
sizeof(tctx->tlsext_tick_hmac_key),
EVP_sha256(), NULL) <= 0
|| EVP_DecryptInit_ex(ctx, EVP_aes_256_cbc(), NULL,
tctx->tlsext_tick_aes_key,
etick + sizeof(tctx->tlsext_tick_key_name)) <= 0) {
|| EVP_DecryptInit_ex(ctx, EVP_aes_256_cbc(), NULL,
tctx->tlsext_tick_aes_key,
etick + sizeof(tctx->tlsext_tick_key_name)) <=
0) {
goto err;
}
}
}
/*
* Attempt to process session ticket, first conduct sanity and integrity
@ -3022,7 +3021,7 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick,
eticklen -= mlen;
/* Check HMAC of encrypted ticket */
if (HMAC_Update(hctx, etick, eticklen) <= 0
|| HMAC_Final(hctx, tick_hmac, NULL) <= 0) {
|| HMAC_Final(hctx, tick_hmac, NULL) <= 0) {
goto err;
}
HMAC_CTX_free(hctx);
@ -3035,8 +3034,7 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick,
p = etick + 16 + EVP_CIPHER_CTX_iv_length(ctx);
eticklen -= 16 + EVP_CIPHER_CTX_iv_length(ctx);
sdec = OPENSSL_malloc(eticklen);
if (sdec == NULL
|| EVP_DecryptUpdate(ctx, sdec, &slen, p, eticklen) <= 0) {
if (sdec == NULL || EVP_DecryptUpdate(ctx, sdec, &slen, p, eticklen) <= 0) {
EVP_CIPHER_CTX_free(ctx);
OPENSSL_free(sdec);
return -1;
@ -3074,7 +3072,7 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick,
* For session parse failure, indicate that we need to send a new ticket.
*/
return 2;
err:
err:
EVP_CIPHER_CTX_free(ctx);
HMAC_CTX_free(hctx);
return ret;
@ -3128,8 +3126,7 @@ static int tls12_find_nid(int id, const tls12_lookup *table, size_t tlen)
return NID_undef;
}
int tls12_get_sigandhash(unsigned char *p, const EVP_PKEY *pk,
const EVP_MD *md)
int tls12_get_sigandhash(unsigned char *p, const EVP_PKEY *pk, const EVP_MD *md)
{
int sig_id, md_id;
if (!md)
@ -3164,9 +3161,11 @@ static const tls12_hash_info tls12_md_info[] = {
{NID_sha256, 128, SSL_MD_SHA256_IDX, TLSEXT_hash_sha256},
{NID_sha384, 192, SSL_MD_SHA384_IDX, TLSEXT_hash_sha384},
{NID_sha512, 256, SSL_MD_SHA512_IDX, TLSEXT_hash_sha512},
{NID_id_GostR3411_94, 128, SSL_MD_GOST94_IDX, TLSEXT_hash_gostr3411},
{NID_id_GostR3411_2012_256, 128, SSL_MD_GOST12_256_IDX, TLSEXT_hash_gostr34112012_256},
{NID_id_GostR3411_2012_512, 256, SSL_MD_GOST12_512_IDX, TLSEXT_hash_gostr34112012_512},
{NID_id_GostR3411_94, 128, SSL_MD_GOST94_IDX, TLSEXT_hash_gostr3411},
{NID_id_GostR3411_2012_256, 128, SSL_MD_GOST12_256_IDX,
TLSEXT_hash_gostr34112012_256},
{NID_id_GostR3411_2012_512, 256, SSL_MD_GOST12_512_IDX,
TLSEXT_hash_gostr34112012_512},
};
static const tls12_hash_info *tls12_get_hash_info(unsigned char hash_alg)
@ -3175,8 +3174,7 @@ static const tls12_hash_info *tls12_get_hash_info(unsigned char hash_alg)
if (hash_alg == 0)
return NULL;
for (i=0; i < OSSL_NELEM(tls12_md_info); i++)
{
for (i = 0; i < OSSL_NELEM(tls12_md_info); i++) {
if (tls12_md_info[i].tlsext_hash == hash_alg)
return tls12_md_info + i;
}
@ -3210,7 +3208,7 @@ static int tls12_get_pkey_idx(unsigned char sig_alg)
case TLSEXT_signature_ecdsa:
return SSL_PKEY_ECC;
#endif
# ifndef OPENSSL_NO_GOST
#ifndef OPENSSL_NO_GOST
case TLSEXT_signature_gostr34102001:
return SSL_PKEY_GOST01;
@ -3219,7 +3217,7 @@ static int tls12_get_pkey_idx(unsigned char sig_alg)
case TLSEXT_signature_gostr34102012_512:
return SSL_PKEY_GOST12_512;
# endif
#endif
}
return -1;
}
@ -3243,8 +3241,7 @@ static void tls1_lookup_sigalg(int *phash_nid, int *psign_nid,
}
if (psignhash_nid) {
if (sign_nid == NID_undef || hash_nid == NID_undef
|| OBJ_find_sigid_by_algs(psignhash_nid, hash_nid,
sign_nid) <= 0)
|| OBJ_find_sigid_by_algs(psignhash_nid, hash_nid, sign_nid) <= 0)
*psignhash_nid = NID_undef;
}
}
@ -3470,14 +3467,16 @@ int tls1_process_sigalgs(SSL *s)
if (pmd[SSL_PKEY_ECC] == NULL)
pmd[SSL_PKEY_ECC] = EVP_sha1();
#endif
# ifndef OPENSSL_NO_GOST
#ifndef OPENSSL_NO_GOST
if (pmd[SSL_PKEY_GOST01] == NULL)
pmd[SSL_PKEY_GOST01] = EVP_get_digestbynid(NID_id_GostR3411_94);
if (pmd[SSL_PKEY_GOST12_256] == NULL)
pmd[SSL_PKEY_GOST12_256] = EVP_get_digestbynid(NID_id_GostR3411_2012_256);
pmd[SSL_PKEY_GOST12_256] =
EVP_get_digestbynid(NID_id_GostR3411_2012_256);
if (pmd[SSL_PKEY_GOST12_512] == NULL)
pmd[SSL_PKEY_GOST12_512] = EVP_get_digestbynid(NID_id_GostR3411_2012_512);
# endif
pmd[SSL_PKEY_GOST12_512] =
EVP_get_digestbynid(NID_id_GostR3411_2012_512);
#endif
}
return 1;
}
@ -3598,8 +3597,7 @@ int tls1_set_sigalgs_list(CERT *c, const char *str, int client)
return tls1_set_sigalgs(c, sig.sigalgs, sig.sigalgcnt, client);
}
int tls1_set_sigalgs(CERT *c, const int *psig_nids, size_t salglen,
int client)
int tls1_set_sigalgs(CERT *c, const int *psig_nids, size_t salglen, int client)
{
unsigned char *sigalgs, *sptr;
int rhash, rsign;
@ -3945,7 +3943,6 @@ int SSL_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain)
return tls1_check_chain(s, x, pk, chain, -1);
}
#ifndef OPENSSL_NO_DH
DH *ssl_get_auto_dh(SSL *s)
{

10
ssl/t1_reneg.c
View file

@ -45,7 +45,7 @@ int ssl_parse_clienthello_renegotiate_ext(SSL *s, PACKET *pkt, int *al)
/* Parse the length byte */
if (!PACKET_get_1(pkt, &ilen)
|| !PACKET_get_bytes(pkt, &d, ilen)) {
|| !PACKET_get_bytes(pkt, &d, ilen)) {
SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT,
SSL_R_RENEGOTIATION_ENCODING_ERR);
*al = SSL_AD_ILLEGAL_PARAMETER;
@ -143,8 +143,8 @@ int ssl_parse_serverhello_renegotiate_ext(SSL *s, PACKET *pkt, int *al)
}
if (!PACKET_get_bytes(pkt, &data, s->s3->previous_client_finished_len)
|| memcmp(data, s->s3->previous_client_finished,
s->s3->previous_client_finished_len) != 0) {
|| memcmp(data, s->s3->previous_client_finished,
s->s3->previous_client_finished_len) != 0) {
SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,
SSL_R_RENEGOTIATION_MISMATCH);
*al = SSL_AD_HANDSHAKE_FAILURE;
@ -152,8 +152,8 @@ int ssl_parse_serverhello_renegotiate_ext(SSL *s, PACKET *pkt, int *al)
}
if (!PACKET_get_bytes(pkt, &data, s->s3->previous_server_finished_len)
|| memcmp(data, s->s3->previous_server_finished,
s->s3->previous_server_finished_len) != 0) {
|| memcmp(data, s->s3->previous_server_finished,
s->s3->previous_server_finished_len) != 0) {
SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,
SSL_R_RENEGOTIATION_MISMATCH);
*al = SSL_AD_ILLEGAL_PARAMETER;

46
ssl/t1_trce.c
View file

@ -415,13 +415,13 @@ static ssl_trace_tbl ssl_ciphers_tbl[] = {
{0xC0AD, "TLS_ECDHE_ECDSA_WITH_AES_256_CCM"},
{0xC0AE, "TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8"},
{0xC0AF, "TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8"},
{0xCCA8, "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305" },
{0xCCA9, "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305" },
{0xCCAA, "TLS_DHE_RSA_WITH_CHACHA20_POLY1305" },
{0xCCAB, "TLS_PSK_WITH_CHACHA20_POLY1305" },
{0xCCAC, "TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305" },
{0xCCAD, "TLS_DHE_PSK_WITH_CHACHA20_POLY1305" },
{0xCCAE, "TLS_RSA_PSK_WITH_CHACHA20_POLY1305" },
{0xCCA8, "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305"},
{0xCCA9, "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305"},
{0xCCAA, "TLS_DHE_RSA_WITH_CHACHA20_POLY1305"},
{0xCCAB, "TLS_PSK_WITH_CHACHA20_POLY1305"},
{0xCCAC, "TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305"},
{0xCCAD, "TLS_DHE_PSK_WITH_CHACHA20_POLY1305"},
{0xCCAE, "TLS_RSA_PSK_WITH_CHACHA20_POLY1305"},
{0xFEFE, "SSL_RSA_FIPS_WITH_DES_CBC_SHA"},
{0xFEFF, "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA"},
};
@ -452,9 +452,9 @@ static ssl_trace_tbl ssl_exts_tbl[] = {
{TLSEXT_TYPE_heartbeat, "heartbeat"},
{TLSEXT_TYPE_session_ticket, "session_ticket"},
{TLSEXT_TYPE_renegotiate, "renegotiate"},
#ifndef OPENSSL_NO_NEXTPROTONEG
# ifndef OPENSSL_NO_NEXTPROTONEG
{TLSEXT_TYPE_next_proto_neg, "next_proto_neg"},
#endif
# endif
{TLSEXT_TYPE_signed_certificate_timestamp, "signed_certificate_timestamps"},
{TLSEXT_TYPE_padding, "padding"},
{TLSEXT_TYPE_encrypt_then_mac, "encrypt_then_mac"},
@ -657,8 +657,7 @@ static int ssl_print_extension(BIO *bio, int indent, int server, int extype,
xlen = ext[0];
if (extlen != xlen + 1)
return 0;
return ssl_trace_list(bio, indent + 2,
ext + 1, xlen, 1, ssl_point_tbl);
return ssl_trace_list(bio, indent + 2, ext + 1, xlen, 1, ssl_point_tbl);
case TLSEXT_TYPE_elliptic_curves:
if (extlen < 2)
@ -666,8 +665,7 @@ static int ssl_print_extension(BIO *bio, int indent, int server, int extype,
xlen = (ext[0] << 8) | ext[1];
if (extlen != xlen + 2)
return 0;
return ssl_trace_list(bio, indent + 2,
ext + 2, xlen, 2, ssl_curve_tbl);
return ssl_trace_list(bio, indent + 2, ext + 2, xlen, 2, ssl_curve_tbl);
case TLSEXT_TYPE_signature_algorithms:
@ -705,8 +703,7 @@ static int ssl_print_extension(BIO *bio, int indent, int server, int extype,
ssl_print_hex(bio, indent + 4, "client_verify_data", ext, xlen);
if (server) {
ext += xlen;
ssl_print_hex(bio, indent + 4,
"server_verify_data", ext, xlen);
ssl_print_hex(bio, indent + 4, "server_verify_data", ext, xlen);
}
} else {
BIO_indent(bio, indent + 4, 80);
@ -758,8 +755,7 @@ static int ssl_print_extensions(BIO *bio, int indent, int server,
if (msglen < extlen + 4)
return 0;
msg += 4;
if (!ssl_print_extension(bio, indent + 2, server,
extype, msg, extlen))
if (!ssl_print_extension(bio, indent + 2, server, extype, msg, extlen))
return 0;
msg += extlen;
msglen -= extlen + 4;
@ -823,8 +819,7 @@ static int ssl_print_client_hello(BIO *bio, SSL *ssl, int indent,
}
static int dtls_print_hello_vfyrequest(BIO *bio, int indent,
const unsigned char *msg,
size_t msglen)
const unsigned char *msg, size_t msglen)
{
if (!ssl_print_version(bio, indent, "server_version", &msg, &msglen))
return 0;
@ -928,8 +923,7 @@ static int ssl_print_client_keyex(BIO *bio, int indent, SSL *ssl,
"EncyptedPreMasterSecret", msg, msglen);
} else {
if (!ssl_print_hexbuf(bio, indent + 2,
"EncyptedPreMasterSecret", 2,
&msg, &msglen))
"EncyptedPreMasterSecret", 2, &msg, &msglen))
return 0;
}
break;
@ -967,8 +961,7 @@ static int ssl_print_server_keyex(BIO *bio, int indent, SSL *ssl,
switch (id) {
case SSL_kRSA:
if (!ssl_print_hexbuf(bio, indent + 2, "rsa_modulus", 2,
&msg, &msglen))
if (!ssl_print_hexbuf(bio, indent + 2, "rsa_modulus", 2, &msg, &msglen))
return 0;
if (!ssl_print_hexbuf(bio, indent + 2, "rsa_exponent", 2,
&msg, &msglen))
@ -985,7 +978,7 @@ static int ssl_print_server_keyex(BIO *bio, int indent, SSL *ssl,
return 0;
break;
#ifndef OPENSSL_NO_EC
# ifndef OPENSSL_NO_EC
case SSL_kECDHE:
case SSL_kECDHEPSK:
if (msglen < 1)
@ -1011,7 +1004,7 @@ static int ssl_print_server_keyex(BIO *bio, int indent, SSL *ssl,
return 0;
}
break;
#endif
# endif
case SSL_kPSK:
case SSL_kRSAPSK:
@ -1292,8 +1285,7 @@ void SSL_trace(int write_p, int version, int content_type,
if (write_p == 2) {
BIO_puts(bio, "Session ");
ssl_print_hex(bio, 0,
ssl_trace_str(content_type, ssl_crypto_tbl),
msg, msglen);
ssl_trace_str(content_type, ssl_crypto_tbl), msg, msglen);
return;
}
switch (content_type) {

8
ssl/tls_srp.c
View file

@ -13,7 +13,7 @@
#include "ssl_locl.h"
#ifndef OPENSSL_NO_SRP
#include <openssl/srp.h>
# include <openssl/srp.h>
int SSL_CTX_SRP_CTX_free(struct ssl_ctx_st *ctx)
{
@ -325,8 +325,7 @@ int srp_generate_client_master_secret(SSL *s)
goto err;
if (!
(passwd =
s->srp_ctx.SRP_give_srp_client_pwd_callback(s,
s->srp_ctx.SRP_cb_arg)))
s->srp_ctx.SRP_give_srp_client_pwd_callback(s, s->srp_ctx.SRP_cb_arg)))
goto err;
if ((x = SRP_Calc_x(s->srp_ctx.s, s->srp_ctx.login, passwd)) == NULL)
goto err;
@ -388,8 +387,7 @@ int SRP_Calc_A_param(SSL *s)
s->srp_ctx.a = BN_bin2bn(rnd, sizeof(rnd), s->srp_ctx.a);
OPENSSL_cleanse(rnd, sizeof(rnd));
if (!
(s->srp_ctx.A = SRP_Calc_A(s->srp_ctx.a, s->srp_ctx.N, s->srp_ctx.g)))
if (!(s->srp_ctx.A = SRP_Calc_A(s->srp_ctx.a, s->srp_ctx.N, s->srp_ctx.g)))
return 0;
return 1;

7
util/indent.pro
View file

@ -14,7 +14,7 @@
-i4
-il1
-ip0
-l78
-l80
-lp
-nbad
-nbc
@ -107,6 +107,7 @@
-T BIGNUM
-T BIO
-T BIO_ACCEPT
-T BIO_ADDR
-T BIO_ASN1_BUF_CTX
-T BIO_ASN1_EX_FUNCS
-T BIO_B64_CTX
@ -362,6 +363,7 @@
-T OPENSSL_PSTRING
-T OPENSSL_STRING
-T OPENSSL_STRING
-T OSSL_ASYNC_FD
-T OTHERNAME
-T P256_POINT
-T P256_POINT_AFFINE
@ -442,6 +444,7 @@
-T SSL_COMP
-T SSL_CONF_CTX
-T SSL_CTX
-T SSL_DANE
-T SSL_EXCERT
-T SSL_METHOD
-T SSL_SESSION
@ -727,3 +730,5 @@
-T ASYNC_JOB
-T intmax_t
-T uintmax_t
-T pqueue
-T danetls_record