summaryrefslogtreecommitdiff
path: root/src/lib/libssl/s3_srvr.c
diff options
context:
space:
mode:
authorbeck <>1999-09-29 04:37:45 +0000
committerbeck <>1999-09-29 04:37:45 +0000
commitde8f24ea083384bb66b32ec105dc4743c5663cdf (patch)
tree1412176ae62a3cab2cf2b0b92150fcbceaac6092 /src/lib/libssl/s3_srvr.c
parentcb929d29896bcb87c2a97417fbd03e50078fc178 (diff)
downloadopenbsd-de8f24ea083384bb66b32ec105dc4743c5663cdf.tar.gz
openbsd-de8f24ea083384bb66b32ec105dc4743c5663cdf.tar.bz2
openbsd-de8f24ea083384bb66b32ec105dc4743c5663cdf.zip
OpenSSL 0.9.4 merge
Diffstat (limited to 'src/lib/libssl/s3_srvr.c')
-rw-r--r--src/lib/libssl/s3_srvr.c336
1 files changed, 172 insertions, 164 deletions
diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c
index 64903af151..e003d88357 100644
--- a/src/lib/libssl/s3_srvr.c
+++ b/src/lib/libssl/s3_srvr.c
@@ -59,22 +59,16 @@
59#define REUSE_CIPHER_BUG 59#define REUSE_CIPHER_BUG
60 60
61#include <stdio.h> 61#include <stdio.h>
62#include "buffer.h" 62#include <openssl/buffer.h>
63#include "rand.h" 63#include <openssl/rand.h>
64#include "objects.h" 64#include <openssl/objects.h>
65#include "evp.h" 65#include <openssl/md5.h>
66#include "x509.h" 66#include <openssl/sha.h>
67#include <openssl/evp.h>
68#include <openssl/x509.h>
67#include "ssl_locl.h" 69#include "ssl_locl.h"
68 70
69#define BREAK break 71static SSL_METHOD *ssl3_get_server_method(int ver);
70/* SSLerr(SSL_F_SSL3_ACCEPT,ERR_R_MALLOC_FAILURE);
71 * SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,ERR_R_MALLOC_FAILURE);
72 * SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
73 * SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,ERR_R_MALLOC_FAILURE);
74 * SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,ERR_R_MALLOC_FAILURE);
75 */
76
77#ifndef NOPROTO
78static int ssl3_get_client_hello(SSL *s); 72static int ssl3_get_client_hello(SSL *s);
79static int ssl3_send_server_hello(SSL *s); 73static int ssl3_send_server_hello(SSL *s);
80static int ssl3_send_server_key_exchange(SSL *s); 74static int ssl3_send_server_key_exchange(SSL *s);
@@ -85,22 +79,7 @@ static int ssl3_get_client_key_exchange(SSL *s);
85static int ssl3_get_client_certificate(SSL *s); 79static int ssl3_get_client_certificate(SSL *s);
86static int ssl3_send_hello_request(SSL *s); 80static int ssl3_send_hello_request(SSL *s);
87 81
88#else 82static SSL_METHOD *ssl3_get_server_method(int ver)
89
90static int ssl3_get_client_hello();
91static int ssl3_send_server_hello();
92static int ssl3_send_server_key_exchange();
93static int ssl3_send_certificate_request();
94static int ssl3_send_server_done();
95static int ssl3_get_cert_verify();
96static int ssl3_get_client_key_exchange();
97static int ssl3_get_client_certificate();
98static int ssl3_send_hello_request();
99
100#endif
101
102static SSL_METHOD *ssl3_get_server_method(ver)
103int ver;
104 { 83 {
105 if (ver == SSL3_VERSION) 84 if (ver == SSL3_VERSION)
106 return(SSLv3_server_method()); 85 return(SSLv3_server_method());
@@ -108,35 +87,32 @@ int ver;
108 return(NULL); 87 return(NULL);
109 } 88 }
110 89
111SSL_METHOD *SSLv3_server_method() 90SSL_METHOD *SSLv3_server_method(void)
112 { 91 {
113 static int init=1; 92 static int init=1;
114 static SSL_METHOD SSLv3_server_data; 93 static SSL_METHOD SSLv3_server_data;
115 94
116 if (init) 95 if (init)
117 { 96 {
118 init=0;
119 memcpy((char *)&SSLv3_server_data,(char *)sslv3_base_method(), 97 memcpy((char *)&SSLv3_server_data,(char *)sslv3_base_method(),
120 sizeof(SSL_METHOD)); 98 sizeof(SSL_METHOD));
121 SSLv3_server_data.ssl_accept=ssl3_accept; 99 SSLv3_server_data.ssl_accept=ssl3_accept;
122 SSLv3_server_data.get_ssl_method=ssl3_get_server_method; 100 SSLv3_server_data.get_ssl_method=ssl3_get_server_method;
101 init=0;
123 } 102 }
124 return(&SSLv3_server_data); 103 return(&SSLv3_server_data);
125 } 104 }
126 105
127int ssl3_accept(s) 106int ssl3_accept(SSL *s)
128SSL *s;
129 { 107 {
130 BUF_MEM *buf; 108 BUF_MEM *buf;
131 unsigned long l,Time=time(NULL); 109 unsigned long l,Time=time(NULL);
132 void (*cb)()=NULL; 110 void (*cb)()=NULL;
133 long num1; 111 long num1;
134 int ret= -1; 112 int ret= -1;
135 CERT *ct;
136 BIO *under;
137 int new_state,state,skip=0; 113 int new_state,state,skip=0;
138 114
139 RAND_seed((unsigned char *)&Time,sizeof(Time)); 115 RAND_seed(&Time,sizeof(Time));
140 ERR_clear_error(); 116 ERR_clear_error();
141 clear_sys_error(); 117 clear_sys_error();
142 118
@@ -149,17 +125,11 @@ SSL *s;
149 if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); 125 if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
150 s->in_handshake++; 126 s->in_handshake++;
151 127
152#ifdef undef 128 if (s->cert == NULL)
153 /* FIX THIS EAY EAY EAY */
154 /* we don't actually need a cert, we just need a cert or a DH_tmp */
155 if (((s->session == NULL) || (s->session->cert == NULL)) &&
156 (s->cert == NULL))
157 { 129 {
158 SSLerr(SSL_F_SSL3_ACCEPT,SSL_R_NO_CERTIFICATE_SET); 130 SSLerr(SSL_F_SSL3_ACCEPT,SSL_R_NO_CERTIFICATE_SET);
159 ret= -1; 131 return(-1);
160 goto end;
161 } 132 }
162#endif
163 133
164 for (;;) 134 for (;;)
165 { 135 {
@@ -176,6 +146,7 @@ SSL *s;
176 case SSL_ST_BEFORE|SSL_ST_ACCEPT: 146 case SSL_ST_BEFORE|SSL_ST_ACCEPT:
177 case SSL_ST_OK|SSL_ST_ACCEPT: 147 case SSL_ST_OK|SSL_ST_ACCEPT:
178 148
149 s->server=1;
179 if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1); 150 if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
180 151
181 if ((s->version>>8) != 3) 152 if ((s->version>>8) != 3)
@@ -215,11 +186,11 @@ SSL *s;
215 { 186 {
216 s->state=SSL3_ST_SR_CLNT_HELLO_A; 187 s->state=SSL3_ST_SR_CLNT_HELLO_A;
217 ssl3_init_finished_mac(s); 188 ssl3_init_finished_mac(s);
218 s->ctx->sess_accept++; 189 s->ctx->stats.sess_accept++;
219 } 190 }
220 else 191 else
221 { 192 {
222 s->ctx->sess_accept_renegotiate++; 193 s->ctx->stats.sess_accept_renegotiate++;
223 s->state=SSL3_ST_SW_HELLO_REQ_A; 194 s->state=SSL3_ST_SW_HELLO_REQ_A;
224 } 195 }
225 break; 196 break;
@@ -238,15 +209,6 @@ SSL *s;
238 break; 209 break;
239 210
240 case SSL3_ST_SW_HELLO_REQ_C: 211 case SSL3_ST_SW_HELLO_REQ_C:
241 /* remove buffering on output */
242 under=BIO_pop(s->wbio);
243 if (under != NULL)
244 s->wbio=under;
245 else
246 abort(); /* ok */
247 BIO_free(s->bbio);
248 s->bbio=NULL;
249
250 s->state=SSL_ST_OK; 212 s->state=SSL_ST_OK;
251 ret=1; 213 ret=1;
252 goto end; 214 goto end;
@@ -292,20 +254,6 @@ SSL *s;
292 case SSL3_ST_SW_KEY_EXCH_A: 254 case SSL3_ST_SW_KEY_EXCH_A:
293 case SSL3_ST_SW_KEY_EXCH_B: 255 case SSL3_ST_SW_KEY_EXCH_B:
294 l=s->s3->tmp.new_cipher->algorithms; 256 l=s->s3->tmp.new_cipher->algorithms;
295 if (s->session->cert == NULL)
296 {
297 if (s->cert != NULL)
298 {
299 CRYPTO_add(&s->cert->references,1,CRYPTO_LOCK_SSL_CERT);
300 s->session->cert=s->cert;
301 }
302 else
303 {
304 CRYPTO_add(&s->ctx->default_cert->references,1,CRYPTO_LOCK_SSL_CERT);
305 s->session->cert=s->ctx->default_cert;
306 }
307 }
308 ct=s->session->cert;
309 257
310 /* clear this, it may get reset by 258 /* clear this, it may get reset by
311 * send_server_key_exchange */ 259 * send_server_key_exchange */
@@ -316,16 +264,16 @@ SSL *s;
316 264
317 /* only send if a DH key exchange, fortezza or 265 /* only send if a DH key exchange, fortezza or
318 * RSA but we have a sign only certificate */ 266 * RSA but we have a sign only certificate */
319 if ( s->s3->tmp.use_rsa_tmp || 267 if (s->s3->tmp.use_rsa_tmp
320 (l & (SSL_DH|SSL_kFZA)) || 268 || (l & (SSL_DH|SSL_kFZA))
321 ((l & SSL_kRSA) && 269 || ((l & SSL_kRSA)
322 ((ct->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL)|| 270 && (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL
323 ((l & SSL_EXPORT) && 271 || (SSL_IS_EXPORT(l)
324 (EVP_PKEY_size(ct->pkeys[SSL_PKEY_RSA_ENC].privatekey)*8 > 512) 272 && EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey)*8 > SSL_EXPORT_PKEYLENGTH(l)
325 ) 273 )
326 ) 274 )
275 )
327 ) 276 )
328 )
329 { 277 {
330 ret=ssl3_send_server_key_exchange(s); 278 ret=ssl3_send_server_key_exchange(s);
331 if (ret <= 0) goto end; 279 if (ret <= 0) goto end;
@@ -478,20 +426,14 @@ SSL *s;
478 s->init_buf=NULL; 426 s->init_buf=NULL;
479 427
480 /* remove buffering on output */ 428 /* remove buffering on output */
481 under=BIO_pop(s->wbio); 429 ssl_free_wbio_buffer(s);
482 if (under != NULL)
483 s->wbio=under;
484 else
485 abort(); /* ok */
486 BIO_free(s->bbio);
487 s->bbio=NULL;
488 430
489 s->new_session=0; 431 s->new_session=0;
490 s->init_num=0; 432 s->init_num=0;
491 433
492 ssl_update_cache(s,SSL_SESS_CACHE_SERVER); 434 ssl_update_cache(s,SSL_SESS_CACHE_SERVER);
493 435
494 s->ctx->sess_accept_good++; 436 s->ctx->stats.sess_accept_good++;
495 /* s->server=1; */ 437 /* s->server=1; */
496 s->handshake_func=ssl3_accept; 438 s->handshake_func=ssl3_accept;
497 ret=1; 439 ret=1;
@@ -536,8 +478,7 @@ end:
536 return(ret); 478 return(ret);
537 } 479 }
538 480
539static int ssl3_send_hello_request(s) 481static int ssl3_send_hello_request(SSL *s)
540SSL *s;
541 { 482 {
542 unsigned char *p; 483 unsigned char *p;
543 484
@@ -559,15 +500,15 @@ SSL *s;
559 return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); 500 return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
560 } 501 }
561 502
562static int ssl3_get_client_hello(s) 503static int ssl3_get_client_hello(SSL *s)
563SSL *s;
564 { 504 {
565 int i,j,ok,al,ret= -1; 505 int i,j,ok,al,ret= -1;
566 long n; 506 long n;
567 unsigned long id; 507 unsigned long id;
568 unsigned char *p,*d; 508 unsigned char *p,*d,*q;
569 SSL_CIPHER *c; 509 SSL_CIPHER *c;
570 STACK *ciphers=NULL; 510 SSL_COMP *comp=NULL;
511 STACK_OF(SSL_CIPHER) *ciphers=NULL;
571 512
572 /* We do this so that we will respond with our native type. 513 /* We do this so that we will respond with our native type.
573 * If we are TLSv1 and we get SSLv3, we will respond with TLSv1, 514 * If we are TLSv1 and we get SSLv3, we will respond with TLSv1,
@@ -593,6 +534,7 @@ SSL *s;
593 /* The version number has already been checked in ssl3_get_message. 534 /* The version number has already been checked in ssl3_get_message.
594 * I a native TLSv1/SSLv3 method, the match must be correct except 535 * I a native TLSv1/SSLv3 method, the match must be correct except
595 * perhaps for the first message */ 536 * perhaps for the first message */
537/* s->client_version=(((int)p[0])<<8)|(int)p[1]; */
596 p+=2; 538 p+=2;
597 539
598 /* load the client random */ 540 /* load the client random */
@@ -615,7 +557,9 @@ SSL *s;
615 { /* previous session */ 557 { /* previous session */
616 s->hit=1; 558 s->hit=1;
617 } 559 }
618 else 560 else if (i == -1)
561 goto err;
562 else /* i == 0 */
619 { 563 {
620 if (!ssl_get_new_session(s,1)) 564 if (!ssl_get_new_session(s,1))
621 goto err; 565 goto err;
@@ -651,9 +595,16 @@ SSL *s;
651 j=0; 595 j=0;
652 id=s->session->cipher->id; 596 id=s->session->cipher->id;
653 597
654 for (i=0; i<sk_num(ciphers); i++) 598#ifdef CIPHER_DEBUG
599 printf("client sent %d ciphers\n",sk_num(ciphers));
600#endif
601 for (i=0; i<sk_SSL_CIPHER_num(ciphers); i++)
655 { 602 {
656 c=(SSL_CIPHER *)sk_value(ciphers,i); 603 c=sk_SSL_CIPHER_value(ciphers,i);
604#ifdef CIPHER_DEBUG
605 printf("client [%2d of %2d]:%s\n",
606 i,sk_num(ciphers),SSL_CIPHER_get_name(c));
607#endif
657 if (c->id == id) 608 if (c->id == id)
658 { 609 {
659 j=1; 610 j=1;
@@ -662,11 +613,11 @@ SSL *s;
662 } 613 }
663 if (j == 0) 614 if (j == 0)
664 { 615 {
665 if ((s->options & SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG) && (sk_num(ciphers) == 1)) 616 if ((s->options & SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG) && (sk_SSL_CIPHER_num(ciphers) == 1))
666 { 617 {
667 /* Very bad for multi-threading.... */ 618 /* Very bad for multi-threading.... */
668 s->session->cipher= 619 s->session->cipher=sk_SSL_CIPHER_value(ciphers,
669 (SSL_CIPHER *)sk_value(ciphers,0); 620 0);
670 } 621 }
671 else 622 else
672 { 623 {
@@ -681,8 +632,11 @@ SSL *s;
681 632
682 /* compression */ 633 /* compression */
683 i= *(p++); 634 i= *(p++);
635 q=p;
684 for (j=0; j<i; j++) 636 for (j=0; j<i; j++)
637 {
685 if (p[j] == 0) break; 638 if (p[j] == 0) break;
639 }
686 640
687 p+=i; 641 p+=i;
688 if (j >= i) 642 if (j >= i)
@@ -693,6 +647,35 @@ SSL *s;
693 goto f_err; 647 goto f_err;
694 } 648 }
695 649
650 /* Worst case, we will use the NULL compression, but if we have other
651 * options, we will now look for them. We have i-1 compression
652 * algorithms from the client, starting at q. */
653 s->s3->tmp.new_compression=NULL;
654 if (s->ctx->comp_methods != NULL)
655 { /* See if we have a match */
656 int m,nn,o,v,done=0;
657
658 nn=sk_SSL_COMP_num(s->ctx->comp_methods);
659 for (m=0; m<nn; m++)
660 {
661 comp=sk_SSL_COMP_value(s->ctx->comp_methods,m);
662 v=comp->id;
663 for (o=0; o<i; o++)
664 {
665 if (v == q[o])
666 {
667 done=1;
668 break;
669 }
670 }
671 if (done) break;
672 }
673 if (done)
674 s->s3->tmp.new_compression=comp;
675 else
676 comp=NULL;
677 }
678
696 /* TLS does not mind if there is extra stuff */ 679 /* TLS does not mind if there is extra stuff */
697 if (s->version == SSL3_VERSION) 680 if (s->version == SSL3_VERSION)
698 { 681 {
@@ -706,15 +689,14 @@ SSL *s;
706 } 689 }
707 } 690 }
708 691
709 /* do nothing with compression */
710
711 /* Given s->session->ciphers and ssl_get_ciphers_by_id(s), we must 692 /* Given s->session->ciphers and ssl_get_ciphers_by_id(s), we must
712 * pick a cipher */ 693 * pick a cipher */
713 694
714 if (!s->hit) 695 if (!s->hit)
715 { 696 {
697 s->session->compress_meth=(comp == NULL)?0:comp->id;
716 if (s->session->ciphers != NULL) 698 if (s->session->ciphers != NULL)
717 sk_free(s->session->ciphers); 699 sk_SSL_CIPHER_free(s->session->ciphers);
718 s->session->ciphers=ciphers; 700 s->session->ciphers=ciphers;
719 if (ciphers == NULL) 701 if (ciphers == NULL)
720 { 702 {
@@ -724,7 +706,7 @@ SSL *s;
724 } 706 }
725 ciphers=NULL; 707 ciphers=NULL;
726 c=ssl3_choose_cipher(s,s->session->ciphers, 708 c=ssl3_choose_cipher(s,s->session->ciphers,
727 ssl_get_ciphers_by_id(s)); 709 ssl_get_ciphers_by_id(s));
728 710
729 if (c == NULL) 711 if (c == NULL)
730 { 712 {
@@ -738,19 +720,19 @@ SSL *s;
738 { 720 {
739 /* Session-id reuse */ 721 /* Session-id reuse */
740#ifdef REUSE_CIPHER_BUG 722#ifdef REUSE_CIPHER_BUG
741 STACK *sk; 723 STACK_OF(SSL_CIPHER) *sk;
742 SSL_CIPHER *nc=NULL; 724 SSL_CIPHER *nc=NULL;
743 SSL_CIPHER *ec=NULL; 725 SSL_CIPHER *ec=NULL;
744 726
745 if (s->options & SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG) 727 if (s->options & SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG)
746 { 728 {
747 sk=s->session->ciphers; 729 sk=s->session->ciphers;
748 for (i=0; i<sk_num(sk); i++) 730 for (i=0; i<sk_SSL_CIPHER_num(sk); i++)
749 { 731 {
750 c=(SSL_CIPHER *)sk_value(sk,i); 732 c=sk_SSL_CIPHER_value(sk,i);
751 if (c->algorithms & SSL_eNULL) 733 if (c->algorithms & SSL_eNULL)
752 nc=c; 734 nc=c;
753 if (c->algorithms & SSL_EXP) 735 if (SSL_C_IS_EXPORT(c))
754 ec=c; 736 ec=c;
755 } 737 }
756 if (nc != NULL) 738 if (nc != NULL)
@@ -783,12 +765,11 @@ f_err:
783 ssl3_send_alert(s,SSL3_AL_FATAL,al); 765 ssl3_send_alert(s,SSL3_AL_FATAL,al);
784 } 766 }
785err: 767err:
786 if (ciphers != NULL) sk_free(ciphers); 768 if (ciphers != NULL) sk_SSL_CIPHER_free(ciphers);
787 return(ret); 769 return(ret);
788 } 770 }
789 771
790static int ssl3_send_server_hello(s) 772static int ssl3_send_server_hello(SSL *s)
791SSL *s;
792 { 773 {
793 unsigned char *buf; 774 unsigned char *buf;
794 unsigned char *p,*d; 775 unsigned char *p,*d;
@@ -833,7 +814,10 @@ SSL *s;
833 p+=i; 814 p+=i;
834 815
835 /* put the compression method */ 816 /* put the compression method */
836 *(p++)=0; 817 if (s->s3->tmp.new_compression == NULL)
818 *(p++)=0;
819 else
820 *(p++)=s->s3->tmp.new_compression->id;
837 821
838 /* do the header */ 822 /* do the header */
839 l=(p-d); 823 l=(p-d);
@@ -851,8 +835,7 @@ SSL *s;
851 return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); 835 return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
852 } 836 }
853 837
854static int ssl3_send_server_done(s) 838static int ssl3_send_server_done(SSL *s)
855SSL *s;
856 { 839 {
857 unsigned char *p; 840 unsigned char *p;
858 841
@@ -876,8 +859,7 @@ SSL *s;
876 return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); 859 return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
877 } 860 }
878 861
879static int ssl3_send_server_key_exchange(s) 862static int ssl3_send_server_key_exchange(SSL *s)
880SSL *s;
881 { 863 {
882#ifndef NO_RSA 864#ifndef NO_RSA
883 unsigned char *q; 865 unsigned char *q;
@@ -902,7 +884,7 @@ SSL *s;
902 if (s->state == SSL3_ST_SW_KEY_EXCH_A) 884 if (s->state == SSL3_ST_SW_KEY_EXCH_A)
903 { 885 {
904 type=s->s3->tmp.new_cipher->algorithms & SSL_MKEY_MASK; 886 type=s->s3->tmp.new_cipher->algorithms & SSL_MKEY_MASK;
905 cert=s->session->cert; 887 cert=s->cert;
906 888
907 buf=s->init_buf; 889 buf=s->init_buf;
908 890
@@ -912,11 +894,11 @@ SSL *s;
912 if (type & SSL_kRSA) 894 if (type & SSL_kRSA)
913 { 895 {
914 rsa=cert->rsa_tmp; 896 rsa=cert->rsa_tmp;
915 if ((rsa == NULL) && (s->ctx->default_cert->rsa_tmp_cb != NULL)) 897 if ((rsa == NULL) && (s->cert->rsa_tmp_cb != NULL))
916 { 898 {
917 rsa=s->ctx->default_cert->rsa_tmp_cb(s, 899 rsa=s->cert->rsa_tmp_cb(s,
918 (s->s3->tmp.new_cipher->algorithms| 900 SSL_C_IS_EXPORT(s->s3->tmp.new_cipher),
919 SSL_NOT_EXP)?0:1); 901 SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher));
920 CRYPTO_add(&rsa->references,1,CRYPTO_LOCK_RSA); 902 CRYPTO_add(&rsa->references,1,CRYPTO_LOCK_RSA);
921 cert->rsa_tmp=rsa; 903 cert->rsa_tmp=rsa;
922 } 904 }
@@ -936,10 +918,10 @@ SSL *s;
936 if (type & SSL_kEDH) 918 if (type & SSL_kEDH)
937 { 919 {
938 dhp=cert->dh_tmp; 920 dhp=cert->dh_tmp;
939 if ((dhp == NULL) && (cert->dh_tmp_cb != NULL)) 921 if ((dhp == NULL) && (s->cert->dh_tmp_cb != NULL))
940 dhp=cert->dh_tmp_cb(s, 922 dhp=s->cert->dh_tmp_cb(s,
941 (s->s3->tmp.new_cipher->algorithms| 923 !SSL_C_IS_EXPORT(s->s3->tmp.new_cipher),
942 SSL_NOT_EXP)?0:1); 924 SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher));
943 if (dhp == NULL) 925 if (dhp == NULL)
944 { 926 {
945 al=SSL_AD_HANDSHAKE_FAILURE; 927 al=SSL_AD_HANDSHAKE_FAILURE;
@@ -953,13 +935,16 @@ SSL *s;
953 } 935 }
954 936
955 s->s3->tmp.dh=dh; 937 s->s3->tmp.dh=dh;
956 if (((dhp->pub_key == NULL) || 938 if ((dhp->pub_key == NULL ||
957 (dhp->priv_key == NULL) || 939 dhp->priv_key == NULL ||
958 (s->options & SSL_OP_SINGLE_DH_USE)) && 940 (s->options & SSL_OP_SINGLE_DH_USE)))
959 (!DH_generate_key(dh)))
960 { 941 {
961 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_DH_LIB); 942 if(!DH_generate_key(dh))
962 goto err; 943 {
944 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
945 ERR_R_DH_LIB);
946 goto err;
947 }
963 } 948 }
964 else 949 else
965 { 950 {
@@ -1098,12 +1083,11 @@ err:
1098 return(-1); 1083 return(-1);
1099 } 1084 }
1100 1085
1101static int ssl3_send_certificate_request(s) 1086static int ssl3_send_certificate_request(SSL *s)
1102SSL *s;
1103 { 1087 {
1104 unsigned char *p,*d; 1088 unsigned char *p,*d;
1105 int i,j,nl,off,n; 1089 int i,j,nl,off,n;
1106 STACK *sk=NULL; 1090 STACK_OF(X509_NAME) *sk=NULL;
1107 X509_NAME *name; 1091 X509_NAME *name;
1108 BUF_MEM *buf; 1092 BUF_MEM *buf;
1109 1093
@@ -1128,9 +1112,9 @@ SSL *s;
1128 nl=0; 1112 nl=0;
1129 if (sk != NULL) 1113 if (sk != NULL)
1130 { 1114 {
1131 for (i=0; i<sk_num(sk); i++) 1115 for (i=0; i<sk_X509_NAME_num(sk); i++)
1132 { 1116 {
1133 name=(X509_NAME *)sk_value(sk,i); 1117 name=sk_X509_NAME_value(sk,i);
1134 j=i2d_X509_NAME(name,NULL); 1118 j=i2d_X509_NAME(name,NULL);
1135 if (!BUF_MEM_grow(buf,4+n+j+2)) 1119 if (!BUF_MEM_grow(buf,4+n+j+2))
1136 { 1120 {
@@ -1176,15 +1160,16 @@ err:
1176 return(-1); 1160 return(-1);
1177 } 1161 }
1178 1162
1179static int ssl3_get_client_key_exchange(s) 1163static int ssl3_get_client_key_exchange(SSL *s)
1180SSL *s;
1181 { 1164 {
1182 int i,al,ok; 1165 int i,al,ok;
1183 long n; 1166 long n;
1184 unsigned long l; 1167 unsigned long l;
1185 unsigned char *p; 1168 unsigned char *p;
1169#ifndef NO_RSA
1186 RSA *rsa=NULL; 1170 RSA *rsa=NULL;
1187 EVP_PKEY *pkey=NULL; 1171 EVP_PKEY *pkey=NULL;
1172#endif
1188#ifndef NO_DH 1173#ifndef NO_DH
1189 BIGNUM *pub=NULL; 1174 BIGNUM *pub=NULL;
1190 DH *dh_srvr; 1175 DH *dh_srvr;
@@ -1208,12 +1193,8 @@ SSL *s;
1208 /* FIX THIS UP EAY EAY EAY EAY */ 1193 /* FIX THIS UP EAY EAY EAY EAY */
1209 if (s->s3->tmp.use_rsa_tmp) 1194 if (s->s3->tmp.use_rsa_tmp)
1210 { 1195 {
1211 if ((s->session->cert != NULL) && 1196 if ((s->cert != NULL) && (s->cert->rsa_tmp != NULL))
1212 (s->session->cert->rsa_tmp != NULL)) 1197 rsa=s->cert->rsa_tmp;
1213 rsa=s->session->cert->rsa_tmp;
1214 else if ((s->ctx->default_cert != NULL) &&
1215 (s->ctx->default_cert->rsa_tmp != NULL))
1216 rsa=s->ctx->default_cert->rsa_tmp;
1217 /* Don't do a callback because rsa_tmp should 1198 /* Don't do a callback because rsa_tmp should
1218 * be sent already */ 1199 * be sent already */
1219 if (rsa == NULL) 1200 if (rsa == NULL)
@@ -1259,15 +1240,28 @@ SSL *s;
1259 i=RSA_private_decrypt((int)n,p,p,rsa,RSA_PKCS1_PADDING); 1240 i=RSA_private_decrypt((int)n,p,p,rsa,RSA_PKCS1_PADDING);
1260 1241
1261#if 1 1242#if 1
1262 /* If a bad decrypt, use a dud master key */ 1243 /* If a bad decrypt, use a random master key */
1263 if ((i != SSL_MAX_MASTER_KEY_LENGTH) || 1244 if ((i != SSL_MAX_MASTER_KEY_LENGTH) ||
1264 ((p[0] != (s->version>>8)) || 1245 ((p[0] != (s->client_version>>8)) ||
1265 (p[1] != (s->version & 0xff)))) 1246 (p[1] != (s->client_version & 0xff))))
1266 { 1247 {
1267 p[0]=(s->version>>8); 1248 int bad=1;
1268 p[1]=(s->version & 0xff); 1249
1269 RAND_bytes(&(p[2]),SSL_MAX_MASTER_KEY_LENGTH-2); 1250 if ((i == SSL_MAX_MASTER_KEY_LENGTH) &&
1270 i=SSL_MAX_MASTER_KEY_LENGTH; 1251 (p[0] == (s->version>>8)) &&
1252 (p[1] == 0))
1253 {
1254 if (s->options & SSL_OP_TLS_ROLLBACK_BUG)
1255 bad=0;
1256 }
1257 if (bad)
1258 {
1259 p[0]=(s->version>>8);
1260 p[1]=(s->version & 0xff);
1261 RAND_bytes(&(p[2]),SSL_MAX_MASTER_KEY_LENGTH-2);
1262 i=SSL_MAX_MASTER_KEY_LENGTH;
1263 }
1264 /* else, an SSLeay bug, ssl only server, tls client */
1271 } 1265 }
1272#else 1266#else
1273 if (i != SSL_MAX_MASTER_KEY_LENGTH) 1267 if (i != SSL_MAX_MASTER_KEY_LENGTH)
@@ -1370,8 +1364,7 @@ err:
1370 return(-1); 1364 return(-1);
1371 } 1365 }
1372 1366
1373static int ssl3_get_cert_verify(s) 1367static int ssl3_get_cert_verify(SSL *s)
1374SSL *s;
1375 { 1368 {
1376 EVP_PKEY *pkey=NULL; 1369 EVP_PKEY *pkey=NULL;
1377 unsigned char *p; 1370 unsigned char *p;
@@ -1505,17 +1498,17 @@ f_err:
1505 ssl3_send_alert(s,SSL3_AL_FATAL,al); 1498 ssl3_send_alert(s,SSL3_AL_FATAL,al);
1506 } 1499 }
1507end: 1500end:
1501 EVP_PKEY_free(pkey);
1508 return(ret); 1502 return(ret);
1509 } 1503 }
1510 1504
1511static int ssl3_get_client_certificate(s) 1505static int ssl3_get_client_certificate(SSL *s)
1512SSL *s;
1513 { 1506 {
1514 int i,ok,al,ret= -1; 1507 int i,ok,al,ret= -1;
1515 X509 *x=NULL; 1508 X509 *x=NULL;
1516 unsigned long l,nc,llen,n; 1509 unsigned long l,nc,llen,n;
1517 unsigned char *p,*d,*q; 1510 unsigned char *p,*d,*q;
1518 STACK *sk=NULL; 1511 STACK_OF(X509) *sk=NULL;
1519 1512
1520 n=ssl3_get_message(s, 1513 n=ssl3_get_message(s,
1521 SSL3_ST_SR_CERT_A, 1514 SSL3_ST_SR_CERT_A,
@@ -1558,7 +1551,7 @@ SSL *s;
1558 } 1551 }
1559 d=p=(unsigned char *)s->init_buf->data; 1552 d=p=(unsigned char *)s->init_buf->data;
1560 1553
1561 if ((sk=sk_new_null()) == NULL) 1554 if ((sk=sk_X509_new_null()) == NULL)
1562 { 1555 {
1563 SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,ERR_R_MALLOC_FAILURE); 1556 SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,ERR_R_MALLOC_FAILURE);
1564 goto err; 1557 goto err;
@@ -1594,7 +1587,7 @@ SSL *s;
1594 SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_CERT_LENGTH_MISMATCH); 1587 SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_CERT_LENGTH_MISMATCH);
1595 goto f_err; 1588 goto f_err;
1596 } 1589 }
1597 if (!sk_push(sk,(char *)x)) 1590 if (!sk_X509_push(sk,x))
1598 { 1591 {
1599 SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,ERR_R_MALLOC_FAILURE); 1592 SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,ERR_R_MALLOC_FAILURE);
1600 goto err; 1593 goto err;
@@ -1603,7 +1596,7 @@ SSL *s;
1603 nc+=l+3; 1596 nc+=l+3;
1604 } 1597 }
1605 1598
1606 if (sk_num(sk) <= 0) 1599 if (sk_X509_num(sk) <= 0)
1607 { 1600 {
1608 /* TLS does not mind 0 certs returned */ 1601 /* TLS does not mind 0 certs returned */
1609 if (s->version == SSL3_VERSION) 1602 if (s->version == SSL3_VERSION)
@@ -1632,10 +1625,26 @@ SSL *s;
1632 } 1625 }
1633 } 1626 }
1634 1627
1635 /* This should not be needed */ 1628 if (s->session->peer != NULL) /* This should not be needed */
1636 if (s->session->peer != NULL)
1637 X509_free(s->session->peer); 1629 X509_free(s->session->peer);
1638 s->session->peer=(X509 *)sk_shift(sk); 1630 s->session->peer=sk_X509_shift(sk);
1631
1632 /* With the current implementation, sess_cert will always be NULL
1633 * when we arrive here. */
1634 if (s->session->sess_cert == NULL)
1635 {
1636 s->session->sess_cert = ssl_sess_cert_new();
1637 if (s->session->sess_cert == NULL)
1638 {
1639 SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE, ERR_R_MALLOC_FAILURE);
1640 goto err;
1641 }
1642 }
1643 if (s->session->sess_cert->cert_chain != NULL)
1644 sk_X509_pop_free(s->session->sess_cert->cert_chain, X509_free);
1645 s->session->sess_cert->cert_chain=sk;
1646
1647 sk=NULL;
1639 1648
1640 ret=1; 1649 ret=1;
1641 if (0) 1650 if (0)
@@ -1645,12 +1654,11 @@ f_err:
1645 } 1654 }
1646err: 1655err:
1647 if (x != NULL) X509_free(x); 1656 if (x != NULL) X509_free(x);
1648 if (sk != NULL) sk_pop_free(sk,X509_free); 1657 if (sk != NULL) sk_X509_pop_free(sk,X509_free);
1649 return(ret); 1658 return(ret);
1650 } 1659 }
1651 1660
1652int ssl3_send_server_certificate(s) 1661int ssl3_send_server_certificate(SSL *s)
1653SSL *s;
1654 { 1662 {
1655 unsigned long l; 1663 unsigned long l;
1656 X509 *x; 1664 X509 *x;
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-26 05:55:53 +0000