/*
* Copyright 2012-2018 The OpenSSL Project Authors. All Rights Reserved.
*
- * Licensed under the OpenSSL license (the "License"). You may not use
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
-#include "ssl_locl.h"
+#include "ssl_local.h"
#ifndef OPENSSL_NO_SSL_TRACE
} ssl_trace_tbl;
# define ssl_trace_str(val, tbl) \
- do_ssl_trace_str(val, tbl, OSSL_NELEM(tbl))
+ do_ssl_trace_str(val, tbl, OSSL_NELEM(tbl))
# define ssl_trace_list(bio, indent, msg, msglen, value, table) \
- do_ssl_trace_list(bio, indent, msg, msglen, value, \
- table, OSSL_NELEM(table))
+ do_ssl_trace_list(bio, indent, msg, msglen, value, \
+ table, OSSL_NELEM(table))
static const char *do_ssl_trace_str(int val, const ssl_trace_tbl *tbl,
size_t ntbl)
{TLS1_1_VERSION, "TLS 1.1"},
{TLS1_2_VERSION, "TLS 1.2"},
{TLS1_3_VERSION, "TLS 1.3"},
- /* TODO(TLS1.3): Remove this line before release */
- {TLS1_3_VERSION_DRAFT, TLS1_3_VERSION_DRAFT_TXT},
{DTLS1_VERSION, "DTLS 1.0"},
{DTLS1_2_VERSION, "DTLS 1.2"},
{DTLS1_BAD_VER, "DTLS 1.0 (bad)"}
{0x006B, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256"},
{0x006C, "TLS_DH_anon_WITH_AES_128_CBC_SHA256"},
{0x006D, "TLS_DH_anon_WITH_AES_256_CBC_SHA256"},
+ {0x0081, "TLS_GOSTR341001_WITH_28147_CNT_IMIT"},
+ {0x0083, "TLS_GOSTR341001_WITH_NULL_GOSTR3411"},
{0x0084, "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA"},
{0x0085, "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA"},
{0x0086, "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA"},
{0x1305, "TLS_AES_128_CCM_8_SHA256"},
{0xFEFE, "SSL_RSA_FIPS_WITH_DES_CBC_SHA"},
{0xFEFF, "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA"},
+ {0xFF85, "GOST2012-GOST8912-GOST8912"},
+ {0xFF87, "GOST2012-NULL-GOST12"},
};
/* Compression methods */
{TLSEXT_TYPE_srp, "srp"},
{TLSEXT_TYPE_signature_algorithms, "signature_algorithms"},
{TLSEXT_TYPE_use_srtp, "use_srtp"},
- {TLSEXT_TYPE_heartbeat, "tls_heartbeat"},
{TLSEXT_TYPE_application_layer_protocol_negotiation,
"application_layer_protocol_negotiation"},
{TLSEXT_TYPE_signed_certificate_timestamp, "signed_certificate_timestamps"},
{TLSEXT_TYPE_cookie, "cookie_ext"},
{TLSEXT_TYPE_psk_kex_modes, "psk_key_exchange_modes"},
{TLSEXT_TYPE_certificate_authorities, "certificate_authorities"},
- {TLSEXT_TYPE_post_handshake_auth, "post_handshake_auth"}
- {TLSEXT_TYPE_signature_algorithms_cert, "signature_algorithms_cert"}
+ {TLSEXT_TYPE_post_handshake_auth, "post_handshake_auth"},
+ {TLSEXT_TYPE_signature_algorithms_cert, "signature_algorithms_cert"},
{TLSEXT_TYPE_key_share, "key_share"},
- {TLSEXT_TYPE_renegotiate, "renegotiate"}
+ {TLSEXT_TYPE_renegotiate, "renegotiate"},
# ifndef OPENSSL_NO_NEXTPROTONEG
- , {TLSEXT_TYPE_next_proto_neg, "next_proto_neg"}
+ {TLSEXT_TYPE_next_proto_neg, "next_proto_neg"},
# endif
};
if (*pmsglen < 2)
return 0;
vers = ((*pmsg)[0] << 8) | (*pmsg)[1];
- if (version != NULL) {
- /* TODO(TLS1.3): Remove the draft conditional here before release */
- *version = (vers == TLS1_3_VERSION_DRAFT) ? TLS1_3_VERSION : vers;
- }
+ if (version != NULL)
+ *version = vers;
BIO_indent(bio, indent, 80);
BIO_printf(bio, "%s=0x%x (%s)\n",
name, vers, ssl_trace_str(vers, ssl_version_tbl));
while (xlen > 0) {
size_t plen = *ext++;
- if (plen > xlen + 1)
+ if (plen + 1 > xlen)
return 0;
BIO_indent(bio, indent + 2, 80);
BIO_write(bio, ext, plen);
}
break;
- case TLSEXT_TYPE_heartbeat:
- return 0;
-
case TLSEXT_TYPE_session_ticket:
if (extlen != 0)
ssl_print_hex(bio, indent + 4, "ticket", ext, extlen);
BIO_indent(bio, indent, 80);
if (msglen == 0) {
- BIO_puts(bio, "No Extensions\n");
+ BIO_puts(bio, "No extensions\n");
return 1;
}
- extslen = (msg[0] << 8) | msg[1];
- if (extslen != msglen - 2)
+ if (msglen < 2)
return 0;
+ extslen = (msg[0] << 8) | msg[1];
+ msglen -= 2;
msg += 2;
- msglen = extslen;
- BIO_printf(bio, "extensions, length = %d\n", (int)msglen);
- while (msglen > 0) {
+ if (extslen == 0) {
+ BIO_puts(bio, "No extensions\n");
+ *msgin = msg;
+ *msginlen = msglen;
+ return 1;
+ }
+ if (extslen > msglen)
+ return 0;
+ BIO_printf(bio, "extensions, length = %d\n", (int)extslen);
+ msglen -= extslen;
+ while (extslen > 0) {
int extype;
size_t extlen;
- if (msglen < 4)
+ if (extslen < 4)
return 0;
extype = (msg[0] << 8) | msg[1];
extlen = (msg[2] << 8) | msg[3];
- if (msglen < extlen + 4) {
+ if (extslen < extlen + 4) {
BIO_printf(bio, "extensions, extype = %d, extlen = %d\n", extype,
(int)extlen);
- BIO_dump_indent(bio, (const char *)msg, msglen, indent + 2);
+ BIO_dump_indent(bio, (const char *)msg, extslen, indent + 2);
return 0;
}
msg += 4;
extlen))
return 0;
msg += extlen;
- msglen -= extlen + 4;
+ extslen -= extlen + 4;
}
*msgin = msg;
static int ssl_get_keyex(const char **pname, const SSL *ssl)
{
- unsigned long alg_k = ssl->s3->tmp.new_cipher->algorithm_mkey;
+ unsigned long alg_k = ssl->s3.tmp.new_cipher->algorithm_mkey;
if (alg_k & SSL_kRSA) {
*pname = "rsa";
case SSL_kRSAPSK:
if (TLS1_get_version(ssl) == SSL3_VERSION) {
ssl_print_hex(bio, indent + 2,
- "EncyptedPreMasterSecret", msg, msglen);
+ "EncryptedPreMasterSecret", msg, msglen);
} else {
if (!ssl_print_hexbuf(bio, indent + 2,
- "EncyptedPreMasterSecret", 2, &msg, &msglen))
+ "EncryptedPreMasterSecret", 2, &msg, &msglen))
return 0;
}
break;
msg += xlen;
}
+ if (msglen < 2)
+ return 0;
xlen = (msg[0] << 8) | msg[1];
BIO_indent(bio, indent, 80);
if (msglen < xlen + 2)
if (msglen < 4)
return 0;
- ticket_age_add = (msg[0] << 24) | (msg[1] << 16) | (msg[2] << 8)
- | msg[3];
+ ticket_age_add =
+ (msg[0] << 24) | (msg[1] << 16) | (msg[2] << 8) | msg[3];
msglen -= 4;
msg += 4;
BIO_indent(bio, indent + 2, 80);
switch (content_type) {
case SSL3_RT_HEADER:
{
- int hvers = msg[1] << 8 | msg[2];
+ int hvers;
+
+ /* avoid overlapping with length at the end of buffer */
+ if (msglen < (size_t)(SSL_IS_DTLS(ssl) ?
+ DTLS1_RT_HEADER_LENGTH : SSL3_RT_HEADER_LENGTH)) {
+ BIO_puts(bio, write_p ? "Sent" : "Received");
+ ssl_print_hex(bio, 0, " too short message", msg, msglen);
+ break;
+ }
+ hvers = msg[1] << 8 | msg[2];
BIO_puts(bio, write_p ? "Sent" : "Received");
BIO_printf(bio, " Record\nHeader:\n Version = %s (0x%x)\n",
ssl_trace_str(hvers, ssl_version_tbl), hvers);