static int
dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st *msg_hdr, int *ok)
{
int i;
unsigned char *p;
/* make sure there's enough room to read this fragment */
if ( (int)msg_hdr->frag_len && !BUF_MEM_grow_clean(s->init_buf,
(int)msg_hdr->frag_len + DTLS1_HM_HEADER_LENGTH + s->init_num))
{
SSLerr(SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE,ERR_R_BUF_LIB);
goto err;
}
p = (unsigned char *)s->init_buf->data;
/* read the body of the fragment (header has already been read */
if ( msg_hdr->frag_len > 0)
{
i=s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,
&p[s->init_num],
msg_hdr->frag_len,0);
if (i <= 0)
{
*ok = 0;
return i;
}
}
if ( msg_hdr->seq > s->d1->handshake_read_seq)
dtls1_buffer_handshake_fragment(s, msg_hdr);
else
OPENSSL_assert(msg_hdr->seq < s->d1->handshake_read_seq);
return DTLS1_HM_FRAGMENT_RETRY;
err:
*ok = 0;
return -1;
}
static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
{
BUF_MEM *b;
unsigned char *p;
int i;
size_t want = HEADER_SIZE;
int eos = 0;
size_t off = 0;
size_t len = 0;
const unsigned char *q;
long slen;
int inf, tag, xclass;
b = BUF_MEM_new();
if (b == NULL) {
ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ERR_R_MALLOC_FAILURE);
return -1;
}
ERR_clear_error();
for (;;) {
if (want >= (len - off)) {
want -= (len - off);
if (len + want < len || !BUF_MEM_grow_clean(b, len + want)) {
ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ERR_R_MALLOC_FAILURE);
goto err;
}
i = BIO_read(in, &(b->data[len]), want);
if ((i < 0) && ((len - off) == 0)) {
ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_NOT_ENOUGH_DATA);
goto err;
}
if (i > 0) {
if (len + i < len) {
ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_TOO_LONG);
goto err;
}
len += i;
}
}
/* else data already loaded */
p = (unsigned char *)&(b->data[off]);
q = p;
inf = ASN1_get_object(&q, &slen, &tag, &xclass, len - off);
if (inf & 0x80) {
unsigned long e;
e = ERR_GET_REASON(ERR_peek_error());
if (e != ASN1_R_TOO_LONG)
goto err;
else
ERR_clear_error(); /* clear error */
}
i = q - p; /* header length */
off += i; /* end of data */
if (inf & 1) {
/* no data body so go round again */
eos++;
if (eos < 0) {
ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_HEADER_TOO_LONG);
goto err;
}
want = HEADER_SIZE;
} else if (eos && (slen == 0) && (tag == V_ASN1_EOC)) {
/* eos value, so go back and read another header */
eos--;
if (eos <= 0)
break;
else
want = HEADER_SIZE;
} else {
/* suck in slen bytes of data */
want = slen;
if (want > (len - off)) {
size_t chunk_max = ASN1_CHUNK_INITIAL_SIZE;
want -= (len - off);
if (want > INT_MAX /* BIO_read takes an int length */ ||
len + want < len) {
ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_TOO_LONG);
goto err;
}
while (want > 0) {
/*
* Read content in chunks of increasing size
* so we can return an error for EOF without
* having to allocate the entire content length
* in one go.
*/
size_t chunk = want > chunk_max ? chunk_max : want;
if (!BUF_MEM_grow_clean(b, len + chunk)) {
ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ERR_R_MALLOC_FAILURE);
goto err;
}
want -= chunk;
while (chunk > 0) {
i = BIO_read(in, &(b->data[len]), chunk);
if (i <= 0) {
ASN1err(ASN1_F_ASN1_D2I_READ_BIO,
ASN1_R_NOT_ENOUGH_DATA);
goto err;
}
/*
* This can't overflow because |len+want| didn't
* overflow.
*/
len += i;
chunk -= i;
}
if (chunk_max < INT_MAX/2)
chunk_max *= 2;
}
}
if (off + slen < off) {
ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_TOO_LONG);
goto err;
}
off += slen;
if (eos <= 0) {
break;
} else
want = HEADER_SIZE;
}
}
if (off > INT_MAX) {
ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_TOO_LONG);
goto err;
}
*pb = b;
return off;
err:
BUF_MEM_free(b);
return -1;
}
TXT_DB *TXT_DB_read(BIO *in, int num)
{
TXT_DB *ret = NULL;
int er = 1;
int esc = 0;
long ln = 0;
int i, add, n;
int size = BUFSIZE;
int offset = 0;
char *p, **pp, *f;
BUF_MEM *buf = NULL;
if ((buf = BUF_MEM_new()) == NULL)
goto err;
if (!BUF_MEM_grow(buf, size))
goto err;
if ((ret = (TXT_DB *)OPENSSL_malloc(sizeof(TXT_DB))) == NULL)
goto err;
ret->num_fields = num;
ret->index = NULL;
ret->qual = NULL;
if ((ret->data = sk_new_null()) == NULL)
goto err;
if ((ret->index =
(LHASH **)OPENSSL_malloc(sizeof(LHASH *) * num)) == NULL)
goto err;
if ((ret->qual =
(int (**)(char **))OPENSSL_malloc(sizeof(int (**)(char **)) *
num)) == NULL)
goto err;
for (i = 0; i < num; i++) {
ret->index[i] = NULL;
ret->qual[i] = NULL;
}
add = (num + 1) * sizeof(char *);
buf->data[size - 1] = '\0';
offset = 0;
for (;;) {
if (offset != 0) {
size += BUFSIZE;
if (!BUF_MEM_grow_clean(buf, size))
goto err;
}
buf->data[offset] = '\0';
BIO_gets(in, &(buf->data[offset]), size - offset);
ln++;
if (buf->data[offset] == '\0')
break;
if ((offset == 0) && (buf->data[0] == '#'))
continue;
i = strlen(&(buf->data[offset]));
offset += i;
if (buf->data[offset - 1] != '\n')
continue;
else {
buf->data[offset - 1] = '\0'; /* blat the '\n' */
if (!(p = (char *)OPENSSL_malloc(add + offset)))
goto err;
offset = 0;
}
pp = (char **)p;
p += add;
n = 0;
pp[n++] = p;
i = 0;
f = buf->data;
esc = 0;
for (;;) {
if (*f == '\0')
break;
if (*f == '\t') {
if (esc)
p--;
else {
*(p++) = '\0';
f++;
if (n >= num)
break;
pp[n++] = p;
continue;
}
}
esc = (*f == '\\');
*(p++) = *(f++);
}
*(p++) = '\0';
if ((n != num) || (*f != '\0')) {
#if !defined(OPENSSL_NO_STDIO) && !defined(OPENSSL_SYS_WIN16) /* temporaty
* fix :-( */
fprintf(stderr,
"wrong number of fields on line %ld (looking for field %d, got %d, '%s' left)\n",
ln, num, n, f);
#endif
er = 2;
goto err;
}
pp[n] = p;
if (!sk_push(ret->data, (char *)pp)) {
#if !defined(OPENSSL_NO_STDIO) && !defined(OPENSSL_SYS_WIN16) /* temporaty
* fix :-( */
fprintf(stderr, "failure in sk_push\n");
#endif
er = 2;
goto err;
}
int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
{
int ret=0;
int i,j;
BIO *btmp;
BUF_MEM *buf_mem=NULL;
BUF_MEM *buf=NULL;
PKCS7_SIGNER_INFO *si;
EVP_MD_CTX *mdc,ctx_tmp;
STACK_OF(X509_ATTRIBUTE) *sk;
STACK_OF(PKCS7_SIGNER_INFO) *si_sk=NULL;
ASN1_OCTET_STRING *os=NULL;
EVP_MD_CTX_init(&ctx_tmp);
i=OBJ_obj2nid(p7->type);
p7->state=PKCS7_S_HEADER;
switch (i)
{
case NID_pkcs7_signedAndEnveloped:
/* XXXXXXXXXXXXXXXX */
si_sk=p7->d.signed_and_enveloped->signer_info;
if (!(os=M_ASN1_OCTET_STRING_new()))
{
PKCS7err(PKCS7_F_PKCS7_DATAFINAL,ERR_R_MALLOC_FAILURE);
goto err;
}
p7->d.signed_and_enveloped->enc_data->enc_data=os;
break;
case NID_pkcs7_enveloped:
/* XXXXXXXXXXXXXXXX */
if (!(os=M_ASN1_OCTET_STRING_new()))
{
PKCS7err(PKCS7_F_PKCS7_DATAFINAL,ERR_R_MALLOC_FAILURE);
goto err;
}
p7->d.enveloped->enc_data->enc_data=os;
break;
case NID_pkcs7_signed:
si_sk=p7->d.sign->signer_info;
os=PKCS7_get_octet_string(p7->d.sign->contents);
/* If detached data then the content is excluded */
if(PKCS7_type_is_data(p7->d.sign->contents) && p7->detached) {
M_ASN1_OCTET_STRING_free(os);
p7->d.sign->contents->d.data = NULL;
}
break;
case NID_pkcs7_digest:
os=PKCS7_get_octet_string(p7->d.digest->contents);
/* If detached data then the content is excluded */
if(PKCS7_type_is_data(p7->d.digest->contents) && p7->detached)
{
M_ASN1_OCTET_STRING_free(os);
p7->d.digest->contents->d.data = NULL;
}
break;
}
if (si_sk != NULL)
{
if ((buf=BUF_MEM_new()) == NULL)
{
PKCS7err(PKCS7_F_PKCS7_DATAFINAL,ERR_R_BIO_LIB);
goto err;
}
for (i=0; i<sk_PKCS7_SIGNER_INFO_num(si_sk); i++)
{
si=sk_PKCS7_SIGNER_INFO_value(si_sk,i);
if (si->pkey == NULL) continue;
j=OBJ_obj2nid(si->digest_alg->algorithm);
btmp=bio;
btmp = PKCS7_find_digest(&mdc, btmp, j);
if (btmp == NULL)
goto err;
/* We now have the EVP_MD_CTX, lets do the
* signing. */
EVP_MD_CTX_copy_ex(&ctx_tmp,mdc);
if (!BUF_MEM_grow_clean(buf,EVP_PKEY_size(si->pkey)))
{
PKCS7err(PKCS7_F_PKCS7_DATAFINAL,ERR_R_BIO_LIB);
goto err;
}
sk=si->auth_attr;
/* If there are attributes, we add the digest
* attribute and only sign the attributes */
if ((sk != NULL) && (sk_X509_ATTRIBUTE_num(sk) != 0))
{
unsigned char md_data[EVP_MAX_MD_SIZE], *abuf=NULL;
unsigned int md_len, alen;
ASN1_OCTET_STRING *digest;
ASN1_UTCTIME *sign_time;
const EVP_MD *md_tmp;
/* Add signing time if not already present */
if (!PKCS7_get_signed_attribute(si,
NID_pkcs9_signingTime))
{
if (!(sign_time=X509_gmtime_adj(NULL,0)))
{
PKCS7err(PKCS7_F_PKCS7_DATAFINAL,
ERR_R_MALLOC_FAILURE);
goto err;
}
PKCS7_add_signed_attribute(si,
NID_pkcs9_signingTime,
V_ASN1_UTCTIME,sign_time);
}
/* Add digest */
md_tmp=EVP_MD_CTX_md(&ctx_tmp);
EVP_DigestFinal_ex(&ctx_tmp,md_data,&md_len);
if (!(digest=M_ASN1_OCTET_STRING_new()))
{
PKCS7err(PKCS7_F_PKCS7_DATAFINAL,
ERR_R_MALLOC_FAILURE);
goto err;
}
if (!M_ASN1_OCTET_STRING_set(digest,md_data,
md_len))
{
PKCS7err(PKCS7_F_PKCS7_DATAFINAL,
ERR_R_MALLOC_FAILURE);
goto err;
}
PKCS7_add_signed_attribute(si,
NID_pkcs9_messageDigest,
V_ASN1_OCTET_STRING,digest);
/* Now sign the attributes */
EVP_SignInit_ex(&ctx_tmp,md_tmp,NULL);
alen = ASN1_item_i2d((ASN1_VALUE *)sk,&abuf,
ASN1_ITEM_rptr(PKCS7_ATTR_SIGN));
if(!abuf) goto err;
EVP_SignUpdate(&ctx_tmp,abuf,alen);
OPENSSL_free(abuf);
}
#ifndef OPENSSL_NO_DSA
if (si->pkey->type == EVP_PKEY_DSA)
ctx_tmp.digest=EVP_dss1();
#endif
#ifndef OPENSSL_NO_ECDSA
if (si->pkey->type == EVP_PKEY_EC)
ctx_tmp.digest=EVP_ecdsa();
#endif
if (!EVP_SignFinal(&ctx_tmp,(unsigned char *)buf->data,
(unsigned int *)&buf->length,si->pkey))
{
PKCS7err(PKCS7_F_PKCS7_DATAFINAL,ERR_R_EVP_LIB);
goto err;
}
if (!ASN1_STRING_set(si->enc_digest,
(unsigned char *)buf->data,buf->length))
{
PKCS7err(PKCS7_F_PKCS7_DATAFINAL,ERR_R_ASN1_LIB);
goto err;
}
}
}
else if (i == NID_pkcs7_digest)
{
unsigned char md_data[EVP_MAX_MD_SIZE];
unsigned int md_len;
if (!PKCS7_find_digest(&mdc, bio,
OBJ_obj2nid(p7->d.digest->md->algorithm)))
goto err;
EVP_DigestFinal_ex(mdc,md_data,&md_len);
M_ASN1_OCTET_STRING_set(p7->d.digest->digest, md_data, md_len);
}
if (!PKCS7_is_detached(p7))
{
btmp=BIO_find_type(bio,BIO_TYPE_MEM);
if (btmp == NULL)
{
PKCS7err(PKCS7_F_PKCS7_DATAFINAL,PKCS7_R_UNABLE_TO_FIND_MEM_BIO);
goto err;
}
BIO_get_mem_ptr(btmp,&buf_mem);
/* Mark the BIO read only then we can use its copy of the data
* instead of making an extra copy.
*/
BIO_set_flags(btmp, BIO_FLAGS_MEM_RDONLY);
BIO_set_mem_eof_return(btmp, 0);
os->data = (unsigned char *)buf_mem->data;
os->length = buf_mem->length;
#if 0
M_ASN1_OCTET_STRING_set(os,
(unsigned char *)buf_mem->data,buf_mem->length);
#endif
}
ret=1;
err:
EVP_MD_CTX_cleanup(&ctx_tmp);
if (buf != NULL) BUF_MEM_free(buf);
return(ret);
}
static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
{
BUF_MEM *b;
unsigned char *p;
int i;
int ret=-1;
ASN1_const_CTX c;
int want=HEADER_SIZE;
int eos=0;
#if defined(__GNUC__) && defined(__ia64)
/* pathetic compiler bug in all known versions as of Nov. 2002 */
long off=0;
#else
int off=0;
#endif
int len=0;
b=BUF_MEM_new();
if (b == NULL)
{
ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ERR_R_MALLOC_FAILURE);
return -1;
}
ERR_clear_error();
for (;;)
{
if (want >= (len-off))
{
want-=(len-off);
if (!BUF_MEM_grow_clean(b,len+want))
{
ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ERR_R_MALLOC_FAILURE);
goto err;
}
i=BIO_read(in,&(b->data[len]),want);
if ((i < 0) && ((len-off) == 0))
{
ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ASN1_R_NOT_ENOUGH_DATA);
goto err;
}
if (i > 0)
len+=i;
}
/* else data already loaded */
p=(unsigned char *)&(b->data[off]);
c.p=p;
c.inf=ASN1_get_object(&(c.p),&(c.slen),&(c.tag),&(c.xclass),
len-off);
if (c.inf & 0x80)
{
unsigned long e;
e=ERR_GET_REASON(ERR_peek_error());
if (e != ASN1_R_TOO_LONG)
goto err;
else
ERR_clear_error(); /* clear error */
}
i=(int)(c.p-p);/* header length */
off+=i; /* end of data */
if (c.inf & 1)
{
/* no data body so go round again */
eos++;
want=HEADER_SIZE;
}
else if (eos && (c.slen == 0) && (c.tag == V_ASN1_EOC))
{
/* eos value, so go back and read another header */
eos--;
if (eos <= 0)
break;
else
want=HEADER_SIZE;
}
else
{
/* suck in c.slen bytes of data */
want=(int)c.slen;
if (want > (len-off))
{
want-=(len-off);
if (!BUF_MEM_grow_clean(b,len+want))
{
ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ERR_R_MALLOC_FAILURE);
goto err;
}
while (want > 0)
{
i=BIO_read(in,&(b->data[len]),want);
if (i <= 0)
{
ASN1err(ASN1_F_ASN1_D2I_READ_BIO,
ASN1_R_NOT_ENOUGH_DATA);
goto err;
}
len+=i;
want -= i;
}
}
off+=(int)c.slen;
if (eos <= 0)
{
break;
}
else
want=HEADER_SIZE;
}
}
*pb = b;
return off;
err:
if (b != NULL) BUF_MEM_free(b);
return(ret);
}
int ssl23_get_client_hello(SSL *s)
{
char buf_space[11]; /* Request this many bytes in initial read.
* We can detect SSL 3.0/TLS 1.0 Client Hellos
* ('type == 3') correctly only when the following
* is in a single record, which is not guaranteed by
* the protocol specification:
* Byte Content
* 0 type \
* 1/2 version > record header
* 3/4 length /
* 5 msg_type \
* 6-8 length > Client Hello message
* 9/10 client_version /
*/
char *buf= &(buf_space[0]);
unsigned char *p,*d,*d_len,*dd;
unsigned int i;
unsigned int csl,sil,cl;
int n=0,j;
int type=0;
int v[2];
if (s->state == SSL23_ST_SR_CLNT_HELLO_A)
{
/* read the initial header */
v[0]=v[1]=0;
if (!ssl3_setup_buffers(s)) goto err;
n=ssl23_read_bytes(s, sizeof buf_space);
if (n != sizeof buf_space) return(n); /* n == -1 || n == 0 */
p=s->packet;
memcpy(buf,p,n);
if ((p[0] & 0x80) && (p[2] == SSL2_MT_CLIENT_HELLO))
{
/*
* SSLv2 header
*/
if ((p[3] == 0x00) && (p[4] == 0x02))
{
v[0]=p[3]; v[1]=p[4];
/* SSLv2 */
if (!(s->options & SSL_OP_NO_SSLv2))
type=1;
}
else if (p[3] == SSL3_VERSION_MAJOR)
{
v[0]=p[3]; v[1]=p[4];
/* SSLv3/TLSv1 */
if (p[4] >= TLS1_VERSION_MINOR)
{
if (!(s->options & SSL_OP_NO_TLSv1))
{
s->version=TLS1_VERSION;
/* type=2; */ /* done later to survive restarts */
s->state=SSL23_ST_SR_CLNT_HELLO_B;
}
else if (!(s->options & SSL_OP_NO_SSLv3))
{
s->version=SSL3_VERSION;
/* type=2; */
s->state=SSL23_ST_SR_CLNT_HELLO_B;
}
else if (!(s->options & SSL_OP_NO_SSLv2))
{
type=1;
}
}
else if (!(s->options & SSL_OP_NO_SSLv3))
{
s->version=SSL3_VERSION;
/* type=2; */
s->state=SSL23_ST_SR_CLNT_HELLO_B;
}
else if (!(s->options & SSL_OP_NO_SSLv2))
type=1;
}
}
else if ((p[0] == SSL3_RT_HANDSHAKE) &&
(p[1] == SSL3_VERSION_MAJOR) &&
(p[5] == SSL3_MT_CLIENT_HELLO) &&
((p[3] == 0 && p[4] < 5 /* silly record length? */)
|| (p[9] >= p[1])))
{
/*
* SSLv3 or tls1 header
*/
v[0]=p[1]; /* major version (= SSL3_VERSION_MAJOR) */
/* We must look at client_version inside the Client Hello message
* to get the correct minor version.
* However if we have only a pathologically small fragment of the
* Client Hello message, this would be difficult, and we'd have
* to read more records to find out.
* No known SSL 3.0 client fragments ClientHello like this,
* so we simply assume TLS 1.0 to avoid protocol version downgrade
* attacks. */
if (p[3] == 0 && p[4] < 6)
{
#if 0
SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_TOO_SMALL);
goto err;
#else
v[1] = TLS1_VERSION_MINOR;
#endif
}
/* if major version number > 3 set minor to a value
* which will use the highest version 3 we support.
* If TLS 2.0 ever appears we will need to revise
* this....
*/
else if (p[9] > SSL3_VERSION_MAJOR)
v[1]=0xff;
else
v[1]=p[10]; /* minor version according to client_version */
if (v[1] >= TLS1_VERSION_MINOR)
{
if (!(s->options & SSL_OP_NO_TLSv1))
{
s->version=TLS1_VERSION;
type=3;
}
else if (!(s->options & SSL_OP_NO_SSLv3))
{
s->version=SSL3_VERSION;
type=3;
}
}
else
{
/* client requests SSL 3.0 */
if (!(s->options & SSL_OP_NO_SSLv3))
{
s->version=SSL3_VERSION;
type=3;
}
else if (!(s->options & SSL_OP_NO_TLSv1))
{
/* we won't be able to use TLS of course,
* but this will send an appropriate alert */
s->version=TLS1_VERSION;
type=3;
}
}
}
else if ((strncmp("GET ", (char *)p,4) == 0) ||
(strncmp("POST ",(char *)p,5) == 0) ||
(strncmp("HEAD ",(char *)p,5) == 0) ||
(strncmp("PUT ", (char *)p,4) == 0))
{
SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_HTTP_REQUEST);
goto err;
}
else if (strncmp("CONNECT",(char *)p,7) == 0)
{
SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_HTTPS_PROXY_REQUEST);
goto err;
}
}
#ifdef OPENSSL_FIPS
if (FIPS_mode() && (s->version < TLS1_VERSION))
{
SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,
SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE);
goto err;
}
#endif
if (s->state == SSL23_ST_SR_CLNT_HELLO_B)
{
/* we have SSLv3/TLSv1 in an SSLv2 header
* (other cases skip this state) */
type=2;
p=s->packet;
v[0] = p[3]; /* == SSL3_VERSION_MAJOR */
v[1] = p[4];
/* The SSL2 protocol allows n to be larger, just pick
* a reasonable buffer size. */
#if SSL3_RT_DEFAULT_PACKET_SIZE < 1024*4 - SSL3_RT_DEFAULT_WRITE_OVERHEAD
#error "SSL3_RT_DEFAULT_PACKET_SIZE is too small."
#endif
n=((p[0]&0x7f)<<8)|p[1];
if (n > SSL3_RT_DEFAULT_PACKET_SIZE - 2)
{
SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_TOO_LARGE);
goto err;
}
j=ssl23_read_bytes(s,n+2);
if (j <= 0) return(j);
ssl3_finish_mac(s, s->packet+2, s->packet_length-2);
if (s->msg_callback)
s->msg_callback(0, SSL2_VERSION, 0, s->packet+2, s->packet_length-2, s, s->msg_callback_arg); /* CLIENT-HELLO */
p=s->packet;
p+=5;
n2s(p,csl);
n2s(p,sil);
n2s(p,cl);
d=(unsigned char *)s->init_buf->data;
if ((csl+sil+cl+11) != s->packet_length)
{
SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_LENGTH_MISMATCH);
goto err;
}
/* record header: msg_type ... */
*(d++) = SSL3_MT_CLIENT_HELLO;
/* ... and length (actual value will be written later) */
d_len = d;
d += 3;
/* client_version */
*(d++) = SSL3_VERSION_MAJOR; /* == v[0] */
*(d++) = v[1];
/* lets populate the random area */
/* get the challenge_length */
i=(cl > SSL3_RANDOM_SIZE)?SSL3_RANDOM_SIZE:cl;
memset(d,0,SSL3_RANDOM_SIZE);
memcpy(&(d[SSL3_RANDOM_SIZE-i]),&(p[csl+sil]),i);
d+=SSL3_RANDOM_SIZE;
/* no session-id reuse */
*(d++)=0;
/* ciphers */
j=0;
dd=d;
d+=2;
for (i=0; i<csl; i+=3)
{
if (p[i] != 0) continue;
*(d++)=p[i+1];
*(d++)=p[i+2];
j+=2;
}
s2n(j,dd);
/* COMPRESSION */
*(d++)=1;
*(d++)=0;
i = (d-(unsigned char *)s->init_buf->data) - 4;
l2n3((long)i, d_len);
/* get the data reused from the init_buf */
s->s3->tmp.reuse_message=1;
s->s3->tmp.message_type=SSL3_MT_CLIENT_HELLO;
s->s3->tmp.message_size=i;
}
/* imaginary new state (for program structure): */
/* s->state = SSL23_SR_CLNT_HELLO_C */
if (type == 1)
{
#ifdef OPENSSL_NO_SSL2
SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNSUPPORTED_PROTOCOL);
goto err;
#else
/* we are talking sslv2 */
/* we need to clean up the SSLv3/TLSv1 setup and put in the
* sslv2 stuff. */
if (s->s2 == NULL)
{
if (!ssl2_new(s))
goto err;
}
else
ssl2_clear(s);
if (s->s3 != NULL) ssl3_free(s);
if (!BUF_MEM_grow_clean(s->init_buf,
SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER))
{
goto err;
}
s->state=SSL2_ST_GET_CLIENT_HELLO_A;
if (s->options & SSL_OP_NO_TLSv1 && s->options & SSL_OP_NO_SSLv3)
s->s2->ssl2_rollback=0;
else
/* reject SSL 2.0 session if client supports SSL 3.0 or TLS 1.0
* (SSL 3.0 draft/RFC 2246, App. E.2) */
s->s2->ssl2_rollback=1;
/* setup the n bytes we have read so we get them from
* the sslv2 buffer */
s->rstate=SSL_ST_READ_HEADER;
s->packet_length=n;
s->packet= &(s->s2->rbuf[0]);
memcpy(s->packet,buf,n);
s->s2->rbuf_left=n;
s->s2->rbuf_offs=0;
s->method=SSLv2_server_method();
s->handshake_func=s->method->ssl_accept;
#endif
}
if ((type == 2) || (type == 3))
{
/* we have SSLv3/TLSv1 (type 2: SSL2 style, type 3: SSL3/TLS style) */
if (!ssl_init_wbio_buffer(s,1)) goto err;
/* we are in this state */
s->state=SSL3_ST_SR_CLNT_HELLO_A;
if (type == 3)
{
/* put the 'n' bytes we have read into the input buffer
* for SSLv3 */
s->rstate=SSL_ST_READ_HEADER;
s->packet_length=n;
s->packet= &(s->s3->rbuf.buf[0]);
memcpy(s->packet,buf,n);
s->s3->rbuf.left=n;
s->s3->rbuf.offset=0;
}
else
{
s->packet_length=0;
s->s3->rbuf.left=0;
s->s3->rbuf.offset=0;
}
if (s->version == TLS1_VERSION)
s->method = TLSv1_server_method();
else
s->method = SSLv3_server_method();
#if 0 /* ssl3_get_client_hello does this */
s->client_version=(v[0]<<8)|v[1];
#endif
s->handshake_func=s->method->ssl_accept;
}
if ((type < 1) || (type > 3))
{
/* bad, very bad */
SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNKNOWN_PROTOCOL);
goto err;
}
s->init_num=0;
if (buf != buf_space) OPENSSL_free(buf);
return(SSL_accept(s));
err:
if (buf != buf_space) OPENSSL_free(buf);
return(-1);
}
static int str_copy(CONF *conf, char *section, char **pto, char *from)
{
int q, r, rr = 0, to = 0, len = 0;
char *s, *e, *rp, *p, *rrp, *np, *cp, v;
BUF_MEM *buf;
if ((buf = BUF_MEM_new()) == NULL)
return 0;
len = strlen(from) + 1;
if (!BUF_MEM_grow(buf, len))
goto err;
for (;;) {
if (IS_QUOTE(conf, *from)) {
q = *from;
from++;
while (!IS_EOF(conf, *from) && (*from != q)) {
if (IS_ESC(conf, *from)) {
from++;
if (IS_EOF(conf, *from))
break;
}
buf->data[to++] = *(from++);
}
if (*from == q)
from++;
} else if (IS_DQUOTE(conf, *from)) {
q = *from;
from++;
while (!IS_EOF(conf, *from)) {
if (*from == q) {
if (*(from + 1) == q) {
from++;
} else {
break;
}
}
buf->data[to++] = *(from++);
}
if (*from == q)
from++;
} else if (IS_ESC(conf, *from)) {
from++;
v = *(from++);
if (IS_EOF(conf, v))
break;
else if (v == 'r')
v = '\r';
else if (v == 'n')
v = '\n';
else if (v == 'b')
v = '\b';
else if (v == 't')
v = '\t';
buf->data[to++] = v;
} else if (IS_EOF(conf, *from))
break;
else if (*from == '$') {
size_t newsize;
/* try to expand it */
rrp = NULL;
s = &(from[1]);
if (*s == '{')
q = '}';
else if (*s == '(')
q = ')';
else
q = 0;
if (q)
s++;
cp = section;
e = np = s;
while (IS_ALNUM(conf, *e))
e++;
if ((e[0] == ':') && (e[1] == ':')) {
cp = np;
rrp = e;
rr = *e;
*rrp = '\0';
e += 2;
np = e;
while (IS_ALNUM(conf, *e))
e++;
}
r = *e;
*e = '\0';
rp = e;
if (q) {
if (r != q) {
CONFerr(CONF_F_STR_COPY, CONF_R_NO_CLOSE_BRACE);
goto err;
}
e++;
}
/*-
* So at this point we have
* np which is the start of the name string which is
* '\0' terminated.
* cp which is the start of the section string which is
* '\0' terminated.
* e is the 'next point after'.
* r and rr are the chars replaced by the '\0'
* rp and rrp is where 'r' and 'rr' came from.
*/
p = _CONF_get_string(conf, cp, np);
if (rrp != NULL)
*rrp = rr;
*rp = r;
if (p == NULL) {
CONFerr(CONF_F_STR_COPY, CONF_R_VARIABLE_HAS_NO_VALUE);
goto err;
}
newsize = strlen(p) + buf->length - (e - from);
if (newsize > MAX_CONF_VALUE_LENGTH) {
CONFerr(CONF_F_STR_COPY, CONF_R_VARIABLE_EXPANSION_TOO_LONG);
goto err;
}
if (!BUF_MEM_grow_clean(buf, newsize)) {
CONFerr(CONF_F_STR_COPY, ERR_R_MALLOC_FAILURE);
goto err;
}
while (*p)
buf->data[to++] = *(p++);
/*
* Since we change the pointer 'from', we also have to change the
* perceived length of the string it points at. /RL
*/
len -= e - from;
from = e;
/*
* In case there were no braces or parenthesis around the
* variable reference, we have to put back the character that was
* replaced with a '\0'. /RL
*/
*rp = r;
} else
buf->data[to++] = *(from++);
}
buf->data[to] = '\0';
OPENSSL_free(*pto);
*pto = buf->data;
OPENSSL_free(buf);
return 1;
err:
BUF_MEM_free(buf);
return 0;
}
int tls_get_message_header(SSL *s, int *mt)
{
/* s->init_num < SSL3_HM_HEADER_LENGTH */
int skip_message, i, recvd_type, al;
unsigned char *p;
unsigned long l;
p = (unsigned char *)s->init_buf->data;
do {
while (s->init_num < SSL3_HM_HEADER_LENGTH) {
i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, &recvd_type,
&p[s->init_num], SSL3_HM_HEADER_LENGTH - s->init_num, 0);
if (i <= 0) {
s->rwstate = SSL_READING;
return 0;
}
if (recvd_type == SSL3_RT_CHANGE_CIPHER_SPEC) {
s->s3->tmp.message_type = *mt = SSL3_MT_CHANGE_CIPHER_SPEC;
s->init_num = i - 1;
s->s3->tmp.message_size = i;
return 1;
} else if (recvd_type != SSL3_RT_HANDSHAKE) {
al = SSL_AD_UNEXPECTED_MESSAGE;
SSLerr(SSL_F_TLS_GET_MESSAGE_HEADER, SSL_R_CCS_RECEIVED_EARLY);
goto f_err;
}
s->init_num += i;
}
skip_message = 0;
if (!s->server)
if (p[0] == SSL3_MT_HELLO_REQUEST)
/*
* The server may always send 'Hello Request' messages --
* we are doing a handshake anyway now, so ignore them if
* their format is correct. Does not count for 'Finished'
* MAC.
*/
if (p[1] == 0 && p[2] == 0 && p[3] == 0) {
s->init_num = 0;
skip_message = 1;
if (s->msg_callback)
s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE,
p, SSL3_HM_HEADER_LENGTH, s,
s->msg_callback_arg);
}
} while (skip_message);
/* s->init_num == SSL3_HM_HEADER_LENGTH */
*mt = *p;
s->s3->tmp.message_type = *(p++);
if(RECORD_LAYER_is_sslv2_record(&s->rlayer)) {
/*
* Only happens with SSLv3+ in an SSLv2 backward compatible
* ClientHello
*/
/*
* Total message size is the remaining record bytes to read
* plus the SSL3_HM_HEADER_LENGTH bytes that we already read
*/
l = RECORD_LAYER_get_rrec_length(&s->rlayer)
+ SSL3_HM_HEADER_LENGTH;
if (l && !BUF_MEM_grow_clean(s->init_buf, (int)l)) {
SSLerr(SSL_F_TLS_GET_MESSAGE_HEADER, ERR_R_BUF_LIB);
goto err;
}
s->s3->tmp.message_size = l;
s->init_msg = s->init_buf->data;
s->init_num = SSL3_HM_HEADER_LENGTH;
} else {
n2l3(p, l);
/* BUF_MEM_grow takes an 'int' parameter */
if (l > (INT_MAX - SSL3_HM_HEADER_LENGTH)) {
al = SSL_AD_ILLEGAL_PARAMETER;
SSLerr(SSL_F_TLS_GET_MESSAGE_HEADER, SSL_R_EXCESSIVE_MESSAGE_SIZE);
goto f_err;
}
if (l && !BUF_MEM_grow_clean(s->init_buf,
(int)l + SSL3_HM_HEADER_LENGTH)) {
SSLerr(SSL_F_TLS_GET_MESSAGE_HEADER, ERR_R_BUF_LIB);
goto err;
}
s->s3->tmp.message_size = l;
s->init_msg = s->init_buf->data + SSL3_HM_HEADER_LENGTH;
s->init_num = 0;
}
return 1;
f_err:
ssl3_send_alert(s, SSL3_AL_FATAL, al);
err:
return 0;
}
static int asn1_d2i_ex_primitive(ASN1_VALUE **pval,
const unsigned char **in, long inlen,
const ASN1_ITEM *it,
int tag, int aclass, char opt, ASN1_TLC *ctx)
{
int ret = 0, utype;
long plen;
char cst, inf, free_cont = 0;
const unsigned char *p;
BUF_MEM buf;
const unsigned char *cont = NULL;
long len;
if (!pval)
{
ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ASN1_R_ILLEGAL_NULL);
return 0; /* Should never happen */
}
if (it->itype == ASN1_ITYPE_MSTRING)
{
utype = tag;
tag = -1;
}
else
utype = it->utype;
if (utype == V_ASN1_ANY)
{
/* If type is ANY need to figure out type from tag */
unsigned char oclass;
if (tag >= 0)
{
ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE,
ASN1_R_ILLEGAL_TAGGED_ANY);
return 0;
}
if (opt)
{
ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE,
ASN1_R_ILLEGAL_OPTIONAL_ANY);
return 0;
}
p = *in;
ret = asn1_check_tlen(NULL, &utype, &oclass, NULL, NULL,
&p, inlen, -1, 0, 0, ctx);
if (!ret)
{
ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE,
ERR_R_NESTED_ASN1_ERROR);
return 0;
}
if (oclass != V_ASN1_UNIVERSAL)
utype = V_ASN1_OTHER;
}
if (tag == -1)
{
tag = utype;
aclass = V_ASN1_UNIVERSAL;
}
p = *in;
/* Check header */
ret = asn1_check_tlen(&plen, NULL, NULL, &inf, &cst,
&p, inlen, tag, aclass, opt, ctx);
if (!ret)
{
ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ERR_R_NESTED_ASN1_ERROR);
return 0;
}
else if (ret == -1)
return -1;
ret = 0;
/* SEQUENCE, SET and "OTHER" are left in encoded form */
if ((utype == V_ASN1_SEQUENCE)
|| (utype == V_ASN1_SET) || (utype == V_ASN1_OTHER))
{
/* Clear context cache for type OTHER because the auto clear
* when we have a exact match wont work
*/
if (utype == V_ASN1_OTHER)
{
asn1_tlc_clear(ctx);
}
/* SEQUENCE and SET must be constructed */
else if (!cst)
{
ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE,
ASN1_R_TYPE_NOT_CONSTRUCTED);
return 0;
}
cont = *in;
/* If indefinite length constructed find the real end */
if (inf)
{
if (!asn1_find_end(&p, plen, inf))
goto err;
len = p - cont;
}
else
{
len = p - cont + plen;
p += plen;
buf.data = NULL;
}
}
else if (cst)
{
buf.length = 0;
buf.max = 0;
buf.data = NULL;
/* Should really check the internal tags are correct but
* some things may get this wrong. The relevant specs
* say that constructed string types should be OCTET STRINGs
* internally irrespective of the type. So instead just check
* for UNIVERSAL class and ignore the tag.
*/
if (!asn1_collect(&buf, &p, plen, inf, -1, V_ASN1_UNIVERSAL, 0))
{
free_cont = 1;
goto err;
}
len = buf.length;
/* Append a final null to string */
if (!BUF_MEM_grow_clean(&buf, len + 1))
{
ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE,
ERR_R_MALLOC_FAILURE);
return 0;
}
buf.data[len] = 0;
cont = (const unsigned char *)buf.data;
free_cont = 1;
}
else
{
cont = p;
len = plen;
p += plen;
}
/* We now have content length and type: translate into a structure */
if (!asn1_ex_c2i(pval, cont, len, utype, &free_cont, it))
goto err;
*in = p;
ret = 1;
err:
if (free_cont && buf.data) OPENSSL_free(buf.data);
return ret;
}
unsigned long ssl3_output_cert_chain(SSL *s, X509 *x)
{
unsigned char *p;
int n,i;
unsigned long l=7;
BUF_MEM *buf;
X509_STORE_CTX xs_ctx;
X509_OBJECT obj;
int no_chain;
if ((s->mode & SSL_MODE_NO_AUTO_CHAIN) || s->ctx->extra_certs)
no_chain = 1;
else
no_chain = 0;
/* TLSv1 sends a chain with nothing in it, instead of an alert */
buf=s->init_buf;
if (!BUF_MEM_grow_clean(buf,10))
{
SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB);
return(0);
}
if (x != NULL)
{
if(!no_chain && !X509_STORE_CTX_init(&xs_ctx,s->ctx->cert_store,NULL,NULL))
{
SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_X509_LIB);
return(0);
}
for (;;)
{
n=i2d_X509(x,NULL);
if (!BUF_MEM_grow_clean(buf,(int)(n+l+3)))
{
SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB);
return(0);
}
p=(unsigned char *)&(buf->data[l]);
l2n3(n,p);
i2d_X509(x,&p);
l+=n+3;
if (no_chain)
break;
if (X509_NAME_cmp(X509_get_subject_name(x),
X509_get_issuer_name(x)) == 0) break;
i=X509_STORE_get_by_subject(&xs_ctx,X509_LU_X509,
X509_get_issuer_name(x),&obj);
if (i <= 0) break;
x=obj.data.x509;
/* Count is one too high since the X509_STORE_get uped the
* ref count */
X509_free(x);
}
if (!no_chain)
X509_STORE_CTX_cleanup(&xs_ctx);
}
/* Thawte special :-) */
if (s->ctx->extra_certs != NULL)
for (i=0; i<sk_X509_num(s->ctx->extra_certs); i++)
{
x=sk_X509_value(s->ctx->extra_certs,i);
n=i2d_X509(x,NULL);
if (!BUF_MEM_grow_clean(buf,(int)(n+l+3)))
{
SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB);
return(0);
}
p=(unsigned char *)&(buf->data[l]);
l2n3(n,p);
i2d_X509(x,&p);
l+=n+3;
}
l-=7;
p=(unsigned char *)&(buf->data[4]);
l2n3(l,p);
l+=3;
p=(unsigned char *)&(buf->data[0]);
*(p++)=SSL3_MT_CERTIFICATE;
l2n3(l,p);
l+=4;
return(l);
}
unsigned long dtls1_output_cert_chain(SSL *s, X509 *x)
{
unsigned char *p;
int n,i;
unsigned long l= 3 + DTLS1_HM_HEADER_LENGTH;
BUF_MEM *buf;
X509_STORE_CTX xs_ctx;
X509_OBJECT obj;
/* TLSv1 sends a chain with nothing in it, instead of an alert */
buf=s->init_buf;
if (!BUF_MEM_grow_clean(buf,10))
{
SSLerr(SSL_F_DTLS1_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB);
return(0);
}
if (x != NULL)
{
if(!X509_STORE_CTX_init(&xs_ctx,s->ctx->cert_store,NULL,NULL))
{
SSLerr(SSL_F_DTLS1_OUTPUT_CERT_CHAIN,ERR_R_X509_LIB);
return(0);
}
for (;;)
{
n=i2d_X509(x,NULL);
if (!BUF_MEM_grow_clean(buf,(int)(n+l+3)))
{
SSLerr(SSL_F_DTLS1_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB);
return(0);
}
p=(unsigned char *)&(buf->data[l]);
l2n3(n,p);
i2d_X509(x,&p);
l+=n+3;
if (X509_NAME_cmp(X509_get_subject_name(x),
X509_get_issuer_name(x)) == 0) break;
i=X509_STORE_get_by_subject(&xs_ctx,X509_LU_X509,
X509_get_issuer_name(x),&obj);
if (i <= 0) break;
x=obj.data.x509;
/* Count is one too high since the X509_STORE_get uped the
* ref count */
X509_free(x);
}
X509_STORE_CTX_cleanup(&xs_ctx);
}
/* Thawte special :-) */
if (s->ctx->extra_certs != NULL)
for (i=0; i<sk_X509_num(s->ctx->extra_certs); i++)
{
x=sk_X509_value(s->ctx->extra_certs,i);
n=i2d_X509(x,NULL);
if (!BUF_MEM_grow_clean(buf,(int)(n+l+3)))
{
SSLerr(SSL_F_DTLS1_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB);
return(0);
}
p=(unsigned char *)&(buf->data[l]);
l2n3(n,p);
i2d_X509(x,&p);
l+=n+3;
}
l-= (3 + DTLS1_HM_HEADER_LENGTH);
p=(unsigned char *)&(buf->data[DTLS1_HM_HEADER_LENGTH]);
l2n3(l,p);
l+=3;
p=(unsigned char *)&(buf->data[0]);
p = dtls1_set_message_header(s, p, SSL3_MT_CERTIFICATE, l, 0, l);
l+=DTLS1_HM_HEADER_LENGTH;
return(l);
}
/* Obtain handshake message of message type 'mt' (any if mt == -1),
* maximum acceptable body length 'max'.
* The first four bytes (msg_type and length) are read in state 'st1',
* the body is read in state 'stn'.
*/
long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
{
uint8_t *p;
uint32_t l;
long n;
int i, al;
CBS cbs;
uint8_t message_type;
if (s->s3->tmp.reuse_message) {
s->s3->tmp.reuse_message = 0;
if ((mt >= 0) && (s->s3->tmp.message_type != mt)) {
al = SSL_AD_UNEXPECTED_MESSAGE;
SSLerr(SSL_F_SSL3_GET_MESSAGE, SSL_R_UNEXPECTED_MESSAGE);
goto f_err;
}
*ok = 1;
s->state = stn;
s->init_msg = s->init_buf->data + 4;
s->init_num = (int)s->s3->tmp.message_size;
return s->init_num;
}
p = (uint8_t *)s->init_buf->data;
if (s->state == st1) /* s->init_num < 4 */
{
int skip_message;
do {
while (s->init_num < 4) {
i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, &p[s->init_num],
4 - s->init_num, 0);
if (i <= 0) {
s->rwstate = SSL_READING;
*ok = 0;
return i;
}
s->init_num += i;
}
skip_message = 0;
if (!s->server && p[0] == SSL3_MT_HELLO_REQUEST) {
/*
* The server may always send 'Hello Request'
* messages -- we are doing a handshake anyway
* now, so ignore them if their format is
* correct. Does not count for 'Finished' MAC.
*/
if (p[1] == 0 && p[2] == 0 && p[3] == 0) {
s->init_num = 0;
skip_message = 1;
if (s->msg_callback)
s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, p, 4, s,
s->msg_callback_arg);
}
}
} while (skip_message);
/* s->init_num == 4 */
if ((mt >= 0) && (*p != mt)) {
al = SSL_AD_UNEXPECTED_MESSAGE;
SSLerr(SSL_F_SSL3_GET_MESSAGE, SSL_R_UNEXPECTED_MESSAGE);
goto f_err;
}
/* XXX remove call to n2l3 */
CBS_init(&cbs, p, 4);
if (!CBS_get_u8(&cbs, &message_type) ||
!CBS_get_u24(&cbs, &l)) {
SSLerr(SSL_F_SSL3_GET_MESSAGE, ERR_R_BUF_LIB);
goto err;
}
s->s3->tmp.message_type = message_type;
if (l > (unsigned long)max) {
al = SSL_AD_ILLEGAL_PARAMETER;
SSLerr(SSL_F_SSL3_GET_MESSAGE, SSL_R_EXCESSIVE_MESSAGE_SIZE);
goto f_err;
}
if (l && !BUF_MEM_grow_clean(s->init_buf, l + 4)) {
SSLerr(SSL_F_SSL3_GET_MESSAGE, ERR_R_BUF_LIB);
goto err;
}
s->s3->tmp.message_size = l;
s->state = stn;
s->init_msg = s->init_buf->data + 4;
s->init_num = 0;
}
/* next state (stn) */
p = s->init_msg;
n = s->s3->tmp.message_size - s->init_num;
while (n > 0) {
i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, &p[s->init_num], n, 0);
if (i <= 0) {
s->rwstate = SSL_READING;
*ok = 0;
return i;
}
s->init_num += i;
n -= i;
}
/* If receiving Finished, record MAC of prior handshake messages for
* Finished verification. */
if (*s->init_buf->data == SSL3_MT_FINISHED)
ssl3_take_mac(s);
/* Feed this message into MAC computation. */
tls1_finish_mac(s, (uint8_t *)s->init_buf->data, s->init_num + 4);
if (s->msg_callback)
s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->init_buf->data,
(size_t)s->init_num + 4, s, s->msg_callback_arg);
*ok = 1;
return s->init_num;
f_err:
ssl3_send_alert(s, SSL3_AL_FATAL, al);
err:
*ok = 0;
return (-1);
}
/* There have been a few bug fixes for this function from
* Paul Keogh <*****@*****.**>, many thanks to him */
static int asn1_collate_primitive(ASN1_STRING *a, ASN1_const_CTX *c)
{
ASN1_STRING *os=NULL;
BUF_MEM b;
int num;
b.length=0;
b.max=0;
b.data=NULL;
if (a == NULL)
{
c->error=ERR_R_PASSED_NULL_PARAMETER;
goto err;
}
num=0;
for (;;)
{
if (c->inf & 1)
{
c->eos=ASN1_const_check_infinite_end(&c->p,
(long)(c->max-c->p));
if (c->eos) break;
}
else
{
if (c->slen <= 0) break;
}
c->q=c->p;
if (d2i_ASN1_bytes(&os,&c->p,c->max-c->p,c->tag,c->xclass)
== NULL)
{
c->error=ERR_R_ASN1_LIB;
goto err;
}
if (!BUF_MEM_grow_clean(&b,num+os->length))
{
c->error=ERR_R_BUF_LIB;
goto err;
}
memcpy(&(b.data[num]),os->data,os->length);
if (!(c->inf & 1))
c->slen-=(c->p-c->q);
num+=os->length;
}
if (!asn1_const_Finish(c)) goto err;
a->length=num;
if (a->data != NULL) OPENSSL_free(a->data);
a->data=(unsigned char *)b.data;
if (os != NULL) ASN1_STRING_free(os);
return(1);
err:
OPENSSL_PUT_ERROR(ASN1, asn1_collate_primitive, c->error);
if (os != NULL) ASN1_STRING_free(os);
if (b.data != NULL) OPENSSL_free(b.data);
return(0);
}
static long
dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
{
unsigned char *p;
unsigned long l, frag_off, frag_len;
int i,al;
struct hm_header_st msg_hdr;
unsigned long overlap;
/* see if we have the required fragment already */
if (dtls1_retrieve_buffered_fragment(s, &l))
{
/* compute MAC, remove fragment headers */
dtls1_process_handshake_fragment(s, l);
s->init_msg = s->init_buf->data + DTLS1_HM_HEADER_LENGTH;
s->state = stn;
return 1;
}
/* get a handshake fragment from the record layer */
p = (unsigned char *)s->init_buf->data;
/* read handshake message header */
i=s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,&p[s->init_num],
DTLS1_HM_HEADER_LENGTH, 0);
if (i <= 0) /* nbio, or an error */
{
s->rwstate=SSL_READING;
*ok = 0;
return i;
}
OPENSSL_assert(i == DTLS1_HM_HEADER_LENGTH);
p += s->init_num;
/* parse the message fragment header */
dtls1_get_message_header(p, &msg_hdr);
/*
* if this is a future (or stale) message it gets buffered
* (or dropped)--no further processing at this time
*/
if ( msg_hdr.seq != s->d1->handshake_read_seq)
return dtls1_process_out_of_seq_message(s, &msg_hdr, ok);
l = msg_hdr.msg_len;
frag_off = msg_hdr.frag_off;
frag_len = msg_hdr.frag_len;
/* sanity checking */
if ( frag_off + frag_len > l)
{
al=SSL_AD_ILLEGAL_PARAMETER;
SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT,SSL_R_EXCESSIVE_MESSAGE_SIZE);
goto f_err;
}
if (!s->server && s->d1->r_msg_hdr.frag_off == 0 &&
p[0] == SSL3_MT_HELLO_REQUEST)
{
/* The server may always send 'Hello Request' messages --
* we are doing a handshake anyway now, so ignore them
* if their format is correct. Does not count for
* 'Finished' MAC. */
if (p[1] == 0 && p[2] == 0 &&p[3] == 0)
{
if (s->msg_callback)
s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE,
p, DTLS1_HM_HEADER_LENGTH, s,
s->msg_callback_arg);
s->init_num = 0;
return dtls1_get_message_fragment(s, st1, stn,
max, ok);
}
else /* Incorrectly formated Hello request */
{
al=SSL_AD_UNEXPECTED_MESSAGE;
SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT,SSL_R_UNEXPECTED_MESSAGE);
goto f_err;
}
}
/* XDTLS: do a sanity check on the fragment */
s->init_num += i;
if ( s->d1->r_msg_hdr.frag_off == 0) /* first fragment */
{
/* BUF_MEM_grow takes an 'int' parameter */
if (l > (INT_MAX-DTLS1_HM_HEADER_LENGTH))
{
al=SSL_AD_ILLEGAL_PARAMETER;
SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT,SSL_R_EXCESSIVE_MESSAGE_SIZE);
goto f_err;
}
if (l && !BUF_MEM_grow_clean(s->init_buf,(int)l
+ DTLS1_HM_HEADER_LENGTH))
{
SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT,ERR_R_BUF_LIB);
goto err;
}
/* Only do this test when we're reading the expected message.
* Stale messages will be dropped and future messages will be buffered */
if ( l > (unsigned long)max)
{
al=SSL_AD_ILLEGAL_PARAMETER;
SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT,SSL_R_EXCESSIVE_MESSAGE_SIZE);
goto f_err;
}
s->s3->tmp.message_size=l;
}
if ( frag_len > (unsigned long)max)
{
al=SSL_AD_ILLEGAL_PARAMETER;
SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT,SSL_R_EXCESSIVE_MESSAGE_SIZE);
goto f_err;
}
if ( frag_len + s->init_num > (INT_MAX - DTLS1_HM_HEADER_LENGTH))
{
al=SSL_AD_ILLEGAL_PARAMETER;
SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT,SSL_R_EXCESSIVE_MESSAGE_SIZE);
goto f_err;
}
if ( frag_len & !BUF_MEM_grow_clean(s->init_buf, (int)frag_len
+ DTLS1_HM_HEADER_LENGTH + s->init_num))
{
SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT,ERR_R_BUF_LIB);
goto err;
}
if ( s->d1->r_msg_hdr.frag_off == 0)
{
s->s3->tmp.message_type = msg_hdr.type;
s->d1->r_msg_hdr.type = msg_hdr.type;
s->d1->r_msg_hdr.msg_len = l;
/* s->d1->r_msg_hdr.seq = seq_num; */
}
/* XDTLS: ressurect this when restart is in place */
s->state=stn;
/* next state (stn) */
p = (unsigned char *)s->init_buf->data;
if ( frag_len > 0)
{
i=s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,
&p[s->init_num],
frag_len,0);
/* XDTLS: fix this--message fragments cannot span multiple packets */
if (i <= 0)
{
s->rwstate=SSL_READING;
*ok = 0;
return i;
}
}
else
i = 0;
/* XDTLS: an incorrectly formatted fragment should cause the
* handshake to fail */
OPENSSL_assert(i == (int)frag_len);
#if 0
/* Successfully read a fragment.
* It may be (1) out of order, or
* (2) it's a repeat, in which case we dump it
* (3) the one we are expecting next (maybe with overlap)
* If it is next one, it may overlap with previously read bytes
*/
/* case (1): buffer the future fragment
* (we can treat fragments from a future message the same
* as future fragments from the message being currently read, since
* they are sematically simply out of order.
*/
if ( msg_hdr.seq > s->d1->handshake_read_seq ||
frag_off > s->init_num - DTLS1_HM_HEADER_LENGTH)
{
dtls1_buffer_handshake_fragment(s, &msg_hdr);
return DTLS1_HM_FRAGMENT_RETRY;
}
/* case (2): drop the entire fragment, and try again */
if ( msg_hdr.seq < s->d1->handshake_read_seq ||
frag_off + frag_len < s->init_num - DTLS1_HM_HEADER_LENGTH)
{
s->init_num -= DTLS1_HM_HEADER_LENGTH;
return DTLS1_HM_FRAGMENT_RETRY;
}
#endif
/* case (3): received a immediately useful fragment. Determine the
* possible overlap and copy the fragment.
*/
overlap = (s->init_num - DTLS1_HM_HEADER_LENGTH) - frag_off;
/* retain the header for the first fragment */
if ( s->init_num > DTLS1_HM_HEADER_LENGTH)
{
memmove(&(s->init_buf->data[s->init_num]),
&(s->init_buf->data[s->init_num + DTLS1_HM_HEADER_LENGTH + overlap]),
frag_len - overlap);
s->init_num += frag_len - overlap;
}
else
s->init_num += frag_len;
dtls1_process_handshake_fragment(s, frag_len - overlap);
if (s->msg_callback)
s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->init_buf->data,
(size_t)s->init_num, s,
s->msg_callback_arg);
*ok=1;
return s->init_num;
f_err:
ssl3_send_alert(s,SSL3_AL_FATAL,al);
s->init_num = 0;
err:
*ok=0;
return(-1);
}
static int
asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
{
BUF_MEM *b;
unsigned char *p;
int i;
ASN1_const_CTX c;
size_t want = HEADER_SIZE;
int eos = 0;
size_t off = 0;
size_t len = 0;
b = BUF_MEM_new();
if (b == NULL) {
ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ERR_R_MALLOC_FAILURE);
return -1;
}
ERR_clear_error();
for (;;) {
if (want >= (len - off)) {
want -= (len - off);
if (len + want < len || !BUF_MEM_grow_clean(b, len + want)) {
ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ERR_R_MALLOC_FAILURE);
goto err;
}
i = BIO_read(in, &(b->data[len]), want);
if ((i < 0) && ((len - off) == 0)) {
ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_NOT_ENOUGH_DATA);
goto err;
}
if (i > 0) {
if (len + i < len) {
ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_TOO_LONG);
goto err;
}
len += i;
}
}
/* else data already loaded */
p = (unsigned char *) & (b->data[off]);
c.p = p;
c.inf = ASN1_get_object(&(c.p), &(c.slen), &(c.tag),
&(c.xclass), len - off);
if (c.inf & 0x80) {
unsigned long e;
e = ERR_GET_REASON(ERR_peek_error());
if (e != ASN1_R_TOO_LONG)
goto err;
else
ERR_clear_error(); /* clear error */
}
i = c.p - p; /* header length */
off += i; /* end of data */
if (c.inf & 1) {
/* no data body so go round again */
eos++;
if (eos < 0) {
ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_HEADER_TOO_LONG);
goto err;
}
want = HEADER_SIZE;
} else if (eos && (c.slen == 0) && (c.tag == V_ASN1_EOC)) {
/* eos value, so go back and read another header */
eos--;
if (eos <= 0)
break;
else
want = HEADER_SIZE;
} else {
/* suck in c.slen bytes of data */
want = c.slen;
if (want > (len - off)) {
want -= (len - off);
if (want > INT_MAX /* BIO_read takes an int length */ ||
len+want < len) {
ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_TOO_LONG);
goto err;
}
if (!BUF_MEM_grow_clean(b, len + want)) {
ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ERR_R_MALLOC_FAILURE);
goto err;
}
while (want > 0) {
i = BIO_read(in, &(b->data[len]), want);
if (i <= 0) {
ASN1err(ASN1_F_ASN1_D2I_READ_BIO,
ASN1_R_NOT_ENOUGH_DATA);
goto err;
}
/* This can't overflow because
* |len+want| didn't overflow. */
len += i;
want -= i;
}
}
if (off + c.slen < off) {
ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_TOO_LONG);
goto err;
}
off += c.slen;
if (eos <= 0) {
break;
} else
want = HEADER_SIZE;
}
}
if (off > INT_MAX) {
ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_TOO_LONG);
goto err;
}
*pb = b;
return off;
err:
if (b != NULL)
BUF_MEM_free(b);
return -1;
}
/* Obtain handshake message of message type |msg_type| (any if |msg_type| == -1),
* maximum acceptable body length |max|. The first four bytes (msg_type and
* length) are read in state |header_state|, the body is read in state
* |body_state|. */
long ssl3_get_message(SSL *ssl, int header_state, int body_state, int msg_type,
long max, enum ssl_hash_message_t hash_message, int *ok) {
uint8_t *p;
unsigned long l;
long n;
int al;
if (ssl->s3->tmp.reuse_message) {
/* A ssl_dont_hash_message call cannot be combined with reuse_message; the
* ssl_dont_hash_message would have to have been applied to the previous
* call. */
assert(hash_message == ssl_hash_message);
ssl->s3->tmp.reuse_message = 0;
if (msg_type >= 0 && ssl->s3->tmp.message_type != msg_type) {
al = SSL_AD_UNEXPECTED_MESSAGE;
OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_MESSAGE);
goto f_err;
}
*ok = 1;
ssl->state = body_state;
ssl->init_msg = (uint8_t *)ssl->init_buf->data + 4;
ssl->init_num = (int)ssl->s3->tmp.message_size;
return ssl->init_num;
}
p = (uint8_t *)ssl->init_buf->data;
if (ssl->state == header_state) {
assert(ssl->init_num < 4);
for (;;) {
while (ssl->init_num < 4) {
int bytes_read = ssl3_read_bytes(
ssl, SSL3_RT_HANDSHAKE, &p[ssl->init_num], 4 - ssl->init_num, 0);
if (bytes_read <= 0) {
*ok = 0;
return bytes_read;
}
ssl->init_num += bytes_read;
}
static const uint8_t kHelloRequest[4] = {SSL3_MT_HELLO_REQUEST, 0, 0, 0};
if (ssl->server || memcmp(p, kHelloRequest, sizeof(kHelloRequest)) != 0) {
break;
}
/* The server may always send 'Hello Request' messages -- we are doing
* a handshake anyway now, so ignore them if their format is correct.
* Does not count for 'Finished' MAC. */
ssl->init_num = 0;
if (ssl->msg_callback) {
ssl->msg_callback(0, ssl->version, SSL3_RT_HANDSHAKE, p, 4, ssl,
ssl->msg_callback_arg);
}
}
/* ssl->init_num == 4 */
if (msg_type >= 0 && *p != msg_type) {
al = SSL_AD_UNEXPECTED_MESSAGE;
OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_MESSAGE);
goto f_err;
}
ssl->s3->tmp.message_type = *(p++);
n2l3(p, l);
if (l > (unsigned long)max) {
al = SSL_AD_ILLEGAL_PARAMETER;
OPENSSL_PUT_ERROR(SSL, SSL_R_EXCESSIVE_MESSAGE_SIZE);
goto f_err;
}
if (l && !BUF_MEM_grow_clean(ssl->init_buf, l + 4)) {
OPENSSL_PUT_ERROR(SSL, ERR_R_BUF_LIB);
goto err;
}
ssl->s3->tmp.message_size = l;
ssl->state = body_state;
ssl->init_msg = (uint8_t *)ssl->init_buf->data + 4;
ssl->init_num = 0;
}
/* next state (body_state) */
p = ssl->init_msg;
n = ssl->s3->tmp.message_size - ssl->init_num;
while (n > 0) {
int bytes_read =
ssl3_read_bytes(ssl, SSL3_RT_HANDSHAKE, &p[ssl->init_num], n, 0);
if (bytes_read <= 0) {
ssl->rwstate = SSL_READING;
*ok = 0;
return bytes_read;
}
ssl->init_num += bytes_read;
n -= bytes_read;
}
/* Feed this message into MAC computation. */
if (hash_message == ssl_hash_message && !ssl3_hash_current_message(ssl)) {
goto err;
}
if (ssl->msg_callback) {
ssl->msg_callback(0, ssl->version, SSL3_RT_HANDSHAKE, ssl->init_buf->data,
(size_t)ssl->init_num + 4, ssl, ssl->msg_callback_arg);
}
*ok = 1;
return ssl->init_num;
f_err:
ssl3_send_alert(ssl, SSL3_AL_FATAL, al);
err:
*ok = 0;
return -1;
}
/* Obtain handshake message of message type 'mt' (any if mt == -1),
* maximum acceptable body length 'max'.
* The first four bytes (msg_type and length) are read in state 'st1',
* the body is read in state 'stn'.
*/
long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
{
unsigned char *p;
unsigned long l;
long n;
int i,al;
if (s->s3->tmp.reuse_message)
{
s->s3->tmp.reuse_message=0;
if ((mt >= 0) && (s->s3->tmp.message_type != mt))
{
al=SSL_AD_UNEXPECTED_MESSAGE;
SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_UNEXPECTED_MESSAGE);
goto f_err;
}
*ok=1;
s->init_msg = s->init_buf->data + 4;
s->init_num = (int)s->s3->tmp.message_size;
return s->init_num;
}
p=(unsigned char *)s->init_buf->data;
if (s->state == st1) /* s->init_num < 4 */
{
int skip_message;
do
{
while (s->init_num < 4)
{
i=s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,
&p[s->init_num],4 - s->init_num, 0);
if (i <= 0)
{
s->rwstate=SSL_READING;
*ok = 0;
return i;
}
s->init_num+=i;
}
skip_message = 0;
if (!s->server)
if (p[0] == SSL3_MT_HELLO_REQUEST)
/* The server may always send 'Hello Request' messages --
* we are doing a handshake anyway now, so ignore them
* if their format is correct. Does not count for
* 'Finished' MAC. */
if (p[1] == 0 && p[2] == 0 &&p[3] == 0)
{
s->init_num = 0;
skip_message = 1;
if (s->msg_callback)
s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, p, 4, s, s->msg_callback_arg);
}
}
while (skip_message);
/* s->init_num == 4 */
if ((mt >= 0) && (*p != mt))
{
al=SSL_AD_UNEXPECTED_MESSAGE;
SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_UNEXPECTED_MESSAGE);
goto f_err;
}
if ((mt < 0) && (*p == SSL3_MT_CLIENT_HELLO) &&
(st1 == SSL3_ST_SR_CERT_A) &&
(stn == SSL3_ST_SR_CERT_B))
{
/* At this point we have got an MS SGC second client
* hello (maybe we should always allow the client to
* start a new handshake?). We need to restart the mac.
* Don't increment {num,total}_renegotiations because
* we have not completed the handshake. */
ssl3_init_finished_mac(s);
}
s->s3->tmp.message_type= *(p++);
n2l3(p,l);
if (l > (unsigned long)max)
{
al=SSL_AD_ILLEGAL_PARAMETER;
SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_EXCESSIVE_MESSAGE_SIZE);
goto f_err;
}
if (l > (INT_MAX-4)) /* BUF_MEM_grow takes an 'int' parameter */
{
al=SSL_AD_ILLEGAL_PARAMETER;
SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_EXCESSIVE_MESSAGE_SIZE);
goto f_err;
}
if (l && !BUF_MEM_grow_clean(s->init_buf,(int)l+4))
{
SSLerr(SSL_F_SSL3_GET_MESSAGE,ERR_R_BUF_LIB);
goto err;
}
s->s3->tmp.message_size=l;
s->state=stn;
s->init_msg = s->init_buf->data + 4;
s->init_num = 0;
}
/* next state (stn) */
p = s->init_msg;
n = s->s3->tmp.message_size - s->init_num;
while (n > 0)
{
i=s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,&p[s->init_num],n,0);
if (i <= 0)
{
s->rwstate=SSL_READING;
*ok = 0;
return i;
}
s->init_num += i;
n -= i;
}
#ifndef OPENSSL_NO_NEXTPROTONEG
/* If receiving Finished, record MAC of prior handshake messages for
* Finished verification. */
if (*s->init_buf->data == SSL3_MT_FINISHED)
ssl3_take_mac(s);
#endif
/* Feed this message into MAC computation. */
ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, s->init_num + 4);
if (s->msg_callback)
s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->init_buf->data, (size_t)s->init_num + 4, s, s->msg_callback_arg);
*ok=1;
return s->init_num;
f_err:
ssl3_send_alert(s,SSL3_AL_FATAL,al);
err:
*ok=0;
return(-1);
}
unsigned long ssl3_output_cert_chain(SSL *s, X509 *x)
{
unsigned char *p;
int i;
unsigned long l = 7;
BUF_MEM *buf;
int no_chain;
if ((s->mode & SSL_MODE_NO_AUTO_CHAIN) || s->ctx->extra_certs)
no_chain = 1;
else
no_chain = 0;
/* TLSv1 sends a chain with nothing in it, instead of an alert */
buf = s->init_buf;
if (!BUF_MEM_grow_clean(buf, 10)) {
SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN, ERR_R_BUF_LIB);
return (0);
}
if (x != NULL) {
if (no_chain) {
if (ssl3_add_cert_to_buf(buf, &l, x))
return (0);
} else {
X509_STORE_CTX xs_ctx;
if (!X509_STORE_CTX_init(&xs_ctx, s->ctx->cert_store, x, NULL)) {
SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN, ERR_R_X509_LIB);
return (0);
}
X509_verify_cert(&xs_ctx);
/* Don't leave errors in the queue */
ERR_clear_error();
for (i = 0; i < sk_X509_num(xs_ctx.chain); i++) {
x = sk_X509_value(xs_ctx.chain, i);
if (ssl3_add_cert_to_buf(buf, &l, x)) {
X509_STORE_CTX_cleanup(&xs_ctx);
return 0;
}
}
X509_STORE_CTX_cleanup(&xs_ctx);
}
}
/* Thawte special :-) */
for (i = 0; i < sk_X509_num(s->ctx->extra_certs); i++) {
x = sk_X509_value(s->ctx->extra_certs, i);
if (ssl3_add_cert_to_buf(buf, &l, x))
return (0);
}
l -= 7;
p = (unsigned char *)&(buf->data[4]);
l2n3(l, p);
l += 3;
p = (unsigned char *)&(buf->data[0]);
*(p++) = SSL3_MT_CERTIFICATE;
l2n3(l, p);
l += 4;
return (l);
}
int PEM_read_bio(BIO *bp, char **name, char **header, unsigned char **data,
long *len)
{
EVP_ENCODE_CTX ctx;
int end=0,i,k,bl=0,hl=0,nohead=0;
char buf[256];
BUF_MEM *nameB;
BUF_MEM *headerB;
BUF_MEM *dataB,*tmpB;
nameB=BUF_MEM_new();
headerB=BUF_MEM_new();
dataB=BUF_MEM_new();
if ((nameB == NULL) || (headerB == NULL) || (dataB == NULL))
{
BUF_MEM_free(nameB);
BUF_MEM_free(headerB);
BUF_MEM_free(dataB);
PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE);
return(0);
}
buf[254]='\0';
for (;;)
{
i=BIO_gets(bp,buf,254);
if (i <= 0)
{
PEMerr(PEM_F_PEM_READ_BIO,PEM_R_NO_START_LINE);
goto err;
}
while ((i >= 0) && (buf[i] <= ' ')) i--;
buf[++i]='\n'; buf[++i]='\0';
if (strncmp(buf,"-----BEGIN ",11) == 0)
{
i=strlen(&(buf[11]));
if (strncmp(&(buf[11+i-6]),"-----\n",6) != 0)
continue;
if (!BUF_MEM_grow(nameB,i+9))
{
PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE);
goto err;
}
memcpy(nameB->data,&(buf[11]),i-6);
nameB->data[i-6]='\0';
break;
}
}
hl=0;
if (!BUF_MEM_grow(headerB,256))
{ PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE); goto err; }
headerB->data[0]='\0';
for (;;)
{
i=BIO_gets(bp,buf,254);
if (i <= 0) break;
while ((i >= 0) && (buf[i] <= ' ')) i--;
buf[++i]='\n'; buf[++i]='\0';
if (buf[0] == '\n') break;
if (!BUF_MEM_grow(headerB,hl+i+9))
{ PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE); goto err; }
if (strncmp(buf,"-----END ",9) == 0)
{
nohead=1;
break;
}
memcpy(&(headerB->data[hl]),buf,i);
headerB->data[hl+i]='\0';
hl+=i;
}
bl=0;
if (!BUF_MEM_grow(dataB,1024))
{ PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE); goto err; }
dataB->data[0]='\0';
if (!nohead)
{
for (;;)
{
i=BIO_gets(bp,buf,254);
if (i <= 0) break;
while ((i >= 0) && (buf[i] <= ' ')) i--;
buf[++i]='\n'; buf[++i]='\0';
if (i != 65) end=1;
if (strncmp(buf,"-----END ",9) == 0)
break;
if (i > 65) break;
if (!BUF_MEM_grow_clean(dataB,i+bl+9))
{
PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE);
goto err;
}
memcpy(&(dataB->data[bl]),buf,i);
dataB->data[bl+i]='\0';
bl+=i;
if (end)
{
buf[0]='\0';
i=BIO_gets(bp,buf,254);
if (i <= 0) break;
while ((i >= 0) && (buf[i] <= ' ')) i--;
buf[++i]='\n'; buf[++i]='\0';
break;
}
}
}
else
{
tmpB=headerB;
headerB=dataB;
dataB=tmpB;
bl=hl;
}
i=strlen(nameB->data);
if ( (strncmp(buf,"-----END ",9) != 0) ||
(strncmp(nameB->data,&(buf[9]),i) != 0) ||
(strncmp(&(buf[9+i]),"-----\n",6) != 0))
{
PEMerr(PEM_F_PEM_READ_BIO,PEM_R_BAD_END_LINE);
goto err;
}
EVP_DecodeInit(&ctx);
i=EVP_DecodeUpdate(&ctx,
(unsigned char *)dataB->data,&bl,
(unsigned char *)dataB->data,bl);
if (i < 0)
{
PEMerr(PEM_F_PEM_READ_BIO,PEM_R_BAD_BASE64_DECODE);
goto err;
}
i=EVP_DecodeFinal(&ctx,(unsigned char *)&(dataB->data[bl]),&k);
if (i < 0)
{
PEMerr(PEM_F_PEM_READ_BIO,PEM_R_BAD_BASE64_DECODE);
goto err;
}
bl+=k;
if (bl == 0) goto err;
*name=nameB->data;
*header=headerB->data;
*data=(unsigned char *)dataB->data;
*len=bl;
OPENSSL_free(nameB);
OPENSSL_free(headerB);
OPENSSL_free(dataB);
return(1);
err:
BUF_MEM_free(nameB);
BUF_MEM_free(headerB);
BUF_MEM_free(dataB);
return(0);
}
/*
* Obtain handshake message of message type 'mt' (any if mt == -1), maximum
* acceptable body length 'max'. The first four bytes (msg_type and length)
* are read in state 'st1', the body is read in state 'stn'.
*/
long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
{
unsigned char *p;
unsigned long l;
long n;
int i, al, recvd_type;
if (s->s3->tmp.reuse_message) {
s->s3->tmp.reuse_message = 0;
if ((mt >= 0) && (s->s3->tmp.message_type != mt)) {
al = SSL_AD_UNEXPECTED_MESSAGE;
SSLerr(SSL_F_SSL3_GET_MESSAGE, SSL_R_UNEXPECTED_MESSAGE);
goto f_err;
}
*ok = 1;
s->state = stn;
s->init_msg = s->init_buf->data + SSL3_HM_HEADER_LENGTH;
s->init_num = (int)s->s3->tmp.message_size;
return s->init_num;
}
p = (unsigned char *)s->init_buf->data;
if (s->state == st1) {
/* s->init_num < SSL3_HM_HEADER_LENGTH */
int skip_message;
do {
while (s->init_num < SSL3_HM_HEADER_LENGTH) {
i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, &recvd_type,
&p[s->init_num], SSL3_HM_HEADER_LENGTH - s->init_num, 0);
if (i <= 0) {
s->rwstate = SSL_READING;
*ok = 0;
return i;
}
if (s->init_num == 0
&& recvd_type == SSL3_RT_CHANGE_CIPHER_SPEC
&& (mt < 0 || mt == SSL3_MT_CHANGE_CIPHER_SPEC)) {
if (*p != SSL3_MT_CCS) {
al = SSL_AD_UNEXPECTED_MESSAGE;
SSLerr(SSL_F_SSL3_GET_MESSAGE,
SSL_R_UNEXPECTED_MESSAGE);
goto f_err;
}
s->init_num = i - 1;
s->init_msg = p + 1;
s->s3->tmp.message_type = SSL3_MT_CHANGE_CIPHER_SPEC;
s->s3->tmp.message_size = i - 1;
s->state = stn;
*ok = 1;
if (s->msg_callback)
s->msg_callback(0, s->version,
SSL3_RT_CHANGE_CIPHER_SPEC, p, 1, s,
s->msg_callback_arg);
return i - 1;
} else if (recvd_type != SSL3_RT_HANDSHAKE) {
al = SSL_AD_UNEXPECTED_MESSAGE;
SSLerr(SSL_F_SSL3_GET_MESSAGE, SSL_R_CCS_RECEIVED_EARLY);
goto f_err;
}
s->init_num += i;
}
skip_message = 0;
if (!s->server)
if (p[0] == SSL3_MT_HELLO_REQUEST)
/*
* The server may always send 'Hello Request' messages --
* we are doing a handshake anyway now, so ignore them if
* their format is correct. Does not count for 'Finished'
* MAC.
*/
if (p[1] == 0 && p[2] == 0 && p[3] == 0) {
s->init_num = 0;
skip_message = 1;
if (s->msg_callback)
s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE,
p, SSL3_HM_HEADER_LENGTH, s,
s->msg_callback_arg);
}
} while (skip_message);
/* s->init_num == SSL3_HM_HEADER_LENGTH */
if ((mt >= 0) && (*p != mt)) {
al = SSL_AD_UNEXPECTED_MESSAGE;
SSLerr(SSL_F_SSL3_GET_MESSAGE, SSL_R_UNEXPECTED_MESSAGE);
goto f_err;
}
s->s3->tmp.message_type = *(p++);
if(RECORD_LAYER_is_sslv2_record(&s->rlayer)) {
/*
* Only happens with SSLv3+ in an SSLv2 backward compatible
* ClientHello
*/
/*
* Total message size is the remaining record bytes to read
* plus the SSL3_HM_HEADER_LENGTH bytes that we already read
*/
l = RECORD_LAYER_get_rrec_length(&s->rlayer)
+ SSL3_HM_HEADER_LENGTH;
if (l && !BUF_MEM_grow_clean(s->init_buf, (int)l)) {
SSLerr(SSL_F_SSL3_GET_MESSAGE, ERR_R_BUF_LIB);
goto err;
}
s->s3->tmp.message_size = l;
s->state = stn;
s->init_msg = s->init_buf->data;
s->init_num = SSL3_HM_HEADER_LENGTH;
} else {
n2l3(p, l);
if (l > (unsigned long)max) {
al = SSL_AD_ILLEGAL_PARAMETER;
SSLerr(SSL_F_SSL3_GET_MESSAGE, SSL_R_EXCESSIVE_MESSAGE_SIZE);
goto f_err;
}
/* BUF_MEM_grow takes an 'int' parameter */
if (l > (INT_MAX - SSL3_HM_HEADER_LENGTH)) {
al = SSL_AD_ILLEGAL_PARAMETER;
SSLerr(SSL_F_SSL3_GET_MESSAGE, SSL_R_EXCESSIVE_MESSAGE_SIZE);
goto f_err;
}
if (l && !BUF_MEM_grow_clean(s->init_buf,
(int)l + SSL3_HM_HEADER_LENGTH)) {
SSLerr(SSL_F_SSL3_GET_MESSAGE, ERR_R_BUF_LIB);
goto err;
}
s->s3->tmp.message_size = l;
s->state = stn;
s->init_msg = s->init_buf->data + SSL3_HM_HEADER_LENGTH;
s->init_num = 0;
}
}
/* next state (stn) */
p = s->init_msg;
n = s->s3->tmp.message_size - s->init_num;
while (n > 0) {
i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, NULL,
&p[s->init_num], n, 0);
if (i <= 0) {
s->rwstate = SSL_READING;
*ok = 0;
return i;
}
s->init_num += i;
n -= i;
}
#ifndef OPENSSL_NO_NEXTPROTONEG
/*
* If receiving Finished, record MAC of prior handshake messages for
* Finished verification.
*/
if (*s->init_buf->data == SSL3_MT_FINISHED)
ssl3_take_mac(s);
#endif
/* Feed this message into MAC computation. */
if(RECORD_LAYER_is_sslv2_record(&s->rlayer)) {
ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, s->init_num);
if (s->msg_callback)
s->msg_callback(0, SSL2_VERSION, 0, s->init_buf->data,
(size_t)s->init_num, s, s->msg_callback_arg);
} else {
ssl3_finish_mac(s, (unsigned char *)s->init_buf->data,
s->init_num + SSL3_HM_HEADER_LENGTH);
if (s->msg_callback)
s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->init_buf->data,
(size_t)s->init_num + SSL3_HM_HEADER_LENGTH, s,
s->msg_callback_arg);
}
*ok = 1;
return s->init_num;
f_err:
ssl3_send_alert(s, SSL3_AL_FATAL, al);
err:
*ok = 0;
return (-1);
}
