s3_both.c 21 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769
  1. /* ssl/s3_both.c */
  2. /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  3. * All rights reserved.
  4. *
  5. * This package is an SSL implementation written
  6. * by Eric Young (eay@cryptsoft.com).
  7. * The implementation was written so as to conform with Netscapes SSL.
  8. *
  9. * This library is free for commercial and non-commercial use as long as
  10. * the following conditions are aheared to. The following conditions
  11. * apply to all code found in this distribution, be it the RC4, RSA,
  12. * lhash, DES, etc., code; not just the SSL code. The SSL documentation
  13. * included with this distribution is covered by the same copyright terms
  14. * except that the holder is Tim Hudson (tjh@cryptsoft.com).
  15. *
  16. * Copyright remains Eric Young's, and as such any Copyright notices in
  17. * the code are not to be removed.
  18. * If this package is used in a product, Eric Young should be given attribution
  19. * as the author of the parts of the library used.
  20. * This can be in the form of a textual message at program startup or
  21. * in documentation (online or textual) provided with the package.
  22. *
  23. * Redistribution and use in source and binary forms, with or without
  24. * modification, are permitted provided that the following conditions
  25. * are met:
  26. * 1. Redistributions of source code must retain the copyright
  27. * notice, this list of conditions and the following disclaimer.
  28. * 2. Redistributions in binary form must reproduce the above copyright
  29. * notice, this list of conditions and the following disclaimer in the
  30. * documentation and/or other materials provided with the distribution.
  31. * 3. All advertising materials mentioning features or use of this software
  32. * must display the following acknowledgement:
  33. * "This product includes cryptographic software written by
  34. * Eric Young (eay@cryptsoft.com)"
  35. * The word 'cryptographic' can be left out if the rouines from the library
  36. * being used are not cryptographic related :-).
  37. * 4. If you include any Windows specific code (or a derivative thereof) from
  38. * the apps directory (application code) you must include an acknowledgement:
  39. * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
  40. *
  41. * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  42. * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  43. * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  44. * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
  45. * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  46. * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  47. * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  48. * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  49. * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  50. * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  51. * SUCH DAMAGE.
  52. *
  53. * The licence and distribution terms for any publically available version or
  54. * derivative of this code cannot be changed. i.e. this code cannot simply be
  55. * copied and put under another distribution licence
  56. * [including the GNU Public Licence.]
  57. */
  58. /* ====================================================================
  59. * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
  60. *
  61. * Redistribution and use in source and binary forms, with or without
  62. * modification, are permitted provided that the following conditions
  63. * are met:
  64. *
  65. * 1. Redistributions of source code must retain the above copyright
  66. * notice, this list of conditions and the following disclaimer.
  67. *
  68. * 2. Redistributions in binary form must reproduce the above copyright
  69. * notice, this list of conditions and the following disclaimer in
  70. * the documentation and/or other materials provided with the
  71. * distribution.
  72. *
  73. * 3. All advertising materials mentioning features or use of this
  74. * software must display the following acknowledgment:
  75. * "This product includes software developed by the OpenSSL Project
  76. * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
  77. *
  78. * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
  79. * endorse or promote products derived from this software without
  80. * prior written permission. For written permission, please contact
  81. * openssl-core@openssl.org.
  82. *
  83. * 5. Products derived from this software may not be called "OpenSSL"
  84. * nor may "OpenSSL" appear in their names without prior written
  85. * permission of the OpenSSL Project.
  86. *
  87. * 6. Redistributions of any form whatsoever must retain the following
  88. * acknowledgment:
  89. * "This product includes software developed by the OpenSSL Project
  90. * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
  91. *
  92. * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
  93. * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  94. * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
  95. * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
  96. * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  97. * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
  98. * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
  99. * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  100. * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
  101. * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
  102. * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
  103. * OF THE POSSIBILITY OF SUCH DAMAGE.
  104. * ====================================================================
  105. *
  106. * This product includes cryptographic software written by Eric Young
  107. * (eay@cryptsoft.com). This product includes software written by Tim
  108. * Hudson (tjh@cryptsoft.com).
  109. *
  110. */
  111. /* ====================================================================
  112. * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
  113. * ECC cipher suite support in OpenSSL originally developed by
  114. * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
  115. */
  116. #include <limits.h>
  117. #include <string.h>
  118. #include <stdio.h>
  119. #include "ssl_locl.h"
  120. #include <openssl/buffer.h>
  121. #include <openssl/rand.h>
  122. #include <openssl/objects.h>
  123. #include <openssl/evp.h>
  124. #include <openssl/x509.h>
  125. /* send s->init_buf in records of type 'type' (SSL3_RT_HANDSHAKE or SSL3_RT_CHANGE_CIPHER_SPEC) */
  126. int ssl3_do_write(SSL *s, int type)
  127. {
  128. int ret;
  129. ret=ssl3_write_bytes(s,type,&s->init_buf->data[s->init_off],
  130. s->init_num);
  131. if (ret < 0) return(-1);
  132. if (type == SSL3_RT_HANDSHAKE)
  133. /* should not be done for 'Hello Request's, but in that case
  134. * we'll ignore the result anyway */
  135. ssl3_finish_mac(s,(unsigned char *)&s->init_buf->data[s->init_off],ret);
  136. if (ret == s->init_num)
  137. {
  138. if (s->msg_callback)
  139. s->msg_callback(1, s->version, type, s->init_buf->data, (size_t)(s->init_off + s->init_num), s, s->msg_callback_arg);
  140. return(1);
  141. }
  142. s->init_off+=ret;
  143. s->init_num-=ret;
  144. return(0);
  145. }
  146. int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen)
  147. {
  148. unsigned char *p,*d;
  149. int i;
  150. unsigned long l;
  151. if (s->state == a)
  152. {
  153. d=(unsigned char *)s->init_buf->data;
  154. p= &(d[4]);
  155. i=s->method->ssl3_enc->final_finish_mac(s,
  156. sender,slen,s->s3->tmp.finish_md);
  157. s->s3->tmp.finish_md_len = i;
  158. memcpy(p, s->s3->tmp.finish_md, i);
  159. p+=i;
  160. l=i;
  161. #ifdef OPENSSL_SYS_WIN16
  162. /* MSVC 1.5 does not clear the top bytes of the word unless
  163. * I do this.
  164. */
  165. l&=0xffff;
  166. #endif
  167. *(d++)=SSL3_MT_FINISHED;
  168. l2n3(l,d);
  169. s->init_num=(int)l+4;
  170. s->init_off=0;
  171. s->state=b;
  172. }
  173. /* SSL3_ST_SEND_xxxxxx_HELLO_B */
  174. return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
  175. }
  176. int ssl3_get_finished(SSL *s, int a, int b)
  177. {
  178. int al,i,ok;
  179. long n;
  180. unsigned char *p;
  181. /* the mac has already been generated when we received the
  182. * change cipher spec message and is in s->s3->tmp.peer_finish_md
  183. */
  184. n=s->method->ssl_get_message(s,
  185. a,
  186. b,
  187. SSL3_MT_FINISHED,
  188. 64, /* should actually be 36+4 :-) */
  189. &ok);
  190. if (!ok) return((int)n);
  191. /* If this occurs, we have missed a message */
  192. if (!s->s3->change_cipher_spec)
  193. {
  194. al=SSL_AD_UNEXPECTED_MESSAGE;
  195. SSLerr(SSL_F_SSL3_GET_FINISHED,SSL_R_GOT_A_FIN_BEFORE_A_CCS);
  196. goto f_err;
  197. }
  198. s->s3->change_cipher_spec=0;
  199. p = (unsigned char *)s->init_msg;
  200. i = s->s3->tmp.peer_finish_md_len;
  201. if (i != n)
  202. {
  203. al=SSL_AD_DECODE_ERROR;
  204. SSLerr(SSL_F_SSL3_GET_FINISHED,SSL_R_BAD_DIGEST_LENGTH);
  205. goto f_err;
  206. }
  207. if (memcmp(p, s->s3->tmp.peer_finish_md, i) != 0)
  208. {
  209. al=SSL_AD_DECRYPT_ERROR;
  210. SSLerr(SSL_F_SSL3_GET_FINISHED,SSL_R_DIGEST_CHECK_FAILED);
  211. goto f_err;
  212. }
  213. return(1);
  214. f_err:
  215. ssl3_send_alert(s,SSL3_AL_FATAL,al);
  216. return(0);
  217. }
  218. /* for these 2 messages, we need to
  219. * ssl->enc_read_ctx re-init
  220. * ssl->s3->read_sequence zero
  221. * ssl->s3->read_mac_secret re-init
  222. * ssl->session->read_sym_enc assign
  223. * ssl->session->read_compression assign
  224. * ssl->session->read_hash assign
  225. */
  226. int ssl3_send_change_cipher_spec(SSL *s, int a, int b)
  227. {
  228. unsigned char *p;
  229. if (s->state == a)
  230. {
  231. p=(unsigned char *)s->init_buf->data;
  232. *p=SSL3_MT_CCS;
  233. s->init_num=1;
  234. s->init_off=0;
  235. s->state=b;
  236. }
  237. /* SSL3_ST_CW_CHANGE_B */
  238. return(ssl3_do_write(s,SSL3_RT_CHANGE_CIPHER_SPEC));
  239. }
  240. unsigned long ssl3_output_cert_chain(SSL *s, X509 *x)
  241. {
  242. unsigned char *p;
  243. int n,i;
  244. unsigned long l=7;
  245. BUF_MEM *buf;
  246. X509_STORE_CTX xs_ctx;
  247. X509_OBJECT obj;
  248. int no_chain;
  249. if ((s->mode & SSL_MODE_NO_AUTO_CHAIN) || s->ctx->extra_certs)
  250. no_chain = 1;
  251. else
  252. no_chain = 0;
  253. /* TLSv1 sends a chain with nothing in it, instead of an alert */
  254. buf=s->init_buf;
  255. if (!BUF_MEM_grow_clean(buf,10))
  256. {
  257. SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB);
  258. return(0);
  259. }
  260. if (x != NULL)
  261. {
  262. if(!no_chain && !X509_STORE_CTX_init(&xs_ctx,s->ctx->cert_store,NULL,NULL))
  263. {
  264. SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_X509_LIB);
  265. return(0);
  266. }
  267. for (;;)
  268. {
  269. n=i2d_X509(x,NULL);
  270. if (!BUF_MEM_grow_clean(buf,(int)(n+l+3)))
  271. {
  272. SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB);
  273. return(0);
  274. }
  275. p=(unsigned char *)&(buf->data[l]);
  276. l2n3(n,p);
  277. i2d_X509(x,&p);
  278. l+=n+3;
  279. if (no_chain)
  280. break;
  281. if (X509_NAME_cmp(X509_get_subject_name(x),
  282. X509_get_issuer_name(x)) == 0) break;
  283. i=X509_STORE_get_by_subject(&xs_ctx,X509_LU_X509,
  284. X509_get_issuer_name(x),&obj);
  285. if (i <= 0) break;
  286. x=obj.data.x509;
  287. /* Count is one too high since the X509_STORE_get uped the
  288. * ref count */
  289. X509_free(x);
  290. }
  291. if (!no_chain)
  292. X509_STORE_CTX_cleanup(&xs_ctx);
  293. }
  294. /* Thawte special :-) */
  295. if (s->ctx->extra_certs != NULL)
  296. for (i=0; i<sk_X509_num(s->ctx->extra_certs); i++)
  297. {
  298. x=sk_X509_value(s->ctx->extra_certs,i);
  299. n=i2d_X509(x,NULL);
  300. if (!BUF_MEM_grow_clean(buf,(int)(n+l+3)))
  301. {
  302. SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB);
  303. return(0);
  304. }
  305. p=(unsigned char *)&(buf->data[l]);
  306. l2n3(n,p);
  307. i2d_X509(x,&p);
  308. l+=n+3;
  309. }
  310. l-=7;
  311. p=(unsigned char *)&(buf->data[4]);
  312. l2n3(l,p);
  313. l+=3;
  314. p=(unsigned char *)&(buf->data[0]);
  315. *(p++)=SSL3_MT_CERTIFICATE;
  316. l2n3(l,p);
  317. l+=4;
  318. return(l);
  319. }
  320. /* Obtain handshake message of message type 'mt' (any if mt == -1),
  321. * maximum acceptable body length 'max'.
  322. * The first four bytes (msg_type and length) are read in state 'st1',
  323. * the body is read in state 'stn'.
  324. */
  325. long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
  326. {
  327. unsigned char *p;
  328. unsigned long l;
  329. long n;
  330. int i,al;
  331. if (s->s3->tmp.reuse_message)
  332. {
  333. s->s3->tmp.reuse_message=0;
  334. if ((mt >= 0) && (s->s3->tmp.message_type != mt))
  335. {
  336. al=SSL_AD_UNEXPECTED_MESSAGE;
  337. SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_UNEXPECTED_MESSAGE);
  338. goto f_err;
  339. }
  340. *ok=1;
  341. s->init_msg = s->init_buf->data + 4;
  342. s->init_num = (int)s->s3->tmp.message_size;
  343. return s->init_num;
  344. }
  345. p=(unsigned char *)s->init_buf->data;
  346. if (s->state == st1) /* s->init_num < 4 */
  347. {
  348. int skip_message;
  349. do
  350. {
  351. while (s->init_num < 4)
  352. {
  353. i=s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,
  354. &p[s->init_num],4 - s->init_num, 0);
  355. if (i <= 0)
  356. {
  357. s->rwstate=SSL_READING;
  358. *ok = 0;
  359. return i;
  360. }
  361. s->init_num+=i;
  362. }
  363. skip_message = 0;
  364. if (!s->server)
  365. if (p[0] == SSL3_MT_HELLO_REQUEST)
  366. /* The server may always send 'Hello Request' messages --
  367. * we are doing a handshake anyway now, so ignore them
  368. * if their format is correct. Does not count for
  369. * 'Finished' MAC. */
  370. if (p[1] == 0 && p[2] == 0 &&p[3] == 0)
  371. {
  372. s->init_num = 0;
  373. skip_message = 1;
  374. if (s->msg_callback)
  375. s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, p, 4, s, s->msg_callback_arg);
  376. }
  377. }
  378. while (skip_message);
  379. /* s->init_num == 4 */
  380. if ((mt >= 0) && (*p != mt))
  381. {
  382. al=SSL_AD_UNEXPECTED_MESSAGE;
  383. SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_UNEXPECTED_MESSAGE);
  384. goto f_err;
  385. }
  386. if ((mt < 0) && (*p == SSL3_MT_CLIENT_HELLO) &&
  387. (st1 == SSL3_ST_SR_CERT_A) &&
  388. (stn == SSL3_ST_SR_CERT_B))
  389. {
  390. /* At this point we have got an MS SGC second client
  391. * hello (maybe we should always allow the client to
  392. * start a new handshake?). We need to restart the mac.
  393. * Don't increment {num,total}_renegotiations because
  394. * we have not completed the handshake. */
  395. ssl3_init_finished_mac(s);
  396. }
  397. s->s3->tmp.message_type= *(p++);
  398. n2l3(p,l);
  399. if (l > (unsigned long)max)
  400. {
  401. al=SSL_AD_ILLEGAL_PARAMETER;
  402. SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_EXCESSIVE_MESSAGE_SIZE);
  403. goto f_err;
  404. }
  405. if (l > (INT_MAX-4)) /* BUF_MEM_grow takes an 'int' parameter */
  406. {
  407. al=SSL_AD_ILLEGAL_PARAMETER;
  408. SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_EXCESSIVE_MESSAGE_SIZE);
  409. goto f_err;
  410. }
  411. if (l && !BUF_MEM_grow_clean(s->init_buf,(int)l+4))
  412. {
  413. SSLerr(SSL_F_SSL3_GET_MESSAGE,ERR_R_BUF_LIB);
  414. goto err;
  415. }
  416. s->s3->tmp.message_size=l;
  417. s->state=stn;
  418. s->init_msg = s->init_buf->data + 4;
  419. s->init_num = 0;
  420. }
  421. /* next state (stn) */
  422. p = s->init_msg;
  423. n = s->s3->tmp.message_size - s->init_num;
  424. while (n > 0)
  425. {
  426. i=s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,&p[s->init_num],n,0);
  427. if (i <= 0)
  428. {
  429. s->rwstate=SSL_READING;
  430. *ok = 0;
  431. return i;
  432. }
  433. s->init_num += i;
  434. n -= i;
  435. }
  436. ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, s->init_num + 4);
  437. if (s->msg_callback)
  438. s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->init_buf->data, (size_t)s->init_num + 4, s, s->msg_callback_arg);
  439. *ok=1;
  440. return s->init_num;
  441. f_err:
  442. ssl3_send_alert(s,SSL3_AL_FATAL,al);
  443. err:
  444. *ok=0;
  445. return(-1);
  446. }
  447. int ssl_cert_type(X509 *x, EVP_PKEY *pkey)
  448. {
  449. EVP_PKEY *pk;
  450. int ret= -1,i;
  451. if (pkey == NULL)
  452. pk=X509_get_pubkey(x);
  453. else
  454. pk=pkey;
  455. if (pk == NULL) goto err;
  456. i=pk->type;
  457. if (i == EVP_PKEY_RSA)
  458. {
  459. ret=SSL_PKEY_RSA_ENC;
  460. }
  461. else if (i == EVP_PKEY_DSA)
  462. {
  463. ret=SSL_PKEY_DSA_SIGN;
  464. }
  465. #ifndef OPENSSL_NO_EC
  466. else if (i == EVP_PKEY_EC)
  467. {
  468. ret = SSL_PKEY_ECC;
  469. }
  470. #endif
  471. else if (i == NID_id_GostR3410_94 || i == NID_id_GostR3410_94_cc)
  472. {
  473. ret = SSL_PKEY_GOST94;
  474. }
  475. else if (i == NID_id_GostR3410_2001 || i == NID_id_GostR3410_2001_cc)
  476. {
  477. ret = SSL_PKEY_GOST01;
  478. }
  479. err:
  480. if(!pkey) EVP_PKEY_free(pk);
  481. return(ret);
  482. }
  483. int ssl_verify_alarm_type(long type)
  484. {
  485. int al;
  486. switch(type)
  487. {
  488. case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
  489. case X509_V_ERR_UNABLE_TO_GET_CRL:
  490. case X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER:
  491. al=SSL_AD_UNKNOWN_CA;
  492. break;
  493. case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE:
  494. case X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE:
  495. case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY:
  496. case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
  497. case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
  498. case X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD:
  499. case X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD:
  500. case X509_V_ERR_CERT_NOT_YET_VALID:
  501. case X509_V_ERR_CRL_NOT_YET_VALID:
  502. case X509_V_ERR_CERT_UNTRUSTED:
  503. case X509_V_ERR_CERT_REJECTED:
  504. al=SSL_AD_BAD_CERTIFICATE;
  505. break;
  506. case X509_V_ERR_CERT_SIGNATURE_FAILURE:
  507. case X509_V_ERR_CRL_SIGNATURE_FAILURE:
  508. al=SSL_AD_DECRYPT_ERROR;
  509. break;
  510. case X509_V_ERR_CERT_HAS_EXPIRED:
  511. case X509_V_ERR_CRL_HAS_EXPIRED:
  512. al=SSL_AD_CERTIFICATE_EXPIRED;
  513. break;
  514. case X509_V_ERR_CERT_REVOKED:
  515. al=SSL_AD_CERTIFICATE_REVOKED;
  516. break;
  517. case X509_V_ERR_OUT_OF_MEM:
  518. al=SSL_AD_INTERNAL_ERROR;
  519. break;
  520. case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
  521. case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN:
  522. case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY:
  523. case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE:
  524. case X509_V_ERR_CERT_CHAIN_TOO_LONG:
  525. case X509_V_ERR_PATH_LENGTH_EXCEEDED:
  526. case X509_V_ERR_INVALID_CA:
  527. al=SSL_AD_UNKNOWN_CA;
  528. break;
  529. case X509_V_ERR_APPLICATION_VERIFICATION:
  530. al=SSL_AD_HANDSHAKE_FAILURE;
  531. break;
  532. case X509_V_ERR_INVALID_PURPOSE:
  533. al=SSL_AD_UNSUPPORTED_CERTIFICATE;
  534. break;
  535. default:
  536. al=SSL_AD_CERTIFICATE_UNKNOWN;
  537. break;
  538. }
  539. return(al);
  540. }
  541. #ifndef OPENSSL_NO_BUF_FREELISTS
  542. /* On some platforms, malloc() performance is bad enough that you can't just
  543. * free() and malloc() buffers all the time, so we need to use freelists from
  544. * unused buffers. Currently, each freelist holds memory chunks of only a
  545. * given size (list->chunklen); other sized chunks are freed and malloced.
  546. * This doesn't help much if you're using many different SSL option settings
  547. * with a given context. (The options affecting buffer size are
  548. * max_send_fragment, read buffer vs write buffer,
  549. * SSL_OP_MICROSOFT_BIG_WRITE_BUFFER, SSL_OP_NO_COMPRESSION, and
  550. * SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS.) Using a separate freelist for every
  551. * possible size is not an option, since max_send_fragment can take on many
  552. * different values.
  553. *
  554. * If you are on a platform with a slow malloc(), and you're using SSL
  555. * connections with many different settings for these options, and you need to
  556. * use the SSL_MOD_RELEASE_BUFFERS feature, you have a few options:
  557. * - Link against a faster malloc implementation.
  558. * - Use a separate SSL_CTX for each option set.
  559. * - Improve this code.
  560. */
  561. static void *
  562. freelist_extract(SSL_CTX *ctx, int for_read, int sz)
  563. {
  564. SSL3_BUF_FREELIST *list;
  565. SSL3_BUF_FREELIST_ENTRY *ent = NULL;
  566. void *result = NULL;
  567. CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
  568. list = for_read ? ctx->rbuf_freelist : ctx->wbuf_freelist;
  569. if (list != NULL && sz == (int)list->chunklen)
  570. ent = list->head;
  571. if (ent != NULL)
  572. {
  573. list->head = ent->next;
  574. result = ent;
  575. if (--list->len == 0)
  576. list->chunklen = 0;
  577. }
  578. CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
  579. if (!result)
  580. result = OPENSSL_malloc(sz);
  581. return result;
  582. }
  583. static void
  584. freelist_insert(SSL_CTX *ctx, int for_read, size_t sz, void *mem)
  585. {
  586. SSL3_BUF_FREELIST *list;
  587. SSL3_BUF_FREELIST_ENTRY *ent;
  588. CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
  589. list = for_read ? ctx->rbuf_freelist : ctx->wbuf_freelist;
  590. if (list != NULL &&
  591. (sz == list->chunklen || list->chunklen == 0) &&
  592. list->len < ctx->freelist_max_len &&
  593. sz >= sizeof(*ent))
  594. {
  595. list->chunklen = sz;
  596. ent = mem;
  597. ent->next = list->head;
  598. list->head = ent;
  599. ++list->len;
  600. mem = NULL;
  601. }
  602. CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
  603. if (mem)
  604. OPENSSL_free(mem);
  605. }
  606. #else
  607. #define freelist_extract(c,fr,sz) OPENSSL_malloc(sz)
  608. #define freelist_insert(c,fr,sz,m) OPENSSL_free(m)
  609. #endif
  610. int ssl3_setup_read_buffer(SSL *s)
  611. {
  612. unsigned char *p;
  613. size_t len,align=0;
  614. #if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0
  615. align = (-SSL3_RT_HEADER_LENGTH)&(SSL3_ALIGN_PAYLOAD-1);
  616. #endif
  617. if (s->s3->rbuf.buf == NULL)
  618. {
  619. len = SSL3_RT_MAX_PLAIN_LENGTH
  620. + SSL3_RT_MAX_ENCRYPTED_OVERHEAD
  621. + SSL3_RT_HEADER_LENGTH + align;
  622. if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER)
  623. {
  624. s->s3->init_extra = 1;
  625. len += SSL3_RT_MAX_EXTRA;
  626. }
  627. #ifndef OPENSSL_NO_COMP
  628. if (!(s->options & SSL_OP_NO_COMPRESSION))
  629. len += SSL3_RT_MAX_COMPRESSED_OVERHEAD;
  630. #endif
  631. if ((p=freelist_extract(s->ctx, 1, len)) == NULL)
  632. goto err;
  633. s->s3->rbuf.buf = p;
  634. s->s3->rbuf.len = len;
  635. }
  636. s->packet= &(s->s3->rbuf.buf[0]);
  637. return 1;
  638. err:
  639. SSLerr(SSL_F_SSL3_SETUP_READ_BUFFER,ERR_R_MALLOC_FAILURE);
  640. return 0;
  641. }
  642. int ssl3_setup_write_buffer(SSL *s)
  643. {
  644. unsigned char *p;
  645. size_t len,align=0;
  646. #if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0
  647. align = (-SSL3_RT_HEADER_LENGTH)&(SSL3_ALIGN_PAYLOAD-1);
  648. #endif
  649. if (s->s3->wbuf.buf == NULL)
  650. {
  651. len = s->max_send_fragment
  652. + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD
  653. + SSL3_RT_HEADER_LENGTH + align;
  654. #ifndef OPENSSL_NO_COMP
  655. if (!(s->options & SSL_OP_NO_COMPRESSION))
  656. len += SSL3_RT_MAX_COMPRESSED_OVERHEAD;
  657. #endif
  658. if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS))
  659. len += SSL3_RT_HEADER_LENGTH + align
  660. + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD;
  661. if ((p=freelist_extract(s->ctx, 0, len)) == NULL)
  662. goto err;
  663. s->s3->wbuf.buf = p;
  664. s->s3->wbuf.len = len;
  665. }
  666. return 1;
  667. err:
  668. SSLerr(SSL_F_SSL3_SETUP_WRITE_BUFFER,ERR_R_MALLOC_FAILURE);
  669. return 0;
  670. }
  671. int ssl3_setup_buffers(SSL *s)
  672. {
  673. if (!ssl3_setup_read_buffer(s))
  674. return 0;
  675. if (!ssl3_setup_write_buffer(s))
  676. return 0;
  677. return 1;
  678. }
  679. int ssl3_release_write_buffer(SSL *s)
  680. {
  681. if (s->s3->wbuf.buf != NULL)
  682. {
  683. freelist_insert(s->ctx, 0, s->s3->wbuf.len, s->s3->wbuf.buf);
  684. s->s3->wbuf.buf = NULL;
  685. }
  686. return 1;
  687. }
  688. int ssl3_release_read_buffer(SSL *s)
  689. {
  690. if (s->s3->rbuf.buf != NULL)
  691. {
  692. freelist_insert(s->ctx, 1, s->s3->rbuf.len, s->s3->rbuf.buf);
  693. s->s3->rbuf.buf = NULL;
  694. }
  695. return 1;
  696. }