From a661b6535744f41b428bb35a7fc3e5747900e9ef Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Sat, 20 Oct 2001 17:56:36 +0000 Subject: [PATCH] New functions SSL[_CTX]_set_msg_callback(). New macros SSL[_CTX]_set_msg_callback_arg(). Message callback imlementation for SSL 3.0/TLS 1.0 (no SSL 2.0 yet). New '-msg' option for 'openssl s_client' and 'openssl s_server' that enable a message callback that displays all protocol messages. In ssl3_get_client_hello (ssl/s3_srvr.c), generate a fatal alert if client_version is smaller than the protocol version in use. Also change ssl23_get_client_hello (ssl/s23_srvr.c) to select TLS 1.0 if the client demanded SSL 3.0 but only TLS 1.0 is enabled; then the client will at least see that alert. Fix SSL[_CTX]_ctrl prototype (void * instead of char * for generic pointer). Add/update some OpenSSL copyright notices. --- CHANGES | 37 ++++++ apps/apps.c | 53 +++++++++ apps/apps.h | 53 +++++++++ apps/openssl.c | 2 +- apps/rand.c | 53 +++++++++ apps/s_apps.h | 61 ++++++++-- apps/s_cb.c | 250 +++++++++++++++++++++++++++++++++++++++ apps/s_client.c | 65 +++++++++- apps/s_server.c | 70 ++++++++++- apps/version.c | 53 +++++++++ doc/ssl/SSL_CTX_ctrl.pod | 4 +- ssl/s23_srvr.c | 70 ++++++++++- ssl/s2_lib.c | 4 +- ssl/s3_both.c | 12 +- ssl/s3_lib.c | 6 +- ssl/s3_pkt.c | 15 +++ ssl/s3_srvr.c | 12 ++ ssl/ssl.h | 36 +++--- ssl/ssl_lib.c | 32 +++-- ssl/ssl_locl.h | 12 +- 20 files changed, 848 insertions(+), 52 deletions(-) diff --git a/CHANGES b/CHANGES index b544a62db..79ee3c82e 100644 --- a/CHANGES +++ b/CHANGES @@ -12,6 +12,43 @@ *) applies to 0.9.6a/0.9.6b/0.9.6c and 0.9.7 +) applies to 0.9.7 only + +) New functions/macros + + SSL_CTX_set_msg_callback(ctx, cb) + SSL_CTX_set_msg_callback_arg(ctx, arg) + SSL_set_msg_callback(ssl, cb) + SSL_set_msg_callback_arg(ssl, arg) + + to request calling a callback function + + void cb(int write_p, int version, int content_type, + const void *buf, size_t len, SSL *ssl, void *arg) + + whenever a protocol message has been completely received + (write_p == 0) or sent (write_p == 1). Here 'version' is the + protocol version according to which the SSL library interprets + the current protocol message (SSL2_VERSION, SSL3_VERSION, or + TLS1_VERSION). 'content_type' is 0 in the case of SSL 2.0, or + the content type as defined in the SSL 3.0/TLS 1.0 protocol + specification (change_cipher_spec(20), alert(21), handshake(22)). + 'buf' and 'len' point to the actual message, 'ssl' to the + SSL object, and 'arg' is the application-defined value set by + SSL[_CTX]_set_msg_callback_arg(). + + 'openssl s_client' and 'openssl s_server' have new '-msg' options + to enable a callback that displays all protocol messages. + + TODO: SSL 2.0, doc/ssl/, doc/apps/ + [Bodo Moeller] + + *) In ssl3_get_client_hello (ssl/s3_srvr.c), generate a fatal alert + (sent using the client's version number) if client_version is + smaller than the protocol version in use. Also change + ssl23_get_client_hello (ssl/s23_srvr.c) to select TLS 1.0 if + the client demanded SSL 3.0 but only TLS 1.0 is enabled; then + the client will at least see that alert. + [Bodo Moeller] + +) Modify the behaviour of EVP cipher functions in similar way to digests to retain compatibility with existing code. [Steve Henson] diff --git a/apps/apps.c b/apps/apps.c index 1089c8b8a..e1e29f868 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -55,6 +55,59 @@ * copied and put under another distribution licence * [including the GNU Public Licence.] */ +/* ==================================================================== + * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ #include #include diff --git a/apps/apps.h b/apps/apps.h index 07ddd4c3a..c60b28a7e 100644 --- a/apps/apps.h +++ b/apps/apps.h @@ -55,6 +55,59 @@ * copied and put under another distribution licence * [including the GNU Public Licence.] */ +/* ==================================================================== + * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ #ifndef HEADER_APPS_H #define HEADER_APPS_H diff --git a/apps/openssl.c b/apps/openssl.c index 1b3ffe404..7edd9e313 100644 --- a/apps/openssl.c +++ b/apps/openssl.c @@ -56,7 +56,7 @@ * [including the GNU Public Licence.] */ /* ==================================================================== - * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions diff --git a/apps/rand.c b/apps/rand.c index 04eee81b1..68622165e 100644 --- a/apps/rand.c +++ b/apps/rand.c @@ -1,4 +1,57 @@ /* apps/rand.c */ +/* ==================================================================== + * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ #include "apps.h" diff --git a/apps/s_apps.h b/apps/s_apps.h index 235a1778e..38301b3e8 100644 --- a/apps/s_apps.h +++ b/apps/s_apps.h @@ -55,6 +55,59 @@ * copied and put under another distribution licence * [including the GNU Public Licence.] */ +/* ==================================================================== + * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ #include #include @@ -89,13 +142,9 @@ typedef fd_mask fd_set; int do_server(int port, int *ret, int (*cb) (), char *context); #ifdef HEADER_X509_H int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx); -#else -int MS_CALLBACK verify_callback(int ok, char *ctx); #endif #ifdef HEADER_SSL_H int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file); -#else -int set_cert_stuff(char *ctx, char *cert_file, char *key_file); #endif int init_client(int *sock, char *server, int port); int should_retry(int i); @@ -107,7 +156,5 @@ long MS_CALLBACK bio_dump_cb(BIO *bio, int cmd, const char *argp, #ifdef HEADER_SSL_H void MS_CALLBACK apps_ssl_info_callback(SSL *s, int where, int ret); -#else -void MS_CALLBACK apps_ssl_info_callback(char *s, int where, int ret); +void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg); #endif - diff --git a/apps/s_cb.c b/apps/s_cb.c index fd622597d..a17e3a293 100644 --- a/apps/s_cb.c +++ b/apps/s_cb.c @@ -55,6 +55,59 @@ * copied and put under another distribution licence * [including the GNU Public Licence.] */ +/* ==================================================================== + * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ #include #include @@ -236,3 +289,200 @@ void MS_CALLBACK apps_ssl_info_callback(SSL *s, int where, int ret) } } + +void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg) + { + BIO *bio = arg; + const char *str_write_p, *str_version, *str_content_type = "", *str_details1 = "", *str_details2= ""; + + str_write_p = write_p ? ">>>" : "<<<"; + + switch (version) + { + case SSL2_VERSION: + str_version = "SSL 2.0"; + break; + case SSL3_VERSION: + str_version = "SSL 3.0 "; + break; + case TLS1_VERSION: + str_version = "TLS 1.0 "; + break; + default: + str_version = "???"; + } + + if (version == SSL3_VERSION || version == TLS1_VERSION) + { + switch (content_type) + { + case 20: + str_content_type = "ChangeCipherSpec"; + break; + case 21: + str_content_type = "Alert"; + break; + case 22: + str_content_type = "Handshake"; + break; + } + + if (content_type == 21) /* Alert */ + { + str_details1 = ", ???"; + + if (len == 2) + { + switch (((unsigned char*)buf)[0]) + { + case 1: + str_details1 = ", warning"; + break; + case 2: + str_details1 = ", fatal"; + break; + } + + str_details2 = " ???"; + switch (((unsigned char*)buf)[1]) + { + case 0: + str_details2 = " close_notify"; + break; + case 10: + str_details2 = " unexpected_message"; + break; + case 20: + str_details2 = " bad_record_mac"; + break; + case 21: + str_details2 = " decryption_failed"; + break; + case 22: + str_details2 = " record_overflow"; + break; + case 30: + str_details2 = " decompression_failure"; + break; + case 40: + str_details2 = " handshake_failure"; + break; + case 42: + str_details2 = " bad_certificate"; + break; + case 43: + str_details2 = " unsupported_certificate"; + break; + case 44: + str_details2 = " certificate_revoked"; + break; + case 45: + str_details2 = " certificate_expired"; + break; + case 46: + str_details2 = " certificate_unknown"; + break; + case 47: + str_details2 = " illegal_parameter"; + break; + case 48: + str_details2 = " unknown_ca"; + break; + case 49: + str_details2 = " access_denied"; + break; + case 50: + str_details2 = " decode_error"; + break; + case 51: + str_details2 = " decrypt_error"; + break; + case 60: + str_details2 = " export_restriction"; + break; + case 70: + str_details2 = " protocol_version"; + break; + case 71: + str_details2 = " insufficient_security"; + break; + case 80: + str_details2 = " internal_error"; + break; + case 90: + str_details2 = " user_canceled"; + break; + case 100: + str_details2 = " no_renegotiation"; + break; + } + } + } + + if (content_type == 22) /* Handshake */ + { + str_details1 = "???"; + + if (len > 0) + { + switch (((unsigned char*)buf)[0]) + { + case 0: + str_details1 = ", HelloRequest"; + break; + case 1: + str_details1 = ", ClientHello"; + break; + case 2: + str_details1 = ", ServerHello"; + break; + case 11: + str_details1 = ", Certificate"; + break; + case 12: + str_details1 = ", ServerKeyExchange"; + break; + case 13: + str_details1 = ", CertificateRequest"; + break; + case 14: + str_details1 = ", ServerHelloDone"; + break; + case 15: + str_details1 = ", CertificateVerify"; + break; + case 16: + str_details1 = ", ClientKeyExchange"; + break; + case 20: + str_details1 = ", Finished"; + break; + } + } + } + } + + BIO_printf(bio, "%s %s%s [length %04lx]%s%s\n", str_write_p, str_version, str_content_type, (unsigned long)len, str_details1, str_details2); + + if (len > 0) + { + size_t num, i; + + BIO_printf(bio, " "); + num = len; +#if 0 + if (num > 16) + num = 16; +#endif + for (i = 0; i < num; i++) + { + if (i % 16 == 0 && i > 0) + BIO_printf(bio, "\n "); + BIO_printf(bio, " %02x", ((unsigned char*)buf)[i]); + } + if (i < len) + BIO_printf(bio, " ..."); + BIO_printf(bio, "\n"); + } + BIO_flush(bio); + } diff --git a/apps/s_client.c b/apps/s_client.c index 2c9ae3546..2b289b80e 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -55,6 +55,59 @@ * copied and put under another distribution licence * [including the GNU Public Licence.] */ +/* ==================================================================== + * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ #include #include @@ -113,6 +166,7 @@ static int c_nbio=0; #endif static int c_Pause=0; static int c_debug=0; +static int c_msg=0; static int c_showcerts=0; static void sc_usage(void); @@ -139,6 +193,7 @@ static void sc_usage(void) BIO_printf(bio_err," -pause - sleep(1) after each read(2) and write(2) system call\n"); BIO_printf(bio_err," -showcerts - show all certificates in the chain\n"); BIO_printf(bio_err," -debug - extra output\n"); + BIO_printf(bio_err," -msg - Show protocol messages\n"); BIO_printf(bio_err," -nbio_test - more ssl protocol testing\n"); BIO_printf(bio_err," -state - print the 'ssl' states\n"); #ifdef FIONBIO @@ -205,6 +260,7 @@ int MAIN(int argc, char **argv) c_quiet=0; c_ign_eof=0; c_debug=0; + c_msg=0; c_showcerts=0; if (bio_err == NULL) @@ -275,6 +331,8 @@ int MAIN(int argc, char **argv) c_Pause=1; else if (strcmp(*argv,"-debug") == 0) c_debug=1; + else if (strcmp(*argv,"-msg") == 0) + c_msg=1; else if (strcmp(*argv,"-showcerts") == 0) c_showcerts=1; else if (strcmp(*argv,"-nbio_test") == 0) @@ -368,7 +426,7 @@ bad: if (bio_c_out == NULL) { - if (c_quiet) + if (c_quiet && !c_debug && !c_msg) { bio_c_out=BIO_new(BIO_s_null()); } @@ -471,6 +529,11 @@ re_start: BIO_set_callback(sbio,bio_dump_cb); BIO_set_callback_arg(sbio,bio_c_out); } + if (c_msg) + { + SSL_set_msg_callback(con, msg_cb); + SSL_set_msg_callback_arg(con, bio_c_out); + } SSL_set_bio(con,sbio,sbio); SSL_set_connect_state(con); diff --git a/apps/s_server.c b/apps/s_server.c index cd1e8b4ee..618cb8d63 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -55,6 +55,59 @@ * copied and put under another distribution licence * [including the GNU Public Licence.] */ +/* ==================================================================== + * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ #include #include @@ -177,6 +230,7 @@ static int www=0; static BIO *bio_s_out=NULL; static int s_debug=0; +static int s_msg=0; static int s_quiet=0; static int hack=0; @@ -202,6 +256,7 @@ static void s_server_init(void) bio_s_out=NULL; s_debug=0; + s_msg=0; s_quiet=0; hack=0; engine_id=NULL; @@ -230,6 +285,7 @@ static void sv_usage(void) BIO_printf(bio_err," -nbio_test - test with the non-blocking test bio\n"); BIO_printf(bio_err," -crlf - convert LF from terminal into CRLF\n"); BIO_printf(bio_err," -debug - Print more output\n"); + BIO_printf(bio_err," -msg - Show protocol messages\n"); BIO_printf(bio_err," -state - Print the SSL states\n"); BIO_printf(bio_err," -CApath arg - PEM format directory of CA's\n"); BIO_printf(bio_err," -CAfile arg - PEM format file of CA's\n"); @@ -553,6 +609,8 @@ int MAIN(int argc, char *argv[]) } else if (strcmp(*argv,"-debug") == 0) { s_debug=1; } + else if (strcmp(*argv,"-msg") == 0) + { s_msg=1; } else if (strcmp(*argv,"-hack") == 0) { hack=1; } else if (strcmp(*argv,"-state") == 0) @@ -633,7 +691,7 @@ bad: if (bio_s_out == NULL) { - if (s_quiet && !s_debug) + if (s_quiet && !s_debug && !s_msg) { bio_s_out=BIO_new(BIO_s_null()); } @@ -892,6 +950,11 @@ static int sv_body(char *hostname, int s, unsigned char *context) BIO_set_callback(SSL_get_rbio(con),bio_dump_cb); BIO_set_callback_arg(SSL_get_rbio(con),bio_s_out); } + if (s_msg) + { + SSL_set_msg_callback(con, msg_cb); + SSL_set_msg_callback_arg(con, bio_s_out); + } width=s+1; for (;;) @@ -1284,6 +1347,11 @@ static int www_body(char *hostname, int s, unsigned char *context) BIO_set_callback(SSL_get_rbio(con),bio_dump_cb); BIO_set_callback_arg(SSL_get_rbio(con),bio_s_out); } + if (s_msg) + { + SSL_set_msg_callback(con, msg_cb); + SSL_set_msg_callback_arg(con, bio_s_out); + } blank=0; for (;;) diff --git a/apps/version.c b/apps/version.c index 32d1a089d..8956b7da9 100644 --- a/apps/version.c +++ b/apps/version.c @@ -55,6 +55,59 @@ * copied and put under another distribution licence * [including the GNU Public Licence.] */ +/* ==================================================================== + * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ #include #include diff --git a/doc/ssl/SSL_CTX_ctrl.pod b/doc/ssl/SSL_CTX_ctrl.pod index 4228225ae..fb6adcf50 100644 --- a/doc/ssl/SSL_CTX_ctrl.pod +++ b/doc/ssl/SSL_CTX_ctrl.pod @@ -8,10 +8,10 @@ SSL_CTX_ctrl, SSL_CTX_callback_ctrl, SSL_ctrl, SSL_callback_ctrl - internal hand #include - long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, char *parg); + long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg); long SSL_CTX_callback_ctrl(SSL_CTX *, int cmd, void (*fp)()); - long SSL_ctrl(SSL *ssl, int cmd, long larg, char *parg); + long SSL_ctrl(SSL *ssl, int cmd, long larg, void *parg); long SSL_callback_ctrl(SSL *, int cmd, void (*fp)()); =head1 DESCRIPTION diff --git a/ssl/s23_srvr.c b/ssl/s23_srvr.c index 563531f12..8c41e1ff0 100644 --- a/ssl/s23_srvr.c +++ b/ssl/s23_srvr.c @@ -55,6 +55,59 @@ * copied and put under another distribution licence * [including the GNU Public Licence.] */ +/* ==================================================================== + * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ #include #include @@ -310,10 +363,21 @@ int ssl23_get_client_hello(SSL *s) type=3; } } - else if (!(s->options & SSL_OP_NO_SSLv3)) + else { - s->version=SSL3_VERSION; - type=3; + /* client requests SSL 3.0 */ + if (!(s->options & SSL_OP_NO_SSLv3)) + { + s->version=SSL3_VERSION; + type=3; + } + else if (!(s->options & SSL_OP_NO_TLSv1)) + { + /* we won't be able to use TLS of course, + * but this will send an appropriate alert */ + s->version=TLS1_VERSION; + type=3; + } } } else if ((strncmp("GET ", (char *)p,4) == 0) || diff --git a/ssl/s2_lib.c b/ssl/s2_lib.c index f231e0788..aaca270fc 100644 --- a/ssl/s2_lib.c +++ b/ssl/s2_lib.c @@ -330,7 +330,7 @@ void ssl2_clear(SSL *s) s->packet_length=0; } -long ssl2_ctrl(SSL *s, int cmd, long larg, char *parg) +long ssl2_ctrl(SSL *s, int cmd, long larg, void *parg) { int ret=0; @@ -350,7 +350,7 @@ long ssl2_callback_ctrl(SSL *s, int cmd, void (*fp)()) return(0); } -long ssl2_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, char *parg) +long ssl2_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) { return(0); } diff --git a/ssl/s3_both.c b/ssl/s3_both.c index dd860a6ba..fa84077f6 100644 --- a/ssl/s3_both.c +++ b/ssl/s3_both.c @@ -119,7 +119,7 @@ #include #include "ssl_locl.h" -/* send s->init_buf in records of type 'type' */ +/* send s->init_buf in records of type 'type' (SSL3_RT_HANDSHAKE or SSL3_RT_CHANGE_CIPHER_SPEC) */ int ssl3_do_write(SSL *s, int type) { int ret; @@ -133,7 +133,11 @@ int ssl3_do_write(SSL *s, int type) ssl3_finish_mac(s,(unsigned char *)&s->init_buf->data[s->init_off],ret); if (ret == s->init_num) + { + if (s->msg_callback) + s->msg_callback(1, s->version, type, s->init_buf->data, (size_t)s->init_num, s, s->msg_callback_arg); return(1); + } s->init_off+=ret; s->init_num-=ret; return(0); @@ -393,8 +397,10 @@ long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok) { s->init_num = 0; skip_message = 1; + + if (s->msg_callback) + s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, p, 4, s, s->msg_callback_arg); } - } while (skip_message); @@ -461,6 +467,8 @@ long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok) n -= i; } ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, s->init_num + 4); + if (s->msg_callback) + s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->init_buf->data, (size_t)s->init_num + 4, s, s->msg_callback_arg); *ok=1; return s->init_num; f_err: diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 4575eeecc..9a8cf1042 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -56,7 +56,7 @@ * [including the GNU Public Licence.] */ /* ==================================================================== - * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -1026,7 +1026,7 @@ void ssl3_clear(SSL *s) s->version=SSL3_VERSION; } -long ssl3_ctrl(SSL *s, int cmd, long larg, char *parg) +long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) { int ret=0; @@ -1189,7 +1189,7 @@ long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)()) return(ret); } -long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, char *parg) +long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) { CERT *cert; diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c index b76aabee8..3baf6c50a 100644 --- a/ssl/s3_pkt.c +++ b/ssl/s3_pkt.c @@ -911,6 +911,9 @@ start: goto err; } + if (s->msg_callback) + s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->s3->handshake_fragment, 4, s, s->msg_callback_arg); + if (SSL_is_init_finished(s) && !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) && !s->s3->renegotiate) @@ -956,6 +959,9 @@ start: s->s3->alert_fragment_len = 0; + if (s->msg_callback) + s->msg_callback(0, s->version, SSL3_RT_ALERT, s->s3->alert_fragment, 2, s, s->msg_callback_arg); + if (s->info_callback != NULL) cb=s->info_callback; else if (s->ctx->info_callback != NULL) @@ -1019,6 +1025,10 @@ start: } rr->length=0; + + if (s->msg_callback) + s->msg_callback(0, s->version, SSL3_RT_CHANGE_CIPHER_SPEC, rr->data, 1, s, s->msg_callback_arg); + s->s3->change_cipher_spec=1; if (!do_change_cipher_spec(s)) goto err; @@ -1177,6 +1187,8 @@ void ssl3_send_alert(SSL *s, int level, int desc) { /* Map tls/ssl alert value to correct one */ desc=s->method->ssl3_enc->alert_value(desc); + if (s->version == SSL3_VERSION && desc == SSL_AD_PROTOCOL_VERSION) + desc = SSL_AD_HANDSHAKE_FAILURE; /* SSL 3.0 does not have protocol_version alerts */ if (desc < 0) return; /* If a fatal one, remove from cache */ if ((level == 2) && (s->session != NULL)) @@ -1210,6 +1222,9 @@ int ssl3_dispatch_alert(SSL *s) if (s->s3->send_alert[0] == SSL3_AL_FATAL) (void)BIO_flush(s->wbio); + if (s->msg_callback) + s->msg_callback(1, s->version, SSL3_RT_ALERT, s->s3->send_alert, 2, s, s->msg_callback_arg); + if (s->info_callback != NULL) cb=s->info_callback; else if (s->ctx->info_callback != NULL) diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index d838bb912..9cea6e31a 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -670,6 +670,18 @@ static int ssl3_get_client_hello(SSL *s) s->client_version=(((int)p[0])<<8)|(int)p[1]; p+=2; + if (s->client_version < s->version) + { + SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_WRONG_VERSION_NUMBER); + if ((s->client_version>>8) == SSL3_VERSION_MAJOR) + { + /* similar to ssl3_get_record, send alert using remote version number */ + s->version = s->client_version; + } + al = SSL_AD_PROTOCOL_VERSION; + goto f_err; + } + /* load the client random */ memcpy(s->s3->client_random,p,SSL3_RANDOM_SIZE); p+=SSL3_RANDOM_SIZE; diff --git a/ssl/ssl.h b/ssl/ssl.h index f364240fb..541f4945f 100644 --- a/ssl/ssl.h +++ b/ssl/ssl.h @@ -283,8 +283,8 @@ typedef struct ssl_method_st int (*ssl_shutdown)(SSL *s); int (*ssl_renegotiate)(SSL *s); int (*ssl_renegotiate_check)(SSL *s); - long (*ssl_ctrl)(SSL *s,int cmd,long larg,char *parg); - long (*ssl_ctx_ctrl)(SSL_CTX *ctx,int cmd,long larg,char *parg); + long (*ssl_ctrl)(SSL *s,int cmd,long larg,void *parg); + long (*ssl_ctx_ctrl)(SSL_CTX *ctx,int cmd,long larg,void *parg); SSL_CIPHER *(*get_cipher_by_char)(const unsigned char *ptr); int (*put_cipher_by_char)(const SSL_CIPHER *cipher,unsigned char *ptr); int (*ssl_pending)(SSL *s); @@ -428,22 +428,30 @@ typedef struct ssl_session_st * they cannot be used to clear bits. */ #define SSL_CTX_set_options(ctx,op) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_OPTIONS,op,NULL) + SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,(op),NULL) #define SSL_CTX_get_options(ctx) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_OPTIONS,0,NULL) + SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,0,NULL) #define SSL_set_options(ssl,op) \ - SSL_ctrl(ssl,SSL_CTRL_OPTIONS,op,NULL) + SSL_ctrl((ssl),SSL_CTRL_OPTIONS,(op),NULL) #define SSL_get_options(ssl) \ - SSL_ctrl(ssl,SSL_CTRL_OPTIONS,0,NULL) + SSL_ctrl((ssl),SSL_CTRL_OPTIONS,0,NULL) #define SSL_CTX_set_mode(ctx,op) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_MODE,op,NULL) + SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,(op),NULL) #define SSL_CTX_get_mode(ctx) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_MODE,0,NULL) + SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,0,NULL) #define SSL_set_mode(ssl,op) \ - SSL_ctrl(ssl,SSL_CTRL_MODE,op,NULL) + SSL_ctrl((ssl),SSL_CTRL_MODE,(op),NULL) #define SSL_get_mode(ssl) \ - SSL_ctrl(ssl,SSL_CTRL_MODE,0,NULL) + SSL_ctrl((ssl),SSL_CTRL_MODE,0,NULL) + + +void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)); +void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)); +#define SSL_CTX_set_msg_callback_arg(ctx, arg) SSL_CTX_ctrl((ctx), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg)) +#define SSL_set_msg_callback_arg(ssl, arg) SSL_ctrl((ssl), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg)) + + #if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN32) #define SSL_MAX_CERT_LIST_DEFAULT 1024*30 /* 30k max cert list :-) */ @@ -586,7 +594,7 @@ struct ssl_ctx_st int read_ahead; /* callback that allows applications to peek at protocol messages */ - void (*msg_callback)(int write_p, int version, int content_type, size_t len, const char *buf, SSL *ssl, void *arg); + void (*msg_callback)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg); void *msg_callback_arg; int verify_mode; @@ -732,7 +740,7 @@ struct ssl_st * (for non-blocking reads) */ /* callback that allows applications to peek at protocol messages */ - void (*msg_callback)(int write_p, int version, int content_type, size_t len, const char *buf, SSL *ssl, void *arg); + void (*msg_callback)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg); void *msg_callback_arg; int hit; /* reusing a previous session */ @@ -1205,9 +1213,9 @@ int SSL_connect(SSL *ssl); int SSL_read(SSL *ssl,void *buf,int num); int SSL_peek(SSL *ssl,void *buf,int num); int SSL_write(SSL *ssl,const void *buf,int num); -long SSL_ctrl(SSL *ssl,int cmd, long larg, char *parg); +long SSL_ctrl(SSL *ssl,int cmd, long larg, void *parg); long SSL_callback_ctrl(SSL *, int, void (*)()); -long SSL_CTX_ctrl(SSL_CTX *ctx,int cmd, long larg, char *parg); +long SSL_CTX_ctrl(SSL_CTX *ctx,int cmd, long larg, void *parg); long SSL_CTX_callback_ctrl(SSL_CTX *, int, void (*)()); int SSL_get_error(SSL *s,int ret_code); diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 1a434a5cb..7257daa8f 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -902,7 +902,7 @@ int SSL_renegotiate_pending(SSL *s) return (s->new_session != 0); } -long SSL_ctrl(SSL *s,int cmd,long larg,char *parg) +long SSL_ctrl(SSL *s,int cmd,long larg,void *parg) { long l; @@ -939,7 +939,7 @@ long SSL_callback_ctrl(SSL *s, int cmd, void (*fp)()) switch(cmd) { case SSL_CTRL_SET_MSG_CALLBACK: - s->msg_callback = (void (*)(int write_p, int version, int content_type, size_t len, const char *buf, SSL *ssl, void *arg))(fp); + s->msg_callback = (void (*)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg))(fp); return 1; default: @@ -952,7 +952,7 @@ struct lhash_st *SSL_CTX_sessions(SSL_CTX *ctx) return ctx->sessions; } -long SSL_CTX_ctrl(SSL_CTX *ctx,int cmd,long larg,char *parg) +long SSL_CTX_ctrl(SSL_CTX *ctx,int cmd,long larg,void *parg) { long l; @@ -1027,7 +1027,7 @@ long SSL_CTX_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)()) switch(cmd) { case SSL_CTRL_SET_MSG_CALLBACK: - ctx->msg_callback = (void (*)(int write_p, int version, int content_type, size_t len, const char *buf, SSL *ssl, void *arg))(fp); + ctx->msg_callback = (void (*)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg))(fp); return 1; default: @@ -2263,17 +2263,29 @@ RSA *cb(SSL *ssl,int is_export,int keylength) #ifndef OPENSSL_NO_DH void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,DH *(*dh)(SSL *ssl,int is_export, int keylength)) - { - SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TMP_DH_CB,(void (*)())dh); - } + { + SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TMP_DH_CB,(void (*)())dh); + } void SSL_set_tmp_dh_callback(SSL *ssl,DH *(*dh)(SSL *ssl,int is_export, int keylength)) - { - SSL_callback_ctrl(ssl,SSL_CTRL_SET_TMP_DH_CB,(void (*)())dh); - } + { + SSL_callback_ctrl(ssl,SSL_CTRL_SET_TMP_DH_CB,(void (*)())dh); + } #endif + +void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)) + { + SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_MSG_CALLBACK, (void (*)())cb); + } +void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)) + { + SSL_callback_ctrl(ssl, SSL_CTRL_SET_MSG_CALLBACK, (void (*)())cb); + } + + + #if defined(_WINDLL) && defined(OPENSSL_SYS_WIN16) #include "../crypto/bio/bss_file.c" #endif diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index 6f3b71087..17e9bef83 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -56,7 +56,7 @@ * [including the GNU Public Licence.] */ /* ==================================================================== - * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -530,8 +530,8 @@ int ssl2_peek(SSL *s, void *buf, int len); int ssl2_write(SSL *s, const void *buf, int len); int ssl2_shutdown(SSL *s); void ssl2_clear(SSL *s); -long ssl2_ctrl(SSL *s,int cmd, long larg, char *parg); -long ssl2_ctx_ctrl(SSL_CTX *s,int cmd, long larg, char *parg); +long ssl2_ctrl(SSL *s,int cmd, long larg, void *parg); +long ssl2_ctx_ctrl(SSL_CTX *s,int cmd, long larg, void *parg); long ssl2_callback_ctrl(SSL *s,int cmd, void (*fp)()); long ssl2_ctx_callback_ctrl(SSL_CTX *s,int cmd, void (*fp)()); int ssl2_pending(SSL *s); @@ -578,8 +578,8 @@ int ssl3_peek(SSL *s, void *buf, int len); int ssl3_write(SSL *s, const void *buf, int len); int ssl3_shutdown(SSL *s); void ssl3_clear(SSL *s); -long ssl3_ctrl(SSL *s,int cmd, long larg, char *parg); -long ssl3_ctx_ctrl(SSL_CTX *s,int cmd, long larg, char *parg); +long ssl3_ctrl(SSL *s,int cmd, long larg, void *parg); +long ssl3_ctx_ctrl(SSL_CTX *s,int cmd, long larg, void *parg); long ssl3_callback_ctrl(SSL *s,int cmd, void (*fp)()); long ssl3_ctx_callback_ctrl(SSL_CTX *s,int cmd, void (*fp)()); int ssl3_pending(SSL *s); @@ -592,7 +592,7 @@ int ssl23_write_bytes(SSL *s); int tls1_new(SSL *s); void tls1_free(SSL *s); void tls1_clear(SSL *s); -long tls1_ctrl(SSL *s,int cmd, long larg, char *parg); +long tls1_ctrl(SSL *s,int cmd, long larg, void *parg); long tls1_callback_ctrl(SSL *s,int cmd, void (*fp)()); SSL_METHOD *tlsv1_base_method(void );