X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=ssl%2Fs3_both.c;h=349531460d39f54da0e9474d913ac70370df9d7f;hb=a006fef78e56b078549a80f4bb4518b6a02eba84;hp=06e761b4b276294a5b8a5b885b08081f99097854;hpb=474b3b1cc80a7c686d4a5fecc6836ec48c7c01d4;p=oweals%2Fopenssl.git diff --git a/ssl/s3_both.c b/ssl/s3_both.c index 06e761b4b2..349531460d 100644 --- a/ssl/s3_both.c +++ b/ssl/s3_both.c @@ -166,6 +166,23 @@ int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen) p+=i; l=i; + /* Copy the finished so we can use it for + renegotiation checks */ + if(s->type == SSL_ST_CONNECT) + { + OPENSSL_assert(i <= EVP_MAX_MD_SIZE); + memcpy(s->s3->previous_client_finished, + s->s3->tmp.finish_md, i); + s->s3->previous_client_finished_len=i; + } + else + { + OPENSSL_assert(i <= EVP_MAX_MD_SIZE); + memcpy(s->s3->previous_server_finished, + s->s3->tmp.finish_md, i); + s->s3->previous_server_finished_len=i; + } + #ifdef OPENSSL_SYS_WIN16 /* MSVC 1.5 does not clear the top bytes of the word unless * I do this. @@ -185,15 +202,40 @@ int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen) return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); } +#ifndef OPENSSL_NO_NEXTPROTONEG +/* ssl3_take_mac calculates the Finished MAC for the handshakes messages seen to far. */ +static void ssl3_take_mac(SSL *s) + { + const char *sender; + int slen; + + if (s->state & SSL_ST_CONNECT) + { + sender=s->method->ssl3_enc->server_finished_label; + slen=s->method->ssl3_enc->server_finished_label_len; + } + else + { + sender=s->method->ssl3_enc->client_finished_label; + slen=s->method->ssl3_enc->client_finished_label_len; + } + + s->s3->tmp.peer_finish_md_len = s->method->ssl3_enc->final_finish_mac(s, + sender,slen,s->s3->tmp.peer_finish_md); + } +#endif + int ssl3_get_finished(SSL *s, int a, int b) { int al,i,ok; long n; unsigned char *p; +#ifdef OPENSSL_NO_NEXTPROTONEG /* the mac has already been generated when we received the * change cipher spec message and is in s->s3->tmp.peer_finish_md */ +#endif n=s->method->ssl_get_message(s, a, @@ -230,6 +272,23 @@ int ssl3_get_finished(SSL *s, int a, int b) goto f_err; } + /* Copy the finished so we can use it for + renegotiation checks */ + if(s->type == SSL_ST_ACCEPT) + { + OPENSSL_assert(i <= EVP_MAX_MD_SIZE); + memcpy(s->s3->previous_client_finished, + s->s3->tmp.peer_finish_md, i); + s->s3->previous_client_finished_len=i; + } + else + { + OPENSSL_assert(i <= EVP_MAX_MD_SIZE); + memcpy(s->s3->previous_server_finished, + s->s3->tmp.peer_finish_md, i); + s->s3->previous_server_finished_len=i; + } + return(1); f_err: ssl3_send_alert(s,SSL3_AL_FATAL,al); @@ -262,84 +321,14 @@ int ssl3_send_change_cipher_spec(SSL *s, int a, int b) return(ssl3_do_write(s,SSL3_RT_CHANGE_CIPHER_SPEC)); } -unsigned long ssl3_output_cert_chain(SSL *s, X509 *x) +unsigned long ssl3_output_cert_chain(SSL *s, CERT_PKEY *cpk) { unsigned char *p; - int n,i; unsigned long l=7; - BUF_MEM *buf; - X509_STORE_CTX xs_ctx; - X509_OBJECT obj; - - int no_chain; - - if ((s->mode & SSL_MODE_NO_AUTO_CHAIN) || s->ctx->extra_certs) - no_chain = 1; - else - no_chain = 0; - - /* TLSv1 sends a chain with nothing in it, instead of an alert */ - buf=s->init_buf; - if (!BUF_MEM_grow_clean(buf,10)) - { - SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB); - return(0); - } - if (x != NULL) - { - if(!no_chain && !X509_STORE_CTX_init(&xs_ctx,s->ctx->cert_store,NULL,NULL)) - { - SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_X509_LIB); - return(0); - } + BUF_MEM *buf = s->init_buf; - for (;;) - { - n=i2d_X509(x,NULL); - if (!BUF_MEM_grow_clean(buf,(int)(n+l+3))) - { - SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB); - return(0); - } - p=(unsigned char *)&(buf->data[l]); - l2n3(n,p); - i2d_X509(x,&p); - l+=n+3; - - if (no_chain) - break; - - if (X509_NAME_cmp(X509_get_subject_name(x), - X509_get_issuer_name(x)) == 0) break; - - i=X509_STORE_get_by_subject(&xs_ctx,X509_LU_X509, - X509_get_issuer_name(x),&obj); - if (i <= 0) break; - x=obj.data.x509; - /* Count is one too high since the X509_STORE_get uped the - * ref count */ - X509_free(x); - } - if (!no_chain) - X509_STORE_CTX_cleanup(&xs_ctx); - } - - /* Thawte special :-) */ - if (s->ctx->extra_certs != NULL) - for (i=0; ictx->extra_certs); i++) - { - x=sk_X509_value(s->ctx->extra_certs,i); - n=i2d_X509(x,NULL); - if (!BUF_MEM_grow_clean(buf,(int)(n+l+3))) - { - SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB); - return(0); - } - p=(unsigned char *)&(buf->data[l]); - l2n3(n,p); - i2d_X509(x,&p); - l+=n+3; - } + if (!ssl_add_cert_chain(s, cpk, &l)) + return 0; l-=7; p=(unsigned char *)&(buf->data[4]); @@ -480,6 +469,15 @@ long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok) s->init_num += i; n -= i; } + +#ifndef OPENSSL_NO_NEXTPROTONEG + /* If receiving Finished, record MAC of prior handshake messages for + * Finished verification. */ + if (*s->init_buf->data == SSL3_MT_FINISHED) + ssl3_take_mac(s); +#endif + + /* Feed this message into MAC computation. */ ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, s->init_num + 4); if (s->msg_callback) s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->init_buf->data, (size_t)s->init_num + 4, s, s->msg_callback_arg); @@ -526,6 +524,18 @@ int ssl_cert_type(X509 *x, EVP_PKEY *pkey) { ret = SSL_PKEY_GOST01; } + else if (x && (i == EVP_PKEY_DH || i == EVP_PKEY_DHX)) + { + /* For DH two cases: DH certificate signed with RSA and + * DH certificate signed with DSA. + */ + i = X509_certificate_type(x, pk); + if (i & EVP_PKS_RSA) + ret = SSL_PKEY_DH_RSA; + else if (i & EVP_PKS_DSA) + ret = SSL_PKEY_DH_DSA; + } + err: if(!pkey) EVP_PKEY_free(pk); return(ret); @@ -620,7 +630,7 @@ freelist_extract(SSL_CTX *ctx, int for_read, int sz) CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); list = for_read ? ctx->rbuf_freelist : ctx->wbuf_freelist; - if (list != NULL && sz == list->chunklen) + if (list != NULL && sz == (int)list->chunklen) ent = list->head; if (ent != NULL) { @@ -668,7 +678,12 @@ freelist_insert(SSL_CTX *ctx, int for_read, size_t sz, void *mem) int ssl3_setup_read_buffer(SSL *s) { unsigned char *p; - size_t len,align=0; + size_t len,align=0,headerlen; + + if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER) + headerlen = DTLS1_RT_HEADER_LENGTH; + else + headerlen = SSL3_RT_HEADER_LENGTH; #if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0 align = (-SSL3_RT_HEADER_LENGTH)&(SSL3_ALIGN_PAYLOAD-1); @@ -678,7 +693,7 @@ int ssl3_setup_read_buffer(SSL *s) { len = SSL3_RT_MAX_PLAIN_LENGTH + SSL3_RT_MAX_ENCRYPTED_OVERHEAD - + SSL3_RT_HEADER_LENGTH + align; + + headerlen + align; if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER) { s->s3->init_extra = 1; @@ -705,7 +720,12 @@ err: int ssl3_setup_write_buffer(SSL *s) { unsigned char *p; - size_t len,align=0; + size_t len,align=0,headerlen; + + if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER) + headerlen = DTLS1_RT_HEADER_LENGTH + 1; + else + headerlen = SSL3_RT_HEADER_LENGTH; #if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0 align = (-SSL3_RT_HEADER_LENGTH)&(SSL3_ALIGN_PAYLOAD-1); @@ -715,13 +735,13 @@ int ssl3_setup_write_buffer(SSL *s) { len = s->max_send_fragment + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD - + SSL3_RT_HEADER_LENGTH + align; + + headerlen + align; #ifndef OPENSSL_NO_COMP if (!(s->options & SSL_OP_NO_COMPRESSION)) len += SSL3_RT_MAX_COMPRESSED_OVERHEAD; #endif if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS)) - len += SSL3_RT_HEADER_LENGTH + align + len += headerlen + align + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD; if ((p=freelist_extract(s->ctx, 0, len)) == NULL)