1 /* ssl/s3_both.c */
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3  * All rights reserved.
4  *
5  * This package is an SSL implementation written
6  * by Eric Young (eay@cryptsoft.com).
7  * The implementation was written so as to conform with Netscapes SSL.
8  *
9  * This library is free for commercial and non-commercial use as long as
10  * the following conditions are aheared to.  The following conditions
11  * apply to all code found in this distribution, be it the RC4, RSA,
12  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
13  * included with this distribution is covered by the same copyright terms
14  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15  *
16  * Copyright remains Eric Young's, and as such any Copyright notices in
17  * the code are not to be removed.
18  * If this package is used in a product, Eric Young should be given attribution
19  * as the author of the parts of the library used.
20  * This can be in the form of a textual message at program startup or
21  * in documentation (online or textual) provided with the package.
22  *
23  * Redistribution and use in source and binary forms, with or without
24  * modification, are permitted provided that the following conditions
25  * are met:
26  * 1. Redistributions of source code must retain the copyright
27  *    notice, this list of conditions and the following disclaimer.
28  * 2. Redistributions in binary form must reproduce the above copyright
29  *    notice, this list of conditions and the following disclaimer in the
30  *    documentation and/or other materials provided with the distribution.
31  * 3. All advertising materials mentioning features or use of this software
32  *    must display the following acknowledgement:
33  *    "This product includes cryptographic software written by
34  *     Eric Young (eay@cryptsoft.com)"
35  *    The word 'cryptographic' can be left out if the rouines from the library
36  *    being used are not cryptographic related :-).
37  * 4. If you include any Windows specific code (or a derivative thereof) from
38  *    the apps directory (application code) you must include an acknowledgement:
39  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40  *
41  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51  * SUCH DAMAGE.
52  *
53  * The licence and distribution terms for any publically available version or
54  * derivative of this code cannot be changed.  i.e. this code cannot simply be
55  * copied and put under another distribution licence
56  * [including the GNU Public Licence.]
57  */
58 /* ====================================================================
59  * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
60  *
61  * Redistribution and use in source and binary forms, with or without
62  * modification, are permitted provided that the following conditions
63  * are met:
64  *
65  * 1. Redistributions of source code must retain the above copyright
66  *    notice, this list of conditions and the following disclaimer.
67  *
68  * 2. Redistributions in binary form must reproduce the above copyright
69  *    notice, this list of conditions and the following disclaimer in
70  *    the documentation and/or other materials provided with the
71  *    distribution.
72  *
73  * 3. All advertising materials mentioning features or use of this
74  *    software must display the following acknowledgment:
75  *    "This product includes software developed by the OpenSSL Project
76  *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77  *
78  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79  *    endorse or promote products derived from this software without
80  *    prior written permission. For written permission, please contact
81  *    openssl-core@openssl.org.
82  *
83  * 5. Products derived from this software may not be called "OpenSSL"
84  *    nor may "OpenSSL" appear in their names without prior written
85  *    permission of the OpenSSL Project.
86  *
87  * 6. Redistributions of any form whatsoever must retain the following
88  *    acknowledgment:
89  *    "This product includes software developed by the OpenSSL Project
90  *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91  *
92  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
96  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103  * OF THE POSSIBILITY OF SUCH DAMAGE.
104  * ====================================================================
105  *
106  * This product includes cryptographic software written by Eric Young
107  * (eay@cryptsoft.com).  This product includes software written by Tim
108  * Hudson (tjh@cryptsoft.com).
109  *
110  */
111 
112 #include <limits.h>
113 #include <string.h>
114 #include <stdio.h>
115 #include "ssl_locl.h"
116 #include <openssl/buffer.h>
117 #include <openssl/rand.h>
118 #include <openssl/objects.h>
119 #include <openssl/evp.h>
120 #include <openssl/x509.h>
121 
122 __RCSID("$MirOS: src/lib/libssl/src/ssl/s3_both.c,v 1.2 2014/05/29 12:09:02 tg Exp $");
123 
124 /* send s->init_buf in records of type 'type' (SSL3_RT_HANDSHAKE or SSL3_RT_CHANGE_CIPHER_SPEC) */
ssl3_do_write(SSL * s,int type)125 int ssl3_do_write(SSL *s, int type)
126 	{
127 	int ret;
128 
129 	ret=ssl3_write_bytes(s,type,&s->init_buf->data[s->init_off],
130 	                     s->init_num);
131 	if (ret < 0) return(-1);
132 	if (type == SSL3_RT_HANDSHAKE)
133 		/* should not be done for 'Hello Request's, but in that case
134 		 * we'll ignore the result anyway */
135 		ssl3_finish_mac(s,(unsigned char *)&s->init_buf->data[s->init_off],ret);
136 
137 	if (ret == s->init_num)
138 		{
139 		if (s->msg_callback)
140 			s->msg_callback(1, s->version, type, s->init_buf->data, (size_t)(s->init_off + s->init_num), s, s->msg_callback_arg);
141 		return(1);
142 		}
143 	s->init_off+=ret;
144 	s->init_num-=ret;
145 	return(0);
146 	}
147 
ssl3_send_finished(SSL * s,int a,int b,const char * sender,int slen)148 int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen)
149 	{
150 	unsigned char *p,*d;
151 	int i;
152 	unsigned long l;
153 
154 	if (s->state == a)
155 		{
156 		d=(unsigned char *)s->init_buf->data;
157 		p= &(d[4]);
158 
159 		i=s->method->ssl3_enc->final_finish_mac(s,
160 			&(s->s3->finish_dgst1),
161 			&(s->s3->finish_dgst2),
162 			sender,slen,s->s3->tmp.finish_md);
163 		s->s3->tmp.finish_md_len = i;
164 		memcpy(p, s->s3->tmp.finish_md, i);
165 		p+=i;
166 		l=i;
167 
168 #ifdef OPENSSL_SYS_WIN16
169 		/* MSVC 1.5 does not clear the top bytes of the word unless
170 		 * I do this.
171 		 */
172 		l&=0xffff;
173 #endif
174 
175 		*(d++)=SSL3_MT_FINISHED;
176 		l2n3(l,d);
177 		s->init_num=(int)l+4;
178 		s->init_off=0;
179 
180 		s->state=b;
181 		}
182 
183 	/* SSL3_ST_SEND_xxxxxx_HELLO_B */
184 	return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
185 	}
186 
ssl3_get_finished(SSL * s,int a,int b)187 int ssl3_get_finished(SSL *s, int a, int b)
188 	{
189 	int al,i,ok;
190 	long n;
191 	unsigned char *p;
192 
193 	/* the mac has already been generated when we received the
194 	 * change cipher spec message and is in s->s3->tmp.peer_finish_md
195 	 */
196 
197 	n=ssl3_get_message(s,
198 		a,
199 		b,
200 		SSL3_MT_FINISHED,
201 		64, /* should actually be 36+4 :-) */
202 		&ok);
203 
204 	if (!ok) return((int)n);
205 
206 	/* If this occurs, we have missed a message */
207 	if (!s->s3->change_cipher_spec)
208 		{
209 		al=SSL_AD_UNEXPECTED_MESSAGE;
210 		SSLerr(SSL_F_SSL3_GET_FINISHED,SSL_R_GOT_A_FIN_BEFORE_A_CCS);
211 		goto f_err;
212 		}
213 	s->s3->change_cipher_spec=0;
214 
215 	p = (unsigned char *)s->init_msg;
216 	i = s->s3->tmp.peer_finish_md_len;
217 
218 	if (i != n)
219 		{
220 		al=SSL_AD_DECODE_ERROR;
221 		SSLerr(SSL_F_SSL3_GET_FINISHED,SSL_R_BAD_DIGEST_LENGTH);
222 		goto f_err;
223 		}
224 
225 	if (memcmp(p, s->s3->tmp.peer_finish_md, i) != 0)
226 		{
227 		al=SSL_AD_DECRYPT_ERROR;
228 		SSLerr(SSL_F_SSL3_GET_FINISHED,SSL_R_DIGEST_CHECK_FAILED);
229 		goto f_err;
230 		}
231 
232 	return(1);
233 f_err:
234 	ssl3_send_alert(s,SSL3_AL_FATAL,al);
235 	return(0);
236 	}
237 
238 /* for these 2 messages, we need to
239  * ssl->enc_read_ctx			re-init
240  * ssl->s3->read_sequence		zero
241  * ssl->s3->read_mac_secret		re-init
242  * ssl->session->read_sym_enc		assign
243  * ssl->session->read_compression	assign
244  * ssl->session->read_hash		assign
245  */
ssl3_send_change_cipher_spec(SSL * s,int a,int b)246 int ssl3_send_change_cipher_spec(SSL *s, int a, int b)
247 	{
248 	unsigned char *p;
249 
250 	if (s->state == a)
251 		{
252 		p=(unsigned char *)s->init_buf->data;
253 		*p=SSL3_MT_CCS;
254 		s->init_num=1;
255 		s->init_off=0;
256 
257 		s->state=b;
258 		}
259 
260 	/* SSL3_ST_CW_CHANGE_B */
261 	return(ssl3_do_write(s,SSL3_RT_CHANGE_CIPHER_SPEC));
262 	}
263 
ssl3_output_cert_chain(SSL * s,X509 * x)264 unsigned long ssl3_output_cert_chain(SSL *s, X509 *x)
265 	{
266 	unsigned char *p;
267 	int n,i;
268 	unsigned long l=7;
269 	BUF_MEM *buf;
270 	X509_STORE_CTX xs_ctx;
271 	X509_OBJECT obj;
272 
273 	int no_chain;
274 
275 	if ((s->mode & SSL_MODE_NO_AUTO_CHAIN) || s->ctx->extra_certs)
276 		no_chain = 1;
277 	else
278 		no_chain = 0;
279 
280 	/* TLSv1 sends a chain with nothing in it, instead of an alert */
281 	buf=s->init_buf;
282 	if (!BUF_MEM_grow_clean(buf,10))
283 		{
284 		SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB);
285 		return(0);
286 		}
287 	if (x != NULL)
288 		{
289 		if(!no_chain && !X509_STORE_CTX_init(&xs_ctx,s->ctx->cert_store,NULL,NULL))
290 			{
291 			SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_X509_LIB);
292 			return(0);
293 			}
294 
295 		for (;;)
296 			{
297 			n=i2d_X509(x,NULL);
298 			if (!BUF_MEM_grow_clean(buf,(int)(n+l+3)))
299 				{
300 				SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB);
301 				return(0);
302 				}
303 			p=(unsigned char *)&(buf->data[l]);
304 			l2n3(n,p);
305 			i2d_X509(x,&p);
306 			l+=n+3;
307 
308 			if (no_chain)
309 				break;
310 
311 			if (X509_NAME_cmp(X509_get_subject_name(x),
312 				X509_get_issuer_name(x)) == 0) break;
313 
314 			i=X509_STORE_get_by_subject(&xs_ctx,X509_LU_X509,
315 				X509_get_issuer_name(x),&obj);
316 			if (i <= 0) break;
317 			x=obj.data.x509;
318 			/* Count is one too high since the X509_STORE_get uped the
319 			 * ref count */
320 			X509_free(x);
321 			}
322 		if (!no_chain)
323 			X509_STORE_CTX_cleanup(&xs_ctx);
324 		}
325 
326 	/* Thawte special :-) */
327 	if (s->ctx->extra_certs != NULL)
328 	for (i=0; i<sk_X509_num(s->ctx->extra_certs); i++)
329 		{
330 		x=sk_X509_value(s->ctx->extra_certs,i);
331 		n=i2d_X509(x,NULL);
332 		if (!BUF_MEM_grow_clean(buf,(int)(n+l+3)))
333 			{
334 			SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB);
335 			return(0);
336 			}
337 		p=(unsigned char *)&(buf->data[l]);
338 		l2n3(n,p);
339 		i2d_X509(x,&p);
340 		l+=n+3;
341 		}
342 
343 	l-=7;
344 	p=(unsigned char *)&(buf->data[4]);
345 	l2n3(l,p);
346 	l+=3;
347 	p=(unsigned char *)&(buf->data[0]);
348 	*(p++)=SSL3_MT_CERTIFICATE;
349 	l2n3(l,p);
350 	l+=4;
351 	return(l);
352 	}
353 
354 /* Obtain handshake message of message type 'mt' (any if mt == -1),
355  * maximum acceptable body length 'max'.
356  * The first four bytes (msg_type and length) are read in state 'st1',
357  * the body is read in state 'stn'.
358  */
ssl3_get_message(SSL * s,int st1,int stn,int mt,long max,int * ok)359 long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
360 	{
361 	unsigned char *p;
362 	unsigned long l;
363 	long n;
364 	int i,al;
365 
366 	if (s->s3->tmp.reuse_message)
367 		{
368 		s->s3->tmp.reuse_message=0;
369 		if ((mt >= 0) && (s->s3->tmp.message_type != mt))
370 			{
371 			al=SSL_AD_UNEXPECTED_MESSAGE;
372 			SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_UNEXPECTED_MESSAGE);
373 			goto f_err;
374 			}
375 		*ok=1;
376 		s->init_msg = s->init_buf->data + 4;
377 		s->init_num = (int)s->s3->tmp.message_size;
378 		return s->init_num;
379 		}
380 
381 	p=(unsigned char *)s->init_buf->data;
382 
383 	if (s->state == st1) /* s->init_num < 4 */
384 		{
385 		int skip_message;
386 
387 		do
388 			{
389 			while (s->init_num < 4)
390 				{
391 				i=ssl3_read_bytes(s,SSL3_RT_HANDSHAKE,&p[s->init_num],
392 					4 - s->init_num, 0);
393 				if (i <= 0)
394 					{
395 					s->rwstate=SSL_READING;
396 					*ok = 0;
397 					return i;
398 					}
399 				s->init_num+=i;
400 				}
401 
402 			skip_message = 0;
403 			if (!s->server)
404 				if (p[0] == SSL3_MT_HELLO_REQUEST)
405 					/* The server may always send 'Hello Request' messages --
406 					 * we are doing a handshake anyway now, so ignore them
407 					 * if their format is correct. Does not count for
408 					 * 'Finished' MAC. */
409 					if (p[1] == 0 && p[2] == 0 &&p[3] == 0)
410 						{
411 						s->init_num = 0;
412 						skip_message = 1;
413 
414 						if (s->msg_callback)
415 							s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, p, 4, s, s->msg_callback_arg);
416 						}
417 			}
418 		while (skip_message);
419 
420 		/* s->init_num == 4 */
421 
422 		if ((mt >= 0) && (*p != mt))
423 			{
424 			al=SSL_AD_UNEXPECTED_MESSAGE;
425 			SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_UNEXPECTED_MESSAGE);
426 			goto f_err;
427 			}
428 		if ((mt < 0) && (*p == SSL3_MT_CLIENT_HELLO) &&
429 					(st1 == SSL3_ST_SR_CERT_A) &&
430 					(stn == SSL3_ST_SR_CERT_B))
431 			{
432 			/* At this point we have got an MS SGC second client
433 			 * hello (maybe we should always allow the client to
434 			 * start a new handshake?). We need to restart the mac.
435 			 * Don't increment {num,total}_renegotiations because
436 			 * we have not completed the handshake. */
437 			ssl3_init_finished_mac(s);
438 			}
439 
440 		s->s3->tmp.message_type= *(p++);
441 
442 		n2l3(p,l);
443 		if (l > (unsigned long)max)
444 			{
445 			al=SSL_AD_ILLEGAL_PARAMETER;
446 			SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_EXCESSIVE_MESSAGE_SIZE);
447 			goto f_err;
448 			}
449 		if (l > (INT_MAX-4)) /* BUF_MEM_grow takes an 'int' parameter */
450 			{
451 			al=SSL_AD_ILLEGAL_PARAMETER;
452 			SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_EXCESSIVE_MESSAGE_SIZE);
453 			goto f_err;
454 			}
455 		if (l && !BUF_MEM_grow_clean(s->init_buf,(int)l+4))
456 			{
457 			SSLerr(SSL_F_SSL3_GET_MESSAGE,ERR_R_BUF_LIB);
458 			goto err;
459 			}
460 		s->s3->tmp.message_size=l;
461 		s->state=stn;
462 
463 		s->init_msg = s->init_buf->data + 4;
464 		s->init_num = 0;
465 		}
466 
467 	/* next state (stn) */
468 	p = s->init_msg;
469 	n = s->s3->tmp.message_size - s->init_num;
470 	while (n > 0)
471 		{
472 		i=ssl3_read_bytes(s,SSL3_RT_HANDSHAKE,&p[s->init_num],n,0);
473 		if (i <= 0)
474 			{
475 			s->rwstate=SSL_READING;
476 			*ok = 0;
477 			return i;
478 			}
479 		s->init_num += i;
480 		n -= i;
481 		}
482 	ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, s->init_num + 4);
483 	if (s->msg_callback)
484 		s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->init_buf->data, (size_t)s->init_num + 4, s, s->msg_callback_arg);
485 	*ok=1;
486 	return s->init_num;
487 f_err:
488 	ssl3_send_alert(s,SSL3_AL_FATAL,al);
489 err:
490 	*ok=0;
491 	return(-1);
492 	}
493 
ssl_cert_type(X509 * x,EVP_PKEY * pkey)494 int ssl_cert_type(X509 *x, EVP_PKEY *pkey)
495 	{
496 	EVP_PKEY *pk;
497 	int ret= -1,i,j;
498 
499 	if (pkey == NULL)
500 		pk=X509_get_pubkey(x);
501 	else
502 		pk=pkey;
503 	if (pk == NULL) goto err;
504 
505 	i=pk->type;
506 	if (i == EVP_PKEY_RSA)
507 		{
508 		ret=SSL_PKEY_RSA_ENC;
509 		if (x != NULL)
510 			{
511 			j=X509_get_ext_count(x);
512 			/* check to see if this is a signing only certificate */
513 			/* EAY EAY EAY EAY */
514 			}
515 		}
516 	else if (i == EVP_PKEY_DSA)
517 		{
518 		ret=SSL_PKEY_DSA_SIGN;
519 		}
520 	else if (i == EVP_PKEY_DH)
521 		{
522 		/* if we just have a key, we needs to be guess */
523 
524 		if (x == NULL)
525 			ret=SSL_PKEY_DH_DSA;
526 		else
527 			{
528 			j=X509_get_signature_type(x);
529 			if (j == EVP_PKEY_RSA)
530 				ret=SSL_PKEY_DH_RSA;
531 			else if (j== EVP_PKEY_DSA)
532 				ret=SSL_PKEY_DH_DSA;
533 			else ret= -1;
534 			}
535 		}
536 	else
537 		ret= -1;
538 
539 err:
540 	if(!pkey) EVP_PKEY_free(pk);
541 	return(ret);
542 	}
543 
ssl_verify_alarm_type(long type)544 int ssl_verify_alarm_type(long type)
545 	{
546 	int al;
547 
548 	switch(type)
549 		{
550 	case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
551 	case X509_V_ERR_UNABLE_TO_GET_CRL:
552 	case X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER:
553 		al=SSL_AD_UNKNOWN_CA;
554 		break;
555 	case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE:
556 	case X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE:
557 	case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY:
558 	case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
559 	case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
560 	case X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD:
561 	case X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD:
562 	case X509_V_ERR_CERT_NOT_YET_VALID:
563 	case X509_V_ERR_CRL_NOT_YET_VALID:
564 	case X509_V_ERR_CERT_UNTRUSTED:
565 	case X509_V_ERR_CERT_REJECTED:
566 		al=SSL_AD_BAD_CERTIFICATE;
567 		break;
568 	case X509_V_ERR_CERT_SIGNATURE_FAILURE:
569 	case X509_V_ERR_CRL_SIGNATURE_FAILURE:
570 		al=SSL_AD_DECRYPT_ERROR;
571 		break;
572 	case X509_V_ERR_CERT_HAS_EXPIRED:
573 	case X509_V_ERR_CRL_HAS_EXPIRED:
574 		al=SSL_AD_CERTIFICATE_EXPIRED;
575 		break;
576 	case X509_V_ERR_CERT_REVOKED:
577 		al=SSL_AD_CERTIFICATE_REVOKED;
578 		break;
579 	case X509_V_ERR_OUT_OF_MEM:
580 		al=SSL_AD_INTERNAL_ERROR;
581 		break;
582 	case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
583 	case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN:
584 	case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY:
585 	case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE:
586 	case X509_V_ERR_CERT_CHAIN_TOO_LONG:
587 	case X509_V_ERR_PATH_LENGTH_EXCEEDED:
588 	case X509_V_ERR_INVALID_CA:
589 		al=SSL_AD_UNKNOWN_CA;
590 		break;
591 	case X509_V_ERR_APPLICATION_VERIFICATION:
592 		al=SSL_AD_HANDSHAKE_FAILURE;
593 		break;
594 	case X509_V_ERR_INVALID_PURPOSE:
595 		al=SSL_AD_UNSUPPORTED_CERTIFICATE;
596 		break;
597 	default:
598 		al=SSL_AD_CERTIFICATE_UNKNOWN;
599 		break;
600 		}
601 	return(al);
602 	}
603 
604 int ssl3_setup_write_buffer(SSL *s);
ssl3_setup_buffers(SSL * s)605 int ssl3_setup_buffers(SSL *s)
606 	{
607 	unsigned char *p;
608 	unsigned int extra;
609 	size_t len;
610 
611 	if (s->s3->rbuf.buf == NULL)
612 		{
613 		if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER)
614 			extra=SSL3_RT_MAX_EXTRA;
615 		else
616 			extra=0;
617 		len = SSL3_RT_MAX_PACKET_SIZE + extra;
618 		if ((p=OPENSSL_malloc(len)) == NULL)
619 			goto err;
620 		s->s3->rbuf.buf = p;
621 		s->s3->rbuf.len = len;
622 		}
623 	if (!ssl3_setup_write_buffer(s))
624 		return(0);
625 	s->packet= &(s->s3->rbuf.buf[0]);
626 	return(1);
627 err:
628 	SSLerr(SSL_F_SSL3_SETUP_BUFFERS,ERR_R_MALLOC_FAILURE);
629 	return(0);
630 	}
631 
ssl3_setup_write_buffer(SSL * s)632 int ssl3_setup_write_buffer(SSL *s)
633 	{
634 	unsigned char *p;
635 	size_t len;
636 
637 	if (s->s3->wbuf.buf == NULL)
638 		{
639 		len = SSL3_RT_MAX_PACKET_SIZE;
640 		len += SSL3_RT_HEADER_LENGTH + 256; /* extra space for empty fragment */
641 		if ((p=OPENSSL_malloc(len)) == NULL)
642 			goto err;
643 		s->s3->wbuf.buf = p;
644 		s->s3->wbuf.len = len;
645 		}
646 	return(1);
647 err:
648 	SSLerr(SSL_F_SSL3_SETUP_BUFFERS,ERR_R_MALLOC_FAILURE);
649 	return(0);
650 	}
651