s3_both.c revision 296341
1/* ssl/s3_both.c */ 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 3 * All rights reserved. 4 * 5 * This package is an SSL implementation written 6 * by Eric Young (eay@cryptsoft.com). 7 * The implementation was written so as to conform with Netscapes SSL. 8 * 9 * This library is free for commercial and non-commercial use as long as 10 * the following conditions are aheared to. The following conditions 11 * apply to all code found in this distribution, be it the RC4, RSA, 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 13 * included with this distribution is covered by the same copyright terms 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 15 * 16 * Copyright remains Eric Young's, and as such any Copyright notices in 17 * the code are not to be removed. 18 * If this package is used in a product, Eric Young should be given attribution 19 * as the author of the parts of the library used. 20 * This can be in the form of a textual message at program startup or 21 * in documentation (online or textual) provided with the package. 22 * 23 * Redistribution and use in source and binary forms, with or without 24 * modification, are permitted provided that the following conditions 25 * are met: 26 * 1. Redistributions of source code must retain the copyright 27 * notice, this list of conditions and the following disclaimer. 28 * 2. Redistributions in binary form must reproduce the above copyright 29 * notice, this list of conditions and the following disclaimer in the 30 * documentation and/or other materials provided with the distribution. 31 * 3. All advertising materials mentioning features or use of this software 32 * must display the following acknowledgement: 33 * "This product includes cryptographic software written by 34 * Eric Young (eay@cryptsoft.com)" 35 * The word 'cryptographic' can be left out if the rouines from the library 36 * being used are not cryptographic related :-). 37 * 4. If you include any Windows specific code (or a derivative thereof) from 38 * the apps directory (application code) you must include an acknowledgement: 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 40 * 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 51 * SUCH DAMAGE. 52 * 53 * The licence and distribution terms for any publically available version or 54 * derivative of this code cannot be changed. i.e. this code cannot simply be 55 * copied and put under another distribution licence 56 * [including the GNU Public Licence.] 57 */ 58/* ==================================================================== 59 * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. 60 * 61 * Redistribution and use in source and binary forms, with or without 62 * modification, are permitted provided that the following conditions 63 * are met: 64 * 65 * 1. Redistributions of source code must retain the above copyright 66 * notice, this list of conditions and the following disclaimer. 67 * 68 * 2. Redistributions in binary form must reproduce the above copyright 69 * notice, this list of conditions and the following disclaimer in 70 * the documentation and/or other materials provided with the 71 * distribution. 72 * 73 * 3. All advertising materials mentioning features or use of this 74 * software must display the following acknowledgment: 75 * "This product includes software developed by the OpenSSL Project 76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" 77 * 78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 79 * endorse or promote products derived from this software without 80 * prior written permission. For written permission, please contact 81 * openssl-core@openssl.org. 82 * 83 * 5. Products derived from this software may not be called "OpenSSL" 84 * nor may "OpenSSL" appear in their names without prior written 85 * permission of the OpenSSL Project. 86 * 87 * 6. Redistributions of any form whatsoever must retain the following 88 * acknowledgment: 89 * "This product includes software developed by the OpenSSL Project 90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)" 91 * 92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 103 * OF THE POSSIBILITY OF SUCH DAMAGE. 104 * ==================================================================== 105 * 106 * This product includes cryptographic software written by Eric Young 107 * (eay@cryptsoft.com). This product includes software written by Tim 108 * Hudson (tjh@cryptsoft.com). 109 * 110 */ 111/* ==================================================================== 112 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. 113 * ECC cipher suite support in OpenSSL originally developed by 114 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. 115 */ 116 117#include <limits.h> 118#include <string.h> 119#include <stdio.h> 120#include "ssl_locl.h" 121#include <openssl/buffer.h> 122#include <openssl/rand.h> 123#include <openssl/objects.h> 124#include <openssl/evp.h> 125#include <openssl/x509.h> 126 127/* 128 * send s->init_buf in records of type 'type' (SSL3_RT_HANDSHAKE or 129 * SSL3_RT_CHANGE_CIPHER_SPEC) 130 */ 131int ssl3_do_write(SSL *s, int type) 132{ 133 int ret; 134 135 ret = ssl3_write_bytes(s, type, &s->init_buf->data[s->init_off], 136 s->init_num); 137 if (ret < 0) 138 return (-1); 139 if (type == SSL3_RT_HANDSHAKE) 140 /* 141 * should not be done for 'Hello Request's, but in that case we'll 142 * ignore the result anyway 143 */ 144 ssl3_finish_mac(s, (unsigned char *)&s->init_buf->data[s->init_off], 145 ret); 146 147 if (ret == s->init_num) { 148 if (s->msg_callback) 149 s->msg_callback(1, s->version, type, s->init_buf->data, 150 (size_t)(s->init_off + s->init_num), s, 151 s->msg_callback_arg); 152 return (1); 153 } 154 s->init_off += ret; 155 s->init_num -= ret; 156 return (0); 157} 158 159int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen) 160{ 161 unsigned char *p, *d; 162 int i; 163 unsigned long l; 164 165 if (s->state == a) { 166 d = (unsigned char *)s->init_buf->data; 167 p = &(d[4]); 168 169 i = s->method->ssl3_enc->final_finish_mac(s, 170 sender, slen, 171 s->s3->tmp.finish_md); 172 if (i <= 0) 173 return 0; 174 s->s3->tmp.finish_md_len = i; 175 memcpy(p, s->s3->tmp.finish_md, i); 176 p += i; 177 l = i; 178 179 /* 180 * Copy the finished so we can use it for renegotiation checks 181 */ 182 if (s->type == SSL_ST_CONNECT) { 183 OPENSSL_assert(i <= EVP_MAX_MD_SIZE); 184 memcpy(s->s3->previous_client_finished, s->s3->tmp.finish_md, i); 185 s->s3->previous_client_finished_len = i; 186 } else { 187 OPENSSL_assert(i <= EVP_MAX_MD_SIZE); 188 memcpy(s->s3->previous_server_finished, s->s3->tmp.finish_md, i); 189 s->s3->previous_server_finished_len = i; 190 } 191 192#ifdef OPENSSL_SYS_WIN16 193 /* 194 * MSVC 1.5 does not clear the top bytes of the word unless I do 195 * this. 196 */ 197 l &= 0xffff; 198#endif 199 200 *(d++) = SSL3_MT_FINISHED; 201 l2n3(l, d); 202 s->init_num = (int)l + 4; 203 s->init_off = 0; 204 205 s->state = b; 206 } 207 208 /* SSL3_ST_SEND_xxxxxx_HELLO_B */ 209 return (ssl3_do_write(s, SSL3_RT_HANDSHAKE)); 210} 211 212#ifndef OPENSSL_NO_NEXTPROTONEG 213/* 214 * ssl3_take_mac calculates the Finished MAC for the handshakes messages seen 215 * to far. 216 */ 217static void ssl3_take_mac(SSL *s) 218{ 219 const char *sender; 220 int slen; 221 /* 222 * If no new cipher setup return immediately: other functions will set 223 * the appropriate error. 224 */ 225 if (s->s3->tmp.new_cipher == NULL) 226 return; 227 if (s->state & SSL_ST_CONNECT) { 228 sender = s->method->ssl3_enc->server_finished_label; 229 slen = s->method->ssl3_enc->server_finished_label_len; 230 } else { 231 sender = s->method->ssl3_enc->client_finished_label; 232 slen = s->method->ssl3_enc->client_finished_label_len; 233 } 234 235 s->s3->tmp.peer_finish_md_len = s->method->ssl3_enc->final_finish_mac(s, 236 sender, 237 slen, 238 s->s3->tmp.peer_finish_md); 239} 240#endif 241 242int ssl3_get_finished(SSL *s, int a, int b) 243{ 244 int al, i, ok; 245 long n; 246 unsigned char *p; 247 248#ifdef OPENSSL_NO_NEXTPROTONEG 249 /* 250 * the mac has already been generated when we received the change cipher 251 * spec message and is in s->s3->tmp.peer_finish_md. 252 */ 253#endif 254 255 /* 64 argument should actually be 36+4 :-) */ 256 n = s->method->ssl_get_message(s, a, b, SSL3_MT_FINISHED, 64, &ok); 257 258 if (!ok) 259 return ((int)n); 260 261 /* If this occurs, we have missed a message */ 262 if (!s->s3->change_cipher_spec) { 263 al = SSL_AD_UNEXPECTED_MESSAGE; 264 SSLerr(SSL_F_SSL3_GET_FINISHED, SSL_R_GOT_A_FIN_BEFORE_A_CCS); 265 goto f_err; 266 } 267 s->s3->change_cipher_spec = 0; 268 269 p = (unsigned char *)s->init_msg; 270 i = s->s3->tmp.peer_finish_md_len; 271 272 if (i != n) { 273 al = SSL_AD_DECODE_ERROR; 274 SSLerr(SSL_F_SSL3_GET_FINISHED, SSL_R_BAD_DIGEST_LENGTH); 275 goto f_err; 276 } 277 278 if (CRYPTO_memcmp(p, s->s3->tmp.peer_finish_md, i) != 0) { 279 al = SSL_AD_DECRYPT_ERROR; 280 SSLerr(SSL_F_SSL3_GET_FINISHED, SSL_R_DIGEST_CHECK_FAILED); 281 goto f_err; 282 } 283 284 /* 285 * Copy the finished so we can use it for renegotiation checks 286 */ 287 if (s->type == SSL_ST_ACCEPT) { 288 OPENSSL_assert(i <= EVP_MAX_MD_SIZE); 289 memcpy(s->s3->previous_client_finished, s->s3->tmp.peer_finish_md, i); 290 s->s3->previous_client_finished_len = i; 291 } else { 292 OPENSSL_assert(i <= EVP_MAX_MD_SIZE); 293 memcpy(s->s3->previous_server_finished, s->s3->tmp.peer_finish_md, i); 294 s->s3->previous_server_finished_len = i; 295 } 296 297 return (1); 298 f_err: 299 ssl3_send_alert(s, SSL3_AL_FATAL, al); 300 return (0); 301} 302 303/*- 304 * for these 2 messages, we need to 305 * ssl->enc_read_ctx re-init 306 * ssl->s3->read_sequence zero 307 * ssl->s3->read_mac_secret re-init 308 * ssl->session->read_sym_enc assign 309 * ssl->session->read_compression assign 310 * ssl->session->read_hash assign 311 */ 312int ssl3_send_change_cipher_spec(SSL *s, int a, int b) 313{ 314 unsigned char *p; 315 316 if (s->state == a) { 317 p = (unsigned char *)s->init_buf->data; 318 *p = SSL3_MT_CCS; 319 s->init_num = 1; 320 s->init_off = 0; 321 322 s->state = b; 323 } 324 325 /* SSL3_ST_CW_CHANGE_B */ 326 return (ssl3_do_write(s, SSL3_RT_CHANGE_CIPHER_SPEC)); 327} 328 329static int ssl3_add_cert_to_buf(BUF_MEM *buf, unsigned long *l, X509 *x) 330{ 331 int n; 332 unsigned char *p; 333 334 n = i2d_X509(x, NULL); 335 if (!BUF_MEM_grow_clean(buf, (int)(n + (*l) + 3))) { 336 SSLerr(SSL_F_SSL3_ADD_CERT_TO_BUF, ERR_R_BUF_LIB); 337 return (-1); 338 } 339 p = (unsigned char *)&(buf->data[*l]); 340 l2n3(n, p); 341 i2d_X509(x, &p); 342 *l += n + 3; 343 344 return (0); 345} 346 347unsigned long ssl3_output_cert_chain(SSL *s, X509 *x) 348{ 349 unsigned char *p; 350 int i; 351 unsigned long l = 7; 352 BUF_MEM *buf; 353 int no_chain; 354 355 if ((s->mode & SSL_MODE_NO_AUTO_CHAIN) || s->ctx->extra_certs) 356 no_chain = 1; 357 else 358 no_chain = 0; 359 360 /* TLSv1 sends a chain with nothing in it, instead of an alert */ 361 buf = s->init_buf; 362 if (!BUF_MEM_grow_clean(buf, 10)) { 363 SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN, ERR_R_BUF_LIB); 364 return (0); 365 } 366 if (x != NULL) { 367 if (no_chain) { 368 if (ssl3_add_cert_to_buf(buf, &l, x)) 369 return (0); 370 } else { 371 X509_STORE_CTX xs_ctx; 372 373 if (!X509_STORE_CTX_init(&xs_ctx, s->ctx->cert_store, x, NULL)) { 374 SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN, ERR_R_X509_LIB); 375 return (0); 376 } 377 X509_verify_cert(&xs_ctx); 378 /* Don't leave errors in the queue */ 379 ERR_clear_error(); 380 for (i = 0; i < sk_X509_num(xs_ctx.chain); i++) { 381 x = sk_X509_value(xs_ctx.chain, i); 382 383 if (ssl3_add_cert_to_buf(buf, &l, x)) { 384 X509_STORE_CTX_cleanup(&xs_ctx); 385 return 0; 386 } 387 } 388 X509_STORE_CTX_cleanup(&xs_ctx); 389 } 390 } 391 /* Thawte special :-) */ 392 for (i = 0; i < sk_X509_num(s->ctx->extra_certs); i++) { 393 x = sk_X509_value(s->ctx->extra_certs, i); 394 if (ssl3_add_cert_to_buf(buf, &l, x)) 395 return (0); 396 } 397 398 l -= 7; 399 p = (unsigned char *)&(buf->data[4]); 400 l2n3(l, p); 401 l += 3; 402 p = (unsigned char *)&(buf->data[0]); 403 *(p++) = SSL3_MT_CERTIFICATE; 404 l2n3(l, p); 405 l += 4; 406 return (l); 407} 408 409/* 410 * Obtain handshake message of message type 'mt' (any if mt == -1), maximum 411 * acceptable body length 'max'. The first four bytes (msg_type and length) 412 * are read in state 'st1', the body is read in state 'stn'. 413 */ 414long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok) 415{ 416 unsigned char *p; 417 unsigned long l; 418 long n; 419 int i, al; 420 421 if (s->s3->tmp.reuse_message) { 422 s->s3->tmp.reuse_message = 0; 423 if ((mt >= 0) && (s->s3->tmp.message_type != mt)) { 424 al = SSL_AD_UNEXPECTED_MESSAGE; 425 SSLerr(SSL_F_SSL3_GET_MESSAGE, SSL_R_UNEXPECTED_MESSAGE); 426 goto f_err; 427 } 428 *ok = 1; 429 s->state = stn; 430 s->init_msg = s->init_buf->data + 4; 431 s->init_num = (int)s->s3->tmp.message_size; 432 return s->init_num; 433 } 434 435 p = (unsigned char *)s->init_buf->data; 436 437 if (s->state == st1) { /* s->init_num < 4 */ 438 int skip_message; 439 440 do { 441 while (s->init_num < 4) { 442 i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, 443 &p[s->init_num], 444 4 - s->init_num, 0); 445 if (i <= 0) { 446 s->rwstate = SSL_READING; 447 *ok = 0; 448 return i; 449 } 450 s->init_num += i; 451 } 452 453 skip_message = 0; 454 if (!s->server) 455 if (p[0] == SSL3_MT_HELLO_REQUEST) 456 /* 457 * The server may always send 'Hello Request' messages -- 458 * we are doing a handshake anyway now, so ignore them if 459 * their format is correct. Does not count for 'Finished' 460 * MAC. 461 */ 462 if (p[1] == 0 && p[2] == 0 && p[3] == 0) { 463 s->init_num = 0; 464 skip_message = 1; 465 466 if (s->msg_callback) 467 s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, 468 p, 4, s, s->msg_callback_arg); 469 } 470 } 471 while (skip_message); 472 473 /* s->init_num == 4 */ 474 475 if ((mt >= 0) && (*p != mt)) { 476 al = SSL_AD_UNEXPECTED_MESSAGE; 477 SSLerr(SSL_F_SSL3_GET_MESSAGE, SSL_R_UNEXPECTED_MESSAGE); 478 goto f_err; 479 } 480 if ((mt < 0) && (*p == SSL3_MT_CLIENT_HELLO) && 481 (st1 == SSL3_ST_SR_CERT_A) && (stn == SSL3_ST_SR_CERT_B)) { 482 /* 483 * At this point we have got an MS SGC second client hello (maybe 484 * we should always allow the client to start a new handshake?). 485 * We need to restart the mac. Don't increment 486 * {num,total}_renegotiations because we have not completed the 487 * handshake. 488 */ 489 ssl3_init_finished_mac(s); 490 } 491 492 s->s3->tmp.message_type = *(p++); 493 494 n2l3(p, l); 495 if (l > (unsigned long)max) { 496 al = SSL_AD_ILLEGAL_PARAMETER; 497 SSLerr(SSL_F_SSL3_GET_MESSAGE, SSL_R_EXCESSIVE_MESSAGE_SIZE); 498 goto f_err; 499 } 500 if (l > (INT_MAX - 4)) { /* BUF_MEM_grow takes an 'int' parameter */ 501 al = SSL_AD_ILLEGAL_PARAMETER; 502 SSLerr(SSL_F_SSL3_GET_MESSAGE, SSL_R_EXCESSIVE_MESSAGE_SIZE); 503 goto f_err; 504 } 505 if (l && !BUF_MEM_grow_clean(s->init_buf, (int)l + 4)) { 506 SSLerr(SSL_F_SSL3_GET_MESSAGE, ERR_R_BUF_LIB); 507 goto err; 508 } 509 s->s3->tmp.message_size = l; 510 s->state = stn; 511 512 s->init_msg = s->init_buf->data + 4; 513 s->init_num = 0; 514 } 515 516 /* next state (stn) */ 517 p = s->init_msg; 518 n = s->s3->tmp.message_size - s->init_num; 519 while (n > 0) { 520 i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, &p[s->init_num], 521 n, 0); 522 if (i <= 0) { 523 s->rwstate = SSL_READING; 524 *ok = 0; 525 return i; 526 } 527 s->init_num += i; 528 n -= i; 529 } 530 531#ifndef OPENSSL_NO_NEXTPROTONEG 532 /* 533 * If receiving Finished, record MAC of prior handshake messages for 534 * Finished verification. 535 */ 536 if (*s->init_buf->data == SSL3_MT_FINISHED) 537 ssl3_take_mac(s); 538#endif 539 540 /* Feed this message into MAC computation. */ 541 ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, s->init_num + 4); 542 if (s->msg_callback) 543 s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->init_buf->data, 544 (size_t)s->init_num + 4, s, s->msg_callback_arg); 545 *ok = 1; 546 return s->init_num; 547 f_err: 548 ssl3_send_alert(s, SSL3_AL_FATAL, al); 549 err: 550 *ok = 0; 551 return (-1); 552} 553 554int ssl_cert_type(X509 *x, EVP_PKEY *pkey) 555{ 556 EVP_PKEY *pk; 557 int ret = -1, i; 558 559 if (pkey == NULL) 560 pk = X509_get_pubkey(x); 561 else 562 pk = pkey; 563 if (pk == NULL) 564 goto err; 565 566 i = pk->type; 567 if (i == EVP_PKEY_RSA) { 568 ret = SSL_PKEY_RSA_ENC; 569 } else if (i == EVP_PKEY_DSA) { 570 ret = SSL_PKEY_DSA_SIGN; 571 } 572#ifndef OPENSSL_NO_EC 573 else if (i == EVP_PKEY_EC) { 574 ret = SSL_PKEY_ECC; 575 } 576#endif 577 else if (i == NID_id_GostR3410_94 || i == NID_id_GostR3410_94_cc) { 578 ret = SSL_PKEY_GOST94; 579 } else if (i == NID_id_GostR3410_2001 || i == NID_id_GostR3410_2001_cc) { 580 ret = SSL_PKEY_GOST01; 581 } 582 err: 583 if (!pkey) 584 EVP_PKEY_free(pk); 585 return (ret); 586} 587 588int ssl_verify_alarm_type(long type) 589{ 590 int al; 591 592 switch (type) { 593 case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: 594 case X509_V_ERR_UNABLE_TO_GET_CRL: 595 case X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER: 596 al = SSL_AD_UNKNOWN_CA; 597 break; 598 case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE: 599 case X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE: 600 case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY: 601 case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: 602 case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: 603 case X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD: 604 case X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD: 605 case X509_V_ERR_CERT_NOT_YET_VALID: 606 case X509_V_ERR_CRL_NOT_YET_VALID: 607 case X509_V_ERR_CERT_UNTRUSTED: 608 case X509_V_ERR_CERT_REJECTED: 609 al = SSL_AD_BAD_CERTIFICATE; 610 break; 611 case X509_V_ERR_CERT_SIGNATURE_FAILURE: 612 case X509_V_ERR_CRL_SIGNATURE_FAILURE: 613 al = SSL_AD_DECRYPT_ERROR; 614 break; 615 case X509_V_ERR_CERT_HAS_EXPIRED: 616 case X509_V_ERR_CRL_HAS_EXPIRED: 617 al = SSL_AD_CERTIFICATE_EXPIRED; 618 break; 619 case X509_V_ERR_CERT_REVOKED: 620 al = SSL_AD_CERTIFICATE_REVOKED; 621 break; 622 case X509_V_ERR_OUT_OF_MEM: 623 al = SSL_AD_INTERNAL_ERROR; 624 break; 625 case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: 626 case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: 627 case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: 628 case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: 629 case X509_V_ERR_CERT_CHAIN_TOO_LONG: 630 case X509_V_ERR_PATH_LENGTH_EXCEEDED: 631 case X509_V_ERR_INVALID_CA: 632 al = SSL_AD_UNKNOWN_CA; 633 break; 634 case X509_V_ERR_APPLICATION_VERIFICATION: 635 al = SSL_AD_HANDSHAKE_FAILURE; 636 break; 637 case X509_V_ERR_INVALID_PURPOSE: 638 al = SSL_AD_UNSUPPORTED_CERTIFICATE; 639 break; 640 default: 641 al = SSL_AD_CERTIFICATE_UNKNOWN; 642 break; 643 } 644 return (al); 645} 646 647#ifndef OPENSSL_NO_BUF_FREELISTS 648/*- 649 * On some platforms, malloc() performance is bad enough that you can't just 650 * free() and malloc() buffers all the time, so we need to use freelists from 651 * unused buffers. Currently, each freelist holds memory chunks of only a 652 * given size (list->chunklen); other sized chunks are freed and malloced. 653 * This doesn't help much if you're using many different SSL option settings 654 * with a given context. (The options affecting buffer size are 655 * max_send_fragment, read buffer vs write buffer, 656 * SSL_OP_MICROSOFT_BIG_WRITE_BUFFER, SSL_OP_NO_COMPRESSION, and 657 * SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS.) Using a separate freelist for every 658 * possible size is not an option, since max_send_fragment can take on many 659 * different values. 660 * 661 * If you are on a platform with a slow malloc(), and you're using SSL 662 * connections with many different settings for these options, and you need to 663 * use the SSL_MOD_RELEASE_BUFFERS feature, you have a few options: 664 * - Link against a faster malloc implementation. 665 * - Use a separate SSL_CTX for each option set. 666 * - Improve this code. 667 */ 668static void *freelist_extract(SSL_CTX *ctx, int for_read, int sz) 669{ 670 SSL3_BUF_FREELIST *list; 671 SSL3_BUF_FREELIST_ENTRY *ent = NULL; 672 void *result = NULL; 673 674 CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); 675 list = for_read ? ctx->rbuf_freelist : ctx->wbuf_freelist; 676 if (list != NULL && sz == (int)list->chunklen) 677 ent = list->head; 678 if (ent != NULL) { 679 list->head = ent->next; 680 result = ent; 681 if (--list->len == 0) 682 list->chunklen = 0; 683 } 684 CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); 685 if (!result) 686 result = OPENSSL_malloc(sz); 687 return result; 688} 689 690static void freelist_insert(SSL_CTX *ctx, int for_read, size_t sz, void *mem) 691{ 692 SSL3_BUF_FREELIST *list; 693 SSL3_BUF_FREELIST_ENTRY *ent; 694 695 CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); 696 list = for_read ? ctx->rbuf_freelist : ctx->wbuf_freelist; 697 if (list != NULL && 698 (sz == list->chunklen || list->chunklen == 0) && 699 list->len < ctx->freelist_max_len && sz >= sizeof(*ent)) { 700 list->chunklen = sz; 701 ent = mem; 702 ent->next = list->head; 703 list->head = ent; 704 ++list->len; 705 mem = NULL; 706 } 707 708 CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); 709 if (mem) 710 OPENSSL_free(mem); 711} 712#else 713# define freelist_extract(c,fr,sz) OPENSSL_malloc(sz) 714# define freelist_insert(c,fr,sz,m) OPENSSL_free(m) 715#endif 716 717int ssl3_setup_read_buffer(SSL *s) 718{ 719 unsigned char *p; 720 size_t len, align = 0, headerlen; 721 722 if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER) 723 headerlen = DTLS1_RT_HEADER_LENGTH; 724 else 725 headerlen = SSL3_RT_HEADER_LENGTH; 726 727#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0 728 align = (-SSL3_RT_HEADER_LENGTH) & (SSL3_ALIGN_PAYLOAD - 1); 729#endif 730 731 if (s->s3->rbuf.buf == NULL) { 732 len = SSL3_RT_MAX_PLAIN_LENGTH 733 + SSL3_RT_MAX_ENCRYPTED_OVERHEAD + headerlen + align; 734 if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER) { 735 s->s3->init_extra = 1; 736 len += SSL3_RT_MAX_EXTRA; 737 } 738#ifndef OPENSSL_NO_COMP 739 if (!(s->options & SSL_OP_NO_COMPRESSION)) 740 len += SSL3_RT_MAX_COMPRESSED_OVERHEAD; 741#endif 742 if ((p = freelist_extract(s->ctx, 1, len)) == NULL) 743 goto err; 744 s->s3->rbuf.buf = p; 745 s->s3->rbuf.len = len; 746 } 747 748 s->packet = &(s->s3->rbuf.buf[0]); 749 return 1; 750 751 err: 752 SSLerr(SSL_F_SSL3_SETUP_READ_BUFFER, ERR_R_MALLOC_FAILURE); 753 return 0; 754} 755 756int ssl3_setup_write_buffer(SSL *s) 757{ 758 unsigned char *p; 759 size_t len, align = 0, headerlen; 760 761 if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER) 762 headerlen = DTLS1_RT_HEADER_LENGTH + 1; 763 else 764 headerlen = SSL3_RT_HEADER_LENGTH; 765 766#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0 767 align = (-SSL3_RT_HEADER_LENGTH) & (SSL3_ALIGN_PAYLOAD - 1); 768#endif 769 770 if (s->s3->wbuf.buf == NULL) { 771 len = s->max_send_fragment 772 + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD + headerlen + align; 773#ifndef OPENSSL_NO_COMP 774 if (!(s->options & SSL_OP_NO_COMPRESSION)) 775 len += SSL3_RT_MAX_COMPRESSED_OVERHEAD; 776#endif 777 if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS)) 778 len += headerlen + align + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD; 779 780 if ((p = freelist_extract(s->ctx, 0, len)) == NULL) 781 goto err; 782 s->s3->wbuf.buf = p; 783 s->s3->wbuf.len = len; 784 } 785 786 return 1; 787 788 err: 789 SSLerr(SSL_F_SSL3_SETUP_WRITE_BUFFER, ERR_R_MALLOC_FAILURE); 790 return 0; 791} 792 793int ssl3_setup_buffers(SSL *s) 794{ 795 if (!ssl3_setup_read_buffer(s)) 796 return 0; 797 if (!ssl3_setup_write_buffer(s)) 798 return 0; 799 return 1; 800} 801 802int ssl3_release_write_buffer(SSL *s) 803{ 804 if (s->s3->wbuf.buf != NULL) { 805 freelist_insert(s->ctx, 0, s->s3->wbuf.len, s->s3->wbuf.buf); 806 s->s3->wbuf.buf = NULL; 807 } 808 return 1; 809} 810 811int ssl3_release_read_buffer(SSL *s) 812{ 813 if (s->s3->rbuf.buf != NULL) { 814 freelist_insert(s->ctx, 1, s->s3->rbuf.len, s->s3->rbuf.buf); 815 s->s3->rbuf.buf = NULL; 816 } 817 return 1; 818} 819