s3_both.c 25 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759
  1. /* ssl/s3_both.c */
  2. /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  3. * All rights reserved.
  4. *
  5. * This package is an SSL implementation written
  6. * by Eric Young (eay@cryptsoft.com).
  7. * The implementation was written so as to conform with Netscapes SSL.
  8. *
  9. * This library is free for commercial and non-commercial use as long as
  10. * the following conditions are aheared to. The following conditions
  11. * apply to all code found in this distribution, be it the RC4, RSA,
  12. * lhash, DES, etc., code; not just the SSL code. The SSL documentation
  13. * included with this distribution is covered by the same copyright terms
  14. * except that the holder is Tim Hudson (tjh@cryptsoft.com).
  15. *
  16. * Copyright remains Eric Young's, and as such any Copyright notices in
  17. * the code are not to be removed.
  18. * If this package is used in a product, Eric Young should be given attribution
  19. * as the author of the parts of the library used.
  20. * This can be in the form of a textual message at program startup or
  21. * in documentation (online or textual) provided with the package.
  22. *
  23. * Redistribution and use in source and binary forms, with or without
  24. * modification, are permitted provided that the following conditions
  25. * are met:
  26. * 1. Redistributions of source code must retain the copyright
  27. * notice, this list of conditions and the following disclaimer.
  28. * 2. Redistributions in binary form must reproduce the above copyright
  29. * notice, this list of conditions and the following disclaimer in the
  30. * documentation and/or other materials provided with the distribution.
  31. * 3. All advertising materials mentioning features or use of this software
  32. * must display the following acknowledgement:
  33. * "This product includes cryptographic software written by
  34. * Eric Young (eay@cryptsoft.com)"
  35. * The word 'cryptographic' can be left out if the rouines from the library
  36. * being used are not cryptographic related :-).
  37. * 4. If you include any Windows specific code (or a derivative thereof) from
  38. * the apps directory (application code) you must include an acknowledgement:
  39. * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
  40. *
  41. * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  42. * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  43. * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  44. * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
  45. * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  46. * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  47. * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  48. * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  49. * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  50. * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  51. * SUCH DAMAGE.
  52. *
  53. * The licence and distribution terms for any publically available version or
  54. * derivative of this code cannot be changed. i.e. this code cannot simply be
  55. * copied and put under another distribution licence
  56. * [including the GNU Public Licence.]
  57. */
  58. /* ====================================================================
  59. * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
  60. *
  61. * Redistribution and use in source and binary forms, with or without
  62. * modification, are permitted provided that the following conditions
  63. * are met:
  64. *
  65. * 1. Redistributions of source code must retain the above copyright
  66. * notice, this list of conditions and the following disclaimer.
  67. *
  68. * 2. Redistributions in binary form must reproduce the above copyright
  69. * notice, this list of conditions and the following disclaimer in
  70. * the documentation and/or other materials provided with the
  71. * distribution.
  72. *
  73. * 3. All advertising materials mentioning features or use of this
  74. * software must display the following acknowledgment:
  75. * "This product includes software developed by the OpenSSL Project
  76. * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
  77. *
  78. * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
  79. * endorse or promote products derived from this software without
  80. * prior written permission. For written permission, please contact
  81. * openssl-core@openssl.org.
  82. *
  83. * 5. Products derived from this software may not be called "OpenSSL"
  84. * nor may "OpenSSL" appear in their names without prior written
  85. * permission of the OpenSSL Project.
  86. *
  87. * 6. Redistributions of any form whatsoever must retain the following
  88. * acknowledgment:
  89. * "This product includes software developed by the OpenSSL Project
  90. * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
  91. *
  92. * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
  93. * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  94. * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
  95. * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
  96. * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  97. * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
  98. * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
  99. * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  100. * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
  101. * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
  102. * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
  103. * OF THE POSSIBILITY OF SUCH DAMAGE.
  104. * ====================================================================
  105. *
  106. * This product includes cryptographic software written by Eric Young
  107. * (eay@cryptsoft.com). This product includes software written by Tim
  108. * Hudson (tjh@cryptsoft.com).
  109. *
  110. */
  111. /* ====================================================================
  112. * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
  113. * ECC cipher suite support in OpenSSL originally developed by
  114. * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
  115. */
  116. #include <limits.h>
  117. #include <string.h>
  118. #include <stdio.h>
  119. #include "ssl_locl.h"
  120. #include <openssl/buffer.h>
  121. #include <openssl/rand.h>
  122. #include <openssl/objects.h>
  123. #include <openssl/evp.h>
  124. #include <openssl/x509.h>
  125. /*
  126. * send s->init_buf in records of type 'type' (SSL3_RT_HANDSHAKE or
  127. * SSL3_RT_CHANGE_CIPHER_SPEC)
  128. */
  129. int ssl3_do_write(SSL *s, int type)
  130. {
  131. int ret;
  132. ret = ssl3_write_bytes(s, type, &s->init_buf->data[s->init_off],
  133. s->init_num);
  134. if (ret < 0)
  135. return (-1);
  136. if (type == SSL3_RT_HANDSHAKE)
  137. /*
  138. * should not be done for 'Hello Request's, but in that case we'll
  139. * ignore the result anyway
  140. */
  141. ssl3_finish_mac(s, (unsigned char *)&s->init_buf->data[s->init_off],
  142. ret);
  143. if (ret == s->init_num) {
  144. if (s->msg_callback)
  145. s->msg_callback(1, s->version, type, s->init_buf->data,
  146. (size_t)(s->init_off + s->init_num), s,
  147. s->msg_callback_arg);
  148. return (1);
  149. }
  150. s->init_off += ret;
  151. s->init_num -= ret;
  152. return (0);
  153. }
  154. int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen)
  155. {
  156. unsigned char *p;
  157. int i;
  158. unsigned long l;
  159. if (s->state == a) {
  160. p = ssl_handshake_start(s);
  161. i = s->method->ssl3_enc->final_finish_mac(s,
  162. sender, slen,
  163. s->s3->tmp.finish_md);
  164. if (i <= 0)
  165. return 0;
  166. s->s3->tmp.finish_md_len = i;
  167. memcpy(p, s->s3->tmp.finish_md, i);
  168. l = i;
  169. /*
  170. * Copy the finished so we can use it for renegotiation checks
  171. */
  172. if (s->type == SSL_ST_CONNECT) {
  173. OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
  174. memcpy(s->s3->previous_client_finished, s->s3->tmp.finish_md, i);
  175. s->s3->previous_client_finished_len = i;
  176. } else {
  177. OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
  178. memcpy(s->s3->previous_server_finished, s->s3->tmp.finish_md, i);
  179. s->s3->previous_server_finished_len = i;
  180. }
  181. #ifdef OPENSSL_SYS_WIN16
  182. /*
  183. * MSVC 1.5 does not clear the top bytes of the word unless I do
  184. * this.
  185. */
  186. l &= 0xffff;
  187. #endif
  188. ssl_set_handshake_header(s, SSL3_MT_FINISHED, l);
  189. s->state = b;
  190. }
  191. /* SSL3_ST_SEND_xxxxxx_HELLO_B */
  192. return ssl_do_write(s);
  193. }
  194. #ifndef OPENSSL_NO_NEXTPROTONEG
  195. /*
  196. * ssl3_take_mac calculates the Finished MAC for the handshakes messages seen
  197. * to far.
  198. */
  199. static void ssl3_take_mac(SSL *s)
  200. {
  201. const char *sender;
  202. int slen;
  203. /*
  204. * If no new cipher setup return immediately: other functions will set
  205. * the appropriate error.
  206. */
  207. if (s->s3->tmp.new_cipher == NULL)
  208. return;
  209. if (s->state & SSL_ST_CONNECT) {
  210. sender = s->method->ssl3_enc->server_finished_label;
  211. slen = s->method->ssl3_enc->server_finished_label_len;
  212. } else {
  213. sender = s->method->ssl3_enc->client_finished_label;
  214. slen = s->method->ssl3_enc->client_finished_label_len;
  215. }
  216. s->s3->tmp.peer_finish_md_len = s->method->ssl3_enc->final_finish_mac(s,
  217. sender,
  218. slen,
  219. s->s3->tmp.peer_finish_md);
  220. }
  221. #endif
  222. int ssl3_get_finished(SSL *s, int a, int b)
  223. {
  224. int al, i, ok;
  225. long n;
  226. unsigned char *p;
  227. #ifdef OPENSSL_NO_NEXTPROTONEG
  228. /*
  229. * the mac has already been generated when we received the change cipher
  230. * spec message and is in s->s3->tmp.peer_finish_md
  231. */
  232. #endif
  233. /* 64 argument should actually be 36+4 :-) */
  234. n = s->method->ssl_get_message(s, a, b, SSL3_MT_FINISHED, 64, &ok);
  235. if (!ok)
  236. return ((int)n);
  237. /* If this occurs, we have missed a message */
  238. if (!s->s3->change_cipher_spec) {
  239. al = SSL_AD_UNEXPECTED_MESSAGE;
  240. SSLerr(SSL_F_SSL3_GET_FINISHED, SSL_R_GOT_A_FIN_BEFORE_A_CCS);
  241. goto f_err;
  242. }
  243. s->s3->change_cipher_spec = 0;
  244. p = (unsigned char *)s->init_msg;
  245. i = s->s3->tmp.peer_finish_md_len;
  246. if (i != n) {
  247. al = SSL_AD_DECODE_ERROR;
  248. SSLerr(SSL_F_SSL3_GET_FINISHED, SSL_R_BAD_DIGEST_LENGTH);
  249. goto f_err;
  250. }
  251. if (CRYPTO_memcmp(p, s->s3->tmp.peer_finish_md, i) != 0) {
  252. al = SSL_AD_DECRYPT_ERROR;
  253. SSLerr(SSL_F_SSL3_GET_FINISHED, SSL_R_DIGEST_CHECK_FAILED);
  254. goto f_err;
  255. }
  256. /*
  257. * Copy the finished so we can use it for renegotiation checks
  258. */
  259. if (s->type == SSL_ST_ACCEPT) {
  260. OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
  261. memcpy(s->s3->previous_client_finished, s->s3->tmp.peer_finish_md, i);
  262. s->s3->previous_client_finished_len = i;
  263. } else {
  264. OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
  265. memcpy(s->s3->previous_server_finished, s->s3->tmp.peer_finish_md, i);
  266. s->s3->previous_server_finished_len = i;
  267. }
  268. return (1);
  269. f_err:
  270. ssl3_send_alert(s, SSL3_AL_FATAL, al);
  271. return (0);
  272. }
  273. /*-
  274. * for these 2 messages, we need to
  275. * ssl->enc_read_ctx re-init
  276. * ssl->s3->read_sequence zero
  277. * ssl->s3->read_mac_secret re-init
  278. * ssl->session->read_sym_enc assign
  279. * ssl->session->read_compression assign
  280. * ssl->session->read_hash assign
  281. */
  282. int ssl3_send_change_cipher_spec(SSL *s, int a, int b)
  283. {
  284. unsigned char *p;
  285. if (s->state == a) {
  286. p = (unsigned char *)s->init_buf->data;
  287. *p = SSL3_MT_CCS;
  288. s->init_num = 1;
  289. s->init_off = 0;
  290. s->state = b;
  291. }
  292. /* SSL3_ST_CW_CHANGE_B */
  293. return (ssl3_do_write(s, SSL3_RT_CHANGE_CIPHER_SPEC));
  294. }
  295. unsigned long ssl3_output_cert_chain(SSL *s, CERT_PKEY *cpk)
  296. {
  297. unsigned char *p;
  298. unsigned long l = 3 + SSL_HM_HEADER_LENGTH(s);
  299. if (!ssl_add_cert_chain(s, cpk, &l))
  300. return 0;
  301. l -= 3 + SSL_HM_HEADER_LENGTH(s);
  302. p = ssl_handshake_start(s);
  303. l2n3(l, p);
  304. l += 3;
  305. ssl_set_handshake_header(s, SSL3_MT_CERTIFICATE, l);
  306. return l + SSL_HM_HEADER_LENGTH(s);
  307. }
  308. /*
  309. * Obtain handshake message of message type 'mt' (any if mt == -1), maximum
  310. * acceptable body length 'max'. The first four bytes (msg_type and length)
  311. * are read in state 'st1', the body is read in state 'stn'.
  312. */
  313. long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
  314. {
  315. unsigned char *p;
  316. unsigned long l;
  317. long n;
  318. int i, al;
  319. if (s->s3->tmp.reuse_message) {
  320. s->s3->tmp.reuse_message = 0;
  321. if ((mt >= 0) && (s->s3->tmp.message_type != mt)) {
  322. al = SSL_AD_UNEXPECTED_MESSAGE;
  323. SSLerr(SSL_F_SSL3_GET_MESSAGE, SSL_R_UNEXPECTED_MESSAGE);
  324. goto f_err;
  325. }
  326. *ok = 1;
  327. s->state = stn;
  328. s->init_msg = s->init_buf->data + SSL3_HM_HEADER_LENGTH;
  329. s->init_num = (int)s->s3->tmp.message_size;
  330. return s->init_num;
  331. }
  332. p = (unsigned char *)s->init_buf->data;
  333. if (s->state == st1) { /* s->init_num < SSL3_HM_HEADER_LENGTH */
  334. int skip_message;
  335. do {
  336. while (s->init_num < SSL3_HM_HEADER_LENGTH) {
  337. i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE,
  338. &p[s->init_num],
  339. SSL3_HM_HEADER_LENGTH -
  340. s->init_num, 0);
  341. if (i <= 0) {
  342. s->rwstate = SSL_READING;
  343. *ok = 0;
  344. return i;
  345. }
  346. s->init_num += i;
  347. }
  348. skip_message = 0;
  349. if (!s->server)
  350. if (p[0] == SSL3_MT_HELLO_REQUEST)
  351. /*
  352. * The server may always send 'Hello Request' messages --
  353. * we are doing a handshake anyway now, so ignore them if
  354. * their format is correct. Does not count for 'Finished'
  355. * MAC.
  356. */
  357. if (p[1] == 0 && p[2] == 0 && p[3] == 0) {
  358. s->init_num = 0;
  359. skip_message = 1;
  360. if (s->msg_callback)
  361. s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE,
  362. p, SSL3_HM_HEADER_LENGTH, s,
  363. s->msg_callback_arg);
  364. }
  365. }
  366. while (skip_message);
  367. /* s->init_num == SSL3_HM_HEADER_LENGTH */
  368. if ((mt >= 0) && (*p != mt)) {
  369. al = SSL_AD_UNEXPECTED_MESSAGE;
  370. SSLerr(SSL_F_SSL3_GET_MESSAGE, SSL_R_UNEXPECTED_MESSAGE);
  371. goto f_err;
  372. }
  373. s->s3->tmp.message_type = *(p++);
  374. n2l3(p, l);
  375. if (l > (unsigned long)max) {
  376. al = SSL_AD_ILLEGAL_PARAMETER;
  377. SSLerr(SSL_F_SSL3_GET_MESSAGE, SSL_R_EXCESSIVE_MESSAGE_SIZE);
  378. goto f_err;
  379. }
  380. /*
  381. * Make buffer slightly larger than message length as a precaution
  382. * against small OOB reads e.g. CVE-2016-6306
  383. */
  384. if (l
  385. && !BUF_MEM_grow_clean(s->init_buf,
  386. (int)l + SSL3_HM_HEADER_LENGTH + 16)) {
  387. SSLerr(SSL_F_SSL3_GET_MESSAGE, ERR_R_BUF_LIB);
  388. goto err;
  389. }
  390. s->s3->tmp.message_size = l;
  391. s->state = stn;
  392. s->init_msg = s->init_buf->data + SSL3_HM_HEADER_LENGTH;
  393. s->init_num = 0;
  394. }
  395. /* next state (stn) */
  396. p = s->init_msg;
  397. n = s->s3->tmp.message_size - s->init_num;
  398. while (n > 0) {
  399. i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, &p[s->init_num],
  400. n, 0);
  401. if (i <= 0) {
  402. s->rwstate = SSL_READING;
  403. *ok = 0;
  404. return i;
  405. }
  406. s->init_num += i;
  407. n -= i;
  408. }
  409. #ifndef OPENSSL_NO_NEXTPROTONEG
  410. /*
  411. * If receiving Finished, record MAC of prior handshake messages for
  412. * Finished verification.
  413. */
  414. if (*s->init_buf->data == SSL3_MT_FINISHED)
  415. ssl3_take_mac(s);
  416. #endif
  417. /* Feed this message into MAC computation. */
  418. ssl3_finish_mac(s, (unsigned char *)s->init_buf->data,
  419. s->init_num + SSL3_HM_HEADER_LENGTH);
  420. if (s->msg_callback)
  421. s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->init_buf->data,
  422. (size_t)s->init_num + SSL3_HM_HEADER_LENGTH, s,
  423. s->msg_callback_arg);
  424. *ok = 1;
  425. return s->init_num;
  426. f_err:
  427. ssl3_send_alert(s, SSL3_AL_FATAL, al);
  428. err:
  429. *ok = 0;
  430. return (-1);
  431. }
  432. int ssl_cert_type(X509 *x, EVP_PKEY *pkey)
  433. {
  434. EVP_PKEY *pk;
  435. int ret = -1, i;
  436. if (pkey == NULL)
  437. pk = X509_get_pubkey(x);
  438. else
  439. pk = pkey;
  440. if (pk == NULL)
  441. goto err;
  442. i = pk->type;
  443. if (i == EVP_PKEY_RSA) {
  444. ret = SSL_PKEY_RSA_ENC;
  445. } else if (i == EVP_PKEY_DSA) {
  446. ret = SSL_PKEY_DSA_SIGN;
  447. }
  448. #ifndef OPENSSL_NO_EC
  449. else if (i == EVP_PKEY_EC) {
  450. ret = SSL_PKEY_ECC;
  451. }
  452. #endif
  453. else if (i == NID_id_GostR3410_94 || i == NID_id_GostR3410_94_cc) {
  454. ret = SSL_PKEY_GOST94;
  455. } else if (i == NID_id_GostR3410_2001 || i == NID_id_GostR3410_2001_cc) {
  456. ret = SSL_PKEY_GOST01;
  457. } else if (x && (i == EVP_PKEY_DH || i == EVP_PKEY_DHX)) {
  458. /*
  459. * For DH two cases: DH certificate signed with RSA and DH
  460. * certificate signed with DSA.
  461. */
  462. i = X509_certificate_type(x, pk);
  463. if (i & EVP_PKS_RSA)
  464. ret = SSL_PKEY_DH_RSA;
  465. else if (i & EVP_PKS_DSA)
  466. ret = SSL_PKEY_DH_DSA;
  467. }
  468. err:
  469. if (!pkey)
  470. EVP_PKEY_free(pk);
  471. return (ret);
  472. }
  473. int ssl_verify_alarm_type(long type)
  474. {
  475. int al;
  476. switch (type) {
  477. case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
  478. case X509_V_ERR_UNABLE_TO_GET_CRL:
  479. case X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER:
  480. al = SSL_AD_UNKNOWN_CA;
  481. break;
  482. case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE:
  483. case X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE:
  484. case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY:
  485. case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
  486. case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
  487. case X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD:
  488. case X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD:
  489. case X509_V_ERR_CERT_NOT_YET_VALID:
  490. case X509_V_ERR_CRL_NOT_YET_VALID:
  491. case X509_V_ERR_CERT_UNTRUSTED:
  492. case X509_V_ERR_CERT_REJECTED:
  493. case X509_V_ERR_HOSTNAME_MISMATCH:
  494. case X509_V_ERR_EMAIL_MISMATCH:
  495. case X509_V_ERR_IP_ADDRESS_MISMATCH:
  496. al = SSL_AD_BAD_CERTIFICATE;
  497. break;
  498. case X509_V_ERR_CERT_SIGNATURE_FAILURE:
  499. case X509_V_ERR_CRL_SIGNATURE_FAILURE:
  500. al = SSL_AD_DECRYPT_ERROR;
  501. break;
  502. case X509_V_ERR_CERT_HAS_EXPIRED:
  503. case X509_V_ERR_CRL_HAS_EXPIRED:
  504. al = SSL_AD_CERTIFICATE_EXPIRED;
  505. break;
  506. case X509_V_ERR_CERT_REVOKED:
  507. al = SSL_AD_CERTIFICATE_REVOKED;
  508. break;
  509. case X509_V_ERR_UNSPECIFIED:
  510. case X509_V_ERR_OUT_OF_MEM:
  511. case X509_V_ERR_INVALID_CALL:
  512. case X509_V_ERR_STORE_LOOKUP:
  513. al = SSL_AD_INTERNAL_ERROR;
  514. break;
  515. case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
  516. case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN:
  517. case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY:
  518. case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE:
  519. case X509_V_ERR_CERT_CHAIN_TOO_LONG:
  520. case X509_V_ERR_PATH_LENGTH_EXCEEDED:
  521. case X509_V_ERR_INVALID_CA:
  522. al = SSL_AD_UNKNOWN_CA;
  523. break;
  524. case X509_V_ERR_APPLICATION_VERIFICATION:
  525. al = SSL_AD_HANDSHAKE_FAILURE;
  526. break;
  527. case X509_V_ERR_INVALID_PURPOSE:
  528. al = SSL_AD_UNSUPPORTED_CERTIFICATE;
  529. break;
  530. default:
  531. al = SSL_AD_CERTIFICATE_UNKNOWN;
  532. break;
  533. }
  534. return (al);
  535. }
  536. #ifndef OPENSSL_NO_BUF_FREELISTS
  537. /*-
  538. * On some platforms, malloc() performance is bad enough that you can't just
  539. * free() and malloc() buffers all the time, so we need to use freelists from
  540. * unused buffers. Currently, each freelist holds memory chunks of only a
  541. * given size (list->chunklen); other sized chunks are freed and malloced.
  542. * This doesn't help much if you're using many different SSL option settings
  543. * with a given context. (The options affecting buffer size are
  544. * max_send_fragment, read buffer vs write buffer,
  545. * SSL_OP_MICROSOFT_BIG_WRITE_BUFFER, SSL_OP_NO_COMPRESSION, and
  546. * SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS.) Using a separate freelist for every
  547. * possible size is not an option, since max_send_fragment can take on many
  548. * different values.
  549. *
  550. * If you are on a platform with a slow malloc(), and you're using SSL
  551. * connections with many different settings for these options, and you need to
  552. * use the SSL_MOD_RELEASE_BUFFERS feature, you have a few options:
  553. * - Link against a faster malloc implementation.
  554. * - Use a separate SSL_CTX for each option set.
  555. * - Improve this code.
  556. */
  557. static void *freelist_extract(SSL_CTX *ctx, int for_read, int sz)
  558. {
  559. SSL3_BUF_FREELIST *list;
  560. SSL3_BUF_FREELIST_ENTRY *ent = NULL;
  561. void *result = NULL;
  562. CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
  563. list = for_read ? ctx->rbuf_freelist : ctx->wbuf_freelist;
  564. if (list != NULL && sz == (int)list->chunklen)
  565. ent = list->head;
  566. if (ent != NULL) {
  567. list->head = ent->next;
  568. result = ent;
  569. if (--list->len == 0)
  570. list->chunklen = 0;
  571. }
  572. CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
  573. if (!result)
  574. result = OPENSSL_malloc(sz);
  575. return result;
  576. }
  577. static void freelist_insert(SSL_CTX *ctx, int for_read, size_t sz, void *mem)
  578. {
  579. SSL3_BUF_FREELIST *list;
  580. SSL3_BUF_FREELIST_ENTRY *ent;
  581. CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
  582. list = for_read ? ctx->rbuf_freelist : ctx->wbuf_freelist;
  583. if (list != NULL &&
  584. (sz == list->chunklen || list->chunklen == 0) &&
  585. list->len < ctx->freelist_max_len && sz >= sizeof(*ent)) {
  586. list->chunklen = sz;
  587. ent = mem;
  588. ent->next = list->head;
  589. list->head = ent;
  590. ++list->len;
  591. mem = NULL;
  592. }
  593. CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
  594. if (mem)
  595. OPENSSL_free(mem);
  596. }
  597. #else
  598. # define freelist_extract(c,fr,sz) OPENSSL_malloc(sz)
  599. # define freelist_insert(c,fr,sz,m) OPENSSL_free(m)
  600. #endif
  601. int ssl3_setup_read_buffer(SSL *s)
  602. {
  603. unsigned char *p;
  604. size_t len, align = 0, headerlen;
  605. if (SSL_IS_DTLS(s))
  606. headerlen = DTLS1_RT_HEADER_LENGTH;
  607. else
  608. headerlen = SSL3_RT_HEADER_LENGTH;
  609. #if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0
  610. align = (-SSL3_RT_HEADER_LENGTH) & (SSL3_ALIGN_PAYLOAD - 1);
  611. #endif
  612. if (s->s3->rbuf.buf == NULL) {
  613. len = SSL3_RT_MAX_PLAIN_LENGTH
  614. + SSL3_RT_MAX_ENCRYPTED_OVERHEAD + headerlen + align;
  615. if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER) {
  616. s->s3->init_extra = 1;
  617. len += SSL3_RT_MAX_EXTRA;
  618. }
  619. #ifndef OPENSSL_NO_COMP
  620. if (!(s->options & SSL_OP_NO_COMPRESSION))
  621. len += SSL3_RT_MAX_COMPRESSED_OVERHEAD;
  622. #endif
  623. if ((p = freelist_extract(s->ctx, 1, len)) == NULL)
  624. goto err;
  625. s->s3->rbuf.buf = p;
  626. s->s3->rbuf.len = len;
  627. }
  628. s->packet = &(s->s3->rbuf.buf[0]);
  629. return 1;
  630. err:
  631. SSLerr(SSL_F_SSL3_SETUP_READ_BUFFER, ERR_R_MALLOC_FAILURE);
  632. return 0;
  633. }
  634. int ssl3_setup_write_buffer(SSL *s)
  635. {
  636. unsigned char *p;
  637. size_t len, align = 0, headerlen;
  638. if (SSL_IS_DTLS(s))
  639. headerlen = DTLS1_RT_HEADER_LENGTH + 1;
  640. else
  641. headerlen = SSL3_RT_HEADER_LENGTH;
  642. #if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0
  643. align = (-SSL3_RT_HEADER_LENGTH) & (SSL3_ALIGN_PAYLOAD - 1);
  644. #endif
  645. if (s->s3->wbuf.buf == NULL) {
  646. len = s->max_send_fragment
  647. + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD + headerlen + align;
  648. #ifndef OPENSSL_NO_COMP
  649. if (!(s->options & SSL_OP_NO_COMPRESSION))
  650. len += SSL3_RT_MAX_COMPRESSED_OVERHEAD;
  651. #endif
  652. if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS))
  653. len += headerlen + align + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD;
  654. if ((p = freelist_extract(s->ctx, 0, len)) == NULL)
  655. goto err;
  656. s->s3->wbuf.buf = p;
  657. s->s3->wbuf.len = len;
  658. }
  659. return 1;
  660. err:
  661. SSLerr(SSL_F_SSL3_SETUP_WRITE_BUFFER, ERR_R_MALLOC_FAILURE);
  662. return 0;
  663. }
  664. int ssl3_setup_buffers(SSL *s)
  665. {
  666. if (!ssl3_setup_read_buffer(s))
  667. return 0;
  668. if (!ssl3_setup_write_buffer(s))
  669. return 0;
  670. return 1;
  671. }
  672. int ssl3_release_write_buffer(SSL *s)
  673. {
  674. if (s->s3->wbuf.buf != NULL) {
  675. freelist_insert(s->ctx, 0, s->s3->wbuf.len, s->s3->wbuf.buf);
  676. s->s3->wbuf.buf = NULL;
  677. }
  678. return 1;
  679. }
  680. int ssl3_release_read_buffer(SSL *s)
  681. {
  682. if (s->s3->rbuf.buf != NULL) {
  683. freelist_insert(s->ctx, 1, s->s3->rbuf.len, s->s3->rbuf.buf);
  684. s->s3->rbuf.buf = NULL;
  685. }
  686. return 1;
  687. }