Commit a375025e authored by mancha's avatar mancha Committed by Dr. Stephen Henson
Browse files

Fix alert handling. 

Fix OpenSSL 0.9.8 alert handling.

PR#3038
parent d471adf3

CHANGES

+6 −0
Original line number Diff line number Diff line
@@ -4,6 +4,12 @@ 


 Changes between 0.9.8y and 0.9.8za [xx XXX xxxx]



  *) Fix handling of warning-level alerts in SSL23 client mode so they

     don't cause client-side termination (eg. on SNI unrecognized_name

     warnings). Add client and server support for six additional alerts

     per RFC 6066 and RFC 4279.

     [mancha]



  *) Add option SSL_OP_SAFARI_ECDHE_ECDSA_BUG (part of SSL_OP_ALL) which

     avoids preferring ECDHE-ECDSA ciphers when the client appears to be

     Safari on OS X.  Safari on OS X 10.8..10.8.3 advertises support for

apps/s_cb.c

+18 −0
Original line number Diff line number Diff line
@@ -518,6 +518,24 @@ void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void * 
				case 100:

					str_details2 = " no_renegotiation";

					break;

				case 110:

					str_details2 = " unsupported_extension";

					break;

				case 111:

					str_details2 = " certificate_unobtainable";

					break;

				case 112:

					str_details2 = " unrecognized_name";

					break;

				case 113:

					str_details2 = " bad_certificate_status_response";

					break;

				case 114:

					str_details2 = " bad_certificate_hash_value";

					break;

				case 115:

					str_details2 = " unknown_psk_identity";

					break;

					}

				}

			}

crypto/err/openssl.ec

+5 −0
Original line number Diff line number Diff line
@@ -71,6 +71,11 @@ R SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY 1071 
R SSL_R_TLSV1_ALERT_INTERNAL_ERROR		1080

R SSL_R_TLSV1_ALERT_USER_CANCELLED		1090

R SSL_R_TLSV1_ALERT_NO_RENEGOTIATION		1100

R SSL_R_TLSV1_UNSUPPORTED_EXTENSION		1110

R SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE		1111

R SSL_R_TLSV1_UNRECOGNIZED_NAME			1112

R SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE	1113

R SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE	1114



R RSAREF_R_CONTENT_ENCODING			0x0400

R RSAREF_R_DATA					0x0401

ssl/s23_clnt.c

+50 −47
Original line number Diff line number Diff line
@@ -509,7 +509,7 @@ static int ssl23_get_server_hello(SSL *s) 
			/* use special padding (SSL 3.0 draft/RFC 2246, App. E.2) */

			s->s2->ssl2_rollback=1;



		/* setup the 5 bytes we have read so we get them from

		/* setup the 7 bytes we have read so we get them from

		 * the sslv2 buffer */

		s->rstate=SSL_ST_READ_HEADER;

		s->packet_length=n;
@@ -525,27 +525,13 @@ static int ssl23_get_server_hello(SSL *s) 
		s->handshake_func=s->method->ssl_connect;

#endif

		}

	else if ((p[0] == SSL3_RT_HANDSHAKE) &&

		 (p[1] == SSL3_VERSION_MAJOR) &&

	else if (p[1] == SSL3_VERSION_MAJOR &&

	         ((p[2] == SSL3_VERSION_MINOR) ||

                  (p[2] == TLS1_VERSION_MINOR)) &&

		 (p[5] == SSL3_MT_SERVER_HELLO))

	         ((p[0] == SSL3_RT_HANDSHAKE && p[5] == SSL3_MT_SERVER_HELLO) ||

	          (p[0] == SSL3_RT_ALERT && p[3] == 0 && p[4] == 2)))

		{

		/* we have sslv3 or tls1 */



		if (!ssl_init_wbio_buffer(s,1)) goto err;



		/* we are in this state */

		s->state=SSL3_ST_CR_SRVR_HELLO_A;



		/* put the 5 bytes we have read into the input buffer

		 * for SSLv3 */

		s->rstate=SSL_ST_READ_HEADER;

		s->packet_length=n;

		s->packet= &(s->s3->rbuf.buf[0]);

		memcpy(s->packet,buf,n);

		s->s3->rbuf.left=n;

		s->s3->rbuf.offset=0;

		/* we have sslv3 or tls1 (server hello or alert) */



		if ((p[2] == SSL3_VERSION_MINOR) &&

			!(s->options & SSL_OP_NO_SSLv3))
@@ -573,19 +559,13 @@ static int ssl23_get_server_hello(SSL *s) 
			goto err;

			}



		s->handshake_func=s->method->ssl_connect;

		}

	else if ((p[0] == SSL3_RT_ALERT) &&

		 (p[1] == SSL3_VERSION_MAJOR) &&

		 ((p[2] == SSL3_VERSION_MINOR) ||

		  (p[2] == TLS1_VERSION_MINOR)) &&

		 (p[3] == 0) &&

		 (p[4] == 2))

		if (p[0] == SSL3_RT_ALERT && p[5] != SSL3_AL_WARNING)

			{

			/* fatal alert */



			void (*cb)(const SSL *ssl,int type,int val)=NULL;

			int j;



		/* An alert */

			if (s->info_callback != NULL)

				cb=s->info_callback;

			else if (s->ctx->info_callback != NULL)
@@ -598,10 +578,33 @@ static int ssl23_get_server_hello(SSL *s) 
				cb(s,SSL_CB_READ_ALERT,j);

				}

			

			if (s->msg_callback)

				s->msg_callback(0, s->version, SSL3_RT_ALERT, p+5, 2, s, s->msg_callback_arg);



			s->rwstate=SSL_NOTHING;

			SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_AD_REASON_OFFSET+p[6]);

			goto err;

			}



		if (!ssl_init_wbio_buffer(s,1)) goto err;



		/* we are in this state */

		s->state=SSL3_ST_CR_SRVR_HELLO_A;



		/* put the 7 bytes we have read into the input buffer

		 * for SSLv3 */

		s->rstate=SSL_ST_READ_HEADER;

		s->packet_length=n;

		if (s->s3->rbuf.buf == NULL)

			if (!ssl3_setup_buffers(s))

				goto err;

		s->packet= &(s->s3->rbuf.buf[0]);

		memcpy(s->packet,buf,n);

		s->s3->rbuf.left=n;

		s->s3->rbuf.offset=0;



		s->handshake_func=s->method->ssl_connect;

		}

	else

		{

		SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_R_UNKNOWN_PROTOCOL);

ssl/s3_enc.c

+6 −0
Original line number Diff line number Diff line
@@ -758,6 +758,12 @@ int ssl3_alert_code(int code) 
	case SSL_AD_INTERNAL_ERROR:	return(SSL3_AD_HANDSHAKE_FAILURE);

	case SSL_AD_USER_CANCELLED:	return(SSL3_AD_HANDSHAKE_FAILURE);

	case SSL_AD_NO_RENEGOTIATION:	return(-1); /* Don't send it :-) */

	case SSL_AD_UNSUPPORTED_EXTENSION: return(SSL3_AD_HANDSHAKE_FAILURE);

	case SSL_AD_CERTIFICATE_UNOBTAINABLE: return(SSL3_AD_HANDSHAKE_FAILURE);

	case SSL_AD_UNRECOGNIZED_NAME:	return(SSL3_AD_HANDSHAKE_FAILURE);

	case SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE: return(SSL3_AD_HANDSHAKE_FAILURE);

	case SSL_AD_BAD_CERTIFICATE_HASH_VALUE: return(SSL3_AD_HANDSHAKE_FAILURE);

	case SSL_AD_UNKNOWN_PSK_IDENTITY:return(TLS1_AD_UNKNOWN_PSK_IDENTITY);

	default:			return(-1);

		}

	}