summaryrefslogtreecommitdiff
path: root/src/lib/libssl/s3_clnt.c
diff options
context:
space:
mode:
authorryker <>1998-10-05 20:13:14 +0000
committerryker <>1998-10-05 20:13:14 +0000
commitaeeae06a79815dc190061534d47236cec09f9e32 (patch)
tree851692b9c2f9c04f077666855641900f19fdb217 /src/lib/libssl/s3_clnt.c
parenta4f79641824cbf9f60ca9d1168d1fcc46717a82a (diff)
downloadopenbsd-aeeae06a79815dc190061534d47236cec09f9e32.tar.gz
openbsd-aeeae06a79815dc190061534d47236cec09f9e32.tar.bz2
openbsd-aeeae06a79815dc190061534d47236cec09f9e32.zip
Import of SSLeay-0.9.0b with RSA and IDEA stubbed + OpenBSD build
functionality for shared libs. Note that routines such as sslv2_init and friends that use RSA will not work due to lack of RSA in this library. Needs documentation and help from ports for easy upgrade to full functionality where legally possible.
Diffstat (limited to 'src/lib/libssl/s3_clnt.c')
-rw-r--r--src/lib/libssl/s3_clnt.c1678
1 files changed, 1678 insertions, 0 deletions
diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c
new file mode 100644
index 0000000000..940c6a458f
--- /dev/null
+++ b/src/lib/libssl/s3_clnt.c
@@ -0,0 +1,1678 @@
1/* ssl/s3_clnt.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include "buffer.h"
61#include "rand.h"
62#include "objects.h"
63#include "evp.h"
64#include "ssl_locl.h"
65
66#define BREAK break
67/* SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,ERR_R_MALLOC_FAILURE);
68 * SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,ERR_R_MALLOC_FAILURE);
69 * SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,ERR_R_MALLOC_FAILURE);
70 * SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
71 * SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,ERR_R_MALLOC_FAILURE);
72 * SSLerr(SSL_F_SSL3_GET_SERVER_DONE,ERR_R_MALLOC_FAILURE);
73SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_SSL3_SESSION_ID_TOO_SHORT);
74 */
75
76#ifndef NOPROTO
77static int ssl3_client_hello(SSL *s);
78static int ssl3_get_server_hello(SSL *s);
79static int ssl3_get_certificate_request(SSL *s);
80static int ca_dn_cmp(X509_NAME **a,X509_NAME **b);
81static int ssl3_get_server_done(SSL *s);
82static int ssl3_send_client_verify(SSL *s);
83static int ssl3_send_client_certificate(SSL *s);
84static int ssl3_send_client_key_exchange(SSL *s);
85static int ssl3_get_key_exchange(SSL *s);
86static int ssl3_get_server_certificate(SSL *s);
87static int ssl3_check_cert_and_algorithm(SSL *s);
88#else
89static int ssl3_client_hello();
90static int ssl3_get_server_hello();
91static int ssl3_get_certificate_request();
92static int ca_dn_cmp();
93static int ssl3_get_server_done();
94static int ssl3_send_client_verify();
95static int ssl3_send_client_certificate();
96static int ssl3_send_client_key_exchange();
97static int ssl3_get_key_exchange();
98static int ssl3_get_server_certificate();
99static int ssl3_check_cert_and_algorithm();
100#endif
101
102static SSL_METHOD *ssl3_get_client_method(ver)
103int ver;
104 {
105 if (ver == SSL3_VERSION)
106 return(SSLv3_client_method());
107 else
108 return(NULL);
109 }
110
111SSL_METHOD *SSLv3_client_method()
112 {
113 static int init=1;
114 static SSL_METHOD SSLv3_client_data;
115
116 if (init)
117 {
118 init=0;
119 memcpy((char *)&SSLv3_client_data,(char *)sslv3_base_method(),
120 sizeof(SSL_METHOD));
121 SSLv3_client_data.ssl_connect=ssl3_connect;
122 SSLv3_client_data.get_ssl_method=ssl3_get_client_method;
123 }
124 return(&SSLv3_client_data);
125 }
126
127int ssl3_connect(s)
128SSL *s;
129 {
130 BUF_MEM *buf;
131 unsigned long Time=time(NULL),l;
132 long num1;
133 void (*cb)()=NULL;
134 int ret= -1;
135 BIO *under;
136 int new_state,state,skip=0;;
137
138 RAND_seed((unsigned char *)&Time,sizeof(Time));
139 ERR_clear_error();
140 clear_sys_error();
141
142 if (s->info_callback != NULL)
143 cb=s->info_callback;
144 else if (s->ctx->info_callback != NULL)
145 cb=s->ctx->info_callback;
146
147 if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
148 s->in_handshake++;
149
150 for (;;)
151 {
152 state=s->state;
153
154 switch(s->state)
155 {
156 case SSL_ST_RENEGOTIATE:
157 s->new_session=1;
158 s->state=SSL_ST_CONNECT;
159 s->ctx->sess_connect_renegotiate++;
160 /* break */
161 case SSL_ST_BEFORE:
162 case SSL_ST_CONNECT:
163 case SSL_ST_BEFORE|SSL_ST_CONNECT:
164 case SSL_ST_OK|SSL_ST_CONNECT:
165
166 if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
167
168 if ((s->version & 0xff00 ) != 0x0300)
169 abort();
170 /* s->version=SSL3_VERSION; */
171 s->type=SSL_ST_CONNECT;
172
173 if (s->init_buf == NULL)
174 {
175 if ((buf=BUF_MEM_new()) == NULL)
176 {
177 ret= -1;
178 goto end;
179 }
180 if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH))
181 {
182 ret= -1;
183 goto end;
184 }
185 s->init_buf=buf;
186 }
187
188 if (!ssl3_setup_buffers(s)) { ret= -1; goto end; }
189
190 /* setup buffing BIO */
191 if (!ssl_init_wbio_buffer(s,0)) { ret= -1; goto end; }
192
193 /* don't push the buffering BIO quite yet */
194
195 ssl3_init_finished_mac(s);
196
197 s->state=SSL3_ST_CW_CLNT_HELLO_A;
198 s->ctx->sess_connect++;
199 s->init_num=0;
200 break;
201
202 case SSL3_ST_CW_CLNT_HELLO_A:
203 case SSL3_ST_CW_CLNT_HELLO_B:
204
205 s->shutdown=0;
206 ret=ssl3_client_hello(s);
207 if (ret <= 0) goto end;
208 s->state=SSL3_ST_CR_SRVR_HELLO_A;
209 s->init_num=0;
210
211 /* turn on buffering for the next lot of output */
212 if (s->bbio != s->wbio)
213 s->wbio=BIO_push(s->bbio,s->wbio);
214
215 break;
216
217 case SSL3_ST_CR_SRVR_HELLO_A:
218 case SSL3_ST_CR_SRVR_HELLO_B:
219 ret=ssl3_get_server_hello(s);
220 if (ret <= 0) goto end;
221 if (s->hit)
222 s->state=SSL3_ST_CR_FINISHED_A;
223 else
224 s->state=SSL3_ST_CR_CERT_A;
225 s->init_num=0;
226 break;
227
228 case SSL3_ST_CR_CERT_A:
229 case SSL3_ST_CR_CERT_B:
230 /* Check if it is anon DH */
231 if (!(s->s3->tmp.new_cipher->algorithms & SSL_aNULL))
232 {
233 ret=ssl3_get_server_certificate(s);
234 if (ret <= 0) goto end;
235 }
236 else
237 skip=1;
238 s->state=SSL3_ST_CR_KEY_EXCH_A;
239 s->init_num=0;
240 break;
241
242 case SSL3_ST_CR_KEY_EXCH_A:
243 case SSL3_ST_CR_KEY_EXCH_B:
244 ret=ssl3_get_key_exchange(s);
245 if (ret <= 0) goto end;
246 s->state=SSL3_ST_CR_CERT_REQ_A;
247 s->init_num=0;
248
249 /* at this point we check that we have the
250 * required stuff from the server */
251 if (!ssl3_check_cert_and_algorithm(s))
252 {
253 ret= -1;
254 goto end;
255 }
256 break;
257
258 case SSL3_ST_CR_CERT_REQ_A:
259 case SSL3_ST_CR_CERT_REQ_B:
260 ret=ssl3_get_certificate_request(s);
261 if (ret <= 0) goto end;
262 s->state=SSL3_ST_CR_SRVR_DONE_A;
263 s->init_num=0;
264 break;
265
266 case SSL3_ST_CR_SRVR_DONE_A:
267 case SSL3_ST_CR_SRVR_DONE_B:
268 ret=ssl3_get_server_done(s);
269 if (ret <= 0) goto end;
270 if (s->s3->tmp.cert_req)
271 s->state=SSL3_ST_CW_CERT_A;
272 else
273 s->state=SSL3_ST_CW_KEY_EXCH_A;
274 s->init_num=0;
275
276 break;
277
278 case SSL3_ST_CW_CERT_A:
279 case SSL3_ST_CW_CERT_B:
280 case SSL3_ST_CW_CERT_C:
281 ret=ssl3_send_client_certificate(s);
282 if (ret <= 0) goto end;
283 s->state=SSL3_ST_CW_KEY_EXCH_A;
284 s->init_num=0;
285 break;
286
287 case SSL3_ST_CW_KEY_EXCH_A:
288 case SSL3_ST_CW_KEY_EXCH_B:
289 ret=ssl3_send_client_key_exchange(s);
290 if (ret <= 0) goto end;
291 l=s->s3->tmp.new_cipher->algorithms;
292 /* EAY EAY EAY need to check for DH fix cert
293 * sent back */
294 /* For TLS, cert_req is set to 2, so a cert chain
295 * of nothing is sent, but no verify packet is sent */
296 if (s->s3->tmp.cert_req == 1)
297 {
298 s->state=SSL3_ST_CW_CERT_VRFY_A;
299 }
300 else
301 {
302 s->state=SSL3_ST_CW_CHANGE_A;
303 s->s3->change_cipher_spec=0;
304 }
305
306 s->init_num=0;
307 break;
308
309 case SSL3_ST_CW_CERT_VRFY_A:
310 case SSL3_ST_CW_CERT_VRFY_B:
311 ret=ssl3_send_client_verify(s);
312 if (ret <= 0) goto end;
313 s->state=SSL3_ST_CW_CHANGE_A;
314 s->init_num=0;
315 s->s3->change_cipher_spec=0;
316 break;
317
318 case SSL3_ST_CW_CHANGE_A:
319 case SSL3_ST_CW_CHANGE_B:
320 ret=ssl3_send_change_cipher_spec(s,
321 SSL3_ST_CW_CHANGE_A,SSL3_ST_CW_CHANGE_B);
322 if (ret <= 0) goto end;
323 s->state=SSL3_ST_CW_FINISHED_A;
324 s->init_num=0;
325
326 s->session->cipher=s->s3->tmp.new_cipher;
327 if (!s->method->ssl3_enc->setup_key_block(s))
328 {
329 ret= -1;
330 goto end;
331 }
332
333 if (!s->method->ssl3_enc->change_cipher_state(s,
334 SSL3_CHANGE_CIPHER_CLIENT_WRITE))
335 {
336 ret= -1;
337 goto end;
338 }
339
340 break;
341
342 case SSL3_ST_CW_FINISHED_A:
343 case SSL3_ST_CW_FINISHED_B:
344 ret=ssl3_send_finished(s,
345 SSL3_ST_CW_FINISHED_A,SSL3_ST_CW_FINISHED_B,
346 s->method->ssl3_enc->client_finished,
347 s->method->ssl3_enc->client_finished_len);
348 if (ret <= 0) goto end;
349 s->state=SSL3_ST_CW_FLUSH;
350
351 /* clear flags */
352 s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER;
353 if (s->hit)
354 {
355 s->s3->tmp.next_state=SSL_ST_OK;
356 if (s->s3->flags & SSL3_FLAGS_DELAY_CLIENT_FINISHED)
357 {
358 s->state=SSL_ST_OK;
359 s->s3->flags|=SSL3_FLAGS_POP_BUFFER;
360 s->s3->delay_buf_pop_ret=0;
361 }
362 }
363 else
364 {
365 s->s3->tmp.next_state=SSL3_ST_CR_FINISHED_A;
366 }
367 s->init_num=0;
368 break;
369
370 case SSL3_ST_CR_FINISHED_A:
371 case SSL3_ST_CR_FINISHED_B:
372
373 ret=ssl3_get_finished(s,SSL3_ST_CR_FINISHED_A,
374 SSL3_ST_CR_FINISHED_B);
375 if (ret <= 0) goto end;
376
377 if (s->hit)
378 s->state=SSL3_ST_CW_CHANGE_A;
379 else
380 s->state=SSL_ST_OK;
381 s->init_num=0;
382 break;
383
384 case SSL3_ST_CW_FLUSH:
385 /* number of bytes to be flushed */
386 num1=BIO_ctrl(s->wbio,BIO_CTRL_INFO,0,NULL);
387 if (num1 > 0)
388 {
389 s->rwstate=SSL_WRITING;
390 num1=BIO_flush(s->wbio);
391 if (num1 <= 0) { ret= -1; goto end; }
392 s->rwstate=SSL_NOTHING;
393 }
394
395 s->state=s->s3->tmp.next_state;
396 break;
397
398 case SSL_ST_OK:
399 /* clean a few things up */
400 ssl3_cleanup_key_block(s);
401
402 BUF_MEM_free(s->init_buf);
403 s->init_buf=NULL;
404
405 if (!(s->s3->flags & SSL3_FLAGS_POP_BUFFER))
406 {
407 /* remove buffering */
408 under=BIO_pop(s->wbio);
409 if (under != NULL)
410 s->wbio=under;
411 else
412 abort(); /* ok */
413
414 BIO_free(s->bbio);
415 s->bbio=NULL;
416 }
417 /* else do it later */
418
419 s->init_num=0;
420 s->new_session=0;
421
422 ssl_update_cache(s,SSL_SESS_CACHE_CLIENT);
423 if (s->hit) s->ctx->sess_hit++;
424
425 ret=1;
426 /* s->server=0; */
427 s->handshake_func=ssl3_connect;
428 s->ctx->sess_connect_good++;
429
430 if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1);
431
432 goto end;
433 break;
434
435 default:
436 SSLerr(SSL_F_SSL3_CONNECT,SSL_R_UNKNOWN_STATE);
437 ret= -1;
438 goto end;
439 /* break; */
440 }
441
442 /* did we do anything */
443 if (!s->s3->tmp.reuse_message && !skip)
444 {
445 if (s->debug)
446 {
447 if ((ret=BIO_flush(s->wbio)) <= 0)
448 goto end;
449 }
450
451 if ((cb != NULL) && (s->state != state))
452 {
453 new_state=s->state;
454 s->state=state;
455 cb(s,SSL_CB_CONNECT_LOOP,1);
456 s->state=new_state;
457 }
458 }
459 skip=0;
460 }
461end:
462 if (cb != NULL)
463 cb(s,SSL_CB_CONNECT_EXIT,ret);
464 s->in_handshake--;
465 return(ret);
466 }
467
468
469static int ssl3_client_hello(s)
470SSL *s;
471 {
472 unsigned char *buf;
473 unsigned char *p,*d;
474 int i;
475 unsigned long Time,l;
476
477 buf=(unsigned char *)s->init_buf->data;
478 if (s->state == SSL3_ST_CW_CLNT_HELLO_A)
479 {
480 if ((s->session == NULL) ||
481 (s->session->ssl_version != s->version))
482 {
483 if (!ssl_get_new_session(s,0))
484 goto err;
485 }
486 /* else use the pre-loaded session */
487
488 p=s->s3->client_random;
489 Time=time(NULL); /* Time */
490 l2n(Time,p);
491 RAND_bytes(&(p[4]),SSL3_RANDOM_SIZE-sizeof(Time));
492
493 /* Do the message type and length last */
494 d=p= &(buf[4]);
495
496 *(p++)=s->version>>8;
497 *(p++)=s->version&0xff;
498
499 /* Random stuff */
500 memcpy(p,s->s3->client_random,SSL3_RANDOM_SIZE);
501 p+=SSL3_RANDOM_SIZE;
502
503 /* Session ID */
504 if (s->new_session)
505 i=0;
506 else
507 i=s->session->session_id_length;
508 *(p++)=i;
509 if (i != 0)
510 {
511 memcpy(p,s->session->session_id,i);
512 p+=i;
513 }
514
515 /* Ciphers supported */
516 i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),&(p[2]));
517 if (i == 0)
518 {
519 SSLerr(SSL_F_SSL3_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE);
520 goto err;
521 }
522 s2n(i,p);
523 p+=i;
524
525 /* hardwire in the NULL compression algorithm. */
526 *(p++)=1;
527 *(p++)=0;
528
529 l=(p-d);
530 d=buf;
531 *(d++)=SSL3_MT_CLIENT_HELLO;
532 l2n3(l,d);
533
534 s->state=SSL3_ST_CW_CLNT_HELLO_B;
535 /* number of bytes to write */
536 s->init_num=p-buf;
537 s->init_off=0;
538 }
539
540 /* SSL3_ST_CW_CLNT_HELLO_B */
541 return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
542err:
543 return(-1);
544 }
545
546static int ssl3_get_server_hello(s)
547SSL *s;
548 {
549 STACK *sk;
550 SSL_CIPHER *c;
551 unsigned char *p,*d;
552 int i,al,ok;
553 unsigned int j;
554 long n;
555
556 n=ssl3_get_message(s,
557 SSL3_ST_CR_SRVR_HELLO_A,
558 SSL3_ST_CR_SRVR_HELLO_B,
559 SSL3_MT_SERVER_HELLO,
560 300, /* ?? */
561 &ok);
562
563 if (!ok) return((int)n);
564 d=p=(unsigned char *)s->init_buf->data;
565
566 if ((p[0] != (s->version>>8)) || (p[1] != (s->version&0xff)))
567 {
568 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_WRONG_SSL_VERSION);
569 s->version=(s->version&0xff00)|p[1];
570 al=SSL_AD_PROTOCOL_VERSION;
571 goto f_err;
572 }
573 p+=2;
574
575 /* load the server hello data */
576 /* load the server random */
577 memcpy(s->s3->server_random,p,SSL3_RANDOM_SIZE);
578 p+=SSL3_RANDOM_SIZE;
579
580 /* get the session-id */
581 j= *(p++);
582
583 if ((j != 0) && (j != SSL3_SESSION_ID_SIZE))
584 {
585 /* SSLref returns 16 :-( */
586 if (j < SSL2_SSL_SESSION_ID_LENGTH)
587 {
588 al=SSL_AD_ILLEGAL_PARAMETER;
589 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_SSL3_SESSION_ID_TOO_SHORT);
590 goto f_err;
591 }
592 }
593 if ((j != 0) && (j == s->session->session_id_length) &&
594 (memcmp(p,s->session->session_id,j) == 0))
595 s->hit=1;
596 else /* a miss or crap from the other end */
597 {
598 /* If we were trying for session-id reuse, make a new
599 * SSL_SESSION so we don't stuff up other people */
600 s->hit=0;
601 if (s->session->session_id_length > 0)
602 {
603 if (!ssl_get_new_session(s,0))
604 {
605 al=SSL_AD_INTERNAL_ERROR;
606 goto f_err;
607 }
608 }
609 s->session->session_id_length=j;
610 memcpy(s->session->session_id,p,j); /* j could be 0 */
611 }
612 p+=j;
613 c=ssl_get_cipher_by_char(s,p);
614 if (c == NULL)
615 {
616 /* unknown cipher */
617 al=SSL_AD_ILLEGAL_PARAMETER;
618 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_UNKNOWN_CIPHER_RETURNED);
619 goto f_err;
620 }
621 p+=ssl_put_cipher_by_char(s,NULL,NULL);
622
623 sk=ssl_get_ciphers_by_id(s);
624 i=sk_find(sk,(char *)c);
625 if (i < 0)
626 {
627 /* we did not say we would use this cipher */
628 al=SSL_AD_ILLEGAL_PARAMETER;
629 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_WRONG_CIPHER_RETURNED);
630 goto f_err;
631 }
632
633 if (s->hit && (s->session->cipher != c))
634 {
635 if (!(s->options &
636 SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG))
637 {
638 al=SSL_AD_ILLEGAL_PARAMETER;
639 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED);
640 goto f_err;
641 }
642 }
643 s->s3->tmp.new_cipher=c;
644
645 /* lets get the compression algorithm */
646 j= *(p++);
647 if (j != 0)
648 {
649 al=SSL_AD_ILLEGAL_PARAMETER;
650 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
651 goto f_err;
652 }
653
654 if (p != (d+n))
655 {
656 /* wrong packet length */
657 al=SSL_AD_DECODE_ERROR;
658 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_BAD_PACKET_LENGTH);
659 goto err;
660 }
661
662 return(1);
663f_err:
664 ssl3_send_alert(s,SSL3_AL_FATAL,al);
665err:
666 return(-1);
667 }
668
669static int ssl3_get_server_certificate(s)
670SSL *s;
671 {
672 int al,i,ok,ret= -1;
673 unsigned long n,nc,llen,l;
674 X509 *x=NULL;
675 unsigned char *p,*d,*q;
676 STACK *sk=NULL;
677 CERT *c;
678 EVP_PKEY *pkey=NULL;
679
680 n=ssl3_get_message(s,
681 SSL3_ST_CR_CERT_A,
682 SSL3_ST_CR_CERT_B,
683 -1,
684#if defined(MSDOS) && !defined(WIN32)
685 1024*30, /* 30k max cert list :-) */
686#else
687 1024*100, /* 100k max cert list :-) */
688#endif
689 &ok);
690
691 if (!ok) return((int)n);
692
693 if (s->s3->tmp.message_type == SSL3_MT_SERVER_KEY_EXCHANGE)
694 {
695 s->s3->tmp.reuse_message=1;
696 return(1);
697 }
698
699 if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE)
700 {
701 al=SSL_AD_UNEXPECTED_MESSAGE;
702 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_BAD_MESSAGE_TYPE);
703 goto f_err;
704 }
705 d=p=(unsigned char *)s->init_buf->data;
706
707 if ((sk=sk_new_null()) == NULL)
708 {
709 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,ERR_R_MALLOC_FAILURE);
710 goto err;
711 }
712
713 n2l3(p,llen);
714 if (llen+3 != n)
715 {
716 al=SSL_AD_DECODE_ERROR;
717 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_LENGTH_MISMATCH);
718 goto f_err;
719 }
720 for (nc=0; nc<llen; )
721 {
722 n2l3(p,l);
723 if ((l+nc+3) > llen)
724 {
725 al=SSL_AD_DECODE_ERROR;
726 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_CERT_LENGTH_MISMATCH);
727 goto f_err;
728 }
729
730 q=p;
731 x=d2i_X509(NULL,&q,l);
732 if (x == NULL)
733 {
734 al=SSL_AD_BAD_CERTIFICATE;
735 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,ERR_R_ASN1_LIB);
736 goto f_err;
737 }
738 if (q != (p+l))
739 {
740 al=SSL_AD_DECODE_ERROR;
741 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_CERT_LENGTH_MISMATCH);
742 goto f_err;
743 }
744 if (!sk_push(sk,(char *)x))
745 {
746 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,ERR_R_MALLOC_FAILURE);
747 goto err;
748 }
749 x=NULL;
750 nc+=l+3;
751 p=q;
752 }
753
754 i=ssl_verify_cert_chain(s,sk);
755 if ((s->verify_mode != SSL_VERIFY_NONE) && (!i))
756 {
757 al=ssl_verify_alarm_type(s->verify_result);
758 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_CERTIFICATE_VERIFY_FAILED);
759 goto f_err;
760 }
761
762 c=ssl_cert_new();
763 if (c == NULL) goto err;
764
765 if (s->session->cert) ssl_cert_free(s->session->cert);
766 s->session->cert=c;
767
768 c->cert_chain=sk;
769 x=(X509 *)sk_value(sk,0);
770 sk=NULL;
771
772 pkey=X509_get_pubkey(x);
773
774 if (EVP_PKEY_missing_parameters(pkey))
775 {
776 x=NULL;
777 al=SSL3_AL_FATAL;
778 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS);
779 goto f_err;
780 }
781
782 i=ssl_cert_type(x,pkey);
783 if (i < 0)
784 {
785 x=NULL;
786 al=SSL3_AL_FATAL;
787 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_UNKNOWN_CERTIFICATE_TYPE);
788 goto f_err;
789 }
790
791 c->cert_type=i;
792 CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509);
793 if (c->pkeys[i].x509 != NULL)
794 X509_free(c->pkeys[i].x509);
795 c->pkeys[i].x509=x;
796 c->key= &(c->pkeys[i]);
797
798 if ((s->session != NULL) && (s->session->peer != NULL))
799 X509_free(s->session->peer);
800 CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509);
801 s->session->peer=x;
802
803 x=NULL;
804 ret=1;
805
806 if (0)
807 {
808f_err:
809 ssl3_send_alert(s,SSL3_AL_FATAL,al);
810 }
811err:
812 if (x != NULL) X509_free(x);
813 if (sk != NULL) sk_pop_free(sk,X509_free);
814 return(ret);
815 }
816
817static int ssl3_get_key_exchange(s)
818SSL *s;
819 {
820#ifndef NO_RSA
821 unsigned char *q,md_buf[EVP_MAX_MD_SIZE*2];
822#endif
823 EVP_MD_CTX md_ctx;
824 unsigned char *param,*p;
825 int al,i,j,param_len,ok;
826 long n,alg;
827 EVP_PKEY *pkey=NULL;
828 RSA *rsa=NULL;
829#ifndef NO_DH
830 DH *dh=NULL;
831#endif
832
833 n=ssl3_get_message(s,
834 SSL3_ST_CR_KEY_EXCH_A,
835 SSL3_ST_CR_KEY_EXCH_B,
836 -1,
837 1024*8, /* ?? */
838 &ok);
839
840 if (!ok) return((int)n);
841
842 if (s->s3->tmp.message_type != SSL3_MT_SERVER_KEY_EXCHANGE)
843 {
844 s->s3->tmp.reuse_message=1;
845 return(1);
846 }
847
848 param=p=(unsigned char *)s->init_buf->data;
849
850 if (s->session->cert != NULL)
851 {
852#ifndef NO_RSA
853 if (s->session->cert->rsa_tmp != NULL)
854 {
855 RSA_free(s->session->cert->rsa_tmp);
856 s->session->cert->rsa_tmp=NULL;
857 }
858#endif
859#ifndef NO_DH
860 if (s->session->cert->dh_tmp)
861 {
862 DH_free(s->session->cert->dh_tmp);
863 s->session->cert->dh_tmp=NULL;
864 }
865#endif
866 }
867 else
868 {
869 s->session->cert=ssl_cert_new();
870 }
871
872 param_len=0;
873 alg=s->s3->tmp.new_cipher->algorithms;
874
875#ifndef NO_RSA
876 if (alg & SSL_kRSA)
877 {
878 if ((rsa=RSA_new()) == NULL)
879 {
880 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
881 goto err;
882 }
883 n2s(p,i);
884 param_len=i+2;
885 if (param_len > n)
886 {
887 al=SSL_AD_DECODE_ERROR;
888 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_RSA_MODULUS_LENGTH);
889 goto f_err;
890 }
891 if (!(rsa->n=BN_bin2bn(p,i,rsa->n)))
892 {
893 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB);
894 goto err;
895 }
896 p+=i;
897
898 n2s(p,i);
899 param_len+=i+2;
900 if (param_len > n)
901 {
902 al=SSL_AD_DECODE_ERROR;
903 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_RSA_E_LENGTH);
904 goto f_err;
905 }
906 if (!(rsa->e=BN_bin2bn(p,i,rsa->e)))
907 {
908 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB);
909 goto err;
910 }
911 p+=i;
912 n-=param_len;
913
914/* s->session->cert->rsa_tmp=rsa;*/
915 /* this should be because we are using an export cipher */
916 if (alg & SSL_aRSA)
917 pkey=X509_get_pubkey(s->session->cert->pkeys[SSL_PKEY_RSA_ENC].x509);
918 else
919 {
920 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_INTERNAL_ERROR);
921 goto err;
922 }
923 s->session->cert->rsa_tmp=rsa;
924 }
925 else
926#endif
927#ifndef NO_DH
928 if (alg & SSL_kEDH)
929 {
930 if ((dh=DH_new()) == NULL)
931 {
932 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_DH_LIB);
933 goto err;
934 }
935 n2s(p,i);
936 param_len=i+2;
937 if (param_len > n)
938 {
939 al=SSL_AD_DECODE_ERROR;
940 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_DH_P_LENGTH);
941 goto f_err;
942 }
943 if (!(dh->p=BN_bin2bn(p,i,NULL)))
944 {
945 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB);
946 goto err;
947 }
948 p+=i;
949
950 n2s(p,i);
951 param_len+=i+2;
952 if (param_len > n)
953 {
954 al=SSL_AD_DECODE_ERROR;
955 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_DH_G_LENGTH);
956 goto f_err;
957 }
958 if (!(dh->g=BN_bin2bn(p,i,NULL)))
959 {
960 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB);
961 goto err;
962 }
963 p+=i;
964
965 n2s(p,i);
966 param_len+=i+2;
967 if (param_len > n)
968 {
969 al=SSL_AD_DECODE_ERROR;
970 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_DH_PUB_KEY_LENGTH);
971 goto f_err;
972 }
973 if (!(dh->pub_key=BN_bin2bn(p,i,NULL)))
974 {
975 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB);
976 goto err;
977 }
978 p+=i;
979 n-=param_len;
980
981#ifndef NO_RSA
982 if (alg & SSL_aRSA)
983 pkey=X509_get_pubkey(s->session->cert->pkeys[SSL_PKEY_RSA_ENC].x509);
984 else
985#endif
986#ifndef NO_DSA
987 if (alg & SSL_aDSS)
988 pkey=X509_get_pubkey(s->session->cert->pkeys[SSL_PKEY_DSA_SIGN].x509);
989#endif
990 /* else anonymous DH, so no certificate or pkey. */
991
992 s->session->cert->dh_tmp=dh;
993 }
994 else if ((alg & SSL_kDHr) || (alg & SSL_kDHd))
995 {
996 al=SSL_AD_ILLEGAL_PARAMETER;
997 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER);
998 goto f_err;
999 }
1000#endif
1001
1002 /* p points to the next byte, there are 'n' bytes left */
1003
1004
1005 /* if it was signed, check the signature */
1006 if (pkey != NULL)
1007 {
1008 n2s(p,i);
1009 n-=2;
1010 j=EVP_PKEY_size(pkey);
1011
1012 if ((i != n) || (n > j) || (n <= 0))
1013 {
1014 /* wrong packet length */
1015 al=SSL_AD_DECODE_ERROR;
1016 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_WRONG_SIGNATURE_LENGTH);
1017 goto err;
1018 }
1019
1020#ifndef NO_RSA
1021 if (pkey->type == EVP_PKEY_RSA)
1022 {
1023 int num;
1024
1025 j=0;
1026 q=md_buf;
1027 for (num=2; num > 0; num--)
1028 {
1029 EVP_DigestInit(&md_ctx,(num == 2)
1030 ?s->ctx->md5:s->ctx->sha1);
1031 EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
1032 EVP_DigestUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
1033 EVP_DigestUpdate(&md_ctx,param,param_len);
1034 EVP_DigestFinal(&md_ctx,q,(unsigned int *)&i);
1035 q+=i;
1036 j+=i;
1037 }
1038 i=RSA_public_decrypt((int)n,p,p,pkey->pkey.rsa,
1039 RSA_PKCS1_PADDING);
1040 if (i <= 0)
1041 {
1042 al=SSL_AD_DECRYPT_ERROR;
1043 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_RSA_DECRYPT);
1044 goto f_err;
1045 }
1046 if ((j != i) || (memcmp(p,md_buf,i) != 0))
1047 {
1048 /* bad signature */
1049 al=SSL_AD_DECRYPT_ERROR;
1050 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_SIGNATURE);
1051 goto f_err;
1052 }
1053 }
1054 else
1055#endif
1056#ifndef NO_DSA
1057 if (pkey->type == EVP_PKEY_DSA)
1058 {
1059 /* lets do DSS */
1060 EVP_VerifyInit(&md_ctx,EVP_dss1());
1061 EVP_VerifyUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
1062 EVP_VerifyUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
1063 EVP_VerifyUpdate(&md_ctx,param,param_len);
1064 if (!EVP_VerifyFinal(&md_ctx,p,(int)n,pkey))
1065 {
1066 /* bad signature */
1067 al=SSL_AD_DECRYPT_ERROR;
1068 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_SIGNATURE);
1069 goto f_err;
1070 }
1071 }
1072 else
1073#endif
1074 {
1075 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_INTERNAL_ERROR);
1076 goto err;
1077 }
1078 }
1079 else
1080 {
1081 /* still data left over */
1082 if (!(alg & SSL_aNULL))
1083 {
1084 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_INTERNAL_ERROR);
1085 goto err;
1086 }
1087 if (n != 0)
1088 {
1089 al=SSL_AD_DECODE_ERROR;
1090 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_EXTRA_DATA_IN_MESSAGE);
1091 goto f_err;
1092 }
1093 }
1094
1095 return(1);
1096f_err:
1097 ssl3_send_alert(s,SSL3_AL_FATAL,al);
1098err:
1099 return(-1);
1100 }
1101
1102static int ssl3_get_certificate_request(s)
1103SSL *s;
1104 {
1105 int ok,ret=0;
1106 unsigned long n,nc,l;
1107 unsigned int llen,ctype_num,i;
1108 X509_NAME *xn=NULL;
1109 unsigned char *p,*d,*q;
1110 STACK *ca_sk=NULL;
1111
1112 n=ssl3_get_message(s,
1113 SSL3_ST_CR_CERT_REQ_A,
1114 SSL3_ST_CR_CERT_REQ_B,
1115 -1,
1116#if defined(MSDOS) && !defined(WIN32)
1117 1024*30, /* 30k max cert list :-) */
1118#else
1119 1024*100, /* 100k max cert list :-) */
1120#endif
1121 &ok);
1122
1123 if (!ok) return((int)n);
1124
1125 s->s3->tmp.cert_req=0;
1126
1127 if (s->s3->tmp.message_type == SSL3_MT_SERVER_DONE)
1128 {
1129 s->s3->tmp.reuse_message=1;
1130 return(1);
1131 }
1132
1133 if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE_REQUEST)
1134 {
1135 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE);
1136 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_WRONG_MESSAGE_TYPE);
1137 goto err;
1138 }
1139
1140 /* TLS does not like anon-DH with client cert */
1141 if (s->version > SSL3_VERSION)
1142 {
1143 l=s->s3->tmp.new_cipher->algorithms;
1144 if (l & SSL_aNULL)
1145 {
1146 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE);
1147 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER);
1148 goto err;
1149 }
1150 }
1151
1152 d=p=(unsigned char *)s->init_buf->data;
1153
1154 if ((ca_sk=sk_new(ca_dn_cmp)) == NULL)
1155 {
1156 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,ERR_R_MALLOC_FAILURE);
1157 goto err;
1158 }
1159
1160 /* get the certificate types */
1161 ctype_num= *(p++);
1162 if (ctype_num > SSL3_CT_NUMBER)
1163 ctype_num=SSL3_CT_NUMBER;
1164 for (i=0; i<ctype_num; i++)
1165 s->s3->tmp.ctype[i]= p[i];
1166 p+=ctype_num;
1167
1168 /* get the CA RDNs */
1169 n2s(p,llen);
1170 if ((llen+ctype_num+2+1) != n)
1171 {
1172 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR);
1173 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_LENGTH_MISMATCH);
1174 goto err;
1175 }
1176
1177 for (nc=0; nc<llen; )
1178 {
1179 n2s(p,l);
1180 if ((l+nc+2) > llen)
1181 {
1182 if ((s->options & SSL_OP_NETSCAPE_CA_DN_BUG))
1183 goto cont; /* netscape bugs */
1184 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR);
1185 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_CA_DN_TOO_LONG);
1186 goto err;
1187 }
1188
1189 q=p;
1190
1191 if ((xn=d2i_X509_NAME(NULL,&q,l)) == NULL)
1192 {
1193 /* If netscape tollerance is on, ignore errors */
1194 if (s->options & SSL_OP_NETSCAPE_CA_DN_BUG)
1195 goto cont;
1196 else
1197 {
1198 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR);
1199 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,ERR_R_ASN1_LIB);
1200 goto err;
1201 }
1202 }
1203
1204 if (q != (p+l))
1205 {
1206 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR);
1207 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_CA_DN_LENGTH_MISMATCH);
1208 goto err;
1209 }
1210 if (!sk_push(ca_sk,(char *)xn))
1211 {
1212 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,ERR_R_MALLOC_FAILURE);
1213 goto err;
1214 }
1215
1216 p+=l;
1217 nc+=l+2;
1218 }
1219
1220 if (0)
1221 {
1222cont:
1223 ERR_clear_error();
1224 }
1225
1226 /* we should setup a certficate to return.... */
1227 s->s3->tmp.cert_req=1;
1228 s->s3->tmp.ctype_num=ctype_num;
1229 if (s->s3->tmp.ca_names != NULL)
1230 sk_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
1231 s->s3->tmp.ca_names=ca_sk;
1232 ca_sk=NULL;
1233
1234 ret=1;
1235err:
1236 if (ca_sk != NULL) sk_pop_free(ca_sk,X509_NAME_free);
1237 return(ret);
1238 }
1239
1240static int ca_dn_cmp(a,b)
1241X509_NAME **a,**b;
1242 {
1243 return(X509_NAME_cmp(*a,*b));
1244 }
1245
1246static int ssl3_get_server_done(s)
1247SSL *s;
1248 {
1249 int ok,ret=0;
1250 long n;
1251
1252 n=ssl3_get_message(s,
1253 SSL3_ST_CR_SRVR_DONE_A,
1254 SSL3_ST_CR_SRVR_DONE_B,
1255 SSL3_MT_SERVER_DONE,
1256 30, /* should be very small, like 0 :-) */
1257 &ok);
1258
1259 if (!ok) return((int)n);
1260 if (n > 0)
1261 {
1262 /* should contain no data */
1263 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR);
1264 SSLerr(SSL_F_SSL3_GET_SERVER_DONE,SSL_R_LENGTH_MISMATCH);
1265 }
1266 ret=1;
1267 return(ret);
1268 }
1269
1270static int ssl3_send_client_key_exchange(s)
1271SSL *s;
1272 {
1273 unsigned char *p,*q,*d;
1274 int n;
1275 unsigned long l;
1276 EVP_PKEY *pkey=NULL;
1277
1278 if (s->state == SSL3_ST_CW_KEY_EXCH_A)
1279 {
1280 d=(unsigned char *)s->init_buf->data;
1281 p= &(d[4]);
1282
1283 l=s->s3->tmp.new_cipher->algorithms;
1284
1285#ifndef NO_RSA
1286 if (l & SSL_kRSA)
1287 {
1288 RSA *rsa;
1289 unsigned char tmp_buf[48];
1290
1291 if (s->session->cert->rsa_tmp != NULL)
1292 rsa=s->session->cert->rsa_tmp;
1293 else
1294 {
1295 pkey=X509_get_pubkey(s->session->cert->pkeys[SSL_PKEY_RSA_ENC].x509);
1296 if ((pkey == NULL) ||
1297 (pkey->type != EVP_PKEY_RSA) ||
1298 (pkey->pkey.rsa == NULL))
1299 {
1300 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_INTERNAL_ERROR);
1301 goto err;
1302 }
1303 rsa=pkey->pkey.rsa;
1304 }
1305
1306 tmp_buf[0]=s->version>>8;
1307 tmp_buf[1]=s->version&0xff;
1308 RAND_bytes(&(tmp_buf[2]),SSL_MAX_MASTER_KEY_LENGTH-2);
1309
1310 s->session->master_key_length=SSL_MAX_MASTER_KEY_LENGTH;
1311
1312 q=p;
1313 /* Fix buf for TLS and beyond */
1314 if (s->version > SSL3_VERSION)
1315 p+=2;
1316 n=RSA_public_encrypt(SSL_MAX_MASTER_KEY_LENGTH,
1317 tmp_buf,p,rsa,RSA_PKCS1_PADDING);
1318 if (n <= 0)
1319 {
1320 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_ENCRYPT);
1321 goto err;
1322 }
1323
1324 /* Fix buf for TLS and beyond */
1325 if (s->version > SSL3_VERSION)
1326 {
1327 s2n(n,q);
1328 n+=2;
1329 }
1330
1331 s->session->master_key_length=
1332 s->method->ssl3_enc->generate_master_secret(s,
1333 s->session->master_key,
1334 tmp_buf,48);
1335 memset(tmp_buf,0,48);
1336 }
1337 else
1338#endif
1339#ifndef NO_DH
1340 if (l & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
1341 {
1342 DH *dh_srvr,*dh_clnt;
1343
1344 if (s->session->cert->dh_tmp != NULL)
1345 dh_srvr=s->session->cert->dh_tmp;
1346 else
1347 {
1348 /* we get them from the cert */
1349 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE);
1350 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNABLE_TO_FIND_DH_PARAMETERS);
1351 goto err;
1352 }
1353
1354 /* generate a new random key */
1355 if ((dh_clnt=DHparams_dup(dh_srvr)) == NULL)
1356 {
1357 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB);
1358 goto err;
1359 }
1360 if (!DH_generate_key(dh_clnt))
1361 {
1362 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB);
1363 goto err;
1364 }
1365
1366 /* use the 'p' output buffer for the DH key, but
1367 * make sure to clear it out afterwards */
1368
1369 n=DH_compute_key(p,dh_srvr->pub_key,dh_clnt);
1370
1371 if (n <= 0)
1372 {
1373 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB);
1374 goto err;
1375 }
1376
1377 /* generate master key from the result */
1378 s->session->master_key_length=
1379 s->method->ssl3_enc->generate_master_secret(s,
1380 s->session->master_key,p,n);
1381 /* clean up */
1382 memset(p,0,n);
1383
1384 /* send off the data */
1385 n=BN_num_bytes(dh_clnt->pub_key);
1386 s2n(n,p);
1387 BN_bn2bin(dh_clnt->pub_key,p);
1388 n+=2;
1389
1390 DH_free(dh_clnt);
1391
1392 /* perhaps clean things up a bit EAY EAY EAY EAY*/
1393 }
1394 else
1395#endif
1396 {
1397 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE);
1398 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_INTERNAL_ERROR);
1399 goto err;
1400 }
1401
1402 *(d++)=SSL3_MT_CLIENT_KEY_EXCHANGE;
1403 l2n3(n,d);
1404
1405 s->state=SSL3_ST_CW_KEY_EXCH_B;
1406 /* number of bytes to write */
1407 s->init_num=n+4;
1408 s->init_off=0;
1409 }
1410
1411 /* SSL3_ST_CW_KEY_EXCH_B */
1412 return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
1413err:
1414 return(-1);
1415 }
1416
1417static int ssl3_send_client_verify(s)
1418SSL *s;
1419 {
1420 unsigned char *p,*d;
1421 unsigned char data[MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH];
1422 EVP_PKEY *pkey;
1423 int i=0;
1424 unsigned long n;
1425#ifndef NO_DSA
1426 int j;
1427#endif
1428
1429 if (s->state == SSL3_ST_CW_CERT_VRFY_A)
1430 {
1431 d=(unsigned char *)s->init_buf->data;
1432 p= &(d[4]);
1433 pkey=s->cert->key->privatekey;
1434
1435 s->method->ssl3_enc->cert_verify_mac(s,&(s->s3->finish_dgst2),
1436 &(data[MD5_DIGEST_LENGTH]));
1437
1438#ifndef NO_RSA
1439 if (pkey->type == EVP_PKEY_RSA)
1440 {
1441 s->method->ssl3_enc->cert_verify_mac(s,
1442 &(s->s3->finish_dgst1),&(data[0]));
1443 i=RSA_private_encrypt(
1444 MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH,
1445 data,&(p[2]),pkey->pkey.rsa,
1446 RSA_PKCS1_PADDING);
1447 if (i <= 0)
1448 {
1449 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,ERR_R_RSA_LIB);
1450 goto err;
1451 }
1452 s2n(i,p);
1453 n=i+2;
1454 }
1455 else
1456#endif
1457#ifndef NO_DSA
1458 if (pkey->type == EVP_PKEY_DSA)
1459 {
1460 if (!DSA_sign(pkey->save_type,
1461 &(data[MD5_DIGEST_LENGTH]),
1462 SHA_DIGEST_LENGTH,&(p[2]),
1463 (unsigned int *)&j,pkey->pkey.dsa))
1464 {
1465 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,ERR_R_DSA_LIB);
1466 goto err;
1467 }
1468 s2n(j,p);
1469 n=j+2;
1470 }
1471 else
1472#endif
1473 {
1474 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,SSL_R_INTERNAL_ERROR);
1475 goto err;
1476 }
1477 *(d++)=SSL3_MT_CERTIFICATE_VERIFY;
1478 l2n3(n,d);
1479
1480 s->init_num=(int)n+4;
1481 s->init_off=0;
1482 }
1483 return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
1484err:
1485 return(-1);
1486 }
1487
1488static int ssl3_send_client_certificate(s)
1489SSL *s;
1490 {
1491 X509 *x509=NULL;
1492 EVP_PKEY *pkey=NULL;
1493 int i;
1494 unsigned long l;
1495
1496 if (s->state == SSL3_ST_CW_CERT_A)
1497 {
1498 if ((s->cert == NULL) ||
1499 (s->cert->key->x509 == NULL) ||
1500 (s->cert->key->privatekey == NULL))
1501 s->state=SSL3_ST_CW_CERT_B;
1502 else
1503 s->state=SSL3_ST_CW_CERT_C;
1504 }
1505
1506 /* We need to get a client cert */
1507 if (s->state == SSL3_ST_CW_CERT_B)
1508 {
1509 /* If we get an error, we need to
1510 * ssl->rwstate=SSL_X509_LOOKUP; return(-1);
1511 * We then get retied later */
1512 i=0;
1513 if (s->ctx->client_cert_cb != NULL)
1514 i=s->ctx->client_cert_cb(s,&(x509),&(pkey));
1515 if (i < 0)
1516 {
1517 s->rwstate=SSL_X509_LOOKUP;
1518 return(-1);
1519 }
1520 s->rwstate=SSL_NOTHING;
1521 if ((i == 1) && (pkey != NULL) && (x509 != NULL))
1522 {
1523 s->state=SSL3_ST_CW_CERT_B;
1524 if ( !SSL_use_certificate(s,x509) ||
1525 !SSL_use_PrivateKey(s,pkey))
1526 i=0;
1527 }
1528 else if (i == 1)
1529 {
1530 i=0;
1531 SSLerr(SSL_F_SSL3_SEND_CLIENT_CERTIFICATE,SSL_R_BAD_DATA_RETURNED_BY_CALLBACK);
1532 }
1533
1534 if (x509 != NULL) X509_free(x509);
1535 if (pkey != NULL) EVP_PKEY_free(pkey);
1536 if (i == 0)
1537 {
1538 if (s->version == SSL3_VERSION)
1539 {
1540 s->s3->tmp.cert_req=0;
1541 ssl3_send_alert(s,SSL3_AL_WARNING,SSL_AD_NO_CERTIFICATE);
1542 return(1);
1543 }
1544 else
1545 {
1546 s->s3->tmp.cert_req=2;
1547 }
1548 }
1549
1550 /* Ok, we have a cert */
1551 s->state=SSL3_ST_CW_CERT_C;
1552 }
1553
1554 if (s->state == SSL3_ST_CW_CERT_C)
1555 {
1556 s->state=SSL3_ST_CW_CERT_D;
1557 l=ssl3_output_cert_chain(s,
1558 (s->s3->tmp.cert_req == 2)?NULL:s->cert->key->x509);
1559 s->init_num=(int)l;
1560 s->init_off=0;
1561 }
1562 /* SSL3_ST_CW_CERT_D */
1563 return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
1564 }
1565
1566#define has_bits(i,m) (((i)&(m)) == (m))
1567
1568static int ssl3_check_cert_and_algorithm(s)
1569SSL *s;
1570 {
1571 int i,idx;
1572 long algs;
1573 EVP_PKEY *pkey=NULL;
1574 CERT *c;
1575 RSA *rsa;
1576 DH *dh;
1577
1578 c=s->session->cert;
1579
1580 if (c == NULL)
1581 {
1582 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_INTERNAL_ERROR);
1583 goto err;
1584 }
1585
1586 algs=s->s3->tmp.new_cipher->algorithms;
1587
1588 /* we don't have a certificate */
1589 if (algs & (SSL_aDH|SSL_aNULL))
1590 return(1);
1591
1592 rsa=s->session->cert->rsa_tmp;
1593 dh=s->session->cert->dh_tmp;
1594
1595 /* This is the passed certificate */
1596
1597 idx=c->cert_type;
1598 pkey=X509_get_pubkey(c->pkeys[idx].x509);
1599 i=X509_certificate_type(c->pkeys[idx].x509,pkey);
1600
1601
1602 /* Check that we have a certificate if we require one */
1603 if ((algs & SSL_aRSA) && !has_bits(i,EVP_PK_RSA|EVP_PKT_SIGN))
1604 {
1605 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_RSA_SIGNING_CERT);
1606 goto f_err;
1607 }
1608#ifndef NO_DSA
1609 else if ((algs & SSL_aDSS) && !has_bits(i,EVP_PK_DSA|EVP_PKT_SIGN))
1610 {
1611 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DSA_SIGNING_CERT);
1612 goto f_err;
1613 }
1614#endif
1615
1616 if ((algs & SSL_kRSA) &&
1617 !(has_bits(i,EVP_PK_RSA|EVP_PKT_ENC) || (rsa != NULL)))
1618 {
1619 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_RSA_ENCRYPTING_CERT);
1620 goto f_err;
1621 }
1622#ifndef NO_DH
1623 else if ((algs & SSL_kEDH) &&
1624 !(has_bits(i,EVP_PK_DH|EVP_PKT_EXCH) || (dh != NULL)))
1625 {
1626 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_KEY);
1627 goto f_err;
1628 }
1629 else if ((algs & SSL_kDHr) && !has_bits(i,EVP_PK_DH|EVP_PKS_RSA))
1630 {
1631 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_RSA_CERT);
1632 goto f_err;
1633 }
1634#ifndef NO_DSA
1635 else if ((algs & SSL_kDHd) && !has_bits(i,EVP_PK_DH|EVP_PKS_DSA))
1636 {
1637 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_DSA_CERT);
1638 goto f_err;
1639 }
1640#endif
1641#endif
1642
1643 if ((algs & SSL_EXP) && !has_bits(i,EVP_PKT_EXP))
1644 {
1645#ifndef NO_RSA
1646 if (algs & SSL_kRSA)
1647 {
1648 if ((rsa == NULL) || (RSA_size(rsa) > 512))
1649 {
1650 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_EXPORT_TMP_RSA_KEY);
1651 goto f_err;
1652 }
1653 }
1654 else
1655#endif
1656#ifndef NO_DH
1657 if (algs & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
1658 {
1659 if ((dh == NULL) || (DH_size(dh) > 512))
1660 {
1661 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_EXPORT_TMP_DH_KEY);
1662 goto f_err;
1663 }
1664 }
1665 else
1666#endif
1667 {
1668 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE);
1669 goto f_err;
1670 }
1671 }
1672 return(1);
1673f_err:
1674 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE);
1675err:
1676 return(0);
1677 }
1678
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-26 07:15:08 +0000