s3_both.c 23 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847
  1. /* ssl/s3_both.c */
  2. /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  3. * All rights reserved.
  4. *
  5. * This package is an SSL implementation written
  6. * by Eric Young (eay@cryptsoft.com).
  7. * The implementation was written so as to conform with Netscapes SSL.
  8. *
  9. * This library is free for commercial and non-commercial use as long as
  10. * the following conditions are aheared to. The following conditions
  11. * apply to all code found in this distribution, be it the RC4, RSA,
  12. * lhash, DES, etc., code; not just the SSL code. The SSL documentation
  13. * included with this distribution is covered by the same copyright terms
  14. * except that the holder is Tim Hudson (tjh@cryptsoft.com).
  15. *
  16. * Copyright remains Eric Young's, and as such any Copyright notices in
  17. * the code are not to be removed.
  18. * If this package is used in a product, Eric Young should be given attribution
  19. * as the author of the parts of the library used.
  20. * This can be in the form of a textual message at program startup or
  21. * in documentation (online or textual) provided with the package.
  22. *
  23. * Redistribution and use in source and binary forms, with or without
  24. * modification, are permitted provided that the following conditions
  25. * are met:
  26. * 1. Redistributions of source code must retain the copyright
  27. * notice, this list of conditions and the following disclaimer.
  28. * 2. Redistributions in binary form must reproduce the above copyright
  29. * notice, this list of conditions and the following disclaimer in the
  30. * documentation and/or other materials provided with the distribution.
  31. * 3. All advertising materials mentioning features or use of this software
  32. * must display the following acknowledgement:
  33. * "This product includes cryptographic software written by
  34. * Eric Young (eay@cryptsoft.com)"
  35. * The word 'cryptographic' can be left out if the rouines from the library
  36. * being used are not cryptographic related :-).
  37. * 4. If you include any Windows specific code (or a derivative thereof) from
  38. * the apps directory (application code) you must include an acknowledgement:
  39. * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
  40. *
  41. * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  42. * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  43. * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  44. * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
  45. * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  46. * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  47. * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  48. * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  49. * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  50. * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  51. * SUCH DAMAGE.
  52. *
  53. * The licence and distribution terms for any publically available version or
  54. * derivative of this code cannot be changed. i.e. this code cannot simply be
  55. * copied and put under another distribution licence
  56. * [including the GNU Public Licence.]
  57. */
  58. /* ====================================================================
  59. * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
  60. *
  61. * Redistribution and use in source and binary forms, with or without
  62. * modification, are permitted provided that the following conditions
  63. * are met:
  64. *
  65. * 1. Redistributions of source code must retain the above copyright
  66. * notice, this list of conditions and the following disclaimer.
  67. *
  68. * 2. Redistributions in binary form must reproduce the above copyright
  69. * notice, this list of conditions and the following disclaimer in
  70. * the documentation and/or other materials provided with the
  71. * distribution.
  72. *
  73. * 3. All advertising materials mentioning features or use of this
  74. * software must display the following acknowledgment:
  75. * "This product includes software developed by the OpenSSL Project
  76. * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
  77. *
  78. * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
  79. * endorse or promote products derived from this software without
  80. * prior written permission. For written permission, please contact
  81. * openssl-core@openssl.org.
  82. *
  83. * 5. Products derived from this software may not be called "OpenSSL"
  84. * nor may "OpenSSL" appear in their names without prior written
  85. * permission of the OpenSSL Project.
  86. *
  87. * 6. Redistributions of any form whatsoever must retain the following
  88. * acknowledgment:
  89. * "This product includes software developed by the OpenSSL Project
  90. * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
  91. *
  92. * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
  93. * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  94. * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
  95. * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
  96. * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  97. * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
  98. * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
  99. * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  100. * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
  101. * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
  102. * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
  103. * OF THE POSSIBILITY OF SUCH DAMAGE.
  104. * ====================================================================
  105. *
  106. * This product includes cryptographic software written by Eric Young
  107. * (eay@cryptsoft.com). This product includes software written by Tim
  108. * Hudson (tjh@cryptsoft.com).
  109. *
  110. */
  111. /* ====================================================================
  112. * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
  113. * ECC cipher suite support in OpenSSL originally developed by
  114. * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
  115. */
  116. #include <limits.h>
  117. #include <string.h>
  118. #include <stdio.h>
  119. #include "ssl_locl.h"
  120. #include <openssl/buffer.h>
  121. #include <openssl/rand.h>
  122. #include <openssl/objects.h>
  123. #include <openssl/evp.h>
  124. #include <openssl/x509.h>
  125. /* send s->init_buf in records of type 'type' (SSL3_RT_HANDSHAKE or SSL3_RT_CHANGE_CIPHER_SPEC) */
  126. int ssl3_do_write(SSL *s, int type)
  127. {
  128. int ret;
  129. ret=ssl3_write_bytes(s,type,&s->init_buf->data[s->init_off],
  130. s->init_num);
  131. if (ret < 0) return(-1);
  132. if (type == SSL3_RT_HANDSHAKE)
  133. /* should not be done for 'Hello Request's, but in that case
  134. * we'll ignore the result anyway */
  135. ssl3_finish_mac(s,(unsigned char *)&s->init_buf->data[s->init_off],ret);
  136. if (ret == s->init_num)
  137. {
  138. if (s->msg_callback)
  139. s->msg_callback(1, s->version, type, s->init_buf->data, (size_t)(s->init_off + s->init_num), s, s->msg_callback_arg);
  140. return(1);
  141. }
  142. s->init_off+=ret;
  143. s->init_num-=ret;
  144. return(0);
  145. }
  146. int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen)
  147. {
  148. unsigned char *p,*d;
  149. int i;
  150. unsigned long l;
  151. if (s->state == a)
  152. {
  153. d=(unsigned char *)s->init_buf->data;
  154. p= &(d[4]);
  155. i=s->method->ssl3_enc->final_finish_mac(s,
  156. sender,slen,s->s3->tmp.finish_md);
  157. s->s3->tmp.finish_md_len = i;
  158. memcpy(p, s->s3->tmp.finish_md, i);
  159. p+=i;
  160. l=i;
  161. /* Copy the finished so we can use it for
  162. renegotiation checks */
  163. if(s->type == SSL_ST_CONNECT)
  164. {
  165. OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
  166. memcpy(s->s3->previous_client_finished,
  167. s->s3->tmp.finish_md, i);
  168. s->s3->previous_client_finished_len=i;
  169. }
  170. else
  171. {
  172. OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
  173. memcpy(s->s3->previous_server_finished,
  174. s->s3->tmp.finish_md, i);
  175. s->s3->previous_server_finished_len=i;
  176. }
  177. #ifdef OPENSSL_SYS_WIN16
  178. /* MSVC 1.5 does not clear the top bytes of the word unless
  179. * I do this.
  180. */
  181. l&=0xffff;
  182. #endif
  183. *(d++)=SSL3_MT_FINISHED;
  184. l2n3(l,d);
  185. s->init_num=(int)l+4;
  186. s->init_off=0;
  187. s->state=b;
  188. }
  189. /* SSL3_ST_SEND_xxxxxx_HELLO_B */
  190. return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
  191. }
  192. #ifndef OPENSSL_NO_NEXTPROTONEG
  193. /* ssl3_take_mac calculates the Finished MAC for the handshakes messages seen to far. */
  194. static void ssl3_take_mac(SSL *s)
  195. {
  196. const char *sender;
  197. int slen;
  198. if (s->state & SSL_ST_CONNECT)
  199. {
  200. sender=s->method->ssl3_enc->server_finished_label;
  201. slen=s->method->ssl3_enc->server_finished_label_len;
  202. }
  203. else
  204. {
  205. sender=s->method->ssl3_enc->client_finished_label;
  206. slen=s->method->ssl3_enc->client_finished_label_len;
  207. }
  208. s->s3->tmp.peer_finish_md_len = s->method->ssl3_enc->final_finish_mac(s,
  209. sender,slen,s->s3->tmp.peer_finish_md);
  210. }
  211. #endif
  212. int ssl3_get_finished(SSL *s, int a, int b)
  213. {
  214. int al,i,ok;
  215. long n;
  216. unsigned char *p;
  217. #ifdef OPENSSL_NO_NEXTPROTONEG
  218. /* the mac has already been generated when we received the
  219. * change cipher spec message and is in s->s3->tmp.peer_finish_md
  220. */
  221. #endif
  222. n=s->method->ssl_get_message(s,
  223. a,
  224. b,
  225. SSL3_MT_FINISHED,
  226. 64, /* should actually be 36+4 :-) */
  227. &ok);
  228. if (!ok) return((int)n);
  229. /* If this occurs, we have missed a message */
  230. if (!s->s3->change_cipher_spec)
  231. {
  232. al=SSL_AD_UNEXPECTED_MESSAGE;
  233. SSLerr(SSL_F_SSL3_GET_FINISHED,SSL_R_GOT_A_FIN_BEFORE_A_CCS);
  234. goto f_err;
  235. }
  236. s->s3->change_cipher_spec=0;
  237. p = (unsigned char *)s->init_msg;
  238. i = s->s3->tmp.peer_finish_md_len;
  239. if (i != n)
  240. {
  241. al=SSL_AD_DECODE_ERROR;
  242. SSLerr(SSL_F_SSL3_GET_FINISHED,SSL_R_BAD_DIGEST_LENGTH);
  243. goto f_err;
  244. }
  245. if (memcmp(p, s->s3->tmp.peer_finish_md, i) != 0)
  246. {
  247. al=SSL_AD_DECRYPT_ERROR;
  248. SSLerr(SSL_F_SSL3_GET_FINISHED,SSL_R_DIGEST_CHECK_FAILED);
  249. goto f_err;
  250. }
  251. /* Copy the finished so we can use it for
  252. renegotiation checks */
  253. if(s->type == SSL_ST_ACCEPT)
  254. {
  255. OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
  256. memcpy(s->s3->previous_client_finished,
  257. s->s3->tmp.peer_finish_md, i);
  258. s->s3->previous_client_finished_len=i;
  259. }
  260. else
  261. {
  262. OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
  263. memcpy(s->s3->previous_server_finished,
  264. s->s3->tmp.peer_finish_md, i);
  265. s->s3->previous_server_finished_len=i;
  266. }
  267. return(1);
  268. f_err:
  269. ssl3_send_alert(s,SSL3_AL_FATAL,al);
  270. return(0);
  271. }
  272. /* for these 2 messages, we need to
  273. * ssl->enc_read_ctx re-init
  274. * ssl->s3->read_sequence zero
  275. * ssl->s3->read_mac_secret re-init
  276. * ssl->session->read_sym_enc assign
  277. * ssl->session->read_compression assign
  278. * ssl->session->read_hash assign
  279. */
  280. int ssl3_send_change_cipher_spec(SSL *s, int a, int b)
  281. {
  282. unsigned char *p;
  283. if (s->state == a)
  284. {
  285. p=(unsigned char *)s->init_buf->data;
  286. *p=SSL3_MT_CCS;
  287. s->init_num=1;
  288. s->init_off=0;
  289. s->state=b;
  290. }
  291. /* SSL3_ST_CW_CHANGE_B */
  292. return(ssl3_do_write(s,SSL3_RT_CHANGE_CIPHER_SPEC));
  293. }
  294. static int ssl3_add_cert_to_buf(BUF_MEM *buf, unsigned long *l, X509 *x)
  295. {
  296. int n;
  297. unsigned char *p;
  298. n=i2d_X509(x,NULL);
  299. if (!BUF_MEM_grow_clean(buf,(int)(n+(*l)+3)))
  300. {
  301. SSLerr(SSL_F_SSL3_ADD_CERT_TO_BUF,ERR_R_BUF_LIB);
  302. return(-1);
  303. }
  304. p=(unsigned char *)&(buf->data[*l]);
  305. l2n3(n,p);
  306. i2d_X509(x,&p);
  307. *l+=n+3;
  308. return(0);
  309. }
  310. unsigned long ssl3_output_cert_chain(SSL *s, X509 *x)
  311. {
  312. unsigned char *p;
  313. int i;
  314. unsigned long l=7;
  315. BUF_MEM *buf;
  316. int no_chain;
  317. if ((s->mode & SSL_MODE_NO_AUTO_CHAIN) || s->ctx->extra_certs)
  318. no_chain = 1;
  319. else
  320. no_chain = 0;
  321. /* TLSv1 sends a chain with nothing in it, instead of an alert */
  322. buf=s->init_buf;
  323. if (!BUF_MEM_grow_clean(buf,10))
  324. {
  325. SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB);
  326. return(0);
  327. }
  328. if (x != NULL)
  329. {
  330. if (no_chain)
  331. {
  332. if (ssl3_add_cert_to_buf(buf, &l, x))
  333. return(0);
  334. }
  335. else
  336. {
  337. X509_STORE_CTX xs_ctx;
  338. if (!X509_STORE_CTX_init(&xs_ctx,s->ctx->cert_store,x,NULL))
  339. {
  340. SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_X509_LIB);
  341. return(0);
  342. }
  343. X509_verify_cert(&xs_ctx);
  344. /* Don't leave errors in the queue */
  345. ERR_clear_error();
  346. for (i=0; i < sk_X509_num(xs_ctx.chain); i++)
  347. {
  348. x = sk_X509_value(xs_ctx.chain, i);
  349. if (ssl3_add_cert_to_buf(buf, &l, x))
  350. {
  351. X509_STORE_CTX_cleanup(&xs_ctx);
  352. return 0;
  353. }
  354. }
  355. X509_STORE_CTX_cleanup(&xs_ctx);
  356. }
  357. }
  358. /* Thawte special :-) */
  359. for (i=0; i<sk_X509_num(s->ctx->extra_certs); i++)
  360. {
  361. x=sk_X509_value(s->ctx->extra_certs,i);
  362. if (ssl3_add_cert_to_buf(buf, &l, x))
  363. return(0);
  364. }
  365. l-=7;
  366. p=(unsigned char *)&(buf->data[4]);
  367. l2n3(l,p);
  368. l+=3;
  369. p=(unsigned char *)&(buf->data[0]);
  370. *(p++)=SSL3_MT_CERTIFICATE;
  371. l2n3(l,p);
  372. l+=4;
  373. return(l);
  374. }
  375. /* Obtain handshake message of message type 'mt' (any if mt == -1),
  376. * maximum acceptable body length 'max'.
  377. * The first four bytes (msg_type and length) are read in state 'st1',
  378. * the body is read in state 'stn'.
  379. */
  380. long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
  381. {
  382. unsigned char *p;
  383. unsigned long l;
  384. long n;
  385. int i,al;
  386. if (s->s3->tmp.reuse_message)
  387. {
  388. s->s3->tmp.reuse_message=0;
  389. if ((mt >= 0) && (s->s3->tmp.message_type != mt))
  390. {
  391. al=SSL_AD_UNEXPECTED_MESSAGE;
  392. SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_UNEXPECTED_MESSAGE);
  393. goto f_err;
  394. }
  395. *ok=1;
  396. s->init_msg = s->init_buf->data + 4;
  397. s->init_num = (int)s->s3->tmp.message_size;
  398. return s->init_num;
  399. }
  400. p=(unsigned char *)s->init_buf->data;
  401. if (s->state == st1) /* s->init_num < 4 */
  402. {
  403. int skip_message;
  404. do
  405. {
  406. while (s->init_num < 4)
  407. {
  408. i=s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,
  409. &p[s->init_num],4 - s->init_num, 0);
  410. if (i <= 0)
  411. {
  412. s->rwstate=SSL_READING;
  413. *ok = 0;
  414. return i;
  415. }
  416. s->init_num+=i;
  417. }
  418. skip_message = 0;
  419. if (!s->server)
  420. if (p[0] == SSL3_MT_HELLO_REQUEST)
  421. /* The server may always send 'Hello Request' messages --
  422. * we are doing a handshake anyway now, so ignore them
  423. * if their format is correct. Does not count for
  424. * 'Finished' MAC. */
  425. if (p[1] == 0 && p[2] == 0 &&p[3] == 0)
  426. {
  427. s->init_num = 0;
  428. skip_message = 1;
  429. if (s->msg_callback)
  430. s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, p, 4, s, s->msg_callback_arg);
  431. }
  432. }
  433. while (skip_message);
  434. /* s->init_num == 4 */
  435. if ((mt >= 0) && (*p != mt))
  436. {
  437. al=SSL_AD_UNEXPECTED_MESSAGE;
  438. SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_UNEXPECTED_MESSAGE);
  439. goto f_err;
  440. }
  441. if ((mt < 0) && (*p == SSL3_MT_CLIENT_HELLO) &&
  442. (st1 == SSL3_ST_SR_CERT_A) &&
  443. (stn == SSL3_ST_SR_CERT_B))
  444. {
  445. /* At this point we have got an MS SGC second client
  446. * hello (maybe we should always allow the client to
  447. * start a new handshake?). We need to restart the mac.
  448. * Don't increment {num,total}_renegotiations because
  449. * we have not completed the handshake. */
  450. ssl3_init_finished_mac(s);
  451. }
  452. s->s3->tmp.message_type= *(p++);
  453. n2l3(p,l);
  454. if (l > (unsigned long)max)
  455. {
  456. al=SSL_AD_ILLEGAL_PARAMETER;
  457. SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_EXCESSIVE_MESSAGE_SIZE);
  458. goto f_err;
  459. }
  460. if (l > (INT_MAX-4)) /* BUF_MEM_grow takes an 'int' parameter */
  461. {
  462. al=SSL_AD_ILLEGAL_PARAMETER;
  463. SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_EXCESSIVE_MESSAGE_SIZE);
  464. goto f_err;
  465. }
  466. if (l && !BUF_MEM_grow_clean(s->init_buf,(int)l+4))
  467. {
  468. SSLerr(SSL_F_SSL3_GET_MESSAGE,ERR_R_BUF_LIB);
  469. goto err;
  470. }
  471. s->s3->tmp.message_size=l;
  472. s->state=stn;
  473. s->init_msg = s->init_buf->data + 4;
  474. s->init_num = 0;
  475. }
  476. /* next state (stn) */
  477. p = s->init_msg;
  478. n = s->s3->tmp.message_size - s->init_num;
  479. while (n > 0)
  480. {
  481. i=s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,&p[s->init_num],n,0);
  482. if (i <= 0)
  483. {
  484. s->rwstate=SSL_READING;
  485. *ok = 0;
  486. return i;
  487. }
  488. s->init_num += i;
  489. n -= i;
  490. }
  491. #ifndef OPENSSL_NO_NEXTPROTONEG
  492. /* If receiving Finished, record MAC of prior handshake messages for
  493. * Finished verification. */
  494. if (*s->init_buf->data == SSL3_MT_FINISHED)
  495. ssl3_take_mac(s);
  496. #endif
  497. /* Feed this message into MAC computation. */
  498. ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, s->init_num + 4);
  499. if (s->msg_callback)
  500. s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->init_buf->data, (size_t)s->init_num + 4, s, s->msg_callback_arg);
  501. *ok=1;
  502. return s->init_num;
  503. f_err:
  504. ssl3_send_alert(s,SSL3_AL_FATAL,al);
  505. err:
  506. *ok=0;
  507. return(-1);
  508. }
  509. int ssl_cert_type(X509 *x, EVP_PKEY *pkey)
  510. {
  511. EVP_PKEY *pk;
  512. int ret= -1,i;
  513. if (pkey == NULL)
  514. pk=X509_get_pubkey(x);
  515. else
  516. pk=pkey;
  517. if (pk == NULL) goto err;
  518. i=pk->type;
  519. if (i == EVP_PKEY_RSA)
  520. {
  521. ret=SSL_PKEY_RSA_ENC;
  522. }
  523. else if (i == EVP_PKEY_DSA)
  524. {
  525. ret=SSL_PKEY_DSA_SIGN;
  526. }
  527. #ifndef OPENSSL_NO_EC
  528. else if (i == EVP_PKEY_EC)
  529. {
  530. ret = SSL_PKEY_ECC;
  531. }
  532. #endif
  533. else if (i == NID_id_GostR3410_94 || i == NID_id_GostR3410_94_cc)
  534. {
  535. ret = SSL_PKEY_GOST94;
  536. }
  537. else if (i == NID_id_GostR3410_2001 || i == NID_id_GostR3410_2001_cc)
  538. {
  539. ret = SSL_PKEY_GOST01;
  540. }
  541. err:
  542. if(!pkey) EVP_PKEY_free(pk);
  543. return(ret);
  544. }
  545. int ssl_verify_alarm_type(long type)
  546. {
  547. int al;
  548. switch(type)
  549. {
  550. case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
  551. case X509_V_ERR_UNABLE_TO_GET_CRL:
  552. case X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER:
  553. al=SSL_AD_UNKNOWN_CA;
  554. break;
  555. case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE:
  556. case X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE:
  557. case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY:
  558. case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
  559. case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
  560. case X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD:
  561. case X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD:
  562. case X509_V_ERR_CERT_NOT_YET_VALID:
  563. case X509_V_ERR_CRL_NOT_YET_VALID:
  564. case X509_V_ERR_CERT_UNTRUSTED:
  565. case X509_V_ERR_CERT_REJECTED:
  566. al=SSL_AD_BAD_CERTIFICATE;
  567. break;
  568. case X509_V_ERR_CERT_SIGNATURE_FAILURE:
  569. case X509_V_ERR_CRL_SIGNATURE_FAILURE:
  570. al=SSL_AD_DECRYPT_ERROR;
  571. break;
  572. case X509_V_ERR_CERT_HAS_EXPIRED:
  573. case X509_V_ERR_CRL_HAS_EXPIRED:
  574. al=SSL_AD_CERTIFICATE_EXPIRED;
  575. break;
  576. case X509_V_ERR_CERT_REVOKED:
  577. al=SSL_AD_CERTIFICATE_REVOKED;
  578. break;
  579. case X509_V_ERR_OUT_OF_MEM:
  580. al=SSL_AD_INTERNAL_ERROR;
  581. break;
  582. case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
  583. case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN:
  584. case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY:
  585. case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE:
  586. case X509_V_ERR_CERT_CHAIN_TOO_LONG:
  587. case X509_V_ERR_PATH_LENGTH_EXCEEDED:
  588. case X509_V_ERR_INVALID_CA:
  589. al=SSL_AD_UNKNOWN_CA;
  590. break;
  591. case X509_V_ERR_APPLICATION_VERIFICATION:
  592. al=SSL_AD_HANDSHAKE_FAILURE;
  593. break;
  594. case X509_V_ERR_INVALID_PURPOSE:
  595. al=SSL_AD_UNSUPPORTED_CERTIFICATE;
  596. break;
  597. default:
  598. al=SSL_AD_CERTIFICATE_UNKNOWN;
  599. break;
  600. }
  601. return(al);
  602. }
  603. #ifndef OPENSSL_NO_BUF_FREELISTS
  604. /* On some platforms, malloc() performance is bad enough that you can't just
  605. * free() and malloc() buffers all the time, so we need to use freelists from
  606. * unused buffers. Currently, each freelist holds memory chunks of only a
  607. * given size (list->chunklen); other sized chunks are freed and malloced.
  608. * This doesn't help much if you're using many different SSL option settings
  609. * with a given context. (The options affecting buffer size are
  610. * max_send_fragment, read buffer vs write buffer,
  611. * SSL_OP_MICROSOFT_BIG_WRITE_BUFFER, SSL_OP_NO_COMPRESSION, and
  612. * SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS.) Using a separate freelist for every
  613. * possible size is not an option, since max_send_fragment can take on many
  614. * different values.
  615. *
  616. * If you are on a platform with a slow malloc(), and you're using SSL
  617. * connections with many different settings for these options, and you need to
  618. * use the SSL_MOD_RELEASE_BUFFERS feature, you have a few options:
  619. * - Link against a faster malloc implementation.
  620. * - Use a separate SSL_CTX for each option set.
  621. * - Improve this code.
  622. */
  623. static void *
  624. freelist_extract(SSL_CTX *ctx, int for_read, int sz)
  625. {
  626. SSL3_BUF_FREELIST *list;
  627. SSL3_BUF_FREELIST_ENTRY *ent = NULL;
  628. void *result = NULL;
  629. CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
  630. list = for_read ? ctx->rbuf_freelist : ctx->wbuf_freelist;
  631. if (list != NULL && sz == (int)list->chunklen)
  632. ent = list->head;
  633. if (ent != NULL)
  634. {
  635. list->head = ent->next;
  636. result = ent;
  637. if (--list->len == 0)
  638. list->chunklen = 0;
  639. }
  640. CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
  641. if (!result)
  642. result = OPENSSL_malloc(sz);
  643. return result;
  644. }
  645. static void
  646. freelist_insert(SSL_CTX *ctx, int for_read, size_t sz, void *mem)
  647. {
  648. SSL3_BUF_FREELIST *list;
  649. SSL3_BUF_FREELIST_ENTRY *ent;
  650. CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
  651. list = for_read ? ctx->rbuf_freelist : ctx->wbuf_freelist;
  652. if (list != NULL &&
  653. (sz == list->chunklen || list->chunklen == 0) &&
  654. list->len < ctx->freelist_max_len &&
  655. sz >= sizeof(*ent))
  656. {
  657. list->chunklen = sz;
  658. ent = mem;
  659. ent->next = list->head;
  660. list->head = ent;
  661. ++list->len;
  662. mem = NULL;
  663. }
  664. CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
  665. if (mem)
  666. OPENSSL_free(mem);
  667. }
  668. #else
  669. #define freelist_extract(c,fr,sz) OPENSSL_malloc(sz)
  670. #define freelist_insert(c,fr,sz,m) OPENSSL_free(m)
  671. #endif
  672. int ssl3_setup_read_buffer(SSL *s)
  673. {
  674. unsigned char *p;
  675. size_t len,align=0,headerlen;
  676. if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER)
  677. headerlen = DTLS1_RT_HEADER_LENGTH;
  678. else
  679. headerlen = SSL3_RT_HEADER_LENGTH;
  680. #if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0
  681. align = (-SSL3_RT_HEADER_LENGTH)&(SSL3_ALIGN_PAYLOAD-1);
  682. #endif
  683. if (s->s3->rbuf.buf == NULL)
  684. {
  685. len = SSL3_RT_MAX_PLAIN_LENGTH
  686. + SSL3_RT_MAX_ENCRYPTED_OVERHEAD
  687. + headerlen + align;
  688. if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER)
  689. {
  690. s->s3->init_extra = 1;
  691. len += SSL3_RT_MAX_EXTRA;
  692. }
  693. #ifndef OPENSSL_NO_COMP
  694. if (!(s->options & SSL_OP_NO_COMPRESSION))
  695. len += SSL3_RT_MAX_COMPRESSED_OVERHEAD;
  696. #endif
  697. if ((p=freelist_extract(s->ctx, 1, len)) == NULL)
  698. goto err;
  699. s->s3->rbuf.buf = p;
  700. s->s3->rbuf.len = len;
  701. }
  702. s->packet= &(s->s3->rbuf.buf[0]);
  703. return 1;
  704. err:
  705. SSLerr(SSL_F_SSL3_SETUP_READ_BUFFER,ERR_R_MALLOC_FAILURE);
  706. return 0;
  707. }
  708. int ssl3_setup_write_buffer(SSL *s)
  709. {
  710. unsigned char *p;
  711. size_t len,align=0,headerlen;
  712. if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER)
  713. headerlen = DTLS1_RT_HEADER_LENGTH + 1;
  714. else
  715. headerlen = SSL3_RT_HEADER_LENGTH;
  716. #if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0
  717. align = (-SSL3_RT_HEADER_LENGTH)&(SSL3_ALIGN_PAYLOAD-1);
  718. #endif
  719. if (s->s3->wbuf.buf == NULL)
  720. {
  721. len = s->max_send_fragment
  722. + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD
  723. + headerlen + align;
  724. #ifndef OPENSSL_NO_COMP
  725. if (!(s->options & SSL_OP_NO_COMPRESSION))
  726. len += SSL3_RT_MAX_COMPRESSED_OVERHEAD;
  727. #endif
  728. if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS))
  729. len += headerlen + align
  730. + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD;
  731. if ((p=freelist_extract(s->ctx, 0, len)) == NULL)
  732. goto err;
  733. s->s3->wbuf.buf = p;
  734. s->s3->wbuf.len = len;
  735. }
  736. return 1;
  737. err:
  738. SSLerr(SSL_F_SSL3_SETUP_WRITE_BUFFER,ERR_R_MALLOC_FAILURE);
  739. return 0;
  740. }
  741. int ssl3_setup_buffers(SSL *s)
  742. {
  743. if (!ssl3_setup_read_buffer(s))
  744. return 0;
  745. if (!ssl3_setup_write_buffer(s))
  746. return 0;
  747. return 1;
  748. }
  749. int ssl3_release_write_buffer(SSL *s)
  750. {
  751. if (s->s3->wbuf.buf != NULL)
  752. {
  753. freelist_insert(s->ctx, 0, s->s3->wbuf.len, s->s3->wbuf.buf);
  754. s->s3->wbuf.buf = NULL;
  755. }
  756. return 1;
  757. }
  758. int ssl3_release_read_buffer(SSL *s)
  759. {
  760. if (s->s3->rbuf.buf != NULL)
  761. {
  762. freelist_insert(s->ctx, 1, s->s3->rbuf.len, s->s3->rbuf.buf);
  763. s->s3->rbuf.buf = NULL;
  764. }
  765. return 1;
  766. }