summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMark J. Cox <mark@openssl.org>1999-02-16 09:22:21 +0000
committerMark J. Cox <mark@openssl.org>1999-02-16 09:22:21 +0000
commit413c4f45ed0508d2242638696b7665f499d68265 (patch)
tree5a5e667f7fc9cb548ab3b24dd02fff78e1b8f282
parenta8236c8c322101c273d14c62282f264555e147c4 (diff)
Updates to the new SSL compression code
[Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)] Fix so that the version number in the master secret, when passed via RSA, checks that if TLS was proposed, but we roll back to SSLv3 (because the server will not accept higher), that the version number is 0x03,0x01, not 0x03,0x00 [Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)] Submitted by: Reviewed by: PR:
Diffstat
-rw-r--r--CHANGES9
-rw-r--r--ssl/s23_clnt.c12
-rw-r--r--ssl/s23_pkt.c2
-rw-r--r--ssl/s23_srvr.c9
-rw-r--r--ssl/s2_clnt.c16
-rw-r--r--ssl/s2_enc.c2
-rw-r--r--ssl/s2_srvr.c11
-rw-r--r--ssl/s3_clnt.c73
-rw-r--r--ssl/s3_enc.c21
-rw-r--r--ssl/s3_lib.c25
-rw-r--r--ssl/s3_pkt.c4
-rw-r--r--ssl/s3_srvr.c101
-rw-r--r--ssl/ssl.err257
-rw-r--r--ssl/ssl.h503
-rw-r--r--ssl/ssl3.h3
-rw-r--r--ssl/ssl_algs.c3
-rw-r--r--ssl/ssl_ciph.c90
-rw-r--r--ssl/ssl_err.c5
-rw-r--r--ssl/ssl_lib.c210
-rw-r--r--ssl/ssl_locl.h17
-rw-r--r--ssl/ssl_rsa.c4
-rw-r--r--ssl/ssl_sess.c48
-rw-r--r--ssl/ssl_txt.c17
-rw-r--r--ssl/ssltest.c2
-rw-r--r--ssl/t1_enc.c21
25 files changed, 964 insertions, 501 deletions
diff --git a/CHANGES b/CHANGES
index 043c7552a7..470435fe82 100644
--- a/CHANGES
+++ b/CHANGES
@@ -5,6 +5,15 @@
Changes between 0.9.1c and 0.9.2
+ *) Updates to the new SSL compression code
+ [Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)]
+
+ *) Fix so that the version number in the master secret, when passed
+ via RSA, checks that if TLS was proposed, but we roll back to SSLv3
+ (because the server will not accept higher), that the version number
+ is 0x03,0x01, not 0x03,0x00
+ [Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)]
+
*) Run extensive memory leak checks on SSL apps. Fixed *lots* of memory
leaks in ssl/ relating to new X509_get_pubkey() behaviour. Also fixes
in apps/ and an unrellated leak in crypto/dsa/dsa_vrf.c
diff --git a/ssl/s23_clnt.c b/ssl/s23_clnt.c
index 1b4c06838b..c0948fd2da 100644
--- a/ssl/s23_clnt.c
+++ b/ssl/s23_clnt.c
@@ -136,6 +136,13 @@ SSL *s;
case SSL_ST_BEFORE|SSL_ST_CONNECT:
case SSL_ST_OK|SSL_ST_CONNECT:
+ if (s->session != NULL)
+ {
+ SSLerr(SSL_F_SSL23_CONNECT,SSL_R_SSL23_DOING_SESSION_ID_REUSE);
+ ret= -1;
+ goto end;
+ }
+ s->server=0;
if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
/* s->version=TLS1_VERSION; */
@@ -161,7 +168,7 @@ SSL *s;
ssl3_init_finished_mac(s);
s->state=SSL23_ST_CW_CLNT_HELLO_A;
- s->ctx->sess_connect++;
+ s->ctx->stats.sess_connect++;
s->init_num=0;
break;
@@ -238,16 +245,19 @@ SSL *s;
{
*(d++)=TLS1_VERSION_MAJOR;
*(d++)=TLS1_VERSION_MINOR;
+ s->client_version=TLS1_VERSION;
}
else if (!(s->options & SSL_OP_NO_SSLv3))
{
*(d++)=SSL3_VERSION_MAJOR;
*(d++)=SSL3_VERSION_MINOR;
+ s->client_version=SSL3_VERSION;
}
else if (!(s->options & SSL_OP_NO_SSLv2))
{
*(d++)=SSL2_VERSION_MAJOR;
*(d++)=SSL2_VERSION_MINOR;
+ s->client_version=SSL2_VERSION;
}
else
{
diff --git a/ssl/s23_pkt.c b/ssl/s23_pkt.c
index c25c312772..99f909d50f 100644
--- a/ssl/s23_pkt.c
+++ b/ssl/s23_pkt.c
@@ -76,7 +76,7 @@ SSL *s;
{
s->rwstate=SSL_WRITING;
i=BIO_write(s->wbio,&(buf[tot]),num);
- if (i < 0)
+ if (i <= 0)
{
s->init_off=tot;
s->init_num=num;
diff --git a/ssl/s23_srvr.c b/ssl/s23_srvr.c
index 6c8afeb857..d1f49e5ac3 100644
--- a/ssl/s23_srvr.c
+++ b/ssl/s23_srvr.c
@@ -134,6 +134,7 @@ SSL *s;
case SSL_ST_BEFORE|SSL_ST_ACCEPT:
case SSL_ST_OK|SSL_ST_ACCEPT:
+ s->server=1;
if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
/* s->version=SSL3_VERSION; */
@@ -157,7 +158,7 @@ SSL *s;
ssl3_init_finished_mac(s);
s->state=SSL23_ST_SR_CLNT_HELLO_A;
- s->ctx->sess_accept++;
+ s->ctx->stats.sess_accept++;
s->init_num=0;
break;
@@ -203,8 +204,10 @@ SSL *s;
unsigned int csl,sil,cl;
int n=0,j,tls1=0;
int type=0,use_sslv2_strong=0;
+ int v[2];
/* read the initial header */
+ v[0]=v[1]=0;
if (s->state == SSL23_ST_SR_CLNT_HELLO_A)
{
if (!ssl3_setup_buffers(s)) goto err;
@@ -221,12 +224,14 @@ SSL *s;
/* SSLv2 header */
if ((p[3] == 0x00) && (p[4] == 0x02))
{
+ v[0]=p[3]; v[1]=p[4];
/* SSLv2 */
if (!(s->options & SSL_OP_NO_SSLv2))
type=1;
}
else if (p[3] == SSL3_VERSION_MAJOR)
{
+ v[0]=p[3]; v[1]=p[4];
/* SSLv3/TLSv1 */
if (p[4] >= TLS1_VERSION_MINOR)
{
@@ -307,6 +312,7 @@ SSL *s;
(p[1] == SSL3_VERSION_MAJOR) &&
(p[5] == SSL3_MT_CLIENT_HELLO))
{
+ v[0]=p[1]; v[1]=p[2];
/* true SSLv3 or tls1 */
if (p[2] >= TLS1_VERSION_MINOR)
{
@@ -486,6 +492,7 @@ next_bit:
s->version=SSL3_VERSION;
s->method=SSLv3_server_method();
}
+ s->client_version=(v[0]<<8)|v[1];
s->handshake_func=s->method->ssl_accept;
}
diff --git a/ssl/s2_clnt.c b/ssl/s2_clnt.c
index 9c8037b48b..bbac33cf36 100644
--- a/ssl/s2_clnt.c
+++ b/ssl/s2_clnt.c
@@ -146,6 +146,7 @@ SSL *s;
case SSL_ST_BEFORE|SSL_ST_CONNECT:
case SSL_ST_OK|SSL_ST_CONNECT:
+ s->server=0;
if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
s->version=SSL2_VERSION;
@@ -166,7 +167,7 @@ SSL *s;
s->init_buf=buf;
s->init_num=0;
s->state=SSL2_ST_SEND_CLIENT_HELLO_A;
- s->ctx->sess_connect++;
+ s->ctx->stats.sess_connect++;
s->handshake_func=ssl2_connect;
BREAK;
@@ -249,8 +250,11 @@ SSL *s;
break;
case SSL_ST_OK:
- BUF_MEM_free(s->init_buf);
- s->init_buf=NULL;
+ if (s->init_buf != NULL)
+ {
+ BUF_MEM_free(s->init_buf);
+ s->init_buf=NULL;
+ }
s->init_num=0;
/* ERR_clear_error();*/
@@ -261,11 +265,11 @@ SSL *s;
*/
ssl_update_cache(s,SSL_SESS_CACHE_CLIENT);
- if (s->hit) s->ctx->sess_hit++;
+ if (s->hit) s->ctx->stats.sess_hit++;
ret=1;
/* s->server=0; */
- s->ctx->sess_connect_good++;
+ s->ctx->stats.sess_connect_good++;
if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1);
@@ -538,7 +542,7 @@ SSL *s;
if (s->state == SSL2_ST_SEND_CLIENT_MASTER_KEY_A)
{
- if (!ssl_cipher_get_evp(s->session->cipher,&c,&md))
+ if (!ssl_cipher_get_evp(s->session,&c,&md,NULL))
{
ssl2_return_error(s,SSL2_PE_NO_CIPHER);
SSLerr(SSL_F_CLIENT_MASTER_KEY,SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS);
diff --git a/ssl/s2_enc.c b/ssl/s2_enc.c
index b43056fa14..63ebf28748 100644
--- a/ssl/s2_enc.c
+++ b/ssl/s2_enc.c
@@ -69,7 +69,7 @@ int client;
EVP_MD *md;
int num;
- if (!ssl_cipher_get_evp(s->session->cipher,&c,&md))
+ if (!ssl_cipher_get_evp(s->session,&c,&md,NULL))
{
ssl2_return_error(s,SSL2_PE_NO_CIPHER);
SSLerr(SSL_F_SSL2_ENC_INIT,SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS);
diff --git a/ssl/s2_srvr.c b/ssl/s2_srvr.c
index 8580ac6a8d..814e38f480 100644
--- a/ssl/s2_srvr.c
+++ b/ssl/s2_srvr.c
@@ -155,6 +155,7 @@ SSL *s;
case SSL_ST_BEFORE|SSL_ST_ACCEPT:
case SSL_ST_OK|SSL_ST_ACCEPT:
+ s->server=1;
if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
s->version=SSL2_VERSION;
@@ -168,7 +169,7 @@ SSL *s;
{ ret= -1; goto end; }
s->init_buf=buf;
s->init_num=0;
- s->ctx->sess_accept++;
+ s->ctx->stats.sess_accept++;
s->handshake_func=ssl2_accept;
s->state=SSL2_ST_GET_CLIENT_HELLO_A;
BREAK;
@@ -295,13 +296,14 @@ SSL *s;
case SSL_ST_OK:
BUF_MEM_free(s->init_buf);
+ ssl_free_wbio_buffer(s);
s->init_buf=NULL;
s->init_num=0;
/* ERR_clear_error();*/
ssl_update_cache(s,SSL_SESS_CACHE_SERVER);
- s->ctx->sess_accept_good++;
+ s->ctx->stats.sess_accept_good++;
/* s->server=1; */
ret=1;
@@ -336,9 +338,6 @@ static int get_client_master_key(s)
SSL *s;
{
int export,i,n,keya,ek;
-#if 0
- int error=0;
-#endif
unsigned char *p;
SSL_CIPHER *cp;
EVP_CIPHER *c;
@@ -404,7 +403,7 @@ SSL *s;
export=(s->session->cipher->algorithms & SSL_EXP)?1:0;
- if (!ssl_cipher_get_evp(s->session->cipher,&c,&md))
+ if (!ssl_cipher_get_evp(s->session,&c,&md,NULL))
{
ssl2_return_error(s,SSL2_PE_NO_CIPHER);
SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS);
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index 363118835c..b2649ed998 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -134,7 +134,6 @@ SSL *s;
long num1;
void (*cb)()=NULL;
int ret= -1;
- BIO *under;
int new_state,state,skip=0;;
RAND_seed(&Time,sizeof(Time));
@@ -158,13 +157,14 @@ SSL *s;
case SSL_ST_RENEGOTIATE:
s->new_session=1;
s->state=SSL_ST_CONNECT;
- s->ctx->sess_connect_renegotiate++;
+ s->ctx->stats.sess_connect_renegotiate++;
/* break */
case SSL_ST_BEFORE:
case SSL_ST_CONNECT:
case SSL_ST_BEFORE|SSL_ST_CONNECT:
case SSL_ST_OK|SSL_ST_CONNECT:
+ s->server=0;
if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
if ((s->version & 0xff00 ) != 0x0300)
@@ -197,7 +197,7 @@ SSL *s;
ssl3_init_finished_mac(s);
s->state=SSL3_ST_CW_CLNT_HELLO_A;
- s->ctx->sess_connect++;
+ s->ctx->stats.sess_connect++;
s->init_num=0;
break;
@@ -326,6 +326,11 @@ SSL *s;
s->init_num=0;
s->session->cipher=s->s3->tmp.new_cipher;
+ if (s->s3->tmp.new_compression == NULL)
+ s->session->compress_meth=0;
+ else
+ s->session->compress_meth=
+ s->s3->tmp.new_compression->id;
if (!s->method->ssl3_enc->setup_key_block(s))
{
ret= -1;
@@ -401,33 +406,28 @@ SSL *s;
/* clean a few things up */
ssl3_cleanup_key_block(s);
- BUF_MEM_free(s->init_buf);
- s->init_buf=NULL;
-
- if (!(s->s3->flags & SSL3_FLAGS_POP_BUFFER))
+ if (s->init_buf != NULL)
{
- /* remove buffering */
- under=BIO_pop(s->wbio);
- if (under != NULL)
- s->wbio=under;
- else
- abort(); /* ok */
-
- BIO_free(s->bbio);
- s->bbio=NULL;
+ BUF_MEM_free(s->init_buf);
+ s->init_buf=NULL;
}
- /* else do it later */
+
+ /* If we are not 'joining' the last two packets,
+ * remove the buffering now */
+ if (!(s->s3->flags & SSL3_FLAGS_POP_BUFFER))
+ ssl_free_wbio_buffer(s);
+ /* else do it later in ssl3_write */
s->init_num=0;
s->new_session=0;
ssl_update_cache(s,SSL_SESS_CACHE_CLIENT);
- if (s->hit) s->ctx->sess_hit++;
+ if (s->hit) s->ctx->stats.sess_hit++;
ret=1;
/* s->server=0; */
s->handshake_func=ssl3_connect;
- s->ctx->sess_connect_good++;
+ s->ctx->stats.sess_connect_good++;
if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1);
@@ -473,8 +473,9 @@ SSL *s;
{
unsigned char *buf;
unsigned char *p,*d;
- int i;
+ int i,j;
unsigned long Time,l;
+ SSL_COMP *comp;
buf=(unsigned char *)s->init_buf->data;
if (s->state == SSL3_ST_CW_CLNT_HELLO_A)
@@ -498,6 +499,7 @@ SSL *s;
*(p++)=s->version>>8;
*(p++)=s->version&0xff;
+ s->client_version=s->version;
/* Random stuff */
memcpy(p,s->s3->client_random,SSL3_RANDOM_SIZE);
@@ -525,10 +527,18 @@ SSL *s;
s2n(i,p);
p+=i;
- /* hardwire in the NULL compression algorithm. */
/* COMPRESSION */
- *(p++)=1;
- *(p++)=0;
+ if (s->ctx->comp_methods == NULL)
+ j=0;
+ else
+ j=sk_num(s->ctx->comp_methods);
+ *(p++)=1+j;
+ for (i=0; i<j; i++)
+ {
+ comp=(SSL_COMP *)sk_value(s->ctx->comp_methods,i);
+ *(p++)=comp->id;
+ }
+ *(p++)=0; /* Add the NULL method */
l=(p-d);
d=buf;
@@ -556,6 +566,7 @@ SSL *s;
int i,al,ok;
unsigned int j;
long n;
+ SSL_COMP *comp;
n=ssl3_get_message(s,
SSL3_ST_CR_SRVR_HELLO_A,
@@ -649,12 +660,21 @@ SSL *s;
/* lets get the compression algorithm */
/* COMPRESSION */
j= *(p++);
- if (j != 0)
+ if (j == 0)
+ comp=NULL;
+ else
+ comp=ssl3_comp_find(s->ctx->comp_methods,j);
+
+ if ((j != 0) && (comp == NULL))
{
al=SSL_AD_ILLEGAL_PARAMETER;
SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
goto f_err;
}
+ else
+ {
+ s->s3->tmp.new_compression=comp;
+ }
if (p != (d+n))
{
@@ -996,6 +1016,7 @@ SSL *s;
/* else anonymous DH, so no certificate or pkey. */
s->session->cert->dh_tmp=dh;
+ dh=NULL;
}
else if ((alg & SSL_kDHr) || (alg & SSL_kDHd))
{
@@ -1326,8 +1347,8 @@ SSL *s;
rsa=pkey->pkey.rsa;
}
- tmp_buf[0]=s->version>>8;
- tmp_buf[1]=s->version&0xff;
+ tmp_buf[0]=s->client_version>>8;
+ tmp_buf[1]=s->client_version&0xff;
RAND_bytes(&(tmp_buf[2]),SSL_MAX_MASTER_KEY_LENGTH-2);
s->session->master_key_length=SSL_MAX_MASTER_KEY_LENGTH;
diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c
index c5c9a3be42..a655e12bec 100644
--- a/ssl/s3_enc.c
+++ b/ssl/s3_enc.c
@@ -144,7 +144,10 @@ int which;
exp=(s->s3->tmp.new_cipher->algorithms & SSL_EXPORT)?1:0;
c=s->s3->tmp.new_sym_enc;
m=s->s3->tmp.new_hash;
- comp=s->s3->tmp.new_compression;
+ if (s->s3->tmp.new_compression == NULL)
+ comp=NULL;
+ else
+ comp=s->s3->tmp.new_compression->method;
key_block=s->s3->tmp.key_block;
if (which & SSL3_CC_READ)
@@ -169,8 +172,9 @@ int which;
SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE,SSL_R_COMPRESSION_LIBRARY_ERROR);
goto err2;
}
- s->s3->rrec.comp=(unsigned char *)
- Malloc(SSL3_RT_MAX_PLAIN_LENGTH);
+ if (s->s3->rrec.comp == NULL)
+ s->s3->rrec.comp=(unsigned char *)
+ Malloc(SSL3_RT_MAX_PLAIN_LENGTH);
if (s->s3->rrec.comp == NULL)
goto err;
}
@@ -280,11 +284,12 @@ SSL *s;
EVP_CIPHER *c;
EVP_MD *hash;
int num,exp;
+ SSL_COMP *comp;
if (s->s3->tmp.key_block_length != 0)
return(1);
- if (!ssl_cipher_get_evp(s->session->cipher,&c,&hash))
+ if (!ssl_cipher_get_evp(s->session,&c,&hash,&comp))
{
SSLerr(SSL_F_SSL3_SETUP_KEY_BLOCK,SSL_R_CIPHER_OR_HASH_UNAVAILABLE);
return(0);
@@ -292,11 +297,7 @@ SSL *s;
s->s3->tmp.new_sym_enc=c;
s->s3->tmp.new_hash=hash;
-#ifdef ZLIB
- s->s3->tmp.new_compression=COMP_zlib();
-#endif
-/* s->s3->tmp.new_compression=COMP_rle(); */
-/* s->session->compress_meth= xxxxx */
+ s->s3->tmp.new_compression=comp;
exp=(s->session->cipher->algorithms & SSL_EXPORT)?1:0;
@@ -454,7 +455,7 @@ unsigned char *p;
unsigned char md_buf[EVP_MAX_MD_SIZE];
EVP_MD_CTX ctx;
- memcpy(&ctx,in_ctx,sizeof(EVP_MD_CTX));
+ EVP_MD_CTX_copy(&ctx,in_ctx);
n=EVP_MD_CTX_size(&ctx);
npad=(48/n)*n;
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 495c1c334f..c64b760a44 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -486,6 +486,12 @@ SSL *s;
if (s->s3->tmp.ca_names != NULL)
sk_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
+ if (s->s3->rrec.comp != NULL)
+ {
+ Free(s->s3->rrec.comp);
+ s->s3->rrec.comp=NULL;
+ }
+
rp=s->s3->rbuf.buf;
wp=s->s3->wbuf.buf;
@@ -493,11 +499,7 @@ SSL *s;
if (rp != NULL) s->s3->rbuf.buf=rp;
if (wp != NULL) s->s3->wbuf.buf=wp;
- if (s->s3->rrec.comp != NULL)
- {
- Free(s->s3->rrec.comp);
- s->s3->rrec.comp=NULL;
- }
+ ssl_free_wbio_buffer(s);
s->packet_length=0;
s->s3->renegotiate=0;
@@ -844,7 +846,6 @@ const char *buf;
int len;
{
int ret,n;
- BIO *under;
#if 0
if (s->shutdown & SSL_SEND_SHUTDOWN)
@@ -878,15 +879,12 @@ int len;
if (n <= 0) return(n);
s->rwstate=SSL_NOTHING;
- /* We have flushed the buffer */
- under=BIO_pop(s->wbio);
- s->wbio=under;
- BIO_free(s->bbio);
- s->bbio=NULL;
+ /* We have flushed the buffer, so remove it */
+ ssl_free_wbio_buffer(s);
+ s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER;
+
ret=s->s3->delay_buf_pop_ret;
s->s3->delay_buf_pop_ret=0;
-
- s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER;
}
else
{
@@ -987,4 +985,3 @@ need to go to SSL_ST_ACCEPT.
return(ret);
}
-
diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
index b7edc8faf3..f5350bf1b7 100644
--- a/ssl/s3_pkt.c
+++ b/ssl/s3_pkt.c
@@ -872,7 +872,9 @@ start:
if (((s->state&SSL_ST_MASK) == SSL_ST_OK) &&
!(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS))
{
- s->state=SSL_ST_BEFORE;
+ s->state=SSL_ST_BEFORE|(s->server)
+ ?SSL_ST_ACCEPT
+ :SSL_ST_CONNECT;
s->new_session=1;
}
n=s->handshake_func(s);
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index a827a58d49..a4c0744488 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -135,7 +135,6 @@ SSL *s;
long num1;
int ret= -1;
CERT *ct;
- BIO *under;
int new_state,state,skip=0;
RAND_seed(&Time,sizeof(Time));
@@ -178,6 +177,7 @@ SSL *s;
case SSL_ST_BEFORE|SSL_ST_ACCEPT:
case SSL_ST_OK|SSL_ST_ACCEPT:
+ s->server=1;
if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
if ((s->version>>8) != 3)
@@ -217,11 +217,11 @@ SSL *s;
{
s->state=SSL3_ST_SR_CLNT_HELLO_A;
ssl3_init_finished_mac(s);
- s->ctx->sess_accept++;
+ s->ctx->stats.sess_accept++;
}
else
{
- s->ctx->sess_accept_renegotiate++;
+ s->ctx->stats.sess_accept_renegotiate++;
s->state=SSL3_ST_SW_HELLO_REQ_A;
}
break;
@@ -240,15 +240,6 @@ SSL *s;
break;
case SSL3_ST_SW_HELLO_REQ_C:
- /* remove buffering on output */
- under=BIO_pop(s->wbio);
- if (under != NULL)
- s->wbio=under;
- else
- abort(); /* ok */
- BIO_free(s->bbio);
- s->bbio=NULL;
-
s->state=SSL_ST_OK;
ret=1;
goto end;
@@ -480,20 +471,14 @@ SSL *s;
s->init_buf=NULL;
/* remove buffering on output */
- under=BIO_pop(s->wbio);
- if (under != NULL)
- s->wbio=under;
- else
- abort(); /* ok */
- BIO_free(s->bbio);
- s->bbio=NULL;
+ ssl_free_wbio_buffer(s);
s->new_session=0;
s->init_num=0;
ssl_update_cache(s,SSL_SESS_CACHE_SERVER);
- s->ctx->sess_accept_good++;
+ s->ctx->stats.sess_accept_good++;
/* s->server=1; */
s->handshake_func=ssl3_accept;
ret=1;
@@ -567,8 +552,9 @@ SSL *s;
int i,j,ok,al,ret= -1;
long n;
unsigned long id;
- unsigned char *p,*d;
+ unsigned char *p,*d,*q;
SSL_CIPHER *c;
+ SSL_COMP *comp=NULL;
STACK *ciphers=NULL;
/* We do this so that we will respond with our native type.
@@ -595,6 +581,7 @@ SSL *s;
/* The version number has already been checked in ssl3_get_message.
* I a native TLSv1/SSLv3 method, the match must be correct except
* perhaps for the first message */
+/* s->client_version=(((int)p[0])<<8)|(int)p[1]; */
p+=2;
/* load the client random */
@@ -653,9 +640,16 @@ SSL *s;
j=0;
id=s->session->cipher->id;
+#ifdef CIPHER_DEBUG
+ printf("client sent %d ciphers\n",sk_num(ciphers));
+#endif
for (i=0; i<sk_num(ciphers); i++)
{
c=(SSL_CIPHER *)sk_value(ciphers,i);
+#ifdef CIPHER_DEBUG
+ printf("client [%2d of %2d]:%s\n",
+ i,sk_num(ciphers),SSL_CIPHER_get_name(c));
+#endif
if (c->id == id)
{
j=1;
@@ -683,8 +677,11 @@ SSL *s;
/* compression */
i= *(p++);
+ q=p;
for (j=0; j<i; j++)
+ {
if (p[j] == 0) break;
+ }
p+=i;
if (j >= i)
@@ -695,6 +692,35 @@ SSL *s;
goto f_err;
}
+ /* Worst case, we will use the NULL compression, but if we have other
+ * options, we will now look for them. We have i-1 compression
+ * algorithms from the client, starting at q. */
+ s->s3->tmp.new_compression=NULL;
+ if (s->ctx->comp_methods != NULL)
+ { /* See if we have a match */
+ int m,nn,o,v,done=0;
+
+ nn=sk_num(s->ctx->comp_methods);
+ for (m=0; m<nn; m++)
+ {
+ comp=(SSL_COMP *)sk_value(s->ctx->comp_methods,m);
+ v=comp->id;
+ for (o=0; o<i; o++)
+ {
+ if (v == q[o])
+ {
+ done=1;
+ break;
+ }
+ }
+ if (done) break;
+ }
+ if (done)
+ s->s3->tmp.new_compression=comp;
+ else
+ comp=NULL;
+ }
+
/* TLS does not mind if there is extra stuff */
if (s->version == SSL3_VERSION)
{
@@ -708,13 +734,12 @@ SSL *s;
}
}
- /* do nothing with compression */
-
/* Given s->session->ciphers and ssl_get_ciphers_by_id(s), we must
* pick a cipher */
if (!s->hit)
{
+ s->session->compress_meth=(comp == NULL)?0:comp->id;
if (s->session->ciphers != NULL)
sk_free(s->session->ciphers);
s->session->ciphers=ciphers;
@@ -835,7 +860,10 @@ SSL *s;
p+=i;
/* put the compression method */
- *(p++)=0;
+ if (s->s3->tmp.new_compression == NULL)
+ *(p++)=0;
+ else
+ *(p++)=s->s3->tmp.new_compression->id;
/* do the header */
l=(p-d);
@@ -1266,13 +1294,26 @@ SSL *s;
#if 1
/* If a bad decrypt, use a random master key */
if ((i != SSL_MAX_MASTER_KEY_LENGTH) ||
- ((p[0] != (s->version>>8)) ||
- (p[1] != (s->version & 0xff))))
+ ((p[0] != (s->client_version>>8)) ||
+ (p[1] != (s->client_version & 0xff))))
{
- p[0]=(s->version>>8);
- p[1]=(s->version & 0xff);
- RAND_bytes(&(p[2]),SSL_MAX_MASTER_KEY_LENGTH-2);
- i=SSL_MAX_MASTER_KEY_LENGTH;
+ int bad=1;
+
+ if ((i == SSL_MAX_MASTER_KEY_LENGTH) &&
+ (p[0] == (s->version>>8)) &&
+ (p[1] == 0))
+ {
+ if (s->options & SSL_OP_TLS_ROLLBACK_BUG)
+ bad=0;
+ }
+ if (bad)
+ {
+ p[0]=(s->version>>8);
+ p[1]=(s->version & 0xff);
+ RAND_bytes(&(p[2]),SSL_MAX_MASTER_KEY_LENGTH-2);
+ i=SSL_MAX_MASTER_KEY_LENGTH;
+ }
+ /* else, an SSLeay bug, ssl only server, tls client */
}
#else
if (i != SSL_MAX_MASTER_KEY_LENGTH)
diff --git a/ssl/ssl.err b/ssl/ssl.err
index 10ca9c5342..84256f905a 100644
--- a/ssl/ssl.err
+++ b/ssl/ssl.err
@@ -65,52 +65,55 @@
#define SSL_F_SSL_BYTES_TO_CIPHER_LIST 161
#define SSL_F_SSL_CERT_NEW 162
#define SSL_F_SSL_CHECK_PRIVATE_KEY 163
-#define SSL_F_SSL_CREATE_CIPHER_LIST 164
-#define SSL_F_SSL_CTX_CHECK_PRIVATE_KEY 165
-#define SSL_F_SSL_CTX_NEW 166
-#define SSL_F_SSL_CTX_SET_SSL_VERSION 167
-#define SSL_F_SSL_CTX_USE_CERTIFICATE 168
-#define SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1 169
-#define SSL_F_SSL_CTX_USE_CERTIFICATE_FILE 170
-#define SSL_F_SSL_CTX_USE_PRIVATEKEY 171
-#define SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1 172
-#define SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE 173
-#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY 174
-#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1 175
-#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE 176
-#define SSL_F_SSL_DO_HANDSHAKE 177
-#define SSL_F_SSL_GET_NEW_SESSION 178
-#define SSL_F_SSL_GET_SERVER_SEND_CERT 179
-#define SSL_F_SSL_GET_SIGN_PKEY 180
-#define SSL_F_SSL_INIT_WBIO_BUFFER 181
-#define SSL_F_SSL_LOAD_CLIENT_CA_FILE 182
-#define SSL_F_SSL_NEW 183
-#define SSL_F_SSL_RSA_PRIVATE_DECRYPT 184
-#define SSL_F_SSL_RSA_PUBLIC_ENCRYPT 185
-#define SSL_F_SSL_SESSION_NEW 186
-#define SSL_F_SSL_SESSION_PRINT_FP 187
-#define SSL_F_SSL_SET_CERT 188
-#define SSL_F_SSL_SET_FD 189
-#define SSL_F_SSL_SET_PKEY 190
-#define SSL_F_SSL_SET_RFD 191
-#define SSL_F_SSL_SET_SESSION 192
-#define SSL_F_SSL_SET_WFD 193
-#define SSL_F_SSL_UNDEFINED_FUNCTION 194
-#define SSL_F_SSL_USE_CERTIFICATE 195
-#define SSL_F_SSL_USE_CERTIFICATE_ASN1 196
-#define SSL_F_SSL_USE_CERTIFICATE_FILE 197
-#define SSL_F_SSL_USE_PRIVATEKEY 198
-#define SSL_F_SSL_USE_PRIVATEKEY_ASN1 199
-#define SSL_F_SSL_USE_PRIVATEKEY_FILE 200
-#define SSL_F_SSL_USE_RSAPRIVATEKEY 201
-#define SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1 202
-#define SSL_F_SSL_USE_RSAPRIVATEKEY_FILE 203
-#define SSL_F_SSL_VERIFY_CERT_CHAIN 204
-#define SSL_F_SSL_WRITE 205
-#define SSL_F_TLS1_CHANGE_CIPHER_STATE 206
-#define SSL_F_TLS1_ENC 207
-#define SSL_F_TLS1_SETUP_KEY_BLOCK 208
-#define SSL_F_WRITE_PENDING 209
+#define SSL_F_SSL_CLEAR 164
+#define SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD 165
+#define SSL_F_SSL_CREATE_CIPHER_LIST 166
+#define SSL_F_SSL_CTX_ADD_COMPRESSION 167
+#define SSL_F_SSL_CTX_CHECK_PRIVATE_KEY 168
+#define SSL_F_SSL_CTX_NEW 169
+#define SSL_F_SSL_CTX_SET_SSL_VERSION 170
+#define SSL_F_SSL_CTX_USE_CERTIFICATE 171
+#define SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1 172
+#define SSL_F_SSL_CTX_USE_CERTIFICATE_FILE 173
+#define SSL_F_SSL_CTX_USE_PRIVATEKEY 174
+#define SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1 175
+#define SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE 176
+#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY 177
+#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1 178
+#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE 179
+#define SSL_F_SSL_DO_HANDSHAKE 180
+#define SSL_F_SSL_GET_NEW_SESSION 181
+#define SSL_F_SSL_GET_SERVER_SEND_CERT 182
+#define SSL_F_SSL_GET_SIGN_PKEY 183
+#define SSL_F_SSL_INIT_WBIO_BUFFER 184
+#define SSL_F_SSL_LOAD_CLIENT_CA_FILE 185
+#define SSL_F_SSL_NEW 186
+#define SSL_F_SSL_RSA_PRIVATE_DECRYPT 187
+#define SSL_F_SSL_RSA_PUBLIC_ENCRYPT 188
+#define SSL_F_SSL_SESSION_NEW 189
+#define SSL_F_SSL_SESSION_PRINT_FP 190
+#define SSL_F_SSL_SET_CERT 191
+#define SSL_F_SSL_SET_FD 192
+#define SSL_F_SSL_SET_PKEY 193
+#define SSL_F_SSL_SET_RFD 194
+#define SSL_F_SSL_SET_SESSION 195
+#define SSL_F_SSL_SET_WFD 196
+#define SSL_F_SSL_UNDEFINED_FUNCTION 197
+#define SSL_F_SSL_USE_CERTIFICA