First step towards SSL_peek fix.

This commit is contained in:
Bodo Möller 2000-12-14 17:36:59 +00:00
parent 7e7c8952b5
commit 5a4fbc69c3
8 changed files with 206 additions and 55 deletions

View File

@ -88,8 +88,9 @@
*) Disable ssl2_peek and ssl3_peek (i.e., both implementations *) Disable ssl2_peek and ssl3_peek (i.e., both implementations
of SSL_peek) because they both are completely broken. of SSL_peek) because they both are completely broken.
They will be fixed RSN by adding an additional 'peek' parameter For fixing this, the internal read functions now have an additional
to the internal read functions. 'peek' parameter, but the actual peek functionality has not
yet been implemented.
[Bodo Moeller] [Bodo Moeller]
*) New function BN_kronecker. *) New function BN_kronecker.

View File

@ -55,6 +55,59 @@
* copied and put under another distribution licence * copied and put under another distribution licence
* [including the GNU Public Licence.] * [including the GNU Public Licence.]
*/ */
/* ====================================================================
* Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#include "ssl_locl.h" #include "ssl_locl.h"
#ifndef NO_SSL2 #ifndef NO_SSL2
@ -66,28 +119,12 @@ static int read_n(SSL *s,unsigned int n,unsigned int max,unsigned int extend);
static int do_ssl_write(SSL *s, const unsigned char *buf, unsigned int len); static int do_ssl_write(SSL *s, const unsigned char *buf, unsigned int len);
static int write_pending(SSL *s, const unsigned char *buf, unsigned int len); static int write_pending(SSL *s, const unsigned char *buf, unsigned int len);
static int ssl_mt_error(int n); static int ssl_mt_error(int n);
int ssl2_peek(SSL *s, char *buf, int len)
{
#if 1
SSLerr(SSL_F_SSL2_PEEK, SSL_R_FIXME); /* function is totally broken */
return -1;
#else
int ret;
ret=ssl2_read(s,buf,len);
if (ret > 0)
{
s->s2->ract_data_length+=ret;
s->s2->ract_data-=ret;
}
return(ret);
#endif
}
/* SSL_read - /* SSL 2.0 imlementation for SSL_read/SSL_peek -
* This routine will return 0 to len bytes, decrypted etc if required. * This routine will return 0 to len bytes, decrypted etc if required.
*/ */
int ssl2_read(SSL *s, void *buf, int len) static int ssl2_read_internal(SSL *s, void *buf, int len, int peek)
{ {
int n; int n;
unsigned char mac[MAX_MAC_SIZE]; unsigned char mac[MAX_MAC_SIZE];
@ -95,6 +132,12 @@ int ssl2_read(SSL *s, void *buf, int len)
int i; int i;
unsigned int mac_size=0; unsigned int mac_size=0;
if (peek)
{
SSLerr(SSL_F_SSL2_READ_INTERNAL, SSL_R_FIXME); /* proper implementation not yet completed */
return -1;
}
ssl2_read_again: ssl2_read_again:
if (SSL_in_init(s) && !s->in_handshake) if (SSL_in_init(s) && !s->in_handshake)
{ {
@ -102,7 +145,7 @@ ssl2_read_again:
if (n < 0) return(n); if (n < 0) return(n);
if (n == 0) if (n == 0)
{ {
SSLerr(SSL_F_SSL2_READ,SSL_R_SSL_HANDSHAKE_FAILURE); SSLerr(SSL_F_SSL2_READ_INTERNAL,SSL_R_SSL_HANDSHAKE_FAILURE);
return(-1); return(-1);
} }
} }
@ -138,7 +181,7 @@ ssl2_read_again:
(p[2] == SSL2_MT_CLIENT_HELLO) || (p[2] == SSL2_MT_CLIENT_HELLO) ||
(p[2] == SSL2_MT_SERVER_HELLO)))) (p[2] == SSL2_MT_SERVER_HELLO))))
{ {
SSLerr(SSL_F_SSL2_READ,SSL_R_NON_SSLV2_INITIAL_PACKET); SSLerr(SSL_F_SSL2_READ_INTERNAL,SSL_R_NON_SSLV2_INITIAL_PACKET);
return(-1); return(-1);
} }
} }
@ -216,7 +259,7 @@ ssl2_read_again:
(unsigned int)mac_size) != 0) || (unsigned int)mac_size) != 0) ||
(s->s2->rlength%EVP_CIPHER_CTX_block_size(s->enc_read_ctx) != 0)) (s->s2->rlength%EVP_CIPHER_CTX_block_size(s->enc_read_ctx) != 0))
{ {
SSLerr(SSL_F_SSL2_READ,SSL_R_BAD_MAC_DECODE); SSLerr(SSL_F_SSL2_READ_INTERNAL,SSL_R_BAD_MAC_DECODE);
return(-1); return(-1);
} }
} }
@ -253,11 +296,21 @@ ssl2_read_again:
} }
else else
{ {
SSLerr(SSL_F_SSL2_READ,SSL_R_BAD_STATE); SSLerr(SSL_F_SSL2_READ_INTERNAL,SSL_R_BAD_STATE);
return(-1); return(-1);
} }
} }
int ssl2_read(SSL *s, void *buf, int len)
{
return ssl2_read_internal(s, buf, len, 0);
}
int ssl2_peek(SSL *s, char *buf, int len)
{
return ssl2_read_internal(s, buf, len, 1);
}
static int read_n(SSL *s, unsigned int n, unsigned int max, static int read_n(SSL *s, unsigned int n, unsigned int max,
unsigned int extend) unsigned int extend)
{ {

View File

@ -365,7 +365,7 @@ long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
while (s->init_num < 4) while (s->init_num < 4)
{ {
i=ssl3_read_bytes(s,SSL3_RT_HANDSHAKE,&p[s->init_num], i=ssl3_read_bytes(s,SSL3_RT_HANDSHAKE,&p[s->init_num],
4 - s->init_num); 4 - s->init_num, 0);
if (i <= 0) if (i <= 0)
{ {
s->rwstate=SSL_READING; s->rwstate=SSL_READING;
@ -434,7 +434,7 @@ long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
n=s->s3->tmp.message_size; n=s->s3->tmp.message_size;
while (n > 0) while (n > 0)
{ {
i=ssl3_read_bytes(s,SSL3_RT_HANDSHAKE,&p[s->init_num],n); i=ssl3_read_bytes(s,SSL3_RT_HANDSHAKE,&p[s->init_num],n,0);
if (i <= 0) if (i <= 0)
{ {
s->rwstate=SSL_READING; s->rwstate=SSL_READING;

View File

@ -55,6 +55,59 @@
* copied and put under another distribution licence * copied and put under another distribution licence
* [including the GNU Public Licence.] * [including the GNU Public Licence.]
*/ */
/* ====================================================================
* Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#include <stdio.h> #include <stdio.h>
#include <openssl/md5.h> #include <openssl/md5.h>
@ -1282,7 +1335,7 @@ int ssl3_shutdown(SSL *s)
else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN))
{ {
/* If we are waiting for a close from our peer, we are closed */ /* If we are waiting for a close from our peer, we are closed */
ssl3_read_bytes(s,0,NULL,0); ssl3_read_bytes(s,0,NULL,0,0);
} }
if ((s->shutdown == (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN)) && if ((s->shutdown == (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN)) &&
@ -1345,14 +1398,14 @@ int ssl3_write(SSL *s, const void *buf, int len)
return(ret); return(ret);
} }
int ssl3_read(SSL *s, void *buf, int len) static int ssl3_read_internal(SSL *s, void *buf, int len, int peek)
{ {
int ret; int ret;
clear_sys_error(); clear_sys_error();
if (s->s3->renegotiate) ssl3_renegotiate_check(s); if (s->s3->renegotiate) ssl3_renegotiate_check(s);
s->s3->in_read_app_data=1; s->s3->in_read_app_data=1;
ret=ssl3_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len); ret=ssl3_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek);
if ((ret == -1) && (s->s3->in_read_app_data == 0)) if ((ret == -1) && (s->s3->in_read_app_data == 0))
{ {
/* ssl3_read_bytes decided to call s->handshake_func, which /* ssl3_read_bytes decided to call s->handshake_func, which
@ -1362,7 +1415,7 @@ int ssl3_read(SSL *s, void *buf, int len)
* by resetting 'in_read_app_data', strangely); so disable * by resetting 'in_read_app_data', strangely); so disable
* handshake processing and try to read application data again. */ * handshake processing and try to read application data again. */
s->in_handshake++; s->in_handshake++;
ret=ssl3_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len); ret=ssl3_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek);
s->in_handshake--; s->in_handshake--;
} }
else else
@ -1371,31 +1424,14 @@ int ssl3_read(SSL *s, void *buf, int len)
return(ret); return(ret);
} }
int ssl3_peek(SSL *s, char *buf, int len) int ssl3_read(SSL *s, void *buf, int len)
{ {
#if 1 return ssl3_read_internal(s, buf, len, 0);
SSLerr(SSL_F_SSL3_PEEK, SSL_R_FIXME); /* function is totally broken */
return -1;
#else
SSL3_RECORD *rr;
int n;
rr= &(s->s3->rrec);
if ((rr->length == 0) || (rr->type != SSL3_RT_APPLICATION_DATA))
{
n=ssl3_read(s,buf,1);
if (n <= 0) return(n);
rr->length++;
rr->off--;
} }
if ((unsigned int)len > rr->length) int ssl3_peek(SSL *s, char *buf, int len)
n=rr->length; {
else return ssl3_read_internal(s, buf, len, 0);
n=len;
memcpy(buf,&(rr->data[rr->off]),(unsigned int)n);
return(n);
#endif
} }
int ssl3_renegotiate(SSL *s) int ssl3_renegotiate(SSL *s)

View File

@ -704,13 +704,19 @@ static int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
* Application data protocol * Application data protocol
* none of our business * none of our business
*/ */
int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len) int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
{ {
int al,i,j,ret; int al,i,j,ret;
unsigned int n; unsigned int n;
SSL3_RECORD *rr; SSL3_RECORD *rr;
void (*cb)()=NULL; void (*cb)()=NULL;
if (peek)
{
SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_FIXME); /* proper implementation not yet completed */
return -1;
}
if (s->s3->rbuf.buf == NULL) /* Not initialized yet */ if (s->s3->rbuf.buf == NULL) /* Not initialized yet */
if (!ssl3_setup_buffers(s)) if (!ssl3_setup_buffers(s))
return(-1); return(-1);

View File

@ -1261,6 +1261,7 @@ int SSL_COMP_add_compression_method(int id,char *cm);
#define SSL_F_SSL2_ENC_INIT 124 #define SSL_F_SSL2_ENC_INIT 124
#define SSL_F_SSL2_PEEK 234 #define SSL_F_SSL2_PEEK 234
#define SSL_F_SSL2_READ 125 #define SSL_F_SSL2_READ 125
#define SSL_F_SSL2_READ_INTERNAL 236
#define SSL_F_SSL2_SET_CERTIFICATE 126 #define SSL_F_SSL2_SET_CERTIFICATE 126
#define SSL_F_SSL2_WRITE 127 #define SSL_F_SSL2_WRITE 127
#define SSL_F_SSL3_ACCEPT 128 #define SSL_F_SSL3_ACCEPT 128

View File

@ -93,6 +93,7 @@ static ERR_STRING_DATA SSL_str_functs[]=
{ERR_PACK(0,SSL_F_SSL2_ENC_INIT,0), "SSL2_ENC_INIT"}, {ERR_PACK(0,SSL_F_SSL2_ENC_INIT,0), "SSL2_ENC_INIT"},
{ERR_PACK(0,SSL_F_SSL2_PEEK,0), "SSL2_PEEK"}, {ERR_PACK(0,SSL_F_SSL2_PEEK,0), "SSL2_PEEK"},
{ERR_PACK(0,SSL_F_SSL2_READ,0), "SSL2_READ"}, {ERR_PACK(0,SSL_F_SSL2_READ,0), "SSL2_READ"},
{ERR_PACK(0,SSL_F_SSL2_READ_INTERNAL,0), "SSL2_READ_INTERNAL"},
{ERR_PACK(0,SSL_F_SSL2_SET_CERTIFICATE,0), "SSL2_SET_CERTIFICATE"}, {ERR_PACK(0,SSL_F_SSL2_SET_CERTIFICATE,0), "SSL2_SET_CERTIFICATE"},
{ERR_PACK(0,SSL_F_SSL2_WRITE,0), "SSL2_WRITE"}, {ERR_PACK(0,SSL_F_SSL2_WRITE,0), "SSL2_WRITE"},
{ERR_PACK(0,SSL_F_SSL3_ACCEPT,0), "SSL3_ACCEPT"}, {ERR_PACK(0,SSL_F_SSL3_ACCEPT,0), "SSL3_ACCEPT"},

View File

@ -55,6 +55,59 @@
* copied and put under another distribution licence * copied and put under another distribution licence
* [including the GNU Public Licence.] * [including the GNU Public Licence.]
*/ */
/* ====================================================================
* Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#ifndef HEADER_SSL_LOCL_H #ifndef HEADER_SSL_LOCL_H
#define HEADER_SSL_LOCL_H #define HEADER_SSL_LOCL_H
@ -497,7 +550,7 @@ SSL_CIPHER *ssl3_get_cipher(unsigned int u);
int ssl3_renegotiate(SSL *ssl); int ssl3_renegotiate(SSL *ssl);
int ssl3_renegotiate_check(SSL *ssl); int ssl3_renegotiate_check(SSL *ssl);
int ssl3_dispatch_alert(SSL *s); int ssl3_dispatch_alert(SSL *s);
int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len); int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek);
int ssl3_write_bytes(SSL *s, int type, const void *buf, int len); int ssl3_write_bytes(SSL *s, int type, const void *buf, int len);
int ssl3_final_finish_mac(SSL *s, EVP_MD_CTX *ctx1, EVP_MD_CTX *ctx2, int ssl3_final_finish_mac(SSL *s, EVP_MD_CTX *ctx1, EVP_MD_CTX *ctx2,
const char *sender, int slen,unsigned char *p); const char *sender, int slen,unsigned char *p);