summaryrefslogtreecommitdiff
path: root/src/lib/libssl/s3_clnt.c
diff options
context:
space:
mode:
authorjsing <>2014-04-14 16:43:25 +0000
committerjsing <>2014-04-14 16:43:25 +0000
commit9ed612cec343ccff3513e7cf2e37938164df6b5b (patch)
tree5a919c79a7dcee39aad6ec4645d9dcecba40cfb0 /src/lib/libssl/s3_clnt.c
parent3779c39bff8e2ae1adcc6f1324eb388d0bd49a15 (diff)
downloadopenbsd-9ed612cec343ccff3513e7cf2e37938164df6b5b.tar.gz
openbsd-9ed612cec343ccff3513e7cf2e37938164df6b5b.tar.bz2
openbsd-9ed612cec343ccff3513e7cf2e37938164df6b5b.zip
First pass at applying KNF to the OpenSSL code, which almost makes it
readable. This pass is whitespace only and can readily be verified using tr and md5.
Diffstat (limited to 'src/lib/libssl/s3_clnt.c')
-rw-r--r--src/lib/libssl/s3_clnt.c3329
1 files changed, 1539 insertions, 1790 deletions
diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c
index 64e7be8d67..b9ca6b6f9b 100644
--- a/src/lib/libssl/s3_clnt.c
+++ b/src/lib/libssl/s3_clnt.c
@@ -168,62 +168,60 @@
168#endif 168#endif
169 169
170static const SSL_METHOD *ssl3_get_client_method(int ver); 170static const SSL_METHOD *ssl3_get_client_method(int ver);
171static int ca_dn_cmp(const X509_NAME * const *a,const X509_NAME * const *b); 171static int ca_dn_cmp(const X509_NAME * const *a, const X509_NAME * const *b);
172 172
173static const SSL_METHOD *ssl3_get_client_method(int ver) 173static const SSL_METHOD
174 { 174*ssl3_get_client_method(int ver)
175{
175 if (ver == SSL3_VERSION) 176 if (ver == SSL3_VERSION)
176 return(SSLv3_client_method()); 177 return (SSLv3_client_method());
177 else 178 else
178 return(NULL); 179 return (NULL);
179 } 180}
180 181
181IMPLEMENT_ssl3_meth_func(SSLv3_client_method, 182IMPLEMENT_ssl3_meth_func(SSLv3_client_method,
182 ssl_undefined_function, 183 ssl_undefined_function, ssl3_connect, ssl3_get_client_method)
183 ssl3_connect,
184 ssl3_get_client_method)
185 184
186int ssl3_connect(SSL *s) 185int
187 { 186ssl3_connect(SSL *s)
188 BUF_MEM *buf=NULL; 187{
189 unsigned long Time=(unsigned long)time(NULL); 188 BUF_MEM *buf = NULL;
190 void (*cb)(const SSL *ssl,int type,int val)=NULL; 189 unsigned long Time = (unsigned long)time(NULL);
191 int ret= -1; 190 void (*cb)(const SSL *ssl, int type, int val) = NULL;
192 int new_state,state,skip=0; 191 int ret = -1;
192 int new_state, state, skip = 0;
193 193
194 RAND_add(&Time,sizeof(Time),0); 194 RAND_add(&Time, sizeof(Time), 0);
195 ERR_clear_error(); 195 ERR_clear_error();
196 errno = 0; 196 errno = 0;
197 197
198 if (s->info_callback != NULL) 198 if (s->info_callback != NULL)
199 cb=s->info_callback; 199 cb = s->info_callback;
200 else if (s->ctx->info_callback != NULL) 200 else if (s->ctx->info_callback != NULL)
201 cb=s->ctx->info_callback; 201 cb = s->ctx->info_callback;
202 202
203 s->in_handshake++; 203 s->in_handshake++;
204 if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); 204 if (!SSL_in_init(s) || SSL_in_before(s))
205 SSL_clear(s);
205 206
206#ifndef OPENSSL_NO_HEARTBEATS 207#ifndef OPENSSL_NO_HEARTBEATS
207 /* If we're awaiting a HeartbeatResponse, pretend we 208 /* If we're awaiting a HeartbeatResponse, pretend we
208 * already got and don't await it anymore, because 209 * already got and don't await it anymore, because
209 * Heartbeats don't make sense during handshakes anyway. 210 * Heartbeats don't make sense during handshakes anyway.
210 */ 211 */
211 if (s->tlsext_hb_pending) 212 if (s->tlsext_hb_pending) {
212 {
213 s->tlsext_hb_pending = 0; 213 s->tlsext_hb_pending = 0;
214 s->tlsext_hb_seq++; 214 s->tlsext_hb_seq++;
215 } 215 }
216#endif 216#endif
217 217
218 for (;;) 218 for (;;) {
219 { 219 state = s->state;
220 state=s->state;
221 220
222 switch(s->state) 221 switch (s->state) {
223 {
224 case SSL_ST_RENEGOTIATE: 222 case SSL_ST_RENEGOTIATE:
225 s->renegotiate=1; 223 s->renegotiate = 1;
226 s->state=SSL_ST_CONNECT; 224 s->state = SSL_ST_CONNECT;
227 s->ctx->stats.sess_connect_renegotiate++; 225 s->ctx->stats.sess_connect_renegotiate++;
228 /* break */ 226 /* break */
229 case SSL_ST_BEFORE: 227 case SSL_ST_BEFORE:
@@ -231,173 +229,172 @@ int ssl3_connect(SSL *s)
231 case SSL_ST_BEFORE|SSL_ST_CONNECT: 229 case SSL_ST_BEFORE|SSL_ST_CONNECT:
232 case SSL_ST_OK|SSL_ST_CONNECT: 230 case SSL_ST_OK|SSL_ST_CONNECT:
233 231
234 s->server=0; 232 s->server = 0;
235 if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1); 233 if (cb != NULL)
234 cb(s, SSL_CB_HANDSHAKE_START, 1);
236 235
237 if ((s->version & 0xff00 ) != 0x0300) 236 if ((s->version & 0xff00 ) != 0x0300) {
238 {
239 SSLerr(SSL_F_SSL3_CONNECT, ERR_R_INTERNAL_ERROR); 237 SSLerr(SSL_F_SSL3_CONNECT, ERR_R_INTERNAL_ERROR);
240 ret = -1; 238 ret = -1;
241 goto end; 239 goto end;
242 } 240 }
243 241
244 /* s->version=SSL3_VERSION; */ 242 /* s->version=SSL3_VERSION; */
245 s->type=SSL_ST_CONNECT; 243 s->type = SSL_ST_CONNECT;
246 244
247 if (s->init_buf == NULL) 245 if (s->init_buf == NULL) {
248 { 246 if ((buf = BUF_MEM_new()) == NULL) {
249 if ((buf=BUF_MEM_new()) == NULL) 247 ret = -1;
250 {
251 ret= -1;
252 goto end; 248 goto end;
253 } 249 }
254 if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH)) 250 if (!BUF_MEM_grow(buf, SSL3_RT_MAX_PLAIN_LENGTH)) {
255 { 251 ret = -1;
256 ret= -1;
257 goto end; 252 goto end;
258 }
259 s->init_buf=buf;
260 buf=NULL;
261 } 253 }
254 s->init_buf = buf;
255 buf = NULL;
256 }
262 257
263 if (!ssl3_setup_buffers(s)) { ret= -1; goto end; } 258 if (!ssl3_setup_buffers(s)) {
259 ret = -1;
260 goto end;
261 }
264 262
265 /* setup buffing BIO */ 263 /* setup buffing BIO */
266 if (!ssl_init_wbio_buffer(s,0)) { ret= -1; goto end; } 264 if (!ssl_init_wbio_buffer(s, 0)) {
265 ret = -1;
266 goto end;
267 }
267 268
268 /* don't push the buffering BIO quite yet */ 269 /* don't push the buffering BIO quite yet */
269 270
270 ssl3_init_finished_mac(s); 271 ssl3_init_finished_mac(s);
271 272
272 s->state=SSL3_ST_CW_CLNT_HELLO_A; 273 s->state = SSL3_ST_CW_CLNT_HELLO_A;
273 s->ctx->stats.sess_connect++; 274 s->ctx->stats.sess_connect++;
274 s->init_num=0; 275 s->init_num = 0;
275 break; 276 break;
276 277
277 case SSL3_ST_CW_CLNT_HELLO_A: 278 case SSL3_ST_CW_CLNT_HELLO_A:
278 case SSL3_ST_CW_CLNT_HELLO_B: 279 case SSL3_ST_CW_CLNT_HELLO_B:
279 280
280 s->shutdown=0; 281 s->shutdown = 0;
281 ret=ssl3_client_hello(s); 282 ret = ssl3_client_hello(s);
282 if (ret <= 0) goto end; 283 if (ret <= 0)
283 s->state=SSL3_ST_CR_SRVR_HELLO_A; 284 goto end;
284 s->init_num=0; 285 s->state = SSL3_ST_CR_SRVR_HELLO_A;
286 s->init_num = 0;
285 287
286 /* turn on buffering for the next lot of output */ 288 /* turn on buffering for the next lot of output */
287 if (s->bbio != s->wbio) 289 if (s->bbio != s->wbio)
288 s->wbio=BIO_push(s->bbio,s->wbio); 290 s->wbio = BIO_push(s->bbio, s->wbio);
289 291
290 break; 292 break;
291 293
292 case SSL3_ST_CR_SRVR_HELLO_A: 294 case SSL3_ST_CR_SRVR_HELLO_A:
293 case SSL3_ST_CR_SRVR_HELLO_B: 295 case SSL3_ST_CR_SRVR_HELLO_B:
294 ret=ssl3_get_server_hello(s); 296 ret = ssl3_get_server_hello(s);
295 if (ret <= 0) goto end; 297 if (ret <= 0)
298 goto end;
296 299
297 if (s->hit) 300 if (s->hit) {
298 { 301 s->state = SSL3_ST_CR_FINISHED_A;
299 s->state=SSL3_ST_CR_FINISHED_A;
300#ifndef OPENSSL_NO_TLSEXT 302#ifndef OPENSSL_NO_TLSEXT
301 if (s->tlsext_ticket_expected) 303 if (s->tlsext_ticket_expected) {
302 {
303 /* receive renewed session ticket */ 304 /* receive renewed session ticket */
304 s->state=SSL3_ST_CR_SESSION_TICKET_A; 305 s->state = SSL3_ST_CR_SESSION_TICKET_A;
305 }
306#endif
307 } 306 }
308 else 307#endif
309 s->state=SSL3_ST_CR_CERT_A; 308 } else
310 s->init_num=0; 309 s->state = SSL3_ST_CR_CERT_A;
310 s->init_num = 0;
311 break; 311 break;
312 312
313 case SSL3_ST_CR_CERT_A: 313 case SSL3_ST_CR_CERT_A:
314 case SSL3_ST_CR_CERT_B: 314 case SSL3_ST_CR_CERT_B:
315#ifndef OPENSSL_NO_TLSEXT 315#ifndef OPENSSL_NO_TLSEXT
316 ret=ssl3_check_finished(s); 316 ret = ssl3_check_finished(s);
317 if (ret <= 0) goto end; 317 if (ret <= 0)
318 if (ret == 2) 318 goto end;
319 { 319 if (ret == 2) {
320 s->hit = 1; 320 s->hit = 1;
321 if (s->tlsext_ticket_expected) 321 if (s->tlsext_ticket_expected)
322 s->state=SSL3_ST_CR_SESSION_TICKET_A; 322 s->state = SSL3_ST_CR_SESSION_TICKET_A;
323 else 323 else
324 s->state=SSL3_ST_CR_FINISHED_A; 324 s->state = SSL3_ST_CR_FINISHED_A;
325 s->init_num=0; 325 s->init_num = 0;
326 break; 326 break;
327 } 327 }
328#endif 328#endif
329 /* Check if it is anon DH/ECDH */ 329 /* Check if it is anon DH/ECDH */
330 /* or PSK */ 330 /* or PSK */
331 if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) && 331 if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) &&
332 !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) 332 !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) {
333 { 333 ret = ssl3_get_server_certificate(s);
334 ret=ssl3_get_server_certificate(s); 334 if (ret <= 0)
335 if (ret <= 0) goto end; 335 goto end;
336#ifndef OPENSSL_NO_TLSEXT 336#ifndef OPENSSL_NO_TLSEXT
337 if (s->tlsext_status_expected) 337 if (s->tlsext_status_expected)
338 s->state=SSL3_ST_CR_CERT_STATUS_A; 338 s->state = SSL3_ST_CR_CERT_STATUS_A;
339 else 339 else
340 s->state=SSL3_ST_CR_KEY_EXCH_A; 340 s->state = SSL3_ST_CR_KEY_EXCH_A;
341 } 341 } else {
342 else
343 {
344 skip = 1; 342 skip = 1;
345 s->state=SSL3_ST_CR_KEY_EXCH_A; 343 s->state = SSL3_ST_CR_KEY_EXCH_A;
346 } 344 }
347#else 345#else
348 } 346 } else
349 else 347 skip = 1;
350 skip=1;
351 348
352 s->state=SSL3_ST_CR_KEY_EXCH_A; 349 s->state = SSL3_ST_CR_KEY_EXCH_A;
353#endif 350#endif
354 s->init_num=0; 351 s->init_num = 0;
355 break; 352 break;
356 353
357 case SSL3_ST_CR_KEY_EXCH_A: 354 case SSL3_ST_CR_KEY_EXCH_A:
358 case SSL3_ST_CR_KEY_EXCH_B: 355 case SSL3_ST_CR_KEY_EXCH_B:
359 ret=ssl3_get_key_exchange(s); 356 ret = ssl3_get_key_exchange(s);
360 if (ret <= 0) goto end; 357 if (ret <= 0)
361 s->state=SSL3_ST_CR_CERT_REQ_A; 358 goto end;
362 s->init_num=0; 359 s->state = SSL3_ST_CR_CERT_REQ_A;
360 s->init_num = 0;
363 361
364 /* at this point we check that we have the 362 /* at this point we check that we have the
365 * required stuff from the server */ 363 * required stuff from the server */
366 if (!ssl3_check_cert_and_algorithm(s)) 364 if (!ssl3_check_cert_and_algorithm(s)) {
367 { 365 ret = -1;
368 ret= -1;
369 goto end; 366 goto end;
370 } 367 }
371 break; 368 break;
372 369
373 case SSL3_ST_CR_CERT_REQ_A: 370 case SSL3_ST_CR_CERT_REQ_A:
374 case SSL3_ST_CR_CERT_REQ_B: 371 case SSL3_ST_CR_CERT_REQ_B:
375 ret=ssl3_get_certificate_request(s); 372 ret = ssl3_get_certificate_request(s);
376 if (ret <= 0) goto end; 373 if (ret <= 0)
377 s->state=SSL3_ST_CR_SRVR_DONE_A; 374 goto end;
378 s->init_num=0; 375 s->state = SSL3_ST_CR_SRVR_DONE_A;
376 s->init_num = 0;
379 break; 377 break;
380 378
381 case SSL3_ST_CR_SRVR_DONE_A: 379 case SSL3_ST_CR_SRVR_DONE_A:
382 case SSL3_ST_CR_SRVR_DONE_B: 380 case SSL3_ST_CR_SRVR_DONE_B:
383 ret=ssl3_get_server_done(s); 381 ret = ssl3_get_server_done(s);
384 if (ret <= 0) goto end; 382 if (ret <= 0)
383 goto end;
385#ifndef OPENSSL_NO_SRP 384#ifndef OPENSSL_NO_SRP
386 if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kSRP) 385 if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kSRP) {
387 { 386 if ((ret = SRP_Calc_A_param(s)) <= 0) {
388 if ((ret = SRP_Calc_A_param(s))<=0) 387 SSLerr(SSL_F_SSL3_CONNECT, SSL_R_SRP_A_CALC);
389 { 388 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
390 SSLerr(SSL_F_SSL3_CONNECT,SSL_R_SRP_A_CALC);
391 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_INTERNAL_ERROR);
392 goto end; 389 goto end;
393 }
394 } 390 }
391 }
395#endif 392#endif
396 if (s->s3->tmp.cert_req) 393 if (s->s3->tmp.cert_req)
397 s->state=SSL3_ST_CW_CERT_A; 394 s->state = SSL3_ST_CW_CERT_A;
398 else 395 else
399 s->state=SSL3_ST_CW_KEY_EXCH_A; 396 s->state = SSL3_ST_CW_KEY_EXCH_A;
400 s->init_num=0; 397 s->init_num = 0;
401 398
402 break; 399 break;
403 400
@@ -405,16 +402,18 @@ int ssl3_connect(SSL *s)
405 case SSL3_ST_CW_CERT_B: 402 case SSL3_ST_CW_CERT_B:
406 case SSL3_ST_CW_CERT_C: 403 case SSL3_ST_CW_CERT_C:
407 case SSL3_ST_CW_CERT_D: 404 case SSL3_ST_CW_CERT_D:
408 ret=ssl3_send_client_certificate(s); 405 ret = ssl3_send_client_certificate(s);
409 if (ret <= 0) goto end; 406 if (ret <= 0)
410 s->state=SSL3_ST_CW_KEY_EXCH_A; 407 goto end;
411 s->init_num=0; 408 s->state = SSL3_ST_CW_KEY_EXCH_A;
409 s->init_num = 0;
412 break; 410 break;
413 411
414 case SSL3_ST_CW_KEY_EXCH_A: 412 case SSL3_ST_CW_KEY_EXCH_A:
415 case SSL3_ST_CW_KEY_EXCH_B: 413 case SSL3_ST_CW_KEY_EXCH_B:
416 ret=ssl3_send_client_key_exchange(s); 414 ret = ssl3_send_client_key_exchange(s);
417 if (ret <= 0) goto end; 415 if (ret <= 0)
416 goto end;
418 /* EAY EAY EAY need to check for DH fix cert 417 /* EAY EAY EAY need to check for DH fix cert
419 * sent back */ 418 * sent back */
420 /* For TLS, cert_req is set to 2, so a cert chain 419 /* For TLS, cert_req is set to 2, so a cert chain
@@ -426,170 +425,165 @@ int ssl3_connect(SSL *s)
426 * message when client's ECDH public key is sent 425 * message when client's ECDH public key is sent
427 * inside the client certificate. 426 * inside the client certificate.
428 */ 427 */
429 if (s->s3->tmp.cert_req == 1) 428 if (s->s3->tmp.cert_req == 1) {
430 { 429 s->state = SSL3_ST_CW_CERT_VRFY_A;
431 s->state=SSL3_ST_CW_CERT_VRFY_A; 430 } else {
432 } 431 s->state = SSL3_ST_CW_CHANGE_A;
433 else 432 s->s3->change_cipher_spec = 0;
434 { 433 }
435 s->state=SSL3_ST_CW_CHANGE_A; 434 if (s->s3->flags & TLS1_FLAGS_SKIP_CERT_VERIFY) {
436 s->s3->change_cipher_spec=0; 435 s->state = SSL3_ST_CW_CHANGE_A;
437 } 436 s->s3->change_cipher_spec = 0;
438 if (s->s3->flags & TLS1_FLAGS_SKIP_CERT_VERIFY) 437 }
439 {
440 s->state=SSL3_ST_CW_CHANGE_A;
441 s->s3->change_cipher_spec=0;
442 }
443 438
444 s->init_num=0; 439 s->init_num = 0;
445 break; 440 break;
446 441
447 case SSL3_ST_CW_CERT_VRFY_A: 442 case SSL3_ST_CW_CERT_VRFY_A:
448 case SSL3_ST_CW_CERT_VRFY_B: 443 case SSL3_ST_CW_CERT_VRFY_B:
449 ret=ssl3_send_client_verify(s); 444 ret = ssl3_send_client_verify(s);
450 if (ret <= 0) goto end; 445 if (ret <= 0)
451 s->state=SSL3_ST_CW_CHANGE_A; 446 goto end;
452 s->init_num=0; 447 s->state = SSL3_ST_CW_CHANGE_A;
453 s->s3->change_cipher_spec=0; 448 s->init_num = 0;
449 s->s3->change_cipher_spec = 0;
454 break; 450 break;
455 451
456 case SSL3_ST_CW_CHANGE_A: 452 case SSL3_ST_CW_CHANGE_A:
457 case SSL3_ST_CW_CHANGE_B: 453 case SSL3_ST_CW_CHANGE_B:
458 ret=ssl3_send_change_cipher_spec(s, 454 ret = ssl3_send_change_cipher_spec(s,
459 SSL3_ST_CW_CHANGE_A,SSL3_ST_CW_CHANGE_B); 455 SSL3_ST_CW_CHANGE_A, SSL3_ST_CW_CHANGE_B);
460 if (ret <= 0) goto end; 456 if (ret <= 0)
457 goto end;
461 458
462#if defined(OPENSSL_NO_TLSEXT) || defined(OPENSSL_NO_NEXTPROTONEG) 459#if defined(OPENSSL_NO_TLSEXT) || defined(OPENSSL_NO_NEXTPROTONEG)
463 s->state=SSL3_ST_CW_FINISHED_A; 460 s->state = SSL3_ST_CW_FINISHED_A;
464#else 461#else
465 if (s->s3->next_proto_neg_seen) 462 if (s->s3->next_proto_neg_seen)
466 s->state=SSL3_ST_CW_NEXT_PROTO_A; 463 s->state = SSL3_ST_CW_NEXT_PROTO_A;
467 else 464 else
468 s->state=SSL3_ST_CW_FINISHED_A; 465 s->state = SSL3_ST_CW_FINISHED_A;
469#endif 466#endif
470 s->init_num=0; 467 s->init_num = 0;
471 468
472 s->session->cipher=s->s3->tmp.new_cipher; 469 s->session->cipher = s->s3->tmp.new_cipher;
473#ifdef OPENSSL_NO_COMP 470#ifdef OPENSSL_NO_COMP
474 s->session->compress_meth=0; 471 s->session->compress_meth = 0;
475#else 472#else
476 if (s->s3->tmp.new_compression == NULL) 473 if (s->s3->tmp.new_compression == NULL)
477 s->session->compress_meth=0; 474 s->session->compress_meth = 0;
478 else 475 else
479 s->session->compress_meth= 476 s->session->compress_meth =
480 s->s3->tmp.new_compression->id; 477 s->s3->tmp.new_compression->id;
481#endif 478#endif
482 if (!s->method->ssl3_enc->setup_key_block(s)) 479 if (!s->method->ssl3_enc->setup_key_block(s)) {
483 { 480 ret = -1;
484 ret= -1;
485 goto end; 481 goto end;
486 } 482 }
487 483
488 if (!s->method->ssl3_enc->change_cipher_state(s, 484 if (!s->method->ssl3_enc->change_cipher_state(s,
489 SSL3_CHANGE_CIPHER_CLIENT_WRITE)) 485 SSL3_CHANGE_CIPHER_CLIENT_WRITE)) {
490 { 486 ret = -1;
491 ret= -1;
492 goto end; 487 goto end;
493 } 488 }
494 489
495 break; 490 break;
496 491
497#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) 492#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
498 case SSL3_ST_CW_NEXT_PROTO_A: 493 case SSL3_ST_CW_NEXT_PROTO_A:
499 case SSL3_ST_CW_NEXT_PROTO_B: 494 case SSL3_ST_CW_NEXT_PROTO_B:
500 ret=ssl3_send_next_proto(s); 495 ret = ssl3_send_next_proto(s);
501 if (ret <= 0) goto end; 496 if (ret <= 0)
502 s->state=SSL3_ST_CW_FINISHED_A; 497 goto end;
498 s->state = SSL3_ST_CW_FINISHED_A;
503 break; 499 break;
504#endif 500#endif
505 501
506 case SSL3_ST_CW_FINISHED_A: 502 case SSL3_ST_CW_FINISHED_A:
507 case SSL3_ST_CW_FINISHED_B: 503 case SSL3_ST_CW_FINISHED_B:
508 ret=ssl3_send_finished(s, 504 ret = ssl3_send_finished(s,
509 SSL3_ST_CW_FINISHED_A,SSL3_ST_CW_FINISHED_B, 505 SSL3_ST_CW_FINISHED_A, SSL3_ST_CW_FINISHED_B,
510 s->method->ssl3_enc->client_finished_label, 506 s->method->ssl3_enc->client_finished_label,
511 s->method->ssl3_enc->client_finished_label_len); 507 s->method->ssl3_enc->client_finished_label_len);
512 if (ret <= 0) goto end; 508 if (ret <= 0)
513 s->state=SSL3_ST_CW_FLUSH; 509 goto end;
510 s->state = SSL3_ST_CW_FLUSH;
514 511
515 /* clear flags */ 512 /* clear flags */
516 s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER; 513 s->s3->flags &= ~SSL3_FLAGS_POP_BUFFER;
517 if (s->hit) 514 if (s->hit) {
518 { 515 s->s3->tmp.next_state = SSL_ST_OK;
519 s->s3->tmp.next_state=SSL_ST_OK; 516 if (s->s3->flags & SSL3_FLAGS_DELAY_CLIENT_FINISHED) {
520 if (s->s3->flags & SSL3_FLAGS_DELAY_CLIENT_FINISHED) 517 s->state = SSL_ST_OK;
521 {
522 s->state=SSL_ST_OK;
523 s->s3->flags|=SSL3_FLAGS_POP_BUFFER; 518 s->s3->flags|=SSL3_FLAGS_POP_BUFFER;
524 s->s3->delay_buf_pop_ret=0; 519 s->s3->delay_buf_pop_ret = 0;
525 }
526 } 520 }
527 else 521 } else {
528 {
529#ifndef OPENSSL_NO_TLSEXT 522#ifndef OPENSSL_NO_TLSEXT
530 /* Allow NewSessionTicket if ticket expected */ 523 /* Allow NewSessionTicket if ticket expected */
531 if (s->tlsext_ticket_expected) 524 if (s->tlsext_ticket_expected)
532 s->s3->tmp.next_state=SSL3_ST_CR_SESSION_TICKET_A; 525 s->s3->tmp.next_state = SSL3_ST_CR_SESSION_TICKET_A;
533 else 526 else
534#endif 527#endif
535 528
536 s->s3->tmp.next_state=SSL3_ST_CR_FINISHED_A; 529 s->s3->tmp.next_state = SSL3_ST_CR_FINISHED_A;
537 } 530 }
538 s->init_num=0; 531 s->init_num = 0;
539 break; 532 break;
540 533
541#ifndef OPENSSL_NO_TLSEXT 534#ifndef OPENSSL_NO_TLSEXT
542 case SSL3_ST_CR_SESSION_TICKET_A: 535 case SSL3_ST_CR_SESSION_TICKET_A:
543 case SSL3_ST_CR_SESSION_TICKET_B: 536 case SSL3_ST_CR_SESSION_TICKET_B:
544 ret=ssl3_get_new_session_ticket(s); 537 ret = ssl3_get_new_session_ticket(s);
545 if (ret <= 0) goto end; 538 if (ret <= 0)
546 s->state=SSL3_ST_CR_FINISHED_A; 539 goto end;
547 s->init_num=0; 540 s->state = SSL3_ST_CR_FINISHED_A;
548 break; 541 s->init_num = 0;
542 break;
549 543
550 case SSL3_ST_CR_CERT_STATUS_A: 544 case SSL3_ST_CR_CERT_STATUS_A:
551 case SSL3_ST_CR_CERT_STATUS_B: 545 case SSL3_ST_CR_CERT_STATUS_B:
552 ret=ssl3_get_cert_status(s); 546 ret = ssl3_get_cert_status(s);
553 if (ret <= 0) goto end; 547 if (ret <= 0)
554 s->state=SSL3_ST_CR_KEY_EXCH_A; 548 goto end;
555 s->init_num=0; 549 s->state = SSL3_ST_CR_KEY_EXCH_A;
556 break; 550 s->init_num = 0;
551 break;
557#endif 552#endif
558 553
559 case SSL3_ST_CR_FINISHED_A: 554 case SSL3_ST_CR_FINISHED_A:
560 case SSL3_ST_CR_FINISHED_B: 555 case SSL3_ST_CR_FINISHED_B:
561 556
562 ret=ssl3_get_finished(s,SSL3_ST_CR_FINISHED_A, 557 ret = ssl3_get_finished(s, SSL3_ST_CR_FINISHED_A,
563 SSL3_ST_CR_FINISHED_B); 558 SSL3_ST_CR_FINISHED_B);
564 if (ret <= 0) goto end; 559 if (ret <= 0)
560 goto end;
565 561
566 if (s->hit) 562 if (s->hit)
567 s->state=SSL3_ST_CW_CHANGE_A; 563 s->state = SSL3_ST_CW_CHANGE_A;
568 else 564 else
569 s->state=SSL_ST_OK; 565 s->state = SSL_ST_OK;
570 s->init_num=0; 566 s->init_num = 0;
571 break; 567 break;
572 568
573 case SSL3_ST_CW_FLUSH: 569 case SSL3_ST_CW_FLUSH:
574 s->rwstate=SSL_WRITING; 570 s->rwstate = SSL_WRITING;
575 if (BIO_flush(s->wbio) <= 0) 571 if (BIO_flush(s->wbio) <= 0) {
576 { 572 ret = -1;
577 ret= -1;
578 goto end; 573 goto end;
579 } 574 }
580 s->rwstate=SSL_NOTHING; 575 s->rwstate = SSL_NOTHING;
581 s->state=s->s3->tmp.next_state; 576 s->state = s->s3->tmp.next_state;
582 break; 577 break;
583 578
584 case SSL_ST_OK: 579 case SSL_ST_OK:
585 /* clean a few things up */ 580 /* clean a few things up */
586 ssl3_cleanup_key_block(s); 581 ssl3_cleanup_key_block(s);
587 582
588 if (s->init_buf != NULL) 583 if (s->init_buf != NULL) {
589 {
590 BUF_MEM_free(s->init_buf); 584 BUF_MEM_free(s->init_buf);
591 s->init_buf=NULL; 585 s->init_buf = NULL;
592 } 586 }
593 587
594 /* If we are not 'joining' the last two packets, 588 /* If we are not 'joining' the last two packets,
595 * remove the buffering now */ 589 * remove the buffering now */
@@ -597,63 +591,63 @@ int ssl3_connect(SSL *s)
597 ssl_free_wbio_buffer(s); 591 ssl_free_wbio_buffer(s);
598 /* else do it later in ssl3_write */ 592 /* else do it later in ssl3_write */
599 593
600 s->init_num=0; 594 s->init_num = 0;
601 s->renegotiate=0; 595 s->renegotiate = 0;
602 s->new_session=0; 596 s->new_session = 0;
603 597
604 ssl_update_cache(s,SSL_SESS_CACHE_CLIENT); 598 ssl_update_cache(s, SSL_SESS_CACHE_CLIENT);
605 if (s->hit) s->ctx->stats.sess_hit++; 599 if (s->hit)
600 s->ctx->stats.sess_hit++;
606 601
607 ret=1; 602 ret = 1;
608 /* s->server=0; */ 603 /* s->server=0; */
609 s->handshake_func=ssl3_connect; 604 s->handshake_func = ssl3_connect;
610 s->ctx->stats.sess_connect_good++; 605 s->ctx->stats.sess_connect_good++;
611 606
612 if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1); 607 if (cb != NULL)
608 cb(s, SSL_CB_HANDSHAKE_DONE, 1);
613 609
614 goto end; 610 goto end;
615 /* break; */ 611 /* break; */
616 612
617 default: 613 default:
618 SSLerr(SSL_F_SSL3_CONNECT,SSL_R_UNKNOWN_STATE); 614 SSLerr(SSL_F_SSL3_CONNECT, SSL_R_UNKNOWN_STATE);
619 ret= -1; 615 ret = -1;
620 goto end; 616 goto end;
621 /* break; */ 617 /* break; */
622 } 618 }
623 619
624 /* did we do anything */ 620 /* did we do anything */
625 if (!s->s3->tmp.reuse_message && !skip) 621 if (!s->s3->tmp.reuse_message && !skip) {
626 { 622 if (s->debug) {
627 if (s->debug) 623 if ((ret = BIO_flush(s->wbio)) <= 0)
628 {
629 if ((ret=BIO_flush(s->wbio)) <= 0)
630 goto end; 624 goto end;
631 } 625 }
632 626
633 if ((cb != NULL) && (s->state != state)) 627 if ((cb != NULL) && (s->state != state)) {
634 { 628 new_state = s->state;
635 new_state=s->state; 629 s->state = state;
636 s->state=state; 630 cb(s, SSL_CB_CONNECT_LOOP, 1);
637 cb(s,SSL_CB_CONNECT_LOOP,1); 631 s->state = new_state;
638 s->state=new_state;
639 }
640 } 632 }
641 skip=0;
642 } 633 }
634 skip = 0;
635 }
643end: 636end:
644 s->in_handshake--; 637 s->in_handshake--;
645 if (buf != NULL) 638 if (buf != NULL)
646 BUF_MEM_free(buf); 639 BUF_MEM_free(buf);
647 if (cb != NULL) 640 if (cb != NULL)
648 cb(s,SSL_CB_CONNECT_EXIT,ret); 641 cb(s, SSL_CB_CONNECT_EXIT, ret);
649 return(ret); 642 return (ret);
650 } 643}
651 644
652 645
653int ssl3_client_hello(SSL *s) 646int
654 { 647ssl3_client_hello(SSL *s)
648{
655 unsigned char *buf; 649 unsigned char *buf;
656 unsigned char *p,*d; 650 unsigned char *p, *d;
657 int i; 651 int i;
658 unsigned long l; 652 unsigned long l;
659#ifndef OPENSSL_NO_COMP 653#ifndef OPENSSL_NO_COMP
@@ -661,31 +655,29 @@ int ssl3_client_hello(SSL *s)
661 SSL_COMP *comp; 655 SSL_COMP *comp;
662#endif 656#endif
663 657
664 buf=(unsigned char *)s->init_buf->data; 658 buf = (unsigned char *)s->init_buf->data;
665 if (s->state == SSL3_ST_CW_CLNT_HELLO_A) 659 if (s->state == SSL3_ST_CW_CLNT_HELLO_A) {
666 {
667 SSL_SESSION *sess = s->session; 660 SSL_SESSION *sess = s->session;
668 if ((sess == NULL) || 661 if ((sess == NULL) ||
669 (sess->ssl_version != s->version) || 662 (sess->ssl_version != s->version) ||
670#ifdef OPENSSL_NO_TLSEXT 663#ifdef OPENSSL_NO_TLSEXT
671 !sess->session_id_length || 664 !sess->session_id_length ||
672#else 665#else
673 (!sess->session_id_length && !sess->tlsext_tick) || 666 (!sess->session_id_length && !sess->tlsext_tick) ||
674#endif 667#endif
675 (sess->not_resumable)) 668 (sess->not_resumable)) {
676 { 669 if (!ssl_get_new_session(s, 0))
677 if (!ssl_get_new_session(s,0))
678 goto err; 670 goto err;
679 } 671 }
680 /* else use the pre-loaded session */ 672 /* else use the pre-loaded session */
681 673
682 p=s->s3->client_random; 674 p = s->s3->client_random;
683 675
684 if (ssl_fill_hello_random(s, 0, p, SSL3_RANDOM_SIZE) <= 0) 676 if (ssl_fill_hello_random(s, 0, p, SSL3_RANDOM_SIZE) <= 0)
685 goto err; 677 goto err;
686 678
687 /* Do the message type and length last */ 679 /* Do the message type and length last */
688 d=p= &(buf[4]); 680 d = p= &(buf[4]);
689 681
690 /* version indicates the negotiated version: for example from 682 /* version indicates the negotiated version: for example from
691 * an SSLv2/v3 compatible client hello). The client_version 683 * an SSLv2/v3 compatible client hello). The client_version
@@ -717,562 +709,510 @@ int ssl3_client_hello(SSL *s)
717 * the negotiated version. 709 * the negotiated version.
718 */ 710 */
719#if 0 711#if 0
720 *(p++)=s->version>>8; 712 *(p++) = s->version >> 8;
721 *(p++)=s->version&0xff; 713 *(p++) = s->version&0xff;
722 s->client_version=s->version; 714 s->client_version = s->version;
723#else 715#else
724 *(p++)=s->client_version>>8; 716 *(p++) = s->client_version >> 8;
725 *(p++)=s->client_version&0xff; 717 *(p++) = s->client_version&0xff;
726#endif 718#endif
727 719
728 /* Random stuff */ 720 /* Random stuff */
729 memcpy(p,s->s3->client_random,SSL3_RANDOM_SIZE); 721 memcpy(p, s->s3->client_random, SSL3_RANDOM_SIZE);
730 p+=SSL3_RANDOM_SIZE; 722 p += SSL3_RANDOM_SIZE;
731 723
732 /* Session ID */ 724 /* Session ID */
733 if (s->new_session) 725 if (s->new_session)
734 i=0; 726 i = 0;
735 else 727 else
736 i=s->session->session_id_length; 728 i = s->session->session_id_length;
737 *(p++)=i; 729 *(p++) = i;
738 if (i != 0) 730 if (i != 0) {
739 { 731 if (i > (int)sizeof(s->session->session_id)) {
740 if (i > (int)sizeof(s->session->session_id))
741 {
742 SSLerr(SSL_F_SSL3_CLIENT_HELLO, ERR_R_INTERNAL_ERROR); 732 SSLerr(SSL_F_SSL3_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
743 goto err; 733 goto err;
744 }
745 memcpy(p,s->session->session_id,i);
746 p+=i;
747 } 734 }
748 735 memcpy(p, s->session->session_id, i);
736 p += i;
737 }
738
749 /* Ciphers supported */ 739 /* Ciphers supported */
750 i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),&(p[2]),0); 740 i = ssl_cipher_list_to_bytes(s, SSL_get_ciphers(s), &(p[2]), 0);
751 if (i == 0) 741 if (i == 0) {
752 { 742 SSLerr(SSL_F_SSL3_CLIENT_HELLO, SSL_R_NO_CIPHERS_AVAILABLE);
753 SSLerr(SSL_F_SSL3_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE);
754 goto err; 743 goto err;
755 } 744 }
756#ifdef OPENSSL_MAX_TLS1_2_CIPHER_LENGTH 745#ifdef OPENSSL_MAX_TLS1_2_CIPHER_LENGTH
757 /* Some servers hang if client hello > 256 bytes 746 /* Some servers hang if client hello > 256 bytes
758 * as hack workaround chop number of supported ciphers 747 * as hack workaround chop number of supported ciphers
759 * to keep it well below this if we use TLS v1.2 748 * to keep it well below this if we use TLS v1.2
760 */ 749 */
761 if (TLS1_get_version(s) >= TLS1_2_VERSION 750 if (TLS1_get_version(s) >= TLS1_2_VERSION &&
762 && i > OPENSSL_MAX_TLS1_2_CIPHER_LENGTH) 751 i > OPENSSL_MAX_TLS1_2_CIPHER_LENGTH)
763 i = OPENSSL_MAX_TLS1_2_CIPHER_LENGTH & ~1; 752 i = OPENSSL_MAX_TLS1_2_CIPHER_LENGTH & ~1;
764#endif 753#endif
765 s2n(i,p); 754 s2n(i, p);
766 p+=i; 755 p += i;
767 756
768 /* COMPRESSION */ 757 /* COMPRESSION */
769#ifdef OPENSSL_NO_COMP 758#ifdef OPENSSL_NO_COMP
770 *(p++)=1; 759 *(p++) = 1;
771#else 760#else
772 761
773 if ((s->options & SSL_OP_NO_COMPRESSION) 762 if ((s->options & SSL_OP_NO_COMPRESSION) ||
774 || !s->ctx->comp_methods) 763 !s->ctx->comp_methods)
775 j=0; 764 j = 0;
776 else 765 else
777 j=sk_SSL_COMP_num(s->ctx->comp_methods); 766 j = sk_SSL_COMP_num(s->ctx->comp_methods);
778 *(p++)=1+j; 767 *(p++) = 1 + j;
779 for (i=0; i<j; i++) 768 for (i = 0; i < j; i++) {
780 { 769 comp = sk_SSL_COMP_value(s->ctx->comp_methods, i);
781 comp=sk_SSL_COMP_value(s->ctx->comp_methods,i); 770 *(p++) = comp->id;
782 *(p++)=comp->id; 771 }
783 }
784#endif 772#endif
785 *(p++)=0; /* Add the NULL method */ 773 *(p++) = 0; /* Add the NULL method */
786 774
787#ifndef OPENSSL_NO_TLSEXT 775#ifndef OPENSSL_NO_TLSEXT
788 /* TLS extensions*/ 776 /* TLS extensions*/
789 if (ssl_prepare_clienthello_tlsext(s) <= 0) 777 if (ssl_prepare_clienthello_tlsext(s) <= 0) {
790 { 778 SSLerr(SSL_F_SSL3_CLIENT_HELLO, SSL_R_CLIENTHELLO_TLSEXT);
791 SSLerr(SSL_F_SSL3_CLIENT_HELLO,SSL_R_CLIENTHELLO_TLSEXT);
792 goto err; 779 goto err;
793 } 780 }
794 if ((p = ssl_add_clienthello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) 781 if ((p = ssl_add_clienthello_tlsext(s, p, buf + SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) {
795 { 782 SSLerr(SSL_F_SSL3_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
796 SSLerr(SSL_F_SSL3_CLIENT_HELLO,ERR_R_INTERNAL_ERROR);
797 goto err; 783 goto err;
798 } 784 }
799#endif 785#endif
800
801 l=(p-d);
802 d=buf;
803 *(d++)=SSL3_MT_CLIENT_HELLO;
804 l2n3(l,d);
805 786
806 s->state=SSL3_ST_CW_CLNT_HELLO_B; 787 l = (p - d);
788 d = buf;
789 *(d++) = SSL3_MT_CLIENT_HELLO;
790 l2n3(l, d);
791
792 s->state = SSL3_ST_CW_CLNT_HELLO_B;
807 /* number of bytes to write */ 793 /* number of bytes to write */
808 s->init_num=p-buf; 794 s->init_num = p - buf;
809 s->init_off=0; 795 s->init_off = 0;
810 } 796 }
811 797
812 /* SSL3_ST_CW_CLNT_HELLO_B */ 798 /* SSL3_ST_CW_CLNT_HELLO_B */
813 return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); 799 return (ssl3_do_write(s, SSL3_RT_HANDSHAKE));
814err: 800err:
815 return(-1); 801 return (-1);
816 } 802}
817 803
818int ssl3_get_server_hello(SSL *s) 804int
819 { 805ssl3_get_server_hello(SSL *s)
806{
820 STACK_OF(SSL_CIPHER) *sk; 807 STACK_OF(SSL_CIPHER) *sk;
821 const SSL_CIPHER *c; 808 const SSL_CIPHER *c;
822 unsigned char *p,*d; 809 unsigned char *p, *d;
823 int i,al,ok; 810 int i, al, ok;
824 unsigned int j; 811 unsigned int j;
825 long n; 812 long n;
826#ifndef OPENSSL_NO_COMP 813#ifndef OPENSSL_NO_COMP
827 SSL_COMP *comp; 814 SSL_COMP *comp;
828#endif 815#endif
829 816
830 n=s->method->ssl_get_message(s, 817 n = s->method->ssl_get_message(s, SSL3_ST_CR_SRVR_HELLO_A,
831 SSL3_ST_CR_SRVR_HELLO_A, 818 SSL3_ST_CR_SRVR_HELLO_B, -1, 20000, /* ?? */ &ok);
832 SSL3_ST_CR_SRVR_HELLO_B,
833 -1,
834 20000, /* ?? */
835 &ok);
836 819
837 if (!ok) return((int)n); 820 if (!ok)
821 return ((int)n);
838 822
839 if ( SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER) 823 if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER) {
840 { 824 if (s->s3->tmp.message_type == DTLS1_MT_HELLO_VERIFY_REQUEST) {
841 if ( s->s3->tmp.message_type == DTLS1_MT_HELLO_VERIFY_REQUEST) 825 if (s->d1->send_cookie == 0) {
842 {
843 if ( s->d1->send_cookie == 0)
844 {
845 s->s3->tmp.reuse_message = 1; 826 s->s3->tmp.reuse_message = 1;
846 return 1; 827 return 1;
847 } 828 }
848 else /* already sent a cookie */ 829 else /* already sent a cookie */
849 { 830 {
850 al=SSL_AD_UNEXPECTED_MESSAGE; 831 al = SSL_AD_UNEXPECTED_MESSAGE;
851 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_BAD_MESSAGE_TYPE); 832 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_BAD_MESSAGE_TYPE);
852 goto f_err; 833 goto f_err;
853 }
854 } 834 }
855 } 835 }
856 836 }
857 if ( s->s3->tmp.message_type != SSL3_MT_SERVER_HELLO) 837
858 { 838 if (s->s3->tmp.message_type != SSL3_MT_SERVER_HELLO) {
859 al=SSL_AD_UNEXPECTED_MESSAGE; 839 al = SSL_AD_UNEXPECTED_MESSAGE;
860 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_BAD_MESSAGE_TYPE); 840 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_BAD_MESSAGE_TYPE);
861 goto f_err; 841 goto f_err;
862 } 842 }
863 843
864 d=p=(unsigned char *)s->init_msg; 844 d = p=(unsigned char *)s->init_msg;
865 845
866 if ((p[0] != (s->version>>8)) || (p[1] != (s->version&0xff))) 846 if ((p[0] != (s->version >> 8)) || (p[1] != (s->version & 0xff))) {
867 { 847 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_WRONG_SSL_VERSION);
868 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_WRONG_SSL_VERSION); 848 s->version = (s->version&0xff00)|p[1];
869 s->version=(s->version&0xff00)|p[1]; 849 al = SSL_AD_PROTOCOL_VERSION;
870 al=SSL_AD_PROTOCOL_VERSION;
871 goto f_err; 850 goto f_err;
872 } 851 }
873 p+=2; 852 p += 2;
874 853
875 /* load the server hello data */ 854 /* load the server hello data */
876 /* load the server random */ 855 /* load the server random */
877 memcpy(s->s3->server_random,p,SSL3_RANDOM_SIZE); 856 memcpy(s->s3->server_random, p, SSL3_RANDOM_SIZE);
878 p+=SSL3_RANDOM_SIZE; 857 p += SSL3_RANDOM_SIZE;
879 858
880 /* get the session-id */ 859 /* get the session-id */
881 j= *(p++); 860 j= *(p++);
882 861
883 if ((j > sizeof s->session->session_id) || (j > SSL3_SESSION_ID_SIZE)) 862 if ((j > sizeof s->session->session_id) || (j > SSL3_SESSION_ID_SIZE)) {
884 { 863 al = SSL_AD_ILLEGAL_PARAMETER;
885 al=SSL_AD_ILLEGAL_PARAMETER; 864 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_SSL3_SESSION_ID_TOO_LONG);
886 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_SSL3_SESSION_ID_TOO_LONG);
887 goto f_err; 865 goto f_err;
888 } 866 }
889 867
890#ifndef OPENSSL_NO_TLSEXT 868#ifndef OPENSSL_NO_TLSEXT
891 /* check if we want to resume the session based on external pre-shared secret */ 869 /* check if we want to resume the session based on external pre-shared secret */
892 if (s->version >= TLS1_VERSION && s->tls_session_secret_cb) 870 if (s->version >= TLS1_VERSION && s->tls_session_secret_cb) {
893 { 871 SSL_CIPHER *pref_cipher = NULL;
894 SSL_CIPHER *pref_cipher=NULL; 872 s->session->master_key_length = sizeof(s->session->master_key);
895 s->session->master_key_length=sizeof(s->session->master_key);
896 if (s->tls_session_secret_cb(s, s->session->master_key, 873 if (s->tls_session_secret_cb(s, s->session->master_key,
897 &s->session->master_key_length, 874 &s->session->master_key_length, NULL, &pref_cipher,
898 NULL, &pref_cipher, 875 s->tls_session_secret_cb_arg)) {
899 s->tls_session_secret_cb_arg))
900 {
901 s->session->cipher = pref_cipher ? 876 s->session->cipher = pref_cipher ?
902 pref_cipher : ssl_get_cipher_by_char(s, p+j); 877 pref_cipher : ssl_get_cipher_by_char(s, p + j);
903 }
904 } 878 }
879 }
905#endif /* OPENSSL_NO_TLSEXT */ 880#endif /* OPENSSL_NO_TLSEXT */
906 881
907 if (j != 0 && j == s->session->session_id_length 882 if (j != 0 && j == s->session->session_id_length &&
908 && memcmp(p,s->session->session_id,j) == 0) 883 memcmp(p, s->session->session_id, j) == 0) {
909 { 884 if (s->sid_ctx_length != s->session->sid_ctx_length ||
910 if(s->sid_ctx_length != s->session->sid_ctx_length 885 memcmp(s->session->sid_ctx, s->sid_ctx, s->sid_ctx_length)) {
911 || memcmp(s->session->sid_ctx,s->sid_ctx,s->sid_ctx_length)) 886 /* actually a client application bug */
912 { 887 al = SSL_AD_ILLEGAL_PARAMETER;
913 /* actually a client application bug */ 888 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT);
914 al=SSL_AD_ILLEGAL_PARAMETER; 889 goto f_err;
915 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT);
916 goto f_err;
917 } 890 }
918 s->hit=1; 891 s->hit = 1;
919 } 892 }
920 else /* a miss or crap from the other end */ 893 else /* a miss or crap from the other end */
921 { 894 {
922 /* If we were trying for session-id reuse, make a new 895 /* If we were trying for session-id reuse, make a new
923 * SSL_SESSION so we don't stuff up other people */ 896 * SSL_SESSION so we don't stuff up other people */
924 s->hit=0; 897 s->hit = 0;
925 if (s->session->session_id_length > 0) 898 if (s->session->session_id_length > 0) {
926 { 899 if (!ssl_get_new_session(s, 0)) {
927 if (!ssl_get_new_session(s,0)) 900 al = SSL_AD_INTERNAL_ERROR;
928 {
929 al=SSL_AD_INTERNAL_ERROR;
930 goto f_err; 901 goto f_err;
931 }
932 } 902 }
933 s->session->session_id_length=j;
934 memcpy(s->session->session_id,p,j); /* j could be 0 */
935 } 903 }
936 p+=j; 904 s->session->session_id_length = j;
937 c=ssl_get_cipher_by_char(s,p); 905 memcpy(s->session->session_id,p,j); /* j could be 0 */
938 if (c == NULL) 906 }
939 { 907 p += j;
908 c = ssl_get_cipher_by_char(s, p);
909 if (c == NULL) {
940 /* unknown cipher */ 910 /* unknown cipher */
941 al=SSL_AD_ILLEGAL_PARAMETER; 911 al = SSL_AD_ILLEGAL_PARAMETER;
942 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_UNKNOWN_CIPHER_RETURNED); 912 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_UNKNOWN_CIPHER_RETURNED);
943 goto f_err; 913 goto f_err;
944 } 914 }
945 /* TLS v1.2 only ciphersuites require v1.2 or later */ 915 /* TLS v1.2 only ciphersuites require v1.2 or later */
946 if ((c->algorithm_ssl & SSL_TLSV1_2) && 916 if ((c->algorithm_ssl & SSL_TLSV1_2) &&
947 (TLS1_get_version(s) < TLS1_2_VERSION)) 917 (TLS1_get_version(s) < TLS1_2_VERSION)) {
948 { 918 al = SSL_AD_ILLEGAL_PARAMETER;
949 al=SSL_AD_ILLEGAL_PARAMETER; 919 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_WRONG_CIPHER_RETURNED);
950 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_WRONG_CIPHER_RETURNED);
951 goto f_err; 920 goto f_err;
952 } 921 }
953 p+=ssl_put_cipher_by_char(s,NULL,NULL); 922 p += ssl_put_cipher_by_char(s, NULL, NULL);
954 923
955 sk=ssl_get_ciphers_by_id(s); 924 sk = ssl_get_ciphers_by_id(s);
956 i=sk_SSL_CIPHER_find(sk,c); 925 i = sk_SSL_CIPHER_find(sk, c);
957 if (i < 0) 926 if (i < 0) {
958 {
959 /* we did not say we would use this cipher */ 927 /* we did not say we would use this cipher */
960 al=SSL_AD_ILLEGAL_PARAMETER; 928 al = SSL_AD_ILLEGAL_PARAMETER;
961 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_WRONG_CIPHER_RETURNED); 929 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_WRONG_CIPHER_RETURNED);
962 goto f_err; 930 goto f_err;
963 } 931 }
964 932
965 /* Depending on the session caching (internal/external), the cipher 933 /* Depending on the session caching (internal/external), the cipher
966 and/or cipher_id values may not be set. Make sure that 934 and/or cipher_id values may not be set. Make sure that
967 cipher_id is set and use it for comparison. */ 935 cipher_id is set and use it for comparison. */
968 if (s->session->cipher) 936 if (s->session->cipher)
969 s->session->cipher_id = s->session->cipher->id; 937 s->session->cipher_id = s->session->cipher->id;
970 if (s->hit && (s->session->cipher_id != c->id)) 938 if (s->hit && (s->session->cipher_id != c->id)) {
971 {
972/* Workaround is now obsolete */ 939/* Workaround is now obsolete */
973#if 0 940#if 0
974 if (!(s->options & 941 if (!(s->options & SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG))
975 SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG))
976#endif 942#endif
977 { 943 {
978 al=SSL_AD_ILLEGAL_PARAMETER; 944 al = SSL_AD_ILLEGAL_PARAMETER;
979 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED); 945 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED);
980 goto f_err; 946 goto f_err;
981 }
982 } 947 }
983 s->s3->tmp.new_cipher=c; 948 }
949 s->s3->tmp.new_cipher = c;
984 /* Don't digest cached records if TLS v1.2: we may need them for 950 /* Don't digest cached records if TLS v1.2: we may need them for
985 * client authentication. 951 * client authentication.
986 */ 952 */
987 if (TLS1_get_version(s) < TLS1_2_VERSION && !ssl3_digest_cached_records(s)) 953 if (TLS1_get_version(s) < TLS1_2_VERSION && !ssl3_digest_cached_records(s)) {
988 {
989 al = SSL_AD_INTERNAL_ERROR; 954 al = SSL_AD_INTERNAL_ERROR;
990 goto f_err; 955 goto f_err;
991 } 956 }
992 /* lets get the compression algorithm */ 957 /* lets get the compression algorithm */
993 /* COMPRESSION */ 958 /* COMPRESSION */
994#ifdef OPENSSL_NO_COMP 959#ifdef OPENSSL_NO_COMP
995 if (*(p++) != 0) 960 if (*(p++) != 0) {
996 { 961 al = SSL_AD_ILLEGAL_PARAMETER;
997 al=SSL_AD_ILLEGAL_PARAMETER; 962 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
998 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
999 goto f_err; 963 goto f_err;
1000 } 964 }
1001 /* If compression is disabled we'd better not try to resume a session 965 /* If compression is disabled we'd better not try to resume a session
1002 * using compression. 966 * using compression.
1003 */ 967 */
1004 if (s->session->compress_meth != 0) 968 if (s->session->compress_meth != 0) {
1005 { 969 al = SSL_AD_INTERNAL_ERROR;
1006 al=SSL_AD_INTERNAL_ERROR; 970 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_INCONSISTENT_COMPRESSION);
1007 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_INCONSISTENT_COMPRESSION);
1008 goto f_err; 971 goto f_err;
1009 } 972 }
1010#else 973#else
1011 j= *(p++); 974 j= *(p++);
1012 if (s->hit && j != s->session->compress_meth) 975 if (s->hit && j != s->session->compress_meth) {
1013 { 976 al = SSL_AD_ILLEGAL_PARAMETER;
1014 al=SSL_AD_ILLEGAL_PARAMETER; 977 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED);
1015 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED);
1016 goto f_err; 978 goto f_err;
1017 } 979 }
1018 if (j == 0) 980 if (j == 0)
1019 comp=NULL; 981 comp = NULL;
1020 else if (s->options & SSL_OP_NO_COMPRESSION) 982 else if (s->options & SSL_OP_NO_COMPRESSION) {
1021 { 983 al = SSL_AD_ILLEGAL_PARAMETER;
1022 al=SSL_AD_ILLEGAL_PARAMETER; 984 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_COMPRESSION_DISABLED);
1023 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_COMPRESSION_DISABLED);
1024 goto f_err; 985 goto f_err;
1025 } 986 } else
1026 else 987 comp = ssl3_comp_find(s->ctx->comp_methods, j);
1027 comp=ssl3_comp_find(s->ctx->comp_methods,j); 988
1028 989 if ((j != 0) && (comp == NULL)) {
1029 if ((j != 0) && (comp == NULL)) 990 al = SSL_AD_ILLEGAL_PARAMETER;
1030 { 991 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
1031 al=SSL_AD_ILLEGAL_PARAMETER;
1032 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
1033 goto f_err; 992 goto f_err;
1034 } 993 } else {
1035 else 994 s->s3->tmp.new_compression = comp;
1036 { 995 }
1037 s->s3->tmp.new_compression=comp;
1038 }
1039#endif 996#endif
1040 997
1041#ifndef OPENSSL_NO_TLSEXT 998#ifndef OPENSSL_NO_TLSEXT
1042 /* TLS extensions*/ 999 /* TLS extensions*/
1043 if (s->version >= SSL3_VERSION) 1000 if (s->version >= SSL3_VERSION) {
1044 { 1001 if (!ssl_parse_serverhello_tlsext(s, &p, d, n, &al)) {
1045 if (!ssl_parse_serverhello_tlsext(s,&p,d,n, &al))
1046 {
1047 /* 'al' set by ssl_parse_serverhello_tlsext */ 1002 /* 'al' set by ssl_parse_serverhello_tlsext */
1048 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_PARSE_TLSEXT); 1003 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_PARSE_TLSEXT);
1049 goto f_err; 1004 goto f_err;
1050 } 1005
1051 if (ssl_check_serverhello_tlsext(s) <= 0)
1052 {
1053 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_SERVERHELLO_TLSEXT);
1054 goto err;
1055 }
1056 } 1006 }
1007 if (ssl_check_serverhello_tlsext(s) <= 0) {
1008 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_SERVERHELLO_TLSEXT);
1009 goto err;
1010 }
1011 }
1057#endif 1012#endif
1058 1013
1059 if (p != (d+n)) 1014 if (p != (d + n)) {
1060 {
1061 /* wrong packet length */ 1015 /* wrong packet length */
1062 al=SSL_AD_DECODE_ERROR; 1016 al = SSL_AD_DECODE_ERROR;
1063 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_BAD_PACKET_LENGTH); 1017 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_BAD_PACKET_LENGTH);
1064 goto f_err; 1018 goto f_err;
1065 } 1019 }
1066 1020
1067 return(1); 1021 return (1);
1068f_err: 1022f_err:
1069 ssl3_send_alert(s,SSL3_AL_FATAL,al); 1023 ssl3_send_alert(s, SSL3_AL_FATAL, al);
1070err: 1024err:
1071 return(-1); 1025 return (-1);
1072 } 1026}
1073 1027
1074int ssl3_get_server_certificate(SSL *s) 1028int
1075 { 1029ssl3_get_server_certificate(SSL *s)
1076 int al,i,ok,ret= -1; 1030{
1077 unsigned long n,nc,llen,l; 1031 int al, i, ok, ret = -1;
1078 X509 *x=NULL; 1032 unsigned long n, nc, llen, l;
1079 const unsigned char *q,*p; 1033 X509 *x = NULL;
1034 const unsigned char *q, *p;
1080 unsigned char *d; 1035 unsigned char *d;
1081 STACK_OF(X509) *sk=NULL; 1036 STACK_OF(X509) *sk = NULL;
1082 SESS_CERT *sc; 1037 SESS_CERT *sc;
1083 EVP_PKEY *pkey=NULL; 1038 EVP_PKEY *pkey = NULL;
1084 int need_cert = 1; /* VRS: 0=> will allow null cert if auth == KRB5 */ 1039 int need_cert = 1; /* VRS: 0=> will allow null cert if auth == KRB5 */
1085 1040
1086 n=s->method->ssl_get_message(s, 1041 n = s->method->ssl_get_message(s, SSL3_ST_CR_CERT_A,
1087 SSL3_ST_CR_CERT_A, 1042 SSL3_ST_CR_CERT_B, -1, s->max_cert_list, &ok);
1088 SSL3_ST_CR_CERT_B,
1089 -1,
1090 s->max_cert_list,
1091 &ok);
1092 1043
1093 if (!ok) return((int)n); 1044 if (!ok)
1045 return ((int)n);
1094 1046
1095 if ((s->s3->tmp.message_type == SSL3_MT_SERVER_KEY_EXCHANGE) || 1047 if ((s->s3->tmp.message_type == SSL3_MT_SERVER_KEY_EXCHANGE) ||
1096 ((s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5) && 1048 ((s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5) &&
1097 (s->s3->tmp.message_type == SSL3_MT_SERVER_DONE))) 1049 (s->s3->tmp.message_type == SSL3_MT_SERVER_DONE))) {
1098 { 1050 s->s3->tmp.reuse_message = 1;
1099 s->s3->tmp.reuse_message=1; 1051 return (1);
1100 return(1); 1052 }
1101 }
1102 1053
1103 if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE) 1054 if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE) {
1104 { 1055 al = SSL_AD_UNEXPECTED_MESSAGE;
1105 al=SSL_AD_UNEXPECTED_MESSAGE; 1056 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, SSL_R_BAD_MESSAGE_TYPE);
1106 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_BAD_MESSAGE_TYPE);
1107 goto f_err; 1057 goto f_err;
1108 } 1058 }
1109 p=d=(unsigned char *)s->init_msg; 1059 p = d = (unsigned char *)s->init_msg;
1110 1060
1111 if ((sk=sk_X509_new_null()) == NULL) 1061 if ((sk = sk_X509_new_null()) == NULL) {
1112 { 1062 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, ERR_R_MALLOC_FAILURE);
1113 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,ERR_R_MALLOC_FAILURE);
1114 goto err; 1063 goto err;
1115 } 1064 }
1116 1065
1117 n2l3(p,llen); 1066 n2l3(p, llen);
1118 if (llen+3 != n) 1067 if (llen + 3 != n) {
1119 { 1068 al = SSL_AD_DECODE_ERROR;
1120 al=SSL_AD_DECODE_ERROR; 1069 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, SSL_R_LENGTH_MISMATCH);
1121 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_LENGTH_MISMATCH);
1122 goto f_err; 1070 goto f_err;
1123 } 1071 }
1124 for (nc=0; nc<llen; ) 1072 for (nc = 0; nc < llen; ) {
1125 { 1073 n2l3(p, l);
1126 n2l3(p,l); 1074 if ((l + nc + 3) > llen) {
1127 if ((l+nc+3) > llen) 1075 al = SSL_AD_DECODE_ERROR;
1128 { 1076 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, SSL_R_CERT_LENGTH_MISMATCH);
1129 al=SSL_AD_DECODE_ERROR;
1130 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_CERT_LENGTH_MISMATCH);
1131 goto f_err; 1077 goto f_err;
1132 } 1078 }
1133 1079
1134 q=p; 1080 q = p;
1135 x=d2i_X509(NULL,&q,l); 1081 x = d2i_X509(NULL, &q, l);
1136 if (x == NULL) 1082 if (x == NULL) {
1137 { 1083 al = SSL_AD_BAD_CERTIFICATE;
1138 al=SSL_AD_BAD_CERTIFICATE; 1084 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, ERR_R_ASN1_LIB);
1139 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,ERR_R_ASN1_LIB);
1140 goto f_err; 1085 goto f_err;
1141 } 1086 }
1142 if (q != (p+l)) 1087 if (q != (p + l)) {
1143 { 1088 al = SSL_AD_DECODE_ERROR;
1144 al=SSL_AD_DECODE_ERROR; 1089 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, SSL_R_CERT_LENGTH_MISMATCH);
1145 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_CERT_LENGTH_MISMATCH);
1146 goto f_err; 1090 goto f_err;
1147 } 1091 }
1148 if (!sk_X509_push(sk,x)) 1092 if (!sk_X509_push(sk, x)) {
1149 { 1093 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, ERR_R_MALLOC_FAILURE);
1150 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,ERR_R_MALLOC_FAILURE);
1151 goto err; 1094 goto err;
1152 }
1153 x=NULL;
1154 nc+=l+3;
1155 p=q;
1156 } 1095 }
1096 x = NULL;
1097 nc += l + 3;
1098 p = q;
1099 }
1157 1100
1158 i=ssl_verify_cert_chain(s,sk); 1101 i = ssl_verify_cert_chain(s, sk);
1159 if ((s->verify_mode != SSL_VERIFY_NONE) && (i <= 0) 1102 if ((s->verify_mode != SSL_VERIFY_NONE) && (i <= 0)
1160#ifndef OPENSSL_NO_KRB5 1103#ifndef OPENSSL_NO_KRB5
1161 && !((s->s3->tmp.new_cipher->algorithm_mkey & SSL_kKRB5) && 1104 && !((s->s3->tmp.new_cipher->algorithm_mkey & SSL_kKRB5) &&
1162 (s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5)) 1105 (s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5))
1163#endif /* OPENSSL_NO_KRB5 */ 1106#endif /* OPENSSL_NO_KRB5 */
1164 ) 1107 ) {
1165 { 1108 al = ssl_verify_alarm_type(s->verify_result);
1166 al=ssl_verify_alarm_type(s->verify_result); 1109 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, SSL_R_CERTIFICATE_VERIFY_FAILED);
1167 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_CERTIFICATE_VERIFY_FAILED); 1110 goto f_err;
1168 goto f_err; 1111
1169 } 1112 }
1170 ERR_clear_error(); /* but we keep s->verify_result */ 1113 ERR_clear_error(); /* but we keep s->verify_result */
1171 1114
1172 sc=ssl_sess_cert_new(); 1115 sc = ssl_sess_cert_new();
1173 if (sc == NULL) goto err; 1116 if (sc == NULL)
1117 goto err;
1174 1118
1175 if (s->session->sess_cert) ssl_sess_cert_free(s->session->sess_cert); 1119 if (s->session->sess_cert)
1176 s->session->sess_cert=sc; 1120 ssl_sess_cert_free(s->session->sess_cert);
1121 s->session->sess_cert = sc;
1177 1122
1178 sc->cert_chain=sk; 1123 sc->cert_chain = sk;
1179 /* Inconsistency alert: cert_chain does include the peer's 1124 /* Inconsistency alert: cert_chain does include the peer's
1180 * certificate, which we don't include in s3_srvr.c */ 1125 * certificate, which we don't include in s3_srvr.c */
1181 x=sk_X509_value(sk,0); 1126 x = sk_X509_value(sk, 0);
1182 sk=NULL; 1127 sk = NULL;
1183 /* VRS 19990621: possible memory leak; sk=null ==> !sk_pop_free() @end*/ 1128 /* VRS 19990621: possible memory leak; sk=null ==> !sk_pop_free() @end*/
1184 1129
1185 pkey=X509_get_pubkey(x); 1130 pkey = X509_get_pubkey(x);
1186 1131
1187 /* VRS: allow null cert if auth == KRB5 */ 1132 /* VRS: allow null cert if auth == KRB5 */
1188 need_cert = ((s->s3->tmp.new_cipher->algorithm_mkey & SSL_kKRB5) && 1133 need_cert = ((s->s3->tmp.new_cipher->algorithm_mkey & SSL_kKRB5) &&
1189 (s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5)) 1134 (s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5))
1190 ? 0 : 1; 1135 ? 0 : 1;
1191 1136
1192#ifdef KSSL_DEBUG 1137#ifdef KSSL_DEBUG
1193 printf("pkey,x = %p, %p\n", pkey,x); 1138 printf("pkey, x = %p, %p\n", pkey, x);
1194 printf("ssl_cert_type(x,pkey) = %d\n", ssl_cert_type(x,pkey)); 1139 printf("ssl_cert_type(x, pkey) = %d\n", ssl_cert_type(x, pkey));
1195 printf("cipher, alg, nc = %s, %lx, %lx, %d\n", s->s3->tmp.new_cipher->name, 1140 printf("cipher, alg, nc = %s, %lx, %lx, %d\n", s->s3->tmp.new_cipher->name,
1196 s->s3->tmp.new_cipher->algorithm_mkey, s->s3->tmp.new_cipher->algorithm_auth, need_cert); 1141 s->s3->tmp.new_cipher->algorithm_mkey, s->s3->tmp.new_cipher->algorithm_auth, need_cert);
1197#endif /* KSSL_DEBUG */ 1142#endif /* KSSL_DEBUG */
1198 1143
1199 if (need_cert && ((pkey == NULL) || EVP_PKEY_missing_parameters(pkey))) 1144 if (need_cert && ((pkey == NULL) || EVP_PKEY_missing_parameters(pkey))) {
1200 { 1145 x = NULL;
1201 x=NULL; 1146 al = SSL3_AL_FATAL;
1202 al=SSL3_AL_FATAL;
1203 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, 1147 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,
1204 SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS); 1148 SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS);
1205 goto f_err; 1149 goto f_err;
1206 } 1150 }
1207 1151
1208 i=ssl_cert_type(x,pkey); 1152 i = ssl_cert_type(x, pkey);
1209 if (need_cert && i < 0) 1153 if (need_cert && i < 0) {
1210 { 1154 x = NULL;
1211 x=NULL; 1155 al = SSL3_AL_FATAL;
1212 al=SSL3_AL_FATAL;
1213 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, 1156 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,
1214 SSL_R_UNKNOWN_CERTIFICATE_TYPE); 1157 SSL_R_UNKNOWN_CERTIFICATE_TYPE);
1215 goto f_err; 1158 goto f_err;
1216 } 1159 }
1217 1160
1218 if (need_cert) 1161 if (need_cert) {
1219 { 1162 sc->peer_cert_type = i;
1220 sc->peer_cert_type=i; 1163 CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
1221 CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509);
1222 /* Why would the following ever happen? 1164 /* Why would the following ever happen?
1223 * We just created sc a couple of lines ago. */ 1165 * We just created sc a couple of lines ago. */
1224 if (sc->peer_pkeys[i].x509 != NULL) 1166 if (sc->peer_pkeys[i].x509 != NULL)
1225 X509_free(sc->peer_pkeys[i].x509); 1167 X509_free(sc->peer_pkeys[i].x509);
1226 sc->peer_pkeys[i].x509=x; 1168 sc->peer_pkeys[i].x509 = x;
1227 sc->peer_key= &(sc->peer_pkeys[i]); 1169 sc->peer_key = &(sc->peer_pkeys[i]);
1228 1170
1229 if (s->session->peer != NULL) 1171 if (s->session->peer != NULL)
1230 X509_free(s->session->peer); 1172 X509_free(s->session->peer);
1231 CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509); 1173 CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
1232 s->session->peer=x; 1174 s->session->peer = x;
1233 } 1175 } else {
1234 else 1176 sc->peer_cert_type = i;
1235 { 1177 sc->peer_key = NULL;
1236 sc->peer_cert_type=i;
1237 sc->peer_key= NULL;
1238 1178
1239 if (s->session->peer != NULL) 1179 if (s->session->peer != NULL)
1240 X509_free(s->session->peer); 1180 X509_free(s->session->peer);
1241 s->session->peer=NULL; 1181 s->session->peer = NULL;
1242 } 1182 }
1243 s->session->verify_result = s->verify_result; 1183 s->session->verify_result = s->verify_result;
1244 1184
1245 x=NULL; 1185 x = NULL;
1246 ret=1; 1186 ret = 1;
1247 1187
1248 if (0) 1188 if (0) {
1249 {
1250f_err: 1189f_err:
1251 ssl3_send_alert(s,SSL3_AL_FATAL,al); 1190 ssl3_send_alert(s, SSL3_AL_FATAL, al);
1252 } 1191 }
1253err: 1192err:
1254 EVP_PKEY_free(pkey); 1193 EVP_PKEY_free(pkey);
1255 X509_free(x); 1194 X509_free(x);
1256 sk_X509_pop_free(sk,X509_free); 1195 sk_X509_pop_free(sk, X509_free);
1257 return(ret); 1196 return (ret);
1258 } 1197}
1259 1198
1260int ssl3_get_key_exchange(SSL *s) 1199int
1261 { 1200ssl3_get_key_exchange(SSL *s)
1201{
1262#ifndef OPENSSL_NO_RSA 1202#ifndef OPENSSL_NO_RSA
1263 unsigned char *q,md_buf[EVP_MAX_MD_SIZE*2]; 1203 unsigned char *q, md_buf[EVP_MAX_MD_SIZE*2];
1264#endif 1204#endif
1265 EVP_MD_CTX md_ctx; 1205 EVP_MD_CTX md_ctx;
1266 unsigned char *param,*p; 1206 unsigned char *param, *p;
1267 int al,i,j,param_len,ok; 1207 int al, i, j, param_len, ok;
1268 long n,alg_k,alg_a; 1208 long n, alg_k, alg_a;
1269 EVP_PKEY *pkey=NULL; 1209 EVP_PKEY *pkey = NULL;
1270 const EVP_MD *md = NULL; 1210 const EVP_MD *md = NULL;
1271#ifndef OPENSSL_NO_RSA 1211#ifndef OPENSSL_NO_RSA
1272 RSA *rsa=NULL; 1212 RSA *rsa = NULL;
1273#endif 1213#endif
1274#ifndef OPENSSL_NO_DH 1214#ifndef OPENSSL_NO_DH
1275 DH *dh=NULL; 1215 DH *dh = NULL;
1276#endif 1216#endif
1277#ifndef OPENSSL_NO_ECDH 1217#ifndef OPENSSL_NO_ECDH
1278 EC_KEY *ecdh = NULL; 1218 EC_KEY *ecdh = NULL;
@@ -1284,336 +1224,291 @@ int ssl3_get_key_exchange(SSL *s)
1284 1224
1285 /* use same message size as in ssl3_get_certificate_request() 1225 /* use same message size as in ssl3_get_certificate_request()
1286 * as ServerKeyExchange message may be skipped */ 1226 * as ServerKeyExchange message may be skipped */
1287 n=s->method->ssl_get_message(s, 1227 n = s->method->ssl_get_message(s, SSL3_ST_CR_KEY_EXCH_A,
1288 SSL3_ST_CR_KEY_EXCH_A, 1228 SSL3_ST_CR_KEY_EXCH_B, -1, s->max_cert_list, &ok);
1289 SSL3_ST_CR_KEY_EXCH_B, 1229 if (!ok)
1290 -1, 1230 return ((int)n);
1291 s->max_cert_list, 1231
1292 &ok); 1232 if (s->s3->tmp.message_type != SSL3_MT_SERVER_KEY_EXCHANGE) {
1293 if (!ok) return((int)n);
1294
1295 if (s->s3->tmp.message_type != SSL3_MT_SERVER_KEY_EXCHANGE)
1296 {
1297#ifndef OPENSSL_NO_PSK 1233#ifndef OPENSSL_NO_PSK
1298 /* In plain PSK ciphersuite, ServerKeyExchange can be 1234 /* In plain PSK ciphersuite, ServerKeyExchange can be
1299 omitted if no identity hint is sent. Set 1235 omitted if no identity hint is sent. Set
1300 session->sess_cert anyway to avoid problems 1236 session->sess_cert anyway to avoid problems
1301 later.*/ 1237 later.*/
1302 if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK) 1238 if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK) {
1303 { 1239 s->session->sess_cert = ssl_sess_cert_new();
1304 s->session->sess_cert=ssl_sess_cert_new();
1305 if (s->ctx->psk_identity_hint) 1240 if (s->ctx->psk_identity_hint)
1306 OPENSSL_free(s->ctx->psk_identity_hint); 1241 OPENSSL_free(s->ctx->psk_identity_hint);
1307 s->ctx->psk_identity_hint = NULL; 1242 s->ctx->psk_identity_hint = NULL;
1308 }
1309#endif
1310 s->s3->tmp.reuse_message=1;
1311 return(1);
1312 } 1243 }
1244#endif
1245 s->s3->tmp.reuse_message = 1;
1246 return (1);
1247 }
1313 1248
1314 param=p=(unsigned char *)s->init_msg; 1249 param = p = (unsigned char *)s->init_msg;
1315 if (s->session->sess_cert != NULL) 1250 if (s->session->sess_cert != NULL) {
1316 {
1317#ifndef OPENSSL_NO_RSA 1251#ifndef OPENSSL_NO_RSA
1318 if (s->session->sess_cert->peer_rsa_tmp != NULL) 1252 if (s->session->sess_cert->peer_rsa_tmp != NULL) {
1319 {
1320 RSA_free(s->session->sess_cert->peer_rsa_tmp); 1253 RSA_free(s->session->sess_cert->peer_rsa_tmp);
1321 s->session->sess_cert->peer_rsa_tmp=NULL; 1254 s->session->sess_cert->peer_rsa_tmp = NULL;
1322 } 1255 }
1323#endif 1256#endif
1324#ifndef OPENSSL_NO_DH 1257#ifndef OPENSSL_NO_DH
1325 if (s->session->sess_cert->peer_dh_tmp) 1258 if (s->session->sess_cert->peer_dh_tmp) {
1326 {
1327 DH_free(s->session->sess_cert->peer_dh_tmp); 1259 DH_free(s->session->sess_cert->peer_dh_tmp);
1328 s->session->sess_cert->peer_dh_tmp=NULL; 1260 s->session->sess_cert->peer_dh_tmp = NULL;
1329 } 1261 }
1330#endif 1262#endif
1331#ifndef OPENSSL_NO_ECDH 1263#ifndef OPENSSL_NO_ECDH
1332 if (s->session->sess_cert->peer_ecdh_tmp) 1264 if (s->session->sess_cert->peer_ecdh_tmp) {
1333 {
1334 EC_KEY_free(s->session->sess_cert->peer_ecdh_tmp); 1265 EC_KEY_free(s->session->sess_cert->peer_ecdh_tmp);
1335 s->session->sess_cert->peer_ecdh_tmp=NULL; 1266 s->session->sess_cert->peer_ecdh_tmp = NULL;
1336 }
1337#endif
1338 }
1339 else
1340 {
1341 s->session->sess_cert=ssl_sess_cert_new();
1342 } 1267 }
1268#endif
1269 } else {
1270 s->session->sess_cert = ssl_sess_cert_new();
1271 }
1343 1272
1344 param_len=0; 1273 param_len = 0;
1345 alg_k=s->s3->tmp.new_cipher->algorithm_mkey; 1274 alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
1346 alg_a=s->s3->tmp.new_cipher->algorithm_auth; 1275 alg_a = s->s3->tmp.new_cipher->algorithm_auth;
1347 EVP_MD_CTX_init(&md_ctx); 1276 EVP_MD_CTX_init(&md_ctx);
1348 1277
1349#ifndef OPENSSL_NO_PSK 1278#ifndef OPENSSL_NO_PSK
1350 if (alg_k & SSL_kPSK) 1279 if (alg_k & SSL_kPSK) {
1351 { 1280 char tmp_id_hint[PSK_MAX_IDENTITY_LEN + 1];
1352 char tmp_id_hint[PSK_MAX_IDENTITY_LEN+1];
1353 1281
1354 al=SSL_AD_HANDSHAKE_FAILURE; 1282 al = SSL_AD_HANDSHAKE_FAILURE;
1355 n2s(p,i); 1283 n2s(p, i);
1356 param_len=i+2; 1284 param_len = i + 2;
1357 /* Store PSK identity hint for later use, hint is used 1285 /* Store PSK identity hint for later use, hint is used
1358 * in ssl3_send_client_key_exchange. Assume that the 1286 * in ssl3_send_client_key_exchange. Assume that the
1359 * maximum length of a PSK identity hint can be as 1287 * maximum length of a PSK identity hint can be as
1360 * long as the maximum length of a PSK identity. */ 1288 * long as the maximum length of a PSK identity. */
1361 if (i > PSK_MAX_IDENTITY_LEN) 1289 if (i > PSK_MAX_IDENTITY_LEN) {
1362 {
1363 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, 1290 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1364 SSL_R_DATA_LENGTH_TOO_LONG); 1291 SSL_R_DATA_LENGTH_TOO_LONG);
1365 goto f_err; 1292 goto f_err;
1366 } 1293 }
1367 if (param_len > n) 1294 if (param_len > n) {
1368 { 1295 al = SSL_AD_DECODE_ERROR;
1369 al=SSL_AD_DECODE_ERROR;
1370 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, 1296 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1371 SSL_R_BAD_PSK_IDENTITY_HINT_LENGTH); 1297 SSL_R_BAD_PSK_IDENTITY_HINT_LENGTH);
1372 goto f_err; 1298 goto f_err;
1373 } 1299 }
1374 /* If received PSK identity hint contains NULL 1300 /* If received PSK identity hint contains NULL
1375 * characters, the hint is truncated from the first 1301 * characters, the hint is truncated from the first
1376 * NULL. p may not be ending with NULL, so create a 1302 * NULL. p may not be ending with NULL, so create a
1377 * NULL-terminated string. */ 1303 * NULL-terminated string. */
1378 memcpy(tmp_id_hint, p, i); 1304 memcpy(tmp_id_hint, p, i);
1379 memset(tmp_id_hint+i, 0, PSK_MAX_IDENTITY_LEN+1-i); 1305 memset(tmp_id_hint + i, 0, PSK_MAX_IDENTITY_LEN + 1 - i);
1380 if (s->ctx->psk_identity_hint != NULL) 1306 if (s->ctx->psk_identity_hint != NULL)
1381 OPENSSL_free(s->ctx->psk_identity_hint); 1307 OPENSSL_free(s->ctx->psk_identity_hint);
1382 s->ctx->psk_identity_hint = BUF_strdup(tmp_id_hint); 1308 s->ctx->psk_identity_hint = BUF_strdup(tmp_id_hint);
1383 if (s->ctx->psk_identity_hint == NULL) 1309 if (s->ctx->psk_identity_hint == NULL) {
1384 {
1385 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE); 1310 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
1386 goto f_err; 1311 goto f_err;
1387 }
1388
1389 p+=i;
1390 n-=param_len;
1391 } 1312 }
1392 else 1313
1314 p += i;
1315 n -= param_len;
1316 } else
1393#endif /* !OPENSSL_NO_PSK */ 1317#endif /* !OPENSSL_NO_PSK */
1394#ifndef OPENSSL_NO_SRP 1318#ifndef OPENSSL_NO_SRP
1395 if (alg_k & SSL_kSRP) 1319 if (alg_k & SSL_kSRP) {
1396 { 1320 n2s(p, i);
1397 n2s(p,i); 1321 param_len = i + 2;
1398 param_len=i+2; 1322 if (param_len > n) {
1399 if (param_len > n) 1323 al = SSL_AD_DECODE_ERROR;
1400 { 1324 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_SRP_N_LENGTH);
1401 al=SSL_AD_DECODE_ERROR;
1402 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_SRP_N_LENGTH);
1403 goto f_err; 1325 goto f_err;
1404 } 1326 }
1405 if (!(s->srp_ctx.N=BN_bin2bn(p,i,NULL))) 1327 if (!(s->srp_ctx.N = BN_bin2bn(p, i, NULL))) {
1406 { 1328 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_BN_LIB);
1407 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB);
1408 goto err; 1329 goto err;
1409 } 1330 }
1410 p+=i; 1331 p += i;
1411 1332
1412 n2s(p,i); 1333 n2s(p, i);
1413 param_len+=i+2; 1334 param_len += i + 2;
1414 if (param_len > n) 1335 if (param_len > n) {
1415 { 1336 al = SSL_AD_DECODE_ERROR;
1416 al=SSL_AD_DECODE_ERROR; 1337 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_SRP_G_LENGTH);
1417 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_SRP_G_LENGTH);
1418 goto f_err; 1338 goto f_err;
1419 } 1339 }
1420 if (!(s->srp_ctx.g=BN_bin2bn(p,i,NULL))) 1340 if (!(s->srp_ctx.g = BN_bin2bn(p, i, NULL))) {
1421 { 1341 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_BN_LIB);
1422 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB);
1423 goto err; 1342 goto err;
1424 } 1343 }
1425 p+=i; 1344 p += i;
1426 1345
1427 i = (unsigned int)(p[0]); 1346 i = (unsigned int)(p[0]);
1428 p++; 1347 p++;
1429 param_len+=i+1; 1348 param_len += i + 1;
1430 if (param_len > n) 1349 if (param_len > n) {
1431 { 1350 al = SSL_AD_DECODE_ERROR;
1432 al=SSL_AD_DECODE_ERROR; 1351 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_SRP_S_LENGTH);
1433 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_SRP_S_LENGTH);
1434 goto f_err; 1352 goto f_err;
1435 } 1353 }
1436 if (!(s->srp_ctx.s=BN_bin2bn(p,i,NULL))) 1354 if (!(s->srp_ctx.s = BN_bin2bn(p, i, NULL))) {
1437 { 1355 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_BN_LIB);
1438 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB);
1439 goto err; 1356 goto err;
1440 } 1357 }
1441 p+=i; 1358 p += i;
1442 1359
1443 n2s(p,i); 1360 n2s(p, i);
1444 param_len+=i+2; 1361 param_len += i + 2;
1445 if (param_len > n) 1362 if (param_len > n) {
1446 { 1363 al = SSL_AD_DECODE_ERROR;
1447 al=SSL_AD_DECODE_ERROR; 1364 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_SRP_B_LENGTH);
1448 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_SRP_B_LENGTH);
1449 goto f_err; 1365 goto f_err;
1450 } 1366 }
1451 if (!(s->srp_ctx.B=BN_bin2bn(p,i,NULL))) 1367 if (!(s->srp_ctx.B = BN_bin2bn(p, i, NULL))) {
1452 { 1368 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_BN_LIB);
1453 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB);
1454 goto err; 1369 goto err;
1455 } 1370 }
1456 p+=i; 1371 p += i;
1457 n-=param_len; 1372 n -= param_len;
1458 1373
1459/* We must check if there is a certificate */ 1374/* We must check if there is a certificate */
1460#ifndef OPENSSL_NO_RSA 1375#ifndef OPENSSL_NO_RSA
1461 if (alg_a & SSL_aRSA) 1376 if (alg_a & SSL_aRSA)
1462 pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509); 1377 pkey = X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
1463#else 1378#else
1464 if (0) 1379 if (0)
1465 ; 1380;
1466#endif 1381#endif
1467#ifndef OPENSSL_NO_DSA 1382#ifndef OPENSSL_NO_DSA
1468 else if (alg_a & SSL_aDSS) 1383 else if (alg_a & SSL_aDSS)
1469 pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_DSA_SIGN].x509); 1384 pkey = X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_DSA_SIGN].x509);
1470#endif 1385#endif
1471 } 1386 } else
1472 else
1473#endif /* !OPENSSL_NO_SRP */ 1387#endif /* !OPENSSL_NO_SRP */
1474#ifndef OPENSSL_NO_RSA 1388#ifndef OPENSSL_NO_RSA
1475 if (alg_k & SSL_kRSA) 1389 if (alg_k & SSL_kRSA) {
1476 { 1390 if ((rsa = RSA_new()) == NULL) {
1477 if ((rsa=RSA_new()) == NULL) 1391 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
1478 {
1479 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
1480 goto err; 1392 goto err;
1481 } 1393 }
1482 n2s(p,i); 1394 n2s(p, i);
1483 param_len=i+2; 1395 param_len = i + 2;
1484 if (param_len > n) 1396 if (param_len > n) {
1485 { 1397 al = SSL_AD_DECODE_ERROR;
1486 al=SSL_AD_DECODE_ERROR; 1398 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_RSA_MODULUS_LENGTH);
1487 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_RSA_MODULUS_LENGTH);
1488 goto f_err; 1399 goto f_err;
1489 } 1400 }
1490 if (!(rsa->n=BN_bin2bn(p,i,rsa->n))) 1401 if (!(rsa->n = BN_bin2bn(p, i, rsa->n))) {
1491 { 1402 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_BN_LIB);
1492 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB);
1493 goto err; 1403 goto err;
1494 } 1404 }
1495 p+=i; 1405 p += i;
1496 1406
1497 n2s(p,i); 1407 n2s(p, i);
1498 param_len+=i+2; 1408 param_len += i + 2;
1499 if (param_len > n) 1409 if (param_len > n) {
1500 { 1410 al = SSL_AD_DECODE_ERROR;
1501 al=SSL_AD_DECODE_ERROR; 1411 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_RSA_E_LENGTH);
1502 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_RSA_E_LENGTH);
1503 goto f_err; 1412 goto f_err;
1504 } 1413 }
1505 if (!(rsa->e=BN_bin2bn(p,i,rsa->e))) 1414 if (!(rsa->e = BN_bin2bn(p, i, rsa->e))) {
1506 { 1415 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_BN_LIB);
1507 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB);
1508 goto err; 1416 goto err;
1509 } 1417 }
1510 p+=i; 1418 p += i;
1511 n-=param_len; 1419 n -= param_len;
1512 1420
1513 /* this should be because we are using an export cipher */ 1421 /* this should be because we are using an export cipher */
1514 if (alg_a & SSL_aRSA) 1422 if (alg_a & SSL_aRSA)
1515 pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509); 1423 pkey = X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
1516 else 1424 else {
1517 { 1425 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
1518 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
1519 goto err; 1426 goto err;
1520 }
1521 s->session->sess_cert->peer_rsa_tmp=rsa;
1522 rsa=NULL;
1523 } 1427 }
1428 s->session->sess_cert->peer_rsa_tmp = rsa;
1429 rsa = NULL;
1430 }
1524#else /* OPENSSL_NO_RSA */ 1431#else /* OPENSSL_NO_RSA */
1525 if (0) 1432 if (0)
1526 ; 1433;
1527#endif 1434#endif
1528#ifndef OPENSSL_NO_DH 1435#ifndef OPENSSL_NO_DH
1529 else if (alg_k & SSL_kEDH) 1436 else if (alg_k & SSL_kEDH) {
1530 { 1437 if ((dh = DH_new()) == NULL) {
1531 if ((dh=DH_new()) == NULL) 1438 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_DH_LIB);
1532 {
1533 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_DH_LIB);
1534 goto err; 1439 goto err;
1535 } 1440 }
1536 n2s(p,i); 1441 n2s(p, i);
1537 param_len=i+2; 1442 param_len = i + 2;
1538 if (param_len > n) 1443 if (param_len > n) {
1539 { 1444 al = SSL_AD_DECODE_ERROR;
1540 al=SSL_AD_DECODE_ERROR; 1445 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_DH_P_LENGTH);
1541 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_DH_P_LENGTH);
1542 goto f_err; 1446 goto f_err;
1543 } 1447 }
1544 if (!(dh->p=BN_bin2bn(p,i,NULL))) 1448 if (!(dh->p = BN_bin2bn(p, i, NULL))) {
1545 { 1449 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_BN_LIB);
1546 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB);
1547 goto err; 1450 goto err;
1548 } 1451 }
1549 p+=i; 1452 p += i;
1550 1453
1551 n2s(p,i); 1454 n2s(p, i);
1552 param_len+=i+2; 1455 param_len += i + 2;
1553 if (param_len > n) 1456 if (param_len > n) {
1554 { 1457 al = SSL_AD_DECODE_ERROR;
1555 al=SSL_AD_DECODE_ERROR; 1458 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_DH_G_LENGTH);
1556 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_DH_G_LENGTH);
1557 goto f_err; 1459 goto f_err;
1558 } 1460 }
1559 if (!(dh->g=BN_bin2bn(p,i,NULL))) 1461 if (!(dh->g = BN_bin2bn(p, i, NULL))) {
1560 { 1462 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_BN_LIB);
1561 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB);
1562 goto err; 1463 goto err;
1563 } 1464 }
1564 p+=i; 1465 p += i;
1565 1466
1566 n2s(p,i); 1467 n2s(p, i);
1567 param_len+=i+2; 1468 param_len += i + 2;
1568 if (param_len > n) 1469 if (param_len > n) {
1569 { 1470 al = SSL_AD_DECODE_ERROR;
1570 al=SSL_AD_DECODE_ERROR; 1471 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_DH_PUB_KEY_LENGTH);
1571 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_DH_PUB_KEY_LENGTH);
1572 goto f_err; 1472 goto f_err;
1573 } 1473 }
1574 if (!(dh->pub_key=BN_bin2bn(p,i,NULL))) 1474 if (!(dh->pub_key = BN_bin2bn(p, i, NULL))) {
1575 { 1475 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_BN_LIB);
1576 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB);
1577 goto err; 1476 goto err;
1578 } 1477 }
1579 p+=i; 1478 p += i;
1580 n-=param_len; 1479 n -= param_len;
1581 1480
1582#ifndef OPENSSL_NO_RSA 1481#ifndef OPENSSL_NO_RSA
1583 if (alg_a & SSL_aRSA) 1482 if (alg_a & SSL_aRSA)
1584 pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509); 1483 pkey = X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
1585#else 1484#else
1586 if (0) 1485 if (0)
1587 ; 1486;
1588#endif 1487#endif
1589#ifndef OPENSSL_NO_DSA 1488#ifndef OPENSSL_NO_DSA
1590 else if (alg_a & SSL_aDSS) 1489 else if (alg_a & SSL_aDSS)
1591 pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_DSA_SIGN].x509); 1490 pkey = X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_DSA_SIGN].x509);
1592#endif 1491#endif
1593 /* else anonymous DH, so no certificate or pkey. */ 1492 /* else anonymous DH, so no certificate or pkey. */
1594 1493
1595 s->session->sess_cert->peer_dh_tmp=dh; 1494 s->session->sess_cert->peer_dh_tmp = dh;
1596 dh=NULL; 1495 dh = NULL;
1597 } 1496 } else if ((alg_k & SSL_kDHr) || (alg_k & SSL_kDHd)) {
1598 else if ((alg_k & SSL_kDHr) || (alg_k & SSL_kDHd)) 1497 al = SSL_AD_ILLEGAL_PARAMETER;
1599 { 1498 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER);
1600 al=SSL_AD_ILLEGAL_PARAMETER;
1601 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER);
1602 goto f_err; 1499 goto f_err;
1603 } 1500 }
1604#endif /* !OPENSSL_NO_DH */ 1501#endif /* !OPENSSL_NO_DH */
1605 1502
1606#ifndef OPENSSL_NO_ECDH 1503#ifndef OPENSSL_NO_ECDH
1607 else if (alg_k & SSL_kEECDH) 1504 else if (alg_k & SSL_kEECDH) {
1608 {
1609 EC_GROUP *ngroup; 1505 EC_GROUP *ngroup;
1610 const EC_GROUP *group; 1506 const EC_GROUP *group;
1611 1507
1612 if ((ecdh=EC_KEY_new()) == NULL) 1508 if ((ecdh = EC_KEY_new()) == NULL) {
1613 { 1509 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
1614 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
1615 goto err; 1510 goto err;
1616 } 1511 }
1617 1512
1618 /* Extract elliptic curve parameters and the 1513 /* Extract elliptic curve parameters and the
1619 * server's ephemeral ECDH public key. 1514 * server's ephemeral ECDH public key.
@@ -1624,217 +1519,194 @@ int ssl3_get_key_exchange(SSL *s)
1624 /* XXX: For now we only support named (not generic) curves 1519 /* XXX: For now we only support named (not generic) curves
1625 * and the ECParameters in this case is just three bytes. 1520 * and the ECParameters in this case is just three bytes.
1626 */ 1521 */
1627 param_len=3; 1522 param_len = 3;
1628 if ((param_len > n) || 1523 if ((param_len > n) ||
1629 (*p != NAMED_CURVE_TYPE) || 1524 (*p != NAMED_CURVE_TYPE) ||
1630 ((curve_nid = tls1_ec_curve_id2nid(*(p + 2))) == 0)) 1525 ((curve_nid = tls1_ec_curve_id2nid(*(p + 2))) == 0)) {
1631 { 1526 al = SSL_AD_INTERNAL_ERROR;
1632 al=SSL_AD_INTERNAL_ERROR; 1527 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS);
1633 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS);
1634 goto f_err; 1528 goto f_err;
1635 } 1529 }
1636 1530
1637 ngroup = EC_GROUP_new_by_curve_name(curve_nid); 1531 ngroup = EC_GROUP_new_by_curve_name(curve_nid);
1638 if (ngroup == NULL) 1532 if (ngroup == NULL) {
1639 { 1533 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_EC_LIB);
1640 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_EC_LIB);
1641 goto err; 1534 goto err;
1642 } 1535 }
1643 if (EC_KEY_set_group(ecdh, ngroup) == 0) 1536 if (EC_KEY_set_group(ecdh, ngroup) == 0) {
1644 { 1537 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_EC_LIB);
1645 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_EC_LIB);
1646 goto err; 1538 goto err;
1647 } 1539 }
1648 EC_GROUP_free(ngroup); 1540 EC_GROUP_free(ngroup);
1649 1541
1650 group = EC_KEY_get0_group(ecdh); 1542 group = EC_KEY_get0_group(ecdh);
1651 1543
1652 if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && 1544 if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) &&
1653 (EC_GROUP_get_degree(group) > 163)) 1545 (EC_GROUP_get_degree(group) > 163)) {
1654 { 1546 al = SSL_AD_EXPORT_RESTRICTION;
1655 al=SSL_AD_EXPORT_RESTRICTION; 1547 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER);
1656 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER);
1657 goto f_err; 1548 goto f_err;
1658 } 1549 }
1659 1550
1660 p+=3; 1551 p += 3;
1661 1552
1662 /* Next, get the encoded ECPoint */ 1553 /* Next, get the encoded ECPoint */
1663 if (((srvr_ecpoint = EC_POINT_new(group)) == NULL) || 1554 if (((srvr_ecpoint = EC_POINT_new(group)) == NULL) ||
1664 ((bn_ctx = BN_CTX_new()) == NULL)) 1555 ((bn_ctx = BN_CTX_new()) == NULL)) {
1665 { 1556 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
1666 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
1667 goto err; 1557 goto err;
1668 } 1558 }
1669 1559
1670 encoded_pt_len = *p; /* length of encoded point */ 1560 encoded_pt_len = *p;
1671 p+=1; 1561 /* length of encoded point */
1562 p += 1;
1672 param_len += (1 + encoded_pt_len); 1563 param_len += (1 + encoded_pt_len);
1673 if ((param_len > n) || 1564 if ((param_len > n) ||
1674 (EC_POINT_oct2point(group, srvr_ecpoint, 1565 (EC_POINT_oct2point(group, srvr_ecpoint,
1675 p, encoded_pt_len, bn_ctx) == 0)) 1566 p, encoded_pt_len, bn_ctx) == 0)) {
1676 { 1567 al = SSL_AD_DECODE_ERROR;
1677 al=SSL_AD_DECODE_ERROR; 1568 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_ECPOINT);
1678 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_ECPOINT);
1679 goto f_err; 1569 goto f_err;
1680 } 1570 }
1681 1571
1682 n-=param_len; 1572 n -= param_len;
1683 p+=encoded_pt_len; 1573 p += encoded_pt_len;
1684 1574
1685 /* The ECC/TLS specification does not mention 1575 /* The ECC/TLS specification does not mention
1686 * the use of DSA to sign ECParameters in the server 1576 * the use of DSA to sign ECParameters in the server
1687 * key exchange message. We do support RSA and ECDSA. 1577 * key exchange message. We do support RSA and ECDSA.
1688 */ 1578 */
1689 if (0) ; 1579 if (0);
1690#ifndef OPENSSL_NO_RSA 1580#ifndef OPENSSL_NO_RSA
1691 else if (alg_a & SSL_aRSA) 1581 else if (alg_a & SSL_aRSA)
1692 pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509); 1582 pkey = X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
1693#endif 1583#endif
1694#ifndef OPENSSL_NO_ECDSA 1584#ifndef OPENSSL_NO_ECDSA
1695 else if (alg_a & SSL_aECDSA) 1585 else if (alg_a & SSL_aECDSA)
1696 pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_ECC].x509); 1586 pkey = X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_ECC].x509);
1697#endif 1587#endif
1698 /* else anonymous ECDH, so no certificate or pkey. */ 1588 /* else anonymous ECDH, so no certificate or pkey. */
1699 EC_KEY_set_public_key(ecdh, srvr_ecpoint); 1589 EC_KEY_set_public_key(ecdh, srvr_ecpoint);
1700 s->session->sess_cert->peer_ecdh_tmp=ecdh; 1590 s->session->sess_cert->peer_ecdh_tmp = ecdh;
1701 ecdh=NULL; 1591 ecdh = NULL;
1702 BN_CTX_free(bn_ctx); 1592 BN_CTX_free(bn_ctx);
1703 bn_ctx = NULL; 1593 bn_ctx = NULL;
1704 EC_POINT_free(srvr_ecpoint); 1594 EC_POINT_free(srvr_ecpoint);
1705 srvr_ecpoint = NULL; 1595 srvr_ecpoint = NULL;
1706 } 1596 } else if (alg_k) {
1707 else if (alg_k) 1597 al = SSL_AD_UNEXPECTED_MESSAGE;
1708 { 1598 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_UNEXPECTED_MESSAGE);
1709 al=SSL_AD_UNEXPECTED_MESSAGE;
1710 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE);
1711 goto f_err; 1599 goto f_err;
1712 } 1600 }
1713#endif /* !OPENSSL_NO_ECDH */ 1601#endif /* !OPENSSL_NO_ECDH */
1714 1602
1715 1603
1716 /* p points to the next byte, there are 'n' bytes left */ 1604 /* p points to the next byte, there are 'n' bytes left */
1717 1605
1718 /* if it was signed, check the signature */ 1606 /* if it was signed, check the signature */
1719 if (pkey != NULL) 1607 if (pkey != NULL) {
1720 { 1608 if (TLS1_get_version(s) >= TLS1_2_VERSION) {
1721 if (TLS1_get_version(s) >= TLS1_2_VERSION)
1722 {
1723 int sigalg = tls12_get_sigid(pkey); 1609 int sigalg = tls12_get_sigid(pkey);
1724 /* Should never happen */ 1610 /* Should never happen */
1725 if (sigalg == -1) 1611 if (sigalg == -1) {
1726 { 1612 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
1727 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
1728 goto err; 1613 goto err;
1729 } 1614 }
1730 /* Check key type is consistent with signature */ 1615 /* Check key type is consistent with signature */
1731 if (sigalg != (int)p[1]) 1616 if (sigalg != (int)p[1]) {
1732 { 1617 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_WRONG_SIGNATURE_TYPE);
1733 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_WRONG_SIGNATURE_TYPE); 1618 al = SSL_AD_DECODE_ERROR;
1734 al=SSL_AD_DECODE_ERROR;
1735 goto f_err; 1619 goto f_err;
1736 } 1620 }
1737 md = tls12_get_hash(p[0]); 1621 md = tls12_get_hash(p[0]);
1738 if (md == NULL) 1622 if (md == NULL) {
1739 { 1623 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_UNKNOWN_DIGEST);
1740 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_UNKNOWN_DIGEST); 1624 al = SSL_AD_DECODE_ERROR;
1741 al=SSL_AD_DECODE_ERROR;
1742 goto f_err; 1625 goto f_err;
1743 } 1626 }
1744#ifdef SSL_DEBUG 1627#ifdef SSL_DEBUG
1745fprintf(stderr, "USING TLSv1.2 HASH %s\n", EVP_MD_name(md)); 1628 fprintf(stderr, "USING TLSv1.2 HASH %s\n", EVP_MD_name(md));
1746#endif 1629#endif
1747 p += 2; 1630 p += 2;
1748 n -= 2; 1631 n -= 2;
1749 } 1632 } else
1750 else
1751 md = EVP_sha1(); 1633 md = EVP_sha1();
1752
1753 n2s(p,i);
1754 n-=2;
1755 j=EVP_PKEY_size(pkey);
1756 1634
1757 if ((i != n) || (n > j) || (n <= 0)) 1635 n2s(p, i);
1758 { 1636 n -= 2;
1637 j = EVP_PKEY_size(pkey);
1638
1639 if ((i != n) || (n > j) || (n <= 0)) {
1759 /* wrong packet length */ 1640 /* wrong packet length */
1760 al=SSL_AD_DECODE_ERROR; 1641 al = SSL_AD_DECODE_ERROR;
1761 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_WRONG_SIGNATURE_LENGTH); 1642 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_WRONG_SIGNATURE_LENGTH);
1762 goto f_err; 1643 goto f_err;
1763 } 1644 }
1764 1645
1765#ifndef OPENSSL_NO_RSA 1646#ifndef OPENSSL_NO_RSA
1766 if (pkey->type == EVP_PKEY_RSA && TLS1_get_version(s) < TLS1_2_VERSION) 1647 if (pkey->type == EVP_PKEY_RSA && TLS1_get_version(s) < TLS1_2_VERSION) {
1767 {
1768 int num; 1648 int num;
1769 1649
1770 j=0; 1650 j = 0;
1771 q=md_buf; 1651 q = md_buf;
1772 for (num=2; num > 0; num--) 1652 for (num = 2; num > 0; num--) {
1773 {
1774 EVP_MD_CTX_set_flags(&md_ctx, 1653 EVP_MD_CTX_set_flags(&md_ctx,
1775 EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); 1654 EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
1776 EVP_DigestInit_ex(&md_ctx,(num == 2) 1655 EVP_DigestInit_ex(&md_ctx,(num == 2)
1777 ?s->ctx->md5:s->ctx->sha1, NULL); 1656 ?s->ctx->md5 : s->ctx->sha1, NULL);
1778 EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); 1657 EVP_DigestUpdate(&md_ctx, &(s->s3->client_random[0]), SSL3_RANDOM_SIZE);
1779 EVP_DigestUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE); 1658 EVP_DigestUpdate(&md_ctx, &(s->s3->server_random[0]), SSL3_RANDOM_SIZE);
1780 EVP_DigestUpdate(&md_ctx,param,param_len); 1659 EVP_DigestUpdate(&md_ctx, param, param_len);
1781 EVP_DigestFinal_ex(&md_ctx,q,(unsigned int *)&i); 1660 EVP_DigestFinal_ex(&md_ctx, q,(unsigned int *)&i);
1782 q+=i; 1661 q += i;
1783 j+=i; 1662 j += i;
1784 } 1663 }
1785 i=RSA_verify(NID_md5_sha1, md_buf, j, p, n, 1664 i = RSA_verify(NID_md5_sha1, md_buf, j, p, n,
1786 pkey->pkey.rsa); 1665 pkey->pkey.rsa);
1787 if (i < 0) 1666 if (i < 0) {
1788 { 1667 al = SSL_AD_DECRYPT_ERROR;
1789 al=SSL_AD_DECRYPT_ERROR; 1668 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_RSA_DECRYPT);
1790 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_RSA_DECRYPT);
1791 goto f_err; 1669 goto f_err;
1792 } 1670 }
1793 if (i == 0) 1671 if (i == 0) {
1794 {
1795 /* bad signature */ 1672 /* bad signature */
1796 al=SSL_AD_DECRYPT_ERROR; 1673 al = SSL_AD_DECRYPT_ERROR;
1797 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_SIGNATURE); 1674 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_SIGNATURE);
1798 goto f_err; 1675 goto f_err;
1799 }
1800 } 1676 }
1801 else 1677 } else
1802#endif 1678#endif
1803 { 1679 {
1804 EVP_VerifyInit_ex(&md_ctx, md, NULL); 1680 EVP_VerifyInit_ex(&md_ctx, md, NULL);
1805 EVP_VerifyUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); 1681 EVP_VerifyUpdate(&md_ctx, &(s->s3->client_random[0]), SSL3_RANDOM_SIZE);
1806 EVP_VerifyUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE); 1682 EVP_VerifyUpdate(&md_ctx, &(s->s3->server_random[0]), SSL3_RANDOM_SIZE);
1807 EVP_VerifyUpdate(&md_ctx,param,param_len); 1683 EVP_VerifyUpdate(&md_ctx, param, param_len);
1808 if (EVP_VerifyFinal(&md_ctx,p,(int)n,pkey) <= 0) 1684 if (EVP_VerifyFinal(&md_ctx, p,(int)n, pkey) <= 0) {
1809 {
1810 /* bad signature */ 1685 /* bad signature */
1811 al=SSL_AD_DECRYPT_ERROR; 1686 al = SSL_AD_DECRYPT_ERROR;
1812 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_SIGNATURE); 1687 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_SIGNATURE);
1813 goto f_err; 1688 goto f_err;
1814 }
1815 } 1689 }
1816 } 1690 }
1817 else 1691 } else {
1818 {
1819 if (!(alg_a & SSL_aNULL) && !(alg_k & SSL_kPSK)) 1692 if (!(alg_a & SSL_aNULL) && !(alg_k & SSL_kPSK))
1820 /* aNULL or kPSK do not need public keys */ 1693 /* aNULL or kPSK do not need public keys */
1821 { 1694 {
1822 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR); 1695 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
1823 goto err; 1696 goto err;
1824 } 1697 }
1825 /* still data left over */ 1698 /* still data left over */
1826 if (n != 0) 1699 if (n != 0) {
1827 { 1700 al = SSL_AD_DECODE_ERROR;
1828 al=SSL_AD_DECODE_ERROR; 1701 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_EXTRA_DATA_IN_MESSAGE);
1829 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_EXTRA_DATA_IN_MESSAGE);
1830 goto f_err; 1702 goto f_err;
1831 }
1832 } 1703 }
1704 }
1833 EVP_PKEY_free(pkey); 1705 EVP_PKEY_free(pkey);
1834 EVP_MD_CTX_cleanup(&md_ctx); 1706 EVP_MD_CTX_cleanup(&md_ctx);
1835 return(1); 1707 return (1);
1836f_err: 1708f_err:
1837 ssl3_send_alert(s,SSL3_AL_FATAL,al); 1709 ssl3_send_alert(s, SSL3_AL_FATAL, al);
1838err: 1710err:
1839 EVP_PKEY_free(pkey); 1711 EVP_PKEY_free(pkey);
1840#ifndef OPENSSL_NO_RSA 1712#ifndef OPENSSL_NO_RSA
@@ -1852,241 +1724,219 @@ err:
1852 EC_KEY_free(ecdh); 1724 EC_KEY_free(ecdh);
1853#endif 1725#endif
1854 EVP_MD_CTX_cleanup(&md_ctx); 1726 EVP_MD_CTX_cleanup(&md_ctx);
1855 return(-1); 1727 return (-1);
1856 } 1728}
1857 1729
1858int ssl3_get_certificate_request(SSL *s) 1730int
1859 { 1731ssl3_get_certificate_request(SSL *s)
1860 int ok,ret=0; 1732{
1861 unsigned long n,nc,l; 1733 int ok, ret = 0;
1862 unsigned int llen, ctype_num,i; 1734 unsigned long n, nc, l;
1863 X509_NAME *xn=NULL; 1735 unsigned int llen, ctype_num, i;
1864 const unsigned char *p,*q; 1736 X509_NAME *xn = NULL;
1737 const unsigned char *p, *q;
1865 unsigned char *d; 1738 unsigned char *d;
1866 STACK_OF(X509_NAME) *ca_sk=NULL; 1739 STACK_OF(X509_NAME) *ca_sk = NULL;
1867 1740
1868 n=s->method->ssl_get_message(s, 1741 n = s->method->ssl_get_message(s,
1869 SSL3_ST_CR_CERT_REQ_A, 1742 SSL3_ST_CR_CERT_REQ_A,
1870 SSL3_ST_CR_CERT_REQ_B, 1743 SSL3_ST_CR_CERT_REQ_B,
1871 -1, 1744 -1,
1872 s->max_cert_list, 1745 s->max_cert_list,
1873 &ok); 1746 &ok);
1874 1747
1875 if (!ok) return((int)n); 1748 if (!ok)
1749 return ((int)n);
1876 1750
1877 s->s3->tmp.cert_req=0; 1751 s->s3->tmp.cert_req = 0;
1878 1752
1879 if (s->s3->tmp.message_type == SSL3_MT_SERVER_DONE) 1753 if (s->s3->tmp.message_type == SSL3_MT_SERVER_DONE) {
1880 { 1754 s->s3->tmp.reuse_message = 1;
1881 s->s3->tmp.reuse_message=1;
1882 /* If we get here we don't need any cached handshake records 1755 /* If we get here we don't need any cached handshake records
1883 * as we wont be doing client auth. 1756 * as we wont be doing client auth.
1884 */ 1757 */
1885 if (s->s3->handshake_buffer) 1758 if (s->s3->handshake_buffer) {
1886 {
1887 if (!ssl3_digest_cached_records(s)) 1759 if (!ssl3_digest_cached_records(s))
1888 goto err; 1760 goto err;
1889 }
1890 return(1);
1891 } 1761 }
1762 return (1);
1763 }
1892 1764
1893 if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE_REQUEST) 1765 if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE_REQUEST) {
1894 { 1766 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
1895 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE); 1767 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, SSL_R_WRONG_MESSAGE_TYPE);
1896 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_WRONG_MESSAGE_TYPE);
1897 goto err; 1768 goto err;
1898 } 1769 }
1899 1770
1900 /* TLS does not like anon-DH with client cert */ 1771 /* TLS does not like anon-DH with client cert */
1901 if (s->version > SSL3_VERSION) 1772 if (s->version > SSL3_VERSION) {
1902 { 1773 if (s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) {
1903 if (s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) 1774 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
1904 { 1775 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER);
1905 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE);
1906 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER);
1907 goto err; 1776 goto err;
1908 }
1909 } 1777 }
1778 }
1910 1779
1911 p=d=(unsigned char *)s->init_msg; 1780 p = d=(unsigned char *)s->init_msg;
1912 1781
1913 if ((ca_sk=sk_X509_NAME_new(ca_dn_cmp)) == NULL) 1782 if ((ca_sk = sk_X509_NAME_new(ca_dn_cmp)) == NULL) {
1914 { 1783 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, ERR_R_MALLOC_FAILURE);
1915 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,ERR_R_MALLOC_FAILURE);
1916 goto err; 1784 goto err;
1917 } 1785 }
1918 1786
1919 /* get the certificate types */ 1787 /* get the certificate types */
1920 ctype_num= *(p++); 1788 ctype_num= *(p++);
1921 if (ctype_num > SSL3_CT_NUMBER) 1789 if (ctype_num > SSL3_CT_NUMBER)
1922 ctype_num=SSL3_CT_NUMBER; 1790 ctype_num = SSL3_CT_NUMBER;
1923 for (i=0; i<ctype_num; i++) 1791 for (i = 0; i < ctype_num; i++)
1924 s->s3->tmp.ctype[i]= p[i]; 1792 s->s3->tmp.ctype[i] = p[i];
1925 p+=ctype_num; 1793 p += ctype_num;
1926 if (TLS1_get_version(s) >= TLS1_2_VERSION) 1794 if (TLS1_get_version(s) >= TLS1_2_VERSION) {
1927 {
1928 n2s(p, llen); 1795 n2s(p, llen);
1929 /* Check we have enough room for signature algorithms and 1796 /* Check we have enough room for signature algorithms and
1930 * following length value. 1797 * following length value.
1931 */ 1798 */
1932 if ((unsigned long)(p - d + llen + 2) > n) 1799 if ((unsigned long)(p - d + llen + 2) > n) {
1933 { 1800 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
1934 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR); 1801 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, SSL_R_DATA_LENGTH_TOO_LONG);
1935 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_DATA_LENGTH_TOO_LONG);
1936 goto err; 1802 goto err;
1937 } 1803 }
1938 if ((llen & 1) || !tls1_process_sigalgs(s, p, llen)) 1804 if ((llen & 1) || !tls1_process_sigalgs(s, p, llen)) {
1939 { 1805 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
1940 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR); 1806 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, SSL_R_SIGNATURE_ALGORITHMS_ERROR);
1941 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_SIGNATURE_ALGORITHMS_ERROR);
1942 goto err; 1807 goto err;
1943 }
1944 p += llen;
1945 } 1808 }
1809 p += llen;
1810 }
1946 1811
1947 /* get the CA RDNs */ 1812 /* get the CA RDNs */
1948 n2s(p,llen); 1813 n2s(p, llen);
1949#if 0 1814#if 0
1950{ 1815 {
1951FILE *out; 1816 FILE *out;
1952out=fopen("/tmp/vsign.der","w"); 1817 out = fopen("/tmp/vsign.der", "w");
1953fwrite(p,1,llen,out); 1818 fwrite(p, 1, llen, out);
1954fclose(out); 1819 fclose(out);
1955} 1820 }
1956#endif 1821#endif
1957 1822
1958 if ((unsigned long)(p - d + llen) != n) 1823 if ((unsigned long)(p - d + llen) != n) {
1959 { 1824 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
1960 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR); 1825 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, SSL_R_LENGTH_MISMATCH);
1961 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_LENGTH_MISMATCH);
1962 goto err; 1826 goto err;
1963 } 1827 }
1964 1828
1965 for (nc=0; nc<llen; ) 1829 for (nc = 0; nc < llen; ) {
1966 { 1830 n2s(p, l);
1967 n2s(p,l); 1831 if ((l + nc + 2) > llen) {
1968 if ((l+nc+2) > llen)
1969 {
1970 if ((s->options & SSL_OP_NETSCAPE_CA_DN_BUG)) 1832 if ((s->options & SSL_OP_NETSCAPE_CA_DN_BUG))
1971 goto cont; /* netscape bugs */ 1833 goto cont; /* netscape bugs */
1972 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR); 1834 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
1973 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_CA_DN_TOO_LONG); 1835 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, SSL_R_CA_DN_TOO_LONG);
1974 goto err; 1836 goto err;
1975 } 1837 }
1976 1838
1977 q=p; 1839 q = p;
1978 1840
1979 if ((xn=d2i_X509_NAME(NULL,&q,l)) == NULL) 1841 if ((xn = d2i_X509_NAME(NULL, &q, l)) == NULL) {
1980 {
1981 /* If netscape tolerance is on, ignore errors */ 1842 /* If netscape tolerance is on, ignore errors */
1982 if (s->options & SSL_OP_NETSCAPE_CA_DN_BUG) 1843 if (s->options & SSL_OP_NETSCAPE_CA_DN_BUG)
1983 goto cont; 1844 goto cont;
1984 else 1845 else {
1985 { 1846 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
1986 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR); 1847 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, ERR_R_ASN1_LIB);
1987 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,ERR_R_ASN1_LIB);
1988 goto err; 1848 goto err;
1989 }
1990 } 1849 }
1850 }
1991 1851
1992 if (q != (p+l)) 1852 if (q != (p + l)) {
1993 { 1853 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
1994 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR); 1854 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, SSL_R_CA_DN_LENGTH_MISMATCH);
1995 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_CA_DN_LENGTH_MISMATCH);
1996 goto err; 1855 goto err;
1997 } 1856 }
1998 if (!sk_X509_NAME_push(ca_sk,xn)) 1857 if (!sk_X509_NAME_push(ca_sk, xn)) {
1999 { 1858 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, ERR_R_MALLOC_FAILURE);
2000 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,ERR_R_MALLOC_FAILURE);
2001 goto err; 1859 goto err;
2002 }
2003
2004 p+=l;
2005 nc+=l+2;
2006 } 1860 }
2007 1861
2008 if (0) 1862 p += l;
2009 { 1863 nc += l + 2;
1864 }
1865
1866 if (0) {
2010cont: 1867cont:
2011 ERR_clear_error(); 1868 ERR_clear_error();
2012 } 1869 }
2013 1870
2014 /* we should setup a certificate to return.... */ 1871 /* we should setup a certificate to return.... */
2015 s->s3->tmp.cert_req=1; 1872 s->s3->tmp.cert_req = 1;
2016 s->s3->tmp.ctype_num=ctype_num; 1873 s->s3->tmp.ctype_num = ctype_num;
2017 if (s->s3->tmp.ca_names != NULL) 1874 if (s->s3->tmp.ca_names != NULL)
2018 sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free); 1875 sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);
2019 s->s3->tmp.ca_names=ca_sk; 1876 s->s3->tmp.ca_names = ca_sk;
2020 ca_sk=NULL; 1877 ca_sk = NULL;
2021 1878
2022 ret=1; 1879 ret = 1;
2023err: 1880err:
2024 if (ca_sk != NULL) sk_X509_NAME_pop_free(ca_sk,X509_NAME_free); 1881 if (ca_sk != NULL)
2025 return(ret); 1882 sk_X509_NAME_pop_free(ca_sk, X509_NAME_free);
2026 } 1883 return (ret);
1884}
1885
1886static int
1887ca_dn_cmp(const X509_NAME * const *a, const X509_NAME * const *b)
1888{
1889 return (X509_NAME_cmp(*a, *b));
1890}
2027 1891
2028static int ca_dn_cmp(const X509_NAME * const *a, const X509_NAME * const *b)
2029 {
2030 return(X509_NAME_cmp(*a,*b));
2031 }
2032#ifndef OPENSSL_NO_TLSEXT 1892#ifndef OPENSSL_NO_TLSEXT
2033int ssl3_get_new_session_ticket(SSL *s) 1893int
2034 { 1894ssl3_get_new_session_ticket(SSL *s)
2035 int ok,al,ret=0, ticklen; 1895{
1896 int ok, al, ret = 0, ticklen;
2036 long n; 1897 long n;
2037 const unsigned char *p; 1898 const unsigned char *p;
2038 unsigned char *d; 1899 unsigned char *d;
2039 1900
2040 n=s->method->ssl_get_message(s, 1901 n = s->method->ssl_get_message(s, SSL3_ST_CR_SESSION_TICKET_A,
2041 SSL3_ST_CR_SESSION_TICKET_A, 1902 SSL3_ST_CR_SESSION_TICKET_B, -1, 16384, &ok);
2042 SSL3_ST_CR_SESSION_TICKET_B,
2043 -1,
2044 16384,
2045 &ok);
2046
2047 if (!ok) 1903 if (!ok)
2048 return((int)n); 1904 return ((int)n);
2049 1905
2050 if (s->s3->tmp.message_type == SSL3_MT_FINISHED) 1906 if (s->s3->tmp.message_type == SSL3_MT_FINISHED) {
2051 { 1907 s->s3->tmp.reuse_message = 1;
2052 s->s3->tmp.reuse_message=1; 1908 return (1);
2053 return(1); 1909 }
2054 } 1910 if (s->s3->tmp.message_type != SSL3_MT_NEWSESSION_TICKET) {
2055 if (s->s3->tmp.message_type != SSL3_MT_NEWSESSION_TICKET) 1911 al = SSL_AD_UNEXPECTED_MESSAGE;
2056 { 1912 SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET, SSL_R_BAD_MESSAGE_TYPE);
2057 al=SSL_AD_UNEXPECTED_MESSAGE;
2058 SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,SSL_R_BAD_MESSAGE_TYPE);
2059 goto f_err; 1913 goto f_err;
2060 } 1914 }
2061 if (n < 6) 1915 if (n < 6) {
2062 {
2063 /* need at least ticket_lifetime_hint + ticket length */ 1916 /* need at least ticket_lifetime_hint + ticket length */
2064 al = SSL_AD_DECODE_ERROR; 1917 al = SSL_AD_DECODE_ERROR;
2065 SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,SSL_R_LENGTH_MISMATCH); 1918 SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET, SSL_R_LENGTH_MISMATCH);
2066 goto f_err; 1919 goto f_err;
2067 } 1920 }
2068 1921
2069 p=d=(unsigned char *)s->init_msg; 1922 p = d = (unsigned char *)s->init_msg;
2070 n2l(p, s->session->tlsext_tick_lifetime_hint); 1923 n2l(p, s->session->tlsext_tick_lifetime_hint);
2071 n2s(p, ticklen); 1924 n2s(p, ticklen);
2072 /* ticket_lifetime_hint + ticket_length + ticket */ 1925 /* ticket_lifetime_hint + ticket_length + ticket */
2073 if (ticklen + 6 != n) 1926 if (ticklen + 6 != n) {
2074 {
2075 al = SSL_AD_DECODE_ERROR; 1927 al = SSL_AD_DECODE_ERROR;
2076 SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,SSL_R_LENGTH_MISMATCH); 1928 SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET, SSL_R_LENGTH_MISMATCH);
2077 goto f_err; 1929 goto f_err;
2078 } 1930 }
2079 if (s->session->tlsext_tick) 1931 if (s->session->tlsext_tick) {
2080 {
2081 OPENSSL_free(s->session->tlsext_tick); 1932 OPENSSL_free(s->session->tlsext_tick);
2082 s->session->tlsext_ticklen = 0; 1933 s->session->tlsext_ticklen = 0;
2083 } 1934 }
2084 s->session->tlsext_tick = OPENSSL_malloc(ticklen); 1935 s->session->tlsext_tick = OPENSSL_malloc(ticklen);
2085 if (!s->session->tlsext_tick) 1936 if (!s->session->tlsext_tick) {
2086 { 1937 SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET, ERR_R_MALLOC_FAILURE);
2087 SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,ERR_R_MALLOC_FAILURE);
2088 goto err; 1938 goto err;
2089 } 1939 }
2090 memcpy(s->session->tlsext_tick, p, ticklen); 1940 memcpy(s->session->tlsext_tick, p, ticklen);
2091 s->session->tlsext_ticklen = ticklen; 1941 s->session->tlsext_ticklen = ticklen;
2092 /* There are two ways to detect a resumed ticket sesion. 1942 /* There are two ways to detect a resumed ticket sesion.
@@ -2105,122 +1955,116 @@ int ssl3_get_new_session_ticket(SSL *s)
2105 * ticket. 1955 * ticket.
2106 */ 1956 */
2107 EVP_Digest(p, ticklen, 1957 EVP_Digest(p, ticklen,
2108 s->session->session_id, &s->session->session_id_length, 1958 s->session->session_id, &s->session->session_id_length,
2109#ifndef OPENSSL_NO_SHA256 1959#ifndef OPENSSL_NO_SHA256
2110 EVP_sha256(), NULL); 1960 EVP_sha256(), NULL);
2111#else 1961#else
2112 EVP_sha1(), NULL); 1962 EVP_sha1(), NULL);
2113#endif 1963#endif
2114 ret=1; 1964 ret = 1;
2115 return(ret); 1965 return (ret);
2116f_err: 1966f_err:
2117 ssl3_send_alert(s,SSL3_AL_FATAL,al); 1967 ssl3_send_alert(s, SSL3_AL_FATAL, al);
2118err: 1968err:
2119 return(-1); 1969 return (-1);
2120 } 1970}
2121 1971
2122int ssl3_get_cert_status(SSL *s) 1972int
2123 { 1973ssl3_get_cert_status(SSL *s)
1974{
2124 int ok, al; 1975 int ok, al;
2125 unsigned long resplen,n; 1976 unsigned long resplen, n;
2126 const unsigned char *p; 1977 const unsigned char *p;
2127 1978
2128 n=s->method->ssl_get_message(s, 1979 n = s->method->ssl_get_message(s,
2129 SSL3_ST_CR_CERT_STATUS_A, 1980 SSL3_ST_CR_CERT_STATUS_A,
2130 SSL3_ST_CR_CERT_STATUS_B, 1981 SSL3_ST_CR_CERT_STATUS_B,
2131 SSL3_MT_CERTIFICATE_STATUS, 1982 SSL3_MT_CERTIFICATE_STATUS,
2132 16384, 1983 16384,
2133 &ok); 1984 &ok);
2134 1985
2135 if (!ok) return((int)n); 1986 if (!ok)
2136 if (n < 4) 1987 return ((int)n);
2137 { 1988 if (n < 4) {
2138 /* need at least status type + length */ 1989 /* need at least status type + length */
2139 al = SSL_AD_DECODE_ERROR; 1990 al = SSL_AD_DECODE_ERROR;
2140 SSLerr(SSL_F_SSL3_GET_CERT_STATUS,SSL_R_LENGTH_MISMATCH); 1991 SSLerr(SSL_F_SSL3_GET_CERT_STATUS, SSL_R_LENGTH_MISMATCH);
2141 goto f_err; 1992 goto f_err;
2142 } 1993 }
2143 p = (unsigned char *)s->init_msg; 1994 p = (unsigned char *)s->init_msg;
2144 if (*p++ != TLSEXT_STATUSTYPE_ocsp) 1995 if (*p++ != TLSEXT_STATUSTYPE_ocsp) {
2145 {
2146 al = SSL_AD_DECODE_ERROR; 1996 al = SSL_AD_DECODE_ERROR;
2147 SSLerr(SSL_F_SSL3_GET_CERT_STATUS,SSL_R_UNSUPPORTED_STATUS_TYPE); 1997 SSLerr(SSL_F_SSL3_GET_CERT_STATUS, SSL_R_UNSUPPORTED_STATUS_TYPE);
2148 goto f_err; 1998 goto f_err;
2149 } 1999 }
2150 n2l3(p, resplen); 2000 n2l3(p, resplen);
2151 if (resplen + 4 != n) 2001 if (resplen + 4 != n) {
2152 {
2153 al = SSL_AD_DECODE_ERROR; 2002 al = SSL_AD_DECODE_ERROR;
2154 SSLerr(SSL_F_SSL3_GET_CERT_STATUS,SSL_R_LENGTH_MISMATCH); 2003 SSLerr(SSL_F_SSL3_GET_CERT_STATUS, SSL_R_LENGTH_MISMATCH);
2155 goto f_err; 2004 goto f_err;
2156 } 2005 }
2157 if (s->tlsext_ocsp_resp) 2006 if (s->tlsext_ocsp_resp)
2158 OPENSSL_free(s->tlsext_ocsp_resp); 2007 OPENSSL_free(s->tlsext_ocsp_resp);
2159 s->tlsext_ocsp_resp = BUF_memdup(p, resplen); 2008 s->tlsext_ocsp_resp = BUF_memdup(p, resplen);
2160 if (!s->tlsext_ocsp_resp) 2009 if (!s->tlsext_ocsp_resp) {
2161 {
2162 al = SSL_AD_INTERNAL_ERROR; 2010 al = SSL_AD_INTERNAL_ERROR;
2163 SSLerr(SSL_F_SSL3_GET_CERT_STATUS,ERR_R_MALLOC_FAILURE); 2011 SSLerr(SSL_F_SSL3_GET_CERT_STATUS, ERR_R_MALLOC_FAILURE);
2164 goto f_err; 2012 goto f_err;
2165 } 2013 }
2166 s->tlsext_ocsp_resplen = resplen; 2014 s->tlsext_ocsp_resplen = resplen;
2167 if (s->ctx->tlsext_status_cb) 2015 if (s->ctx->tlsext_status_cb) {
2168 {
2169 int ret; 2016 int ret;
2170 ret = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg); 2017 ret = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg);
2171 if (ret == 0) 2018 if (ret == 0) {
2172 {
2173 al = SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE; 2019 al = SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE;
2174 SSLerr(SSL_F_SSL3_GET_CERT_STATUS,SSL_R_INVALID_STATUS_RESPONSE); 2020 SSLerr(SSL_F_SSL3_GET_CERT_STATUS, SSL_R_INVALID_STATUS_RESPONSE);
2175 goto f_err; 2021 goto f_err;
2176 } 2022 }
2177 if (ret < 0) 2023 if (ret < 0) {
2178 {
2179 al = SSL_AD_INTERNAL_ERROR; 2024 al = SSL_AD_INTERNAL_ERROR;
2180 SSLerr(SSL_F_SSL3_GET_CERT_STATUS,ERR_R_MALLOC_FAILURE); 2025 SSLerr(SSL_F_SSL3_GET_CERT_STATUS, ERR_R_MALLOC_FAILURE);
2181 goto f_err; 2026 goto f_err;
2182 }
2183 } 2027 }
2028 }
2184 return 1; 2029 return 1;
2185f_err: 2030f_err:
2186 ssl3_send_alert(s,SSL3_AL_FATAL,al); 2031 ssl3_send_alert(s, SSL3_AL_FATAL, al);
2187 return(-1); 2032 return (-1);
2188 } 2033}
2189#endif 2034#endif
2190 2035
2191int ssl3_get_server_done(SSL *s) 2036int
2192 { 2037ssl3_get_server_done(SSL *s)
2193 int ok,ret=0; 2038{
2039 int ok, ret = 0;
2194 long n; 2040 long n;
2195 2041
2196 n=s->method->ssl_get_message(s, 2042 n = s->method->ssl_get_message(s, SSL3_ST_CR_SRVR_DONE_A,
2197 SSL3_ST_CR_SRVR_DONE_A, 2043 SSL3_ST_CR_SRVR_DONE_B, SSL3_MT_SERVER_DONE,
2198 SSL3_ST_CR_SRVR_DONE_B, 2044 30, /* should be very small, like 0 :-) */ &ok);
2199 SSL3_MT_SERVER_DONE,
2200 30, /* should be very small, like 0 :-) */
2201 &ok);
2202 2045
2203 if (!ok) return((int)n); 2046 if (!ok)
2204 if (n > 0) 2047 return ((int)n);
2205 { 2048 if (n > 0) {
2206 /* should contain no data */ 2049 /* should contain no data */
2207 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR); 2050 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
2208 SSLerr(SSL_F_SSL3_GET_SERVER_DONE,SSL_R_LENGTH_MISMATCH); 2051 SSLerr(SSL_F_SSL3_GET_SERVER_DONE, SSL_R_LENGTH_MISMATCH);
2209 return -1; 2052 return -1;
2210 }
2211 ret=1;
2212 return(ret);
2213 } 2053 }
2054 ret = 1;
2055 return (ret);
2056}
2214 2057
2215 2058
2216int ssl3_send_client_key_exchange(SSL *s) 2059int
2217 { 2060ssl3_send_client_key_exchange(SSL *s)
2218 unsigned char *p,*d; 2061{
2062 unsigned char *p, *d;
2219 int n; 2063 int n;
2220 unsigned long alg_k; 2064 unsigned long alg_k;
2221#ifndef OPENSSL_NO_RSA 2065#ifndef OPENSSL_NO_RSA
2222 unsigned char *q; 2066 unsigned char *q;
2223 EVP_PKEY *pkey=NULL; 2067 EVP_PKEY *pkey = NULL;
2224#endif 2068#endif
2225#ifndef OPENSSL_NO_KRB5 2069#ifndef OPENSSL_NO_KRB5
2226 KSSL_ERR kssl_err; 2070 KSSL_ERR kssl_err;
@@ -2234,77 +2078,73 @@ int ssl3_send_client_key_exchange(SSL *s)
2234 BN_CTX * bn_ctx = NULL; 2078 BN_CTX * bn_ctx = NULL;
2235#endif 2079#endif
2236 2080
2237 if (s->state == SSL3_ST_CW_KEY_EXCH_A) 2081 if (s->state == SSL3_ST_CW_KEY_EXCH_A) {
2238 { 2082 d = (unsigned char *)s->init_buf->data;
2239 d=(unsigned char *)s->init_buf->data; 2083 p = &(d[4]);
2240 p= &(d[4]);
2241 2084
2242 alg_k=s->s3->tmp.new_cipher->algorithm_mkey; 2085 alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
2243 2086
2244 /* Fool emacs indentation */ 2087 /* Fool emacs indentation */
2245 if (0) {} 2088 if (0) {
2089 }
2246#ifndef OPENSSL_NO_RSA 2090#ifndef OPENSSL_NO_RSA
2247 else if (alg_k & SSL_kRSA) 2091 else if (alg_k & SSL_kRSA) {
2248 {
2249 RSA *rsa; 2092 RSA *rsa;
2250 unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH]; 2093 unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
2251 2094
2252 if (s->session->sess_cert->peer_rsa_tmp != NULL) 2095 if (s->session->sess_cert->peer_rsa_tmp != NULL)
2253 rsa=s->session->sess_cert->peer_rsa_tmp; 2096 rsa = s->session->sess_cert->peer_rsa_tmp;
2254 else 2097 else {
2255 { 2098 pkey = X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
2256 pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
2257 if ((pkey == NULL) || 2099 if ((pkey == NULL) ||
2258 (pkey->type != EVP_PKEY_RSA) || 2100 (pkey->type != EVP_PKEY_RSA) ||
2259 (pkey->pkey.rsa == NULL)) 2101 (pkey->pkey.rsa == NULL)) {
2260 { 2102 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
2261 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
2262 goto err; 2103 goto err;
2263 }
2264 rsa=pkey->pkey.rsa;
2265 EVP_PKEY_free(pkey);
2266 } 2104 }
2267 2105 rsa = pkey->pkey.rsa;
2268 tmp_buf[0]=s->client_version>>8; 2106 EVP_PKEY_free(pkey);
2269 tmp_buf[1]=s->client_version&0xff; 2107 }
2270 if (RAND_bytes(&(tmp_buf[2]),sizeof tmp_buf-2) <= 0) 2108
2271 goto err; 2109 tmp_buf[0] = s->client_version >> 8;
2110 tmp_buf[1] = s->client_version & 0xff;
2111 if (RAND_bytes(&(tmp_buf[2]), sizeof tmp_buf - 2) <= 0)
2112 goto err;
2272 2113
2273 s->session->master_key_length=sizeof tmp_buf; 2114 s->session->master_key_length = sizeof tmp_buf;
2274 2115
2275 q=p; 2116 q = p;
2276 /* Fix buf for TLS and beyond */ 2117 /* Fix buf for TLS and beyond */
2277 if (s->version > SSL3_VERSION) 2118 if (s->version > SSL3_VERSION)
2278 p+=2; 2119 p += 2;
2279 n=RSA_public_encrypt(sizeof tmp_buf, 2120 n = RSA_public_encrypt(sizeof tmp_buf,
2280 tmp_buf,p,rsa,RSA_PKCS1_PADDING); 2121 tmp_buf, p, rsa, RSA_PKCS1_PADDING);
2281#ifdef PKCS1_CHECK 2122#ifdef PKCS1_CHECK
2282 if (s->options & SSL_OP_PKCS1_CHECK_1) p[1]++; 2123 if (s->options & SSL_OP_PKCS1_CHECK_1)
2283 if (s->options & SSL_OP_PKCS1_CHECK_2) tmp_buf[0]=0x70; 2124 p[1]++;
2125 if (s->options & SSL_OP_PKCS1_CHECK_2)
2126 tmp_buf[0] = 0x70;
2284#endif 2127#endif
2285 if (n <= 0) 2128 if (n <= 0) {
2286 { 2129 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, SSL_R_BAD_RSA_ENCRYPT);
2287 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_ENCRYPT);
2288 goto err; 2130 goto err;
2289 } 2131 }
2290 2132
2291 /* Fix buf for TLS and beyond */ 2133 /* Fix buf for TLS and beyond */
2292 if (s->version > SSL3_VERSION) 2134 if (s->version > SSL3_VERSION) {
2293 { 2135 s2n(n, q);
2294 s2n(n,q); 2136 n += 2;
2295 n+=2;
2296 }
2297
2298 s->session->master_key_length=
2299 s->method->ssl3_enc->generate_master_secret(s,
2300 s->session->master_key,
2301 tmp_buf,sizeof tmp_buf);
2302 OPENSSL_cleanse(tmp_buf,sizeof tmp_buf);
2303 } 2137 }
2138
2139 s->session->master_key_length =
2140 s->method->ssl3_enc->generate_master_secret(
2141 s, s->session->master_key, tmp_buf,
2142 sizeof tmp_buf);
2143 OPENSSL_cleanse(tmp_buf, sizeof tmp_buf);
2144 }
2304#endif 2145#endif
2305#ifndef OPENSSL_NO_KRB5 2146#ifndef OPENSSL_NO_KRB5
2306 else if (alg_k & SSL_kKRB5) 2147 else if (alg_k & SSL_kKRB5) {
2307 {
2308 krb5_error_code krb5rc; 2148 krb5_error_code krb5rc;
2309 KSSL_CTX *kssl_ctx = s->kssl_ctx; 2149 KSSL_CTX *kssl_ctx = s->kssl_ctx;
2310 /* krb5_data krb5_ap_req; */ 2150 /* krb5_data krb5_ap_req; */
@@ -2314,43 +2154,43 @@ int ssl3_send_client_key_exchange(SSL *s)
2314 const EVP_CIPHER *enc = NULL; 2154 const EVP_CIPHER *enc = NULL;
2315 unsigned char iv[EVP_MAX_IV_LENGTH]; 2155 unsigned char iv[EVP_MAX_IV_LENGTH];
2316 unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH]; 2156 unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
2317 unsigned char epms[SSL_MAX_MASTER_KEY_LENGTH 2157 unsigned char epms[SSL_MAX_MASTER_KEY_LENGTH
2318 + EVP_MAX_IV_LENGTH]; 2158 + EVP_MAX_IV_LENGTH];
2319 int padl, outl = sizeof(epms); 2159 int padl, outl = sizeof(epms);
2320 2160
2321 EVP_CIPHER_CTX_init(&ciph_ctx); 2161 EVP_CIPHER_CTX_init(&ciph_ctx);
2322 2162
2323#ifdef KSSL_DEBUG 2163#ifdef KSSL_DEBUG
2324 printf("ssl3_send_client_key_exchange(%lx & %lx)\n", 2164 printf("ssl3_send_client_key_exchange(%lx & %lx)\n",
2325 alg_k, SSL_kKRB5); 2165 alg_k, SSL_kKRB5);
2326#endif /* KSSL_DEBUG */ 2166#endif /* KSSL_DEBUG */
2327 2167
2328 authp = NULL; 2168 authp = NULL;
2329#ifdef KRB5SENDAUTH 2169#ifdef KRB5SENDAUTH
2330 if (KRB5SENDAUTH) authp = &authenticator; 2170 if (KRB5SENDAUTH)
2171 authp = &authenticator;
2331#endif /* KRB5SENDAUTH */ 2172#endif /* KRB5SENDAUTH */
2332 2173
2333 krb5rc = kssl_cget_tkt(kssl_ctx, &enc_ticket, authp, 2174 krb5rc = kssl_cget_tkt(kssl_ctx, &enc_ticket,
2334 &kssl_err); 2175 authp, &kssl_err);
2335 enc = kssl_map_enc(kssl_ctx->enctype); 2176 enc = kssl_map_enc(kssl_ctx->enctype);
2336 if (enc == NULL) 2177 if (enc == NULL)
2337 goto err; 2178 goto err;
2338#ifdef KSSL_DEBUG 2179#ifdef KSSL_DEBUG
2339 { 2180 {
2340 printf("kssl_cget_tkt rtn %d\n", krb5rc); 2181 printf("kssl_cget_tkt rtn %d\n", krb5rc);
2341 if (krb5rc && kssl_err.text) 2182 if (krb5rc && kssl_err.text)
2342 printf("kssl_cget_tkt kssl_err=%s\n", kssl_err.text); 2183 printf("kssl_cget_tkt kssl_err=%s\n", kssl_err.text);
2343 } 2184 }
2344#endif /* KSSL_DEBUG */ 2185#endif /* KSSL_DEBUG */
2345 2186
2346 if (krb5rc) 2187 if (krb5rc) {
2347 { 2188 ssl3_send_alert(s, SSL3_AL_FATAL,
2348 ssl3_send_alert(s,SSL3_AL_FATAL, 2189 SSL_AD_HANDSHAKE_FAILURE);
2349 SSL_AD_HANDSHAKE_FAILURE);
2350 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, 2190 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2351 kssl_err.reason); 2191 kssl_err.reason);
2352 goto err; 2192 goto err;
2353 } 2193 }
2354 2194
2355 /* 20010406 VRS - Earlier versions used KRB5 AP_REQ 2195 /* 20010406 VRS - Earlier versions used KRB5 AP_REQ
2356 ** in place of RFC 2712 KerberosWrapper, as in: 2196 ** in place of RFC 2712 KerberosWrapper, as in:
@@ -2372,32 +2212,29 @@ int ssl3_send_client_key_exchange(SSL *s)
2372 */ 2212 */
2373 2213
2374 /* KerberosWrapper.Ticket */ 2214 /* KerberosWrapper.Ticket */
2375 s2n(enc_ticket->length,p); 2215 s2n(enc_ticket->length, p);
2376 memcpy(p, enc_ticket->data, enc_ticket->length); 2216 memcpy(p, enc_ticket->data, enc_ticket->length);
2377 p+= enc_ticket->length; 2217 p += enc_ticket->length;
2378 n = enc_ticket->length + 2; 2218 n = enc_ticket->length + 2;
2379 2219
2380 /* KerberosWrapper.Authenticator */ 2220 /* KerberosWrapper.Authenticator */
2381 if (authp && authp->length) 2221 if (authp && authp->length) {
2382 { 2222 s2n(authp->length, p);
2383 s2n(authp->length,p);
2384 memcpy(p, authp->data, authp->length); 2223 memcpy(p, authp->data, authp->length);
2385 p+= authp->length; 2224 p += authp->length;
2386 n+= authp->length + 2; 2225 n += authp->length + 2;
2387 2226
2388 free(authp->data); 2227 free(authp->data);
2389 authp->data = NULL; 2228 authp->data = NULL;
2390 authp->length = 0; 2229 authp->length = 0;
2391 } 2230 } else {
2392 else
2393 {
2394 s2n(0,p);/* null authenticator length */ 2231 s2n(0,p);/* null authenticator length */
2395 n+=2; 2232 n += 2;
2396 } 2233 }
2397 2234
2398 tmp_buf[0]=s->client_version>>8; 2235 tmp_buf[0] = s->client_version >> 8;
2399 tmp_buf[1]=s->client_version&0xff; 2236 tmp_buf[1] = s->client_version&0xff;
2400 if (RAND_bytes(&(tmp_buf[2]),sizeof tmp_buf-2) <= 0) 2237 if (RAND_bytes(&(tmp_buf[2]), sizeof tmp_buf - 2) <= 0)
2401 goto err; 2238 goto err;
2402 2239
2403 /* 20010420 VRS. Tried it this way; failed. 2240 /* 20010420 VRS. Tried it this way; failed.
@@ -2407,104 +2244,97 @@ int ssl3_send_client_key_exchange(SSL *s)
2407 ** EVP_EncryptInit_ex(&ciph_ctx,NULL, key,iv); 2244 ** EVP_EncryptInit_ex(&ciph_ctx,NULL, key,iv);
2408 */ 2245 */
2409 2246
2410 memset(iv, 0, sizeof iv); /* per RFC 1510 */ 2247 memset(iv, 0, sizeof iv);
2411 EVP_EncryptInit_ex(&ciph_ctx,enc, NULL, 2248 /* per RFC 1510 */
2412 kssl_ctx->key,iv); 2249 EVP_EncryptInit_ex(&ciph_ctx, enc, NULL,
2413 EVP_EncryptUpdate(&ciph_ctx,epms,&outl,tmp_buf, 2250 kssl_ctx->key, iv);
2414 sizeof tmp_buf); 2251 EVP_EncryptUpdate(&ciph_ctx, epms, &outl, tmp_buf,
2415 EVP_EncryptFinal_ex(&ciph_ctx,&(epms[outl]),&padl); 2252 sizeof tmp_buf);
2253 EVP_EncryptFinal_ex(&ciph_ctx, &(epms[outl]), &padl);
2416 outl += padl; 2254 outl += padl;
2417 if (outl > (int)sizeof epms) 2255 if (outl > (int)sizeof epms) {
2418 {
2419 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); 2256 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
2420 goto err; 2257 goto err;
2421 } 2258 }
2422 EVP_CIPHER_CTX_cleanup(&ciph_ctx); 2259 EVP_CIPHER_CTX_cleanup(&ciph_ctx);
2423 2260
2424 /* KerberosWrapper.EncryptedPreMasterSecret */ 2261 /* KerberosWrapper.EncryptedPreMasterSecret */
2425 s2n(outl,p); 2262 s2n(outl, p);
2426 memcpy(p, epms, outl); 2263 memcpy(p, epms, outl);
2427 p+=outl; 2264 p += outl;
2428 n+=outl + 2; 2265 n += outl + 2;
2429 2266
2430 s->session->master_key_length= 2267 s->session->master_key_length =
2431 s->method->ssl3_enc->generate_master_secret(s, 2268 s->method->ssl3_enc->generate_master_secret(s,
2432 s->session->master_key, 2269 s->session->master_key,
2433 tmp_buf, sizeof tmp_buf); 2270 tmp_buf, sizeof tmp_buf);
2434 2271
2435 OPENSSL_cleanse(tmp_buf, sizeof tmp_buf); 2272 OPENSSL_cleanse(tmp_buf, sizeof tmp_buf);
2436 OPENSSL_cleanse(epms, outl); 2273 OPENSSL_cleanse(epms, outl);
2437 } 2274 }
2438#endif 2275#endif
2439#ifndef OPENSSL_NO_DH 2276#ifndef OPENSSL_NO_DH
2440 else if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) 2277 else if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) {
2441 { 2278 DH *dh_srvr, *dh_clnt;
2442 DH *dh_srvr,*dh_clnt;
2443 2279
2444 if (s->session->sess_cert == NULL) 2280 if (s->session->sess_cert == NULL) {
2445 { 2281 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
2446 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE); 2282 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, SSL_R_UNEXPECTED_MESSAGE);
2447 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE);
2448 goto err; 2283 goto err;
2449 } 2284 }
2450 2285
2451 if (s->session->sess_cert->peer_dh_tmp != NULL) 2286 if (s->session->sess_cert->peer_dh_tmp != NULL)
2452 dh_srvr=s->session->sess_cert->peer_dh_tmp; 2287 dh_srvr = s->session->sess_cert->peer_dh_tmp;
2453 else 2288 else {
2454 {
2455 /* we get them from the cert */ 2289 /* we get them from the cert */
2456 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE); 2290 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
2457 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNABLE_TO_FIND_DH_PARAMETERS); 2291 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, SSL_R_UNABLE_TO_FIND_DH_PARAMETERS);
2458 goto err; 2292 goto err;
2459 } 2293 }
2460 2294
2461 /* generate a new random key */ 2295 /* generate a new random key */
2462 if ((dh_clnt=DHparams_dup(dh_srvr)) == NULL) 2296 if ((dh_clnt = DHparams_dup(dh_srvr)) == NULL) {
2463 { 2297 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_DH_LIB);
2464 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB);
2465 goto err; 2298 goto err;
2466 } 2299 }
2467 if (!DH_generate_key(dh_clnt)) 2300 if (!DH_generate_key(dh_clnt)) {
2468 { 2301 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_DH_LIB);
2469 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB);
2470 DH_free(dh_clnt); 2302 DH_free(dh_clnt);
2471 goto err; 2303 goto err;
2472 } 2304 }
2473 2305
2474 /* use the 'p' output buffer for the DH key, but 2306 /* use the 'p' output buffer for the DH key, but
2475 * make sure to clear it out afterwards */ 2307 * make sure to clear it out afterwards */
2476 2308
2477 n=DH_compute_key(p,dh_srvr->pub_key,dh_clnt); 2309 n = DH_compute_key(p, dh_srvr->pub_key, dh_clnt);
2478 2310
2479 if (n <= 0) 2311 if (n <= 0) {
2480 { 2312 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_DH_LIB);
2481 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB);
2482 DH_free(dh_clnt); 2313 DH_free(dh_clnt);
2483 goto err; 2314 goto err;
2484 } 2315 }
2485 2316
2486 /* generate master key from the result */ 2317 /* generate master key from the result */
2487 s->session->master_key_length= 2318 s->session->master_key_length =
2488 s->method->ssl3_enc->generate_master_secret(s, 2319 s->method->ssl3_enc->generate_master_secret(s,
2489 s->session->master_key,p,n); 2320 s->session->master_key, p, n);
2490 /* clean up */ 2321 /* clean up */
2491 memset(p,0,n); 2322 memset(p, 0, n);
2492 2323
2493 /* send off the data */ 2324 /* send off the data */
2494 n=BN_num_bytes(dh_clnt->pub_key); 2325 n = BN_num_bytes(dh_clnt->pub_key);
2495 s2n(n,p); 2326 s2n(n, p);
2496 BN_bn2bin(dh_clnt->pub_key,p); 2327 BN_bn2bin(dh_clnt->pub_key, p);
2497 n+=2; 2328 n += 2;
2498 2329
2499 DH_free(dh_clnt); 2330 DH_free(dh_clnt);
2500 2331
2501 /* perhaps clean things up a bit EAY EAY EAY EAY*/ 2332 /* perhaps clean things up a bit EAY EAY EAY EAY*/
2502 } 2333 }
2503#endif 2334#endif
2504 2335
2505#ifndef OPENSSL_NO_ECDH 2336#ifndef OPENSSL_NO_ECDH
2506 else if (alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) 2337 else if (alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) {
2507 {
2508 const EC_GROUP *srvr_group = NULL; 2338 const EC_GROUP *srvr_group = NULL;
2509 EC_KEY *tkey; 2339 EC_KEY *tkey;
2510 int ecdh_clnt_cert = 0; 2340 int ecdh_clnt_cert = 0;
@@ -2515,8 +2345,7 @@ int ssl3_send_client_key_exchange(SSL *s)
2515 * computation as part of client certificate? 2345 * computation as part of client certificate?
2516 * If so, set ecdh_clnt_cert to 1. 2346 * If so, set ecdh_clnt_cert to 1.
2517 */ 2347 */
2518 if ((alg_k & (SSL_kECDHr|SSL_kECDHe)) && (s->cert != NULL)) 2348 if ((alg_k & (SSL_kECDHr|SSL_kECDHe)) && (s->cert != NULL)) {
2519 {
2520 /* XXX: For now, we do not support client 2349 /* XXX: For now, we do not support client
2521 * authentication using ECDH certificates. 2350 * authentication using ECDH certificates.
2522 * To add such support, one needs to add 2351 * To add such support, one needs to add
@@ -2536,52 +2365,44 @@ int ssl3_send_client_key_exchange(SSL *s)
2536 * EVP_PKEY_EC) && ...) 2365 * EVP_PKEY_EC) && ...)
2537 * ecdh_clnt_cert = 1; 2366 * ecdh_clnt_cert = 1;
2538 */ 2367 */
2539 } 2368 }
2540 2369
2541 if (s->session->sess_cert->peer_ecdh_tmp != NULL) 2370 if (s->session->sess_cert->peer_ecdh_tmp != NULL) {
2542 {
2543 tkey = s->session->sess_cert->peer_ecdh_tmp; 2371 tkey = s->session->sess_cert->peer_ecdh_tmp;
2544 } 2372 } else {
2545 else
2546 {
2547 /* Get the Server Public Key from Cert */ 2373 /* Get the Server Public Key from Cert */
2548 srvr_pub_pkey = X509_get_pubkey(s->session-> \ 2374 srvr_pub_pkey = X509_get_pubkey(s->session-> \
2549 sess_cert->peer_pkeys[SSL_PKEY_ECC].x509); 2375 sess_cert->peer_pkeys[SSL_PKEY_ECC].x509);
2550 if ((srvr_pub_pkey == NULL) || 2376 if ((srvr_pub_pkey == NULL) ||
2551 (srvr_pub_pkey->type != EVP_PKEY_EC) || 2377 (srvr_pub_pkey->type != EVP_PKEY_EC) ||
2552 (srvr_pub_pkey->pkey.ec == NULL)) 2378 (srvr_pub_pkey->pkey.ec == NULL)) {
2553 {
2554 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, 2379 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2555 ERR_R_INTERNAL_ERROR); 2380 ERR_R_INTERNAL_ERROR);
2556 goto err; 2381 goto err;
2557 } 2382 }
2558 2383
2559 tkey = srvr_pub_pkey->pkey.ec; 2384 tkey = srvr_pub_pkey->pkey.ec;
2560 } 2385 }
2561 2386
2562 srvr_group = EC_KEY_get0_group(tkey); 2387 srvr_group = EC_KEY_get0_group(tkey);
2563 srvr_ecpoint = EC_KEY_get0_public_key(tkey); 2388 srvr_ecpoint = EC_KEY_get0_public_key(tkey);
2564 2389
2565 if ((srvr_group == NULL) || (srvr_ecpoint == NULL)) 2390 if ((srvr_group == NULL) || (srvr_ecpoint == NULL)) {
2566 {
2567 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, 2391 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2568 ERR_R_INTERNAL_ERROR); 2392 ERR_R_INTERNAL_ERROR);
2569 goto err; 2393 goto err;
2570 } 2394 }
2571 2395
2572 if ((clnt_ecdh=EC_KEY_new()) == NULL) 2396 if ((clnt_ecdh = EC_KEY_new()) == NULL) {
2573 { 2397 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
2574 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
2575 goto err; 2398 goto err;
2576 } 2399 }
2577 2400
2578 if (!EC_KEY_set_group(clnt_ecdh, srvr_group)) 2401 if (!EC_KEY_set_group(clnt_ecdh, srvr_group)) {
2579 { 2402 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_EC_LIB);
2580 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_EC_LIB);
2581 goto err; 2403 goto err;
2582 } 2404 }
2583 if (ecdh_clnt_cert) 2405 if (ecdh_clnt_cert) {
2584 {
2585 /* Reuse key info from our certificate 2406 /* Reuse key info from our certificate
2586 * We only need our private key to perform 2407 * We only need our private key to perform
2587 * the ECDH computation. 2408 * the ECDH computation.
@@ -2589,581 +2410,529 @@ int ssl3_send_client_key_exchange(SSL *s)
2589 const BIGNUM *priv_key; 2410 const BIGNUM *priv_key;
2590 tkey = s->cert->key->privatekey->pkey.ec; 2411 tkey = s->cert->key->privatekey->pkey.ec;
2591 priv_key = EC_KEY_get0_private_key(tkey); 2412 priv_key = EC_KEY_get0_private_key(tkey);
2592 if (priv_key == NULL) 2413 if (priv_key == NULL) {
2593 { 2414 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
2594 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
2595 goto err; 2415 goto err;
2596 } 2416 }
2597 if (!EC_KEY_set_private_key(clnt_ecdh, priv_key)) 2417 if (!EC_KEY_set_private_key(clnt_ecdh, priv_key)) {
2598 { 2418 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_EC_LIB);
2599 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_EC_LIB);
2600 goto err; 2419 goto err;
2601 }
2602 } 2420 }
2603 else 2421 } else {
2604 {
2605 /* Generate a new ECDH key pair */ 2422 /* Generate a new ECDH key pair */
2606 if (!(EC_KEY_generate_key(clnt_ecdh))) 2423 if (!(EC_KEY_generate_key(clnt_ecdh))) {
2607 {
2608 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_ECDH_LIB); 2424 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_ECDH_LIB);
2609 goto err; 2425 goto err;
2610 }
2611 } 2426 }
2427 }
2612 2428
2613 /* use the 'p' output buffer for the ECDH key, but 2429 /* use the 'p' output buffer for the ECDH key, but
2614 * make sure to clear it out afterwards 2430 * make sure to clear it out afterwards
2615 */ 2431 */
2616 2432
2617 field_size = EC_GROUP_get_degree(srvr_group); 2433 field_size = EC_GROUP_get_degree(srvr_group);
2618 if (field_size <= 0) 2434 if (field_size <= 0) {
2619 { 2435 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2620 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, 2436 ERR_R_ECDH_LIB);
2621 ERR_R_ECDH_LIB);
2622 goto err; 2437 goto err;
2623 } 2438 }
2624 n=ECDH_compute_key(p, (field_size+7)/8, srvr_ecpoint, clnt_ecdh, NULL); 2439 n = ECDH_compute_key(p, (field_size + 7)/8, srvr_ecpoint, clnt_ecdh, NULL);
2625 if (n <= 0) 2440 if (n <= 0) {
2626 { 2441 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2627 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, 2442 ERR_R_ECDH_LIB);
2628 ERR_R_ECDH_LIB);
2629 goto err; 2443 goto err;
2630 } 2444 }
2631 2445
2632 /* generate master key from the result */ 2446 /* generate master key from the result */
2633 s->session->master_key_length = s->method->ssl3_enc \ 2447 s->session->master_key_length = s->method->ssl3_enc \
2634 -> generate_master_secret(s, 2448 -> generate_master_secret(s,
2635 s->session->master_key, 2449 s->session->master_key,
2636 p, n); 2450 p, n);
2637 2451
2638 memset(p, 0, n); /* clean up */ 2452 memset(p, 0, n); /* clean up */
2639 2453
2640 if (ecdh_clnt_cert) 2454 if (ecdh_clnt_cert) {
2641 {
2642 /* Send empty client key exch message */ 2455 /* Send empty client key exch message */
2643 n = 0; 2456 n = 0;
2644 } 2457 } else {
2645 else
2646 {
2647 /* First check the size of encoding and 2458 /* First check the size of encoding and
2648 * allocate memory accordingly. 2459 * allocate memory accordingly.
2649 */ 2460 */
2650 encoded_pt_len = 2461 encoded_pt_len =
2651 EC_POINT_point2oct(srvr_group, 2462 EC_POINT_point2oct(srvr_group,
2652 EC_KEY_get0_public_key(clnt_ecdh), 2463 EC_KEY_get0_public_key(clnt_ecdh),
2653 POINT_CONVERSION_UNCOMPRESSED, 2464 POINT_CONVERSION_UNCOMPRESSED,
2654 NULL, 0, NULL); 2465 NULL, 0, NULL);
2655 2466
2656 encodedPoint = (unsigned char *) 2467 encodedPoint =
2657 OPENSSL_malloc(encoded_pt_len * 2468 (unsigned char *)OPENSSL_malloc(
2658 sizeof(unsigned char)); 2469 encoded_pt_len * sizeof(unsigned char));
2470
2659 bn_ctx = BN_CTX_new(); 2471 bn_ctx = BN_CTX_new();
2660 if ((encodedPoint == NULL) || 2472 if ((encodedPoint == NULL) ||
2661 (bn_ctx == NULL)) 2473 (bn_ctx == NULL)) {
2662 { 2474 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
2663 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
2664 goto err; 2475 goto err;
2665 } 2476 }
2666 2477
2667 /* Encode the public key */ 2478 /* Encode the public key */
2668 n = EC_POINT_point2oct(srvr_group, 2479 n = EC_POINT_point2oct(srvr_group,
2669 EC_KEY_get0_public_key(clnt_ecdh), 2480 EC_KEY_get0_public_key(clnt_ecdh),
2670 POINT_CONVERSION_UNCOMPRESSED, 2481 POINT_CONVERSION_UNCOMPRESSED,
2671 encodedPoint, encoded_pt_len, bn_ctx); 2482 encodedPoint, encoded_pt_len, bn_ctx);
2672 2483
2673 *p = n; /* length of encoded point */ 2484 *p = n; /* length of encoded point */
2674 /* Encoded point will be copied here */ 2485 /* Encoded point will be copied here */
2675 p += 1; 2486 p += 1;
2487
2676 /* copy the point */ 2488 /* copy the point */
2677 memcpy((unsigned char *)p, encodedPoint, n); 2489 memcpy((unsigned char *)p, encodedPoint, n);
2678 /* increment n to account for length field */ 2490 /* increment n to account for length field */
2679 n += 1; 2491 n += 1;
2680 } 2492
2493 }
2681 2494
2682 /* Free allocated memory */ 2495 /* Free allocated memory */
2683 BN_CTX_free(bn_ctx); 2496 BN_CTX_free(bn_ctx);
2684 if (encodedPoint != NULL) OPENSSL_free(encodedPoint); 2497 if (encodedPoint != NULL)
2685 if (clnt_ecdh != NULL) 2498 OPENSSL_free(encodedPoint);
2686 EC_KEY_free(clnt_ecdh); 2499 if (clnt_ecdh != NULL)
2500 EC_KEY_free(clnt_ecdh);
2687 EVP_PKEY_free(srvr_pub_pkey); 2501 EVP_PKEY_free(srvr_pub_pkey);
2688 } 2502 }
2689#endif /* !OPENSSL_NO_ECDH */ 2503#endif /* !OPENSSL_NO_ECDH */
2690 else if (alg_k & SSL_kGOST) 2504 else if (alg_k & SSL_kGOST) {
2691 {
2692 /* GOST key exchange message creation */ 2505 /* GOST key exchange message creation */
2693 EVP_PKEY_CTX *pkey_ctx; 2506 EVP_PKEY_CTX *pkey_ctx;
2694 X509 *peer_cert; 2507 X509 *peer_cert;
2508
2695 size_t msglen; 2509 size_t msglen;
2696 unsigned int md_len; 2510 unsigned int md_len;
2697 int keytype; 2511 int keytype;
2698 unsigned char premaster_secret[32],shared_ukm[32], tmp[256]; 2512 unsigned char premaster_secret[32], shared_ukm[32], tmp[256];
2699 EVP_MD_CTX *ukm_hash; 2513 EVP_MD_CTX *ukm_hash;
2700 EVP_PKEY *pub_key; 2514 EVP_PKEY *pub_key;
2701 2515
2702 /* Get server sertificate PKEY and create ctx from it */ 2516 /* Get server sertificate PKEY and create ctx from it */
2703 peer_cert=s->session->sess_cert->peer_pkeys[(keytype=SSL_PKEY_GOST01)].x509; 2517 peer_cert = s->session->sess_cert->peer_pkeys[(keytype = SSL_PKEY_GOST01)].x509;
2704 if (!peer_cert) 2518 if (!peer_cert)
2705 peer_cert=s->session->sess_cert->peer_pkeys[(keytype=SSL_PKEY_GOST94)].x509; 2519 peer_cert = s->session->sess_cert->peer_pkeys[(keytype = SSL_PKEY_GOST94)].x509;
2706 if (!peer_cert) { 2520 if (!peer_cert) {
2707 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER); 2521 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER);
2708 goto err; 2522 goto err;
2709 } 2523 }
2710 2524
2711 pkey_ctx=EVP_PKEY_CTX_new(pub_key=X509_get_pubkey(peer_cert),NULL); 2525 pkey_ctx = EVP_PKEY_CTX_new(pub_key = X509_get_pubkey(peer_cert), NULL);
2712 /* If we have send a certificate, and certificate key 2526 /* If we have send a certificate, and certificate key
2713 2527
2714 * parameters match those of server certificate, use 2528 * parameters match those of server certificate, use
2715 * certificate key for key exchange 2529 * certificate key for key exchange
2716 */ 2530 */
2717 2531
2718 /* Otherwise, generate ephemeral key pair */ 2532 /* Otherwise, generate ephemeral key pair */
2719 2533
2720 EVP_PKEY_encrypt_init(pkey_ctx); 2534 EVP_PKEY_encrypt_init(pkey_ctx);
2721 /* Generate session key */ 2535 /* Generate session key */
2722 RAND_bytes(premaster_secret,32); 2536 RAND_bytes(premaster_secret, 32);
2723 /* If we have client certificate, use its secret as peer key */ 2537 /* If we have client certificate, use its secret as peer key */
2724 if (s->s3->tmp.cert_req && s->cert->key->privatekey) { 2538 if (s->s3->tmp.cert_req && s->cert->key->privatekey) {
2725 if (EVP_PKEY_derive_set_peer(pkey_ctx,s->cert->key->privatekey) <=0) { 2539 if (EVP_PKEY_derive_set_peer(pkey_ctx, s->cert->key->privatekey) <=0) {
2726 /* If there was an error - just ignore it. Ephemeral key 2540 /* If there was an error - just ignore it. Ephemeral key
2727 * would be used 2541 * would be used
2728 */ 2542 */
2729 ERR_clear_error(); 2543 ERR_clear_error();
2730 } 2544 }
2731 } 2545 }
2732 /* Compute shared IV and store it in algorithm-specific 2546 /* Compute shared IV and store it in algorithm-specific
2733 * context data */ 2547 * context data */
2734 ukm_hash = EVP_MD_CTX_create(); 2548 ukm_hash = EVP_MD_CTX_create();
2735 EVP_DigestInit(ukm_hash,EVP_get_digestbynid(NID_id_GostR3411_94)); 2549 EVP_DigestInit(ukm_hash, EVP_get_digestbynid(NID_id_GostR3411_94));
2736 EVP_DigestUpdate(ukm_hash,s->s3->client_random,SSL3_RANDOM_SIZE); 2550 EVP_DigestUpdate(ukm_hash, s->s3->client_random, SSL3_RANDOM_SIZE);
2737 EVP_DigestUpdate(ukm_hash,s->s3->server_random,SSL3_RANDOM_SIZE); 2551 EVP_DigestUpdate(ukm_hash, s->s3->server_random, SSL3_RANDOM_SIZE);
2738 EVP_DigestFinal_ex(ukm_hash, shared_ukm, &md_len); 2552 EVP_DigestFinal_ex(ukm_hash, shared_ukm, &md_len);
2739 EVP_MD_CTX_destroy(ukm_hash); 2553 EVP_MD_CTX_destroy(ukm_hash);
2740 if (EVP_PKEY_CTX_ctrl(pkey_ctx,-1,EVP_PKEY_OP_ENCRYPT,EVP_PKEY_CTRL_SET_IV, 2554 if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, EVP_PKEY_OP_ENCRYPT, EVP_PKEY_CTRL_SET_IV,
2741 8,shared_ukm)<0) { 2555 8, shared_ukm) < 0) {
2742 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, 2556 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2743 SSL_R_LIBRARY_BUG); 2557 SSL_R_LIBRARY_BUG);
2744 goto err; 2558 goto err;
2745 } 2559 }
2746 /* Make GOST keytransport blob message */ 2560 /* Make GOST keytransport blob message */
2747 /*Encapsulate it into sequence */ 2561 /*Encapsulate it into sequence */
2748 *(p++)=V_ASN1_SEQUENCE | V_ASN1_CONSTRUCTED; 2562 *(p++) = V_ASN1_SEQUENCE | V_ASN1_CONSTRUCTED;
2749 msglen=255; 2563 msglen = 255;
2750 if (EVP_PKEY_encrypt(pkey_ctx,tmp,&msglen,premaster_secret,32)<0) { 2564 if (EVP_PKEY_encrypt(pkey_ctx, tmp, &msglen, premaster_secret, 32) < 0) {
2751 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, 2565 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2752 SSL_R_LIBRARY_BUG); 2566 SSL_R_LIBRARY_BUG);
2753 goto err; 2567 goto err;
2754 } 2568 }
2755 if (msglen >= 0x80) 2569 if (msglen >= 0x80) {
2756 { 2570 *(p++) = 0x81;
2757 *(p++)=0x81; 2571 *(p++) = msglen & 0xff;
2758 *(p++)= msglen & 0xff; 2572 n = msglen + 3;
2759 n=msglen+3; 2573 } else {
2760 } 2574 *(p++) = msglen & 0xff;
2761 else 2575 n = msglen + 2;
2762 { 2576 }
2763 *(p++)= msglen & 0xff;
2764 n=msglen+2;
2765 }
2766 memcpy(p, tmp, msglen); 2577 memcpy(p, tmp, msglen);
2767 /* Check if pubkey from client certificate was used */ 2578 /* Check if pubkey from client certificate was used */
2768 if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 2, NULL) > 0) 2579 if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 2, NULL) > 0) {
2769 {
2770 /* Set flag "skip certificate verify" */ 2580 /* Set flag "skip certificate verify" */
2771 s->s3->flags |= TLS1_FLAGS_SKIP_CERT_VERIFY; 2581 s->s3->flags |= TLS1_FLAGS_SKIP_CERT_VERIFY;
2772 } 2582 }
2773 EVP_PKEY_CTX_free(pkey_ctx); 2583 EVP_PKEY_CTX_free(pkey_ctx);
2774 s->session->master_key_length= 2584 s->session->master_key_length =
2775 s->method->ssl3_enc->generate_master_secret(s, 2585 s->method->ssl3_enc->generate_master_secret(s,
2776 s->session->master_key,premaster_secret,32); 2586 s->session->master_key, premaster_secret, 32);
2777 EVP_PKEY_free(pub_key); 2587 EVP_PKEY_free(pub_key);
2778 2588
2779 } 2589 }
2780#ifndef OPENSSL_NO_SRP 2590#ifndef OPENSSL_NO_SRP
2781 else if (alg_k & SSL_kSRP) 2591 else if (alg_k & SSL_kSRP) {
2782 { 2592 if (s->srp_ctx.A != NULL) {
2783 if (s->srp_ctx.A != NULL)
2784 {
2785 /* send off the data */ 2593 /* send off the data */
2786 n=BN_num_bytes(s->srp_ctx.A); 2594 n = BN_num_bytes(s->srp_ctx.A);
2787 s2n(n,p); 2595 s2n(n, p);
2788 BN_bn2bin(s->srp_ctx.A,p); 2596 BN_bn2bin(s->srp_ctx.A, p);
2789 n+=2; 2597 n += 2;
2790 } 2598 } else {
2791 else 2599 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
2792 {
2793 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
2794 goto err; 2600 goto err;
2795 } 2601 }
2796 if (s->session->srp_username != NULL) 2602 if (s->session->srp_username != NULL)
2797 OPENSSL_free(s->session->srp_username); 2603 OPENSSL_free(s->session->srp_username);
2798 s->session->srp_username = BUF_strdup(s->srp_ctx.login); 2604 s->session->srp_username = BUF_strdup(s->srp_ctx.login);
2799 if (s->session->srp_username == NULL) 2605 if (s->session->srp_username == NULL) {
2800 {
2801 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, 2606 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2802 ERR_R_MALLOC_FAILURE); 2607 ERR_R_MALLOC_FAILURE);
2803 goto err; 2608 goto err;
2804 } 2609 }
2805 2610
2806 if ((s->session->master_key_length = SRP_generate_client_master_secret(s,s->session->master_key))<0) 2611 if ((s->session->master_key_length = SRP_generate_client_master_secret(s, s->session->master_key)) < 0) {
2807 { 2612 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
2808 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
2809 goto err; 2613 goto err;
2810 }
2811 } 2614 }
2615 }
2812#endif 2616#endif
2813#ifndef OPENSSL_NO_PSK 2617#ifndef OPENSSL_NO_PSK
2814 else if (alg_k & SSL_kPSK) 2618 else if (alg_k & SSL_kPSK) {
2815 {
2816 char identity[PSK_MAX_IDENTITY_LEN]; 2619 char identity[PSK_MAX_IDENTITY_LEN];
2817 unsigned char *t = NULL; 2620 unsigned char *t = NULL;
2818 unsigned char psk_or_pre_ms[PSK_MAX_PSK_LEN*2+4]; 2621 unsigned char psk_or_pre_ms[PSK_MAX_PSK_LEN*2 + 4];
2819 unsigned int pre_ms_len = 0, psk_len = 0; 2622 unsigned int pre_ms_len = 0, psk_len = 0;
2820 int psk_err = 1; 2623 int psk_err = 1;
2821 2624
2822 n = 0; 2625 n = 0;
2823 if (s->psk_client_callback == NULL) 2626 if (s->psk_client_callback == NULL) {
2824 {
2825 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, 2627 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2826 SSL_R_PSK_NO_CLIENT_CB); 2628 SSL_R_PSK_NO_CLIENT_CB);
2827 goto err; 2629 goto err;
2828 } 2630 }
2829 2631
2830 psk_len = s->psk_client_callback(s, s->ctx->psk_identity_hint, 2632 psk_len = s->psk_client_callback(s, s->ctx->psk_identity_hint,
2831 identity, PSK_MAX_IDENTITY_LEN, 2633 identity, PSK_MAX_IDENTITY_LEN,
2832 psk_or_pre_ms, sizeof(psk_or_pre_ms)); 2634 psk_or_pre_ms, sizeof(psk_or_pre_ms));
2833 if (psk_len > PSK_MAX_PSK_LEN) 2635 if (psk_len > PSK_MAX_PSK_LEN) {
2834 {
2835 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, 2636 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2836 ERR_R_INTERNAL_ERROR); 2637 ERR_R_INTERNAL_ERROR);
2837 goto psk_err; 2638 goto psk_err;
2838 } 2639 } else if (psk_len == 0) {
2839 else if (psk_len == 0)
2840 {
2841 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, 2640 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2842 SSL_R_PSK_IDENTITY_NOT_FOUND); 2641 SSL_R_PSK_IDENTITY_NOT_FOUND);
2843 goto psk_err; 2642 goto psk_err;
2844 } 2643 }
2845 2644
2846 /* create PSK pre_master_secret */ 2645 /* create PSK pre_master_secret */
2847 pre_ms_len = 2+psk_len+2+psk_len; 2646 pre_ms_len = 2 + psk_len + 2 + psk_len;
2848 t = psk_or_pre_ms; 2647 t = psk_or_pre_ms;
2849 memmove(psk_or_pre_ms+psk_len+4, psk_or_pre_ms, psk_len); 2648 memmove(psk_or_pre_ms + psk_len + 4, psk_or_pre_ms, psk_len);
2850 s2n(psk_len, t); 2649 s2n(psk_len, t);
2851 memset(t, 0, psk_len); 2650 memset(t, 0, psk_len);
2852 t+=psk_len; 2651 t += psk_len;
2853 s2n(psk_len, t); 2652 s2n(psk_len, t);
2854 2653
2855 if (s->session->psk_identity_hint != NULL) 2654 if (s->session->psk_identity_hint != NULL)
2856 OPENSSL_free(s->session->psk_identity_hint); 2655 OPENSSL_free(s->session->psk_identity_hint);
2857 s->session->psk_identity_hint = BUF_strdup(s->ctx->psk_identity_hint); 2656 s->session->psk_identity_hint = BUF_strdup(s->ctx->psk_identity_hint);
2858 if (s->ctx->psk_identity_hint != NULL && 2657 if (s->ctx->psk_identity_hint != NULL &&
2859 s->session->psk_identity_hint == NULL) 2658 s->session->psk_identity_hint == NULL) {
2860 {
2861 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, 2659 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2862 ERR_R_MALLOC_FAILURE); 2660 ERR_R_MALLOC_FAILURE);
2863 goto psk_err; 2661 goto psk_err;
2864 } 2662 }
2865 2663
2866 if (s->session->psk_identity != NULL) 2664 if (s->session->psk_identity != NULL)
2867 OPENSSL_free(s->session->psk_identity); 2665 OPENSSL_free(s->session->psk_identity);
2868 s->session->psk_identity = BUF_strdup(identity); 2666 s->session->psk_identity = BUF_strdup(identity);
2869 if (s->session->psk_identity == NULL) 2667 if (s->session->psk_identity == NULL) {
2870 {
2871 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, 2668 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2872 ERR_R_MALLOC_FAILURE); 2669 ERR_R_MALLOC_FAILURE);
2873 goto psk_err; 2670 goto psk_err;
2874 } 2671 }
2875 2672
2876 s->session->master_key_length = 2673 s->session->master_key_length =
2877 s->method->ssl3_enc->generate_master_secret(s, 2674 s->method->ssl3_enc->generate_master_secret(
2878 s->session->master_key, 2675 s, s->session->master_key, psk_or_pre_ms,
2879 psk_or_pre_ms, pre_ms_len); 2676 pre_ms_len);
2677
2880 n = strlen(identity); 2678 n = strlen(identity);
2881 s2n(n, p); 2679 s2n(n, p);
2882 memcpy(p, identity, n); 2680 memcpy(p, identity, n);
2883 n+=2; 2681 n += 2;
2884 psk_err = 0; 2682 psk_err = 0;
2885 psk_err: 2683 psk_err:
2886 OPENSSL_cleanse(identity, PSK_MAX_IDENTITY_LEN); 2684 OPENSSL_cleanse(identity, PSK_MAX_IDENTITY_LEN);
2887 OPENSSL_cleanse(psk_or_pre_ms, sizeof(psk_or_pre_ms)); 2685 OPENSSL_cleanse(psk_or_pre_ms, sizeof(psk_or_pre_ms));
2888 if (psk_err != 0) 2686 if (psk_err != 0) {
2889 {
2890 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); 2687 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
2891 goto err; 2688 goto err;
2892 }
2893 } 2689 }
2690 }
2894#endif 2691#endif
2895 else 2692 else {
2896 {
2897 ssl3_send_alert(s, SSL3_AL_FATAL, 2693 ssl3_send_alert(s, SSL3_AL_FATAL,
2898 SSL_AD_HANDSHAKE_FAILURE); 2694 SSL_AD_HANDSHAKE_FAILURE);
2899 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, 2695 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2900 ERR_R_INTERNAL_ERROR); 2696 ERR_R_INTERNAL_ERROR);
2901 goto err; 2697 goto err;
2902 } 2698 }
2903
2904 *(d++)=SSL3_MT_CLIENT_KEY_EXCHANGE;
2905 l2n3(n,d);
2906 2699
2907 s->state=SSL3_ST_CW_KEY_EXCH_B; 2700 *(d++) = SSL3_MT_CLIENT_KEY_EXCHANGE;
2701 l2n3(n, d);
2702
2703 s->state = SSL3_ST_CW_KEY_EXCH_B;
2908 /* number of bytes to write */ 2704 /* number of bytes to write */
2909 s->init_num=n+4; 2705 s->init_num = n + 4;
2910 s->init_off=0; 2706 s->init_off = 0;
2911 } 2707 }
2912 2708
2913 /* SSL3_ST_CW_KEY_EXCH_B */ 2709 /* SSL3_ST_CW_KEY_EXCH_B */
2914 return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); 2710 return (ssl3_do_write(s, SSL3_RT_HANDSHAKE));
2915err: 2711err:
2916#ifndef OPENSSL_NO_ECDH 2712#ifndef OPENSSL_NO_ECDH
2917 BN_CTX_free(bn_ctx); 2713 BN_CTX_free(bn_ctx);
2918 if (encodedPoint != NULL) OPENSSL_free(encodedPoint); 2714 if (encodedPoint != NULL)
2919 if (clnt_ecdh != NULL) 2715 OPENSSL_free(encodedPoint);
2716 if (clnt_ecdh != NULL)
2920 EC_KEY_free(clnt_ecdh); 2717 EC_KEY_free(clnt_ecdh);
2921 EVP_PKEY_free(srvr_pub_pkey); 2718 EVP_PKEY_free(srvr_pub_pkey);
2922#endif 2719#endif
2923 return(-1); 2720 return (-1);
2924 } 2721}
2925 2722
2926int ssl3_send_client_verify(SSL *s) 2723int
2927 { 2724ssl3_send_client_verify(SSL *s)
2928 unsigned char *p,*d; 2725{
2929 unsigned char data[MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH]; 2726 unsigned char *p, *d;
2727 unsigned char data[MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH];
2930 EVP_PKEY *pkey; 2728 EVP_PKEY *pkey;
2931 EVP_PKEY_CTX *pctx=NULL; 2729 EVP_PKEY_CTX *pctx = NULL;
2932 EVP_MD_CTX mctx; 2730 EVP_MD_CTX mctx;
2933 unsigned u=0; 2731 unsigned u = 0;
2934 unsigned long n; 2732 unsigned long n;
2935 int j; 2733 int j;
2936 2734
2937 EVP_MD_CTX_init(&mctx); 2735 EVP_MD_CTX_init(&mctx);
2938 2736
2939 if (s->state == SSL3_ST_CW_CERT_VRFY_A) 2737 if (s->state == SSL3_ST_CW_CERT_VRFY_A) {
2940 { 2738 d = (unsigned char *)s->init_buf->data;
2941 d=(unsigned char *)s->init_buf->data; 2739 p = &(d[4]);
2942 p= &(d[4]); 2740 pkey = s->cert->key->privatekey;
2943 pkey=s->cert->key->privatekey;
2944/* Create context from key and test if sha1 is allowed as digest */ 2741/* Create context from key and test if sha1 is allowed as digest */
2945 pctx = EVP_PKEY_CTX_new(pkey,NULL); 2742 pctx = EVP_PKEY_CTX_new(pkey, NULL);
2946 EVP_PKEY_sign_init(pctx); 2743 EVP_PKEY_sign_init(pctx);
2947 if (EVP_PKEY_CTX_set_signature_md(pctx, EVP_sha1())>0) 2744 if (EVP_PKEY_CTX_set_signature_md(pctx, EVP_sha1()) > 0) {
2948 {
2949 if (TLS1_get_version(s) < TLS1_2_VERSION) 2745 if (TLS1_get_version(s) < TLS1_2_VERSION)
2950 s->method->ssl3_enc->cert_verify_mac(s, 2746 s->method->ssl3_enc->cert_verify_mac(s,
2951 NID_sha1, 2747 NID_sha1,
2952 &(data[MD5_DIGEST_LENGTH])); 2748 &(data[MD5_DIGEST_LENGTH]));
2953 } 2749 } else {
2954 else
2955 {
2956 ERR_clear_error(); 2750 ERR_clear_error();
2957 } 2751 }
2958 /* For TLS v1.2 send signature algorithm and signature 2752 /* For TLS v1.2 send signature algorithm and signature
2959 * using agreed digest and cached handshake records. 2753 * using agreed digest and cached handshake records.
2960 */ 2754 */
2961 if (TLS1_get_version(s) >= TLS1_2_VERSION) 2755 if (TLS1_get_version(s) >= TLS1_2_VERSION) {
2962 {
2963 long hdatalen = 0; 2756 long hdatalen = 0;
2964 void *hdata; 2757 void *hdata;
2965 const EVP_MD *md = s->cert->key->digest; 2758 const EVP_MD *md = s->cert->key->digest;
2966 hdatalen = BIO_get_mem_data(s->s3->handshake_buffer, 2759 hdatalen = BIO_get_mem_data(s->s3->handshake_buffer,
2967 &hdata); 2760 &hdata);
2968 if (hdatalen <= 0 || !tls12_get_sigandhash(p, pkey, md)) 2761 if (hdatalen <= 0 || !tls12_get_sigandhash(p, pkey, md)) {
2969 {
2970 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, 2762 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,
2971 ERR_R_INTERNAL_ERROR); 2763 ERR_R_INTERNAL_ERROR);
2972 goto err; 2764 goto err;
2973 } 2765 }
2974 p += 2; 2766 p += 2;
2975#ifdef SSL_DEBUG 2767#ifdef SSL_DEBUG
2976 fprintf(stderr, "Using TLS 1.2 with client alg %s\n", 2768 fprintf(stderr, "Using TLS 1.2 with client alg %s\n",
2977 EVP_MD_name(md)); 2769 EVP_MD_name(md));
2978#endif 2770#endif
2979 if (!EVP_SignInit_ex(&mctx, md, NULL) 2771 if (!EVP_SignInit_ex(&mctx, md, NULL) ||
2980 || !EVP_SignUpdate(&mctx, hdata, hdatalen) 2772 !EVP_SignUpdate(&mctx, hdata, hdatalen) ||
2981 || !EVP_SignFinal(&mctx, p + 2, &u, pkey)) 2773 !EVP_SignFinal(&mctx, p + 2, &u, pkey)) {
2982 {
2983 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, 2774 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,
2984 ERR_R_EVP_LIB); 2775 ERR_R_EVP_LIB);
2985 goto err; 2776 goto err;
2986 } 2777 }
2987 s2n(u,p); 2778 s2n(u, p);
2988 n = u + 4; 2779 n = u + 4;
2989 if (!ssl3_digest_cached_records(s)) 2780 if (!ssl3_digest_cached_records(s))
2990 goto err; 2781 goto err;
2991 } 2782 } else
2992 else
2993#ifndef OPENSSL_NO_RSA 2783#ifndef OPENSSL_NO_RSA
2994 if (pkey->type == EVP_PKEY_RSA) 2784 if (pkey->type == EVP_PKEY_RSA) {
2995 { 2785 s->method->ssl3_enc->cert_verify_mac(
2996 s->method->ssl3_enc->cert_verify_mac(s, 2786 s, NID_md5, &(data[0]));
2997 NID_md5,
2998 &(data[0]));
2999 if (RSA_sign(NID_md5_sha1, data, 2787 if (RSA_sign(NID_md5_sha1, data,
3000 MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH, 2788 MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH, &(p[2]),
3001 &(p[2]), &u, pkey->pkey.rsa) <= 0 ) 2789 &u, pkey->pkey.rsa) <= 0 ) {
3002 { 2790 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, ERR_R_RSA_LIB);
3003 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,ERR_R_RSA_LIB);
3004 goto err; 2791 goto err;
3005 }
3006 s2n(u,p);
3007 n=u+2;
3008 } 2792 }
3009 else 2793 s2n(u, p);
2794 n = u + 2;
2795 } else
3010#endif 2796#endif
3011#ifndef OPENSSL_NO_DSA 2797#ifndef OPENSSL_NO_DSA
3012 if (pkey->type == EVP_PKEY_DSA) 2798 if (pkey->type == EVP_PKEY_DSA) {
3013 {
3014 if (!DSA_sign(pkey->save_type, 2799 if (!DSA_sign(pkey->save_type,
3015 &(data[MD5_DIGEST_LENGTH]), 2800 &(data[MD5_DIGEST_LENGTH]),
3016 SHA_DIGEST_LENGTH,&(p[2]), 2801 SHA_DIGEST_LENGTH, &(p[2]),
3017 (unsigned int *)&j,pkey->pkey.dsa)) 2802 (unsigned int *)&j, pkey->pkey.dsa)) {
3018 { 2803 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, ERR_R_DSA_LIB);
3019 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,ERR_R_DSA_LIB);
3020 goto err; 2804 goto err;
3021 }
3022 s2n(j,p);
3023 n=j+2;
3024 } 2805 }
3025 else 2806 s2n(j, p);
2807 n = j + 2;
2808 } else
3026#endif 2809#endif
3027#ifndef OPENSSL_NO_ECDSA 2810#ifndef OPENSSL_NO_ECDSA
3028 if (pkey->type == EVP_PKEY_EC) 2811 if (pkey->type == EVP_PKEY_EC) {
3029 {
3030 if (!ECDSA_sign(pkey->save_type, 2812 if (!ECDSA_sign(pkey->save_type,
3031 &(data[MD5_DIGEST_LENGTH]), 2813 &(data[MD5_DIGEST_LENGTH]),
3032 SHA_DIGEST_LENGTH,&(p[2]), 2814 SHA_DIGEST_LENGTH, &(p[2]),
3033 (unsigned int *)&j,pkey->pkey.ec)) 2815 (unsigned int *)&j, pkey->pkey.ec)) {
3034 {
3035 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, 2816 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,
3036 ERR_R_ECDSA_LIB); 2817 ERR_R_ECDSA_LIB);
3037 goto err; 2818 goto err;
3038 }
3039 s2n(j,p);
3040 n=j+2;
3041 } 2819 }
3042 else 2820 s2n(j, p);
2821 n = j + 2;
2822 } else
3043#endif 2823#endif
3044 if (pkey->type == NID_id_GostR3410_94 || pkey->type == NID_id_GostR3410_2001) 2824 if (pkey->type == NID_id_GostR3410_94 || pkey->type == NID_id_GostR3410_2001) {
3045 { 2825 unsigned char signbuf[64];
3046 unsigned char signbuf[64]; 2826 int i;
3047 int i; 2827 size_t sigsize = 64;
3048 size_t sigsize=64; 2828 s->method->ssl3_enc->cert_verify_mac(s,
3049 s->method->ssl3_enc->cert_verify_mac(s,
3050 NID_id_GostR3411_94, 2829 NID_id_GostR3411_94,
3051 data); 2830 data);
3052 if (EVP_PKEY_sign(pctx, signbuf, &sigsize, data, 32) <= 0) { 2831 if (EVP_PKEY_sign(pctx, signbuf, &sigsize, data, 32) <= 0) {
3053 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, 2832 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,
3054 ERR_R_INTERNAL_ERROR); 2833 ERR_R_INTERNAL_ERROR);
3055 goto err; 2834 goto err;
3056 } 2835 }
3057 for (i=63,j=0; i>=0; j++, i--) { 2836 for (i = 63, j = 0; i >= 0; j++, i--) {
3058 p[2+j]=signbuf[i]; 2837 p[2 + j] = signbuf[i];
3059 } 2838 }
3060 s2n(j,p); 2839 s2n(j, p);
3061 n=j+2; 2840 n = j + 2;
3062 } 2841 } else {
3063 else 2842 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, ERR_R_INTERNAL_ERROR);
3064 {
3065 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,ERR_R_INTERNAL_ERROR);
3066 goto err; 2843 goto err;
3067 } 2844 }
3068 *(d++)=SSL3_MT_CERTIFICATE_VERIFY; 2845 *(d++) = SSL3_MT_CERTIFICATE_VERIFY;
3069 l2n3(n,d); 2846 l2n3(n, d);
3070 2847
3071 s->state=SSL3_ST_CW_CERT_VRFY_B; 2848 s->state = SSL3_ST_CW_CERT_VRFY_B;
3072 s->init_num=(int)n+4; 2849 s->init_num = (int)n + 4;
3073 s->init_off=0; 2850 s->init_off = 0;
3074 } 2851 }
3075 EVP_MD_CTX_cleanup(&mctx); 2852 EVP_MD_CTX_cleanup(&mctx);
3076 EVP_PKEY_CTX_free(pctx); 2853 EVP_PKEY_CTX_free(pctx);
3077 return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); 2854 return (ssl3_do_write(s, SSL3_RT_HANDSHAKE));
3078err: 2855err:
3079 EVP_MD_CTX_cleanup(&mctx); 2856 EVP_MD_CTX_cleanup(&mctx);
3080 EVP_PKEY_CTX_free(pctx); 2857 EVP_PKEY_CTX_free(pctx);
3081 return(-1); 2858 return (-1);
3082 } 2859}
3083 2860
3084int ssl3_send_client_certificate(SSL *s) 2861int
3085 { 2862ssl3_send_client_certificate(SSL *s)
3086 X509 *x509=NULL; 2863{
3087 EVP_PKEY *pkey=NULL; 2864 X509 *x509 = NULL;
2865 EVP_PKEY *pkey = NULL;
3088 int i; 2866 int i;
3089 unsigned long l; 2867 unsigned long l;
3090 2868
3091 if (s->state == SSL3_ST_CW_CERT_A) 2869 if (s->state == SSL3_ST_CW_CERT_A) {
3092 { 2870 if ((s->cert == NULL) || (s->cert->key->x509 == NULL) ||
3093 if ((s->cert == NULL) || 2871 (s->cert->key->privatekey == NULL))
3094 (s->cert->key->x509 == NULL) || 2872 s->state = SSL3_ST_CW_CERT_B;
3095 (s->cert->key->privatekey == NULL))
3096 s->state=SSL3_ST_CW_CERT_B;
3097 else 2873 else
3098 s->state=SSL3_ST_CW_CERT_C; 2874 s->state = SSL3_ST_CW_CERT_C;
3099 } 2875 }
3100 2876
3101 /* We need to get a client cert */ 2877 /* We need to get a client cert */
3102 if (s->state == SSL3_ST_CW_CERT_B) 2878 if (s->state == SSL3_ST_CW_CERT_B) {
3103 {
3104 /* If we get an error, we need to 2879 /* If we get an error, we need to
3105 * ssl->rwstate=SSL_X509_LOOKUP; return(-1); 2880 * ssl->rwstate=SSL_X509_LOOKUP; return(-1);
3106 * We then get retied later */ 2881 * We then get retied later */
3107 i=0; 2882 i = 0;
3108 i = ssl_do_client_cert_cb(s, &x509, &pkey); 2883 i = ssl_do_client_cert_cb(s, &x509, &pkey);
3109 if (i < 0) 2884 if (i < 0) {
3110 { 2885 s->rwstate = SSL_X509_LOOKUP;
3111 s->rwstate=SSL_X509_LOOKUP; 2886 return (-1);
3112 return(-1); 2887 }
3113 } 2888 s->rwstate = SSL_NOTHING;
3114 s->rwstate=SSL_NOTHING; 2889 if ((i == 1) && (pkey != NULL) && (x509 != NULL)) {
3115 if ((i == 1) && (pkey != NULL) && (x509 != NULL)) 2890 s->state = SSL3_ST_CW_CERT_B;
3116 { 2891 if (!SSL_use_certificate(s, x509) ||
3117 s->state=SSL3_ST_CW_CERT_B; 2892 !SSL_use_PrivateKey(s, pkey))
3118 if ( !SSL_use_certificate(s,x509) || 2893 i = 0;
3119 !SSL_use_PrivateKey(s,pkey)) 2894 } else if (i == 1) {
3120 i=0; 2895 i = 0;
3121 } 2896 SSLerr(SSL_F_SSL3_SEND_CLIENT_CERTIFICATE, SSL_R_BAD_DATA_RETURNED_BY_CALLBACK);
3122 else if (i == 1) 2897 }
3123 { 2898
3124 i=0; 2899 if (x509 != NULL)
3125 SSLerr(SSL_F_SSL3_SEND_CLIENT_CERTIFICATE,SSL_R_BAD_DATA_RETURNED_BY_CALLBACK); 2900 X509_free(x509);
3126 } 2901 if (pkey != NULL)
3127 2902 EVP_PKEY_free(pkey);
3128 if (x509 != NULL) X509_free(x509); 2903 if (i == 0) {
3129 if (pkey != NULL) EVP_PKEY_free(pkey); 2904 if (s->version == SSL3_VERSION) {
3130 if (i == 0) 2905 s->s3->tmp.cert_req = 0;
3131 { 2906 ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_NO_CERTIFICATE);
3132 if (s->version == SSL3_VERSION) 2907 return (1);
3133 { 2908 } else {
3134 s->s3->tmp.cert_req=0; 2909 s->s3->tmp.cert_req = 2;
3135 ssl3_send_alert(s,SSL3_AL_WARNING,SSL_AD_NO_CERTIFICATE);
3136 return(1);
3137 }
3138 else
3139 {
3140 s->s3->tmp.cert_req=2;
3141 }
3142 } 2910 }
2911 }
3143 2912
3144 /* Ok, we have a cert */ 2913 /* Ok, we have a cert */
3145 s->state=SSL3_ST_CW_CERT_C; 2914 s->state = SSL3_ST_CW_CERT_C;
3146 } 2915 }
3147 2916
3148 if (s->state == SSL3_ST_CW_CERT_C) 2917 if (s->state == SSL3_ST_CW_CERT_C) {
3149 { 2918 s->state = SSL3_ST_CW_CERT_D;
3150 s->state=SSL3_ST_CW_CERT_D; 2919 l = ssl3_output_cert_chain(s,
3151 l=ssl3_output_cert_chain(s, 2920 (s->s3->tmp.cert_req == 2) ? NULL : s->cert->key->x509);
3152 (s->s3->tmp.cert_req == 2)?NULL:s->cert->key->x509); 2921 s->init_num = (int)l;
3153 s->init_num=(int)l; 2922 s->init_off = 0;
3154 s->init_off=0;
3155 }
3156 /* SSL3_ST_CW_CERT_D */
3157 return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
3158 } 2923 }
2924 /* SSL3_ST_CW_CERT_D */
2925 return (ssl3_do_write(s, SSL3_RT_HANDSHAKE));
2926}
3159 2927
3160#define has_bits(i,m) (((i)&(m)) == (m)) 2928#define has_bits(i,m) (((i)&(m)) == (m))
3161 2929
3162int ssl3_check_cert_and_algorithm(SSL *s) 2930int
3163 { 2931ssl3_check_cert_and_algorithm(SSL *s)
3164 int i,idx; 2932{
3165 long alg_k,alg_a; 2933 int i, idx;
3166 EVP_PKEY *pkey=NULL; 2934 long alg_k, alg_a;
2935 EVP_PKEY *pkey = NULL;
3167 SESS_CERT *sc; 2936 SESS_CERT *sc;
3168#ifndef OPENSSL_NO_RSA 2937#ifndef OPENSSL_NO_RSA
3169 RSA *rsa; 2938 RSA *rsa;
@@ -3172,138 +2941,120 @@ int ssl3_check_cert_and_algorithm(SSL *s)
3172 DH *dh; 2941 DH *dh;
3173#endif 2942#endif
3174 2943
3175 alg_k=s->s3->tmp.new_cipher->algorithm_mkey; 2944 alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
3176 alg_a=s->s3->tmp.new_cipher->algorithm_auth; 2945 alg_a = s->s3->tmp.new_cipher->algorithm_auth;
3177 2946
3178 /* we don't have a certificate */ 2947 /* we don't have a certificate */
3179 if ((alg_a & (SSL_aDH|SSL_aNULL|SSL_aKRB5)) || (alg_k & SSL_kPSK)) 2948 if ((alg_a & (SSL_aDH|SSL_aNULL|SSL_aKRB5)) || (alg_k & SSL_kPSK))
3180 return(1); 2949 return (1);
3181 2950
3182 sc=s->session->sess_cert; 2951 sc = s->session->sess_cert;
3183 if (sc == NULL) 2952 if (sc == NULL) {
3184 { 2953 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, ERR_R_INTERNAL_ERROR);
3185 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,ERR_R_INTERNAL_ERROR);
3186 goto err; 2954 goto err;
3187 } 2955 }
3188 2956
3189#ifndef OPENSSL_NO_RSA 2957#ifndef OPENSSL_NO_RSA
3190 rsa=s->session->sess_cert->peer_rsa_tmp; 2958 rsa = s->session->sess_cert->peer_rsa_tmp;
3191#endif 2959#endif
3192#ifndef OPENSSL_NO_DH 2960#ifndef OPENSSL_NO_DH
3193 dh=s->session->sess_cert->peer_dh_tmp; 2961 dh = s->session->sess_cert->peer_dh_tmp;
3194#endif 2962#endif
3195 2963
3196 /* This is the passed certificate */ 2964 /* This is the passed certificate */
3197 2965
3198 idx=sc->peer_cert_type; 2966 idx = sc->peer_cert_type;
3199#ifndef OPENSSL_NO_ECDH 2967#ifndef OPENSSL_NO_ECDH
3200 if (idx == SSL_PKEY_ECC) 2968 if (idx == SSL_PKEY_ECC) {
3201 {
3202 if (ssl_check_srvr_ecc_cert_and_alg(sc->peer_pkeys[idx].x509, 2969 if (ssl_check_srvr_ecc_cert_and_alg(sc->peer_pkeys[idx].x509,
3203 s) == 0) 2970 s) == 0)
3204 { /* check failed */ 2971 { /* check failed */
3205 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_BAD_ECC_CERT); 2972 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_BAD_ECC_CERT);
3206 goto f_err; 2973 goto f_err;
3207 } 2974 } else {
3208 else
3209 {
3210 return 1; 2975 return 1;
3211 }
3212 } 2976 }
2977 }
3213#endif 2978#endif
3214 pkey=X509_get_pubkey(sc->peer_pkeys[idx].x509); 2979 pkey = X509_get_pubkey(sc->peer_pkeys[idx].x509);
3215 i=X509_certificate_type(sc->peer_pkeys[idx].x509,pkey); 2980 i = X509_certificate_type(sc->peer_pkeys[idx].x509, pkey);
3216 EVP_PKEY_free(pkey); 2981 EVP_PKEY_free(pkey);
3217 2982
3218 2983
3219 /* Check that we have a certificate if we require one */ 2984 /* Check that we have a certificate if we require one */
3220 if ((alg_a & SSL_aRSA) && !has_bits(i,EVP_PK_RSA|EVP_PKT_SIGN)) 2985 if ((alg_a & SSL_aRSA) && !has_bits(i, EVP_PK_RSA|EVP_PKT_SIGN)) {
3221 { 2986 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_MISSING_RSA_SIGNING_CERT);
3222 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_RSA_SIGNING_CERT);
3223 goto f_err; 2987 goto f_err;
3224 } 2988 }
3225#ifndef OPENSSL_NO_DSA 2989#ifndef OPENSSL_NO_DSA
3226 else if ((alg_a & SSL_aDSS) && !has_bits(i,EVP_PK_DSA|EVP_PKT_SIGN)) 2990 else if ((alg_a & SSL_aDSS) && !has_bits(i, EVP_PK_DSA|EVP_PKT_SIGN)) {
3227 { 2991 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_MISSING_DSA_SIGNING_CERT);
3228 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DSA_SIGNING_CERT);
3229 goto f_err; 2992 goto f_err;
3230 } 2993 }
3231#endif 2994#endif
3232#ifndef OPENSSL_NO_RSA 2995#ifndef OPENSSL_NO_RSA
3233 if ((alg_k & SSL_kRSA) && 2996 if ((alg_k & SSL_kRSA) &&
3234 !(has_bits(i,EVP_PK_RSA|EVP_PKT_ENC) || (rsa != NULL))) 2997 !(has_bits(i, EVP_PK_RSA|EVP_PKT_ENC) || (rsa != NULL))) {
3235 { 2998 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_MISSING_RSA_ENCRYPTING_CERT);
3236 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_RSA_ENCRYPTING_CERT);
3237 goto f_err; 2999 goto f_err;
3238 } 3000 }
3239#endif 3001#endif
3240#ifndef OPENSSL_NO_DH 3002#ifndef OPENSSL_NO_DH
3241 if ((alg_k & SSL_kEDH) && 3003 if ((alg_k & SSL_kEDH) &&
3242 !(has_bits(i,EVP_PK_DH|EVP_PKT_EXCH) || (dh != NULL))) 3004 !(has_bits(i, EVP_PK_DH|EVP_PKT_EXCH) || (dh != NULL))) {
3243 { 3005 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_MISSING_DH_KEY);
3244 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_KEY);
3245 goto f_err; 3006 goto f_err;
3246 } 3007 } else if ((alg_k & SSL_kDHr) && !has_bits(i, EVP_PK_DH|EVP_PKS_RSA)) {
3247 else if ((alg_k & SSL_kDHr) && !has_bits(i,EVP_PK_DH|EVP_PKS_RSA)) 3008 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_MISSING_DH_RSA_CERT);
3248 {
3249 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_RSA_CERT);
3250 goto f_err; 3009 goto f_err;
3251 } 3010 }
3252#ifndef OPENSSL_NO_DSA 3011#ifndef OPENSSL_NO_DSA
3253 else if ((alg_k & SSL_kDHd) && !has_bits(i,EVP_PK_DH|EVP_PKS_DSA)) 3012 else if ((alg_k & SSL_kDHd) && !has_bits(i, EVP_PK_DH|EVP_PKS_DSA)) {
3254 { 3013 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_MISSING_DH_DSA_CERT);
3255 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_DSA_CERT);
3256 goto f_err; 3014 goto f_err;
3257 } 3015 }
3258#endif 3016#endif
3259#endif 3017#endif
3260 3018
3261 if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && !has_bits(i,EVP_PKT_EXP)) 3019 if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && !has_bits(i, EVP_PKT_EXP)) {
3262 {
3263#ifndef OPENSSL_NO_RSA 3020#ifndef OPENSSL_NO_RSA
3264 if (alg_k & SSL_kRSA) 3021 if (alg_k & SSL_kRSA) {
3265 { 3022 if (rsa == NULL ||
3266 if (rsa == NULL 3023 RSA_size(rsa) * 8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) {
3267 || RSA_size(rsa)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) 3024 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_MISSING_EXPORT_TMP_RSA_KEY);
3268 {
3269 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_EXPORT_TMP_RSA_KEY);
3270 goto f_err; 3025 goto f_err;
3271 }
3272 } 3026 }
3273 else 3027 } else
3274#endif 3028#endif
3275#ifndef OPENSSL_NO_DH 3029#ifndef OPENSSL_NO_DH
3276 if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) 3030 if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) {
3277 { 3031 if (dh == NULL ||
3278 if (dh == NULL 3032 DH_size(dh) * 8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) {
3279 || DH_size(dh)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) 3033 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_MISSING_EXPORT_TMP_DH_KEY);
3280 {
3281 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_EXPORT_TMP_DH_KEY);
3282 goto f_err; 3034 goto f_err;
3283 }
3284 } 3035 }
3285 else 3036 } else
3286#endif 3037#endif
3287 { 3038 {
3288 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE); 3039 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE);
3289 goto f_err; 3040 goto f_err;
3290 }
3291 } 3041 }
3292 return(1); 3042 }
3043 return (1);
3293f_err: 3044f_err:
3294 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE); 3045 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
3295err: 3046err:
3296 return(0); 3047 return (0);
3297 } 3048}
3298 3049
3299#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) 3050#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
3300int ssl3_send_next_proto(SSL *s) 3051int
3301 { 3052ssl3_send_next_proto(SSL *s)
3053{
3302 unsigned int len, padding_len; 3054 unsigned int len, padding_len;
3303 unsigned char *d; 3055 unsigned char *d;
3304 3056
3305 if (s->state == SSL3_ST_CW_NEXT_PROTO_A) 3057 if (s->state == SSL3_ST_CW_NEXT_PROTO_A) {
3306 {
3307 len = s->next_proto_negotiated_len; 3058 len = s->next_proto_negotiated_len;
3308 padding_len = 32 - ((len + 2) % 32); 3059 padding_len = 32 - ((len + 2) % 32);
3309 d = (unsigned char *)s->init_buf->data; 3060 d = (unsigned char *)s->init_buf->data;
@@ -3311,12 +3062,12 @@ int ssl3_send_next_proto(SSL *s)
3311 memcpy(d + 5, s->next_proto_negotiated, len); 3062 memcpy(d + 5, s->next_proto_negotiated, len);
3312 d[5 + len] = padding_len; 3063 d[5 + len] = padding_len;
3313 memset(d + 6 + len, 0, padding_len); 3064 memset(d + 6 + len, 0, padding_len);
3314 *(d++)=SSL3_MT_NEXT_PROTO; 3065 *(d++) = SSL3_MT_NEXT_PROTO;
3315 l2n3(2 + len + padding_len, d); 3066 l2n3(2 + len + padding_len, d);
3316 s->state = SSL3_ST_CW_NEXT_PROTO_B; 3067 s->state = SSL3_ST_CW_NEXT_PROTO_B;
3317 s->init_num = 4 + 2 + len + padding_len; 3068 s->init_num = 4 + 2 + len + padding_len;
3318 s->init_off = 0; 3069 s->init_off = 0;
3319 } 3070 }
3320 3071
3321 return ssl3_do_write(s, SSL3_RT_HANDSHAKE); 3072 return ssl3_do_write(s, SSL3_RT_HANDSHAKE);
3322} 3073}
@@ -3328,8 +3079,9 @@ int ssl3_send_next_proto(SSL *s)
3328 */ 3079 */
3329 3080
3330#ifndef OPENSSL_NO_TLSEXT 3081#ifndef OPENSSL_NO_TLSEXT
3331int ssl3_check_finished(SSL *s) 3082int
3332 { 3083ssl3_check_finished(SSL *s)
3084{
3333 int ok; 3085 int ok;
3334 long n; 3086 long n;
3335 /* If we have no ticket it cannot be a resumed session. */ 3087 /* If we have no ticket it cannot be a resumed session. */
@@ -3337,36 +3089,33 @@ int ssl3_check_finished(SSL *s)
3337 return 1; 3089 return 1;
3338 /* this function is called when we really expect a Certificate 3090 /* this function is called when we really expect a Certificate
3339 * message, so permit appropriate message length */ 3091 * message, so permit appropriate message length */
3340 n=s->method->ssl_get_message(s, 3092 n = s->method->ssl_get_message(s, SSL3_ST_CR_CERT_A,
3341 SSL3_ST_CR_CERT_A, 3093 SSL3_ST_CR_CERT_B, -1, s->max_cert_list, &ok);
3342 SSL3_ST_CR_CERT_B, 3094 if (!ok)
3343 -1, 3095 return ((int)n);
3344 s->max_cert_list,
3345 &ok);
3346 if (!ok) return((int)n);
3347 s->s3->tmp.reuse_message = 1; 3096 s->s3->tmp.reuse_message = 1;
3348 if ((s->s3->tmp.message_type == SSL3_MT_FINISHED) 3097 if ((s->s3->tmp.message_type == SSL3_MT_FINISHED) ||
3349 || (s->s3->tmp.message_type == SSL3_MT_NEWSESSION_TICKET)) 3098 (s->s3->tmp.message_type == SSL3_MT_NEWSESSION_TICKET))
3350 return 2; 3099 return 2;
3351 3100
3352 return 1; 3101 return 1;
3353 } 3102}
3354#endif 3103#endif
3355 3104
3356int ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey) 3105int
3357 { 3106ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey)
3107{
3358 int i = 0; 3108 int i = 0;
3359#ifndef OPENSSL_NO_ENGINE 3109#ifndef OPENSSL_NO_ENGINE
3360 if (s->ctx->client_cert_engine) 3110 if (s->ctx->client_cert_engine) {
3361 {
3362 i = ENGINE_load_ssl_client_cert(s->ctx->client_cert_engine, s, 3111 i = ENGINE_load_ssl_client_cert(s->ctx->client_cert_engine, s,
3363 SSL_get_client_CA_list(s), 3112 SSL_get_client_CA_list(s),
3364 px509, ppkey, NULL, NULL, NULL); 3113 px509, ppkey, NULL, NULL, NULL);
3365 if (i != 0) 3114 if (i != 0)
3366 return i; 3115 return i;
3367 } 3116 }
3368#endif 3117#endif
3369 if (s->ctx->client_cert_cb) 3118 if (s->ctx->client_cert_cb)
3370 i = s->ctx->client_cert_cb(s,px509,ppkey); 3119 i = s->ctx->client_cert_cb(s, px509, ppkey);
3371 return i; 3120 return i;
3372 } 3121}
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-26 07:06:28 +0000