Fix some bugs and document others

author: Bodo Möller <bodo@openssl.org> 2000-02-21 17:09:54 +0000
committer: Bodo Möller <bodo@openssl.org> 2000-02-21 17:09:54 +0000
commit: a2a0158959e597188c10fbfeaf61888b2df2e587 (patch)
tree: a563afeb10919ce28f583523044924f6a817882f /ssl
parent: e7ecc7d4ddcfc5d2a09dde220e3fc0b5e4b46289 (diff)
6 files changed, 54 insertions, 37 deletions
diff --git a/ssl/s3_both.c b/ssl/s3_both.c
index f1a9282f0e..035a937ba7 100644
--- a/ssl/s3_both.c
+++ b/ssl/s3_both.c
@@ -342,14 +342,15 @@ long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
 			SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_UNEXPECTED_MESSAGE);
 			goto f_err;
 			}
-		if((mt < 0) && (*p == SSL3_MT_CLIENT_HELLO) &&
+		if ((mt < 0) && (*p == SSL3_MT_CLIENT_HELLO) &&
 					(st1 == SSL3_ST_SR_CERT_A) &&
 					(stn == SSL3_ST_SR_CERT_B))
 			{
 			/* At this point we have got an MS SGC second client
 			 * hello (maybe we should always allow the client to
 			 * start a new handshake?). We need to restart the mac.
-			 */
+			 * Don't increment {num,total}_renegotiations because
+			 * we have not completed the handshake. */
 			ssl3_init_finished_mac(s);
 			}
 
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 87525faab4..c4b49aaedf 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -695,6 +695,10 @@ void ssl3_clear(SSL *s)
 		Free(s->s3->rrec.comp);
 		s->s3->rrec.comp=NULL;
 		}
+#ifndef NO_DH
+	if (s->s3->tmp.dh != NULL)
+		DH_free(s->s3->tmp.dh);
+#endif
 
 	rp=s->s3->rbuf.buf;
 	wp=s->s3->wbuf.buf;
diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
index e95dcd9461..32eda4e657 100644
--- a/ssl/s3_pkt.c
+++ b/ssl/s3_pkt.c
@@ -709,7 +709,6 @@ int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len)
 	int al,i,j,n,ret;
 	SSL3_RECORD *rr;
 	void (*cb)()=NULL;
-	BIO *bio;
 
 	if (s->s3->rbuf.buf == NULL) /* Not initialized yet */
 		if (!ssl3_setup_buffers(s))
@@ -988,9 +987,15 @@ start:
 		if (((s->state&SSL_ST_MASK) == SSL_ST_OK) &&
 			!(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS))
 			{
+#if 0 /* worked only because C operator preferences are not as expected (and
+       * because this is not really needed for clients except for detecting
+       * protocol violations): */
 			s->state=SSL_ST_BEFORE|(s->server)
 				?SSL_ST_ACCEPT
 				:SSL_ST_CONNECT;
+#else
+			s->state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT;
+#endif
 			s->new_session=1;
 			}
 		n=s->handshake_func(s);
@@ -1001,11 +1006,20 @@ start:
 			return(-1);
 			}
 
+#if 1 /* probably nonsense (does not work with readahead),
+	   * but keep it for now anyway ... s_server relies on this */
+		{
+		BIO *bio;
 		/* In the case where we try to read application data
 		 * the first time, but we trigger an SSL handshake, we
 		 * return -1 with the retry option set.  I do this
 		 * otherwise renegotiation can cause nasty problems 
-		 * in the non-blocking world */
+		 * in the non-blocking world */ /* That's "non-non-blocking",
+		                                 * I guess? When receiving a
+		                                 * Hello Request, we have the
+		                                 * same problem (e.g. in s_client),
+		                                 * but it's really an application bug.
+		                                 */
 
 		s->rwstate=SSL_READING;
 		bio=SSL_get_rbio(s);
@@ -1013,6 +1027,10 @@ start:
 		BIO_set_retry_read(bio);
 		return(-1);
 		}
+#else
+		goto start;
+#endif		
+		}
 
 	switch (rr->type)
 		{
@@ -1041,7 +1059,7 @@ start:
 		 * but have application data.  If the library was
 		 * running inside ssl3_read() (i.e. in_read_app_data
 		 * is set) and it makes sense to read application data
-		 * at this point (session renegotation not yet started),
+		 * at this point (session renegotiation not yet started),
 		 * we will indulge it.
 		 */
 		if (s->s3->in_read_app_data &&
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index b5882d59b9..2a9e115e9c 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -77,9 +77,9 @@ static int ssl3_send_server_hello(SSL *s);
 static int ssl3_send_server_key_exchange(SSL *s);
 static int ssl3_send_certificate_request(SSL *s);
 static int ssl3_send_server_done(SSL *s);
-static int ssl3_get_cert_verify(SSL *s);
 static int ssl3_get_client_key_exchange(SSL *s);
 static int ssl3_get_client_certificate(SSL *s);
+static int ssl3_get_cert_verify(SSL *s);
 static int ssl3_send_hello_request(SSL *s);
 
 static SSL_METHOD *ssl3_get_server_method(int ver)
@@ -154,7 +154,6 @@ int ssl3_accept(SSL *s)
 
 			if ((s->version>>8) != 3)
 				abort();
-			/* s->version=SSL3_VERSION; */
 			s->type=SSL_ST_ACCEPT;
 
 			if (s->init_buf == NULL)
@@ -539,7 +538,21 @@ static int ssl3_check_client_hello(SSL *s)
 		&ok);
 	if (!ok) return((int)n);
 	s->s3->tmp.reuse_message = 1;
-	if(s->s3->tmp.message_type == SSL3_MT_CLIENT_HELLO) return 2;
+	if (s->s3->tmp.message_type == SSL3_MT_CLIENT_HELLO)
+		{
+		/* Throw away what we have done so far in the current handshake,
+		 * which will now be aborted. (A full SSL_clear would be too much.)
+		 * I hope that tmp.dh is the only thing that may need to be cleared
+		 * when a handshake is not completed ... */
+#ifndef NO_DH
+		if (s->s3->tmp.dh != NULL)
+			{
+			DH_free(s->s3->tmp.dh);
+			s->s3->tmp.dh = NULL;
+			}
+#endif
+		return 2;
+		}
 	return 1;
 }
 
@@ -1300,31 +1313,6 @@ static int ssl3_get_client_key_exchange(SSL *s)
 
 		i=RSA_private_decrypt((int)n,p,p,rsa,RSA_PKCS1_PADDING);
 
-#if 0
-		/* If a bad decrypt, use a random master key */
-		if ((i != SSL_MAX_MASTER_KEY_LENGTH) ||
-			((p[0] != (s->client_version>>8)) ||
-			 (p[1] != (s->client_version & 0xff))))
-			{
-			int bad=1;
-
-			if ((i == SSL_MAX_MASTER_KEY_LENGTH) &&
-				(p[0] == (s->version>>8)) &&
-				(p[1] == 0))
-				{
-				if (s->options & SSL_OP_TLS_ROLLBACK_BUG)
-					bad=0;
-				}
-			if (bad)
-				{
-				p[0]=(s->version>>8);
-				p[1]=(s->version & 0xff);
-				RAND_pseudo_bytes(&(p[2]),SSL_MAX_MASTER_KEY_LENGTH-2);
-				i=SSL_MAX_MASTER_KEY_LENGTH;
-				}
-			/* else, an SSLeay bug, ssl only server, tls client */
-			}
-#else
 		if (i != SSL_MAX_MASTER_KEY_LENGTH)
 			{
 			al=SSL_AD_DECODE_ERROR;
@@ -1347,7 +1335,6 @@ static int ssl3_get_client_key_exchange(SSL *s)
 		memset(p,0,i);
 		}
 	else
-#endif
 #ifndef NO_DH
 		if (l & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
 		{
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 8a9d2894f1..f09e46c346 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -107,10 +107,17 @@ int SSL_clear(SSL *s)
 	s->hit=0;
 	s->shutdown=0;
 
-#if 0
+#if 0 /* Disabled since version 1.10 of this file (early return not
+       * needed because SSL_clear is not called when doing renegotiation) */
 	/* This is set if we are doing dynamic renegotiation so keep
 	 * the old cipher.  It is sort of a SSL_clear_lite :-) */
 	if (s->new_session) return(1);
+#else
+	if (s->new_session)
+		{
+		SSLerr(SSL_F_SSL_CLEAR,SSL_R_INTERNAL_ERROR);
+		return 0;
+		}
 #endif
 
 	state=s->state; /* Keep to check if we throw away the session-id */
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index 0f819021f0..9a52bab254 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -306,8 +306,8 @@ typedef struct cert_st
 	{
 	/* Current active set */
 	CERT_PKEY *key; /* ALWAYS points to an element of the pkeys array
-					 * Probably it would make more sense to store
-					 * an index, not a pointer. */
+			 * Probably it would make more sense to store
+			 * an index, not a pointer. */
  
 	/* The following masks are for the key and auth
 	 * algorithms that are supported by the certs below */
author	Bodo Möller <bodo@openssl.org>	2000-02-21 17:09:54 +0000
committer	Bodo Möller <bodo@openssl.org>	2000-02-21 17:09:54 +0000
commit	a2a0158959e597188c10fbfeaf61888b2df2e587 (patch)
tree	a563afeb10919ce28f583523044924f6a817882f /ssl
parent	e7ecc7d4ddcfc5d2a09dde220e3fc0b5e4b46289 (diff)