summaryrefslogtreecommitdiff
path: root/src/lib
diff options
context:
space:
mode:
authormcbride <>2014-04-24 12:21:26 +0000
committermcbride <>2014-04-24 12:21:26 +0000
commita8d067331dc94d6605ac28365db8ef5acb460b95 (patch)
tree302cdf06d655a8ff432cef500986f2786e9f4709 /src/lib
parent2e912582a3c02782ff63159bad4ca1c02e8a095e (diff)
downloadopenbsd-a8d067331dc94d6605ac28365db8ef5acb460b95.tar.gz
openbsd-a8d067331dc94d6605ac28365db8ef5acb460b95.tar.bz2
openbsd-a8d067331dc94d6605ac28365db8ef5acb460b95.zip
KNF
Diffstat (limited to 'src/lib')
-rw-r--r--src/lib/libssl/s3_clnt.c1526
-rw-r--r--src/lib/libssl/s3_lib.c280
-rw-r--r--src/lib/libssl/src/ssl/s3_clnt.c1526
-rw-r--r--src/lib/libssl/src/ssl/s3_lib.c280
-rw-r--r--src/lib/libssl/src/ssl/ssl_lib.c707
-rw-r--r--src/lib/libssl/ssl_lib.c707
6 files changed, 2974 insertions, 2052 deletions
diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c
index 0cd40f3a2d..b63f0bf0c9 100644
--- a/src/lib/libssl/s3_clnt.c
+++ b/src/lib/libssl/s3_clnt.c
@@ -181,10 +181,10 @@ IMPLEMENT_ssl3_meth_func(SSLv3_client_method,
181int 181int
182ssl3_connect(SSL *s) 182ssl3_connect(SSL *s)
183{ 183{
184 BUF_MEM *buf = NULL; 184 BUF_MEM *buf = NULL;
185 void (*cb)(const SSL *ssl, int type, int val) = NULL; 185 void (*cb)(const SSL *ssl, int type, int val) = NULL;
186 int ret = -1; 186 int ret = -1;
187 int new_state, state, skip = 0; 187 int new_state, state, skip = 0;
188 188
189 ERR_clear_error(); 189 ERR_clear_error();
190 errno = 0; 190 errno = 0;
@@ -217,7 +217,8 @@ ssl3_connect(SSL *s)
217 cb(s, SSL_CB_HANDSHAKE_START, 1); 217 cb(s, SSL_CB_HANDSHAKE_START, 1);
218 218
219 if ((s->version & 0xff00 ) != 0x0300) { 219 if ((s->version & 0xff00 ) != 0x0300) {
220 SSLerr(SSL_F_SSL3_CONNECT, ERR_R_INTERNAL_ERROR); 220 SSLerr(SSL_F_SSL3_CONNECT,
221 ERR_R_INTERNAL_ERROR);
221 ret = -1; 222 ret = -1;
222 goto end; 223 goto end;
223 } 224 }
@@ -230,7 +231,8 @@ ssl3_connect(SSL *s)
230 ret = -1; 231 ret = -1;
231 goto end; 232 goto end;
232 } 233 }
233 if (!BUF_MEM_grow(buf, SSL3_RT_MAX_PLAIN_LENGTH)) { 234 if (!BUF_MEM_grow(buf,
235 SSL3_RT_MAX_PLAIN_LENGTH)) {
234 ret = -1; 236 ret = -1;
235 goto end; 237 goto end;
236 } 238 }
@@ -309,10 +311,11 @@ ssl3_connect(SSL *s)
309 break; 311 break;
310 } 312 }
311#endif 313#endif
312 /* Check if it is anon DH/ECDH */ 314 /* Check if it is anon DH/ECDH or PSK */
313 /* or PSK */ 315 if (!(s->s3->tmp.new_cipher->algorithm_auth &
314 if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) && 316 SSL_aNULL) &&
315 !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) { 317 !(s->s3->tmp.new_cipher->algorithm_mkey &
318 SSL_kPSK)) {
316 ret = ssl3_get_server_certificate(s); 319 ret = ssl3_get_server_certificate(s);
317 if (ret <= 0) 320 if (ret <= 0)
318 goto end; 321 goto end;
@@ -342,8 +345,10 @@ ssl3_connect(SSL *s)
342 s->state = SSL3_ST_CR_CERT_REQ_A; 345 s->state = SSL3_ST_CR_CERT_REQ_A;
343 s->init_num = 0; 346 s->init_num = 0;
344 347
345 /* at this point we check that we have the 348 /*
346 * required stuff from the server */ 349 * At this point we check that we have the
350 * required stuff from the server.
351 */
347 if (!ssl3_check_cert_and_algorithm(s)) { 352 if (!ssl3_check_cert_and_algorithm(s)) {
348 ret = -1; 353 ret = -1;
349 goto end; 354 goto end;
@@ -367,8 +372,10 @@ ssl3_connect(SSL *s)
367#ifndef OPENSSL_NO_SRP 372#ifndef OPENSSL_NO_SRP
368 if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kSRP) { 373 if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kSRP) {
369 if ((ret = SRP_Calc_A_param(s)) <= 0) { 374 if ((ret = SRP_Calc_A_param(s)) <= 0) {
370 SSLerr(SSL_F_SSL3_CONNECT, SSL_R_SRP_A_CALC); 375 SSLerr(SSL_F_SSL3_CONNECT,
371 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR); 376 SSL_R_SRP_A_CALC);
377 ssl3_send_alert(s, SSL3_AL_FATAL,
378 SSL_AD_INTERNAL_ERROR);
372 goto end; 379 goto end;
373 } 380 }
374 } 381 }
@@ -397,11 +404,16 @@ ssl3_connect(SSL *s)
397 ret = ssl3_send_client_key_exchange(s); 404 ret = ssl3_send_client_key_exchange(s);
398 if (ret <= 0) 405 if (ret <= 0)
399 goto end; 406 goto end;
400 /* EAY EAY EAY need to check for DH fix cert 407 /*
401 * sent back */ 408 * EAY EAY EAY need to check for DH fix cert
402 /* For TLS, cert_req is set to 2, so a cert chain 409 * sent back
403 * of nothing is sent, but no verify packet is sent */ 410 */
404 /* XXX: For now, we do not support client 411 /*
412 * For TLS, cert_req is set to 2, so a cert chain
413 * of nothing is sent, but no verify packet is sent
414 */
415 /*
416 * XXX: For now, we do not support client
405 * authentication in ECDH cipher suites with 417 * authentication in ECDH cipher suites with
406 * ECDH (rather than ECDSA) certificates. 418 * ECDH (rather than ECDSA) certificates.
407 * We need to skip the certificate verify 419 * We need to skip the certificate verify
@@ -457,7 +469,7 @@ ssl3_connect(SSL *s)
457 s->session->compress_meth = 0; 469 s->session->compress_meth = 0;
458 else 470 else
459 s->session->compress_meth = 471 s->session->compress_meth =
460 s->s3->tmp.new_compression->id; 472 s->s3->tmp.new_compression->id;
461#endif 473#endif
462 if (!s->method->ssl3_enc->setup_key_block(s)) { 474 if (!s->method->ssl3_enc->setup_key_block(s)) {
463 ret = -1; 475 ret = -1;
@@ -465,7 +477,7 @@ ssl3_connect(SSL *s)
465 } 477 }
466 478
467 if (!s->method->ssl3_enc->change_cipher_state(s, 479 if (!s->method->ssl3_enc->change_cipher_state(s,
468 SSL3_CHANGE_CIPHER_CLIENT_WRITE)) { 480 SSL3_CHANGE_CIPHER_CLIENT_WRITE)) {
469 ret = -1; 481 ret = -1;
470 goto end; 482 goto end;
471 } 483 }
@@ -496,7 +508,8 @@ ssl3_connect(SSL *s)
496 s->s3->flags &= ~SSL3_FLAGS_POP_BUFFER; 508 s->s3->flags &= ~SSL3_FLAGS_POP_BUFFER;
497 if (s->hit) { 509 if (s->hit) {
498 s->s3->tmp.next_state = SSL_ST_OK; 510 s->s3->tmp.next_state = SSL_ST_OK;
499 if (s->s3->flags & SSL3_FLAGS_DELAY_CLIENT_FINISHED) { 511 if (s->s3->flags &
512 SSL3_FLAGS_DELAY_CLIENT_FINISHED) {
500 s->state = SSL_ST_OK; 513 s->state = SSL_ST_OK;
501 s->s3->flags|=SSL3_FLAGS_POP_BUFFER; 514 s->s3->flags|=SSL3_FLAGS_POP_BUFFER;
502 s->s3->delay_buf_pop_ret = 0; 515 s->s3->delay_buf_pop_ret = 0;
@@ -505,7 +518,8 @@ ssl3_connect(SSL *s)
505#ifndef OPENSSL_NO_TLSEXT 518#ifndef OPENSSL_NO_TLSEXT
506 /* Allow NewSessionTicket if ticket expected */ 519 /* Allow NewSessionTicket if ticket expected */
507 if (s->tlsext_ticket_expected) 520 if (s->tlsext_ticket_expected)
508 s->s3->tmp.next_state = SSL3_ST_CR_SESSION_TICKET_A; 521 s->s3->tmp.next_state =
522 SSL3_ST_CR_SESSION_TICKET_A;
509 else 523 else
510#endif 524#endif
511 525
@@ -568,8 +582,10 @@ ssl3_connect(SSL *s)
568 s->init_buf = NULL; 582 s->init_buf = NULL;
569 } 583 }
570 584
571 /* If we are not 'joining' the last two packets, 585 /*
572 * remove the buffering now */ 586 * If we are not 'joining' the last two packets,
587 * remove the buffering now
588 */
573 if (!(s->s3->flags & SSL3_FLAGS_POP_BUFFER)) 589 if (!(s->s3->flags & SSL3_FLAGS_POP_BUFFER))
574 ssl_free_wbio_buffer(s); 590 ssl_free_wbio_buffer(s);
575 /* else do it later in ssl3_write */ 591 /* else do it later in ssl3_write */
@@ -594,7 +610,8 @@ ssl3_connect(SSL *s)
594 /* break; */ 610 /* break; */
595 611
596 default: 612 default:
597 SSLerr(SSL_F_SSL3_CONNECT, SSL_R_UNKNOWN_STATE); 613 SSLerr(SSL_F_SSL3_CONNECT,
614 SSL_R_UNKNOWN_STATE);
598 ret = -1; 615 ret = -1;
599 goto end; 616 goto end;
600 /* break; */ 617 /* break; */
@@ -616,7 +633,7 @@ ssl3_connect(SSL *s)
616 } 633 }
617 skip = 0; 634 skip = 0;
618 } 635 }
619end: 636 end:
620 s->in_handshake--; 637 s->in_handshake--;
621 if (buf != NULL) 638 if (buf != NULL)
622 BUF_MEM_free(buf); 639 BUF_MEM_free(buf);
@@ -629,13 +646,13 @@ end:
629int 646int
630ssl3_client_hello(SSL *s) 647ssl3_client_hello(SSL *s)
631{ 648{
632 unsigned char *buf; 649 unsigned char *buf;
633 unsigned char *p, *d; 650 unsigned char *p, *d;
634 int i; 651 int i;
635 unsigned long l; 652 unsigned long l;
636#ifndef OPENSSL_NO_COMP 653#ifndef OPENSSL_NO_COMP
637 int j; 654 int j;
638 SSL_COMP *comp; 655 SSL_COMP *comp;
639#endif 656#endif
640 657
641 buf = (unsigned char *)s->init_buf->data; 658 buf = (unsigned char *)s->init_buf->data;
@@ -660,9 +677,10 @@ ssl3_client_hello(SSL *s)
660 goto err; 677 goto err;
661 678
662 /* Do the message type and length last */ 679 /* Do the message type and length last */
663 d = p= &(buf[4]); 680 d = p = &(buf[4]);
664 681
665 /* version indicates the negotiated version: for example from 682 /*
683 * Version indicates the negotiated version: for example from
666 * an SSLv2/v3 compatible client hello). The client_version 684 * an SSLv2/v3 compatible client hello). The client_version
667 * field is the maximum version we permit and it is also 685 * field is the maximum version we permit and it is also
668 * used in RSA encrypted premaster secrets. Some servers can 686 * used in RSA encrypted premaster secrets. Some servers can
@@ -697,7 +715,7 @@ ssl3_client_hello(SSL *s)
697 s->client_version = s->version; 715 s->client_version = s->version;
698#else 716#else
699 *(p++) = s->client_version >> 8; 717 *(p++) = s->client_version >> 8;
700 *(p++) = s->client_version&0xff; 718 *(p++) = s->client_version & 0xff;
701#endif 719#endif
702 720
703 /* Random stuff */ 721 /* Random stuff */
@@ -712,7 +730,8 @@ ssl3_client_hello(SSL *s)
712 *(p++) = i; 730 *(p++) = i;
713 if (i != 0) { 731 if (i != 0) {
714 if (i > (int)sizeof(s->session->session_id)) { 732 if (i > (int)sizeof(s->session->session_id)) {
715 SSLerr(SSL_F_SSL3_CLIENT_HELLO, ERR_R_INTERNAL_ERROR); 733 SSLerr(SSL_F_SSL3_CLIENT_HELLO,
734 ERR_R_INTERNAL_ERROR);
716 goto err; 735 goto err;
717 } 736 }
718 memcpy(p, s->session->session_id, i); 737 memcpy(p, s->session->session_id, i);
@@ -722,11 +741,13 @@ ssl3_client_hello(SSL *s)
722 /* Ciphers supported */ 741 /* Ciphers supported */
723 i = ssl_cipher_list_to_bytes(s, SSL_get_ciphers(s), &(p[2]), 0); 742 i = ssl_cipher_list_to_bytes(s, SSL_get_ciphers(s), &(p[2]), 0);
724 if (i == 0) { 743 if (i == 0) {
725 SSLerr(SSL_F_SSL3_CLIENT_HELLO, SSL_R_NO_CIPHERS_AVAILABLE); 744 SSLerr(SSL_F_SSL3_CLIENT_HELLO,
745 SSL_R_NO_CIPHERS_AVAILABLE);
726 goto err; 746 goto err;
727 } 747 }
728#ifdef OPENSSL_MAX_TLS1_2_CIPHER_LENGTH 748#ifdef OPENSSL_MAX_TLS1_2_CIPHER_LENGTH
729 /* Some servers hang if client hello > 256 bytes 749 /*
750 * Some servers hang if client hello > 256 bytes
730 * as hack workaround chop number of supported ciphers 751 * as hack workaround chop number of supported ciphers
731 * to keep it well below this if we use TLS v1.2 752 * to keep it well below this if we use TLS v1.2
732 */ 753 */
@@ -758,11 +779,14 @@ ssl3_client_hello(SSL *s)
758#ifndef OPENSSL_NO_TLSEXT 779#ifndef OPENSSL_NO_TLSEXT
759 /* TLS extensions*/ 780 /* TLS extensions*/
760 if (ssl_prepare_clienthello_tlsext(s) <= 0) { 781 if (ssl_prepare_clienthello_tlsext(s) <= 0) {
761 SSLerr(SSL_F_SSL3_CLIENT_HELLO, SSL_R_CLIENTHELLO_TLSEXT); 782 SSLerr(SSL_F_SSL3_CLIENT_HELLO,
783 SSL_R_CLIENTHELLO_TLSEXT);
762 goto err; 784 goto err;
763 } 785 }
764 if ((p = ssl_add_clienthello_tlsext(s, p, buf + SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) { 786 if ((p = ssl_add_clienthello_tlsext(s, p,
765 SSLerr(SSL_F_SSL3_CLIENT_HELLO, ERR_R_INTERNAL_ERROR); 787 buf + SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) {
788 SSLerr(SSL_F_SSL3_CLIENT_HELLO,
789 ERR_R_INTERNAL_ERROR);
766 goto err; 790 goto err;
767 } 791 }
768#endif 792#endif
@@ -780,21 +804,21 @@ ssl3_client_hello(SSL *s)
780 804
781 /* SSL3_ST_CW_CLNT_HELLO_B */ 805 /* SSL3_ST_CW_CLNT_HELLO_B */
782 return (ssl3_do_write(s, SSL3_RT_HANDSHAKE)); 806 return (ssl3_do_write(s, SSL3_RT_HANDSHAKE));
783err: 807 err:
784 return (-1); 808 return (-1);
785} 809}
786 810
787int 811int
788ssl3_get_server_hello(SSL *s) 812ssl3_get_server_hello(SSL *s)
789{ 813{
790 STACK_OF(SSL_CIPHER) *sk; 814 STACK_OF(SSL_CIPHER) *sk;
791 const SSL_CIPHER *c; 815 const SSL_CIPHER *c;
792 unsigned char *p, *d; 816 unsigned char *p, *d;
793 int i, al, ok; 817 int i, al, ok;
794 unsigned int j; 818 unsigned int j;
795 long n; 819 long n;
796#ifndef OPENSSL_NO_COMP 820#ifndef OPENSSL_NO_COMP
797 SSL_COMP *comp; 821 SSL_COMP *comp;
798#endif 822#endif
799 823
800 n = s->method->ssl_get_message(s, SSL3_ST_CR_SRVR_HELLO_A, 824 n = s->method->ssl_get_message(s, SSL3_ST_CR_SRVR_HELLO_A,
@@ -803,7 +827,8 @@ ssl3_get_server_hello(SSL *s)
803 if (!ok) 827 if (!ok)
804 return ((int)n); 828 return ((int)n);
805 829
806 if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER) { 830 if (SSL_version(s) == DTLS1_VERSION ||
831 SSL_version(s) == DTLS1_BAD_VER) {
807 if (s->s3->tmp.message_type == DTLS1_MT_HELLO_VERIFY_REQUEST) { 832 if (s->s3->tmp.message_type == DTLS1_MT_HELLO_VERIFY_REQUEST) {
808 if (s->d1->send_cookie == 0) { 833 if (s->d1->send_cookie == 0) {
809 s->s3->tmp.reuse_message = 1; 834 s->s3->tmp.reuse_message = 1;
@@ -812,7 +837,8 @@ ssl3_get_server_hello(SSL *s)
812 else /* already sent a cookie */ 837 else /* already sent a cookie */
813 { 838 {
814 al = SSL_AD_UNEXPECTED_MESSAGE; 839 al = SSL_AD_UNEXPECTED_MESSAGE;
815 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_BAD_MESSAGE_TYPE); 840 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
841 SSL_R_BAD_MESSAGE_TYPE);
816 goto f_err; 842 goto f_err;
817 } 843 }
818 } 844 }
@@ -820,14 +846,16 @@ ssl3_get_server_hello(SSL *s)
820 846
821 if (s->s3->tmp.message_type != SSL3_MT_SERVER_HELLO) { 847 if (s->s3->tmp.message_type != SSL3_MT_SERVER_HELLO) {
822 al = SSL_AD_UNEXPECTED_MESSAGE; 848 al = SSL_AD_UNEXPECTED_MESSAGE;
823 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_BAD_MESSAGE_TYPE); 849 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
850 SSL_R_BAD_MESSAGE_TYPE);
824 goto f_err; 851 goto f_err;
825 } 852 }
826 853
827 d = p=(unsigned char *)s->init_msg; 854 d = p=(unsigned char *)s->init_msg;
828 855
829 if ((p[0] != (s->version >> 8)) || (p[1] != (s->version & 0xff))) { 856 if ((p[0] != (s->version >> 8)) || (p[1] != (s->version & 0xff))) {
830 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_WRONG_SSL_VERSION); 857 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
858 SSL_R_WRONG_SSL_VERSION);
831 s->version = (s->version&0xff00)|p[1]; 859 s->version = (s->version&0xff00)|p[1];
832 al = SSL_AD_PROTOCOL_VERSION; 860 al = SSL_AD_PROTOCOL_VERSION;
833 goto f_err; 861 goto f_err;
@@ -842,14 +870,19 @@ ssl3_get_server_hello(SSL *s)
842 /* get the session-id */ 870 /* get the session-id */
843 j= *(p++); 871 j= *(p++);
844 872
845 if ((j > sizeof s->session->session_id) || (j > SSL3_SESSION_ID_SIZE)) { 873 if ((j > sizeof s->session->session_id) ||
874 (j > SSL3_SESSION_ID_SIZE)) {
846 al = SSL_AD_ILLEGAL_PARAMETER; 875 al = SSL_AD_ILLEGAL_PARAMETER;
847 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_SSL3_SESSION_ID_TOO_LONG); 876 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
877 SSL_R_SSL3_SESSION_ID_TOO_LONG);
848 goto f_err; 878 goto f_err;
849 } 879 }
850 880
851#ifndef OPENSSL_NO_TLSEXT 881#ifndef OPENSSL_NO_TLSEXT
852 /* check if we want to resume the session based on external pre-shared secret */ 882 /*
883 * Check if we want to resume the session based on external
884 * pre-shared secret
885 */
853 if (s->version >= TLS1_VERSION && s->tls_session_secret_cb) { 886 if (s->version >= TLS1_VERSION && s->tls_session_secret_cb) {
854 SSL_CIPHER *pref_cipher = NULL; 887 SSL_CIPHER *pref_cipher = NULL;
855 s->session->master_key_length = sizeof(s->session->master_key); 888 s->session->master_key_length = sizeof(s->session->master_key);
@@ -865,16 +898,17 @@ ssl3_get_server_hello(SSL *s)
865 if (j != 0 && j == s->session->session_id_length && 898 if (j != 0 && j == s->session->session_id_length &&
866 memcmp(p, s->session->session_id, j) == 0) { 899 memcmp(p, s->session->session_id, j) == 0) {
867 if (s->sid_ctx_length != s->session->sid_ctx_length || 900 if (s->sid_ctx_length != s->session->sid_ctx_length ||
868 memcmp(s->session->sid_ctx, s->sid_ctx, s->sid_ctx_length)) { 901 memcmp(s->session->sid_ctx,
902 s->sid_ctx, s->sid_ctx_length)) {
869 /* actually a client application bug */ 903 /* actually a client application bug */
870 al = SSL_AD_ILLEGAL_PARAMETER; 904 al = SSL_AD_ILLEGAL_PARAMETER;
871 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT); 905 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
906 SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT);
872 goto f_err; 907 goto f_err;
873 } 908 }
874 s->hit = 1; 909 s->hit = 1;
875 } 910 } else { /* a miss or crap from the other end */
876 else /* a miss or crap from the other end */ 911
877 {
878 /* If we were trying for session-id reuse, make a new 912 /* If we were trying for session-id reuse, make a new
879 * SSL_SESSION so we don't stuff up other people */ 913 * SSL_SESSION so we don't stuff up other people */
880 s->hit = 0; 914 s->hit = 0;
@@ -892,14 +926,16 @@ ssl3_get_server_hello(SSL *s)
892 if (c == NULL) { 926 if (c == NULL) {
893 /* unknown cipher */ 927 /* unknown cipher */
894 al = SSL_AD_ILLEGAL_PARAMETER; 928 al = SSL_AD_ILLEGAL_PARAMETER;
895 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_UNKNOWN_CIPHER_RETURNED); 929 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
930 SSL_R_UNKNOWN_CIPHER_RETURNED);
896 goto f_err; 931 goto f_err;
897 } 932 }
898 /* TLS v1.2 only ciphersuites require v1.2 or later */ 933 /* TLS v1.2 only ciphersuites require v1.2 or later */
899 if ((c->algorithm_ssl & SSL_TLSV1_2) && 934 if ((c->algorithm_ssl & SSL_TLSV1_2) &&
900 (TLS1_get_version(s) < TLS1_2_VERSION)) { 935 (TLS1_get_version(s) < TLS1_2_VERSION)) {
901 al = SSL_AD_ILLEGAL_PARAMETER; 936 al = SSL_AD_ILLEGAL_PARAMETER;
902 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_WRONG_CIPHER_RETURNED); 937 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
938 SSL_R_WRONG_CIPHER_RETURNED);
903 goto f_err; 939 goto f_err;
904 } 940 }
905 p += ssl_put_cipher_by_char(s, NULL, NULL); 941 p += ssl_put_cipher_by_char(s, NULL, NULL);
@@ -909,25 +945,31 @@ ssl3_get_server_hello(SSL *s)
909 if (i < 0) { 945 if (i < 0) {
910 /* we did not say we would use this cipher */ 946 /* we did not say we would use this cipher */
911 al = SSL_AD_ILLEGAL_PARAMETER; 947 al = SSL_AD_ILLEGAL_PARAMETER;
912 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_WRONG_CIPHER_RETURNED); 948 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
949 SSL_R_WRONG_CIPHER_RETURNED);
913 goto f_err; 950 goto f_err;
914 } 951 }
915 952
916 /* Depending on the session caching (internal/external), the cipher 953 /*
917 and/or cipher_id values may not be set. Make sure that 954 * Depending on the session caching (internal/external), the cipher
918 cipher_id is set and use it for comparison. */ 955 * and/or cipher_id values may not be set. Make sure that
956 * cipher_id is set and use it for comparison.
957 */
919 if (s->session->cipher) 958 if (s->session->cipher)
920 s->session->cipher_id = s->session->cipher->id; 959 s->session->cipher_id = s->session->cipher->id;
921 if (s->hit && (s->session->cipher_id != c->id)) { 960 if (s->hit && (s->session->cipher_id != c->id)) {
922 al = SSL_AD_ILLEGAL_PARAMETER; 961 al = SSL_AD_ILLEGAL_PARAMETER;
923 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED); 962 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
963 SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED);
924 goto f_err; 964 goto f_err;
925 } 965 }
926 s->s3->tmp.new_cipher = c; 966 s->s3->tmp.new_cipher = c;
927 /* Don't digest cached records if TLS v1.2: we may need them for 967 /*
968 * Don't digest cached records if TLS v1.2: we may need them for
928 * client authentication. 969 * client authentication.
929 */ 970 */
930 if (TLS1_get_version(s) < TLS1_2_VERSION && !ssl3_digest_cached_records(s)) { 971 if (TLS1_get_version(s) < TLS1_2_VERSION &&
972 !ssl3_digest_cached_records(s)) {
931 al = SSL_AD_INTERNAL_ERROR; 973 al = SSL_AD_INTERNAL_ERROR;
932 goto f_err; 974 goto f_err;
933 } 975 }
@@ -936,36 +978,42 @@ ssl3_get_server_hello(SSL *s)
936#ifdef OPENSSL_NO_COMP 978#ifdef OPENSSL_NO_COMP
937 if (*(p++) != 0) { 979 if (*(p++) != 0) {
938 al = SSL_AD_ILLEGAL_PARAMETER; 980 al = SSL_AD_ILLEGAL_PARAMETER;
939 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM); 981 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
982 SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
940 goto f_err; 983 goto f_err;
941 } 984 }
942 /* If compression is disabled we'd better not try to resume a session 985 /*
986 * If compression is disabled we'd better not try to resume a session
943 * using compression. 987 * using compression.
944 */ 988 */
945 if (s->session->compress_meth != 0) { 989 if (s->session->compress_meth != 0) {
946 al = SSL_AD_INTERNAL_ERROR; 990 al = SSL_AD_INTERNAL_ERROR;
947 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_INCONSISTENT_COMPRESSION); 991 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
992 SSL_R_INCONSISTENT_COMPRESSION);
948 goto f_err; 993 goto f_err;
949 } 994 }
950#else 995#else
951 j= *(p++); 996 j= *(p++);
952 if (s->hit && j != s->session->compress_meth) { 997 if (s->hit && j != s->session->compress_meth) {
953 al = SSL_AD_ILLEGAL_PARAMETER; 998 al = SSL_AD_ILLEGAL_PARAMETER;
954 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED); 999 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
1000 SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED);
955 goto f_err; 1001 goto f_err;
956 } 1002 }
957 if (j == 0) 1003 if (j == 0)
958 comp = NULL; 1004 comp = NULL;
959 else if (s->options & SSL_OP_NO_COMPRESSION) { 1005 else if (s->options & SSL_OP_NO_COMPRESSION) {
960 al = SSL_AD_ILLEGAL_PARAMETER; 1006 al = SSL_AD_ILLEGAL_PARAMETER;
961 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_COMPRESSION_DISABLED); 1007 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
1008 SSL_R_COMPRESSION_DISABLED);
962 goto f_err; 1009 goto f_err;
963 } else 1010 } else
964 comp = ssl3_comp_find(s->ctx->comp_methods, j); 1011 comp = ssl3_comp_find(s->ctx->comp_methods, j);
965 1012
966 if ((j != 0) && (comp == NULL)) { 1013 if ((j != 0) && (comp == NULL)) {
967 al = SSL_AD_ILLEGAL_PARAMETER; 1014 al = SSL_AD_ILLEGAL_PARAMETER;
968 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM); 1015 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
1016 SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
969 goto f_err; 1017 goto f_err;
970 } else { 1018 } else {
971 s->s3->tmp.new_compression = comp; 1019 s->s3->tmp.new_compression = comp;
@@ -977,12 +1025,14 @@ ssl3_get_server_hello(SSL *s)
977 if (s->version >= SSL3_VERSION) { 1025 if (s->version >= SSL3_VERSION) {
978 if (!ssl_parse_serverhello_tlsext(s, &p, d, n, &al)) { 1026 if (!ssl_parse_serverhello_tlsext(s, &p, d, n, &al)) {
979 /* 'al' set by ssl_parse_serverhello_tlsext */ 1027 /* 'al' set by ssl_parse_serverhello_tlsext */
980 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_PARSE_TLSEXT); 1028 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
1029 SSL_R_PARSE_TLSEXT);
981 goto f_err; 1030 goto f_err;
982 1031
983 } 1032 }
984 if (ssl_check_serverhello_tlsext(s) <= 0) { 1033 if (ssl_check_serverhello_tlsext(s) <= 0) {
985 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_SERVERHELLO_TLSEXT); 1034 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
1035 SSL_R_SERVERHELLO_TLSEXT);
986 goto err; 1036 goto err;
987 } 1037 }
988 } 1038 }
@@ -991,29 +1041,32 @@ ssl3_get_server_hello(SSL *s)
991 if (p != (d + n)) { 1041 if (p != (d + n)) {
992 /* wrong packet length */ 1042 /* wrong packet length */
993 al = SSL_AD_DECODE_ERROR; 1043 al = SSL_AD_DECODE_ERROR;
994 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_BAD_PACKET_LENGTH); 1044 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
1045 SSL_R_BAD_PACKET_LENGTH);
995 goto f_err; 1046 goto f_err;
996 } 1047 }
997 1048
998 return (1); 1049 return (1);
999f_err: 1050 f_err:
1000 ssl3_send_alert(s, SSL3_AL_FATAL, al); 1051 ssl3_send_alert(s, SSL3_AL_FATAL, al);
1001err: 1052 err:
1002 return (-1); 1053 return (-1);
1003} 1054}
1004 1055
1005int 1056int
1006ssl3_get_server_certificate(SSL *s) 1057ssl3_get_server_certificate(SSL *s)
1007{ 1058{
1008 int al, i, ok, ret = -1; 1059 int al, i, ok, ret = -1;
1009 unsigned long n, nc, llen, l; 1060 unsigned long n, nc, llen, l;
1010 X509 *x = NULL; 1061 X509 *x = NULL;
1011 const unsigned char *q, *p; 1062 const unsigned char *q, *p;
1012 unsigned char *d; 1063 unsigned char *d;
1013 STACK_OF(X509) *sk = NULL; 1064 STACK_OF(X509) *sk = NULL;
1014 SESS_CERT *sc; 1065 SESS_CERT *sc;
1015 EVP_PKEY *pkey = NULL; 1066 EVP_PKEY *pkey = NULL;
1016 int need_cert = 1; /* VRS: 0=> will allow null cert if auth == KRB5 */ 1067
1068 /* VRS: 0=> will allow null cert if auth == KRB5 */
1069 int need_cert = 1;
1017 1070
1018 n = s->method->ssl_get_message(s, SSL3_ST_CR_CERT_A, 1071 n = s->method->ssl_get_message(s, SSL3_ST_CR_CERT_A,
1019 SSL3_ST_CR_CERT_B, -1, s->max_cert_list, &ok); 1072 SSL3_ST_CR_CERT_B, -1, s->max_cert_list, &ok);
@@ -1030,27 +1083,31 @@ ssl3_get_server_certificate(SSL *s)
1030 1083
1031 if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE) { 1084 if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE) {
1032 al = SSL_AD_UNEXPECTED_MESSAGE; 1085 al = SSL_AD_UNEXPECTED_MESSAGE;
1033 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, SSL_R_BAD_MESSAGE_TYPE); 1086 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,
1087 SSL_R_BAD_MESSAGE_TYPE);
1034 goto f_err; 1088 goto f_err;
1035 } 1089 }
1036 p = d = (unsigned char *)s->init_msg; 1090 p = d = (unsigned char *)s->init_msg;
1037 1091
1038 if ((sk = sk_X509_new_null()) == NULL) { 1092 if ((sk = sk_X509_new_null()) == NULL) {
1039 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, ERR_R_MALLOC_FAILURE); 1093 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,
1094 ERR_R_MALLOC_FAILURE);
1040 goto err; 1095 goto err;
1041 } 1096 }
1042 1097
1043 n2l3(p, llen); 1098 n2l3(p, llen);
1044 if (llen + 3 != n) { 1099 if (llen + 3 != n) {
1045 al = SSL_AD_DECODE_ERROR; 1100 al = SSL_AD_DECODE_ERROR;
1046 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, SSL_R_LENGTH_MISMATCH); 1101 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,
1102 SSL_R_LENGTH_MISMATCH);
1047 goto f_err; 1103 goto f_err;
1048 } 1104 }
1049 for (nc = 0; nc < llen; ) { 1105 for (nc = 0; nc < llen; ) {
1050 n2l3(p, l); 1106 n2l3(p, l);
1051 if ((l + nc + 3) > llen) { 1107 if ((l + nc + 3) > llen) {
1052 al = SSL_AD_DECODE_ERROR; 1108 al = SSL_AD_DECODE_ERROR;
1053 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, SSL_R_CERT_LENGTH_MISMATCH); 1109 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,
1110 SSL_R_CERT_LENGTH_MISMATCH);
1054 goto f_err; 1111 goto f_err;
1055 } 1112 }
1056 1113
@@ -1058,16 +1115,19 @@ ssl3_get_server_certificate(SSL *s)
1058 x = d2i_X509(NULL, &q, l); 1115 x = d2i_X509(NULL, &q, l);
1059 if (x == NULL) { 1116 if (x == NULL) {
1060 al = SSL_AD_BAD_CERTIFICATE; 1117 al = SSL_AD_BAD_CERTIFICATE;
1061 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, ERR_R_ASN1_LIB); 1118 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,
1119 ERR_R_ASN1_LIB);
1062 goto f_err; 1120 goto f_err;
1063 } 1121 }
1064 if (q != (p + l)) { 1122 if (q != (p + l)) {
1065 al = SSL_AD_DECODE_ERROR; 1123 al = SSL_AD_DECODE_ERROR;
1066 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, SSL_R_CERT_LENGTH_MISMATCH); 1124 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,
1125 SSL_R_CERT_LENGTH_MISMATCH);
1067 goto f_err; 1126 goto f_err;
1068 } 1127 }
1069 if (!sk_X509_push(sk, x)) { 1128 if (!sk_X509_push(sk, x)) {
1070 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, ERR_R_MALLOC_FAILURE); 1129 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,
1130 ERR_R_MALLOC_FAILURE);
1071 goto err; 1131 goto err;
1072 } 1132 }
1073 x = NULL; 1133 x = NULL;
@@ -1083,7 +1143,8 @@ ssl3_get_server_certificate(SSL *s)
1083#endif /* OPENSSL_NO_KRB5 */ 1143#endif /* OPENSSL_NO_KRB5 */
1084 ) { 1144 ) {
1085 al = ssl_verify_alarm_type(s->verify_result); 1145 al = ssl_verify_alarm_type(s->verify_result);
1086 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, SSL_R_CERTIFICATE_VERIFY_FAILED); 1146 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,
1147 SSL_R_CERTIFICATE_VERIFY_FAILED);
1087 goto f_err; 1148 goto f_err;
1088 1149
1089 } 1150 }
@@ -1098,8 +1159,10 @@ ssl3_get_server_certificate(SSL *s)
1098 s->session->sess_cert = sc; 1159 s->session->sess_cert = sc;
1099 1160
1100 sc->cert_chain = sk; 1161 sc->cert_chain = sk;
1101 /* Inconsistency alert: cert_chain does include the peer's 1162 /*
1102 * certificate, which we don't include in s3_srvr.c */ 1163 * Inconsistency alert: cert_chain does include the peer's
1164 * certificate, which we don't include in s3_srvr.c
1165 */
1103 x = sk_X509_value(sk, 0); 1166 x = sk_X509_value(sk, 0);
1104 sk = NULL; 1167 sk = NULL;
1105 /* VRS 19990621: possible memory leak; sk=null ==> !sk_pop_free() @end*/ 1168 /* VRS 19990621: possible memory leak; sk=null ==> !sk_pop_free() @end*/
@@ -1108,17 +1171,19 @@ ssl3_get_server_certificate(SSL *s)
1108 1171
1109 /* VRS: allow null cert if auth == KRB5 */ 1172 /* VRS: allow null cert if auth == KRB5 */
1110 need_cert = ((s->s3->tmp.new_cipher->algorithm_mkey & SSL_kKRB5) && 1173 need_cert = ((s->s3->tmp.new_cipher->algorithm_mkey & SSL_kKRB5) &&
1111 (s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5)) 1174 (s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5))
1112 ? 0 : 1; 1175 ? 0 : 1;
1113 1176
1114#ifdef KSSL_DEBUG 1177#ifdef KSSL_DEBUG
1115 printf("pkey, x = %p, %p\n", pkey, x); 1178 printf("pkey, x = %p, %p\n", pkey, x);
1116 printf("ssl_cert_type(x, pkey) = %d\n", ssl_cert_type(x, pkey)); 1179 printf("ssl_cert_type(x, pkey) = %d\n", ssl_cert_type(x, pkey));
1117 printf("cipher, alg, nc = %s, %lx, %lx, %d\n", s->s3->tmp.new_cipher->name, 1180 printf("cipher, alg, nc = %s, %lx, %lx, %d\n",
1118 s->s3->tmp.new_cipher->algorithm_mkey, s->s3->tmp.new_cipher->algorithm_auth, need_cert); 1181 s->s3->tmp.new_cipher->name, s->s3->tmp.new_cipher->algorithm_mkey,
1182 s->s3->tmp.new_cipher->algorithm_auth, need_cert);
1119#endif /* KSSL_DEBUG */ 1183#endif /* KSSL_DEBUG */
1120 1184
1121 if (need_cert && ((pkey == NULL) || EVP_PKEY_missing_parameters(pkey))) { 1185 if (need_cert && ((pkey == NULL) ||
1186 EVP_PKEY_missing_parameters(pkey))) {
1122 x = NULL; 1187 x = NULL;
1123 al = SSL3_AL_FATAL; 1188 al = SSL3_AL_FATAL;
1124 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, 1189 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,
@@ -1138,8 +1203,10 @@ ssl3_get_server_certificate(SSL *s)
1138 if (need_cert) { 1203 if (need_cert) {
1139 sc->peer_cert_type = i; 1204 sc->peer_cert_type = i;
1140 CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); 1205 CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
1141 /* Why would the following ever happen? 1206 /*
1142 * We just created sc a couple of lines ago. */ 1207 * Why would the following ever happen?
1208 * We just created sc a couple of lines ago.
1209 */
1143 if (sc->peer_pkeys[i].x509 != NULL) 1210 if (sc->peer_pkeys[i].x509 != NULL)
1144 X509_free(sc->peer_pkeys[i].x509); 1211 X509_free(sc->peer_pkeys[i].x509);
1145 sc->peer_pkeys[i].x509 = x; 1212 sc->peer_pkeys[i].x509 = x;
@@ -1163,10 +1230,10 @@ ssl3_get_server_certificate(SSL *s)
1163 ret = 1; 1230 ret = 1;
1164 1231
1165 if (0) { 1232 if (0) {
1166f_err: 1233 f_err:
1167 ssl3_send_alert(s, SSL3_AL_FATAL, al); 1234 ssl3_send_alert(s, SSL3_AL_FATAL, al);
1168 } 1235 }
1169err: 1236 err:
1170 EVP_PKEY_free(pkey); 1237 EVP_PKEY_free(pkey);
1171 X509_free(x); 1238 X509_free(x);
1172 sk_X509_pop_free(sk, X509_free); 1239 sk_X509_pop_free(sk, X509_free);
@@ -1176,27 +1243,29 @@ err:
1176int 1243int
1177ssl3_get_key_exchange(SSL *s) 1244ssl3_get_key_exchange(SSL *s)
1178{ 1245{
1179 unsigned char *q, md_buf[EVP_MAX_MD_SIZE*2]; 1246 unsigned char *q, md_buf[EVP_MAX_MD_SIZE*2];
1180 EVP_MD_CTX md_ctx; 1247 EVP_MD_CTX md_ctx;
1181 unsigned char *param, *p; 1248 unsigned char *param, *p;
1182 int al, i, j, param_len, ok; 1249 int al, i, j, param_len, ok;
1183 long n, alg_k, alg_a; 1250 long n, alg_k, alg_a;
1184 EVP_PKEY *pkey = NULL; 1251 EVP_PKEY *pkey = NULL;
1185 const EVP_MD *md = NULL; 1252 const EVP_MD *md = NULL;
1186 RSA *rsa = NULL; 1253 RSA *rsa = NULL;
1187#ifndef OPENSSL_NO_DH 1254#ifndef OPENSSL_NO_DH
1188 DH *dh = NULL; 1255 DH *dh = NULL;
1189#endif 1256#endif
1190#ifndef OPENSSL_NO_ECDH 1257#ifndef OPENSSL_NO_ECDH
1191 EC_KEY *ecdh = NULL; 1258 EC_KEY *ecdh = NULL;
1192 BN_CTX *bn_ctx = NULL; 1259 BN_CTX *bn_ctx = NULL;
1193 EC_POINT *srvr_ecpoint = NULL; 1260 EC_POINT *srvr_ecpoint = NULL;
1194 int curve_nid = 0; 1261 int curve_nid = 0;
1195 int encoded_pt_len = 0; 1262 int encoded_pt_len = 0;
1196#endif 1263#endif
1197 1264
1198 /* use same message size as in ssl3_get_certificate_request() 1265 /*
1199 * as ServerKeyExchange message may be skipped */ 1266 * Use same message size as in ssl3_get_certificate_request()
1267 * as ServerKeyExchange message may be skipped.
1268 */
1200 n = s->method->ssl_get_message(s, SSL3_ST_CR_KEY_EXCH_A, 1269 n = s->method->ssl_get_message(s, SSL3_ST_CR_KEY_EXCH_A,
1201 SSL3_ST_CR_KEY_EXCH_B, -1, s->max_cert_list, &ok); 1270 SSL3_ST_CR_KEY_EXCH_B, -1, s->max_cert_list, &ok);
1202 if (!ok) 1271 if (!ok)
@@ -1204,10 +1273,11 @@ ssl3_get_key_exchange(SSL *s)
1204 1273
1205 if (s->s3->tmp.message_type != SSL3_MT_SERVER_KEY_EXCHANGE) { 1274 if (s->s3->tmp.message_type != SSL3_MT_SERVER_KEY_EXCHANGE) {
1206#ifndef OPENSSL_NO_PSK 1275#ifndef OPENSSL_NO_PSK
1207 /* In plain PSK ciphersuite, ServerKeyExchange can be 1276 /*
1208 omitted if no identity hint is sent. Set 1277 * In plain PSK ciphersuite, ServerKeyExchange can be
1209 session->sess_cert anyway to avoid problems 1278 * omitted if no identity hint is sent. Set session->sess_cert
1210 later.*/ 1279 * anyway to avoid problems later.
1280 */
1211 if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK) { 1281 if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK) {
1212 s->session->sess_cert = ssl_sess_cert_new(); 1282 s->session->sess_cert = ssl_sess_cert_new();
1213 if (s->ctx->psk_identity_hint) 1283 if (s->ctx->psk_identity_hint)
@@ -1253,32 +1323,37 @@ ssl3_get_key_exchange(SSL *s)
1253 al = SSL_AD_HANDSHAKE_FAILURE; 1323 al = SSL_AD_HANDSHAKE_FAILURE;
1254 n2s(p, i); 1324 n2s(p, i);
1255 param_len = i + 2; 1325 param_len = i + 2;
1256 /* Store PSK identity hint for later use, hint is used 1326 /*
1327 * Store PSK identity hint for later use, hint is used
1257 * in ssl3_send_client_key_exchange. Assume that the 1328 * in ssl3_send_client_key_exchange. Assume that the
1258 * maximum length of a PSK identity hint can be as 1329 * maximum length of a PSK identity hint can be as
1259 * long as the maximum length of a PSK identity. */ 1330 * long as the maximum length of a PSK identity.
1331 */
1260 if (i > PSK_MAX_IDENTITY_LEN) { 1332 if (i > PSK_MAX_IDENTITY_LEN) {
1261 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, 1333 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1262 SSL_R_DATA_LENGTH_TOO_LONG); 1334 SSL_R_DATA_LENGTH_TOO_LONG);
1263 goto f_err; 1335 goto f_err;
1264 } 1336 }
1265 if (param_len > n) { 1337 if (param_len > n) {
1266 al = SSL_AD_DECODE_ERROR; 1338 al = SSL_AD_DECODE_ERROR;
1267 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, 1339 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1268 SSL_R_BAD_PSK_IDENTITY_HINT_LENGTH); 1340 SSL_R_BAD_PSK_IDENTITY_HINT_LENGTH);
1269 goto f_err; 1341 goto f_err;
1270 } 1342 }
1271 /* If received PSK identity hint contains NULL 1343 /*
1344 * If received PSK identity hint contains NULL
1272 * characters, the hint is truncated from the first 1345 * characters, the hint is truncated from the first
1273 * NULL. p may not be ending with NULL, so create a 1346 * NULL. p may not be ending with NULL, so create a
1274 * NULL-terminated string. */ 1347 * NULL-terminated string.
1348 */
1275 memcpy(tmp_id_hint, p, i); 1349 memcpy(tmp_id_hint, p, i);
1276 memset(tmp_id_hint + i, 0, PSK_MAX_IDENTITY_LEN + 1 - i); 1350 memset(tmp_id_hint + i, 0, PSK_MAX_IDENTITY_LEN + 1 - i);
1277 if (s->ctx->psk_identity_hint != NULL) 1351 if (s->ctx->psk_identity_hint != NULL)
1278 free(s->ctx->psk_identity_hint); 1352 free(s->ctx->psk_identity_hint);
1279 s->ctx->psk_identity_hint = BUF_strdup(tmp_id_hint); 1353 s->ctx->psk_identity_hint = BUF_strdup(tmp_id_hint);
1280 if (s->ctx->psk_identity_hint == NULL) { 1354 if (s->ctx->psk_identity_hint == NULL) {
1281 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE); 1355 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1356 ERR_R_MALLOC_FAILURE);
1282 goto f_err; 1357 goto f_err;
1283 } 1358 }
1284 1359
@@ -1292,11 +1367,13 @@ ssl3_get_key_exchange(SSL *s)
1292 param_len = i + 2; 1367 param_len = i + 2;
1293 if (param_len > n) { 1368 if (param_len > n) {
1294 al = SSL_AD_DECODE_ERROR; 1369 al = SSL_AD_DECODE_ERROR;
1295 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_SRP_N_LENGTH); 1370 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1371 SSL_R_BAD_SRP_N_LENGTH);
1296 goto f_err; 1372 goto f_err;
1297 } 1373 }
1298 if (!(s->srp_ctx.N = BN_bin2bn(p, i, NULL))) { 1374 if (!(s->srp_ctx.N = BN_bin2bn(p, i, NULL))) {
1299 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_BN_LIB); 1375 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1376 ERR_R_BN_LIB);
1300 goto err; 1377 goto err;
1301 } 1378 }
1302 p += i; 1379 p += i;
@@ -1305,11 +1382,13 @@ ssl3_get_key_exchange(SSL *s)
1305 param_len += i + 2; 1382 param_len += i + 2;
1306 if (param_len > n) { 1383 if (param_len > n) {
1307 al = SSL_AD_DECODE_ERROR; 1384 al = SSL_AD_DECODE_ERROR;
1308 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_SRP_G_LENGTH); 1385 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1386 SSL_R_BAD_SRP_G_LENGTH);
1309 goto f_err; 1387 goto f_err;
1310 } 1388 }
1311 if (!(s->srp_ctx.g = BN_bin2bn(p, i, NULL))) { 1389 if (!(s->srp_ctx.g = BN_bin2bn(p, i, NULL))) {
1312 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_BN_LIB); 1390 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1391 ERR_R_BN_LIB);
1313 goto err; 1392 goto err;
1314 } 1393 }
1315 p += i; 1394 p += i;
@@ -1319,11 +1398,13 @@ ssl3_get_key_exchange(SSL *s)
1319 param_len += i + 1; 1398 param_len += i + 1;
1320 if (param_len > n) { 1399 if (param_len > n) {
1321 al = SSL_AD_DECODE_ERROR; 1400 al = SSL_AD_DECODE_ERROR;
1322 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_SRP_S_LENGTH); 1401 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1402 SSL_R_BAD_SRP_S_LENGTH);
1323 goto f_err; 1403 goto f_err;
1324 } 1404 }
1325 if (!(s->srp_ctx.s = BN_bin2bn(p, i, NULL))) { 1405 if (!(s->srp_ctx.s = BN_bin2bn(p, i, NULL))) {
1326 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_BN_LIB); 1406 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1407 ERR_R_BN_LIB);
1327 goto err; 1408 goto err;
1328 } 1409 }
1329 p += i; 1410 p += i;
@@ -1332,224 +1413,268 @@ ssl3_get_key_exchange(SSL *s)
1332 param_len += i + 2; 1413 param_len += i + 2;
1333 if (param_len > n) { 1414 if (param_len > n) {
1334 al = SSL_AD_DECODE_ERROR; 1415 al = SSL_AD_DECODE_ERROR;
1335 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_SRP_B_LENGTH); 1416 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1417 SSL_R_BAD_SRP_B_LENGTH);
1336 goto f_err; 1418 goto f_err;
1337 } 1419 }
1338 if (!(s->srp_ctx.B = BN_bin2bn(p, i, NULL))) { 1420 if (!(s->srp_ctx.B = BN_bin2bn(p, i, NULL))) {
1339 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_BN_LIB); 1421 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1422 ERR_R_BN_LIB);
1340 goto err; 1423 goto err;
1341 } 1424 }
1342 p += i; 1425 p += i;
1343 n -= param_len; 1426 n -= param_len;
1344 1427
1345/* We must check if there is a certificate */ 1428 /* We must check if there is a certificate */
1346 if (alg_a & SSL_aRSA) 1429 if (alg_a & SSL_aRSA)
1347 pkey = X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509); 1430 pkey = X509_get_pubkey(
1431 s->session->sess_cert->peer_pkeys[
1432 SSL_PKEY_RSA_ENC].x509);
1348 else if (alg_a & SSL_aDSS) 1433 else if (alg_a & SSL_aDSS)
1349 pkey = X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_DSA_SIGN].x509); 1434 pkey = X509_get_pubkey(
1435 s->session->sess_cert->peer_pkeys[
1436 SSL_PKEY_DSA_SIGN].x509);
1350 } else 1437 } else
1351#endif /* !OPENSSL_NO_SRP */ 1438#endif /* !OPENSSL_NO_SRP */
1352 if (alg_k & SSL_kRSA) { 1439 if (alg_k & SSL_kRSA) {
1353 if ((rsa = RSA_new()) == NULL) { 1440 if ((rsa = RSA_new()) == NULL) {
1354 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE); 1441 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1355 goto err; 1442 ERR_R_MALLOC_FAILURE);
1356 } 1443 goto err;
1357 n2s(p, i); 1444 }
1358 param_len = i + 2; 1445 n2s(p, i);
1359 if (param_len > n) { 1446 param_len = i + 2;
1360 al = SSL_AD_DECODE_ERROR; 1447 if (param_len > n) {
1361 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_RSA_MODULUS_LENGTH); 1448 al = SSL_AD_DECODE_ERROR;
1362 goto f_err; 1449 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1363 } 1450 SSL_R_BAD_RSA_MODULUS_LENGTH);
1364 if (!(rsa->n = BN_bin2bn(p, i, rsa->n))) { 1451 goto f_err;
1365 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_BN_LIB); 1452 }
1366 goto err; 1453 if (!(rsa->n = BN_bin2bn(p, i, rsa->n))) {
1367 } 1454 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1368 p += i; 1455 ERR_R_BN_LIB);
1456 goto err;
1457 }
1458 p += i;
1369 1459
1370 n2s(p, i); 1460 n2s(p, i);
1371 param_len += i + 2; 1461 param_len += i + 2;
1372 if (param_len > n) { 1462 if (param_len > n) {
1373 al = SSL_AD_DECODE_ERROR; 1463 al = SSL_AD_DECODE_ERROR;
1374 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_RSA_E_LENGTH); 1464 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1375 goto f_err; 1465 SSL_R_BAD_RSA_E_LENGTH);
1376 } 1466 goto f_err;
1377 if (!(rsa->e = BN_bin2bn(p, i, rsa->e))) { 1467 }
1378 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_BN_LIB); 1468 if (!(rsa->e = BN_bin2bn(p, i, rsa->e))) {
1379 goto err; 1469 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1380 } 1470 ERR_R_BN_LIB);
1381 p += i; 1471 goto err;
1382 n -= param_len; 1472 }
1473 p += i;
1474 n -= param_len;
1383 1475
1384 /* this should be because we are using an export cipher */ 1476 /*
1385 if (alg_a & SSL_aRSA) 1477 * This should be because we are using an
1386 pkey = X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509); 1478 * export cipher
1387 else { 1479 */
1388 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); 1480 if (alg_a & SSL_aRSA)
1389 goto err; 1481 pkey = X509_get_pubkey(
1482 s->session->sess_cert->peer_pkeys[
1483 SSL_PKEY_RSA_ENC].x509);
1484 else {
1485 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1486 ERR_R_INTERNAL_ERROR);
1487 goto err;
1488 }
1489 s->session->sess_cert->peer_rsa_tmp = rsa;
1490 rsa = NULL;
1390 } 1491 }
1391 s->session->sess_cert->peer_rsa_tmp = rsa;
1392 rsa = NULL;
1393 }
1394#ifndef OPENSSL_NO_DH 1492#ifndef OPENSSL_NO_DH
1395 else if (alg_k & SSL_kEDH) { 1493 else if (alg_k & SSL_kEDH) {
1396 if ((dh = DH_new()) == NULL) { 1494 if ((dh = DH_new()) == NULL) {
1397 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_DH_LIB); 1495 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1398 goto err; 1496 ERR_R_DH_LIB);
1399 } 1497 goto err;
1400 n2s(p, i); 1498 }
1401 param_len = i + 2; 1499 n2s(p, i);
1402 if (param_len > n) { 1500 param_len = i + 2;
1403 al = SSL_AD_DECODE_ERROR; 1501 if (param_len > n) {
1404 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_DH_P_LENGTH); 1502 al = SSL_AD_DECODE_ERROR;
1405 goto f_err; 1503 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1406 } 1504 SSL_R_BAD_DH_P_LENGTH);
1407 if (!(dh->p = BN_bin2bn(p, i, NULL))) { 1505 goto f_err;
1408 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_BN_LIB); 1506 }
1409 goto err; 1507 if (!(dh->p = BN_bin2bn(p, i, NULL))) {
1410 } 1508 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1411 p += i; 1509 ERR_R_BN_LIB);
1510 goto err;
1511 }
1512 p += i;
1412 1513
1413 n2s(p, i); 1514 n2s(p, i);
1414 param_len += i + 2; 1515 param_len += i + 2;
1415 if (param_len > n) { 1516 if (param_len > n) {
1416 al = SSL_AD_DECODE_ERROR; 1517 al = SSL_AD_DECODE_ERROR;
1417 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_DH_G_LENGTH); 1518 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1418 goto f_err; 1519 SSL_R_BAD_DH_G_LENGTH);
1419 } 1520 goto f_err;
1420 if (!(dh->g = BN_bin2bn(p, i, NULL))) { 1521 }
1421 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_BN_LIB); 1522 if (!(dh->g = BN_bin2bn(p, i, NULL))) {
1422 goto err; 1523 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1423 } 1524 ERR_R_BN_LIB);
1424 p += i; 1525 goto err;
1526 }
1527 p += i;
1425 1528
1426 n2s(p, i); 1529 n2s(p, i);
1427 param_len += i + 2; 1530 param_len += i + 2;
1428 if (param_len > n) { 1531 if (param_len > n) {
1429 al = SSL_AD_DECODE_ERROR; 1532 al = SSL_AD_DECODE_ERROR;
1430 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_DH_PUB_KEY_LENGTH); 1533 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1534 SSL_R_BAD_DH_PUB_KEY_LENGTH);
1535 goto f_err;
1536 }
1537 if (!(dh->pub_key = BN_bin2bn(p, i, NULL))) {
1538 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1539 ERR_R_BN_LIB);
1540 goto err;
1541 }
1542 p += i;
1543 n -= param_len;
1544
1545 if (alg_a & SSL_aRSA)
1546 pkey = X509_get_pubkey(
1547 s->session->sess_cert->peer_pkeys[
1548 SSL_PKEY_RSA_ENC].x509);
1549 else if (alg_a & SSL_aDSS)
1550 pkey = X509_get_pubkey(
1551 s->session->sess_cert->peer_pkeys[
1552 SSL_PKEY_DSA_SIGN].x509);
1553 /* else anonymous DH, so no certificate or pkey. */
1554
1555 s->session->sess_cert->peer_dh_tmp = dh;
1556 dh = NULL;
1557 } else if ((alg_k & SSL_kDHr) || (alg_k & SSL_kDHd)) {
1558 al = SSL_AD_ILLEGAL_PARAMETER;
1559 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1560 SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER);
1431 goto f_err; 1561 goto f_err;
1432 } 1562 }
1433 if (!(dh->pub_key = BN_bin2bn(p, i, NULL))) {
1434 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_BN_LIB);
1435 goto err;
1436 }
1437 p += i;
1438 n -= param_len;
1439
1440 if (alg_a & SSL_aRSA)
1441 pkey = X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
1442 else if (alg_a & SSL_aDSS)
1443 pkey = X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_DSA_SIGN].x509);
1444 /* else anonymous DH, so no certificate or pkey. */
1445
1446 s->session->sess_cert->peer_dh_tmp = dh;
1447 dh = NULL;
1448 } else if ((alg_k & SSL_kDHr) || (alg_k & SSL_kDHd)) {
1449 al = SSL_AD_ILLEGAL_PARAMETER;
1450 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER);
1451 goto f_err;
1452 }
1453#endif /* !OPENSSL_NO_DH */ 1563#endif /* !OPENSSL_NO_DH */
1454 1564
1455#ifndef OPENSSL_NO_ECDH 1565#ifndef OPENSSL_NO_ECDH
1456 else if (alg_k & SSL_kEECDH) { 1566 else if (alg_k & SSL_kEECDH) {
1457 EC_GROUP *ngroup; 1567 EC_GROUP *ngroup;
1458 const EC_GROUP *group; 1568 const EC_GROUP *group;
1459 1569
1460 if ((ecdh = EC_KEY_new()) == NULL) { 1570 if ((ecdh = EC_KEY_new()) == NULL) {
1461 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE); 1571 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1462 goto err; 1572 ERR_R_MALLOC_FAILURE);
1463 } 1573 goto err;
1574 }
1464 1575
1465 /* Extract elliptic curve parameters and the 1576 /*
1466 * server's ephemeral ECDH public key. 1577 * Extract elliptic curve parameters and the
1467 * Keep accumulating lengths of various components in 1578 * server's ephemeral ECDH public key.
1468 * param_len and make sure it never exceeds n. 1579 * Keep accumulating lengths of various components in
1469 */ 1580 * param_len and make sure it never exceeds n.
1581 */
1470 1582
1471 /* XXX: For now we only support named (not generic) curves 1583 /*
1472 * and the ECParameters in this case is just three bytes. 1584 * XXX: For now we only support named (not generic)
1473 */ 1585 * curves and the ECParameters in this case is just
1474 param_len = 3; 1586 * three bytes.
1475 if ((param_len > n) || 1587 */
1476 (*p != NAMED_CURVE_TYPE) || 1588 param_len = 3;
1477 ((curve_nid = tls1_ec_curve_id2nid(*(p + 2))) == 0)) { 1589 if ((param_len > n) || (*p != NAMED_CURVE_TYPE) ||
1478 al = SSL_AD_INTERNAL_ERROR; 1590 ((curve_nid = tls1_ec_curve_id2nid(*(p + 2)))
1479 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS); 1591 == 0)) {
1480 goto f_err; 1592 al = SSL_AD_INTERNAL_ERROR;
1481 } 1593 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1594 SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS);
1595 goto f_err;
1596 }
1482 1597
1483 ngroup = EC_GROUP_new_by_curve_name(curve_nid); 1598 ngroup = EC_GROUP_new_by_curve_name(curve_nid);
1484 if (ngroup == NULL) { 1599 if (ngroup == NULL) {
1485 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_EC_LIB); 1600 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1486 goto err; 1601 ERR_R_EC_LIB);
1487 } 1602 goto err;
1488 if (EC_KEY_set_group(ecdh, ngroup) == 0) { 1603 }
1489 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_EC_LIB); 1604 if (EC_KEY_set_group(ecdh, ngroup) == 0) {
1490 goto err; 1605 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1491 } 1606 ERR_R_EC_LIB);
1492 EC_GROUP_free(ngroup); 1607 goto err;
1608 }
1609 EC_GROUP_free(ngroup);
1493 1610
1494 group = EC_KEY_get0_group(ecdh); 1611 group = EC_KEY_get0_group(ecdh);
1495 1612
1496 if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && 1613 if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) &&
1497 (EC_GROUP_get_degree(group) > 163)) { 1614 (EC_GROUP_get_degree(group) > 163)) {
1498 al = SSL_AD_EXPORT_RESTRICTION; 1615 al = SSL_AD_EXPORT_RESTRICTION;
1499 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER); 1616 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1500 goto f_err; 1617 SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER);
1501 } 1618 goto f_err;
1619 }
1502 1620
1503 p += 3; 1621 p += 3;
1504 1622
1505 /* Next, get the encoded ECPoint */ 1623 /* Next, get the encoded ECPoint */
1506 if (((srvr_ecpoint = EC_POINT_new(group)) == NULL) || 1624 if (((srvr_ecpoint = EC_POINT_new(group)) == NULL) ||
1507 ((bn_ctx = BN_CTX_new()) == NULL)) { 1625 ((bn_ctx = BN_CTX_new()) == NULL)) {
1508 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE); 1626 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1509 goto err; 1627 ERR_R_MALLOC_FAILURE);
1510 } 1628 goto err;
1629 }
1511 1630
1512 encoded_pt_len = *p; 1631 encoded_pt_len = *p;
1513 /* length of encoded point */ 1632 /* length of encoded point */
1514 p += 1; 1633 p += 1;
1515 param_len += (1 + encoded_pt_len); 1634 param_len += (1 + encoded_pt_len);
1516 if ((param_len > n) || 1635 if ((param_len > n) ||
1517 (EC_POINT_oct2point(group, srvr_ecpoint, 1636 (EC_POINT_oct2point(group, srvr_ecpoint,
1518 p, encoded_pt_len, bn_ctx) == 0)) { 1637 p, encoded_pt_len, bn_ctx) == 0)) {
1519 al = SSL_AD_DECODE_ERROR; 1638 al = SSL_AD_DECODE_ERROR;
1520 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_ECPOINT); 1639 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1521 goto f_err; 1640 SSL_R_BAD_ECPOINT);
1522 } 1641 goto f_err;
1642 }
1523 1643
1524 n -= param_len; 1644 n -= param_len;
1525 p += encoded_pt_len; 1645 p += encoded_pt_len;
1526 1646
1527 /* The ECC/TLS specification does not mention 1647 /*
1528 * the use of DSA to sign ECParameters in the server 1648 * The ECC/TLS specification does not mention the use
1529 * key exchange message. We do support RSA and ECDSA. 1649 * of DSA to sign ECParameters in the server key
1530 */ 1650 * exchange message. We do support RSA and ECDSA.
1531 if (alg_a & SSL_aRSA) 1651 */
1532 pkey = X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509); 1652 if (alg_a & SSL_aRSA)
1653 pkey = X509_get_pubkey(
1654 s->session->sess_cert->peer_pkeys[
1655 SSL_PKEY_RSA_ENC].x509);
1533#ifndef OPENSSL_NO_ECDSA 1656#ifndef OPENSSL_NO_ECDSA
1534 else if (alg_a & SSL_aECDSA) 1657 else if (alg_a & SSL_aECDSA)
1535 pkey = X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_ECC].x509); 1658 pkey = X509_get_pubkey(
1659 s->session->sess_cert->peer_pkeys[
1660 SSL_PKEY_ECC].x509);
1536#endif 1661#endif
1537 /* else anonymous ECDH, so no certificate or pkey. */ 1662 /* Else anonymous ECDH, so no certificate or pkey. */
1538 EC_KEY_set_public_key(ecdh, srvr_ecpoint); 1663 EC_KEY_set_public_key(ecdh, srvr_ecpoint);
1539 s->session->sess_cert->peer_ecdh_tmp = ecdh; 1664 s->session->sess_cert->peer_ecdh_tmp = ecdh;
1540 ecdh = NULL; 1665 ecdh = NULL;
1541 BN_CTX_free(bn_ctx); 1666 BN_CTX_free(bn_ctx);
1542 bn_ctx = NULL; 1667 bn_ctx = NULL;
1543 EC_POINT_free(srvr_ecpoint); 1668 EC_POINT_free(srvr_ecpoint);
1544 srvr_ecpoint = NULL; 1669 srvr_ecpoint = NULL;
1545 } else if (alg_k) { 1670 } else if (alg_k) {
1546 al = SSL_AD_UNEXPECTED_MESSAGE; 1671 al = SSL_AD_UNEXPECTED_MESSAGE;
1547 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_UNEXPECTED_MESSAGE); 1672 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1548 goto f_err; 1673 SSL_R_UNEXPECTED_MESSAGE);
1549 } 1674 goto f_err;
1675 }
1550#endif /* !OPENSSL_NO_ECDH */ 1676#endif /* !OPENSSL_NO_ECDH */
1551 1677
1552
1553 /* p points to the next byte, there are 'n' bytes left */ 1678 /* p points to the next byte, there are 'n' bytes left */
1554 1679
1555 /* if it was signed, check the signature */ 1680 /* if it was signed, check the signature */
@@ -1558,23 +1683,30 @@ ssl3_get_key_exchange(SSL *s)
1558 int sigalg = tls12_get_sigid(pkey); 1683 int sigalg = tls12_get_sigid(pkey);
1559 /* Should never happen */ 1684 /* Should never happen */
1560 if (sigalg == -1) { 1685 if (sigalg == -1) {
1561 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); 1686 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1687 ERR_R_INTERNAL_ERROR);
1562 goto err; 1688 goto err;
1563 } 1689 }
1564 /* Check key type is consistent with signature */ 1690 /*
1691 * Check key type is consistent
1692 * with signature
1693 */
1565 if (sigalg != (int)p[1]) { 1694 if (sigalg != (int)p[1]) {
1566 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_WRONG_SIGNATURE_TYPE); 1695 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1696 SSL_R_WRONG_SIGNATURE_TYPE);
1567 al = SSL_AD_DECODE_ERROR; 1697 al = SSL_AD_DECODE_ERROR;
1568 goto f_err; 1698 goto f_err;
1569 } 1699 }
1570 md = tls12_get_hash(p[0]); 1700 md = tls12_get_hash(p[0]);
1571 if (md == NULL) { 1701 if (md == NULL) {
1572 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_UNKNOWN_DIGEST); 1702 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1703 SSL_R_UNKNOWN_DIGEST);
1573 al = SSL_AD_DECODE_ERROR; 1704 al = SSL_AD_DECODE_ERROR;
1574 goto f_err; 1705 goto f_err;
1575 } 1706 }
1576#ifdef SSL_DEBUG 1707#ifdef SSL_DEBUG
1577 fprintf(stderr, "USING TLSv1.2 HASH %s\n", EVP_MD_name(md)); 1708 fprintf(stderr, "USING TLSv1.2 HASH %s\n",
1709 EVP_MD_name(md));
1578#endif 1710#endif
1579 p += 2; 1711 p += 2;
1580 n -= 2; 1712 n -= 2;
@@ -1588,11 +1720,13 @@ ssl3_get_key_exchange(SSL *s)
1588 if ((i != n) || (n > j) || (n <= 0)) { 1720 if ((i != n) || (n > j) || (n <= 0)) {
1589 /* wrong packet length */ 1721 /* wrong packet length */
1590 al = SSL_AD_DECODE_ERROR; 1722 al = SSL_AD_DECODE_ERROR;
1591 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_WRONG_SIGNATURE_LENGTH); 1723 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1724 SSL_R_WRONG_SIGNATURE_LENGTH);
1592 goto f_err; 1725 goto f_err;
1593 } 1726 }
1594 1727
1595 if (pkey->type == EVP_PKEY_RSA && TLS1_get_version(s) < TLS1_2_VERSION) { 1728 if (pkey->type == EVP_PKEY_RSA &&
1729 TLS1_get_version(s) < TLS1_2_VERSION) {
1596 int num; 1730 int num;
1597 1731
1598 j = 0; 1732 j = 0;
@@ -1600,61 +1734,72 @@ ssl3_get_key_exchange(SSL *s)
1600 for (num = 2; num > 0; num--) { 1734 for (num = 2; num > 0; num--) {
1601 EVP_MD_CTX_set_flags(&md_ctx, 1735 EVP_MD_CTX_set_flags(&md_ctx,
1602 EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); 1736 EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
1603 EVP_DigestInit_ex(&md_ctx,(num == 2) 1737 EVP_DigestInit_ex(&md_ctx,
1604 ?s->ctx->md5 : s->ctx->sha1, NULL); 1738 (num == 2) ? s->ctx->md5 : s->ctx->sha1,
1605 EVP_DigestUpdate(&md_ctx, &(s->s3->client_random[0]), SSL3_RANDOM_SIZE); 1739 NULL);
1606 EVP_DigestUpdate(&md_ctx, &(s->s3->server_random[0]), SSL3_RANDOM_SIZE); 1740 EVP_DigestUpdate(&md_ctx,
1741 &(s->s3->client_random[0]),
1742 SSL3_RANDOM_SIZE);
1743 EVP_DigestUpdate(&md_ctx,
1744 &(s->s3->server_random[0]),
1745 SSL3_RANDOM_SIZE);
1607 EVP_DigestUpdate(&md_ctx, param, param_len); 1746 EVP_DigestUpdate(&md_ctx, param, param_len);
1608 EVP_DigestFinal_ex(&md_ctx, q,(unsigned int *)&i); 1747 EVP_DigestFinal_ex(&md_ctx, q,
1748 (unsigned int *)&i);
1609 q += i; 1749 q += i;
1610 j += i; 1750 j += i;
1611 } 1751 }
1612 i = RSA_verify(NID_md5_sha1, md_buf, j, p, n, 1752 i = RSA_verify(NID_md5_sha1, md_buf, j,
1613 pkey->pkey.rsa); 1753 p, n, pkey->pkey.rsa);
1614 if (i < 0) { 1754 if (i < 0) {
1615 al = SSL_AD_DECRYPT_ERROR; 1755 al = SSL_AD_DECRYPT_ERROR;
1616 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_RSA_DECRYPT); 1756 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1757 SSL_R_BAD_RSA_DECRYPT);
1617 goto f_err; 1758 goto f_err;
1618 } 1759 }
1619 if (i == 0) { 1760 if (i == 0) {
1620 /* bad signature */ 1761 /* bad signature */
1621 al = SSL_AD_DECRYPT_ERROR; 1762 al = SSL_AD_DECRYPT_ERROR;
1622 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_SIGNATURE); 1763 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1764 SSL_R_BAD_SIGNATURE);
1623 goto f_err; 1765 goto f_err;
1624 } 1766 }
1625 } else 1767 } else {
1626 {
1627 EVP_VerifyInit_ex(&md_ctx, md, NULL); 1768 EVP_VerifyInit_ex(&md_ctx, md, NULL);
1628 EVP_VerifyUpdate(&md_ctx, &(s->s3->client_random[0]), SSL3_RANDOM_SIZE); 1769 EVP_VerifyUpdate(&md_ctx, &(s->s3->client_random[0]),
1629 EVP_VerifyUpdate(&md_ctx, &(s->s3->server_random[0]), SSL3_RANDOM_SIZE); 1770 SSL3_RANDOM_SIZE);
1771 EVP_VerifyUpdate(&md_ctx, &(s->s3->server_random[0]),
1772 SSL3_RANDOM_SIZE);
1630 EVP_VerifyUpdate(&md_ctx, param, param_len); 1773 EVP_VerifyUpdate(&md_ctx, param, param_len);
1631 if (EVP_VerifyFinal(&md_ctx, p,(int)n, pkey) <= 0) { 1774 if (EVP_VerifyFinal(&md_ctx, p,(int)n, pkey) <= 0) {
1632 /* bad signature */ 1775 /* bad signature */
1633 al = SSL_AD_DECRYPT_ERROR; 1776 al = SSL_AD_DECRYPT_ERROR;
1634 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_SIGNATURE); 1777 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1778 SSL_R_BAD_SIGNATURE);
1635 goto f_err; 1779 goto f_err;
1636 } 1780 }
1637 } 1781 }
1638 } else { 1782 } else {
1639 if (!(alg_a & SSL_aNULL) && !(alg_k & SSL_kPSK)) 1783 /* aNULL or kPSK do not need public keys */
1640 /* aNULL or kPSK do not need public keys */ 1784 if (!(alg_a & SSL_aNULL) && !(alg_k & SSL_kPSK)) {
1641 { 1785 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1642 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); 1786 ERR_R_INTERNAL_ERROR);
1643 goto err; 1787 goto err;
1644 } 1788 }
1645 /* still data left over */ 1789 /* still data left over */
1646 if (n != 0) { 1790 if (n != 0) {
1647 al = SSL_AD_DECODE_ERROR; 1791 al = SSL_AD_DECODE_ERROR;
1648 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_EXTRA_DATA_IN_MESSAGE); 1792 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1793 SSL_R_EXTRA_DATA_IN_MESSAGE);
1649 goto f_err; 1794 goto f_err;
1650 } 1795 }
1651 } 1796 }
1652 EVP_PKEY_free(pkey); 1797 EVP_PKEY_free(pkey);
1653 EVP_MD_CTX_cleanup(&md_ctx); 1798 EVP_MD_CTX_cleanup(&md_ctx);
1654 return (1); 1799 return (1);
1655f_err: 1800 f_err:
1656 ssl3_send_alert(s, SSL3_AL_FATAL, al); 1801 ssl3_send_alert(s, SSL3_AL_FATAL, al);
1657err: 1802 err:
1658 EVP_PKEY_free(pkey); 1803 EVP_PKEY_free(pkey);
1659 if (rsa != NULL) 1804 if (rsa != NULL)
1660 RSA_free(rsa); 1805 RSA_free(rsa);
@@ -1675,20 +1820,16 @@ err:
1675int 1820int
1676ssl3_get_certificate_request(SSL *s) 1821ssl3_get_certificate_request(SSL *s)
1677{ 1822{
1678 int ok, ret = 0; 1823 int ok, ret = 0;
1679 unsigned long n, nc, l; 1824 unsigned long n, nc, l;
1680 unsigned int llen, ctype_num, i; 1825 unsigned int llen, ctype_num, i;
1681 X509_NAME *xn = NULL; 1826 X509_NAME *xn = NULL;
1682 const unsigned char *p, *q; 1827 const unsigned char *p, *q;
1683 unsigned char *d; 1828 unsigned char *d;
1684 STACK_OF(X509_NAME) *ca_sk = NULL; 1829 STACK_OF(X509_NAME) *ca_sk = NULL;
1685 1830
1686 n = s->method->ssl_get_message(s, 1831 n = s->method->ssl_get_message(s, SSL3_ST_CR_CERT_REQ_A,
1687 SSL3_ST_CR_CERT_REQ_A, 1832 SSL3_ST_CR_CERT_REQ_B, -1, s->max_cert_list, &ok);
1688 SSL3_ST_CR_CERT_REQ_B,
1689 -1,
1690 s->max_cert_list,
1691 &ok);
1692 1833
1693 if (!ok) 1834 if (!ok)
1694 return ((int)n); 1835 return ((int)n);
@@ -1697,7 +1838,8 @@ ssl3_get_certificate_request(SSL *s)
1697 1838
1698 if (s->s3->tmp.message_type == SSL3_MT_SERVER_DONE) { 1839 if (s->s3->tmp.message_type == SSL3_MT_SERVER_DONE) {
1699 s->s3->tmp.reuse_message = 1; 1840 s->s3->tmp.reuse_message = 1;
1700 /* If we get here we don't need any cached handshake records 1841 /*
1842 * If we get here we don't need any cached handshake records
1701 * as we wont be doing client auth. 1843 * as we wont be doing client auth.
1702 */ 1844 */
1703 if (s->s3->handshake_buffer) { 1845 if (s->s3->handshake_buffer) {
@@ -1709,15 +1851,18 @@ ssl3_get_certificate_request(SSL *s)
1709 1851
1710 if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE_REQUEST) { 1852 if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE_REQUEST) {
1711 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE); 1853 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
1712 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, SSL_R_WRONG_MESSAGE_TYPE); 1854 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,
1855 SSL_R_WRONG_MESSAGE_TYPE);
1713 goto err; 1856 goto err;
1714 } 1857 }
1715 1858
1716 /* TLS does not like anon-DH with client cert */ 1859 /* TLS does not like anon-DH with client cert */
1717 if (s->version > SSL3_VERSION) { 1860 if (s->version > SSL3_VERSION) {
1718 if (s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) { 1861 if (s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) {
1719 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE); 1862 ssl3_send_alert(s, SSL3_AL_FATAL,
1720 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER); 1863 SSL_AD_UNEXPECTED_MESSAGE);
1864 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,
1865 SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER);
1721 goto err; 1866 goto err;
1722 } 1867 }
1723 } 1868 }
@@ -1725,7 +1870,8 @@ ssl3_get_certificate_request(SSL *s)
1725 p = d=(unsigned char *)s->init_msg; 1870 p = d=(unsigned char *)s->init_msg;
1726 1871
1727 if ((ca_sk = sk_X509_NAME_new(ca_dn_cmp)) == NULL) { 1872 if ((ca_sk = sk_X509_NAME_new(ca_dn_cmp)) == NULL) {
1728 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, ERR_R_MALLOC_FAILURE); 1873 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,
1874 ERR_R_MALLOC_FAILURE);
1729 goto err; 1875 goto err;
1730 } 1876 }
1731 1877
@@ -1743,12 +1889,14 @@ ssl3_get_certificate_request(SSL *s)
1743 */ 1889 */
1744 if ((unsigned long)(p - d + llen + 2) > n) { 1890 if ((unsigned long)(p - d + llen + 2) > n) {
1745 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); 1891 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
1746 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, SSL_R_DATA_LENGTH_TOO_LONG); 1892 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,
1893 SSL_R_DATA_LENGTH_TOO_LONG);
1747 goto err; 1894 goto err;
1748 } 1895 }
1749 if ((llen & 1) || !tls1_process_sigalgs(s, p, llen)) { 1896 if ((llen & 1) || !tls1_process_sigalgs(s, p, llen)) {
1750 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); 1897 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
1751 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, SSL_R_SIGNATURE_ALGORITHMS_ERROR); 1898 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,
1899 SSL_R_SIGNATURE_ALGORITHMS_ERROR);
1752 goto err; 1900 goto err;
1753 } 1901 }
1754 p += llen; 1902 p += llen;
@@ -1759,7 +1907,8 @@ ssl3_get_certificate_request(SSL *s)
1759 1907
1760 if ((unsigned long)(p - d + llen) != n) { 1908 if ((unsigned long)(p - d + llen) != n) {
1761 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); 1909 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
1762 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, SSL_R_LENGTH_MISMATCH); 1910 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,
1911 SSL_R_LENGTH_MISMATCH);
1763 goto err; 1912 goto err;
1764 } 1913 }
1765 1914
@@ -1769,7 +1918,8 @@ ssl3_get_certificate_request(SSL *s)
1769 if ((s->options & SSL_OP_NETSCAPE_CA_DN_BUG)) 1918 if ((s->options & SSL_OP_NETSCAPE_CA_DN_BUG))
1770 goto cont; /* netscape bugs */ 1919 goto cont; /* netscape bugs */
1771 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); 1920 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
1772 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, SSL_R_CA_DN_TOO_LONG); 1921 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,
1922 SSL_R_CA_DN_TOO_LONG);
1773 goto err; 1923 goto err;
1774 } 1924 }
1775 1925
@@ -1780,19 +1930,23 @@ ssl3_get_certificate_request(SSL *s)
1780 if (s->options & SSL_OP_NETSCAPE_CA_DN_BUG) 1930 if (s->options & SSL_OP_NETSCAPE_CA_DN_BUG)
1781 goto cont; 1931 goto cont;
1782 else { 1932 else {
1783 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); 1933 ssl3_send_alert(s, SSL3_AL_FATAL,
1784 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, ERR_R_ASN1_LIB); 1934 SSL_AD_DECODE_ERROR);
1935 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,
1936 ERR_R_ASN1_LIB);
1785 goto err; 1937 goto err;
1786 } 1938 }
1787 } 1939 }
1788 1940
1789 if (q != (p + l)) { 1941 if (q != (p + l)) {
1790 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); 1942 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
1791 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, SSL_R_CA_DN_LENGTH_MISMATCH); 1943 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,
1944 SSL_R_CA_DN_LENGTH_MISMATCH);
1792 goto err; 1945 goto err;
1793 } 1946 }
1794 if (!sk_X509_NAME_push(ca_sk, xn)) { 1947 if (!sk_X509_NAME_push(ca_sk, xn)) {
1795 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, ERR_R_MALLOC_FAILURE); 1948 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,
1949 ERR_R_MALLOC_FAILURE);
1796 goto err; 1950 goto err;
1797 } 1951 }
1798 1952
@@ -1801,7 +1955,7 @@ ssl3_get_certificate_request(SSL *s)
1801 } 1955 }
1802 1956
1803 if (0) { 1957 if (0) {
1804cont: 1958 cont:
1805 ERR_clear_error(); 1959 ERR_clear_error();
1806 } 1960 }
1807 1961
@@ -1814,7 +1968,7 @@ cont:
1814 ca_sk = NULL; 1968 ca_sk = NULL;
1815 1969
1816 ret = 1; 1970 ret = 1;
1817err: 1971 err:
1818 if (ca_sk != NULL) 1972 if (ca_sk != NULL)
1819 sk_X509_NAME_pop_free(ca_sk, X509_NAME_free); 1973 sk_X509_NAME_pop_free(ca_sk, X509_NAME_free);
1820 return (ret); 1974 return (ret);
@@ -1830,10 +1984,10 @@ ca_dn_cmp(const X509_NAME * const *a, const X509_NAME * const *b)
1830int 1984int
1831ssl3_get_new_session_ticket(SSL *s) 1985ssl3_get_new_session_ticket(SSL *s)
1832{ 1986{
1833 int ok, al, ret = 0, ticklen; 1987 int ok, al, ret = 0, ticklen;
1834 long n; 1988 long n;
1835 const unsigned char *p; 1989 const unsigned char *p;
1836 unsigned char *d; 1990 unsigned char *d;
1837 1991
1838 n = s->method->ssl_get_message(s, SSL3_ST_CR_SESSION_TICKET_A, 1992 n = s->method->ssl_get_message(s, SSL3_ST_CR_SESSION_TICKET_A,
1839 SSL3_ST_CR_SESSION_TICKET_B, -1, 16384, &ok); 1993 SSL3_ST_CR_SESSION_TICKET_B, -1, 16384, &ok);
@@ -1846,13 +2000,15 @@ ssl3_get_new_session_ticket(SSL *s)
1846 } 2000 }
1847 if (s->s3->tmp.message_type != SSL3_MT_NEWSESSION_TICKET) { 2001 if (s->s3->tmp.message_type != SSL3_MT_NEWSESSION_TICKET) {
1848 al = SSL_AD_UNEXPECTED_MESSAGE; 2002 al = SSL_AD_UNEXPECTED_MESSAGE;
1849 SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET, SSL_R_BAD_MESSAGE_TYPE); 2003 SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,
2004 SSL_R_BAD_MESSAGE_TYPE);
1850 goto f_err; 2005 goto f_err;
1851 } 2006 }
1852 if (n < 6) { 2007 if (n < 6) {
1853 /* need at least ticket_lifetime_hint + ticket length */ 2008 /* need at least ticket_lifetime_hint + ticket length */
1854 al = SSL_AD_DECODE_ERROR; 2009 al = SSL_AD_DECODE_ERROR;
1855 SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET, SSL_R_LENGTH_MISMATCH); 2010 SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,
2011 SSL_R_LENGTH_MISMATCH);
1856 goto f_err; 2012 goto f_err;
1857 } 2013 }
1858 2014
@@ -1862,7 +2018,8 @@ ssl3_get_new_session_ticket(SSL *s)
1862 /* ticket_lifetime_hint + ticket_length + ticket */ 2018 /* ticket_lifetime_hint + ticket_length + ticket */
1863 if (ticklen + 6 != n) { 2019 if (ticklen + 6 != n) {
1864 al = SSL_AD_DECODE_ERROR; 2020 al = SSL_AD_DECODE_ERROR;
1865 SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET, SSL_R_LENGTH_MISMATCH); 2021 SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,
2022 SSL_R_LENGTH_MISMATCH);
1866 goto f_err; 2023 goto f_err;
1867 } 2024 }
1868 if (s->session->tlsext_tick) { 2025 if (s->session->tlsext_tick) {
@@ -1871,12 +2028,14 @@ ssl3_get_new_session_ticket(SSL *s)
1871 } 2028 }
1872 s->session->tlsext_tick = malloc(ticklen); 2029 s->session->tlsext_tick = malloc(ticklen);
1873 if (!s->session->tlsext_tick) { 2030 if (!s->session->tlsext_tick) {
1874 SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET, ERR_R_MALLOC_FAILURE); 2031 SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,
2032 ERR_R_MALLOC_FAILURE);
1875 goto err; 2033 goto err;
1876 } 2034 }
1877 memcpy(s->session->tlsext_tick, p, ticklen); 2035 memcpy(s->session->tlsext_tick, p, ticklen);
1878 s->session->tlsext_ticklen = ticklen; 2036 s->session->tlsext_ticklen = ticklen;
1879 /* There are two ways to detect a resumed ticket sesion. 2037 /*
2038 * There are two ways to detect a resumed ticket sesion.
1880 * One is to set an appropriate session ID and then the server 2039 * One is to set an appropriate session ID and then the server
1881 * must return a match in ServerHello. This allows the normal 2040 * must return a match in ServerHello. This allows the normal
1882 * client session ID matching to work and we know much 2041 * client session ID matching to work and we know much
@@ -1891,23 +2050,22 @@ ssl3_get_new_session_ticket(SSL *s)
1891 * to the SHA256 (or SHA1 is SHA256 is disabled) hash of the 2050 * to the SHA256 (or SHA1 is SHA256 is disabled) hash of the
1892 * ticket. 2051 * ticket.
1893 */ 2052 */
1894 EVP_Digest(p, ticklen, 2053 EVP_Digest(p, ticklen, s->session->session_id,
1895 s->session->session_id, &s->session->session_id_length, 2054 &s->session->session_id_length, EVP_sha256(), NULL);
1896 EVP_sha256(), NULL);
1897 ret = 1; 2055 ret = 1;
1898 return (ret); 2056 return (ret);
1899f_err: 2057 f_err:
1900 ssl3_send_alert(s, SSL3_AL_FATAL, al); 2058 ssl3_send_alert(s, SSL3_AL_FATAL, al);
1901err: 2059 err:
1902 return (-1); 2060 return (-1);
1903} 2061}
1904 2062
1905int 2063int
1906ssl3_get_cert_status(SSL *s) 2064ssl3_get_cert_status(SSL *s)
1907{ 2065{
1908 int ok, al; 2066 int ok, al;
1909 unsigned long resplen, n; 2067 unsigned long resplen, n;
1910 const unsigned char *p; 2068 const unsigned char *p;
1911 2069
1912 n = s->method->ssl_get_message(s, 2070 n = s->method->ssl_get_message(s,
1913 SSL3_ST_CR_CERT_STATUS_A, 2071 SSL3_ST_CR_CERT_STATUS_A,
@@ -1921,19 +2079,22 @@ ssl3_get_cert_status(SSL *s)
1921 if (n < 4) { 2079 if (n < 4) {
1922 /* need at least status type + length */ 2080 /* need at least status type + length */
1923 al = SSL_AD_DECODE_ERROR; 2081 al = SSL_AD_DECODE_ERROR;
1924 SSLerr(SSL_F_SSL3_GET_CERT_STATUS, SSL_R_LENGTH_MISMATCH); 2082 SSLerr(SSL_F_SSL3_GET_CERT_STATUS,
2083 SSL_R_LENGTH_MISMATCH);
1925 goto f_err; 2084 goto f_err;
1926 } 2085 }
1927 p = (unsigned char *)s->init_msg; 2086 p = (unsigned char *)s->init_msg;
1928 if (*p++ != TLSEXT_STATUSTYPE_ocsp) { 2087 if (*p++ != TLSEXT_STATUSTYPE_ocsp) {
1929 al = SSL_AD_DECODE_ERROR; 2088 al = SSL_AD_DECODE_ERROR;
1930 SSLerr(SSL_F_SSL3_GET_CERT_STATUS, SSL_R_UNSUPPORTED_STATUS_TYPE); 2089 SSLerr(SSL_F_SSL3_GET_CERT_STATUS,
2090 SSL_R_UNSUPPORTED_STATUS_TYPE);
1931 goto f_err; 2091 goto f_err;
1932 } 2092 }
1933 n2l3(p, resplen); 2093 n2l3(p, resplen);
1934 if (resplen + 4 != n) { 2094 if (resplen + 4 != n) {
1935 al = SSL_AD_DECODE_ERROR; 2095 al = SSL_AD_DECODE_ERROR;
1936 SSLerr(SSL_F_SSL3_GET_CERT_STATUS, SSL_R_LENGTH_MISMATCH); 2096 SSLerr(SSL_F_SSL3_GET_CERT_STATUS,
2097 SSL_R_LENGTH_MISMATCH);
1937 goto f_err; 2098 goto f_err;
1938 } 2099 }
1939 if (s->tlsext_ocsp_resp) 2100 if (s->tlsext_ocsp_resp)
@@ -1941,7 +2102,8 @@ ssl3_get_cert_status(SSL *s)
1941 s->tlsext_ocsp_resp = BUF_memdup(p, resplen); 2102 s->tlsext_ocsp_resp = BUF_memdup(p, resplen);
1942 if (!s->tlsext_ocsp_resp) { 2103 if (!s->tlsext_ocsp_resp) {
1943 al = SSL_AD_INTERNAL_ERROR; 2104 al = SSL_AD_INTERNAL_ERROR;
1944 SSLerr(SSL_F_SSL3_GET_CERT_STATUS, ERR_R_MALLOC_FAILURE); 2105 SSLerr(SSL_F_SSL3_GET_CERT_STATUS,
2106 ERR_R_MALLOC_FAILURE);
1945 goto f_err; 2107 goto f_err;
1946 } 2108 }
1947 s->tlsext_ocsp_resplen = resplen; 2109 s->tlsext_ocsp_resplen = resplen;
@@ -1950,17 +2112,19 @@ ssl3_get_cert_status(SSL *s)
1950 ret = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg); 2112 ret = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg);
1951 if (ret == 0) { 2113 if (ret == 0) {
1952 al = SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE; 2114 al = SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE;
1953 SSLerr(SSL_F_SSL3_GET_CERT_STATUS, SSL_R_INVALID_STATUS_RESPONSE); 2115 SSLerr(SSL_F_SSL3_GET_CERT_STATUS,
2116 SSL_R_INVALID_STATUS_RESPONSE);
1954 goto f_err; 2117 goto f_err;
1955 } 2118 }
1956 if (ret < 0) { 2119 if (ret < 0) {
1957 al = SSL_AD_INTERNAL_ERROR; 2120 al = SSL_AD_INTERNAL_ERROR;
1958 SSLerr(SSL_F_SSL3_GET_CERT_STATUS, ERR_R_MALLOC_FAILURE); 2121 SSLerr(SSL_F_SSL3_GET_CERT_STATUS,
2122 ERR_R_MALLOC_FAILURE);
1959 goto f_err; 2123 goto f_err;
1960 } 2124 }
1961 } 2125 }
1962 return 1; 2126 return 1;
1963f_err: 2127 f_err:
1964 ssl3_send_alert(s, SSL3_AL_FATAL, al); 2128 ssl3_send_alert(s, SSL3_AL_FATAL, al);
1965 return (-1); 2129 return (-1);
1966} 2130}
@@ -1969,8 +2133,8 @@ f_err:
1969int 2133int
1970ssl3_get_server_done(SSL *s) 2134ssl3_get_server_done(SSL *s)
1971{ 2135{
1972 int ok, ret = 0; 2136 int ok, ret = 0;
1973 long n; 2137 long n;
1974 2138
1975 n = s->method->ssl_get_message(s, SSL3_ST_CR_SRVR_DONE_A, 2139 n = s->method->ssl_get_message(s, SSL3_ST_CR_SRVR_DONE_A,
1976 SSL3_ST_CR_SRVR_DONE_B, SSL3_MT_SERVER_DONE, 2140 SSL3_ST_CR_SRVR_DONE_B, SSL3_MT_SERVER_DONE,
@@ -1981,7 +2145,8 @@ ssl3_get_server_done(SSL *s)
1981 if (n > 0) { 2145 if (n > 0) {
1982 /* should contain no data */ 2146 /* should contain no data */
1983 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); 2147 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
1984 SSLerr(SSL_F_SSL3_GET_SERVER_DONE, SSL_R_LENGTH_MISMATCH); 2148 SSLerr(SSL_F_SSL3_GET_SERVER_DONE,
2149 SSL_R_LENGTH_MISMATCH);
1985 return -1; 2150 return -1;
1986 } 2151 }
1987 ret = 1; 2152 ret = 1;
@@ -1992,21 +2157,21 @@ ssl3_get_server_done(SSL *s)
1992int 2157int
1993ssl3_send_client_key_exchange(SSL *s) 2158ssl3_send_client_key_exchange(SSL *s)
1994{ 2159{
1995 unsigned char *p, *d; 2160 unsigned char *p, *d;
1996 int n; 2161 int n;
1997 unsigned long alg_k; 2162 unsigned long alg_k;
1998 unsigned char *q; 2163 unsigned char *q;
1999 EVP_PKEY *pkey = NULL; 2164 EVP_PKEY *pkey = NULL;
2000#ifndef OPENSSL_NO_KRB5 2165#ifndef OPENSSL_NO_KRB5
2001 KSSL_ERR kssl_err; 2166 KSSL_ERR kssl_err;
2002#endif /* OPENSSL_NO_KRB5 */ 2167#endif /* OPENSSL_NO_KRB5 */
2003#ifndef OPENSSL_NO_ECDH 2168#ifndef OPENSSL_NO_ECDH
2004 EC_KEY *clnt_ecdh = NULL; 2169 EC_KEY *clnt_ecdh = NULL;
2005 const EC_POINT *srvr_ecpoint = NULL; 2170 const EC_POINT *srvr_ecpoint = NULL;
2006 EVP_PKEY *srvr_pub_pkey = NULL; 2171 EVP_PKEY *srvr_pub_pkey = NULL;
2007 unsigned char *encodedPoint = NULL; 2172 unsigned char *encodedPoint = NULL;
2008 int encoded_pt_len = 0; 2173 int encoded_pt_len = 0;
2009 BN_CTX * bn_ctx = NULL; 2174 BN_CTX *bn_ctx = NULL;
2010#endif 2175#endif
2011 2176
2012 if (s->state == SSL3_ST_CW_KEY_EXCH_A) { 2177 if (s->state == SSL3_ST_CW_KEY_EXCH_A) {
@@ -2022,11 +2187,15 @@ ssl3_send_client_key_exchange(SSL *s)
2022 if (s->session->sess_cert->peer_rsa_tmp != NULL) 2187 if (s->session->sess_cert->peer_rsa_tmp != NULL)
2023 rsa = s->session->sess_cert->peer_rsa_tmp; 2188 rsa = s->session->sess_cert->peer_rsa_tmp;
2024 else { 2189 else {
2025 pkey = X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509); 2190 pkey = X509_get_pubkey(
2191 s->session->sess_cert->peer_pkeys[
2192 SSL_PKEY_RSA_ENC].x509);
2026 if ((pkey == NULL) || 2193 if ((pkey == NULL) ||
2027 (pkey->type != EVP_PKEY_RSA) || 2194 (pkey->type != EVP_PKEY_RSA) ||
2028 (pkey->pkey.rsa == NULL)) { 2195 (pkey->pkey.rsa == NULL)) {
2029 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); 2196 SSLerr(
2197 SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2198 ERR_R_INTERNAL_ERROR);
2030 goto err; 2199 goto err;
2031 } 2200 }
2032 rsa = pkey->pkey.rsa; 2201 rsa = pkey->pkey.rsa;
@@ -2047,7 +2216,8 @@ ssl3_send_client_key_exchange(SSL *s)
2047 n = RSA_public_encrypt(sizeof tmp_buf, 2216 n = RSA_public_encrypt(sizeof tmp_buf,
2048 tmp_buf, p, rsa, RSA_PKCS1_PADDING); 2217 tmp_buf, p, rsa, RSA_PKCS1_PADDING);
2049 if (n <= 0) { 2218 if (n <= 0) {
2050 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, SSL_R_BAD_RSA_ENCRYPT); 2219 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2220 SSL_R_BAD_RSA_ENCRYPT);
2051 goto err; 2221 goto err;
2052 } 2222 }
2053 2223
@@ -2075,14 +2245,14 @@ ssl3_send_client_key_exchange(SSL *s)
2075 unsigned char iv[EVP_MAX_IV_LENGTH]; 2245 unsigned char iv[EVP_MAX_IV_LENGTH];
2076 unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH]; 2246 unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
2077 unsigned char epms[SSL_MAX_MASTER_KEY_LENGTH 2247 unsigned char epms[SSL_MAX_MASTER_KEY_LENGTH
2078 + EVP_MAX_IV_LENGTH]; 2248 + EVP_MAX_IV_LENGTH];
2079 int padl, outl = sizeof(epms); 2249 int padl, outl = sizeof(epms);
2080 2250
2081 EVP_CIPHER_CTX_init(&ciph_ctx); 2251 EVP_CIPHER_CTX_init(&ciph_ctx);
2082 2252
2083#ifdef KSSL_DEBUG 2253#ifdef KSSL_DEBUG
2084 printf("ssl3_send_client_key_exchange(%lx & %lx)\n", 2254 printf("ssl3_send_client_key_exchange(%lx & %lx)\n",
2085 alg_k, SSL_kKRB5); 2255 alg_k, SSL_kKRB5);
2086#endif /* KSSL_DEBUG */ 2256#endif /* KSSL_DEBUG */
2087 2257
2088 authp = NULL; 2258 authp = NULL;
@@ -2100,44 +2270,46 @@ ssl3_send_client_key_exchange(SSL *s)
2100 { 2270 {
2101 printf("kssl_cget_tkt rtn %d\n", krb5rc); 2271 printf("kssl_cget_tkt rtn %d\n", krb5rc);
2102 if (krb5rc && kssl_err.text) 2272 if (krb5rc && kssl_err.text)
2103 printf("kssl_cget_tkt kssl_err=%s\n", kssl_err.text); 2273 printf("kssl_cget_tkt kssl_err=%s\n",
2274 kssl_err.text);
2104 } 2275 }
2105#endif /* KSSL_DEBUG */ 2276#endif /* KSSL_DEBUG */
2106 2277
2107 if (krb5rc) { 2278 if (krb5rc) {
2108 ssl3_send_alert(s, SSL3_AL_FATAL, 2279 ssl3_send_alert(s, SSL3_AL_FATAL,
2109 SSL_AD_HANDSHAKE_FAILURE); 2280 SSL_AD_HANDSHAKE_FAILURE);
2110 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, 2281 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2111 kssl_err.reason); 2282 kssl_err.reason);
2112 goto err; 2283 goto err;
2113 } 2284 }
2114 2285
2115 /* 20010406 VRS - Earlier versions used KRB5 AP_REQ 2286 /*
2116 ** in place of RFC 2712 KerberosWrapper, as in: 2287 * 20010406 VRS - Earlier versions used KRB5 AP_REQ
2117 ** 2288 * in place of RFC 2712 KerberosWrapper, as in:
2118 ** Send ticket (copy to *p, set n = length) 2289 *
2119 ** n = krb5_ap_req.length; 2290 * Send ticket (copy to *p, set n = length)
2120 ** memcpy(p, krb5_ap_req.data, krb5_ap_req.length); 2291 * n = krb5_ap_req.length;
2121 ** if (krb5_ap_req.data) 2292 * memcpy(p, krb5_ap_req.data, krb5_ap_req.length);
2122 ** kssl_krb5_free_data_contents(NULL,&krb5_ap_req); 2293 * if (krb5_ap_req.data)
2123 ** 2294 * kssl_krb5_free_data_contents(NULL,&krb5_ap_req);
2124 ** Now using real RFC 2712 KerberosWrapper 2295 *
2125 ** (Thanks to Simon Wilkinson <sxw@sxw.org.uk>) 2296 * Now using real RFC 2712 KerberosWrapper
2126 ** Note: 2712 "opaque" types are here replaced 2297 * (Thanks to Simon Wilkinson <sxw@sxw.org.uk>)
2127 ** with a 2-byte length followed by the value. 2298 * Note: 2712 "opaque" types are here replaced
2128 ** Example: 2299 * with a 2-byte length followed by the value.
2129 ** KerberosWrapper= xx xx asn1ticket 0 0 xx xx encpms 2300 * Example:
2130 ** Where "xx xx" = length bytes. Shown here with 2301 * KerberosWrapper= xx xx asn1ticket 0 0 xx xx encpms
2131 ** optional authenticator omitted. 2302 * Where "xx xx" = length bytes. Shown here with
2132 */ 2303 * optional authenticator omitted.
2133 2304 */
2134 /* KerberosWrapper.Ticket */ 2305
2306 /* KerberosWrapper.Ticket */
2135 s2n(enc_ticket->length, p); 2307 s2n(enc_ticket->length, p);
2136 memcpy(p, enc_ticket->data, enc_ticket->length); 2308 memcpy(p, enc_ticket->data, enc_ticket->length);
2137 p += enc_ticket->length; 2309 p += enc_ticket->length;
2138 n = enc_ticket->length + 2; 2310 n = enc_ticket->length + 2;
2139 2311
2140 /* KerberosWrapper.Authenticator */ 2312 /* KerberosWrapper.Authenticator */
2141 if (authp && authp->length) { 2313 if (authp && authp->length) {
2142 s2n(authp->length, p); 2314 s2n(authp->length, p);
2143 memcpy(p, authp->data, authp->length); 2315 memcpy(p, authp->data, authp->length);
@@ -2153,32 +2325,34 @@ ssl3_send_client_key_exchange(SSL *s)
2153 } 2325 }
2154 2326
2155 tmp_buf[0] = s->client_version >> 8; 2327 tmp_buf[0] = s->client_version >> 8;
2156 tmp_buf[1] = s->client_version&0xff; 2328 tmp_buf[1] = s->client_version & 0xff;
2157 if (RAND_bytes(&(tmp_buf[2]), sizeof tmp_buf - 2) <= 0) 2329 if (RAND_bytes(&(tmp_buf[2]), sizeof tmp_buf - 2) <= 0)
2158 goto err; 2330 goto err;
2159 2331
2160 /* 20010420 VRS. Tried it this way; failed. 2332 /*
2161 ** EVP_EncryptInit_ex(&ciph_ctx,enc, NULL,NULL); 2333 * 20010420 VRS. Tried it this way; failed.
2162 ** EVP_CIPHER_CTX_set_key_length(&ciph_ctx, 2334 * EVP_EncryptInit_ex(&ciph_ctx,enc, NULL,NULL);
2163 ** kssl_ctx->length); 2335 * EVP_CIPHER_CTX_set_key_length(&ciph_ctx,
2164 ** EVP_EncryptInit_ex(&ciph_ctx,NULL, key,iv); 2336 * kssl_ctx->length);
2165 */ 2337 * EVP_EncryptInit_ex(&ciph_ctx,NULL, key,iv);
2338 */
2166 2339
2167 memset(iv, 0, sizeof iv); 2340 memset(iv, 0, sizeof iv);
2168 /* per RFC 1510 */ 2341 /* per RFC 1510 */
2169 EVP_EncryptInit_ex(&ciph_ctx, enc, NULL, 2342 EVP_EncryptInit_ex(&ciph_ctx, enc, NULL,
2170 kssl_ctx->key, iv); 2343 kssl_ctx->key, iv);
2171 EVP_EncryptUpdate(&ciph_ctx, epms, &outl, tmp_buf, 2344 EVP_EncryptUpdate(&ciph_ctx, epms, &outl, tmp_buf,
2172 sizeof tmp_buf); 2345 sizeof tmp_buf);
2173 EVP_EncryptFinal_ex(&ciph_ctx, &(epms[outl]), &padl); 2346 EVP_EncryptFinal_ex(&ciph_ctx, &(epms[outl]), &padl);
2174 outl += padl; 2347 outl += padl;
2175 if (outl > (int)sizeof epms) { 2348 if (outl > (int)sizeof epms) {
2176 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); 2349 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2350 ERR_R_INTERNAL_ERROR);
2177 goto err; 2351 goto err;
2178 } 2352 }
2179 EVP_CIPHER_CTX_cleanup(&ciph_ctx); 2353 EVP_CIPHER_CTX_cleanup(&ciph_ctx);
2180 2354
2181 /* KerberosWrapper.EncryptedPreMasterSecret */ 2355 /* KerberosWrapper.EncryptedPreMasterSecret */
2182 s2n(outl, p); 2356 s2n(outl, p);
2183 memcpy(p, epms, outl); 2357 memcpy(p, epms, outl);
2184 p += outl; 2358 p += outl;
@@ -2198,50 +2372,58 @@ ssl3_send_client_key_exchange(SSL *s)
2198 DH *dh_srvr, *dh_clnt; 2372 DH *dh_srvr, *dh_clnt;
2199 2373
2200 if (s->session->sess_cert == NULL) { 2374 if (s->session->sess_cert == NULL) {
2201 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE); 2375 ssl3_send_alert(s, SSL3_AL_FATAL,
2202 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, SSL_R_UNEXPECTED_MESSAGE); 2376 SSL_AD_UNEXPECTED_MESSAGE);
2377 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2378 SSL_R_UNEXPECTED_MESSAGE);
2203 goto err; 2379 goto err;
2204 } 2380 }
2205 2381
2206 if (s->session->sess_cert->peer_dh_tmp != NULL) 2382 if (s->session->sess_cert->peer_dh_tmp != NULL)
2207 dh_srvr = s->session->sess_cert->peer_dh_tmp; 2383 dh_srvr = s->session->sess_cert->peer_dh_tmp;
2208 else { 2384 else {
2209 /* we get them from the cert */ 2385 /* We get them from the cert. */
2210 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); 2386 ssl3_send_alert(s, SSL3_AL_FATAL,
2211 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, SSL_R_UNABLE_TO_FIND_DH_PARAMETERS); 2387 SSL_AD_HANDSHAKE_FAILURE);
2388 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2389 SSL_R_UNABLE_TO_FIND_DH_PARAMETERS);
2212 goto err; 2390 goto err;
2213 } 2391 }
2214 2392
2215 /* generate a new random key */ 2393 /* Generate a new random key. */
2216 if ((dh_clnt = DHparams_dup(dh_srvr)) == NULL) { 2394 if ((dh_clnt = DHparams_dup(dh_srvr)) == NULL) {
2217 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_DH_LIB); 2395 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2396 ERR_R_DH_LIB);
2218 goto err; 2397 goto err;
2219 } 2398 }
2220 if (!DH_generate_key(dh_clnt)) { 2399 if (!DH_generate_key(dh_clnt)) {
2221 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_DH_LIB); 2400 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2401 ERR_R_DH_LIB);
2222 DH_free(dh_clnt); 2402 DH_free(dh_clnt);
2223 goto err; 2403 goto err;
2224 } 2404 }
2225 2405
2226 /* use the 'p' output buffer for the DH key, but 2406 /*
2227 * make sure to clear it out afterwards */ 2407 * Use the 'p' output buffer for the DH key, but
2228 2408 * make sure to clear it out afterwards.
2409 */
2229 n = DH_compute_key(p, dh_srvr->pub_key, dh_clnt); 2410 n = DH_compute_key(p, dh_srvr->pub_key, dh_clnt);
2230 2411
2231 if (n <= 0) { 2412 if (n <= 0) {
2232 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_DH_LIB); 2413 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2414 ERR_R_DH_LIB);
2233 DH_free(dh_clnt); 2415 DH_free(dh_clnt);
2234 goto err; 2416 goto err;
2235 } 2417 }
2236 2418
2237 /* generate master key from the result */ 2419 /* Generate master key from the result. */
2238 s->session->master_key_length = 2420 s->session->master_key_length =
2239 s->method->ssl3_enc->generate_master_secret(s, 2421 s->method->ssl3_enc->generate_master_secret(s,
2240 s->session->master_key, p, n); 2422 s->session->master_key, p, n);
2241 /* clean up */ 2423 /* Clean up. */
2242 memset(p, 0, n); 2424 memset(p, 0, n);
2243 2425
2244 /* send off the data */ 2426 /* Send off the data. */
2245 n = BN_num_bytes(dh_clnt->pub_key); 2427 n = BN_num_bytes(dh_clnt->pub_key);
2246 s2n(n, p); 2428 s2n(n, p);
2247 BN_bn2bin(dh_clnt->pub_key, p); 2429 BN_bn2bin(dh_clnt->pub_key, p);
@@ -2260,13 +2442,15 @@ ssl3_send_client_key_exchange(SSL *s)
2260 int ecdh_clnt_cert = 0; 2442 int ecdh_clnt_cert = 0;
2261 int field_size = 0; 2443 int field_size = 0;
2262 2444
2263 /* Did we send out the client's 2445 /*
2264 * ECDH share for use in premaster 2446 * Did we send out the client's ECDH share for use
2265 * computation as part of client certificate? 2447 * in premaster computation as part of client
2266 * If so, set ecdh_clnt_cert to 1. 2448 * certificate? If so, set ecdh_clnt_cert to 1.
2267 */ 2449 */
2268 if ((alg_k & (SSL_kECDHr|SSL_kECDHe)) && (s->cert != NULL)) { 2450 if ((alg_k & (SSL_kECDHr|SSL_kECDHe)) &&
2269 /* XXX: For now, we do not support client 2451 (s->cert != NULL)) {
2452 /*
2453 * XXX: For now, we do not support client
2270 * authentication using ECDH certificates. 2454 * authentication using ECDH certificates.
2271 * To add such support, one needs to add 2455 * To add such support, one needs to add
2272 * code that checks for appropriate 2456 * code that checks for appropriate
@@ -2294,10 +2478,11 @@ ssl3_send_client_key_exchange(SSL *s)
2294 srvr_pub_pkey = X509_get_pubkey(s->session-> \ 2478 srvr_pub_pkey = X509_get_pubkey(s->session-> \
2295 sess_cert->peer_pkeys[SSL_PKEY_ECC].x509); 2479 sess_cert->peer_pkeys[SSL_PKEY_ECC].x509);
2296 if ((srvr_pub_pkey == NULL) || 2480 if ((srvr_pub_pkey == NULL) ||
2297 (srvr_pub_pkey->type != EVP_PKEY_EC) || 2481 (srvr_pub_pkey->type != EVP_PKEY_EC) ||
2298 (srvr_pub_pkey->pkey.ec == NULL)) { 2482 (srvr_pub_pkey->pkey.ec == NULL)) {
2299 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, 2483 SSLerr(
2300 ERR_R_INTERNAL_ERROR); 2484 SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2485 ERR_R_INTERNAL_ERROR);
2301 goto err; 2486 goto err;
2302 } 2487 }
2303 2488
@@ -2309,21 +2494,24 @@ ssl3_send_client_key_exchange(SSL *s)
2309 2494
2310 if ((srvr_group == NULL) || (srvr_ecpoint == NULL)) { 2495 if ((srvr_group == NULL) || (srvr_ecpoint == NULL)) {
2311 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, 2496 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2312 ERR_R_INTERNAL_ERROR); 2497 ERR_R_INTERNAL_ERROR);
2313 goto err; 2498 goto err;
2314 } 2499 }
2315 2500
2316 if ((clnt_ecdh = EC_KEY_new()) == NULL) { 2501 if ((clnt_ecdh = EC_KEY_new()) == NULL) {
2317 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE); 2502 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2503 ERR_R_MALLOC_FAILURE);
2318 goto err; 2504 goto err;
2319 } 2505 }
2320 2506
2321 if (!EC_KEY_set_group(clnt_ecdh, srvr_group)) { 2507 if (!EC_KEY_set_group(clnt_ecdh, srvr_group)) {
2322 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_EC_LIB); 2508 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2509 ERR_R_EC_LIB);
2323 goto err; 2510 goto err;
2324 } 2511 }
2325 if (ecdh_clnt_cert) { 2512 if (ecdh_clnt_cert) {
2326 /* Reuse key info from our certificate 2513 /*
2514 * Reuse key info from our certificate
2327 * We only need our private key to perform 2515 * We only need our private key to perform
2328 * the ECDH computation. 2516 * the ECDH computation.
2329 */ 2517 */
@@ -2331,73 +2519,83 @@ ssl3_send_client_key_exchange(SSL *s)
2331 tkey = s->cert->key->privatekey->pkey.ec; 2519 tkey = s->cert->key->privatekey->pkey.ec;
2332 priv_key = EC_KEY_get0_private_key(tkey); 2520 priv_key = EC_KEY_get0_private_key(tkey);
2333 if (priv_key == NULL) { 2521 if (priv_key == NULL) {
2334 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE); 2522 SSLerr(
2523 SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2524 ERR_R_MALLOC_FAILURE);
2335 goto err; 2525 goto err;
2336 } 2526 }
2337 if (!EC_KEY_set_private_key(clnt_ecdh, priv_key)) { 2527 if (!EC_KEY_set_private_key(clnt_ecdh,
2338 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_EC_LIB); 2528 priv_key)) {
2529 SSLerr(
2530 SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2531 ERR_R_EC_LIB);
2339 goto err; 2532 goto err;
2340 } 2533 }
2341 } else { 2534 } else {
2342 /* Generate a new ECDH key pair */ 2535 /* Generate a new ECDH key pair */
2343 if (!(EC_KEY_generate_key(clnt_ecdh))) { 2536 if (!(EC_KEY_generate_key(clnt_ecdh))) {
2344 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_ECDH_LIB); 2537 SSLerr(
2538 SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2539 ERR_R_ECDH_LIB);
2345 goto err; 2540 goto err;
2346 } 2541 }
2347 } 2542 }
2348 2543
2349 /* use the 'p' output buffer for the ECDH key, but 2544 /*
2350 * make sure to clear it out afterwards 2545 * Use the 'p' output buffer for the ECDH key, but
2546 * make sure to clear it out afterwards.
2351 */ 2547 */
2352
2353 field_size = EC_GROUP_get_degree(srvr_group); 2548 field_size = EC_GROUP_get_degree(srvr_group);
2354 if (field_size <= 0) { 2549 if (field_size <= 0) {
2355 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, 2550 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2356 ERR_R_ECDH_LIB); 2551 ERR_R_ECDH_LIB);
2357 goto err; 2552 goto err;
2358 } 2553 }
2359 n = ECDH_compute_key(p, (field_size + 7)/8, srvr_ecpoint, clnt_ecdh, NULL); 2554 n = ECDH_compute_key(p, (field_size + 7)/8,
2555 srvr_ecpoint, clnt_ecdh, NULL);
2360 if (n <= 0) { 2556 if (n <= 0) {
2361 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, 2557 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2362 ERR_R_ECDH_LIB); 2558 ERR_R_ECDH_LIB);
2363 goto err; 2559 goto err;
2364 } 2560 }
2365 2561
2366 /* generate master key from the result */ 2562 /* generate master key from the result */
2367 s->session->master_key_length = s->method->ssl3_enc \ 2563 s->session->master_key_length = s->method->ssl3_enc \
2368 -> generate_master_secret(s, 2564 -> generate_master_secret(s,
2369 s->session->master_key, 2565 s->session->master_key, p, n);
2370 p, n);
2371 2566
2372 memset(p, 0, n); /* clean up */ 2567 memset(p, 0, n); /* clean up */
2373 2568
2374 if (ecdh_clnt_cert) { 2569 if (ecdh_clnt_cert) {
2375 /* Send empty client key exch message */ 2570 /* Send empty client key exch message. */
2376 n = 0; 2571 n = 0;
2377 } else { 2572 } else {
2378 /* First check the size of encoding and 2573 /*
2574 * First check the size of encoding and
2379 * allocate memory accordingly. 2575 * allocate memory accordingly.
2380 */ 2576 */
2381 encoded_pt_len = 2577 encoded_pt_len = EC_POINT_point2oct(
2382 EC_POINT_point2oct(srvr_group, 2578 srvr_group,
2383 EC_KEY_get0_public_key(clnt_ecdh), 2579 EC_KEY_get0_public_key(clnt_ecdh),
2384 POINT_CONVERSION_UNCOMPRESSED, 2580 POINT_CONVERSION_UNCOMPRESSED,
2385 NULL, 0, NULL); 2581 NULL, 0, NULL);
2386 2582
2387 encodedPoint = malloc(encoded_pt_len); 2583 encodedPoint = malloc(encoded_pt_len);
2388 2584
2389 bn_ctx = BN_CTX_new(); 2585 bn_ctx = BN_CTX_new();
2390 if ((encodedPoint == NULL) || 2586 if ((encodedPoint == NULL) ||
2391 (bn_ctx == NULL)) { 2587 (bn_ctx == NULL)) {
2392 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE); 2588 SSLerr(
2589 SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2590 ERR_R_MALLOC_FAILURE);
2393 goto err; 2591 goto err;
2394 } 2592 }
2395 2593
2396 /* Encode the public key */ 2594 /* Encode the public key */
2397 n = EC_POINT_point2oct(srvr_group, 2595 n = EC_POINT_point2oct(srvr_group,
2398 EC_KEY_get0_public_key(clnt_ecdh), 2596 EC_KEY_get0_public_key(clnt_ecdh),
2399 POINT_CONVERSION_UNCOMPRESSED, 2597 POINT_CONVERSION_UNCOMPRESSED,
2400 encodedPoint, encoded_pt_len, bn_ctx); 2598 encodedPoint, encoded_pt_len, bn_ctx);
2401 2599
2402 *p = n; /* length of encoded point */ 2600 *p = n; /* length of encoded point */
2403 /* Encoded point will be copied here */ 2601 /* Encoded point will be copied here */
@@ -2427,61 +2625,80 @@ ssl3_send_client_key_exchange(SSL *s)
2427 size_t msglen; 2625 size_t msglen;
2428 unsigned int md_len; 2626 unsigned int md_len;
2429 int keytype; 2627 int keytype;
2430 unsigned char premaster_secret[32], shared_ukm[32], tmp[256]; 2628 unsigned char premaster_secret[32], shared_ukm[32],
2629 tmp[256];
2431 EVP_MD_CTX *ukm_hash; 2630 EVP_MD_CTX *ukm_hash;
2432 EVP_PKEY *pub_key; 2631 EVP_PKEY *pub_key;
2433 2632
2434 /* Get server sertificate PKEY and create ctx from it */ 2633 /* Get server sertificate PKEY and create ctx from it */
2435 peer_cert = s->session->sess_cert->peer_pkeys[(keytype = SSL_PKEY_GOST01)].x509; 2634 peer_cert = s->session->sess_cert->peer_pkeys[(
2635 keytype = SSL_PKEY_GOST01)].x509;
2436 if (!peer_cert) 2636 if (!peer_cert)
2437 peer_cert = s->session->sess_cert->peer_pkeys[(keytype = SSL_PKEY_GOST94)].x509; 2637 peer_cert = s->session->sess_cert->peer_pkeys[
2638 (keytype = SSL_PKEY_GOST94)].x509;
2438 if (!peer_cert) { 2639 if (!peer_cert) {
2439 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER); 2640 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2641 SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER);
2440 goto err; 2642 goto err;
2441 } 2643 }
2442 2644
2443 pkey_ctx = EVP_PKEY_CTX_new(pub_key = X509_get_pubkey(peer_cert), NULL); 2645 pkey_ctx = EVP_PKEY_CTX_new(
2444 /* If we have send a certificate, and certificate key 2646 pub_key = X509_get_pubkey(peer_cert),
2445 2647 NULL);
2648 /*
2649 * If we have send a certificate, and certificate key
2446 * parameters match those of server certificate, use 2650 * parameters match those of server certificate, use
2447 * certificate key for key exchange 2651 * certificate key for key exchange.
2652 * Otherwise, generate ephemeral key pair.
2448 */ 2653 */
2449 2654
2450 /* Otherwise, generate ephemeral key pair */
2451
2452 EVP_PKEY_encrypt_init(pkey_ctx); 2655 EVP_PKEY_encrypt_init(pkey_ctx);
2453 /* Generate session key */ 2656 /* Generate session key. */
2454 RAND_bytes(premaster_secret, 32); 2657 RAND_bytes(premaster_secret, 32);
2455 /* If we have client certificate, use its secret as peer key */ 2658 /*
2659 * If we have client certificate, use its secret
2660 * as peer key.
2661 */
2456 if (s->s3->tmp.cert_req && s->cert->key->privatekey) { 2662 if (s->s3->tmp.cert_req && s->cert->key->privatekey) {
2457 if (EVP_PKEY_derive_set_peer(pkey_ctx, s->cert->key->privatekey) <=0) { 2663 if (EVP_PKEY_derive_set_peer(pkey_ctx,
2458 /* If there was an error - just ignore it. Ephemeral key 2664 s->cert->key->privatekey) <=0) {
2459 * would be used 2665 /*
2460 */ 2666 * If there was an error -
2667 * just ignore it. Ephemeral key
2668 * would be used
2669 */
2461 ERR_clear_error(); 2670 ERR_clear_error();
2462 } 2671 }
2463 } 2672 }
2464 /* Compute shared IV and store it in algorithm-specific 2673 /*
2465 * context data */ 2674 * Compute shared IV and store it in algorithm-specific
2675 * context data
2676 */
2466 ukm_hash = EVP_MD_CTX_create(); 2677 ukm_hash = EVP_MD_CTX_create();
2467 EVP_DigestInit(ukm_hash, EVP_get_digestbynid(NID_id_GostR3411_94)); 2678 EVP_DigestInit(ukm_hash,
2468 EVP_DigestUpdate(ukm_hash, s->s3->client_random, SSL3_RANDOM_SIZE); 2679 EVP_get_digestbynid(NID_id_GostR3411_94));
2469 EVP_DigestUpdate(ukm_hash, s->s3->server_random, SSL3_RANDOM_SIZE); 2680 EVP_DigestUpdate(ukm_hash,
2681 s->s3->client_random, SSL3_RANDOM_SIZE);
2682 EVP_DigestUpdate(ukm_hash,
2683 s->s3->server_random, SSL3_RANDOM_SIZE);
2470 EVP_DigestFinal_ex(ukm_hash, shared_ukm, &md_len); 2684 EVP_DigestFinal_ex(ukm_hash, shared_ukm, &md_len);
2471 EVP_MD_CTX_destroy(ukm_hash); 2685 EVP_MD_CTX_destroy(ukm_hash);
2472 if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, EVP_PKEY_OP_ENCRYPT, EVP_PKEY_CTRL_SET_IV, 2686 if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, EVP_PKEY_OP_ENCRYPT,
2473 8, shared_ukm) < 0) { 2687 EVP_PKEY_CTRL_SET_IV, 8, shared_ukm) < 0) {
2474 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, 2688 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2475 SSL_R_LIBRARY_BUG); 2689 SSL_R_LIBRARY_BUG);
2476 goto err; 2690 goto err;
2477 } 2691 }
2478 /* Make GOST keytransport blob message */ 2692 /*
2479 /*Encapsulate it into sequence */ 2693 * Make GOST keytransport blob message,
2694 * encapsulate it into sequence.
2695 */
2480 *(p++) = V_ASN1_SEQUENCE | V_ASN1_CONSTRUCTED; 2696 *(p++) = V_ASN1_SEQUENCE | V_ASN1_CONSTRUCTED;
2481 msglen = 255; 2697 msglen = 255;
2482 if (EVP_PKEY_encrypt(pkey_ctx, tmp, &msglen, premaster_secret, 32) < 0) { 2698 if (EVP_PKEY_encrypt(pkey_ctx, tmp, &msglen,
2699 premaster_secret, 32) < 0) {
2483 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, 2700 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2484 SSL_R_LIBRARY_BUG); 2701 SSL_R_LIBRARY_BUG);
2485 goto err; 2702 goto err;
2486 } 2703 }
2487 if (msglen >= 0x80) { 2704 if (msglen >= 0x80) {
@@ -2493,16 +2710,17 @@ ssl3_send_client_key_exchange(SSL *s)
2493 n = msglen + 2; 2710 n = msglen + 2;
2494 } 2711 }
2495 memcpy(p, tmp, msglen); 2712 memcpy(p, tmp, msglen);
2496 /* Check if pubkey from client certificate was used */ 2713 /* Check if pubkey from client certificate was used. */
2497 if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 2, NULL) > 0) { 2714 if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, -1,
2498 /* Set flag "skip certificate verify" */ 2715 EVP_PKEY_CTRL_PEER_KEY, 2, NULL) > 0) {
2716 /* Set flag "skip certificate verify". */
2499 s->s3->flags |= TLS1_FLAGS_SKIP_CERT_VERIFY; 2717 s->s3->flags |= TLS1_FLAGS_SKIP_CERT_VERIFY;
2500 } 2718 }
2501 EVP_PKEY_CTX_free(pkey_ctx); 2719 EVP_PKEY_CTX_free(pkey_ctx);
2502 s->session->master_key_length = 2720 s->session->master_key_length =
2503 s->method->ssl3_enc->generate_master_secret(s, 2721 s->method->ssl3_enc->generate_master_secret(s,
2504 s->session->master_key, premaster_secret, 32); 2722 s->session->master_key, premaster_secret, 32);
2505 EVP_PKEY_free(pub_key); 2723 EVP_PKEY_free(pub_key);
2506 2724
2507 } 2725 }
2508#ifndef OPENSSL_NO_SRP 2726#ifndef OPENSSL_NO_SRP
@@ -2514,7 +2732,8 @@ ssl3_send_client_key_exchange(SSL *s)
2514 BN_bn2bin(s->srp_ctx.A, p); 2732 BN_bn2bin(s->srp_ctx.A, p);
2515 n += 2; 2733 n += 2;
2516 } else { 2734 } else {
2517 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); 2735 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2736 ERR_R_INTERNAL_ERROR);
2518 goto err; 2737 goto err;
2519 } 2738 }
2520 if (s->session->srp_username != NULL) 2739 if (s->session->srp_username != NULL)
@@ -2522,12 +2741,15 @@ ssl3_send_client_key_exchange(SSL *s)
2522 s->session->srp_username = BUF_strdup(s->srp_ctx.login); 2741 s->session->srp_username = BUF_strdup(s->srp_ctx.login);
2523 if (s->session->srp_username == NULL) { 2742 if (s->session->srp_username == NULL) {
2524 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, 2743 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2525 ERR_R_MALLOC_FAILURE); 2744 ERR_R_MALLOC_FAILURE);
2526 goto err; 2745 goto err;
2527 } 2746 }
2528 2747
2529 if ((s->session->master_key_length = SRP_generate_client_master_secret(s, s->session->master_key)) < 0) { 2748 if ((s->session->master_key_length =
2530 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); 2749 SRP_generate_client_master_secret(s,
2750 s->session->master_key)) < 0) {
2751 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2752 ERR_R_INTERNAL_ERROR);
2531 goto err; 2753 goto err;
2532 } 2754 }
2533 } 2755 }
@@ -2543,27 +2765,29 @@ ssl3_send_client_key_exchange(SSL *s)
2543 n = 0; 2765 n = 0;
2544 if (s->psk_client_callback == NULL) { 2766 if (s->psk_client_callback == NULL) {
2545 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, 2767 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2546 SSL_R_PSK_NO_CLIENT_CB); 2768 SSL_R_PSK_NO_CLIENT_CB);
2547 goto err; 2769 goto err;
2548 } 2770 }
2549 2771
2550 psk_len = s->psk_client_callback(s, s->ctx->psk_identity_hint, 2772 psk_len = s->psk_client_callback(s,
2551 identity, PSK_MAX_IDENTITY_LEN, 2773 s->ctx->psk_identity_hint, identity,
2552 psk_or_pre_ms, sizeof(psk_or_pre_ms)); 2774 PSK_MAX_IDENTITY_LEN, psk_or_pre_ms,
2775 sizeof(psk_or_pre_ms));
2553 if (psk_len > PSK_MAX_PSK_LEN) { 2776 if (psk_len > PSK_MAX_PSK_LEN) {
2554 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, 2777 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2555 ERR_R_INTERNAL_ERROR); 2778 ERR_R_INTERNAL_ERROR);
2556 goto psk_err; 2779 goto psk_err;
2557 } else if (psk_len == 0) { 2780 } else if (psk_len == 0) {
2558 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, 2781 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2559 SSL_R_PSK_IDENTITY_NOT_FOUND); 2782 SSL_R_PSK_IDENTITY_NOT_FOUND);
2560 goto psk_err; 2783 goto psk_err;
2561 } 2784 }
2562 2785
2563 /* create PSK pre_master_secret */ 2786 /* create PSK pre_master_secret */
2564 pre_ms_len = 2 + psk_len + 2 + psk_len; 2787 pre_ms_len = 2 + psk_len + 2 + psk_len;
2565 t = psk_or_pre_ms; 2788 t = psk_or_pre_ms;
2566 memmove(psk_or_pre_ms + psk_len + 4, psk_or_pre_ms, psk_len); 2789 memmove(psk_or_pre_ms + psk_len + 4,
2790 psk_or_pre_ms, psk_len);
2567 s2n(psk_len, t); 2791 s2n(psk_len, t);
2568 memset(t, 0, psk_len); 2792 memset(t, 0, psk_len);
2569 t += psk_len; 2793 t += psk_len;
@@ -2571,11 +2795,12 @@ ssl3_send_client_key_exchange(SSL *s)
2571 2795
2572 if (s->session->psk_identity_hint != NULL) 2796 if (s->session->psk_identity_hint != NULL)
2573 free(s->session->psk_identity_hint); 2797 free(s->session->psk_identity_hint);
2574 s->session->psk_identity_hint = BUF_strdup(s->ctx->psk_identity_hint); 2798 s->session->psk_identity_hint =
2799 BUF_strdup(s->ctx->psk_identity_hint);
2575 if (s->ctx->psk_identity_hint != NULL && 2800 if (s->ctx->psk_identity_hint != NULL &&
2576 s->session->psk_identity_hint == NULL) { 2801 s->session->psk_identity_hint == NULL) {
2577 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, 2802 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2578 ERR_R_MALLOC_FAILURE); 2803 ERR_R_MALLOC_FAILURE);
2579 goto psk_err; 2804 goto psk_err;
2580 } 2805 }
2581 2806
@@ -2584,25 +2809,26 @@ ssl3_send_client_key_exchange(SSL *s)
2584 s->session->psk_identity = BUF_strdup(identity); 2809 s->session->psk_identity = BUF_strdup(identity);
2585 if (s->session->psk_identity == NULL) { 2810 if (s->session->psk_identity == NULL) {
2586 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, 2811 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2587 ERR_R_MALLOC_FAILURE); 2812 ERR_R_MALLOC_FAILURE);
2588 goto psk_err; 2813 goto psk_err;
2589 } 2814 }
2590 2815
2591 s->session->master_key_length = 2816 s->session->master_key_length =
2592 s->method->ssl3_enc->generate_master_secret( 2817 s->method->ssl3_enc->generate_master_secret(
2593 s, s->session->master_key, psk_or_pre_ms, 2818 s, s->session->master_key, psk_or_pre_ms,
2594 pre_ms_len); 2819 pre_ms_len);
2595 2820
2596 n = strlen(identity); 2821 n = strlen(identity);
2597 s2n(n, p); 2822 s2n(n, p);
2598 memcpy(p, identity, n); 2823 memcpy(p, identity, n);
2599 n += 2; 2824 n += 2;
2600 psk_err = 0; 2825 psk_err = 0;
2601 psk_err: 2826 psk_err:
2602 OPENSSL_cleanse(identity, PSK_MAX_IDENTITY_LEN); 2827 OPENSSL_cleanse(identity, PSK_MAX_IDENTITY_LEN);
2603 OPENSSL_cleanse(psk_or_pre_ms, sizeof(psk_or_pre_ms)); 2828 OPENSSL_cleanse(psk_or_pre_ms, sizeof(psk_or_pre_ms));
2604 if (psk_err != 0) { 2829 if (psk_err != 0) {
2605 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); 2830 ssl3_send_alert(s, SSL3_AL_FATAL,
2831 SSL_AD_HANDSHAKE_FAILURE);
2606 goto err; 2832 goto err;
2607 } 2833 }
2608 } 2834 }
@@ -2626,7 +2852,7 @@ ssl3_send_client_key_exchange(SSL *s)
2626 2852
2627 /* SSL3_ST_CW_KEY_EXCH_B */ 2853 /* SSL3_ST_CW_KEY_EXCH_B */
2628 return (ssl3_do_write(s, SSL3_RT_HANDSHAKE)); 2854 return (ssl3_do_write(s, SSL3_RT_HANDSHAKE));
2629err: 2855 err:
2630#ifndef OPENSSL_NO_ECDH 2856#ifndef OPENSSL_NO_ECDH
2631 BN_CTX_free(bn_ctx); 2857 BN_CTX_free(bn_ctx);
2632 if (encodedPoint != NULL) 2858 if (encodedPoint != NULL)
@@ -2641,14 +2867,14 @@ err:
2641int 2867int
2642ssl3_send_client_verify(SSL *s) 2868ssl3_send_client_verify(SSL *s)
2643{ 2869{
2644 unsigned char *p, *d; 2870 unsigned char *p, *d;
2645 unsigned char data[MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH]; 2871 unsigned char data[MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH];
2646 EVP_PKEY *pkey; 2872 EVP_PKEY *pkey;
2647 EVP_PKEY_CTX *pctx = NULL; 2873 EVP_PKEY_CTX *pctx = NULL;
2648 EVP_MD_CTX mctx; 2874 EVP_MD_CTX mctx;
2649 unsigned u = 0; 2875 unsigned u = 0;
2650 unsigned long n; 2876 unsigned long n;
2651 int j; 2877 int j;
2652 2878
2653 EVP_MD_CTX_init(&mctx); 2879 EVP_MD_CTX_init(&mctx);
2654 2880
@@ -2656,18 +2882,21 @@ ssl3_send_client_verify(SSL *s)
2656 d = (unsigned char *)s->init_buf->data; 2882 d = (unsigned char *)s->init_buf->data;
2657 p = &(d[4]); 2883 p = &(d[4]);
2658 pkey = s->cert->key->privatekey; 2884 pkey = s->cert->key->privatekey;
2659/* Create context from key and test if sha1 is allowed as digest */ 2885 /*
2886 * Create context from key and test if sha1 is allowed as
2887 * digest.
2888 */
2660 pctx = EVP_PKEY_CTX_new(pkey, NULL); 2889 pctx = EVP_PKEY_CTX_new(pkey, NULL);
2661 EVP_PKEY_sign_init(pctx); 2890 EVP_PKEY_sign_init(pctx);
2662 if (EVP_PKEY_CTX_set_signature_md(pctx, EVP_sha1()) > 0) { 2891 if (EVP_PKEY_CTX_set_signature_md(pctx, EVP_sha1()) > 0) {
2663 if (TLS1_get_version(s) < TLS1_2_VERSION) 2892 if (TLS1_get_version(s) < TLS1_2_VERSION)
2664 s->method->ssl3_enc->cert_verify_mac(s, 2893 s->method->ssl3_enc->cert_verify_mac(s,
2665 NID_sha1, 2894 NID_sha1, &(data[MD5_DIGEST_LENGTH]));
2666 &(data[MD5_DIGEST_LENGTH]));
2667 } else { 2895 } else {
2668 ERR_clear_error(); 2896 ERR_clear_error();
2669 } 2897 }
2670 /* For TLS v1.2 send signature algorithm and signature 2898 /*
2899 * For TLS v1.2 send signature algorithm and signature
2671 * using agreed digest and cached handshake records. 2900 * using agreed digest and cached handshake records.
2672 */ 2901 */
2673 if (TLS1_get_version(s) >= TLS1_2_VERSION) { 2902 if (TLS1_get_version(s) >= TLS1_2_VERSION) {
@@ -2675,10 +2904,11 @@ ssl3_send_client_verify(SSL *s)
2675 void *hdata; 2904 void *hdata;
2676 const EVP_MD *md = s->cert->key->digest; 2905 const EVP_MD *md = s->cert->key->digest;
2677 hdatalen = BIO_get_mem_data(s->s3->handshake_buffer, 2906 hdatalen = BIO_get_mem_data(s->s3->handshake_buffer,
2678 &hdata); 2907 &hdata);
2679 if (hdatalen <= 0 || !tls12_get_sigandhash(p, pkey, md)) { 2908 if (hdatalen <= 0 ||
2909 !tls12_get_sigandhash(p, pkey, md)) {
2680 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, 2910 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,
2681 ERR_R_INTERNAL_ERROR); 2911 ERR_R_INTERNAL_ERROR);
2682 goto err; 2912 goto err;
2683 } 2913 }
2684 p += 2; 2914 p += 2;
@@ -2690,7 +2920,7 @@ ssl3_send_client_verify(SSL *s)
2690 !EVP_SignUpdate(&mctx, hdata, hdatalen) || 2920 !EVP_SignUpdate(&mctx, hdata, hdatalen) ||
2691 !EVP_SignFinal(&mctx, p + 2, &u, pkey)) { 2921 !EVP_SignFinal(&mctx, p + 2, &u, pkey)) {
2692 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, 2922 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,
2693 ERR_R_EVP_LIB); 2923 ERR_R_EVP_LIB);
2694 goto err; 2924 goto err;
2695 } 2925 }
2696 s2n(u, p); 2926 s2n(u, p);
@@ -2704,7 +2934,8 @@ ssl3_send_client_verify(SSL *s)
2704 if (RSA_sign(NID_md5_sha1, data, 2934 if (RSA_sign(NID_md5_sha1, data,
2705 MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH, &(p[2]), 2935 MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH, &(p[2]),
2706 &u, pkey->pkey.rsa) <= 0 ) { 2936 &u, pkey->pkey.rsa) <= 0 ) {
2707 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, ERR_R_RSA_LIB); 2937 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,
2938 ERR_R_RSA_LIB);
2708 goto err; 2939 goto err;
2709 } 2940 }
2710 s2n(u, p); 2941 s2n(u, p);
@@ -2715,7 +2946,8 @@ ssl3_send_client_verify(SSL *s)
2715 &(data[MD5_DIGEST_LENGTH]), 2946 &(data[MD5_DIGEST_LENGTH]),
2716 SHA_DIGEST_LENGTH, &(p[2]), 2947 SHA_DIGEST_LENGTH, &(p[2]),
2717 (unsigned int *)&j, pkey->pkey.dsa)) { 2948 (unsigned int *)&j, pkey->pkey.dsa)) {
2718 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, ERR_R_DSA_LIB); 2949 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,
2950 ERR_R_DSA_LIB);
2719 goto err; 2951 goto err;
2720 } 2952 }
2721 s2n(j, p); 2953 s2n(j, p);
@@ -2728,23 +2960,24 @@ ssl3_send_client_verify(SSL *s)
2728 SHA_DIGEST_LENGTH, &(p[2]), 2960 SHA_DIGEST_LENGTH, &(p[2]),
2729 (unsigned int *)&j, pkey->pkey.ec)) { 2961 (unsigned int *)&j, pkey->pkey.ec)) {
2730 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, 2962 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,
2731 ERR_R_ECDSA_LIB); 2963 ERR_R_ECDSA_LIB);
2732 goto err; 2964 goto err;
2733 } 2965 }
2734 s2n(j, p); 2966 s2n(j, p);
2735 n = j + 2; 2967 n = j + 2;
2736 } else 2968 } else
2737#endif 2969#endif
2738 if (pkey->type == NID_id_GostR3410_94 || pkey->type == NID_id_GostR3410_2001) { 2970 if (pkey->type == NID_id_GostR3410_94 ||
2971 pkey->type == NID_id_GostR3410_2001) {
2739 unsigned char signbuf[64]; 2972 unsigned char signbuf[64];
2740 int i; 2973 int i;
2741 size_t sigsize = 64; 2974 size_t sigsize = 64;
2742 s->method->ssl3_enc->cert_verify_mac(s, 2975 s->method->ssl3_enc->cert_verify_mac(s,
2743 NID_id_GostR3411_94, 2976 NID_id_GostR3411_94, data);
2744 data); 2977 if (EVP_PKEY_sign(pctx, signbuf, &sigsize, data, 32)
2745 if (EVP_PKEY_sign(pctx, signbuf, &sigsize, data, 32) <= 0) { 2978 <= 0) {
2746 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, 2979 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,
2747 ERR_R_INTERNAL_ERROR); 2980 ERR_R_INTERNAL_ERROR);
2748 goto err; 2981 goto err;
2749 } 2982 }
2750 for (i = 63, j = 0; i >= 0; j++, i--) { 2983 for (i = 63, j = 0; i >= 0; j++, i--) {
@@ -2753,7 +2986,8 @@ ssl3_send_client_verify(SSL *s)
2753 s2n(j, p); 2986 s2n(j, p);
2754 n = j + 2; 2987 n = j + 2;
2755 } else { 2988 } else {
2756 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, ERR_R_INTERNAL_ERROR); 2989 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,
2990 ERR_R_INTERNAL_ERROR);
2757 goto err; 2991 goto err;
2758 } 2992 }
2759 *(d++) = SSL3_MT_CERTIFICATE_VERIFY; 2993 *(d++) = SSL3_MT_CERTIFICATE_VERIFY;
@@ -2766,7 +3000,7 @@ ssl3_send_client_verify(SSL *s)
2766 EVP_MD_CTX_cleanup(&mctx); 3000 EVP_MD_CTX_cleanup(&mctx);
2767 EVP_PKEY_CTX_free(pctx); 3001 EVP_PKEY_CTX_free(pctx);
2768 return (ssl3_do_write(s, SSL3_RT_HANDSHAKE)); 3002 return (ssl3_do_write(s, SSL3_RT_HANDSHAKE));
2769err: 3003 err:
2770 EVP_MD_CTX_cleanup(&mctx); 3004 EVP_MD_CTX_cleanup(&mctx);
2771 EVP_PKEY_CTX_free(pctx); 3005 EVP_PKEY_CTX_free(pctx);
2772 return (-1); 3006 return (-1);
@@ -2775,10 +3009,10 @@ err:
2775int 3009int
2776ssl3_send_client_certificate(SSL *s) 3010ssl3_send_client_certificate(SSL *s)
2777{ 3011{
2778 X509 *x509 = NULL; 3012 X509 *x509 = NULL;
2779 EVP_PKEY *pkey = NULL; 3013 EVP_PKEY *pkey = NULL;
2780 int i; 3014 int i;
2781 unsigned long l; 3015 unsigned long l;
2782 3016
2783 if (s->state == SSL3_ST_CW_CERT_A) { 3017 if (s->state == SSL3_ST_CW_CERT_A) {
2784 if ((s->cert == NULL) || (s->cert->key->x509 == NULL) || 3018 if ((s->cert == NULL) || (s->cert->key->x509 == NULL) ||
@@ -2792,7 +3026,8 @@ ssl3_send_client_certificate(SSL *s)
2792 if (s->state == SSL3_ST_CW_CERT_B) { 3026 if (s->state == SSL3_ST_CW_CERT_B) {
2793 /* If we get an error, we need to 3027 /* If we get an error, we need to
2794 * ssl->rwstate=SSL_X509_LOOKUP; return(-1); 3028 * ssl->rwstate=SSL_X509_LOOKUP; return(-1);
2795 * We then get retied later */ 3029 * We then get retied later
3030 */
2796 i = ssl_do_client_cert_cb(s, &x509, &pkey); 3031 i = ssl_do_client_cert_cb(s, &x509, &pkey);
2797 if (i < 0) { 3032 if (i < 0) {
2798 s->rwstate = SSL_X509_LOOKUP; 3033 s->rwstate = SSL_X509_LOOKUP;
@@ -2806,7 +3041,8 @@ ssl3_send_client_certificate(SSL *s)
2806 i = 0; 3041 i = 0;
2807 } else if (i == 1) { 3042 } else if (i == 1) {
2808 i = 0; 3043 i = 0;
2809 SSLerr(SSL_F_SSL3_SEND_CLIENT_CERTIFICATE, SSL_R_BAD_DATA_RETURNED_BY_CALLBACK); 3044 SSLerr(SSL_F_SSL3_SEND_CLIENT_CERTIFICATE,
3045 SSL_R_BAD_DATA_RETURNED_BY_CALLBACK);
2810 } 3046 }
2811 3047
2812 if (x509 != NULL) 3048 if (x509 != NULL)
@@ -2816,7 +3052,8 @@ ssl3_send_client_certificate(SSL *s)
2816 if (i == 0) { 3052 if (i == 0) {
2817 if (s->version == SSL3_VERSION) { 3053 if (s->version == SSL3_VERSION) {
2818 s->s3->tmp.cert_req = 0; 3054 s->s3->tmp.cert_req = 0;
2819 ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_NO_CERTIFICATE); 3055 ssl3_send_alert(s, SSL3_AL_WARNING,
3056 SSL_AD_NO_CERTIFICATE);
2820 return (1); 3057 return (1);
2821 } else { 3058 } else {
2822 s->s3->tmp.cert_req = 2; 3059 s->s3->tmp.cert_req = 2;
@@ -2830,7 +3067,7 @@ ssl3_send_client_certificate(SSL *s)
2830 if (s->state == SSL3_ST_CW_CERT_C) { 3067 if (s->state == SSL3_ST_CW_CERT_C) {
2831 s->state = SSL3_ST_CW_CERT_D; 3068 s->state = SSL3_ST_CW_CERT_D;
2832 l = ssl3_output_cert_chain(s, 3069 l = ssl3_output_cert_chain(s,
2833 (s->s3->tmp.cert_req == 2) ? NULL : s->cert->key->x509); 3070 (s->s3->tmp.cert_req == 2) ? NULL : s->cert->key->x509);
2834 s->init_num = (int)l; 3071 s->init_num = (int)l;
2835 s->init_off = 0; 3072 s->init_off = 0;
2836 } 3073 }
@@ -2843,25 +3080,26 @@ ssl3_send_client_certificate(SSL *s)
2843int 3080int
2844ssl3_check_cert_and_algorithm(SSL *s) 3081ssl3_check_cert_and_algorithm(SSL *s)
2845{ 3082{
2846 int i, idx; 3083 int i, idx;
2847 long alg_k, alg_a; 3084 long alg_k, alg_a;
2848 EVP_PKEY *pkey = NULL; 3085 EVP_PKEY *pkey = NULL;
2849 SESS_CERT *sc; 3086 SESS_CERT *sc;
2850 RSA *rsa; 3087 RSA *rsa;
2851#ifndef OPENSSL_NO_DH 3088#ifndef OPENSSL_NO_DH
2852 DH *dh; 3089 DH *dh;
2853#endif 3090#endif
2854 3091
2855 alg_k = s->s3->tmp.new_cipher->algorithm_mkey; 3092 alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
2856 alg_a = s->s3->tmp.new_cipher->algorithm_auth; 3093 alg_a = s->s3->tmp.new_cipher->algorithm_auth;
2857 3094
2858 /* we don't have a certificate */ 3095 /* We don't have a certificate. */
2859 if ((alg_a & (SSL_aDH|SSL_aNULL|SSL_aKRB5)) || (alg_k & SSL_kPSK)) 3096 if ((alg_a & (SSL_aDH|SSL_aNULL|SSL_aKRB5)) || (alg_k & SSL_kPSK))
2860 return (1); 3097 return (1);
2861 3098
2862 sc = s->session->sess_cert; 3099 sc = s->session->sess_cert;
2863 if (sc == NULL) { 3100 if (sc == NULL) {
2864 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, ERR_R_INTERNAL_ERROR); 3101 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
3102 ERR_R_INTERNAL_ERROR);
2865 goto err; 3103 goto err;
2866 } 3104 }
2867 3105
@@ -2870,15 +3108,16 @@ ssl3_check_cert_and_algorithm(SSL *s)
2870 dh = s->session->sess_cert->peer_dh_tmp; 3108 dh = s->session->sess_cert->peer_dh_tmp;
2871#endif 3109#endif
2872 3110
2873 /* This is the passed certificate */ 3111 /* This is the passed certificate. */
2874 3112
2875 idx = sc->peer_cert_type; 3113 idx = sc->peer_cert_type;
2876#ifndef OPENSSL_NO_ECDH 3114#ifndef OPENSSL_NO_ECDH
2877 if (idx == SSL_PKEY_ECC) { 3115 if (idx == SSL_PKEY_ECC) {
2878 if (ssl_check_srvr_ecc_cert_and_alg(sc->peer_pkeys[idx].x509, 3116 if (ssl_check_srvr_ecc_cert_and_alg(sc->peer_pkeys[idx].x509,
2879 s) == 0) 3117 s) == 0)
2880 { /* check failed */ 3118 { /* check failed */
2881 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_BAD_ECC_CERT); 3119 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
3120 SSL_R_BAD_ECC_CERT);
2882 goto f_err; 3121 goto f_err;
2883 } else { 3122 } else {
2884 return 1; 3123 return 1;
@@ -2892,59 +3131,71 @@ ssl3_check_cert_and_algorithm(SSL *s)
2892 3131
2893 /* Check that we have a certificate if we require one */ 3132 /* Check that we have a certificate if we require one */
2894 if ((alg_a & SSL_aRSA) && !has_bits(i, EVP_PK_RSA|EVP_PKT_SIGN)) { 3133 if ((alg_a & SSL_aRSA) && !has_bits(i, EVP_PK_RSA|EVP_PKT_SIGN)) {
2895 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_MISSING_RSA_SIGNING_CERT); 3134 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
3135 SSL_R_MISSING_RSA_SIGNING_CERT);
2896 goto f_err; 3136 goto f_err;
2897 } 3137 }
2898 else if ((alg_a & SSL_aDSS) && !has_bits(i, EVP_PK_DSA|EVP_PKT_SIGN)) { 3138 else if ((alg_a & SSL_aDSS) && !has_bits(i, EVP_PK_DSA|EVP_PKT_SIGN)) {
2899 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_MISSING_DSA_SIGNING_CERT); 3139 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
3140 SSL_R_MISSING_DSA_SIGNING_CERT);
2900 goto f_err; 3141 goto f_err;
2901 } 3142 }
2902 if ((alg_k & SSL_kRSA) && 3143 if ((alg_k & SSL_kRSA) &&
2903 !(has_bits(i, EVP_PK_RSA|EVP_PKT_ENC) || (rsa != NULL))) { 3144 !(has_bits(i, EVP_PK_RSA|EVP_PKT_ENC) || (rsa != NULL))) {
2904 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_MISSING_RSA_ENCRYPTING_CERT); 3145 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
3146 SSL_R_MISSING_RSA_ENCRYPTING_CERT);
2905 goto f_err; 3147 goto f_err;
2906 } 3148 }
2907#ifndef OPENSSL_NO_DH 3149#ifndef OPENSSL_NO_DH
2908 if ((alg_k & SSL_kEDH) && 3150 if ((alg_k & SSL_kEDH) &&
2909 !(has_bits(i, EVP_PK_DH|EVP_PKT_EXCH) || (dh != NULL))) { 3151 !(has_bits(i, EVP_PK_DH|EVP_PKT_EXCH) || (dh != NULL))) {
2910 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_MISSING_DH_KEY); 3152 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
3153 SSL_R_MISSING_DH_KEY);
2911 goto f_err; 3154 goto f_err;
2912 } else if ((alg_k & SSL_kDHr) && !has_bits(i, EVP_PK_DH|EVP_PKS_RSA)) { 3155 } else if ((alg_k & SSL_kDHr) && !has_bits(i, EVP_PK_DH|EVP_PKS_RSA)) {
2913 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_MISSING_DH_RSA_CERT); 3156 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
3157 SSL_R_MISSING_DH_RSA_CERT);
2914 goto f_err; 3158 goto f_err;
2915 } 3159 }
2916 else if ((alg_k & SSL_kDHd) && !has_bits(i, EVP_PK_DH|EVP_PKS_DSA)) { 3160 else if ((alg_k & SSL_kDHd) && !has_bits(i, EVP_PK_DH|EVP_PKS_DSA)) {
2917 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_MISSING_DH_DSA_CERT); 3161 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
3162 SSL_R_MISSING_DH_DSA_CERT);
2918 goto f_err; 3163 goto f_err;
2919 } 3164 }
2920#endif 3165#endif
2921 3166
2922 if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && !has_bits(i, EVP_PKT_EXP)) { 3167 if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) &&
3168 !has_bits(i, EVP_PKT_EXP)) {
2923 if (alg_k & SSL_kRSA) { 3169 if (alg_k & SSL_kRSA) {
2924 if (rsa == NULL || 3170 if (rsa == NULL || RSA_size(rsa) * 8 >
2925 RSA_size(rsa) * 8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) { 3171 SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) {
2926 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_MISSING_EXPORT_TMP_RSA_KEY); 3172 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
3173 SSL_R_MISSING_EXPORT_TMP_RSA_KEY);
2927 goto f_err; 3174 goto f_err;
2928 } 3175 }
2929 } else 3176 } else
2930#ifndef OPENSSL_NO_DH 3177#ifndef OPENSSL_NO_DH
2931 if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) { 3178 if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) {
2932 if (dh == NULL || 3179 if (dh == NULL || DH_size(dh) * 8 >
2933 DH_size(dh) * 8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) { 3180 SSL_C_EXPORT_PKEYLENGTH(
2934 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_MISSING_EXPORT_TMP_DH_KEY); 3181 s->s3->tmp.new_cipher)) {
3182 SSLerr(
3183 SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
3184 SSL_R_MISSING_EXPORT_TMP_DH_KEY);
3185 goto f_err;
3186 }
3187 } else
3188#endif
3189 {
3190 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
3191 SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE);
2935 goto f_err; 3192 goto f_err;
2936 } 3193 }
2937 } else
2938#endif
2939 {
2940 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE);
2941 goto f_err;
2942 }
2943 } 3194 }
2944 return (1); 3195 return (1);
2945f_err: 3196 f_err:
2946 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); 3197 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
2947err: 3198 err:
2948 return (0); 3199 return (0);
2949} 3200}
2950 3201
@@ -2952,8 +3203,8 @@ err:
2952int 3203int
2953ssl3_send_next_proto(SSL *s) 3204ssl3_send_next_proto(SSL *s)
2954{ 3205{
2955 unsigned int len, padding_len; 3206 unsigned int len, padding_len;
2956 unsigned char *d; 3207 unsigned char *d;
2957 3208
2958 if (s->state == SSL3_ST_CW_NEXT_PROTO_A) { 3209 if (s->state == SSL3_ST_CW_NEXT_PROTO_A) {
2959 len = s->next_proto_negotiated_len; 3210 len = s->next_proto_negotiated_len;
@@ -2974,7 +3225,8 @@ ssl3_send_next_proto(SSL *s)
2974} 3225}
2975#endif /* !OPENSSL_NO_TLSEXT && !OPENSSL_NO_NEXTPROTONEG */ 3226#endif /* !OPENSSL_NO_TLSEXT && !OPENSSL_NO_NEXTPROTONEG */
2976 3227
2977/* Check to see if handshake is full or resumed. Usually this is just a 3228/*
3229 * Check to see if handshake is full or resumed. Usually this is just a
2978 * case of checking to see if a cache hit has occurred. In the case of 3230 * case of checking to see if a cache hit has occurred. In the case of
2979 * session tickets we have to check the next message to be sure. 3231 * session tickets we have to check the next message to be sure.
2980 */ 3232 */
@@ -2983,8 +3235,9 @@ ssl3_send_next_proto(SSL *s)
2983int 3235int
2984ssl3_check_finished(SSL *s) 3236ssl3_check_finished(SSL *s)
2985{ 3237{
2986 int ok; 3238 int ok;
2987 long n; 3239 long n;
3240
2988 /* If we have no ticket it cannot be a resumed session. */ 3241 /* If we have no ticket it cannot be a resumed session. */
2989 if (!s->session->tlsext_tick) 3242 if (!s->session->tlsext_tick)
2990 return 1; 3243 return 1;
@@ -3006,7 +3259,8 @@ ssl3_check_finished(SSL *s)
3006int 3259int
3007ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey) 3260ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey)
3008{ 3261{
3009 int i = 0; 3262 int i = 0;
3263
3010#ifndef OPENSSL_NO_ENGINE 3264#ifndef OPENSSL_NO_ENGINE
3011 if (s->ctx->client_cert_engine) { 3265 if (s->ctx->client_cert_engine) {
3012 i = ENGINE_load_ssl_client_cert(s->ctx->client_cert_engine, s, 3266 i = ENGINE_load_ssl_client_cert(s->ctx->client_cert_engine, s,
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index c79464da55..28a3d51b9e 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -2743,9 +2743,11 @@ SSL3_ENC_METHOD SSLv3_enc_data = {
2743long 2743long
2744ssl3_default_timeout(void) 2744ssl3_default_timeout(void)
2745{ 2745{
2746 /* 2 hours, the 24 hours mentioned in the SSLv3 spec 2746 /*
2747 * is way too long for http, the cache would over fill */ 2747 * 2 hours, the 24 hours mentioned in the SSLv3 spec
2748 return (60*60*2); 2748 * is way too long for http, the cache would over fill
2749 */
2750 return (60 * 60 * 2);
2749} 2751}
2750 2752
2751int 2753int
@@ -2769,13 +2771,14 @@ ssl3_pending(const SSL *s)
2769 if (s->rstate == SSL_ST_READ_BODY) 2771 if (s->rstate == SSL_ST_READ_BODY)
2770 return 0; 2772 return 0;
2771 2773
2772 return (s->s3->rrec.type == SSL3_RT_APPLICATION_DATA) ? s->s3->rrec.length : 0; 2774 return (s->s3->rrec.type == SSL3_RT_APPLICATION_DATA) ?
2775 s->s3->rrec.length : 0;
2773} 2776}
2774 2777
2775int 2778int
2776ssl3_new(SSL *s) 2779ssl3_new(SSL *s)
2777{ 2780{
2778 SSL3_STATE *s3; 2781 SSL3_STATE *s3;
2779 2782
2780 if ((s3 = calloc(1, sizeof *s3)) == NULL) 2783 if ((s3 = calloc(1, sizeof *s3)) == NULL)
2781 goto err; 2784 goto err;
@@ -2840,9 +2843,9 @@ ssl3_free(SSL *s)
2840void 2843void
2841ssl3_clear(SSL *s) 2844ssl3_clear(SSL *s)
2842{ 2845{
2843 unsigned char *rp, *wp; 2846 unsigned char *rp, *wp;
2844 size_t rlen, wlen; 2847 size_t rlen, wlen;
2845 int init_extra; 2848 int init_extra;
2846 2849
2847#ifdef TLSEXT_TYPE_opaque_prf_input 2850#ifdef TLSEXT_TYPE_opaque_prf_input
2848 if (s->s3->client_opaque_prf_input != NULL) 2851 if (s->s3->client_opaque_prf_input != NULL)
@@ -2932,7 +2935,8 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
2932 if (cmd == SSL_CTRL_SET_TMP_RSA || cmd == SSL_CTRL_SET_TMP_RSA_CB || 2935 if (cmd == SSL_CTRL_SET_TMP_RSA || cmd == SSL_CTRL_SET_TMP_RSA_CB ||
2933 cmd == SSL_CTRL_SET_TMP_DH || cmd == SSL_CTRL_SET_TMP_DH_CB) { 2936 cmd == SSL_CTRL_SET_TMP_DH || cmd == SSL_CTRL_SET_TMP_DH_CB) {
2934 if (!ssl_cert_inst(&s->cert)) { 2937 if (!ssl_cert_inst(&s->cert)) {
2935 SSLerr(SSL_F_SSL3_CTRL, ERR_R_MALLOC_FAILURE); 2938 SSLerr(SSL_F_SSL3_CTRL,
2939 ERR_R_MALLOC_FAILURE);
2936 return (0); 2940 return (0);
2937 } 2941 }
2938 } 2942 }
@@ -2959,18 +2963,21 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
2959 case SSL_CTRL_NEED_TMP_RSA: 2963 case SSL_CTRL_NEED_TMP_RSA:
2960 if ((s->cert != NULL) && (s->cert->rsa_tmp == NULL) && 2964 if ((s->cert != NULL) && (s->cert->rsa_tmp == NULL) &&
2961 ((s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) || 2965 ((s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) ||
2962 (EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) > (512 / 8)))) 2966 (EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey)
2967 > (512 / 8))))
2963 ret = 1; 2968 ret = 1;
2964 break; 2969 break;
2965 case SSL_CTRL_SET_TMP_RSA: 2970 case SSL_CTRL_SET_TMP_RSA:
2966 { 2971 {
2967 RSA *rsa = (RSA *)parg; 2972 RSA *rsa = (RSA *)parg;
2968 if (rsa == NULL) { 2973 if (rsa == NULL) {
2969 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER); 2974 SSLerr(SSL_F_SSL3_CTRL,
2975 ERR_R_PASSED_NULL_PARAMETER);
2970 return (ret); 2976 return (ret);
2971 } 2977 }
2972 if ((rsa = RSAPrivateKey_dup(rsa)) == NULL) { 2978 if ((rsa = RSAPrivateKey_dup(rsa)) == NULL) {
2973 SSLerr(SSL_F_SSL3_CTRL, ERR_R_RSA_LIB); 2979 SSLerr(SSL_F_SSL3_CTRL,
2980 ERR_R_RSA_LIB);
2974 return (ret); 2981 return (ret);
2975 } 2982 }
2976 if (s->cert->rsa_tmp != NULL) 2983 if (s->cert->rsa_tmp != NULL)
@@ -2981,7 +2988,8 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
2981 break; 2988 break;
2982 case SSL_CTRL_SET_TMP_RSA_CB: 2989 case SSL_CTRL_SET_TMP_RSA_CB:
2983 { 2990 {
2984 SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 2991 SSLerr(SSL_F_SSL3_CTRL,
2992 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2985 return (ret); 2993 return (ret);
2986 } 2994 }
2987 break; 2995 break;
@@ -2990,17 +2998,20 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
2990 { 2998 {
2991 DH *dh = (DH *)parg; 2999 DH *dh = (DH *)parg;
2992 if (dh == NULL) { 3000 if (dh == NULL) {
2993 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER); 3001 SSLerr(SSL_F_SSL3_CTRL,
3002 ERR_R_PASSED_NULL_PARAMETER);
2994 return (ret); 3003 return (ret);
2995 } 3004 }
2996 if ((dh = DHparams_dup(dh)) == NULL) { 3005 if ((dh = DHparams_dup(dh)) == NULL) {
2997 SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB); 3006 SSLerr(SSL_F_SSL3_CTRL,
3007 ERR_R_DH_LIB);
2998 return (ret); 3008 return (ret);
2999 } 3009 }
3000 if (!(s->options & SSL_OP_SINGLE_DH_USE)) { 3010 if (!(s->options & SSL_OP_SINGLE_DH_USE)) {
3001 if (!DH_generate_key(dh)) { 3011 if (!DH_generate_key(dh)) {
3002 DH_free(dh); 3012 DH_free(dh);
3003 SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB); 3013 SSLerr(SSL_F_SSL3_CTRL,
3014 ERR_R_DH_LIB);
3004 return (ret); 3015 return (ret);
3005 } 3016 }
3006 } 3017 }
@@ -3012,7 +3023,8 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
3012 break; 3023 break;
3013 case SSL_CTRL_SET_TMP_DH_CB: 3024 case SSL_CTRL_SET_TMP_DH_CB:
3014 { 3025 {
3015 SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 3026 SSLerr(SSL_F_SSL3_CTRL,
3027 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3016 return (ret); 3028 return (ret);
3017 } 3029 }
3018 break; 3030 break;
@@ -3023,18 +3035,21 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
3023 EC_KEY *ecdh = NULL; 3035 EC_KEY *ecdh = NULL;
3024 3036
3025 if (parg == NULL) { 3037 if (parg == NULL) {
3026 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER); 3038 SSLerr(SSL_F_SSL3_CTRL,
3039 ERR_R_PASSED_NULL_PARAMETER);
3027 return (ret); 3040 return (ret);
3028 } 3041 }
3029 if (!EC_KEY_up_ref((EC_KEY *)parg)) { 3042 if (!EC_KEY_up_ref((EC_KEY *)parg)) {
3030 SSLerr(SSL_F_SSL3_CTRL, ERR_R_ECDH_LIB); 3043 SSLerr(SSL_F_SSL3_CTRL,
3044 ERR_R_ECDH_LIB);
3031 return (ret); 3045 return (ret);
3032 } 3046 }
3033 ecdh = (EC_KEY *)parg; 3047 ecdh = (EC_KEY *)parg;
3034 if (!(s->options & SSL_OP_SINGLE_ECDH_USE)) { 3048 if (!(s->options & SSL_OP_SINGLE_ECDH_USE)) {
3035 if (!EC_KEY_generate_key(ecdh)) { 3049 if (!EC_KEY_generate_key(ecdh)) {
3036 EC_KEY_free(ecdh); 3050 EC_KEY_free(ecdh);
3037 SSLerr(SSL_F_SSL3_CTRL, ERR_R_ECDH_LIB); 3051 SSLerr(SSL_F_SSL3_CTRL,
3052 ERR_R_ECDH_LIB);
3038 return (ret); 3053 return (ret);
3039 } 3054 }
3040 } 3055 }
@@ -3046,7 +3061,8 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
3046 break; 3061 break;
3047 case SSL_CTRL_SET_TMP_ECDH_CB: 3062 case SSL_CTRL_SET_TMP_ECDH_CB:
3048 { 3063 {
3049 SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 3064 SSLerr(SSL_F_SSL3_CTRL,
3065 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3050 return (ret); 3066 return (ret);
3051 } 3067 }
3052 break; 3068 break;
@@ -3062,15 +3078,19 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
3062 if (parg == NULL) 3078 if (parg == NULL)
3063 break; 3079 break;
3064 if (strlen((char *)parg) > TLSEXT_MAXLEN_host_name) { 3080 if (strlen((char *)parg) > TLSEXT_MAXLEN_host_name) {
3065 SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME); 3081 SSLerr(SSL_F_SSL3_CTRL,
3082 SSL_R_SSL3_EXT_INVALID_SERVERNAME);
3066 return 0; 3083 return 0;
3067 } 3084 }
3068 if ((s->tlsext_hostname = BUF_strdup((char *)parg)) == NULL) { 3085 if ((s->tlsext_hostname = BUF_strdup((char *)parg))
3069 SSLerr(SSL_F_SSL3_CTRL, ERR_R_INTERNAL_ERROR); 3086 == NULL) {
3087 SSLerr(SSL_F_SSL3_CTRL,
3088 ERR_R_INTERNAL_ERROR);
3070 return 0; 3089 return 0;
3071 } 3090 }
3072 } else { 3091 } else {
3073 SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE); 3092 SSLerr(SSL_F_SSL3_CTRL,
3093 SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE);
3074 return 0; 3094 return 0;
3075 } 3095 }
3076 break; 3096 break;
@@ -3082,9 +3102,13 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
3082#ifdef TLSEXT_TYPE_opaque_prf_input 3102#ifdef TLSEXT_TYPE_opaque_prf_input
3083 case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT: 3103 case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT:
3084 if (larg > 12288) { 3104 if (larg > 12288) {
3085 /* actual internal limit is 2^16 for the complete hello message 3105 /*
3086 * (including the cert chain and everything) */ 3106 * Actual internal limit is 2^16 for the complete
3087 SSLerr(SSL_F_SSL3_CTRL, SSL_R_OPAQUE_PRF_INPUT_TOO_LONG); 3107 * hello message (including the cert chain and
3108 * everything)
3109 */
3110 SSLerr(SSL_F_SSL3_CTRL,
3111 SSL_R_OPAQUE_PRF_INPUT_TOO_LONG);
3088 break; 3112 break;
3089 } 3113 }
3090 if (s->tlsext_opaque_prf_input != NULL) 3114 if (s->tlsext_opaque_prf_input != NULL)
@@ -3148,11 +3172,12 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
3148long 3172long
3149ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void)) 3173ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void))
3150{ 3174{
3151 int ret = 0; 3175 int ret = 0;
3152 3176
3153 if (cmd == SSL_CTRL_SET_TMP_RSA_CB || cmd == SSL_CTRL_SET_TMP_DH_CB) { 3177 if (cmd == SSL_CTRL_SET_TMP_RSA_CB || cmd == SSL_CTRL_SET_TMP_DH_CB) {
3154 if (!ssl_cert_inst(&s->cert)) { 3178 if (!ssl_cert_inst(&s->cert)) {
3155 SSLerr(SSL_F_SSL3_CALLBACK_CTRL, ERR_R_MALLOC_FAILURE); 3179 SSLerr(SSL_F_SSL3_CALLBACK_CTRL,
3180 ERR_R_MALLOC_FAILURE);
3156 return (0); 3181 return (0);
3157 } 3182 }
3158 } 3183 }
@@ -3173,14 +3198,15 @@ ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void))
3173#ifndef OPENSSL_NO_ECDH 3198#ifndef OPENSSL_NO_ECDH
3174 case SSL_CTRL_SET_TMP_ECDH_CB: 3199 case SSL_CTRL_SET_TMP_ECDH_CB:
3175 { 3200 {
3176 s->cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp; 3201 s->cert->ecdh_tmp_cb =
3202 (EC_KEY *(*)(SSL *, int, int))fp;
3177 } 3203 }
3178 break; 3204 break;
3179#endif 3205#endif
3180#ifndef OPENSSL_NO_TLSEXT 3206#ifndef OPENSSL_NO_TLSEXT
3181 case SSL_CTRL_SET_TLSEXT_DEBUG_CB: 3207 case SSL_CTRL_SET_TLSEXT_DEBUG_CB:
3182 s->tlsext_debug_cb = (void (*)(SSL *, int , int, 3208 s->tlsext_debug_cb = (void (*)(SSL *, int , int,
3183 unsigned char *, int, void *))fp; 3209 unsigned char *, int, void *))fp;
3184 break; 3210 break;
3185#endif 3211#endif
3186 default: 3212 default:
@@ -3192,7 +3218,7 @@ ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void))
3192long 3218long
3193ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) 3219ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
3194{ 3220{
3195 CERT *cert; 3221 CERT *cert;
3196 3222
3197 cert = ctx->cert; 3223 cert = ctx->cert;
3198 3224
@@ -3200,7 +3226,8 @@ ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
3200 case SSL_CTRL_NEED_TMP_RSA: 3226 case SSL_CTRL_NEED_TMP_RSA:
3201 if ((cert->rsa_tmp == NULL) && 3227 if ((cert->rsa_tmp == NULL) &&
3202 ((cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) || 3228 ((cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) ||
3203 (EVP_PKEY_size(cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) > (512 / 8)))) 3229 (EVP_PKEY_size(cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) >
3230 (512 / 8))))
3204 return (1); 3231 return (1);
3205 else 3232 else
3206 return (0); 3233 return (0);
@@ -3219,7 +3246,8 @@ ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
3219 i = 0; 3246 i = 0;
3220 } 3247 }
3221 if (!i) { 3248 if (!i) {
3222 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_RSA_LIB); 3249 SSLerr(SSL_F_SSL3_CTX_CTRL,
3250 ERR_R_RSA_LIB);
3223 return (0); 3251 return (0);
3224 } else { 3252 } else {
3225 if (cert->rsa_tmp != NULL) 3253 if (cert->rsa_tmp != NULL)
@@ -3231,7 +3259,8 @@ ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
3231 /* break; */ 3259 /* break; */
3232 case SSL_CTRL_SET_TMP_RSA_CB: 3260 case SSL_CTRL_SET_TMP_RSA_CB:
3233 { 3261 {
3234 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 3262 SSLerr(SSL_F_SSL3_CTX_CTRL,
3263 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3235 return (0); 3264 return (0);
3236 } 3265 }
3237 break; 3266 break;
@@ -3242,12 +3271,14 @@ ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
3242 3271
3243 dh = (DH *)parg; 3272 dh = (DH *)parg;
3244 if ((new = DHparams_dup(dh)) == NULL) { 3273 if ((new = DHparams_dup(dh)) == NULL) {
3245 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_DH_LIB); 3274 SSLerr(SSL_F_SSL3_CTX_CTRL,
3275 ERR_R_DH_LIB);
3246 return 0; 3276 return 0;
3247 } 3277 }
3248 if (!(ctx->options & SSL_OP_SINGLE_DH_USE)) { 3278 if (!(ctx->options & SSL_OP_SINGLE_DH_USE)) {
3249 if (!DH_generate_key(new)) { 3279 if (!DH_generate_key(new)) {
3250 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_DH_LIB); 3280 SSLerr(SSL_F_SSL3_CTX_CTRL,
3281 ERR_R_DH_LIB);
3251 DH_free(new); 3282 DH_free(new);
3252 return 0; 3283 return 0;
3253 } 3284 }
@@ -3260,7 +3291,8 @@ ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
3260 /*break; */ 3291 /*break; */
3261 case SSL_CTRL_SET_TMP_DH_CB: 3292 case SSL_CTRL_SET_TMP_DH_CB:
3262 { 3293 {
3263 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 3294 SSLerr(SSL_F_SSL3_CTX_CTRL,
3295 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3264 return (0); 3296 return (0);
3265 } 3297 }
3266 break; 3298 break;
@@ -3271,18 +3303,21 @@ ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
3271 EC_KEY *ecdh = NULL; 3303 EC_KEY *ecdh = NULL;
3272 3304
3273 if (parg == NULL) { 3305 if (parg == NULL) {
3274 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_ECDH_LIB); 3306 SSLerr(SSL_F_SSL3_CTX_CTRL,
3307 ERR_R_ECDH_LIB);
3275 return 0; 3308 return 0;
3276 } 3309 }
3277 ecdh = EC_KEY_dup((EC_KEY *)parg); 3310 ecdh = EC_KEY_dup((EC_KEY *)parg);
3278 if (ecdh == NULL) { 3311 if (ecdh == NULL) {
3279 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_EC_LIB); 3312 SSLerr(SSL_F_SSL3_CTX_CTRL,
3313 ERR_R_EC_LIB);
3280 return 0; 3314 return 0;
3281 } 3315 }
3282 if (!(ctx->options & SSL_OP_SINGLE_ECDH_USE)) { 3316 if (!(ctx->options & SSL_OP_SINGLE_ECDH_USE)) {
3283 if (!EC_KEY_generate_key(ecdh)) { 3317 if (!EC_KEY_generate_key(ecdh)) {
3284 EC_KEY_free(ecdh); 3318 EC_KEY_free(ecdh);
3285 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_ECDH_LIB); 3319 SSLerr(SSL_F_SSL3_CTX_CTRL,
3320 ERR_R_ECDH_LIB);
3286 return 0; 3321 return 0;
3287 } 3322 }
3288 } 3323 }
@@ -3296,7 +3331,8 @@ ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
3296 /* break; */ 3331 /* break; */
3297 case SSL_CTRL_SET_TMP_ECDH_CB: 3332 case SSL_CTRL_SET_TMP_ECDH_CB:
3298 { 3333 {
3299 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 3334 SSLerr(SSL_F_SSL3_CTX_CTRL,
3335 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3300 return (0); 3336 return (0);
3301 } 3337 }
3302 break; 3338 break;
@@ -3312,17 +3348,21 @@ ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
3312 if (!keys) 3348 if (!keys)
3313 return 48; 3349 return 48;
3314 if (larg != 48) { 3350 if (larg != 48) {
3315 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_TICKET_KEYS_LENGTH); 3351 SSLerr(SSL_F_SSL3_CTX_CTRL,
3352 SSL_R_INVALID_TICKET_KEYS_LENGTH);
3316 return 0; 3353 return 0;
3317 } 3354 }
3318 if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS) { 3355 if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS) {
3319 memcpy(ctx->tlsext_tick_key_name, keys, 16); 3356 memcpy(ctx->tlsext_tick_key_name, keys, 16);
3320 memcpy(ctx->tlsext_tick_hmac_key, keys + 16, 16); 3357 memcpy(ctx->tlsext_tick_hmac_key,
3358 keys + 16, 16);
3321 memcpy(ctx->tlsext_tick_aes_key, keys + 32, 16); 3359 memcpy(ctx->tlsext_tick_aes_key, keys + 32, 16);
3322 } else { 3360 } else {
3323 memcpy(keys, ctx->tlsext_tick_key_name, 16); 3361 memcpy(keys, ctx->tlsext_tick_key_name, 16);
3324 memcpy(keys + 16, ctx->tlsext_tick_hmac_key, 16); 3362 memcpy(keys + 16,
3325 memcpy(keys + 32, ctx->tlsext_tick_aes_key, 16); 3363 ctx->tlsext_tick_hmac_key, 16);
3364 memcpy(keys + 32,
3365 ctx->tlsext_tick_aes_key, 16);
3326 } 3366 }
3327 return 1; 3367 return 1;
3328 } 3368 }
@@ -3346,17 +3386,21 @@ ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
3346 ctx->srp_ctx.login = NULL; 3386 ctx->srp_ctx.login = NULL;
3347 if (parg == NULL) 3387 if (parg == NULL)
3348 break; 3388 break;
3349 if (strlen((const char *)parg) > 255 || strlen((const char *)parg) < 1) { 3389 if (strlen((const char *)parg) > 255 ||
3350 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_SRP_USERNAME); 3390 strlen((const char *)parg) < 1) {
3391 SSLerr(SSL_F_SSL3_CTX_CTRL,
3392 SSL_R_INVALID_SRP_USERNAME);
3351 return 0; 3393 return 0;
3352 } 3394 }
3353 if ((ctx->srp_ctx.login = BUF_strdup((char *)parg)) == NULL) { 3395 if ((ctx->srp_ctx.login = BUF_strdup((char *)parg)) == NULL) {
3354 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_INTERNAL_ERROR); 3396 SSLerr(SSL_F_SSL3_CTX_CTRL,
3397 ERR_R_INTERNAL_ERROR);
3355 return 0; 3398 return 0;
3356 } 3399 }
3357 break; 3400 break;
3358 case SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD: 3401 case SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD:
3359 ctx->srp_ctx.SRP_give_srp_client_pwd_callback = srp_password_from_info_cb; 3402 ctx->srp_ctx.SRP_give_srp_client_pwd_callback =
3403 srp_password_from_info_cb;
3360 ctx->srp_ctx.info = parg; 3404 ctx->srp_ctx.info = parg;
3361 break; 3405 break;
3362 case SSL_CTRL_SET_SRP_ARG: 3406 case SSL_CTRL_SET_SRP_ARG:
@@ -3399,7 +3443,7 @@ ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
3399long 3443long
3400ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void)) 3444ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
3401{ 3445{
3402 CERT *cert; 3446 CERT *cert;
3403 3447
3404 cert = ctx->cert; 3448 cert = ctx->cert;
3405 3449
@@ -3425,12 +3469,14 @@ ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
3425#endif 3469#endif
3426#ifndef OPENSSL_NO_TLSEXT 3470#ifndef OPENSSL_NO_TLSEXT
3427 case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB: 3471 case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB:
3428 ctx->tlsext_servername_callback = (int (*)(SSL *, int *, void *))fp; 3472 ctx->tlsext_servername_callback =
3473 (int (*)(SSL *, int *, void *))fp;
3429 break; 3474 break;
3430 3475
3431#ifdef TLSEXT_TYPE_opaque_prf_input 3476#ifdef TLSEXT_TYPE_opaque_prf_input
3432 case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB: 3477 case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB:
3433 ctx->tlsext_opaque_prf_input_callback = (int (*)(SSL *, void *, size_t, void *))fp; 3478 ctx->tlsext_opaque_prf_input_callback =
3479 (int (*)(SSL *, void *, size_t, void *))fp;
3434 break; 3480 break;
3435#endif 3481#endif
3436 3482
@@ -3472,9 +3518,9 @@ ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
3472const SSL_CIPHER * 3518const SSL_CIPHER *
3473ssl3_get_cipher_by_char(const unsigned char *p) 3519ssl3_get_cipher_by_char(const unsigned char *p)
3474{ 3520{
3475 SSL_CIPHER c; 3521 SSL_CIPHER c;
3476 const SSL_CIPHER *cp; 3522 const SSL_CIPHER *cp;
3477 unsigned long id; 3523 unsigned long id;
3478 3524
3479 id = 0x03000000L | ((unsigned long)p[0] << 8L) | (unsigned long)p[1]; 3525 id = 0x03000000L | ((unsigned long)p[0] << 8L) | (unsigned long)p[1];
3480 c.id = id; 3526 c.id = id;
@@ -3492,7 +3538,7 @@ ssl3_get_cipher_by_char(const unsigned char *p)
3492int 3538int
3493ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p) 3539ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
3494{ 3540{
3495 long l; 3541 long l;
3496 3542
3497 if (p != NULL) { 3543 if (p != NULL) {
3498 l = c->id; 3544 l = c->id;
@@ -3507,9 +3553,9 @@ ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
3507SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, 3553SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
3508 STACK_OF(SSL_CIPHER) *srvr) 3554 STACK_OF(SSL_CIPHER) *srvr)
3509{ 3555{
3510 SSL_CIPHER *c, *ret = NULL; 3556 SSL_CIPHER *c, *ret = NULL;
3511 STACK_OF(SSL_CIPHER) *prio, *allow; 3557 STACK_OF(SSL_CIPHER) *prio, *allow;
3512 int i, ii, ok; 3558 int i, ii, ok;
3513#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_EC) 3559#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_EC)
3514 unsigned int j; 3560 unsigned int j;
3515 int ec_ok, ec_nid; 3561 int ec_ok, ec_nid;
@@ -3522,7 +3568,8 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
3522 cert = s->cert; 3568 cert = s->cert;
3523 3569
3524#if 0 3570#if 0
3525 /* Do not set the compare functions, because this may lead to a 3571 /*
3572 * Do not set the compare functions, because this may lead to a
3526 * reordering by "id". We want to keep the original ordering. 3573 * reordering by "id". We want to keep the original ordering.
3527 * We may pay a price in performance during sk_SSL_CIPHER_find(), 3574 * We may pay a price in performance during sk_SSL_CIPHER_find(),
3528 * but would have to pay with the price of sk_SSL_CIPHER_dup(). 3575 * but would have to pay with the price of sk_SSL_CIPHER_dup().
@@ -3532,12 +3579,14 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
3532#endif 3579#endif
3533 3580
3534#ifdef CIPHER_DEBUG 3581#ifdef CIPHER_DEBUG
3535 printf("Server has %d from %p:\n", sk_SSL_CIPHER_num(srvr), (void *)srvr); 3582 printf("Server has %d from %p:\n", sk_SSL_CIPHER_num(srvr),
3583 (void *)srvr);
3536 for (i = 0; i < sk_SSL_CIPHER_num(srvr); ++i) { 3584 for (i = 0; i < sk_SSL_CIPHER_num(srvr); ++i) {
3537 c = sk_SSL_CIPHER_value(srvr, i); 3585 c = sk_SSL_CIPHER_value(srvr, i);
3538 printf("%p:%s\n",(void *)c, c->name); 3586 printf("%p:%s\n",(void *)c, c->name);
3539 } 3587 }
3540 printf("Client sent %d from %p:\n", sk_SSL_CIPHER_num(clnt), (void *)clnt); 3588 printf("Client sent %d from %p:\n", sk_SSL_CIPHER_num(clnt),
3589 (void *)clnt);
3541 for (i = 0; i < sk_SSL_CIPHER_num(clnt); ++i) { 3590 for (i = 0; i < sk_SSL_CIPHER_num(clnt); ++i) {
3542 c = sk_SSL_CIPHER_value(clnt, i); 3591 c = sk_SSL_CIPHER_value(clnt, i);
3543 printf("%p:%s\n",(void *)c, c->name); 3592 printf("%p:%s\n",(void *)c, c->name);
@@ -3592,26 +3641,35 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
3592 if (SSL_C_IS_EXPORT(c)) { 3641 if (SSL_C_IS_EXPORT(c)) {
3593 ok = (alg_k & emask_k) && (alg_a & emask_a); 3642 ok = (alg_k & emask_k) && (alg_a & emask_a);
3594#ifdef CIPHER_DEBUG 3643#ifdef CIPHER_DEBUG
3595 printf("%d:[%08lX:%08lX:%08lX:%08lX]%p:%s (export)\n", ok, alg_k, alg_a, emask_k, emask_a, 3644 printf("%d:[%08lX:%08lX:%08lX:%08lX]%p:%s (export)\n",
3596 (void *)c, c->name); 3645 ok, alg_k, alg_a, emask_k, emask_a, (void *)c,
3646 c->name);
3597#endif 3647#endif
3598 } else { 3648 } else {
3599 ok = (alg_k & mask_k) && (alg_a & mask_a); 3649 ok = (alg_k & mask_k) && (alg_a & mask_a);
3600#ifdef CIPHER_DEBUG 3650#ifdef CIPHER_DEBUG
3601 printf("%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n", ok, alg_k, alg_a, mask_k, mask_a,(void *)c, 3651 printf("%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n",
3602 c->name); 3652 ok, alg_k, alg_a, mask_k, mask_a,(void *)c,
3653 c->name);
3603#endif 3654#endif
3604 } 3655 }
3605 3656
3606#ifndef OPENSSL_NO_TLSEXT 3657#ifndef OPENSSL_NO_TLSEXT
3607#ifndef OPENSSL_NO_EC 3658#ifndef OPENSSL_NO_EC
3608 if ( 3659 if (
3609 /* if we are considering an ECC cipher suite that uses our certificate */ 3660 /*
3661 * if we are considering an ECC cipher suite that uses our
3662 * certificate
3663 */
3610 (alg_a & SSL_aECDSA || alg_a & SSL_aECDH) 3664 (alg_a & SSL_aECDSA || alg_a & SSL_aECDH)
3611 /* and we have an ECC certificate */ 3665 /* and we have an ECC certificate */
3612 && (s->cert->pkeys[SSL_PKEY_ECC].x509 != NULL) 3666 && (s->cert->pkeys[SSL_PKEY_ECC].x509 != NULL)
3613 /* and the client specified a Supported Point Formats extension */ 3667 /*
3614 && ((s->session->tlsext_ecpointformatlist_length > 0) && (s->session->tlsext_ecpointformatlist != NULL)) 3668 * and the client specified a Supported Point Formats
3669 * extension
3670 */
3671 && ((s->session->tlsext_ecpointformatlist_length > 0) &&
3672 (s->session->tlsext_ecpointformatlist != NULL))
3615 /* and our certificate's point is compressed */ 3673 /* and our certificate's point is compressed */
3616 && ( 3674 && (
3617 (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info != NULL) 3675 (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info != NULL)
@@ -3625,8 +3683,11 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
3625 ) 3683 )
3626 ) { 3684 ) {
3627 ec_ok = 0; 3685 ec_ok = 0;
3628 /* if our certificate's curve is over a field type that the client does not support 3686 /*
3629 * then do not allow this cipher suite to be negotiated */ 3687 * If our certificate's curve is over a field type
3688 * that the client does not support then do not allow
3689 * this cipher suite to be negotiated
3690 */
3630 if ( 3691 if (
3631 (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec != NULL) 3692 (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec != NULL)
3632 && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group != NULL) 3693 && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group != NULL)
@@ -3650,7 +3711,10 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
3650 ok = ok && ec_ok; 3711 ok = ok && ec_ok;
3651 } 3712 }
3652 if ( 3713 if (
3653 /* if we are considering an ECC cipher suite that uses our certificate */ 3714 /*
3715 * If we are considering an ECC cipher suite that uses our
3716 * certificate
3717 */
3654 (alg_a & SSL_aECDSA || alg_a & SSL_aECDH) 3718 (alg_a & SSL_aECDSA || alg_a & SSL_aECDH)
3655 /* and we have an ECC certificate */ 3719 /* and we have an ECC certificate */
3656 && (s->cert->pkeys[SSL_PKEY_ECC].x509 != NULL) 3720 && (s->cert->pkeys[SSL_PKEY_ECC].x509 != NULL)
@@ -3689,7 +3753,10 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
3689 ok = ok && ec_ok; 3753 ok = ok && ec_ok;
3690 } 3754 }
3691 if ( 3755 if (
3692 /* if we are considering an ECC cipher suite that uses an ephemeral EC key */ 3756 /*
3757 * if we are considering an ECC cipher suite that uses an
3758 * ephemeral EC key
3759 */
3693 (alg_k & SSL_kEECDH) 3760 (alg_k & SSL_kEECDH)
3694 /* and we have an ephemeral EC key */ 3761 /* and we have an ephemeral EC key */
3695 && (s->cert->ecdh_tmp != NULL) 3762 && (s->cert->ecdh_tmp != NULL)
@@ -3732,7 +3799,8 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
3732 ii = sk_SSL_CIPHER_find(allow, c); 3799 ii = sk_SSL_CIPHER_find(allow, c);
3733 if (ii >= 0) { 3800 if (ii >= 0) {
3734#if !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_TLSEXT) 3801#if !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_TLSEXT)
3735 if ((alg_k & SSL_kEECDH) && (alg_a & SSL_aECDSA) && s->s3->is_probably_safari) { 3802 if ((alg_k & SSL_kEECDH) &&
3803 (alg_a & SSL_aECDSA) && s->s3->is_probably_safari) {
3736 if (!ret) 3804 if (!ret)
3737 ret = sk_SSL_CIPHER_value(allow, ii); 3805 ret = sk_SSL_CIPHER_value(allow, ii);
3738 continue; 3806 continue;
@@ -3748,8 +3816,8 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
3748int 3816int
3749ssl3_get_req_cert_type(SSL *s, unsigned char *p) 3817ssl3_get_req_cert_type(SSL *s, unsigned char *p)
3750{ 3818{
3751 int ret = 0; 3819 int ret = 0;
3752 unsigned long alg_k; 3820 unsigned long alg_k;
3753 3821
3754 alg_k = s->s3->tmp.new_cipher->algorithm_mkey; 3822 alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
3755 3823
@@ -3784,7 +3852,8 @@ ssl3_get_req_cert_type(SSL *s, unsigned char *p)
3784#endif 3852#endif
3785 3853
3786#ifndef OPENSSL_NO_ECDSA 3854#ifndef OPENSSL_NO_ECDSA
3787 /* ECDSA certs can be used with RSA cipher suites as well 3855 /*
3856 * ECDSA certs can be used with RSA cipher suites as well
3788 * so we don't need to check for SSL_kECDH or SSL_kEECDH 3857 * so we don't need to check for SSL_kECDH or SSL_kEECDH
3789 */ 3858 */
3790 if (s->version >= TLS1_VERSION) { 3859 if (s->version >= TLS1_VERSION) {
@@ -3797,10 +3866,12 @@ ssl3_get_req_cert_type(SSL *s, unsigned char *p)
3797int 3866int
3798ssl3_shutdown(SSL *s) 3867ssl3_shutdown(SSL *s)
3799{ 3868{
3800 int ret; 3869 int ret;
3801 3870
3802 /* Don't do anything much if we have not done the handshake or 3871 /*
3803 * we don't want to send messages :-) */ 3872 * Don't do anything much if we have not done the handshake or
3873 * we don't want to send messages :-)
3874 */
3804 if ((s->quiet_shutdown) || (s->state == SSL_ST_BEFORE)) { 3875 if ((s->quiet_shutdown) || (s->state == SSL_ST_BEFORE)) {
3805 s->shutdown = (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); 3876 s->shutdown = (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
3806 return (1); 3877 return (1);
@@ -3811,8 +3882,10 @@ ssl3_shutdown(SSL *s)
3811#if 1 3882#if 1
3812 ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY); 3883 ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY);
3813#endif 3884#endif
3814 /* our shutdown alert has been sent now, and if it still needs 3885 /*
3815 * to be written, s->s3->alert_dispatch will be true */ 3886 * Our shutdown alert has been sent now, and if it still needs
3887 * to be written, s->s3->alert_dispatch will be true
3888 */
3816 if (s->s3->alert_dispatch) 3889 if (s->s3->alert_dispatch)
3817 return(-1); /* return WANT_WRITE */ 3890 return(-1); /* return WANT_WRITE */
3818 } else if (s->s3->alert_dispatch) { 3891 } else if (s->s3->alert_dispatch) {
@@ -3820,10 +3893,12 @@ ssl3_shutdown(SSL *s)
3820#if 1 3893#if 1
3821 ret = s->method->ssl_dispatch_alert(s); 3894 ret = s->method->ssl_dispatch_alert(s);
3822 if (ret == -1) { 3895 if (ret == -1) {
3823 /* we only get to return -1 here the 2nd/Nth 3896 /*
3897 * We only get to return -1 here the 2nd/Nth
3824 * invocation, we must have already signalled 3898 * invocation, we must have already signalled
3825 * return 0 upon a previous invoation, 3899 * return 0 upon a previous invoation,
3826 * return WANT_WRITE */ 3900 * return WANT_WRITE
3901 */
3827 return (ret); 3902 return (ret);
3828 } 3903 }
3829#endif 3904#endif
@@ -3845,7 +3920,7 @@ ssl3_shutdown(SSL *s)
3845int 3920int
3846ssl3_write(SSL *s, const void *buf, int len) 3921ssl3_write(SSL *s, const void *buf, int len)
3847{ 3922{
3848 int ret, n; 3923 int ret, n;
3849 3924
3850#if 0 3925#if 0
3851 if (s->shutdown & SSL_SEND_SHUTDOWN) { 3926 if (s->shutdown & SSL_SEND_SHUTDOWN) {
@@ -3857,16 +3932,18 @@ ssl3_write(SSL *s, const void *buf, int len)
3857 if (s->s3->renegotiate) 3932 if (s->s3->renegotiate)
3858 ssl3_renegotiate_check(s); 3933 ssl3_renegotiate_check(s);
3859 3934
3860 /* This is an experimental flag that sends the 3935 /*
3936 * This is an experimental flag that sends the
3861 * last handshake message in the same packet as the first 3937 * last handshake message in the same packet as the first
3862 * use data - used to see if it helps the TCP protocol during 3938 * use data - used to see if it helps the TCP protocol during
3863 * session-id reuse */ 3939 * session-id reuse
3940 */
3864 /* The second test is because the buffer may have been removed */ 3941 /* The second test is because the buffer may have been removed */
3865 if ((s->s3->flags & SSL3_FLAGS_POP_BUFFER) && (s->wbio == s->bbio)) { 3942 if ((s->s3->flags & SSL3_FLAGS_POP_BUFFER) && (s->wbio == s->bbio)) {
3866 /* First time through, we write into the buffer */ 3943 /* First time through, we write into the buffer */
3867 if (s->s3->delay_buf_pop_ret == 0) { 3944 if (s->s3->delay_buf_pop_ret == 0) {
3868 ret = ssl3_write_bytes(s, SSL3_RT_APPLICATION_DATA, 3945 ret = ssl3_write_bytes(s, SSL3_RT_APPLICATION_DATA,
3869 buf, len); 3946 buf, len);
3870 if (ret <= 0) 3947 if (ret <= 0)
3871 return (ret); 3948 return (ret);
3872 3949
@@ -3887,7 +3964,7 @@ ssl3_write(SSL *s, const void *buf, int len)
3887 s->s3->delay_buf_pop_ret = 0; 3964 s->s3->delay_buf_pop_ret = 0;
3888 } else { 3965 } else {
3889 ret = s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA, 3966 ret = s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA,
3890 buf, len); 3967 buf, len);
3891 if (ret <= 0) 3968 if (ret <= 0)
3892 return (ret); 3969 return (ret);
3893 } 3970 }
@@ -3898,21 +3975,25 @@ ssl3_write(SSL *s, const void *buf, int len)
3898static int 3975static int
3899ssl3_read_internal(SSL *s, void *buf, int len, int peek) 3976ssl3_read_internal(SSL *s, void *buf, int len, int peek)
3900{ 3977{
3901 int ret; 3978 int ret;
3902 3979
3903 errno = 0; 3980 errno = 0;
3904 if (s->s3->renegotiate) 3981 if (s->s3->renegotiate)
3905 ssl3_renegotiate_check(s); 3982 ssl3_renegotiate_check(s);
3906 s->s3->in_read_app_data = 1; 3983 s->s3->in_read_app_data = 1;
3907 ret = s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len, peek); 3984 ret = s->method->ssl_read_bytes(s,
3985 SSL3_RT_APPLICATION_DATA, buf, len, peek);
3908 if ((ret == -1) && (s->s3->in_read_app_data == 2)) { 3986 if ((ret == -1) && (s->s3->in_read_app_data == 2)) {
3909 /* ssl3_read_bytes decided to call s->handshake_func, which 3987 /*
3988 * ssl3_read_bytes decided to call s->handshake_func, which
3910 * called ssl3_read_bytes to read handshake data. 3989 * called ssl3_read_bytes to read handshake data.
3911 * However, ssl3_read_bytes actually found application data 3990 * However, ssl3_read_bytes actually found application data
3912 * and thinks that application data makes sense here; so disable 3991 * and thinks that application data makes sense here; so disable
3913 * handshake processing and try to read application data again. */ 3992 * handshake processing and try to read application data again.
3993 */
3914 s->in_handshake++; 3994 s->in_handshake++;
3915 ret = s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len, peek); 3995 ret = s->method->ssl_read_bytes(s,
3996 SSL3_RT_APPLICATION_DATA, buf, len, peek);
3916 s->in_handshake--; 3997 s->in_handshake--;
3917 } else 3998 } else
3918 s->s3->in_read_app_data = 0; 3999 s->s3->in_read_app_data = 0;
@@ -3948,7 +4029,7 @@ ssl3_renegotiate(SSL *s)
3948int 4029int
3949ssl3_renegotiate_check(SSL *s) 4030ssl3_renegotiate_check(SSL *s)
3950{ 4031{
3951 int ret = 0; 4032 int ret = 0;
3952 4033
3953 if (s->s3->renegotiate) { 4034 if (s->s3->renegotiate) {
3954 if ((s->s3->rbuf.left == 0) && (s->s3->wbuf.left == 0) && 4035 if ((s->s3->rbuf.left == 0) && (s->s3->wbuf.left == 0) &&
@@ -3968,13 +4049,14 @@ ssl3_renegotiate_check(SSL *s)
3968 } 4049 }
3969 return (ret); 4050 return (ret);
3970} 4051}
3971/* If we are using TLS v1.2 or later and default SHA1+MD5 algorithms switch 4052/*
4053 * If we are using TLS v1.2 or later and default SHA1+MD5 algorithms switch
3972 * to new SHA256 PRF and handshake macs 4054 * to new SHA256 PRF and handshake macs
3973 */ 4055 */
3974long 4056long
3975ssl_get_algorithm2(SSL *s) 4057ssl_get_algorithm2(SSL *s)
3976{ 4058{
3977 long alg2 = s->s3->tmp.new_cipher->algorithm2; 4059 long alg2 = s->s3->tmp.new_cipher->algorithm2;
3978 4060
3979 if (s->method->version == TLS1_2_VERSION && 4061 if (s->method->version == TLS1_2_VERSION &&
3980 alg2 == (SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF)) 4062 alg2 == (SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF))
diff --git a/src/lib/libssl/src/ssl/s3_clnt.c b/src/lib/libssl/src/ssl/s3_clnt.c
index 0cd40f3a2d..b63f0bf0c9 100644
--- a/src/lib/libssl/src/ssl/s3_clnt.c
+++ b/src/lib/libssl/src/ssl/s3_clnt.c
@@ -181,10 +181,10 @@ IMPLEMENT_ssl3_meth_func(SSLv3_client_method,
181int 181int
182ssl3_connect(SSL *s) 182ssl3_connect(SSL *s)
183{ 183{
184 BUF_MEM *buf = NULL; 184 BUF_MEM *buf = NULL;
185 void (*cb)(const SSL *ssl, int type, int val) = NULL; 185 void (*cb)(const SSL *ssl, int type, int val) = NULL;
186 int ret = -1; 186 int ret = -1;
187 int new_state, state, skip = 0; 187 int new_state, state, skip = 0;
188 188
189 ERR_clear_error(); 189 ERR_clear_error();
190 errno = 0; 190 errno = 0;
@@ -217,7 +217,8 @@ ssl3_connect(SSL *s)
217 cb(s, SSL_CB_HANDSHAKE_START, 1); 217 cb(s, SSL_CB_HANDSHAKE_START, 1);
218 218
219 if ((s->version & 0xff00 ) != 0x0300) { 219 if ((s->version & 0xff00 ) != 0x0300) {
220 SSLerr(SSL_F_SSL3_CONNECT, ERR_R_INTERNAL_ERROR); 220 SSLerr(SSL_F_SSL3_CONNECT,
221 ERR_R_INTERNAL_ERROR);
221 ret = -1; 222 ret = -1;
222 goto end; 223 goto end;
223 } 224 }
@@ -230,7 +231,8 @@ ssl3_connect(SSL *s)
230 ret = -1; 231 ret = -1;
231 goto end; 232 goto end;
232 } 233 }
233 if (!BUF_MEM_grow(buf, SSL3_RT_MAX_PLAIN_LENGTH)) { 234 if (!BUF_MEM_grow(buf,
235 SSL3_RT_MAX_PLAIN_LENGTH)) {
234 ret = -1; 236 ret = -1;
235 goto end; 237 goto end;
236 } 238 }
@@ -309,10 +311,11 @@ ssl3_connect(SSL *s)
309 break; 311 break;
310 } 312 }
311#endif 313#endif
312 /* Check if it is anon DH/ECDH */ 314 /* Check if it is anon DH/ECDH or PSK */
313 /* or PSK */ 315 if (!(s->s3->tmp.new_cipher->algorithm_auth &
314 if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) && 316 SSL_aNULL) &&
315 !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) { 317 !(s->s3->tmp.new_cipher->algorithm_mkey &
318 SSL_kPSK)) {
316 ret = ssl3_get_server_certificate(s); 319 ret = ssl3_get_server_certificate(s);
317 if (ret <= 0) 320 if (ret <= 0)
318 goto end; 321 goto end;
@@ -342,8 +345,10 @@ ssl3_connect(SSL *s)
342 s->state = SSL3_ST_CR_CERT_REQ_A; 345 s->state = SSL3_ST_CR_CERT_REQ_A;
343 s->init_num = 0; 346 s->init_num = 0;
344 347
345 /* at this point we check that we have the 348 /*
346 * required stuff from the server */ 349 * At this point we check that we have the
350 * required stuff from the server.
351 */
347 if (!ssl3_check_cert_and_algorithm(s)) { 352 if (!ssl3_check_cert_and_algorithm(s)) {
348 ret = -1; 353 ret = -1;
349 goto end; 354 goto end;
@@ -367,8 +372,10 @@ ssl3_connect(SSL *s)
367#ifndef OPENSSL_NO_SRP 372#ifndef OPENSSL_NO_SRP
368 if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kSRP) { 373 if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kSRP) {
369 if ((ret = SRP_Calc_A_param(s)) <= 0) { 374 if ((ret = SRP_Calc_A_param(s)) <= 0) {
370 SSLerr(SSL_F_SSL3_CONNECT, SSL_R_SRP_A_CALC); 375 SSLerr(SSL_F_SSL3_CONNECT,
371 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR); 376 SSL_R_SRP_A_CALC);
377 ssl3_send_alert(s, SSL3_AL_FATAL,
378 SSL_AD_INTERNAL_ERROR);
372 goto end; 379 goto end;
373 } 380 }
374 } 381 }
@@ -397,11 +404,16 @@ ssl3_connect(SSL *s)
397 ret = ssl3_send_client_key_exchange(s); 404 ret = ssl3_send_client_key_exchange(s);
398 if (ret <= 0) 405 if (ret <= 0)
399 goto end; 406 goto end;
400 /* EAY EAY EAY need to check for DH fix cert 407 /*
401 * sent back */ 408 * EAY EAY EAY need to check for DH fix cert
402 /* For TLS, cert_req is set to 2, so a cert chain 409 * sent back
403 * of nothing is sent, but no verify packet is sent */ 410 */
404 /* XXX: For now, we do not support client 411 /*
412 * For TLS, cert_req is set to 2, so a cert chain
413 * of nothing is sent, but no verify packet is sent
414 */
415 /*
416 * XXX: For now, we do not support client
405 * authentication in ECDH cipher suites with 417 * authentication in ECDH cipher suites with
406 * ECDH (rather than ECDSA) certificates. 418 * ECDH (rather than ECDSA) certificates.
407 * We need to skip the certificate verify 419 * We need to skip the certificate verify
@@ -457,7 +469,7 @@ ssl3_connect(SSL *s)
457 s->session->compress_meth = 0; 469 s->session->compress_meth = 0;
458 else 470 else
459 s->session->compress_meth = 471 s->session->compress_meth =
460 s->s3->tmp.new_compression->id; 472 s->s3->tmp.new_compression->id;
461#endif 473#endif
462 if (!s->method->ssl3_enc->setup_key_block(s)) { 474 if (!s->method->ssl3_enc->setup_key_block(s)) {
463 ret = -1; 475 ret = -1;
@@ -465,7 +477,7 @@ ssl3_connect(SSL *s)
465 } 477 }
466 478
467 if (!s->method->ssl3_enc->change_cipher_state(s, 479 if (!s->method->ssl3_enc->change_cipher_state(s,
468 SSL3_CHANGE_CIPHER_CLIENT_WRITE)) { 480 SSL3_CHANGE_CIPHER_CLIENT_WRITE)) {
469 ret = -1; 481 ret = -1;
470 goto end; 482 goto end;
471 } 483 }
@@ -496,7 +508,8 @@ ssl3_connect(SSL *s)
496 s->s3->flags &= ~SSL3_FLAGS_POP_BUFFER; 508 s->s3->flags &= ~SSL3_FLAGS_POP_BUFFER;
497 if (s->hit) { 509 if (s->hit) {
498 s->s3->tmp.next_state = SSL_ST_OK; 510 s->s3->tmp.next_state = SSL_ST_OK;
499 if (s->s3->flags & SSL3_FLAGS_DELAY_CLIENT_FINISHED) { 511 if (s->s3->flags &
512 SSL3_FLAGS_DELAY_CLIENT_FINISHED) {
500 s->state = SSL_ST_OK; 513 s->state = SSL_ST_OK;
501 s->s3->flags|=SSL3_FLAGS_POP_BUFFER; 514 s->s3->flags|=SSL3_FLAGS_POP_BUFFER;
502 s->s3->delay_buf_pop_ret = 0; 515 s->s3->delay_buf_pop_ret = 0;
@@ -505,7 +518,8 @@ ssl3_connect(SSL *s)
505#ifndef OPENSSL_NO_TLSEXT 518#ifndef OPENSSL_NO_TLSEXT
506 /* Allow NewSessionTicket if ticket expected */ 519 /* Allow NewSessionTicket if ticket expected */
507 if (s->tlsext_ticket_expected) 520 if (s->tlsext_ticket_expected)
508 s->s3->tmp.next_state = SSL3_ST_CR_SESSION_TICKET_A; 521 s->s3->tmp.next_state =
522 SSL3_ST_CR_SESSION_TICKET_A;
509 else 523 else
510#endif 524#endif
511 525
@@ -568,8 +582,10 @@ ssl3_connect(SSL *s)
568 s->init_buf = NULL; 582 s->init_buf = NULL;
569 } 583 }
570 584
571 /* If we are not 'joining' the last two packets, 585 /*
572 * remove the buffering now */ 586 * If we are not 'joining' the last two packets,
587 * remove the buffering now
588 */
573 if (!(s->s3->flags & SSL3_FLAGS_POP_BUFFER)) 589 if (!(s->s3->flags & SSL3_FLAGS_POP_BUFFER))
574 ssl_free_wbio_buffer(s); 590 ssl_free_wbio_buffer(s);
575 /* else do it later in ssl3_write */ 591 /* else do it later in ssl3_write */
@@ -594,7 +610,8 @@ ssl3_connect(SSL *s)
594 /* break; */ 610 /* break; */
595 611
596 default: 612 default:
597 SSLerr(SSL_F_SSL3_CONNECT, SSL_R_UNKNOWN_STATE); 613 SSLerr(SSL_F_SSL3_CONNECT,
614 SSL_R_UNKNOWN_STATE);
598 ret = -1; 615 ret = -1;
599 goto end; 616 goto end;
600 /* break; */ 617 /* break; */
@@ -616,7 +633,7 @@ ssl3_connect(SSL *s)
616 } 633 }
617 skip = 0; 634 skip = 0;
618 } 635 }
619end: 636 end:
620 s->in_handshake--; 637 s->in_handshake--;
621 if (buf != NULL) 638 if (buf != NULL)
622 BUF_MEM_free(buf); 639 BUF_MEM_free(buf);
@@ -629,13 +646,13 @@ end:
629int 646int
630ssl3_client_hello(SSL *s) 647ssl3_client_hello(SSL *s)
631{ 648{
632 unsigned char *buf; 649 unsigned char *buf;
633 unsigned char *p, *d; 650 unsigned char *p, *d;
634 int i; 651 int i;
635 unsigned long l; 652 unsigned long l;
636#ifndef OPENSSL_NO_COMP 653#ifndef OPENSSL_NO_COMP
637 int j; 654 int j;
638 SSL_COMP *comp; 655 SSL_COMP *comp;
639#endif 656#endif
640 657
641 buf = (unsigned char *)s->init_buf->data; 658 buf = (unsigned char *)s->init_buf->data;
@@ -660,9 +677,10 @@ ssl3_client_hello(SSL *s)
660 goto err; 677 goto err;
661 678
662 /* Do the message type and length last */ 679 /* Do the message type and length last */
663 d = p= &(buf[4]); 680 d = p = &(buf[4]);
664 681
665 /* version indicates the negotiated version: for example from 682 /*
683 * Version indicates the negotiated version: for example from
666 * an SSLv2/v3 compatible client hello). The client_version 684 * an SSLv2/v3 compatible client hello). The client_version
667 * field is the maximum version we permit and it is also 685 * field is the maximum version we permit and it is also
668 * used in RSA encrypted premaster secrets. Some servers can 686 * used in RSA encrypted premaster secrets. Some servers can
@@ -697,7 +715,7 @@ ssl3_client_hello(SSL *s)
697 s->client_version = s->version; 715 s->client_version = s->version;
698#else 716#else
699 *(p++) = s->client_version >> 8; 717 *(p++) = s->client_version >> 8;
700 *(p++) = s->client_version&0xff; 718 *(p++) = s->client_version & 0xff;
701#endif 719#endif
702 720
703 /* Random stuff */ 721 /* Random stuff */
@@ -712,7 +730,8 @@ ssl3_client_hello(SSL *s)
712 *(p++) = i; 730 *(p++) = i;
713 if (i != 0) { 731 if (i != 0) {
714 if (i > (int)sizeof(s->session->session_id)) { 732 if (i > (int)sizeof(s->session->session_id)) {
715 SSLerr(SSL_F_SSL3_CLIENT_HELLO, ERR_R_INTERNAL_ERROR); 733 SSLerr(SSL_F_SSL3_CLIENT_HELLO,
734 ERR_R_INTERNAL_ERROR);
716 goto err; 735 goto err;
717 } 736 }
718 memcpy(p, s->session->session_id, i); 737 memcpy(p, s->session->session_id, i);
@@ -722,11 +741,13 @@ ssl3_client_hello(SSL *s)
722 /* Ciphers supported */ 741 /* Ciphers supported */
723 i = ssl_cipher_list_to_bytes(s, SSL_get_ciphers(s), &(p[2]), 0); 742 i = ssl_cipher_list_to_bytes(s, SSL_get_ciphers(s), &(p[2]), 0);
724 if (i == 0) { 743 if (i == 0) {
725 SSLerr(SSL_F_SSL3_CLIENT_HELLO, SSL_R_NO_CIPHERS_AVAILABLE); 744 SSLerr(SSL_F_SSL3_CLIENT_HELLO,
745 SSL_R_NO_CIPHERS_AVAILABLE);
726 goto err; 746 goto err;
727 } 747 }
728#ifdef OPENSSL_MAX_TLS1_2_CIPHER_LENGTH 748#ifdef OPENSSL_MAX_TLS1_2_CIPHER_LENGTH
729 /* Some servers hang if client hello > 256 bytes 749 /*
750 * Some servers hang if client hello > 256 bytes
730 * as hack workaround chop number of supported ciphers 751 * as hack workaround chop number of supported ciphers
731 * to keep it well below this if we use TLS v1.2 752 * to keep it well below this if we use TLS v1.2
732 */ 753 */
@@ -758,11 +779,14 @@ ssl3_client_hello(SSL *s)
758#ifndef OPENSSL_NO_TLSEXT 779#ifndef OPENSSL_NO_TLSEXT
759 /* TLS extensions*/ 780 /* TLS extensions*/
760 if (ssl_prepare_clienthello_tlsext(s) <= 0) { 781 if (ssl_prepare_clienthello_tlsext(s) <= 0) {
761 SSLerr(SSL_F_SSL3_CLIENT_HELLO, SSL_R_CLIENTHELLO_TLSEXT); 782 SSLerr(SSL_F_SSL3_CLIENT_HELLO,
783 SSL_R_CLIENTHELLO_TLSEXT);
762 goto err; 784 goto err;
763 } 785 }
764 if ((p = ssl_add_clienthello_tlsext(s, p, buf + SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) { 786 if ((p = ssl_add_clienthello_tlsext(s, p,
765 SSLerr(SSL_F_SSL3_CLIENT_HELLO, ERR_R_INTERNAL_ERROR); 787 buf + SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) {
788 SSLerr(SSL_F_SSL3_CLIENT_HELLO,
789 ERR_R_INTERNAL_ERROR);
766 goto err; 790 goto err;
767 } 791 }
768#endif 792#endif
@@ -780,21 +804,21 @@ ssl3_client_hello(SSL *s)
780 804
781 /* SSL3_ST_CW_CLNT_HELLO_B */ 805 /* SSL3_ST_CW_CLNT_HELLO_B */
782 return (ssl3_do_write(s, SSL3_RT_HANDSHAKE)); 806 return (ssl3_do_write(s, SSL3_RT_HANDSHAKE));
783err: 807 err:
784 return (-1); 808 return (-1);
785} 809}
786 810
787int 811int
788ssl3_get_server_hello(SSL *s) 812ssl3_get_server_hello(SSL *s)
789{ 813{
790 STACK_OF(SSL_CIPHER) *sk; 814 STACK_OF(SSL_CIPHER) *sk;
791 const SSL_CIPHER *c; 815 const SSL_CIPHER *c;
792 unsigned char *p, *d; 816 unsigned char *p, *d;
793 int i, al, ok; 817 int i, al, ok;
794 unsigned int j; 818 unsigned int j;
795 long n; 819 long n;
796#ifndef OPENSSL_NO_COMP 820#ifndef OPENSSL_NO_COMP
797 SSL_COMP *comp; 821 SSL_COMP *comp;
798#endif 822#endif
799 823
800 n = s->method->ssl_get_message(s, SSL3_ST_CR_SRVR_HELLO_A, 824 n = s->method->ssl_get_message(s, SSL3_ST_CR_SRVR_HELLO_A,
@@ -803,7 +827,8 @@ ssl3_get_server_hello(SSL *s)
803 if (!ok) 827 if (!ok)
804 return ((int)n); 828 return ((int)n);
805 829
806 if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER) { 830 if (SSL_version(s) == DTLS1_VERSION ||
831 SSL_version(s) == DTLS1_BAD_VER) {
807 if (s->s3->tmp.message_type == DTLS1_MT_HELLO_VERIFY_REQUEST) { 832 if (s->s3->tmp.message_type == DTLS1_MT_HELLO_VERIFY_REQUEST) {
808 if (s->d1->send_cookie == 0) { 833 if (s->d1->send_cookie == 0) {
809 s->s3->tmp.reuse_message = 1; 834 s->s3->tmp.reuse_message = 1;
@@ -812,7 +837,8 @@ ssl3_get_server_hello(SSL *s)
812 else /* already sent a cookie */ 837 else /* already sent a cookie */
813 { 838 {
814 al = SSL_AD_UNEXPECTED_MESSAGE; 839 al = SSL_AD_UNEXPECTED_MESSAGE;
815 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_BAD_MESSAGE_TYPE); 840 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
841 SSL_R_BAD_MESSAGE_TYPE);
816 goto f_err; 842 goto f_err;
817 } 843 }
818 } 844 }
@@ -820,14 +846,16 @@ ssl3_get_server_hello(SSL *s)
820 846
821 if (s->s3->tmp.message_type != SSL3_MT_SERVER_HELLO) { 847 if (s->s3->tmp.message_type != SSL3_MT_SERVER_HELLO) {
822 al = SSL_AD_UNEXPECTED_MESSAGE; 848 al = SSL_AD_UNEXPECTED_MESSAGE;
823 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_BAD_MESSAGE_TYPE); 849 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
850 SSL_R_BAD_MESSAGE_TYPE);
824 goto f_err; 851 goto f_err;
825 } 852 }
826 853
827 d = p=(unsigned char *)s->init_msg; 854 d = p=(unsigned char *)s->init_msg;
828 855
829 if ((p[0] != (s->version >> 8)) || (p[1] != (s->version & 0xff))) { 856 if ((p[0] != (s->version >> 8)) || (p[1] != (s->version & 0xff))) {
830 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_WRONG_SSL_VERSION); 857 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
858 SSL_R_WRONG_SSL_VERSION);
831 s->version = (s->version&0xff00)|p[1]; 859 s->version = (s->version&0xff00)|p[1];
832 al = SSL_AD_PROTOCOL_VERSION; 860 al = SSL_AD_PROTOCOL_VERSION;
833 goto f_err; 861 goto f_err;
@@ -842,14 +870,19 @@ ssl3_get_server_hello(SSL *s)
842 /* get the session-id */ 870 /* get the session-id */
843 j= *(p++); 871 j= *(p++);
844 872
845 if ((j > sizeof s->session->session_id) || (j > SSL3_SESSION_ID_SIZE)) { 873 if ((j > sizeof s->session->session_id) ||
874 (j > SSL3_SESSION_ID_SIZE)) {
846 al = SSL_AD_ILLEGAL_PARAMETER; 875 al = SSL_AD_ILLEGAL_PARAMETER;
847 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_SSL3_SESSION_ID_TOO_LONG); 876 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
877 SSL_R_SSL3_SESSION_ID_TOO_LONG);
848 goto f_err; 878 goto f_err;
849 } 879 }
850 880
851#ifndef OPENSSL_NO_TLSEXT 881#ifndef OPENSSL_NO_TLSEXT
852 /* check if we want to resume the session based on external pre-shared secret */ 882 /*
883 * Check if we want to resume the session based on external
884 * pre-shared secret
885 */
853 if (s->version >= TLS1_VERSION && s->tls_session_secret_cb) { 886 if (s->version >= TLS1_VERSION && s->tls_session_secret_cb) {
854 SSL_CIPHER *pref_cipher = NULL; 887 SSL_CIPHER *pref_cipher = NULL;
855 s->session->master_key_length = sizeof(s->session->master_key); 888 s->session->master_key_length = sizeof(s->session->master_key);
@@ -865,16 +898,17 @@ ssl3_get_server_hello(SSL *s)
865 if (j != 0 && j == s->session->session_id_length && 898 if (j != 0 && j == s->session->session_id_length &&
866 memcmp(p, s->session->session_id, j) == 0) { 899 memcmp(p, s->session->session_id, j) == 0) {
867 if (s->sid_ctx_length != s->session->sid_ctx_length || 900 if (s->sid_ctx_length != s->session->sid_ctx_length ||
868 memcmp(s->session->sid_ctx, s->sid_ctx, s->sid_ctx_length)) { 901 memcmp(s->session->sid_ctx,
902 s->sid_ctx, s->sid_ctx_length)) {
869 /* actually a client application bug */ 903 /* actually a client application bug */
870 al = SSL_AD_ILLEGAL_PARAMETER; 904 al = SSL_AD_ILLEGAL_PARAMETER;
871 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT); 905 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
906 SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT);
872 goto f_err; 907 goto f_err;
873 } 908 }
874 s->hit = 1; 909 s->hit = 1;
875 } 910 } else { /* a miss or crap from the other end */
876 else /* a miss or crap from the other end */ 911
877 {
878 /* If we were trying for session-id reuse, make a new 912 /* If we were trying for session-id reuse, make a new
879 * SSL_SESSION so we don't stuff up other people */ 913 * SSL_SESSION so we don't stuff up other people */
880 s->hit = 0; 914 s->hit = 0;
@@ -892,14 +926,16 @@ ssl3_get_server_hello(SSL *s)
892 if (c == NULL) { 926 if (c == NULL) {
893 /* unknown cipher */ 927 /* unknown cipher */
894 al = SSL_AD_ILLEGAL_PARAMETER; 928 al = SSL_AD_ILLEGAL_PARAMETER;
895 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_UNKNOWN_CIPHER_RETURNED); 929 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
930 SSL_R_UNKNOWN_CIPHER_RETURNED);
896 goto f_err; 931 goto f_err;
897 } 932 }
898 /* TLS v1.2 only ciphersuites require v1.2 or later */ 933 /* TLS v1.2 only ciphersuites require v1.2 or later */
899 if ((c->algorithm_ssl & SSL_TLSV1_2) && 934 if ((c->algorithm_ssl & SSL_TLSV1_2) &&
900 (TLS1_get_version(s) < TLS1_2_VERSION)) { 935 (TLS1_get_version(s) < TLS1_2_VERSION)) {
901 al = SSL_AD_ILLEGAL_PARAMETER; 936 al = SSL_AD_ILLEGAL_PARAMETER;
902 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_WRONG_CIPHER_RETURNED); 937 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
938 SSL_R_WRONG_CIPHER_RETURNED);
903 goto f_err; 939 goto f_err;
904 } 940 }
905 p += ssl_put_cipher_by_char(s, NULL, NULL); 941 p += ssl_put_cipher_by_char(s, NULL, NULL);
@@ -909,25 +945,31 @@ ssl3_get_server_hello(SSL *s)
909 if (i < 0) { 945 if (i < 0) {
910 /* we did not say we would use this cipher */ 946 /* we did not say we would use this cipher */
911 al = SSL_AD_ILLEGAL_PARAMETER; 947 al = SSL_AD_ILLEGAL_PARAMETER;
912 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_WRONG_CIPHER_RETURNED); 948 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
949 SSL_R_WRONG_CIPHER_RETURNED);
913 goto f_err; 950 goto f_err;
914 } 951 }
915 952
916 /* Depending on the session caching (internal/external), the cipher 953 /*
917 and/or cipher_id values may not be set. Make sure that 954 * Depending on the session caching (internal/external), the cipher
918 cipher_id is set and use it for comparison. */ 955 * and/or cipher_id values may not be set. Make sure that
956 * cipher_id is set and use it for comparison.
957 */
919 if (s->session->cipher) 958 if (s->session->cipher)
920 s->session->cipher_id = s->session->cipher->id; 959 s->session->cipher_id = s->session->cipher->id;
921 if (s->hit && (s->session->cipher_id != c->id)) { 960 if (s->hit && (s->session->cipher_id != c->id)) {
922 al = SSL_AD_ILLEGAL_PARAMETER; 961 al = SSL_AD_ILLEGAL_PARAMETER;
923 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED); 962 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
963 SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED);
924 goto f_err; 964 goto f_err;
925 } 965 }
926 s->s3->tmp.new_cipher = c; 966 s->s3->tmp.new_cipher = c;
927 /* Don't digest cached records if TLS v1.2: we may need them for 967 /*
968 * Don't digest cached records if TLS v1.2: we may need them for
928 * client authentication. 969 * client authentication.
929 */ 970 */
930 if (TLS1_get_version(s) < TLS1_2_VERSION && !ssl3_digest_cached_records(s)) { 971 if (TLS1_get_version(s) < TLS1_2_VERSION &&
972 !ssl3_digest_cached_records(s)) {
931 al = SSL_AD_INTERNAL_ERROR; 973 al = SSL_AD_INTERNAL_ERROR;
932 goto f_err; 974 goto f_err;
933 } 975 }
@@ -936,36 +978,42 @@ ssl3_get_server_hello(SSL *s)
936#ifdef OPENSSL_NO_COMP 978#ifdef OPENSSL_NO_COMP
937 if (*(p++) != 0) { 979 if (*(p++) != 0) {
938 al = SSL_AD_ILLEGAL_PARAMETER; 980 al = SSL_AD_ILLEGAL_PARAMETER;
939 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM); 981 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
982 SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
940 goto f_err; 983 goto f_err;
941 } 984 }
942 /* If compression is disabled we'd better not try to resume a session 985 /*
986 * If compression is disabled we'd better not try to resume a session
943 * using compression. 987 * using compression.
944 */ 988 */
945 if (s->session->compress_meth != 0) { 989 if (s->session->compress_meth != 0) {
946 al = SSL_AD_INTERNAL_ERROR; 990 al = SSL_AD_INTERNAL_ERROR;
947 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_INCONSISTENT_COMPRESSION); 991 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
992 SSL_R_INCONSISTENT_COMPRESSION);
948 goto f_err; 993 goto f_err;
949 } 994 }
950#else 995#else
951 j= *(p++); 996 j= *(p++);
952 if (s->hit && j != s->session->compress_meth) { 997 if (s->hit && j != s->session->compress_meth) {
953 al = SSL_AD_ILLEGAL_PARAMETER; 998 al = SSL_AD_ILLEGAL_PARAMETER;
954 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED); 999 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
1000 SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED);
955 goto f_err; 1001 goto f_err;
956 } 1002 }
957 if (j == 0) 1003 if (j == 0)
958 comp = NULL; 1004 comp = NULL;
959 else if (s->options & SSL_OP_NO_COMPRESSION) { 1005 else if (s->options & SSL_OP_NO_COMPRESSION) {
960 al = SSL_AD_ILLEGAL_PARAMETER; 1006 al = SSL_AD_ILLEGAL_PARAMETER;
961 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_COMPRESSION_DISABLED); 1007 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
1008 SSL_R_COMPRESSION_DISABLED);
962 goto f_err; 1009 goto f_err;
963 } else 1010 } else
964 comp = ssl3_comp_find(s->ctx->comp_methods, j); 1011 comp = ssl3_comp_find(s->ctx->comp_methods, j);
965 1012
966 if ((j != 0) && (comp == NULL)) { 1013 if ((j != 0) && (comp == NULL)) {
967 al = SSL_AD_ILLEGAL_PARAMETER; 1014 al = SSL_AD_ILLEGAL_PARAMETER;
968 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM); 1015 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
1016 SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
969 goto f_err; 1017 goto f_err;
970 } else { 1018 } else {
971 s->s3->tmp.new_compression = comp; 1019 s->s3->tmp.new_compression = comp;
@@ -977,12 +1025,14 @@ ssl3_get_server_hello(SSL *s)
977 if (s->version >= SSL3_VERSION) { 1025 if (s->version >= SSL3_VERSION) {
978 if (!ssl_parse_serverhello_tlsext(s, &p, d, n, &al)) { 1026 if (!ssl_parse_serverhello_tlsext(s, &p, d, n, &al)) {
979 /* 'al' set by ssl_parse_serverhello_tlsext */ 1027 /* 'al' set by ssl_parse_serverhello_tlsext */
980 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_PARSE_TLSEXT); 1028 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
1029 SSL_R_PARSE_TLSEXT);
981 goto f_err; 1030 goto f_err;
982 1031
983 } 1032 }
984 if (ssl_check_serverhello_tlsext(s) <= 0) { 1033 if (ssl_check_serverhello_tlsext(s) <= 0) {
985 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_SERVERHELLO_TLSEXT); 1034 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
1035 SSL_R_SERVERHELLO_TLSEXT);
986 goto err; 1036 goto err;
987 } 1037 }
988 } 1038 }
@@ -991,29 +1041,32 @@ ssl3_get_server_hello(SSL *s)
991 if (p != (d + n)) { 1041 if (p != (d + n)) {
992 /* wrong packet length */ 1042 /* wrong packet length */
993 al = SSL_AD_DECODE_ERROR; 1043 al = SSL_AD_DECODE_ERROR;
994 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_BAD_PACKET_LENGTH); 1044 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
1045 SSL_R_BAD_PACKET_LENGTH);
995 goto f_err; 1046 goto f_err;
996 } 1047 }
997 1048
998 return (1); 1049 return (1);
999f_err: 1050 f_err:
1000 ssl3_send_alert(s, SSL3_AL_FATAL, al); 1051 ssl3_send_alert(s, SSL3_AL_FATAL, al);
1001err: 1052 err:
1002 return (-1); 1053 return (-1);
1003} 1054}
1004 1055
1005int 1056int
1006ssl3_get_server_certificate(SSL *s) 1057ssl3_get_server_certificate(SSL *s)
1007{ 1058{
1008 int al, i, ok, ret = -1; 1059 int al, i, ok, ret = -1;
1009 unsigned long n, nc, llen, l; 1060 unsigned long n, nc, llen, l;
1010 X509 *x = NULL; 1061 X509 *x = NULL;
1011 const unsigned char *q, *p; 1062 const unsigned char *q, *p;
1012 unsigned char *d; 1063 unsigned char *d;
1013 STACK_OF(X509) *sk = NULL; 1064 STACK_OF(X509) *sk = NULL;
1014 SESS_CERT *sc; 1065 SESS_CERT *sc;
1015 EVP_PKEY *pkey = NULL; 1066 EVP_PKEY *pkey = NULL;
1016 int need_cert = 1; /* VRS: 0=> will allow null cert if auth == KRB5 */ 1067
1068 /* VRS: 0=> will allow null cert if auth == KRB5 */
1069 int need_cert = 1;
1017 1070
1018 n = s->method->ssl_get_message(s, SSL3_ST_CR_CERT_A, 1071 n = s->method->ssl_get_message(s, SSL3_ST_CR_CERT_A,
1019 SSL3_ST_CR_CERT_B, -1, s->max_cert_list, &ok); 1072 SSL3_ST_CR_CERT_B, -1, s->max_cert_list, &ok);
@@ -1030,27 +1083,31 @@ ssl3_get_server_certificate(SSL *s)
1030 1083
1031 if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE) { 1084 if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE) {
1032 al = SSL_AD_UNEXPECTED_MESSAGE; 1085 al = SSL_AD_UNEXPECTED_MESSAGE;
1033 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, SSL_R_BAD_MESSAGE_TYPE); 1086 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,
1087 SSL_R_BAD_MESSAGE_TYPE);
1034 goto f_err; 1088 goto f_err;
1035 } 1089 }
1036 p = d = (unsigned char *)s->init_msg; 1090 p = d = (unsigned char *)s->init_msg;
1037 1091
1038 if ((sk = sk_X509_new_null()) == NULL) { 1092 if ((sk = sk_X509_new_null()) == NULL) {
1039 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, ERR_R_MALLOC_FAILURE); 1093 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,
1094 ERR_R_MALLOC_FAILURE);
1040 goto err; 1095 goto err;
1041 } 1096 }
1042 1097
1043 n2l3(p, llen); 1098 n2l3(p, llen);
1044 if (llen + 3 != n) { 1099 if (llen + 3 != n) {
1045 al = SSL_AD_DECODE_ERROR; 1100 al = SSL_AD_DECODE_ERROR;
1046 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, SSL_R_LENGTH_MISMATCH); 1101 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,
1102 SSL_R_LENGTH_MISMATCH);
1047 goto f_err; 1103 goto f_err;
1048 } 1104 }
1049 for (nc = 0; nc < llen; ) { 1105 for (nc = 0; nc < llen; ) {
1050 n2l3(p, l); 1106 n2l3(p, l);
1051 if ((l + nc + 3) > llen) { 1107 if ((l + nc + 3) > llen) {
1052 al = SSL_AD_DECODE_ERROR; 1108 al = SSL_AD_DECODE_ERROR;
1053 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, SSL_R_CERT_LENGTH_MISMATCH); 1109 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,
1110 SSL_R_CERT_LENGTH_MISMATCH);
1054 goto f_err; 1111 goto f_err;
1055 } 1112 }
1056 1113
@@ -1058,16 +1115,19 @@ ssl3_get_server_certificate(SSL *s)
1058 x = d2i_X509(NULL, &q, l); 1115 x = d2i_X509(NULL, &q, l);
1059 if (x == NULL) { 1116 if (x == NULL) {
1060 al = SSL_AD_BAD_CERTIFICATE; 1117 al = SSL_AD_BAD_CERTIFICATE;
1061 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, ERR_R_ASN1_LIB); 1118 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,
1119 ERR_R_ASN1_LIB);
1062 goto f_err; 1120 goto f_err;
1063 } 1121 }
1064 if (q != (p + l)) { 1122 if (q != (p + l)) {
1065 al = SSL_AD_DECODE_ERROR; 1123 al = SSL_AD_DECODE_ERROR;
1066 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, SSL_R_CERT_LENGTH_MISMATCH); 1124 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,
1125 SSL_R_CERT_LENGTH_MISMATCH);
1067 goto f_err; 1126 goto f_err;
1068 } 1127 }
1069 if (!sk_X509_push(sk, x)) { 1128 if (!sk_X509_push(sk, x)) {
1070 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, ERR_R_MALLOC_FAILURE); 1129 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,
1130 ERR_R_MALLOC_FAILURE);
1071 goto err; 1131 goto err;
1072 } 1132 }
1073 x = NULL; 1133 x = NULL;
@@ -1083,7 +1143,8 @@ ssl3_get_server_certificate(SSL *s)
1083#endif /* OPENSSL_NO_KRB5 */ 1143#endif /* OPENSSL_NO_KRB5 */
1084 ) { 1144 ) {
1085 al = ssl_verify_alarm_type(s->verify_result); 1145 al = ssl_verify_alarm_type(s->verify_result);
1086 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, SSL_R_CERTIFICATE_VERIFY_FAILED); 1146 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,
1147 SSL_R_CERTIFICATE_VERIFY_FAILED);
1087 goto f_err; 1148 goto f_err;
1088 1149
1089 } 1150 }
@@ -1098,8 +1159,10 @@ ssl3_get_server_certificate(SSL *s)
1098 s->session->sess_cert = sc; 1159 s->session->sess_cert = sc;
1099 1160
1100 sc->cert_chain = sk; 1161 sc->cert_chain = sk;
1101 /* Inconsistency alert: cert_chain does include the peer's 1162 /*
1102 * certificate, which we don't include in s3_srvr.c */ 1163 * Inconsistency alert: cert_chain does include the peer's
1164 * certificate, which we don't include in s3_srvr.c
1165 */
1103 x = sk_X509_value(sk, 0); 1166 x = sk_X509_value(sk, 0);
1104 sk = NULL; 1167 sk = NULL;
1105 /* VRS 19990621: possible memory leak; sk=null ==> !sk_pop_free() @end*/ 1168 /* VRS 19990621: possible memory leak; sk=null ==> !sk_pop_free() @end*/
@@ -1108,17 +1171,19 @@ ssl3_get_server_certificate(SSL *s)
1108 1171
1109 /* VRS: allow null cert if auth == KRB5 */ 1172 /* VRS: allow null cert if auth == KRB5 */
1110 need_cert = ((s->s3->tmp.new_cipher->algorithm_mkey & SSL_kKRB5) && 1173 need_cert = ((s->s3->tmp.new_cipher->algorithm_mkey & SSL_kKRB5) &&
1111 (s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5)) 1174 (s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5))
1112 ? 0 : 1; 1175 ? 0 : 1;
1113 1176
1114#ifdef KSSL_DEBUG 1177#ifdef KSSL_DEBUG
1115 printf("pkey, x = %p, %p\n", pkey, x); 1178 printf("pkey, x = %p, %p\n", pkey, x);
1116 printf("ssl_cert_type(x, pkey) = %d\n", ssl_cert_type(x, pkey)); 1179 printf("ssl_cert_type(x, pkey) = %d\n", ssl_cert_type(x, pkey));
1117 printf("cipher, alg, nc = %s, %lx, %lx, %d\n", s->s3->tmp.new_cipher->name, 1180 printf("cipher, alg, nc = %s, %lx, %lx, %d\n",
1118 s->s3->tmp.new_cipher->algorithm_mkey, s->s3->tmp.new_cipher->algorithm_auth, need_cert); 1181 s->s3->tmp.new_cipher->name, s->s3->tmp.new_cipher->algorithm_mkey,
1182 s->s3->tmp.new_cipher->algorithm_auth, need_cert);
1119#endif /* KSSL_DEBUG */ 1183#endif /* KSSL_DEBUG */
1120 1184
1121 if (need_cert && ((pkey == NULL) || EVP_PKEY_missing_parameters(pkey))) { 1185 if (need_cert && ((pkey == NULL) ||
1186 EVP_PKEY_missing_parameters(pkey))) {
1122 x = NULL; 1187 x = NULL;
1123 al = SSL3_AL_FATAL; 1188 al = SSL3_AL_FATAL;
1124 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, 1189 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,
@@ -1138,8 +1203,10 @@ ssl3_get_server_certificate(SSL *s)
1138 if (need_cert) { 1203 if (need_cert) {
1139 sc->peer_cert_type = i; 1204 sc->peer_cert_type = i;
1140 CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); 1205 CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
1141 /* Why would the following ever happen? 1206 /*
1142 * We just created sc a couple of lines ago. */ 1207 * Why would the following ever happen?
1208 * We just created sc a couple of lines ago.
1209 */
1143 if (sc->peer_pkeys[i].x509 != NULL) 1210 if (sc->peer_pkeys[i].x509 != NULL)
1144 X509_free(sc->peer_pkeys[i].x509); 1211 X509_free(sc->peer_pkeys[i].x509);
1145 sc->peer_pkeys[i].x509 = x; 1212 sc->peer_pkeys[i].x509 = x;
@@ -1163,10 +1230,10 @@ ssl3_get_server_certificate(SSL *s)
1163 ret = 1; 1230 ret = 1;
1164 1231
1165 if (0) { 1232 if (0) {
1166f_err: 1233 f_err:
1167 ssl3_send_alert(s, SSL3_AL_FATAL, al); 1234 ssl3_send_alert(s, SSL3_AL_FATAL, al);
1168 } 1235 }
1169err: 1236 err:
1170 EVP_PKEY_free(pkey); 1237 EVP_PKEY_free(pkey);
1171 X509_free(x); 1238 X509_free(x);
1172 sk_X509_pop_free(sk, X509_free); 1239 sk_X509_pop_free(sk, X509_free);
@@ -1176,27 +1243,29 @@ err:
1176int 1243int
1177ssl3_get_key_exchange(SSL *s) 1244ssl3_get_key_exchange(SSL *s)
1178{ 1245{
1179 unsigned char *q, md_buf[EVP_MAX_MD_SIZE*2]; 1246 unsigned char *q, md_buf[EVP_MAX_MD_SIZE*2];
1180 EVP_MD_CTX md_ctx; 1247 EVP_MD_CTX md_ctx;
1181 unsigned char *param, *p; 1248 unsigned char *param, *p;
1182 int al, i, j, param_len, ok; 1249 int al, i, j, param_len, ok;
1183 long n, alg_k, alg_a; 1250 long n, alg_k, alg_a;
1184 EVP_PKEY *pkey = NULL; 1251 EVP_PKEY *pkey = NULL;
1185 const EVP_MD *md = NULL; 1252 const EVP_MD *md = NULL;
1186 RSA *rsa = NULL; 1253 RSA *rsa = NULL;
1187#ifndef OPENSSL_NO_DH 1254#ifndef OPENSSL_NO_DH
1188 DH *dh = NULL; 1255 DH *dh = NULL;
1189#endif 1256#endif
1190#ifndef OPENSSL_NO_ECDH 1257#ifndef OPENSSL_NO_ECDH
1191 EC_KEY *ecdh = NULL; 1258 EC_KEY *ecdh = NULL;
1192 BN_CTX *bn_ctx = NULL; 1259 BN_CTX *bn_ctx = NULL;
1193 EC_POINT *srvr_ecpoint = NULL; 1260 EC_POINT *srvr_ecpoint = NULL;
1194 int curve_nid = 0; 1261 int curve_nid = 0;
1195 int encoded_pt_len = 0; 1262 int encoded_pt_len = 0;
1196#endif 1263#endif
1197 1264
1198 /* use same message size as in ssl3_get_certificate_request() 1265 /*
1199 * as ServerKeyExchange message may be skipped */ 1266 * Use same message size as in ssl3_get_certificate_request()
1267 * as ServerKeyExchange message may be skipped.
1268 */
1200 n = s->method->ssl_get_message(s, SSL3_ST_CR_KEY_EXCH_A, 1269 n = s->method->ssl_get_message(s, SSL3_ST_CR_KEY_EXCH_A,
1201 SSL3_ST_CR_KEY_EXCH_B, -1, s->max_cert_list, &ok); 1270 SSL3_ST_CR_KEY_EXCH_B, -1, s->max_cert_list, &ok);
1202 if (!ok) 1271 if (!ok)
@@ -1204,10 +1273,11 @@ ssl3_get_key_exchange(SSL *s)
1204 1273
1205 if (s->s3->tmp.message_type != SSL3_MT_SERVER_KEY_EXCHANGE) { 1274 if (s->s3->tmp.message_type != SSL3_MT_SERVER_KEY_EXCHANGE) {
1206#ifndef OPENSSL_NO_PSK 1275#ifndef OPENSSL_NO_PSK
1207 /* In plain PSK ciphersuite, ServerKeyExchange can be 1276 /*
1208 omitted if no identity hint is sent. Set 1277 * In plain PSK ciphersuite, ServerKeyExchange can be
1209 session->sess_cert anyway to avoid problems 1278 * omitted if no identity hint is sent. Set session->sess_cert
1210 later.*/ 1279 * anyway to avoid problems later.
1280 */
1211 if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK) { 1281 if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK) {
1212 s->session->sess_cert = ssl_sess_cert_new(); 1282 s->session->sess_cert = ssl_sess_cert_new();
1213 if (s->ctx->psk_identity_hint) 1283 if (s->ctx->psk_identity_hint)
@@ -1253,32 +1323,37 @@ ssl3_get_key_exchange(SSL *s)
1253 al = SSL_AD_HANDSHAKE_FAILURE; 1323 al = SSL_AD_HANDSHAKE_FAILURE;
1254 n2s(p, i); 1324 n2s(p, i);
1255 param_len = i + 2; 1325 param_len = i + 2;
1256 /* Store PSK identity hint for later use, hint is used 1326 /*
1327 * Store PSK identity hint for later use, hint is used
1257 * in ssl3_send_client_key_exchange. Assume that the 1328 * in ssl3_send_client_key_exchange. Assume that the
1258 * maximum length of a PSK identity hint can be as 1329 * maximum length of a PSK identity hint can be as
1259 * long as the maximum length of a PSK identity. */ 1330 * long as the maximum length of a PSK identity.
1331 */
1260 if (i > PSK_MAX_IDENTITY_LEN) { 1332 if (i > PSK_MAX_IDENTITY_LEN) {
1261 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, 1333 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1262 SSL_R_DATA_LENGTH_TOO_LONG); 1334 SSL_R_DATA_LENGTH_TOO_LONG);
1263 goto f_err; 1335 goto f_err;
1264 } 1336 }
1265 if (param_len > n) { 1337 if (param_len > n) {
1266 al = SSL_AD_DECODE_ERROR; 1338 al = SSL_AD_DECODE_ERROR;
1267 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, 1339 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1268 SSL_R_BAD_PSK_IDENTITY_HINT_LENGTH); 1340 SSL_R_BAD_PSK_IDENTITY_HINT_LENGTH);
1269 goto f_err; 1341 goto f_err;
1270 } 1342 }
1271 /* If received PSK identity hint contains NULL 1343 /*
1344 * If received PSK identity hint contains NULL
1272 * characters, the hint is truncated from the first 1345 * characters, the hint is truncated from the first
1273 * NULL. p may not be ending with NULL, so create a 1346 * NULL. p may not be ending with NULL, so create a
1274 * NULL-terminated string. */ 1347 * NULL-terminated string.
1348 */
1275 memcpy(tmp_id_hint, p, i); 1349 memcpy(tmp_id_hint, p, i);
1276 memset(tmp_id_hint + i, 0, PSK_MAX_IDENTITY_LEN + 1 - i); 1350 memset(tmp_id_hint + i, 0, PSK_MAX_IDENTITY_LEN + 1 - i);
1277 if (s->ctx->psk_identity_hint != NULL) 1351 if (s->ctx->psk_identity_hint != NULL)
1278 free(s->ctx->psk_identity_hint); 1352 free(s->ctx->psk_identity_hint);
1279 s->ctx->psk_identity_hint = BUF_strdup(tmp_id_hint); 1353 s->ctx->psk_identity_hint = BUF_strdup(tmp_id_hint);
1280 if (s->ctx->psk_identity_hint == NULL) { 1354 if (s->ctx->psk_identity_hint == NULL) {
1281 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE); 1355 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1356 ERR_R_MALLOC_FAILURE);
1282 goto f_err; 1357 goto f_err;
1283 } 1358 }
1284 1359
@@ -1292,11 +1367,13 @@ ssl3_get_key_exchange(SSL *s)
1292 param_len = i + 2; 1367 param_len = i + 2;
1293 if (param_len > n) { 1368 if (param_len > n) {
1294 al = SSL_AD_DECODE_ERROR; 1369 al = SSL_AD_DECODE_ERROR;
1295 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_SRP_N_LENGTH); 1370 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1371 SSL_R_BAD_SRP_N_LENGTH);
1296 goto f_err; 1372 goto f_err;
1297 } 1373 }
1298 if (!(s->srp_ctx.N = BN_bin2bn(p, i, NULL))) { 1374 if (!(s->srp_ctx.N = BN_bin2bn(p, i, NULL))) {
1299 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_BN_LIB); 1375 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1376 ERR_R_BN_LIB);
1300 goto err; 1377 goto err;
1301 } 1378 }
1302 p += i; 1379 p += i;
@@ -1305,11 +1382,13 @@ ssl3_get_key_exchange(SSL *s)
1305 param_len += i + 2; 1382 param_len += i + 2;
1306 if (param_len > n) { 1383 if (param_len > n) {
1307 al = SSL_AD_DECODE_ERROR; 1384 al = SSL_AD_DECODE_ERROR;
1308 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_SRP_G_LENGTH); 1385 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1386 SSL_R_BAD_SRP_G_LENGTH);
1309 goto f_err; 1387 goto f_err;
1310 } 1388 }
1311 if (!(s->srp_ctx.g = BN_bin2bn(p, i, NULL))) { 1389 if (!(s->srp_ctx.g = BN_bin2bn(p, i, NULL))) {
1312 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_BN_LIB); 1390 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1391 ERR_R_BN_LIB);
1313 goto err; 1392 goto err;
1314 } 1393 }
1315 p += i; 1394 p += i;
@@ -1319,11 +1398,13 @@ ssl3_get_key_exchange(SSL *s)
1319 param_len += i + 1; 1398 param_len += i + 1;
1320 if (param_len > n) { 1399 if (param_len > n) {
1321 al = SSL_AD_DECODE_ERROR; 1400 al = SSL_AD_DECODE_ERROR;
1322 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_SRP_S_LENGTH); 1401 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1402 SSL_R_BAD_SRP_S_LENGTH);
1323 goto f_err; 1403 goto f_err;
1324 } 1404 }
1325 if (!(s->srp_ctx.s = BN_bin2bn(p, i, NULL))) { 1405 if (!(s->srp_ctx.s = BN_bin2bn(p, i, NULL))) {
1326 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_BN_LIB); 1406 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1407 ERR_R_BN_LIB);
1327 goto err; 1408 goto err;
1328 } 1409 }
1329 p += i; 1410 p += i;
@@ -1332,224 +1413,268 @@ ssl3_get_key_exchange(SSL *s)
1332 param_len += i + 2; 1413 param_len += i + 2;
1333 if (param_len > n) { 1414 if (param_len > n) {
1334 al = SSL_AD_DECODE_ERROR; 1415 al = SSL_AD_DECODE_ERROR;
1335 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_SRP_B_LENGTH); 1416 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1417 SSL_R_BAD_SRP_B_LENGTH);
1336 goto f_err; 1418 goto f_err;
1337 } 1419 }
1338 if (!(s->srp_ctx.B = BN_bin2bn(p, i, NULL))) { 1420 if (!(s->srp_ctx.B = BN_bin2bn(p, i, NULL))) {
1339 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_BN_LIB); 1421 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1422 ERR_R_BN_LIB);
1340 goto err; 1423 goto err;
1341 } 1424 }
1342 p += i; 1425 p += i;
1343 n -= param_len; 1426 n -= param_len;
1344 1427
1345/* We must check if there is a certificate */ 1428 /* We must check if there is a certificate */
1346 if (alg_a & SSL_aRSA) 1429 if (alg_a & SSL_aRSA)
1347 pkey = X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509); 1430 pkey = X509_get_pubkey(
1431 s->session->sess_cert->peer_pkeys[
1432 SSL_PKEY_RSA_ENC].x509);
1348 else if (alg_a & SSL_aDSS) 1433 else if (alg_a & SSL_aDSS)
1349 pkey = X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_DSA_SIGN].x509); 1434 pkey = X509_get_pubkey(
1435 s->session->sess_cert->peer_pkeys[
1436 SSL_PKEY_DSA_SIGN].x509);
1350 } else 1437 } else
1351#endif /* !OPENSSL_NO_SRP */ 1438#endif /* !OPENSSL_NO_SRP */
1352 if (alg_k & SSL_kRSA) { 1439 if (alg_k & SSL_kRSA) {
1353 if ((rsa = RSA_new()) == NULL) { 1440 if ((rsa = RSA_new()) == NULL) {
1354 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE); 1441 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1355 goto err; 1442 ERR_R_MALLOC_FAILURE);
1356 } 1443 goto err;
1357 n2s(p, i); 1444 }
1358 param_len = i + 2; 1445 n2s(p, i);
1359 if (param_len > n) { 1446 param_len = i + 2;
1360 al = SSL_AD_DECODE_ERROR; 1447 if (param_len > n) {
1361 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_RSA_MODULUS_LENGTH); 1448 al = SSL_AD_DECODE_ERROR;
1362 goto f_err; 1449 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1363 } 1450 SSL_R_BAD_RSA_MODULUS_LENGTH);
1364 if (!(rsa->n = BN_bin2bn(p, i, rsa->n))) { 1451 goto f_err;
1365 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_BN_LIB); 1452 }
1366 goto err; 1453 if (!(rsa->n = BN_bin2bn(p, i, rsa->n))) {
1367 } 1454 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1368 p += i; 1455 ERR_R_BN_LIB);
1456 goto err;
1457 }
1458 p += i;
1369 1459
1370 n2s(p, i); 1460 n2s(p, i);
1371 param_len += i + 2; 1461 param_len += i + 2;
1372 if (param_len > n) { 1462 if (param_len > n) {
1373 al = SSL_AD_DECODE_ERROR; 1463 al = SSL_AD_DECODE_ERROR;
1374 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_RSA_E_LENGTH); 1464 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1375 goto f_err; 1465 SSL_R_BAD_RSA_E_LENGTH);
1376 } 1466 goto f_err;
1377 if (!(rsa->e = BN_bin2bn(p, i, rsa->e))) { 1467 }
1378 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_BN_LIB); 1468 if (!(rsa->e = BN_bin2bn(p, i, rsa->e))) {
1379 goto err; 1469 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1380 } 1470 ERR_R_BN_LIB);
1381 p += i; 1471 goto err;
1382 n -= param_len; 1472 }
1473 p += i;
1474 n -= param_len;
1383 1475
1384 /* this should be because we are using an export cipher */ 1476 /*
1385 if (alg_a & SSL_aRSA) 1477 * This should be because we are using an
1386 pkey = X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509); 1478 * export cipher
1387 else { 1479 */
1388 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); 1480 if (alg_a & SSL_aRSA)
1389 goto err; 1481 pkey = X509_get_pubkey(
1482 s->session->sess_cert->peer_pkeys[
1483 SSL_PKEY_RSA_ENC].x509);
1484 else {
1485 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1486 ERR_R_INTERNAL_ERROR);
1487 goto err;
1488 }
1489 s->session->sess_cert->peer_rsa_tmp = rsa;
1490 rsa = NULL;
1390 } 1491 }
1391 s->session->sess_cert->peer_rsa_tmp = rsa;
1392 rsa = NULL;
1393 }
1394#ifndef OPENSSL_NO_DH 1492#ifndef OPENSSL_NO_DH
1395 else if (alg_k & SSL_kEDH) { 1493 else if (alg_k & SSL_kEDH) {
1396 if ((dh = DH_new()) == NULL) { 1494 if ((dh = DH_new()) == NULL) {
1397 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_DH_LIB); 1495 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1398 goto err; 1496 ERR_R_DH_LIB);
1399 } 1497 goto err;
1400 n2s(p, i); 1498 }
1401 param_len = i + 2; 1499 n2s(p, i);
1402 if (param_len > n) { 1500 param_len = i + 2;
1403 al = SSL_AD_DECODE_ERROR; 1501 if (param_len > n) {
1404 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_DH_P_LENGTH); 1502 al = SSL_AD_DECODE_ERROR;
1405 goto f_err; 1503 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1406 } 1504 SSL_R_BAD_DH_P_LENGTH);
1407 if (!(dh->p = BN_bin2bn(p, i, NULL))) { 1505 goto f_err;
1408 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_BN_LIB); 1506 }
1409 goto err; 1507 if (!(dh->p = BN_bin2bn(p, i, NULL))) {
1410 } 1508 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1411 p += i; 1509 ERR_R_BN_LIB);
1510 goto err;
1511 }
1512 p += i;
1412 1513
1413 n2s(p, i); 1514 n2s(p, i);
1414 param_len += i + 2; 1515 param_len += i + 2;
1415 if (param_len > n) { 1516 if (param_len > n) {
1416 al = SSL_AD_DECODE_ERROR; 1517 al = SSL_AD_DECODE_ERROR;
1417 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_DH_G_LENGTH); 1518 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1418 goto f_err; 1519 SSL_R_BAD_DH_G_LENGTH);
1419 } 1520 goto f_err;
1420 if (!(dh->g = BN_bin2bn(p, i, NULL))) { 1521 }
1421 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_BN_LIB); 1522 if (!(dh->g = BN_bin2bn(p, i, NULL))) {
1422 goto err; 1523 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1423 } 1524 ERR_R_BN_LIB);
1424 p += i; 1525 goto err;
1526 }
1527 p += i;
1425 1528
1426 n2s(p, i); 1529 n2s(p, i);
1427 param_len += i + 2; 1530 param_len += i + 2;
1428 if (param_len > n) { 1531 if (param_len > n) {
1429 al = SSL_AD_DECODE_ERROR; 1532 al = SSL_AD_DECODE_ERROR;
1430 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_DH_PUB_KEY_LENGTH); 1533 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1534 SSL_R_BAD_DH_PUB_KEY_LENGTH);
1535 goto f_err;
1536 }
1537 if (!(dh->pub_key = BN_bin2bn(p, i, NULL))) {
1538 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1539 ERR_R_BN_LIB);
1540 goto err;
1541 }
1542 p += i;
1543 n -= param_len;
1544
1545 if (alg_a & SSL_aRSA)
1546 pkey = X509_get_pubkey(
1547 s->session->sess_cert->peer_pkeys[
1548 SSL_PKEY_RSA_ENC].x509);
1549 else if (alg_a & SSL_aDSS)
1550 pkey = X509_get_pubkey(
1551 s->session->sess_cert->peer_pkeys[
1552 SSL_PKEY_DSA_SIGN].x509);
1553 /* else anonymous DH, so no certificate or pkey. */
1554
1555 s->session->sess_cert->peer_dh_tmp = dh;
1556 dh = NULL;
1557 } else if ((alg_k & SSL_kDHr) || (alg_k & SSL_kDHd)) {
1558 al = SSL_AD_ILLEGAL_PARAMETER;
1559 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1560 SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER);
1431 goto f_err; 1561 goto f_err;
1432 } 1562 }
1433 if (!(dh->pub_key = BN_bin2bn(p, i, NULL))) {
1434 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_BN_LIB);
1435 goto err;
1436 }
1437 p += i;
1438 n -= param_len;
1439
1440 if (alg_a & SSL_aRSA)
1441 pkey = X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
1442 else if (alg_a & SSL_aDSS)
1443 pkey = X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_DSA_SIGN].x509);
1444 /* else anonymous DH, so no certificate or pkey. */
1445
1446 s->session->sess_cert->peer_dh_tmp = dh;
1447 dh = NULL;
1448 } else if ((alg_k & SSL_kDHr) || (alg_k & SSL_kDHd)) {
1449 al = SSL_AD_ILLEGAL_PARAMETER;
1450 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER);
1451 goto f_err;
1452 }
1453#endif /* !OPENSSL_NO_DH */ 1563#endif /* !OPENSSL_NO_DH */
1454 1564
1455#ifndef OPENSSL_NO_ECDH 1565#ifndef OPENSSL_NO_ECDH
1456 else if (alg_k & SSL_kEECDH) { 1566 else if (alg_k & SSL_kEECDH) {
1457 EC_GROUP *ngroup; 1567 EC_GROUP *ngroup;
1458 const EC_GROUP *group; 1568 const EC_GROUP *group;
1459 1569
1460 if ((ecdh = EC_KEY_new()) == NULL) { 1570 if ((ecdh = EC_KEY_new()) == NULL) {
1461 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE); 1571 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1462 goto err; 1572 ERR_R_MALLOC_FAILURE);
1463 } 1573 goto err;
1574 }
1464 1575
1465 /* Extract elliptic curve parameters and the 1576 /*
1466 * server's ephemeral ECDH public key. 1577 * Extract elliptic curve parameters and the
1467 * Keep accumulating lengths of various components in 1578 * server's ephemeral ECDH public key.
1468 * param_len and make sure it never exceeds n. 1579 * Keep accumulating lengths of various components in
1469 */ 1580 * param_len and make sure it never exceeds n.
1581 */
1470 1582
1471 /* XXX: For now we only support named (not generic) curves 1583 /*
1472 * and the ECParameters in this case is just three bytes. 1584 * XXX: For now we only support named (not generic)
1473 */ 1585 * curves and the ECParameters in this case is just
1474 param_len = 3; 1586 * three bytes.
1475 if ((param_len > n) || 1587 */
1476 (*p != NAMED_CURVE_TYPE) || 1588 param_len = 3;
1477 ((curve_nid = tls1_ec_curve_id2nid(*(p + 2))) == 0)) { 1589 if ((param_len > n) || (*p != NAMED_CURVE_TYPE) ||
1478 al = SSL_AD_INTERNAL_ERROR; 1590 ((curve_nid = tls1_ec_curve_id2nid(*(p + 2)))
1479 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS); 1591 == 0)) {
1480 goto f_err; 1592 al = SSL_AD_INTERNAL_ERROR;
1481 } 1593 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1594 SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS);
1595 goto f_err;
1596 }
1482 1597
1483 ngroup = EC_GROUP_new_by_curve_name(curve_nid); 1598 ngroup = EC_GROUP_new_by_curve_name(curve_nid);
1484 if (ngroup == NULL) { 1599 if (ngroup == NULL) {
1485 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_EC_LIB); 1600 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1486 goto err; 1601 ERR_R_EC_LIB);
1487 } 1602 goto err;
1488 if (EC_KEY_set_group(ecdh, ngroup) == 0) { 1603 }
1489 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_EC_LIB); 1604 if (EC_KEY_set_group(ecdh, ngroup) == 0) {
1490 goto err; 1605 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1491 } 1606 ERR_R_EC_LIB);
1492 EC_GROUP_free(ngroup); 1607 goto err;
1608 }
1609 EC_GROUP_free(ngroup);
1493 1610
1494 group = EC_KEY_get0_group(ecdh); 1611 group = EC_KEY_get0_group(ecdh);
1495 1612
1496 if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && 1613 if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) &&
1497 (EC_GROUP_get_degree(group) > 163)) { 1614 (EC_GROUP_get_degree(group) > 163)) {
1498 al = SSL_AD_EXPORT_RESTRICTION; 1615 al = SSL_AD_EXPORT_RESTRICTION;
1499 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER); 1616 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1500 goto f_err; 1617 SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER);
1501 } 1618 goto f_err;
1619 }
1502 1620
1503 p += 3; 1621 p += 3;
1504 1622
1505 /* Next, get the encoded ECPoint */ 1623 /* Next, get the encoded ECPoint */
1506 if (((srvr_ecpoint = EC_POINT_new(group)) == NULL) || 1624 if (((srvr_ecpoint = EC_POINT_new(group)) == NULL) ||
1507 ((bn_ctx = BN_CTX_new()) == NULL)) { 1625 ((bn_ctx = BN_CTX_new()) == NULL)) {
1508 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE); 1626 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1509 goto err; 1627 ERR_R_MALLOC_FAILURE);
1510 } 1628 goto err;
1629 }
1511 1630
1512 encoded_pt_len = *p; 1631 encoded_pt_len = *p;
1513 /* length of encoded point */ 1632 /* length of encoded point */
1514 p += 1; 1633 p += 1;
1515 param_len += (1 + encoded_pt_len); 1634 param_len += (1 + encoded_pt_len);
1516 if ((param_len > n) || 1635 if ((param_len > n) ||
1517 (EC_POINT_oct2point(group, srvr_ecpoint, 1636 (EC_POINT_oct2point(group, srvr_ecpoint,
1518 p, encoded_pt_len, bn_ctx) == 0)) { 1637 p, encoded_pt_len, bn_ctx) == 0)) {
1519 al = SSL_AD_DECODE_ERROR; 1638 al = SSL_AD_DECODE_ERROR;
1520 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_ECPOINT); 1639 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1521 goto f_err; 1640 SSL_R_BAD_ECPOINT);
1522 } 1641 goto f_err;
1642 }
1523 1643
1524 n -= param_len; 1644 n -= param_len;
1525 p += encoded_pt_len; 1645 p += encoded_pt_len;
1526 1646
1527 /* The ECC/TLS specification does not mention 1647 /*
1528 * the use of DSA to sign ECParameters in the server 1648 * The ECC/TLS specification does not mention the use
1529 * key exchange message. We do support RSA and ECDSA. 1649 * of DSA to sign ECParameters in the server key
1530 */ 1650 * exchange message. We do support RSA and ECDSA.
1531 if (alg_a & SSL_aRSA) 1651 */
1532 pkey = X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509); 1652 if (alg_a & SSL_aRSA)
1653 pkey = X509_get_pubkey(
1654 s->session->sess_cert->peer_pkeys[
1655 SSL_PKEY_RSA_ENC].x509);
1533#ifndef OPENSSL_NO_ECDSA 1656#ifndef OPENSSL_NO_ECDSA
1534 else if (alg_a & SSL_aECDSA) 1657 else if (alg_a & SSL_aECDSA)
1535 pkey = X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_ECC].x509); 1658 pkey = X509_get_pubkey(
1659 s->session->sess_cert->peer_pkeys[
1660 SSL_PKEY_ECC].x509);
1536#endif 1661#endif
1537 /* else anonymous ECDH, so no certificate or pkey. */ 1662 /* Else anonymous ECDH, so no certificate or pkey. */
1538 EC_KEY_set_public_key(ecdh, srvr_ecpoint); 1663 EC_KEY_set_public_key(ecdh, srvr_ecpoint);
1539 s->session->sess_cert->peer_ecdh_tmp = ecdh; 1664 s->session->sess_cert->peer_ecdh_tmp = ecdh;
1540 ecdh = NULL; 1665 ecdh = NULL;
1541 BN_CTX_free(bn_ctx); 1666 BN_CTX_free(bn_ctx);
1542 bn_ctx = NULL; 1667 bn_ctx = NULL;
1543 EC_POINT_free(srvr_ecpoint); 1668 EC_POINT_free(srvr_ecpoint);
1544 srvr_ecpoint = NULL; 1669 srvr_ecpoint = NULL;
1545 } else if (alg_k) { 1670 } else if (alg_k) {
1546 al = SSL_AD_UNEXPECTED_MESSAGE; 1671 al = SSL_AD_UNEXPECTED_MESSAGE;
1547 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_UNEXPECTED_MESSAGE); 1672 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1548 goto f_err; 1673 SSL_R_UNEXPECTED_MESSAGE);
1549 } 1674 goto f_err;
1675 }
1550#endif /* !OPENSSL_NO_ECDH */ 1676#endif /* !OPENSSL_NO_ECDH */
1551 1677
1552
1553 /* p points to the next byte, there are 'n' bytes left */ 1678 /* p points to the next byte, there are 'n' bytes left */
1554 1679
1555 /* if it was signed, check the signature */ 1680 /* if it was signed, check the signature */
@@ -1558,23 +1683,30 @@ ssl3_get_key_exchange(SSL *s)
1558 int sigalg = tls12_get_sigid(pkey); 1683 int sigalg = tls12_get_sigid(pkey);
1559 /* Should never happen */ 1684 /* Should never happen */
1560 if (sigalg == -1) { 1685 if (sigalg == -1) {
1561 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); 1686 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1687 ERR_R_INTERNAL_ERROR);
1562 goto err; 1688 goto err;
1563 } 1689 }
1564 /* Check key type is consistent with signature */ 1690 /*
1691 * Check key type is consistent
1692 * with signature
1693 */
1565 if (sigalg != (int)p[1]) { 1694 if (sigalg != (int)p[1]) {
1566 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_WRONG_SIGNATURE_TYPE); 1695 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1696 SSL_R_WRONG_SIGNATURE_TYPE);
1567 al = SSL_AD_DECODE_ERROR; 1697 al = SSL_AD_DECODE_ERROR;
1568 goto f_err; 1698 goto f_err;
1569 } 1699 }
1570 md = tls12_get_hash(p[0]); 1700 md = tls12_get_hash(p[0]);
1571 if (md == NULL) { 1701 if (md == NULL) {
1572 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_UNKNOWN_DIGEST); 1702 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1703 SSL_R_UNKNOWN_DIGEST);
1573 al = SSL_AD_DECODE_ERROR; 1704 al = SSL_AD_DECODE_ERROR;
1574 goto f_err; 1705 goto f_err;
1575 } 1706 }
1576#ifdef SSL_DEBUG 1707#ifdef SSL_DEBUG
1577 fprintf(stderr, "USING TLSv1.2 HASH %s\n", EVP_MD_name(md)); 1708 fprintf(stderr, "USING TLSv1.2 HASH %s\n",
1709 EVP_MD_name(md));
1578#endif 1710#endif
1579 p += 2; 1711 p += 2;
1580 n -= 2; 1712 n -= 2;
@@ -1588,11 +1720,13 @@ ssl3_get_key_exchange(SSL *s)
1588 if ((i != n) || (n > j) || (n <= 0)) { 1720 if ((i != n) || (n > j) || (n <= 0)) {
1589 /* wrong packet length */ 1721 /* wrong packet length */
1590 al = SSL_AD_DECODE_ERROR; 1722 al = SSL_AD_DECODE_ERROR;
1591 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_WRONG_SIGNATURE_LENGTH); 1723 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1724 SSL_R_WRONG_SIGNATURE_LENGTH);
1592 goto f_err; 1725 goto f_err;
1593 } 1726 }
1594 1727
1595 if (pkey->type == EVP_PKEY_RSA && TLS1_get_version(s) < TLS1_2_VERSION) { 1728 if (pkey->type == EVP_PKEY_RSA &&
1729 TLS1_get_version(s) < TLS1_2_VERSION) {
1596 int num; 1730 int num;
1597 1731
1598 j = 0; 1732 j = 0;
@@ -1600,61 +1734,72 @@ ssl3_get_key_exchange(SSL *s)
1600 for (num = 2; num > 0; num--) { 1734 for (num = 2; num > 0; num--) {
1601 EVP_MD_CTX_set_flags(&md_ctx, 1735 EVP_MD_CTX_set_flags(&md_ctx,
1602 EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); 1736 EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
1603 EVP_DigestInit_ex(&md_ctx,(num == 2) 1737 EVP_DigestInit_ex(&md_ctx,
1604 ?s->ctx->md5 : s->ctx->sha1, NULL); 1738 (num == 2) ? s->ctx->md5 : s->ctx->sha1,
1605 EVP_DigestUpdate(&md_ctx, &(s->s3->client_random[0]), SSL3_RANDOM_SIZE); 1739 NULL);
1606 EVP_DigestUpdate(&md_ctx, &(s->s3->server_random[0]), SSL3_RANDOM_SIZE); 1740 EVP_DigestUpdate(&md_ctx,
1741 &(s->s3->client_random[0]),
1742 SSL3_RANDOM_SIZE);
1743 EVP_DigestUpdate(&md_ctx,
1744 &(s->s3->server_random[0]),
1745 SSL3_RANDOM_SIZE);
1607 EVP_DigestUpdate(&md_ctx, param, param_len); 1746 EVP_DigestUpdate(&md_ctx, param, param_len);
1608 EVP_DigestFinal_ex(&md_ctx, q,(unsigned int *)&i); 1747 EVP_DigestFinal_ex(&md_ctx, q,
1748 (unsigned int *)&i);
1609 q += i; 1749 q += i;
1610 j += i; 1750 j += i;
1611 } 1751 }
1612 i = RSA_verify(NID_md5_sha1, md_buf, j, p, n, 1752 i = RSA_verify(NID_md5_sha1, md_buf, j,
1613 pkey->pkey.rsa); 1753 p, n, pkey->pkey.rsa);
1614 if (i < 0) { 1754 if (i < 0) {
1615 al = SSL_AD_DECRYPT_ERROR; 1755 al = SSL_AD_DECRYPT_ERROR;
1616 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_RSA_DECRYPT); 1756 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1757 SSL_R_BAD_RSA_DECRYPT);
1617 goto f_err; 1758 goto f_err;
1618 } 1759 }
1619 if (i == 0) { 1760 if (i == 0) {
1620 /* bad signature */ 1761 /* bad signature */
1621 al = SSL_AD_DECRYPT_ERROR; 1762 al = SSL_AD_DECRYPT_ERROR;
1622 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_SIGNATURE); 1763 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1764 SSL_R_BAD_SIGNATURE);
1623 goto f_err; 1765 goto f_err;
1624 } 1766 }
1625 } else 1767 } else {
1626 {
1627 EVP_VerifyInit_ex(&md_ctx, md, NULL); 1768 EVP_VerifyInit_ex(&md_ctx, md, NULL);
1628 EVP_VerifyUpdate(&md_ctx, &(s->s3->client_random[0]), SSL3_RANDOM_SIZE); 1769 EVP_VerifyUpdate(&md_ctx, &(s->s3->client_random[0]),
1629 EVP_VerifyUpdate(&md_ctx, &(s->s3->server_random[0]), SSL3_RANDOM_SIZE); 1770 SSL3_RANDOM_SIZE);
1771 EVP_VerifyUpdate(&md_ctx, &(s->s3->server_random[0]),
1772 SSL3_RANDOM_SIZE);
1630 EVP_VerifyUpdate(&md_ctx, param, param_len); 1773 EVP_VerifyUpdate(&md_ctx, param, param_len);
1631 if (EVP_VerifyFinal(&md_ctx, p,(int)n, pkey) <= 0) { 1774 if (EVP_VerifyFinal(&md_ctx, p,(int)n, pkey) <= 0) {
1632 /* bad signature */ 1775 /* bad signature */
1633 al = SSL_AD_DECRYPT_ERROR; 1776 al = SSL_AD_DECRYPT_ERROR;
1634 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_SIGNATURE); 1777 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1778 SSL_R_BAD_SIGNATURE);
1635 goto f_err; 1779 goto f_err;
1636 } 1780 }
1637 } 1781 }
1638 } else { 1782 } else {
1639 if (!(alg_a & SSL_aNULL) && !(alg_k & SSL_kPSK)) 1783 /* aNULL or kPSK do not need public keys */
1640 /* aNULL or kPSK do not need public keys */ 1784 if (!(alg_a & SSL_aNULL) && !(alg_k & SSL_kPSK)) {
1641 { 1785 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1642 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); 1786 ERR_R_INTERNAL_ERROR);
1643 goto err; 1787 goto err;
1644 } 1788 }
1645 /* still data left over */ 1789 /* still data left over */
1646 if (n != 0) { 1790 if (n != 0) {
1647 al = SSL_AD_DECODE_ERROR; 1791 al = SSL_AD_DECODE_ERROR;
1648 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_EXTRA_DATA_IN_MESSAGE); 1792 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1793 SSL_R_EXTRA_DATA_IN_MESSAGE);
1649 goto f_err; 1794 goto f_err;
1650 } 1795 }
1651 } 1796 }
1652 EVP_PKEY_free(pkey); 1797 EVP_PKEY_free(pkey);
1653 EVP_MD_CTX_cleanup(&md_ctx); 1798 EVP_MD_CTX_cleanup(&md_ctx);
1654 return (1); 1799 return (1);
1655f_err: 1800 f_err:
1656 ssl3_send_alert(s, SSL3_AL_FATAL, al); 1801 ssl3_send_alert(s, SSL3_AL_FATAL, al);
1657err: 1802 err:
1658 EVP_PKEY_free(pkey); 1803 EVP_PKEY_free(pkey);
1659 if (rsa != NULL) 1804 if (rsa != NULL)
1660 RSA_free(rsa); 1805 RSA_free(rsa);
@@ -1675,20 +1820,16 @@ err:
1675int 1820int
1676ssl3_get_certificate_request(SSL *s) 1821ssl3_get_certificate_request(SSL *s)
1677{ 1822{
1678 int ok, ret = 0; 1823 int ok, ret = 0;
1679 unsigned long n, nc, l; 1824 unsigned long n, nc, l;
1680 unsigned int llen, ctype_num, i; 1825 unsigned int llen, ctype_num, i;
1681 X509_NAME *xn = NULL; 1826 X509_NAME *xn = NULL;
1682 const unsigned char *p, *q; 1827 const unsigned char *p, *q;
1683 unsigned char *d; 1828 unsigned char *d;
1684 STACK_OF(X509_NAME) *ca_sk = NULL; 1829 STACK_OF(X509_NAME) *ca_sk = NULL;
1685 1830
1686 n = s->method->ssl_get_message(s, 1831 n = s->method->ssl_get_message(s, SSL3_ST_CR_CERT_REQ_A,
1687 SSL3_ST_CR_CERT_REQ_A, 1832 SSL3_ST_CR_CERT_REQ_B, -1, s->max_cert_list, &ok);
1688 SSL3_ST_CR_CERT_REQ_B,
1689 -1,
1690 s->max_cert_list,
1691 &ok);
1692 1833
1693 if (!ok) 1834 if (!ok)
1694 return ((int)n); 1835 return ((int)n);
@@ -1697,7 +1838,8 @@ ssl3_get_certificate_request(SSL *s)
1697 1838
1698 if (s->s3->tmp.message_type == SSL3_MT_SERVER_DONE) { 1839 if (s->s3->tmp.message_type == SSL3_MT_SERVER_DONE) {
1699 s->s3->tmp.reuse_message = 1; 1840 s->s3->tmp.reuse_message = 1;
1700 /* If we get here we don't need any cached handshake records 1841 /*
1842 * If we get here we don't need any cached handshake records
1701 * as we wont be doing client auth. 1843 * as we wont be doing client auth.
1702 */ 1844 */
1703 if (s->s3->handshake_buffer) { 1845 if (s->s3->handshake_buffer) {
@@ -1709,15 +1851,18 @@ ssl3_get_certificate_request(SSL *s)
1709 1851
1710 if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE_REQUEST) { 1852 if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE_REQUEST) {
1711 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE); 1853 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
1712 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, SSL_R_WRONG_MESSAGE_TYPE); 1854 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,
1855 SSL_R_WRONG_MESSAGE_TYPE);
1713 goto err; 1856 goto err;
1714 } 1857 }
1715 1858
1716 /* TLS does not like anon-DH with client cert */ 1859 /* TLS does not like anon-DH with client cert */
1717 if (s->version > SSL3_VERSION) { 1860 if (s->version > SSL3_VERSION) {
1718 if (s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) { 1861 if (s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) {
1719 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE); 1862 ssl3_send_alert(s, SSL3_AL_FATAL,
1720 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER); 1863 SSL_AD_UNEXPECTED_MESSAGE);
1864 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,
1865 SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER);
1721 goto err; 1866 goto err;
1722 } 1867 }
1723 } 1868 }
@@ -1725,7 +1870,8 @@ ssl3_get_certificate_request(SSL *s)
1725 p = d=(unsigned char *)s->init_msg; 1870 p = d=(unsigned char *)s->init_msg;
1726 1871
1727 if ((ca_sk = sk_X509_NAME_new(ca_dn_cmp)) == NULL) { 1872 if ((ca_sk = sk_X509_NAME_new(ca_dn_cmp)) == NULL) {
1728 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, ERR_R_MALLOC_FAILURE); 1873 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,
1874 ERR_R_MALLOC_FAILURE);
1729 goto err; 1875 goto err;
1730 } 1876 }
1731 1877
@@ -1743,12 +1889,14 @@ ssl3_get_certificate_request(SSL *s)
1743 */ 1889 */
1744 if ((unsigned long)(p - d + llen + 2) > n) { 1890 if ((unsigned long)(p - d + llen + 2) > n) {
1745 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); 1891 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
1746 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, SSL_R_DATA_LENGTH_TOO_LONG); 1892 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,
1893 SSL_R_DATA_LENGTH_TOO_LONG);
1747 goto err; 1894 goto err;
1748 } 1895 }
1749 if ((llen & 1) || !tls1_process_sigalgs(s, p, llen)) { 1896 if ((llen & 1) || !tls1_process_sigalgs(s, p, llen)) {
1750 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); 1897 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
1751 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, SSL_R_SIGNATURE_ALGORITHMS_ERROR); 1898 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,
1899 SSL_R_SIGNATURE_ALGORITHMS_ERROR);
1752 goto err; 1900 goto err;
1753 } 1901 }
1754 p += llen; 1902 p += llen;
@@ -1759,7 +1907,8 @@ ssl3_get_certificate_request(SSL *s)
1759 1907
1760 if ((unsigned long)(p - d + llen) != n) { 1908 if ((unsigned long)(p - d + llen) != n) {
1761 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); 1909 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
1762 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, SSL_R_LENGTH_MISMATCH); 1910 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,
1911 SSL_R_LENGTH_MISMATCH);
1763 goto err; 1912 goto err;
1764 } 1913 }
1765 1914
@@ -1769,7 +1918,8 @@ ssl3_get_certificate_request(SSL *s)
1769 if ((s->options & SSL_OP_NETSCAPE_CA_DN_BUG)) 1918 if ((s->options & SSL_OP_NETSCAPE_CA_DN_BUG))
1770 goto cont; /* netscape bugs */ 1919 goto cont; /* netscape bugs */
1771 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); 1920 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
1772 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, SSL_R_CA_DN_TOO_LONG); 1921 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,
1922 SSL_R_CA_DN_TOO_LONG);
1773 goto err; 1923 goto err;
1774 } 1924 }
1775 1925
@@ -1780,19 +1930,23 @@ ssl3_get_certificate_request(SSL *s)
1780 if (s->options & SSL_OP_NETSCAPE_CA_DN_BUG) 1930 if (s->options & SSL_OP_NETSCAPE_CA_DN_BUG)
1781 goto cont; 1931 goto cont;
1782 else { 1932 else {
1783 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); 1933 ssl3_send_alert(s, SSL3_AL_FATAL,
1784 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, ERR_R_ASN1_LIB); 1934 SSL_AD_DECODE_ERROR);
1935 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,
1936 ERR_R_ASN1_LIB);
1785 goto err; 1937 goto err;
1786 } 1938 }
1787 } 1939 }
1788 1940
1789 if (q != (p + l)) { 1941 if (q != (p + l)) {
1790 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); 1942 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
1791 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, SSL_R_CA_DN_LENGTH_MISMATCH); 1943 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,
1944 SSL_R_CA_DN_LENGTH_MISMATCH);
1792 goto err; 1945 goto err;
1793 } 1946 }
1794 if (!sk_X509_NAME_push(ca_sk, xn)) { 1947 if (!sk_X509_NAME_push(ca_sk, xn)) {
1795 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, ERR_R_MALLOC_FAILURE); 1948 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,
1949 ERR_R_MALLOC_FAILURE);
1796 goto err; 1950 goto err;
1797 } 1951 }
1798 1952
@@ -1801,7 +1955,7 @@ ssl3_get_certificate_request(SSL *s)
1801 } 1955 }
1802 1956
1803 if (0) { 1957 if (0) {
1804cont: 1958 cont:
1805 ERR_clear_error(); 1959 ERR_clear_error();
1806 } 1960 }
1807 1961
@@ -1814,7 +1968,7 @@ cont:
1814 ca_sk = NULL; 1968 ca_sk = NULL;
1815 1969
1816 ret = 1; 1970 ret = 1;
1817err: 1971 err:
1818 if (ca_sk != NULL) 1972 if (ca_sk != NULL)
1819 sk_X509_NAME_pop_free(ca_sk, X509_NAME_free); 1973 sk_X509_NAME_pop_free(ca_sk, X509_NAME_free);
1820 return (ret); 1974 return (ret);
@@ -1830,10 +1984,10 @@ ca_dn_cmp(const X509_NAME * const *a, const X509_NAME * const *b)
1830int 1984int
1831ssl3_get_new_session_ticket(SSL *s) 1985ssl3_get_new_session_ticket(SSL *s)
1832{ 1986{
1833 int ok, al, ret = 0, ticklen; 1987 int ok, al, ret = 0, ticklen;
1834 long n; 1988 long n;
1835 const unsigned char *p; 1989 const unsigned char *p;
1836 unsigned char *d; 1990 unsigned char *d;
1837 1991
1838 n = s->method->ssl_get_message(s, SSL3_ST_CR_SESSION_TICKET_A, 1992 n = s->method->ssl_get_message(s, SSL3_ST_CR_SESSION_TICKET_A,
1839 SSL3_ST_CR_SESSION_TICKET_B, -1, 16384, &ok); 1993 SSL3_ST_CR_SESSION_TICKET_B, -1, 16384, &ok);
@@ -1846,13 +2000,15 @@ ssl3_get_new_session_ticket(SSL *s)
1846 } 2000 }
1847 if (s->s3->tmp.message_type != SSL3_MT_NEWSESSION_TICKET) { 2001 if (s->s3->tmp.message_type != SSL3_MT_NEWSESSION_TICKET) {
1848 al = SSL_AD_UNEXPECTED_MESSAGE; 2002 al = SSL_AD_UNEXPECTED_MESSAGE;
1849 SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET, SSL_R_BAD_MESSAGE_TYPE); 2003 SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,
2004 SSL_R_BAD_MESSAGE_TYPE);
1850 goto f_err; 2005 goto f_err;
1851 } 2006 }
1852 if (n < 6) { 2007 if (n < 6) {
1853 /* need at least ticket_lifetime_hint + ticket length */ 2008 /* need at least ticket_lifetime_hint + ticket length */
1854 al = SSL_AD_DECODE_ERROR; 2009 al = SSL_AD_DECODE_ERROR;
1855 SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET, SSL_R_LENGTH_MISMATCH); 2010 SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,
2011 SSL_R_LENGTH_MISMATCH);
1856 goto f_err; 2012 goto f_err;
1857 } 2013 }
1858 2014
@@ -1862,7 +2018,8 @@ ssl3_get_new_session_ticket(SSL *s)
1862 /* ticket_lifetime_hint + ticket_length + ticket */ 2018 /* ticket_lifetime_hint + ticket_length + ticket */
1863 if (ticklen + 6 != n) { 2019 if (ticklen + 6 != n) {
1864 al = SSL_AD_DECODE_ERROR; 2020 al = SSL_AD_DECODE_ERROR;
1865 SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET, SSL_R_LENGTH_MISMATCH); 2021 SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,
2022 SSL_R_LENGTH_MISMATCH);
1866 goto f_err; 2023 goto f_err;
1867 } 2024 }
1868 if (s->session->tlsext_tick) { 2025 if (s->session->tlsext_tick) {
@@ -1871,12 +2028,14 @@ ssl3_get_new_session_ticket(SSL *s)
1871 } 2028 }
1872 s->session->tlsext_tick = malloc(ticklen); 2029 s->session->tlsext_tick = malloc(ticklen);
1873 if (!s->session->tlsext_tick) { 2030 if (!s->session->tlsext_tick) {
1874 SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET, ERR_R_MALLOC_FAILURE); 2031 SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,
2032 ERR_R_MALLOC_FAILURE);
1875 goto err; 2033 goto err;
1876 } 2034 }
1877 memcpy(s->session->tlsext_tick, p, ticklen); 2035 memcpy(s->session->tlsext_tick, p, ticklen);
1878 s->session->tlsext_ticklen = ticklen; 2036 s->session->tlsext_ticklen = ticklen;
1879 /* There are two ways to detect a resumed ticket sesion. 2037 /*
2038 * There are two ways to detect a resumed ticket sesion.
1880 * One is to set an appropriate session ID and then the server 2039 * One is to set an appropriate session ID and then the server
1881 * must return a match in ServerHello. This allows the normal 2040 * must return a match in ServerHello. This allows the normal
1882 * client session ID matching to work and we know much 2041 * client session ID matching to work and we know much
@@ -1891,23 +2050,22 @@ ssl3_get_new_session_ticket(SSL *s)
1891 * to the SHA256 (or SHA1 is SHA256 is disabled) hash of the 2050 * to the SHA256 (or SHA1 is SHA256 is disabled) hash of the
1892 * ticket. 2051 * ticket.
1893 */ 2052 */
1894 EVP_Digest(p, ticklen, 2053 EVP_Digest(p, ticklen, s->session->session_id,
1895 s->session->session_id, &s->session->session_id_length, 2054 &s->session->session_id_length, EVP_sha256(), NULL);
1896 EVP_sha256(), NULL);
1897 ret = 1; 2055 ret = 1;
1898 return (ret); 2056 return (ret);
1899f_err: 2057 f_err:
1900 ssl3_send_alert(s, SSL3_AL_FATAL, al); 2058 ssl3_send_alert(s, SSL3_AL_FATAL, al);
1901err: 2059 err:
1902 return (-1); 2060 return (-1);
1903} 2061}
1904 2062
1905int 2063int
1906ssl3_get_cert_status(SSL *s) 2064ssl3_get_cert_status(SSL *s)
1907{ 2065{
1908 int ok, al; 2066 int ok, al;
1909 unsigned long resplen, n; 2067 unsigned long resplen, n;
1910 const unsigned char *p; 2068 const unsigned char *p;
1911 2069
1912 n = s->method->ssl_get_message(s, 2070 n = s->method->ssl_get_message(s,
1913 SSL3_ST_CR_CERT_STATUS_A, 2071 SSL3_ST_CR_CERT_STATUS_A,
@@ -1921,19 +2079,22 @@ ssl3_get_cert_status(SSL *s)
1921 if (n < 4) { 2079 if (n < 4) {
1922 /* need at least status type + length */ 2080 /* need at least status type + length */
1923 al = SSL_AD_DECODE_ERROR; 2081 al = SSL_AD_DECODE_ERROR;
1924 SSLerr(SSL_F_SSL3_GET_CERT_STATUS, SSL_R_LENGTH_MISMATCH); 2082 SSLerr(SSL_F_SSL3_GET_CERT_STATUS,
2083 SSL_R_LENGTH_MISMATCH);
1925 goto f_err; 2084 goto f_err;
1926 } 2085 }
1927 p = (unsigned char *)s->init_msg; 2086 p = (unsigned char *)s->init_msg;
1928 if (*p++ != TLSEXT_STATUSTYPE_ocsp) { 2087 if (*p++ != TLSEXT_STATUSTYPE_ocsp) {
1929 al = SSL_AD_DECODE_ERROR; 2088 al = SSL_AD_DECODE_ERROR;
1930 SSLerr(SSL_F_SSL3_GET_CERT_STATUS, SSL_R_UNSUPPORTED_STATUS_TYPE); 2089 SSLerr(SSL_F_SSL3_GET_CERT_STATUS,
2090 SSL_R_UNSUPPORTED_STATUS_TYPE);
1931 goto f_err; 2091 goto f_err;
1932 } 2092 }
1933 n2l3(p, resplen); 2093 n2l3(p, resplen);
1934 if (resplen + 4 != n) { 2094 if (resplen + 4 != n) {
1935 al = SSL_AD_DECODE_ERROR; 2095 al = SSL_AD_DECODE_ERROR;
1936 SSLerr(SSL_F_SSL3_GET_CERT_STATUS, SSL_R_LENGTH_MISMATCH); 2096 SSLerr(SSL_F_SSL3_GET_CERT_STATUS,
2097 SSL_R_LENGTH_MISMATCH);
1937 goto f_err; 2098 goto f_err;
1938 } 2099 }
1939 if (s->tlsext_ocsp_resp) 2100 if (s->tlsext_ocsp_resp)
@@ -1941,7 +2102,8 @@ ssl3_get_cert_status(SSL *s)
1941 s->tlsext_ocsp_resp = BUF_memdup(p, resplen); 2102 s->tlsext_ocsp_resp = BUF_memdup(p, resplen);
1942 if (!s->tlsext_ocsp_resp) { 2103 if (!s->tlsext_ocsp_resp) {
1943 al = SSL_AD_INTERNAL_ERROR; 2104 al = SSL_AD_INTERNAL_ERROR;
1944 SSLerr(SSL_F_SSL3_GET_CERT_STATUS, ERR_R_MALLOC_FAILURE); 2105 SSLerr(SSL_F_SSL3_GET_CERT_STATUS,
2106 ERR_R_MALLOC_FAILURE);
1945 goto f_err; 2107 goto f_err;
1946 } 2108 }
1947 s->tlsext_ocsp_resplen = resplen; 2109 s->tlsext_ocsp_resplen = resplen;
@@ -1950,17 +2112,19 @@ ssl3_get_cert_status(SSL *s)
1950 ret = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg); 2112 ret = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg);
1951 if (ret == 0) { 2113 if (ret == 0) {
1952 al = SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE; 2114 al = SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE;
1953 SSLerr(SSL_F_SSL3_GET_CERT_STATUS, SSL_R_INVALID_STATUS_RESPONSE); 2115 SSLerr(SSL_F_SSL3_GET_CERT_STATUS,
2116 SSL_R_INVALID_STATUS_RESPONSE);
1954 goto f_err; 2117 goto f_err;
1955 } 2118 }
1956 if (ret < 0) { 2119 if (ret < 0) {
1957 al = SSL_AD_INTERNAL_ERROR; 2120 al = SSL_AD_INTERNAL_ERROR;
1958 SSLerr(SSL_F_SSL3_GET_CERT_STATUS, ERR_R_MALLOC_FAILURE); 2121 SSLerr(SSL_F_SSL3_GET_CERT_STATUS,
2122 ERR_R_MALLOC_FAILURE);
1959 goto f_err; 2123 goto f_err;
1960 } 2124 }
1961 } 2125 }
1962 return 1; 2126 return 1;
1963f_err: 2127 f_err:
1964 ssl3_send_alert(s, SSL3_AL_FATAL, al); 2128 ssl3_send_alert(s, SSL3_AL_FATAL, al);
1965 return (-1); 2129 return (-1);
1966} 2130}
@@ -1969,8 +2133,8 @@ f_err:
1969int 2133int
1970ssl3_get_server_done(SSL *s) 2134ssl3_get_server_done(SSL *s)
1971{ 2135{
1972 int ok, ret = 0; 2136 int ok, ret = 0;
1973 long n; 2137 long n;
1974 2138
1975 n = s->method->ssl_get_message(s, SSL3_ST_CR_SRVR_DONE_A, 2139 n = s->method->ssl_get_message(s, SSL3_ST_CR_SRVR_DONE_A,
1976 SSL3_ST_CR_SRVR_DONE_B, SSL3_MT_SERVER_DONE, 2140 SSL3_ST_CR_SRVR_DONE_B, SSL3_MT_SERVER_DONE,
@@ -1981,7 +2145,8 @@ ssl3_get_server_done(SSL *s)
1981 if (n > 0) { 2145 if (n > 0) {
1982 /* should contain no data */ 2146 /* should contain no data */
1983 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); 2147 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
1984 SSLerr(SSL_F_SSL3_GET_SERVER_DONE, SSL_R_LENGTH_MISMATCH); 2148 SSLerr(SSL_F_SSL3_GET_SERVER_DONE,
2149 SSL_R_LENGTH_MISMATCH);
1985 return -1; 2150 return -1;
1986 } 2151 }
1987 ret = 1; 2152 ret = 1;
@@ -1992,21 +2157,21 @@ ssl3_get_server_done(SSL *s)
1992int 2157int
1993ssl3_send_client_key_exchange(SSL *s) 2158ssl3_send_client_key_exchange(SSL *s)
1994{ 2159{
1995 unsigned char *p, *d; 2160 unsigned char *p, *d;
1996 int n; 2161 int n;
1997 unsigned long alg_k; 2162 unsigned long alg_k;
1998 unsigned char *q; 2163 unsigned char *q;
1999 EVP_PKEY *pkey = NULL; 2164 EVP_PKEY *pkey = NULL;
2000#ifndef OPENSSL_NO_KRB5 2165#ifndef OPENSSL_NO_KRB5
2001 KSSL_ERR kssl_err; 2166 KSSL_ERR kssl_err;
2002#endif /* OPENSSL_NO_KRB5 */ 2167#endif /* OPENSSL_NO_KRB5 */
2003#ifndef OPENSSL_NO_ECDH 2168#ifndef OPENSSL_NO_ECDH
2004 EC_KEY *clnt_ecdh = NULL; 2169 EC_KEY *clnt_ecdh = NULL;
2005 const EC_POINT *srvr_ecpoint = NULL; 2170 const EC_POINT *srvr_ecpoint = NULL;
2006 EVP_PKEY *srvr_pub_pkey = NULL; 2171 EVP_PKEY *srvr_pub_pkey = NULL;
2007 unsigned char *encodedPoint = NULL; 2172 unsigned char *encodedPoint = NULL;
2008 int encoded_pt_len = 0; 2173 int encoded_pt_len = 0;
2009 BN_CTX * bn_ctx = NULL; 2174 BN_CTX *bn_ctx = NULL;
2010#endif 2175#endif
2011 2176
2012 if (s->state == SSL3_ST_CW_KEY_EXCH_A) { 2177 if (s->state == SSL3_ST_CW_KEY_EXCH_A) {
@@ -2022,11 +2187,15 @@ ssl3_send_client_key_exchange(SSL *s)
2022 if (s->session->sess_cert->peer_rsa_tmp != NULL) 2187 if (s->session->sess_cert->peer_rsa_tmp != NULL)
2023 rsa = s->session->sess_cert->peer_rsa_tmp; 2188 rsa = s->session->sess_cert->peer_rsa_tmp;
2024 else { 2189 else {
2025 pkey = X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509); 2190 pkey = X509_get_pubkey(
2191 s->session->sess_cert->peer_pkeys[
2192 SSL_PKEY_RSA_ENC].x509);
2026 if ((pkey == NULL) || 2193 if ((pkey == NULL) ||
2027 (pkey->type != EVP_PKEY_RSA) || 2194 (pkey->type != EVP_PKEY_RSA) ||
2028 (pkey->pkey.rsa == NULL)) { 2195 (pkey->pkey.rsa == NULL)) {
2029 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); 2196 SSLerr(
2197 SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2198 ERR_R_INTERNAL_ERROR);
2030 goto err; 2199 goto err;
2031 } 2200 }
2032 rsa = pkey->pkey.rsa; 2201 rsa = pkey->pkey.rsa;
@@ -2047,7 +2216,8 @@ ssl3_send_client_key_exchange(SSL *s)
2047 n = RSA_public_encrypt(sizeof tmp_buf, 2216 n = RSA_public_encrypt(sizeof tmp_buf,
2048 tmp_buf, p, rsa, RSA_PKCS1_PADDING); 2217 tmp_buf, p, rsa, RSA_PKCS1_PADDING);
2049 if (n <= 0) { 2218 if (n <= 0) {
2050 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, SSL_R_BAD_RSA_ENCRYPT); 2219 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2220 SSL_R_BAD_RSA_ENCRYPT);
2051 goto err; 2221 goto err;
2052 } 2222 }
2053 2223
@@ -2075,14 +2245,14 @@ ssl3_send_client_key_exchange(SSL *s)
2075 unsigned char iv[EVP_MAX_IV_LENGTH]; 2245 unsigned char iv[EVP_MAX_IV_LENGTH];
2076 unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH]; 2246 unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
2077 unsigned char epms[SSL_MAX_MASTER_KEY_LENGTH 2247 unsigned char epms[SSL_MAX_MASTER_KEY_LENGTH
2078 + EVP_MAX_IV_LENGTH]; 2248 + EVP_MAX_IV_LENGTH];
2079 int padl, outl = sizeof(epms); 2249 int padl, outl = sizeof(epms);
2080 2250
2081 EVP_CIPHER_CTX_init(&ciph_ctx); 2251 EVP_CIPHER_CTX_init(&ciph_ctx);
2082 2252
2083#ifdef KSSL_DEBUG 2253#ifdef KSSL_DEBUG
2084 printf("ssl3_send_client_key_exchange(%lx & %lx)\n", 2254 printf("ssl3_send_client_key_exchange(%lx & %lx)\n",
2085 alg_k, SSL_kKRB5); 2255 alg_k, SSL_kKRB5);
2086#endif /* KSSL_DEBUG */ 2256#endif /* KSSL_DEBUG */
2087 2257
2088 authp = NULL; 2258 authp = NULL;
@@ -2100,44 +2270,46 @@ ssl3_send_client_key_exchange(SSL *s)
2100 { 2270 {
2101 printf("kssl_cget_tkt rtn %d\n", krb5rc); 2271 printf("kssl_cget_tkt rtn %d\n", krb5rc);
2102 if (krb5rc && kssl_err.text) 2272 if (krb5rc && kssl_err.text)
2103 printf("kssl_cget_tkt kssl_err=%s\n", kssl_err.text); 2273 printf("kssl_cget_tkt kssl_err=%s\n",
2274 kssl_err.text);
2104 } 2275 }
2105#endif /* KSSL_DEBUG */ 2276#endif /* KSSL_DEBUG */
2106 2277
2107 if (krb5rc) { 2278 if (krb5rc) {
2108 ssl3_send_alert(s, SSL3_AL_FATAL, 2279 ssl3_send_alert(s, SSL3_AL_FATAL,
2109 SSL_AD_HANDSHAKE_FAILURE); 2280 SSL_AD_HANDSHAKE_FAILURE);
2110 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, 2281 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2111 kssl_err.reason); 2282 kssl_err.reason);
2112 goto err; 2283 goto err;
2113 } 2284 }
2114 2285
2115 /* 20010406 VRS - Earlier versions used KRB5 AP_REQ 2286 /*
2116 ** in place of RFC 2712 KerberosWrapper, as in: 2287 * 20010406 VRS - Earlier versions used KRB5 AP_REQ
2117 ** 2288 * in place of RFC 2712 KerberosWrapper, as in:
2118 ** Send ticket (copy to *p, set n = length) 2289 *
2119 ** n = krb5_ap_req.length; 2290 * Send ticket (copy to *p, set n = length)
2120 ** memcpy(p, krb5_ap_req.data, krb5_ap_req.length); 2291 * n = krb5_ap_req.length;
2121 ** if (krb5_ap_req.data) 2292 * memcpy(p, krb5_ap_req.data, krb5_ap_req.length);
2122 ** kssl_krb5_free_data_contents(NULL,&krb5_ap_req); 2293 * if (krb5_ap_req.data)
2123 ** 2294 * kssl_krb5_free_data_contents(NULL,&krb5_ap_req);
2124 ** Now using real RFC 2712 KerberosWrapper 2295 *
2125 ** (Thanks to Simon Wilkinson <sxw@sxw.org.uk>) 2296 * Now using real RFC 2712 KerberosWrapper
2126 ** Note: 2712 "opaque" types are here replaced 2297 * (Thanks to Simon Wilkinson <sxw@sxw.org.uk>)
2127 ** with a 2-byte length followed by the value. 2298 * Note: 2712 "opaque" types are here replaced
2128 ** Example: 2299 * with a 2-byte length followed by the value.
2129 ** KerberosWrapper= xx xx asn1ticket 0 0 xx xx encpms 2300 * Example:
2130 ** Where "xx xx" = length bytes. Shown here with 2301 * KerberosWrapper= xx xx asn1ticket 0 0 xx xx encpms
2131 ** optional authenticator omitted. 2302 * Where "xx xx" = length bytes. Shown here with
2132 */ 2303 * optional authenticator omitted.
2133 2304 */
2134 /* KerberosWrapper.Ticket */ 2305
2306 /* KerberosWrapper.Ticket */
2135 s2n(enc_ticket->length, p); 2307 s2n(enc_ticket->length, p);
2136 memcpy(p, enc_ticket->data, enc_ticket->length); 2308 memcpy(p, enc_ticket->data, enc_ticket->length);
2137 p += enc_ticket->length; 2309 p += enc_ticket->length;
2138 n = enc_ticket->length + 2; 2310 n = enc_ticket->length + 2;
2139 2311
2140 /* KerberosWrapper.Authenticator */ 2312 /* KerberosWrapper.Authenticator */
2141 if (authp && authp->length) { 2313 if (authp && authp->length) {
2142 s2n(authp->length, p); 2314 s2n(authp->length, p);
2143 memcpy(p, authp->data, authp->length); 2315 memcpy(p, authp->data, authp->length);
@@ -2153,32 +2325,34 @@ ssl3_send_client_key_exchange(SSL *s)
2153 } 2325 }
2154 2326
2155 tmp_buf[0] = s->client_version >> 8; 2327 tmp_buf[0] = s->client_version >> 8;
2156 tmp_buf[1] = s->client_version&0xff; 2328 tmp_buf[1] = s->client_version & 0xff;
2157 if (RAND_bytes(&(tmp_buf[2]), sizeof tmp_buf - 2) <= 0) 2329 if (RAND_bytes(&(tmp_buf[2]), sizeof tmp_buf - 2) <= 0)
2158 goto err; 2330 goto err;
2159 2331
2160 /* 20010420 VRS. Tried it this way; failed. 2332 /*
2161 ** EVP_EncryptInit_ex(&ciph_ctx,enc, NULL,NULL); 2333 * 20010420 VRS. Tried it this way; failed.
2162 ** EVP_CIPHER_CTX_set_key_length(&ciph_ctx, 2334 * EVP_EncryptInit_ex(&ciph_ctx,enc, NULL,NULL);
2163 ** kssl_ctx->length); 2335 * EVP_CIPHER_CTX_set_key_length(&ciph_ctx,
2164 ** EVP_EncryptInit_ex(&ciph_ctx,NULL, key,iv); 2336 * kssl_ctx->length);
2165 */ 2337 * EVP_EncryptInit_ex(&ciph_ctx,NULL, key,iv);
2338 */
2166 2339
2167 memset(iv, 0, sizeof iv); 2340 memset(iv, 0, sizeof iv);
2168 /* per RFC 1510 */ 2341 /* per RFC 1510 */
2169 EVP_EncryptInit_ex(&ciph_ctx, enc, NULL, 2342 EVP_EncryptInit_ex(&ciph_ctx, enc, NULL,
2170 kssl_ctx->key, iv); 2343 kssl_ctx->key, iv);
2171 EVP_EncryptUpdate(&ciph_ctx, epms, &outl, tmp_buf, 2344 EVP_EncryptUpdate(&ciph_ctx, epms, &outl, tmp_buf,
2172 sizeof tmp_buf); 2345 sizeof tmp_buf);
2173 EVP_EncryptFinal_ex(&ciph_ctx, &(epms[outl]), &padl); 2346 EVP_EncryptFinal_ex(&ciph_ctx, &(epms[outl]), &padl);
2174 outl += padl; 2347 outl += padl;
2175 if (outl > (int)sizeof epms) { 2348 if (outl > (int)sizeof epms) {
2176 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); 2349 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2350 ERR_R_INTERNAL_ERROR);
2177 goto err; 2351 goto err;
2178 } 2352 }
2179 EVP_CIPHER_CTX_cleanup(&ciph_ctx); 2353 EVP_CIPHER_CTX_cleanup(&ciph_ctx);
2180 2354
2181 /* KerberosWrapper.EncryptedPreMasterSecret */ 2355 /* KerberosWrapper.EncryptedPreMasterSecret */
2182 s2n(outl, p); 2356 s2n(outl, p);
2183 memcpy(p, epms, outl); 2357 memcpy(p, epms, outl);
2184 p += outl; 2358 p += outl;
@@ -2198,50 +2372,58 @@ ssl3_send_client_key_exchange(SSL *s)
2198 DH *dh_srvr, *dh_clnt; 2372 DH *dh_srvr, *dh_clnt;
2199 2373
2200 if (s->session->sess_cert == NULL) { 2374 if (s->session->sess_cert == NULL) {
2201 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE); 2375 ssl3_send_alert(s, SSL3_AL_FATAL,
2202 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, SSL_R_UNEXPECTED_MESSAGE); 2376 SSL_AD_UNEXPECTED_MESSAGE);
2377 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2378 SSL_R_UNEXPECTED_MESSAGE);
2203 goto err; 2379 goto err;
2204 } 2380 }
2205 2381
2206 if (s->session->sess_cert->peer_dh_tmp != NULL) 2382 if (s->session->sess_cert->peer_dh_tmp != NULL)
2207 dh_srvr = s->session->sess_cert->peer_dh_tmp; 2383 dh_srvr = s->session->sess_cert->peer_dh_tmp;
2208 else { 2384 else {
2209 /* we get them from the cert */ 2385 /* We get them from the cert. */
2210 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); 2386 ssl3_send_alert(s, SSL3_AL_FATAL,
2211 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, SSL_R_UNABLE_TO_FIND_DH_PARAMETERS); 2387 SSL_AD_HANDSHAKE_FAILURE);
2388 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2389 SSL_R_UNABLE_TO_FIND_DH_PARAMETERS);
2212 goto err; 2390 goto err;
2213 } 2391 }
2214 2392
2215 /* generate a new random key */ 2393 /* Generate a new random key. */
2216 if ((dh_clnt = DHparams_dup(dh_srvr)) == NULL) { 2394 if ((dh_clnt = DHparams_dup(dh_srvr)) == NULL) {
2217 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_DH_LIB); 2395 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2396 ERR_R_DH_LIB);
2218 goto err; 2397 goto err;
2219 } 2398 }
2220 if (!DH_generate_key(dh_clnt)) { 2399 if (!DH_generate_key(dh_clnt)) {
2221 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_DH_LIB); 2400 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2401 ERR_R_DH_LIB);
2222 DH_free(dh_clnt); 2402 DH_free(dh_clnt);
2223 goto err; 2403 goto err;
2224 } 2404 }
2225 2405
2226 /* use the 'p' output buffer for the DH key, but 2406 /*
2227 * make sure to clear it out afterwards */ 2407 * Use the 'p' output buffer for the DH key, but
2228 2408 * make sure to clear it out afterwards.
2409 */
2229 n = DH_compute_key(p, dh_srvr->pub_key, dh_clnt); 2410 n = DH_compute_key(p, dh_srvr->pub_key, dh_clnt);
2230 2411
2231 if (n <= 0) { 2412 if (n <= 0) {
2232 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_DH_LIB); 2413 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2414 ERR_R_DH_LIB);
2233 DH_free(dh_clnt); 2415 DH_free(dh_clnt);
2234 goto err; 2416 goto err;
2235 } 2417 }
2236 2418
2237 /* generate master key from the result */ 2419 /* Generate master key from the result. */
2238 s->session->master_key_length = 2420 s->session->master_key_length =
2239 s->method->ssl3_enc->generate_master_secret(s, 2421 s->method->ssl3_enc->generate_master_secret(s,
2240 s->session->master_key, p, n); 2422 s->session->master_key, p, n);
2241 /* clean up */ 2423 /* Clean up. */
2242 memset(p, 0, n); 2424 memset(p, 0, n);
2243 2425
2244 /* send off the data */ 2426 /* Send off the data. */
2245 n = BN_num_bytes(dh_clnt->pub_key); 2427 n = BN_num_bytes(dh_clnt->pub_key);
2246 s2n(n, p); 2428 s2n(n, p);
2247 BN_bn2bin(dh_clnt->pub_key, p); 2429 BN_bn2bin(dh_clnt->pub_key, p);
@@ -2260,13 +2442,15 @@ ssl3_send_client_key_exchange(SSL *s)
2260 int ecdh_clnt_cert = 0; 2442 int ecdh_clnt_cert = 0;
2261 int field_size = 0; 2443 int field_size = 0;
2262 2444
2263 /* Did we send out the client's 2445 /*
2264 * ECDH share for use in premaster 2446 * Did we send out the client's ECDH share for use
2265 * computation as part of client certificate? 2447 * in premaster computation as part of client
2266 * If so, set ecdh_clnt_cert to 1. 2448 * certificate? If so, set ecdh_clnt_cert to 1.
2267 */ 2449 */
2268 if ((alg_k & (SSL_kECDHr|SSL_kECDHe)) && (s->cert != NULL)) { 2450 if ((alg_k & (SSL_kECDHr|SSL_kECDHe)) &&
2269 /* XXX: For now, we do not support client 2451 (s->cert != NULL)) {
2452 /*
2453 * XXX: For now, we do not support client
2270 * authentication using ECDH certificates. 2454 * authentication using ECDH certificates.
2271 * To add such support, one needs to add 2455 * To add such support, one needs to add
2272 * code that checks for appropriate 2456 * code that checks for appropriate
@@ -2294,10 +2478,11 @@ ssl3_send_client_key_exchange(SSL *s)
2294 srvr_pub_pkey = X509_get_pubkey(s->session-> \ 2478 srvr_pub_pkey = X509_get_pubkey(s->session-> \
2295 sess_cert->peer_pkeys[SSL_PKEY_ECC].x509); 2479 sess_cert->peer_pkeys[SSL_PKEY_ECC].x509);
2296 if ((srvr_pub_pkey == NULL) || 2480 if ((srvr_pub_pkey == NULL) ||
2297 (srvr_pub_pkey->type != EVP_PKEY_EC) || 2481 (srvr_pub_pkey->type != EVP_PKEY_EC) ||
2298 (srvr_pub_pkey->pkey.ec == NULL)) { 2482 (srvr_pub_pkey->pkey.ec == NULL)) {
2299 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, 2483 SSLerr(
2300 ERR_R_INTERNAL_ERROR); 2484 SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2485 ERR_R_INTERNAL_ERROR);
2301 goto err; 2486 goto err;
2302 } 2487 }
2303 2488
@@ -2309,21 +2494,24 @@ ssl3_send_client_key_exchange(SSL *s)
2309 2494
2310 if ((srvr_group == NULL) || (srvr_ecpoint == NULL)) { 2495 if ((srvr_group == NULL) || (srvr_ecpoint == NULL)) {
2311 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, 2496 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2312 ERR_R_INTERNAL_ERROR); 2497 ERR_R_INTERNAL_ERROR);
2313 goto err; 2498 goto err;
2314 } 2499 }
2315 2500
2316 if ((clnt_ecdh = EC_KEY_new()) == NULL) { 2501 if ((clnt_ecdh = EC_KEY_new()) == NULL) {
2317 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE); 2502 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2503 ERR_R_MALLOC_FAILURE);
2318 goto err; 2504 goto err;
2319 } 2505 }
2320 2506
2321 if (!EC_KEY_set_group(clnt_ecdh, srvr_group)) { 2507 if (!EC_KEY_set_group(clnt_ecdh, srvr_group)) {
2322 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_EC_LIB); 2508 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2509 ERR_R_EC_LIB);
2323 goto err; 2510 goto err;
2324 } 2511 }
2325 if (ecdh_clnt_cert) { 2512 if (ecdh_clnt_cert) {
2326 /* Reuse key info from our certificate 2513 /*
2514 * Reuse key info from our certificate
2327 * We only need our private key to perform 2515 * We only need our private key to perform
2328 * the ECDH computation. 2516 * the ECDH computation.
2329 */ 2517 */
@@ -2331,73 +2519,83 @@ ssl3_send_client_key_exchange(SSL *s)
2331 tkey = s->cert->key->privatekey->pkey.ec; 2519 tkey = s->cert->key->privatekey->pkey.ec;
2332 priv_key = EC_KEY_get0_private_key(tkey); 2520 priv_key = EC_KEY_get0_private_key(tkey);
2333 if (priv_key == NULL) { 2521 if (priv_key == NULL) {
2334 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE); 2522 SSLerr(
2523 SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2524 ERR_R_MALLOC_FAILURE);
2335 goto err; 2525 goto err;
2336 } 2526 }
2337 if (!EC_KEY_set_private_key(clnt_ecdh, priv_key)) { 2527 if (!EC_KEY_set_private_key(clnt_ecdh,
2338 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_EC_LIB); 2528 priv_key)) {
2529 SSLerr(
2530 SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2531 ERR_R_EC_LIB);
2339 goto err; 2532 goto err;
2340 } 2533 }
2341 } else { 2534 } else {
2342 /* Generate a new ECDH key pair */ 2535 /* Generate a new ECDH key pair */
2343 if (!(EC_KEY_generate_key(clnt_ecdh))) { 2536 if (!(EC_KEY_generate_key(clnt_ecdh))) {
2344 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_ECDH_LIB); 2537 SSLerr(
2538 SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2539 ERR_R_ECDH_LIB);
2345 goto err; 2540 goto err;
2346 } 2541 }
2347 } 2542 }
2348 2543
2349 /* use the 'p' output buffer for the ECDH key, but 2544 /*
2350 * make sure to clear it out afterwards 2545 * Use the 'p' output buffer for the ECDH key, but
2546 * make sure to clear it out afterwards.
2351 */ 2547 */
2352
2353 field_size = EC_GROUP_get_degree(srvr_group); 2548 field_size = EC_GROUP_get_degree(srvr_group);
2354 if (field_size <= 0) { 2549 if (field_size <= 0) {
2355 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, 2550 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2356 ERR_R_ECDH_LIB); 2551 ERR_R_ECDH_LIB);
2357 goto err; 2552 goto err;
2358 } 2553 }
2359 n = ECDH_compute_key(p, (field_size + 7)/8, srvr_ecpoint, clnt_ecdh, NULL); 2554 n = ECDH_compute_key(p, (field_size + 7)/8,
2555 srvr_ecpoint, clnt_ecdh, NULL);
2360 if (n <= 0) { 2556 if (n <= 0) {
2361 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, 2557 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2362 ERR_R_ECDH_LIB); 2558 ERR_R_ECDH_LIB);
2363 goto err; 2559 goto err;
2364 } 2560 }
2365 2561
2366 /* generate master key from the result */ 2562 /* generate master key from the result */
2367 s->session->master_key_length = s->method->ssl3_enc \ 2563 s->session->master_key_length = s->method->ssl3_enc \
2368 -> generate_master_secret(s, 2564 -> generate_master_secret(s,
2369 s->session->master_key, 2565 s->session->master_key, p, n);
2370 p, n);
2371 2566
2372 memset(p, 0, n); /* clean up */ 2567 memset(p, 0, n); /* clean up */
2373 2568
2374 if (ecdh_clnt_cert) { 2569 if (ecdh_clnt_cert) {
2375 /* Send empty client key exch message */ 2570 /* Send empty client key exch message. */
2376 n = 0; 2571 n = 0;
2377 } else { 2572 } else {
2378 /* First check the size of encoding and 2573 /*
2574 * First check the size of encoding and
2379 * allocate memory accordingly. 2575 * allocate memory accordingly.
2380 */ 2576 */
2381 encoded_pt_len = 2577 encoded_pt_len = EC_POINT_point2oct(
2382 EC_POINT_point2oct(srvr_group, 2578 srvr_group,
2383 EC_KEY_get0_public_key(clnt_ecdh), 2579 EC_KEY_get0_public_key(clnt_ecdh),
2384 POINT_CONVERSION_UNCOMPRESSED, 2580 POINT_CONVERSION_UNCOMPRESSED,
2385 NULL, 0, NULL); 2581 NULL, 0, NULL);
2386 2582
2387 encodedPoint = malloc(encoded_pt_len); 2583 encodedPoint = malloc(encoded_pt_len);
2388 2584
2389 bn_ctx = BN_CTX_new(); 2585 bn_ctx = BN_CTX_new();
2390 if ((encodedPoint == NULL) || 2586 if ((encodedPoint == NULL) ||
2391 (bn_ctx == NULL)) { 2587 (bn_ctx == NULL)) {
2392 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE); 2588 SSLerr(
2589 SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2590 ERR_R_MALLOC_FAILURE);
2393 goto err; 2591 goto err;
2394 } 2592 }
2395 2593
2396 /* Encode the public key */ 2594 /* Encode the public key */
2397 n = EC_POINT_point2oct(srvr_group, 2595 n = EC_POINT_point2oct(srvr_group,
2398 EC_KEY_get0_public_key(clnt_ecdh), 2596 EC_KEY_get0_public_key(clnt_ecdh),
2399 POINT_CONVERSION_UNCOMPRESSED, 2597 POINT_CONVERSION_UNCOMPRESSED,
2400 encodedPoint, encoded_pt_len, bn_ctx); 2598 encodedPoint, encoded_pt_len, bn_ctx);
2401 2599
2402 *p = n; /* length of encoded point */ 2600 *p = n; /* length of encoded point */
2403 /* Encoded point will be copied here */ 2601 /* Encoded point will be copied here */
@@ -2427,61 +2625,80 @@ ssl3_send_client_key_exchange(SSL *s)
2427 size_t msglen; 2625 size_t msglen;
2428 unsigned int md_len; 2626 unsigned int md_len;
2429 int keytype; 2627 int keytype;
2430 unsigned char premaster_secret[32], shared_ukm[32], tmp[256]; 2628 unsigned char premaster_secret[32], shared_ukm[32],
2629 tmp[256];
2431 EVP_MD_CTX *ukm_hash; 2630 EVP_MD_CTX *ukm_hash;
2432 EVP_PKEY *pub_key; 2631 EVP_PKEY *pub_key;
2433 2632
2434 /* Get server sertificate PKEY and create ctx from it */ 2633 /* Get server sertificate PKEY and create ctx from it */
2435 peer_cert = s->session->sess_cert->peer_pkeys[(keytype = SSL_PKEY_GOST01)].x509; 2634 peer_cert = s->session->sess_cert->peer_pkeys[(
2635 keytype = SSL_PKEY_GOST01)].x509;
2436 if (!peer_cert) 2636 if (!peer_cert)
2437 peer_cert = s->session->sess_cert->peer_pkeys[(keytype = SSL_PKEY_GOST94)].x509; 2637 peer_cert = s->session->sess_cert->peer_pkeys[
2638 (keytype = SSL_PKEY_GOST94)].x509;
2438 if (!peer_cert) { 2639 if (!peer_cert) {
2439 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER); 2640 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2641 SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER);
2440 goto err; 2642 goto err;
2441 } 2643 }
2442 2644
2443 pkey_ctx = EVP_PKEY_CTX_new(pub_key = X509_get_pubkey(peer_cert), NULL); 2645 pkey_ctx = EVP_PKEY_CTX_new(
2444 /* If we have send a certificate, and certificate key 2646 pub_key = X509_get_pubkey(peer_cert),
2445 2647 NULL);
2648 /*
2649 * If we have send a certificate, and certificate key
2446 * parameters match those of server certificate, use 2650 * parameters match those of server certificate, use
2447 * certificate key for key exchange 2651 * certificate key for key exchange.
2652 * Otherwise, generate ephemeral key pair.
2448 */ 2653 */
2449 2654
2450 /* Otherwise, generate ephemeral key pair */
2451
2452 EVP_PKEY_encrypt_init(pkey_ctx); 2655 EVP_PKEY_encrypt_init(pkey_ctx);
2453 /* Generate session key */ 2656 /* Generate session key. */
2454 RAND_bytes(premaster_secret, 32); 2657 RAND_bytes(premaster_secret, 32);
2455 /* If we have client certificate, use its secret as peer key */ 2658 /*
2659 * If we have client certificate, use its secret
2660 * as peer key.
2661 */
2456 if (s->s3->tmp.cert_req && s->cert->key->privatekey) { 2662 if (s->s3->tmp.cert_req && s->cert->key->privatekey) {
2457 if (EVP_PKEY_derive_set_peer(pkey_ctx, s->cert->key->privatekey) <=0) { 2663 if (EVP_PKEY_derive_set_peer(pkey_ctx,
2458 /* If there was an error - just ignore it. Ephemeral key 2664 s->cert->key->privatekey) <=0) {
2459 * would be used 2665 /*
2460 */ 2666 * If there was an error -
2667 * just ignore it. Ephemeral key
2668 * would be used
2669 */
2461 ERR_clear_error(); 2670 ERR_clear_error();
2462 } 2671 }
2463 } 2672 }
2464 /* Compute shared IV and store it in algorithm-specific 2673 /*
2465 * context data */ 2674 * Compute shared IV and store it in algorithm-specific
2675 * context data
2676 */
2466 ukm_hash = EVP_MD_CTX_create(); 2677 ukm_hash = EVP_MD_CTX_create();
2467 EVP_DigestInit(ukm_hash, EVP_get_digestbynid(NID_id_GostR3411_94)); 2678 EVP_DigestInit(ukm_hash,
2468 EVP_DigestUpdate(ukm_hash, s->s3->client_random, SSL3_RANDOM_SIZE); 2679 EVP_get_digestbynid(NID_id_GostR3411_94));
2469 EVP_DigestUpdate(ukm_hash, s->s3->server_random, SSL3_RANDOM_SIZE); 2680 EVP_DigestUpdate(ukm_hash,
2681 s->s3->client_random, SSL3_RANDOM_SIZE);
2682 EVP_DigestUpdate(ukm_hash,
2683 s->s3->server_random, SSL3_RANDOM_SIZE);
2470 EVP_DigestFinal_ex(ukm_hash, shared_ukm, &md_len); 2684 EVP_DigestFinal_ex(ukm_hash, shared_ukm, &md_len);
2471 EVP_MD_CTX_destroy(ukm_hash); 2685 EVP_MD_CTX_destroy(ukm_hash);
2472 if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, EVP_PKEY_OP_ENCRYPT, EVP_PKEY_CTRL_SET_IV, 2686 if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, EVP_PKEY_OP_ENCRYPT,
2473 8, shared_ukm) < 0) { 2687 EVP_PKEY_CTRL_SET_IV, 8, shared_ukm) < 0) {
2474 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, 2688 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2475 SSL_R_LIBRARY_BUG); 2689 SSL_R_LIBRARY_BUG);
2476 goto err; 2690 goto err;
2477 } 2691 }
2478 /* Make GOST keytransport blob message */ 2692 /*
2479 /*Encapsulate it into sequence */ 2693 * Make GOST keytransport blob message,
2694 * encapsulate it into sequence.
2695 */
2480 *(p++) = V_ASN1_SEQUENCE | V_ASN1_CONSTRUCTED; 2696 *(p++) = V_ASN1_SEQUENCE | V_ASN1_CONSTRUCTED;
2481 msglen = 255; 2697 msglen = 255;
2482 if (EVP_PKEY_encrypt(pkey_ctx, tmp, &msglen, premaster_secret, 32) < 0) { 2698 if (EVP_PKEY_encrypt(pkey_ctx, tmp, &msglen,
2699 premaster_secret, 32) < 0) {
2483 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, 2700 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2484 SSL_R_LIBRARY_BUG); 2701 SSL_R_LIBRARY_BUG);
2485 goto err; 2702 goto err;
2486 } 2703 }
2487 if (msglen >= 0x80) { 2704 if (msglen >= 0x80) {
@@ -2493,16 +2710,17 @@ ssl3_send_client_key_exchange(SSL *s)
2493 n = msglen + 2; 2710 n = msglen + 2;
2494 } 2711 }
2495 memcpy(p, tmp, msglen); 2712 memcpy(p, tmp, msglen);
2496 /* Check if pubkey from client certificate was used */ 2713 /* Check if pubkey from client certificate was used. */
2497 if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 2, NULL) > 0) { 2714 if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, -1,
2498 /* Set flag "skip certificate verify" */ 2715 EVP_PKEY_CTRL_PEER_KEY, 2, NULL) > 0) {
2716 /* Set flag "skip certificate verify". */
2499 s->s3->flags |= TLS1_FLAGS_SKIP_CERT_VERIFY; 2717 s->s3->flags |= TLS1_FLAGS_SKIP_CERT_VERIFY;
2500 } 2718 }
2501 EVP_PKEY_CTX_free(pkey_ctx); 2719 EVP_PKEY_CTX_free(pkey_ctx);
2502 s->session->master_key_length = 2720 s->session->master_key_length =
2503 s->method->ssl3_enc->generate_master_secret(s, 2721 s->method->ssl3_enc->generate_master_secret(s,
2504 s->session->master_key, premaster_secret, 32); 2722 s->session->master_key, premaster_secret, 32);
2505 EVP_PKEY_free(pub_key); 2723 EVP_PKEY_free(pub_key);
2506 2724
2507 } 2725 }
2508#ifndef OPENSSL_NO_SRP 2726#ifndef OPENSSL_NO_SRP
@@ -2514,7 +2732,8 @@ ssl3_send_client_key_exchange(SSL *s)
2514 BN_bn2bin(s->srp_ctx.A, p); 2732 BN_bn2bin(s->srp_ctx.A, p);
2515 n += 2; 2733 n += 2;
2516 } else { 2734 } else {
2517 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); 2735 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2736 ERR_R_INTERNAL_ERROR);
2518 goto err; 2737 goto err;
2519 } 2738 }
2520 if (s->session->srp_username != NULL) 2739 if (s->session->srp_username != NULL)
@@ -2522,12 +2741,15 @@ ssl3_send_client_key_exchange(SSL *s)
2522 s->session->srp_username = BUF_strdup(s->srp_ctx.login); 2741 s->session->srp_username = BUF_strdup(s->srp_ctx.login);
2523 if (s->session->srp_username == NULL) { 2742 if (s->session->srp_username == NULL) {
2524 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, 2743 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2525 ERR_R_MALLOC_FAILURE); 2744 ERR_R_MALLOC_FAILURE);
2526 goto err; 2745 goto err;
2527 } 2746 }
2528 2747
2529 if ((s->session->master_key_length = SRP_generate_client_master_secret(s, s->session->master_key)) < 0) { 2748 if ((s->session->master_key_length =
2530 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); 2749 SRP_generate_client_master_secret(s,
2750 s->session->master_key)) < 0) {
2751 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2752 ERR_R_INTERNAL_ERROR);
2531 goto err; 2753 goto err;
2532 } 2754 }
2533 } 2755 }
@@ -2543,27 +2765,29 @@ ssl3_send_client_key_exchange(SSL *s)
2543 n = 0; 2765 n = 0;
2544 if (s->psk_client_callback == NULL) { 2766 if (s->psk_client_callback == NULL) {
2545 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, 2767 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2546 SSL_R_PSK_NO_CLIENT_CB); 2768 SSL_R_PSK_NO_CLIENT_CB);
2547 goto err; 2769 goto err;
2548 } 2770 }
2549 2771
2550 psk_len = s->psk_client_callback(s, s->ctx->psk_identity_hint, 2772 psk_len = s->psk_client_callback(s,
2551 identity, PSK_MAX_IDENTITY_LEN, 2773 s->ctx->psk_identity_hint, identity,
2552 psk_or_pre_ms, sizeof(psk_or_pre_ms)); 2774 PSK_MAX_IDENTITY_LEN, psk_or_pre_ms,
2775 sizeof(psk_or_pre_ms));
2553 if (psk_len > PSK_MAX_PSK_LEN) { 2776 if (psk_len > PSK_MAX_PSK_LEN) {
2554 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, 2777 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2555 ERR_R_INTERNAL_ERROR); 2778 ERR_R_INTERNAL_ERROR);
2556 goto psk_err; 2779 goto psk_err;
2557 } else if (psk_len == 0) { 2780 } else if (psk_len == 0) {
2558 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, 2781 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2559 SSL_R_PSK_IDENTITY_NOT_FOUND); 2782 SSL_R_PSK_IDENTITY_NOT_FOUND);
2560 goto psk_err; 2783 goto psk_err;
2561 } 2784 }
2562 2785
2563 /* create PSK pre_master_secret */ 2786 /* create PSK pre_master_secret */
2564 pre_ms_len = 2 + psk_len + 2 + psk_len; 2787 pre_ms_len = 2 + psk_len + 2 + psk_len;
2565 t = psk_or_pre_ms; 2788 t = psk_or_pre_ms;
2566 memmove(psk_or_pre_ms + psk_len + 4, psk_or_pre_ms, psk_len); 2789 memmove(psk_or_pre_ms + psk_len + 4,
2790 psk_or_pre_ms, psk_len);
2567 s2n(psk_len, t); 2791 s2n(psk_len, t);
2568 memset(t, 0, psk_len); 2792 memset(t, 0, psk_len);
2569 t += psk_len; 2793 t += psk_len;
@@ -2571,11 +2795,12 @@ ssl3_send_client_key_exchange(SSL *s)
2571 2795
2572 if (s->session->psk_identity_hint != NULL) 2796 if (s->session->psk_identity_hint != NULL)
2573 free(s->session->psk_identity_hint); 2797 free(s->session->psk_identity_hint);
2574 s->session->psk_identity_hint = BUF_strdup(s->ctx->psk_identity_hint); 2798 s->session->psk_identity_hint =
2799 BUF_strdup(s->ctx->psk_identity_hint);
2575 if (s->ctx->psk_identity_hint != NULL && 2800 if (s->ctx->psk_identity_hint != NULL &&
2576 s->session->psk_identity_hint == NULL) { 2801 s->session->psk_identity_hint == NULL) {
2577 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, 2802 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2578 ERR_R_MALLOC_FAILURE); 2803 ERR_R_MALLOC_FAILURE);
2579 goto psk_err; 2804 goto psk_err;
2580 } 2805 }
2581 2806
@@ -2584,25 +2809,26 @@ ssl3_send_client_key_exchange(SSL *s)
2584 s->session->psk_identity = BUF_strdup(identity); 2809 s->session->psk_identity = BUF_strdup(identity);
2585 if (s->session->psk_identity == NULL) { 2810 if (s->session->psk_identity == NULL) {
2586 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, 2811 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2587 ERR_R_MALLOC_FAILURE); 2812 ERR_R_MALLOC_FAILURE);
2588 goto psk_err; 2813 goto psk_err;
2589 } 2814 }
2590 2815
2591 s->session->master_key_length = 2816 s->session->master_key_length =
2592 s->method->ssl3_enc->generate_master_secret( 2817 s->method->ssl3_enc->generate_master_secret(
2593 s, s->session->master_key, psk_or_pre_ms, 2818 s, s->session->master_key, psk_or_pre_ms,
2594 pre_ms_len); 2819 pre_ms_len);
2595 2820
2596 n = strlen(identity); 2821 n = strlen(identity);
2597 s2n(n, p); 2822 s2n(n, p);
2598 memcpy(p, identity, n); 2823 memcpy(p, identity, n);
2599 n += 2; 2824 n += 2;
2600 psk_err = 0; 2825 psk_err = 0;
2601 psk_err: 2826 psk_err:
2602 OPENSSL_cleanse(identity, PSK_MAX_IDENTITY_LEN); 2827 OPENSSL_cleanse(identity, PSK_MAX_IDENTITY_LEN);
2603 OPENSSL_cleanse(psk_or_pre_ms, sizeof(psk_or_pre_ms)); 2828 OPENSSL_cleanse(psk_or_pre_ms, sizeof(psk_or_pre_ms));
2604 if (psk_err != 0) { 2829 if (psk_err != 0) {
2605 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); 2830 ssl3_send_alert(s, SSL3_AL_FATAL,
2831 SSL_AD_HANDSHAKE_FAILURE);
2606 goto err; 2832 goto err;
2607 } 2833 }
2608 } 2834 }
@@ -2626,7 +2852,7 @@ ssl3_send_client_key_exchange(SSL *s)
2626 2852
2627 /* SSL3_ST_CW_KEY_EXCH_B */ 2853 /* SSL3_ST_CW_KEY_EXCH_B */
2628 return (ssl3_do_write(s, SSL3_RT_HANDSHAKE)); 2854 return (ssl3_do_write(s, SSL3_RT_HANDSHAKE));
2629err: 2855 err:
2630#ifndef OPENSSL_NO_ECDH 2856#ifndef OPENSSL_NO_ECDH
2631 BN_CTX_free(bn_ctx); 2857 BN_CTX_free(bn_ctx);
2632 if (encodedPoint != NULL) 2858 if (encodedPoint != NULL)
@@ -2641,14 +2867,14 @@ err:
2641int 2867int
2642ssl3_send_client_verify(SSL *s) 2868ssl3_send_client_verify(SSL *s)
2643{ 2869{
2644 unsigned char *p, *d; 2870 unsigned char *p, *d;
2645 unsigned char data[MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH]; 2871 unsigned char data[MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH];
2646 EVP_PKEY *pkey; 2872 EVP_PKEY *pkey;
2647 EVP_PKEY_CTX *pctx = NULL; 2873 EVP_PKEY_CTX *pctx = NULL;
2648 EVP_MD_CTX mctx; 2874 EVP_MD_CTX mctx;
2649 unsigned u = 0; 2875 unsigned u = 0;
2650 unsigned long n; 2876 unsigned long n;
2651 int j; 2877 int j;
2652 2878
2653 EVP_MD_CTX_init(&mctx); 2879 EVP_MD_CTX_init(&mctx);
2654 2880
@@ -2656,18 +2882,21 @@ ssl3_send_client_verify(SSL *s)
2656 d = (unsigned char *)s->init_buf->data; 2882 d = (unsigned char *)s->init_buf->data;
2657 p = &(d[4]); 2883 p = &(d[4]);
2658 pkey = s->cert->key->privatekey; 2884 pkey = s->cert->key->privatekey;
2659/* Create context from key and test if sha1 is allowed as digest */ 2885 /*
2886 * Create context from key and test if sha1 is allowed as
2887 * digest.
2888 */
2660 pctx = EVP_PKEY_CTX_new(pkey, NULL); 2889 pctx = EVP_PKEY_CTX_new(pkey, NULL);
2661 EVP_PKEY_sign_init(pctx); 2890 EVP_PKEY_sign_init(pctx);
2662 if (EVP_PKEY_CTX_set_signature_md(pctx, EVP_sha1()) > 0) { 2891 if (EVP_PKEY_CTX_set_signature_md(pctx, EVP_sha1()) > 0) {
2663 if (TLS1_get_version(s) < TLS1_2_VERSION) 2892 if (TLS1_get_version(s) < TLS1_2_VERSION)
2664 s->method->ssl3_enc->cert_verify_mac(s, 2893 s->method->ssl3_enc->cert_verify_mac(s,
2665 NID_sha1, 2894 NID_sha1, &(data[MD5_DIGEST_LENGTH]));
2666 &(data[MD5_DIGEST_LENGTH]));
2667 } else { 2895 } else {
2668 ERR_clear_error(); 2896 ERR_clear_error();
2669 } 2897 }
2670 /* For TLS v1.2 send signature algorithm and signature 2898 /*
2899 * For TLS v1.2 send signature algorithm and signature
2671 * using agreed digest and cached handshake records. 2900 * using agreed digest and cached handshake records.
2672 */ 2901 */
2673 if (TLS1_get_version(s) >= TLS1_2_VERSION) { 2902 if (TLS1_get_version(s) >= TLS1_2_VERSION) {
@@ -2675,10 +2904,11 @@ ssl3_send_client_verify(SSL *s)
2675 void *hdata; 2904 void *hdata;
2676 const EVP_MD *md = s->cert->key->digest; 2905 const EVP_MD *md = s->cert->key->digest;
2677 hdatalen = BIO_get_mem_data(s->s3->handshake_buffer, 2906 hdatalen = BIO_get_mem_data(s->s3->handshake_buffer,
2678 &hdata); 2907 &hdata);
2679 if (hdatalen <= 0 || !tls12_get_sigandhash(p, pkey, md)) { 2908 if (hdatalen <= 0 ||
2909 !tls12_get_sigandhash(p, pkey, md)) {
2680 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, 2910 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,
2681 ERR_R_INTERNAL_ERROR); 2911 ERR_R_INTERNAL_ERROR);
2682 goto err; 2912 goto err;
2683 } 2913 }
2684 p += 2; 2914 p += 2;
@@ -2690,7 +2920,7 @@ ssl3_send_client_verify(SSL *s)
2690 !EVP_SignUpdate(&mctx, hdata, hdatalen) || 2920 !EVP_SignUpdate(&mctx, hdata, hdatalen) ||
2691 !EVP_SignFinal(&mctx, p + 2, &u, pkey)) { 2921 !EVP_SignFinal(&mctx, p + 2, &u, pkey)) {
2692 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, 2922 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,
2693 ERR_R_EVP_LIB); 2923 ERR_R_EVP_LIB);
2694 goto err; 2924 goto err;
2695 } 2925 }
2696 s2n(u, p); 2926 s2n(u, p);
@@ -2704,7 +2934,8 @@ ssl3_send_client_verify(SSL *s)
2704 if (RSA_sign(NID_md5_sha1, data, 2934 if (RSA_sign(NID_md5_sha1, data,
2705 MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH, &(p[2]), 2935 MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH, &(p[2]),
2706 &u, pkey->pkey.rsa) <= 0 ) { 2936 &u, pkey->pkey.rsa) <= 0 ) {
2707 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, ERR_R_RSA_LIB); 2937 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,
2938 ERR_R_RSA_LIB);
2708 goto err; 2939 goto err;
2709 } 2940 }
2710 s2n(u, p); 2941 s2n(u, p);
@@ -2715,7 +2946,8 @@ ssl3_send_client_verify(SSL *s)
2715 &(data[MD5_DIGEST_LENGTH]), 2946 &(data[MD5_DIGEST_LENGTH]),
2716 SHA_DIGEST_LENGTH, &(p[2]), 2947 SHA_DIGEST_LENGTH, &(p[2]),
2717 (unsigned int *)&j, pkey->pkey.dsa)) { 2948 (unsigned int *)&j, pkey->pkey.dsa)) {
2718 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, ERR_R_DSA_LIB); 2949 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,
2950 ERR_R_DSA_LIB);
2719 goto err; 2951 goto err;
2720 } 2952 }
2721 s2n(j, p); 2953 s2n(j, p);
@@ -2728,23 +2960,24 @@ ssl3_send_client_verify(SSL *s)
2728 SHA_DIGEST_LENGTH, &(p[2]), 2960 SHA_DIGEST_LENGTH, &(p[2]),
2729 (unsigned int *)&j, pkey->pkey.ec)) { 2961 (unsigned int *)&j, pkey->pkey.ec)) {
2730 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, 2962 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,
2731 ERR_R_ECDSA_LIB); 2963 ERR_R_ECDSA_LIB);
2732 goto err; 2964 goto err;
2733 } 2965 }
2734 s2n(j, p); 2966 s2n(j, p);
2735 n = j + 2; 2967 n = j + 2;
2736 } else 2968 } else
2737#endif 2969#endif
2738 if (pkey->type == NID_id_GostR3410_94 || pkey->type == NID_id_GostR3410_2001) { 2970 if (pkey->type == NID_id_GostR3410_94 ||
2971 pkey->type == NID_id_GostR3410_2001) {
2739 unsigned char signbuf[64]; 2972 unsigned char signbuf[64];
2740 int i; 2973 int i;
2741 size_t sigsize = 64; 2974 size_t sigsize = 64;
2742 s->method->ssl3_enc->cert_verify_mac(s, 2975 s->method->ssl3_enc->cert_verify_mac(s,
2743 NID_id_GostR3411_94, 2976 NID_id_GostR3411_94, data);
2744 data); 2977 if (EVP_PKEY_sign(pctx, signbuf, &sigsize, data, 32)
2745 if (EVP_PKEY_sign(pctx, signbuf, &sigsize, data, 32) <= 0) { 2978 <= 0) {
2746 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, 2979 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,
2747 ERR_R_INTERNAL_ERROR); 2980 ERR_R_INTERNAL_ERROR);
2748 goto err; 2981 goto err;
2749 } 2982 }
2750 for (i = 63, j = 0; i >= 0; j++, i--) { 2983 for (i = 63, j = 0; i >= 0; j++, i--) {
@@ -2753,7 +2986,8 @@ ssl3_send_client_verify(SSL *s)
2753 s2n(j, p); 2986 s2n(j, p);
2754 n = j + 2; 2987 n = j + 2;
2755 } else { 2988 } else {
2756 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, ERR_R_INTERNAL_ERROR); 2989 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,
2990 ERR_R_INTERNAL_ERROR);
2757 goto err; 2991 goto err;
2758 } 2992 }
2759 *(d++) = SSL3_MT_CERTIFICATE_VERIFY; 2993 *(d++) = SSL3_MT_CERTIFICATE_VERIFY;
@@ -2766,7 +3000,7 @@ ssl3_send_client_verify(SSL *s)
2766 EVP_MD_CTX_cleanup(&mctx); 3000 EVP_MD_CTX_cleanup(&mctx);
2767 EVP_PKEY_CTX_free(pctx); 3001 EVP_PKEY_CTX_free(pctx);
2768 return (ssl3_do_write(s, SSL3_RT_HANDSHAKE)); 3002 return (ssl3_do_write(s, SSL3_RT_HANDSHAKE));
2769err: 3003 err:
2770 EVP_MD_CTX_cleanup(&mctx); 3004 EVP_MD_CTX_cleanup(&mctx);
2771 EVP_PKEY_CTX_free(pctx); 3005 EVP_PKEY_CTX_free(pctx);
2772 return (-1); 3006 return (-1);
@@ -2775,10 +3009,10 @@ err:
2775int 3009int
2776ssl3_send_client_certificate(SSL *s) 3010ssl3_send_client_certificate(SSL *s)
2777{ 3011{
2778 X509 *x509 = NULL; 3012 X509 *x509 = NULL;
2779 EVP_PKEY *pkey = NULL; 3013 EVP_PKEY *pkey = NULL;
2780 int i; 3014 int i;
2781 unsigned long l; 3015 unsigned long l;
2782 3016
2783 if (s->state == SSL3_ST_CW_CERT_A) { 3017 if (s->state == SSL3_ST_CW_CERT_A) {
2784 if ((s->cert == NULL) || (s->cert->key->x509 == NULL) || 3018 if ((s->cert == NULL) || (s->cert->key->x509 == NULL) ||
@@ -2792,7 +3026,8 @@ ssl3_send_client_certificate(SSL *s)
2792 if (s->state == SSL3_ST_CW_CERT_B) { 3026 if (s->state == SSL3_ST_CW_CERT_B) {
2793 /* If we get an error, we need to 3027 /* If we get an error, we need to
2794 * ssl->rwstate=SSL_X509_LOOKUP; return(-1); 3028 * ssl->rwstate=SSL_X509_LOOKUP; return(-1);
2795 * We then get retied later */ 3029 * We then get retied later
3030 */
2796 i = ssl_do_client_cert_cb(s, &x509, &pkey); 3031 i = ssl_do_client_cert_cb(s, &x509, &pkey);
2797 if (i < 0) { 3032 if (i < 0) {
2798 s->rwstate = SSL_X509_LOOKUP; 3033 s->rwstate = SSL_X509_LOOKUP;
@@ -2806,7 +3041,8 @@ ssl3_send_client_certificate(SSL *s)
2806 i = 0; 3041 i = 0;
2807 } else if (i == 1) { 3042 } else if (i == 1) {
2808 i = 0; 3043 i = 0;
2809 SSLerr(SSL_F_SSL3_SEND_CLIENT_CERTIFICATE, SSL_R_BAD_DATA_RETURNED_BY_CALLBACK); 3044 SSLerr(SSL_F_SSL3_SEND_CLIENT_CERTIFICATE,
3045 SSL_R_BAD_DATA_RETURNED_BY_CALLBACK);
2810 } 3046 }
2811 3047
2812 if (x509 != NULL) 3048 if (x509 != NULL)
@@ -2816,7 +3052,8 @@ ssl3_send_client_certificate(SSL *s)
2816 if (i == 0) { 3052 if (i == 0) {
2817 if (s->version == SSL3_VERSION) { 3053 if (s->version == SSL3_VERSION) {
2818 s->s3->tmp.cert_req = 0; 3054 s->s3->tmp.cert_req = 0;
2819 ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_NO_CERTIFICATE); 3055 ssl3_send_alert(s, SSL3_AL_WARNING,
3056 SSL_AD_NO_CERTIFICATE);
2820 return (1); 3057 return (1);
2821 } else { 3058 } else {
2822 s->s3->tmp.cert_req = 2; 3059 s->s3->tmp.cert_req = 2;
@@ -2830,7 +3067,7 @@ ssl3_send_client_certificate(SSL *s)
2830 if (s->state == SSL3_ST_CW_CERT_C) { 3067 if (s->state == SSL3_ST_CW_CERT_C) {
2831 s->state = SSL3_ST_CW_CERT_D; 3068 s->state = SSL3_ST_CW_CERT_D;
2832 l = ssl3_output_cert_chain(s, 3069 l = ssl3_output_cert_chain(s,
2833 (s->s3->tmp.cert_req == 2) ? NULL : s->cert->key->x509); 3070 (s->s3->tmp.cert_req == 2) ? NULL : s->cert->key->x509);
2834 s->init_num = (int)l; 3071 s->init_num = (int)l;
2835 s->init_off = 0; 3072 s->init_off = 0;
2836 } 3073 }
@@ -2843,25 +3080,26 @@ ssl3_send_client_certificate(SSL *s)
2843int 3080int
2844ssl3_check_cert_and_algorithm(SSL *s) 3081ssl3_check_cert_and_algorithm(SSL *s)
2845{ 3082{
2846 int i, idx; 3083 int i, idx;
2847 long alg_k, alg_a; 3084 long alg_k, alg_a;
2848 EVP_PKEY *pkey = NULL; 3085 EVP_PKEY *pkey = NULL;
2849 SESS_CERT *sc; 3086 SESS_CERT *sc;
2850 RSA *rsa; 3087 RSA *rsa;
2851#ifndef OPENSSL_NO_DH 3088#ifndef OPENSSL_NO_DH
2852 DH *dh; 3089 DH *dh;
2853#endif 3090#endif
2854 3091
2855 alg_k = s->s3->tmp.new_cipher->algorithm_mkey; 3092 alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
2856 alg_a = s->s3->tmp.new_cipher->algorithm_auth; 3093 alg_a = s->s3->tmp.new_cipher->algorithm_auth;
2857 3094
2858 /* we don't have a certificate */ 3095 /* We don't have a certificate. */
2859 if ((alg_a & (SSL_aDH|SSL_aNULL|SSL_aKRB5)) || (alg_k & SSL_kPSK)) 3096 if ((alg_a & (SSL_aDH|SSL_aNULL|SSL_aKRB5)) || (alg_k & SSL_kPSK))
2860 return (1); 3097 return (1);
2861 3098
2862 sc = s->session->sess_cert; 3099 sc = s->session->sess_cert;
2863 if (sc == NULL) { 3100 if (sc == NULL) {
2864 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, ERR_R_INTERNAL_ERROR); 3101 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
3102 ERR_R_INTERNAL_ERROR);
2865 goto err; 3103 goto err;
2866 } 3104 }
2867 3105
@@ -2870,15 +3108,16 @@ ssl3_check_cert_and_algorithm(SSL *s)
2870 dh = s->session->sess_cert->peer_dh_tmp; 3108 dh = s->session->sess_cert->peer_dh_tmp;
2871#endif 3109#endif
2872 3110
2873 /* This is the passed certificate */ 3111 /* This is the passed certificate. */
2874 3112
2875 idx = sc->peer_cert_type; 3113 idx = sc->peer_cert_type;
2876#ifndef OPENSSL_NO_ECDH 3114#ifndef OPENSSL_NO_ECDH
2877 if (idx == SSL_PKEY_ECC) { 3115 if (idx == SSL_PKEY_ECC) {
2878 if (ssl_check_srvr_ecc_cert_and_alg(sc->peer_pkeys[idx].x509, 3116 if (ssl_check_srvr_ecc_cert_and_alg(sc->peer_pkeys[idx].x509,
2879 s) == 0) 3117 s) == 0)
2880 { /* check failed */ 3118 { /* check failed */
2881 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_BAD_ECC_CERT); 3119 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
3120 SSL_R_BAD_ECC_CERT);
2882 goto f_err; 3121 goto f_err;
2883 } else { 3122 } else {
2884 return 1; 3123 return 1;
@@ -2892,59 +3131,71 @@ ssl3_check_cert_and_algorithm(SSL *s)
2892 3131
2893 /* Check that we have a certificate if we require one */ 3132 /* Check that we have a certificate if we require one */
2894 if ((alg_a & SSL_aRSA) && !has_bits(i, EVP_PK_RSA|EVP_PKT_SIGN)) { 3133 if ((alg_a & SSL_aRSA) && !has_bits(i, EVP_PK_RSA|EVP_PKT_SIGN)) {
2895 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_MISSING_RSA_SIGNING_CERT); 3134 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
3135 SSL_R_MISSING_RSA_SIGNING_CERT);
2896 goto f_err; 3136 goto f_err;
2897 } 3137 }
2898 else if ((alg_a & SSL_aDSS) && !has_bits(i, EVP_PK_DSA|EVP_PKT_SIGN)) { 3138 else if ((alg_a & SSL_aDSS) && !has_bits(i, EVP_PK_DSA|EVP_PKT_SIGN)) {
2899 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_MISSING_DSA_SIGNING_CERT); 3139 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
3140 SSL_R_MISSING_DSA_SIGNING_CERT);
2900 goto f_err; 3141 goto f_err;
2901 } 3142 }
2902 if ((alg_k & SSL_kRSA) && 3143 if ((alg_k & SSL_kRSA) &&
2903 !(has_bits(i, EVP_PK_RSA|EVP_PKT_ENC) || (rsa != NULL))) { 3144 !(has_bits(i, EVP_PK_RSA|EVP_PKT_ENC) || (rsa != NULL))) {
2904 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_MISSING_RSA_ENCRYPTING_CERT); 3145 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
3146 SSL_R_MISSING_RSA_ENCRYPTING_CERT);
2905 goto f_err; 3147 goto f_err;
2906 } 3148 }
2907#ifndef OPENSSL_NO_DH 3149#ifndef OPENSSL_NO_DH
2908 if ((alg_k & SSL_kEDH) && 3150 if ((alg_k & SSL_kEDH) &&
2909 !(has_bits(i, EVP_PK_DH|EVP_PKT_EXCH) || (dh != NULL))) { 3151 !(has_bits(i, EVP_PK_DH|EVP_PKT_EXCH) || (dh != NULL))) {
2910 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_MISSING_DH_KEY); 3152 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
3153 SSL_R_MISSING_DH_KEY);
2911 goto f_err; 3154 goto f_err;
2912 } else if ((alg_k & SSL_kDHr) && !has_bits(i, EVP_PK_DH|EVP_PKS_RSA)) { 3155 } else if ((alg_k & SSL_kDHr) && !has_bits(i, EVP_PK_DH|EVP_PKS_RSA)) {
2913 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_MISSING_DH_RSA_CERT); 3156 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
3157 SSL_R_MISSING_DH_RSA_CERT);
2914 goto f_err; 3158 goto f_err;
2915 } 3159 }
2916 else if ((alg_k & SSL_kDHd) && !has_bits(i, EVP_PK_DH|EVP_PKS_DSA)) { 3160 else if ((alg_k & SSL_kDHd) && !has_bits(i, EVP_PK_DH|EVP_PKS_DSA)) {
2917 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_MISSING_DH_DSA_CERT); 3161 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
3162 SSL_R_MISSING_DH_DSA_CERT);
2918 goto f_err; 3163 goto f_err;
2919 } 3164 }
2920#endif 3165#endif
2921 3166
2922 if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && !has_bits(i, EVP_PKT_EXP)) { 3167 if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) &&
3168 !has_bits(i, EVP_PKT_EXP)) {
2923 if (alg_k & SSL_kRSA) { 3169 if (alg_k & SSL_kRSA) {
2924 if (rsa == NULL || 3170 if (rsa == NULL || RSA_size(rsa) * 8 >
2925 RSA_size(rsa) * 8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) { 3171 SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) {
2926 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_MISSING_EXPORT_TMP_RSA_KEY); 3172 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
3173 SSL_R_MISSING_EXPORT_TMP_RSA_KEY);
2927 goto f_err; 3174 goto f_err;
2928 } 3175 }
2929 } else 3176 } else
2930#ifndef OPENSSL_NO_DH 3177#ifndef OPENSSL_NO_DH
2931 if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) { 3178 if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) {
2932 if (dh == NULL || 3179 if (dh == NULL || DH_size(dh) * 8 >
2933 DH_size(dh) * 8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) { 3180 SSL_C_EXPORT_PKEYLENGTH(
2934 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_MISSING_EXPORT_TMP_DH_KEY); 3181 s->s3->tmp.new_cipher)) {
3182 SSLerr(
3183 SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
3184 SSL_R_MISSING_EXPORT_TMP_DH_KEY);
3185 goto f_err;
3186 }
3187 } else
3188#endif
3189 {
3190 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
3191 SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE);
2935 goto f_err; 3192 goto f_err;
2936 } 3193 }
2937 } else
2938#endif
2939 {
2940 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE);
2941 goto f_err;
2942 }
2943 } 3194 }
2944 return (1); 3195 return (1);
2945f_err: 3196 f_err:
2946 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); 3197 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
2947err: 3198 err:
2948 return (0); 3199 return (0);
2949} 3200}
2950 3201
@@ -2952,8 +3203,8 @@ err:
2952int 3203int
2953ssl3_send_next_proto(SSL *s) 3204ssl3_send_next_proto(SSL *s)
2954{ 3205{
2955 unsigned int len, padding_len; 3206 unsigned int len, padding_len;
2956 unsigned char *d; 3207 unsigned char *d;
2957 3208
2958 if (s->state == SSL3_ST_CW_NEXT_PROTO_A) { 3209 if (s->state == SSL3_ST_CW_NEXT_PROTO_A) {
2959 len = s->next_proto_negotiated_len; 3210 len = s->next_proto_negotiated_len;
@@ -2974,7 +3225,8 @@ ssl3_send_next_proto(SSL *s)
2974} 3225}
2975#endif /* !OPENSSL_NO_TLSEXT && !OPENSSL_NO_NEXTPROTONEG */ 3226#endif /* !OPENSSL_NO_TLSEXT && !OPENSSL_NO_NEXTPROTONEG */
2976 3227
2977/* Check to see if handshake is full or resumed. Usually this is just a 3228/*
3229 * Check to see if handshake is full or resumed. Usually this is just a
2978 * case of checking to see if a cache hit has occurred. In the case of 3230 * case of checking to see if a cache hit has occurred. In the case of
2979 * session tickets we have to check the next message to be sure. 3231 * session tickets we have to check the next message to be sure.
2980 */ 3232 */
@@ -2983,8 +3235,9 @@ ssl3_send_next_proto(SSL *s)
2983int 3235int
2984ssl3_check_finished(SSL *s) 3236ssl3_check_finished(SSL *s)
2985{ 3237{
2986 int ok; 3238 int ok;
2987 long n; 3239 long n;
3240
2988 /* If we have no ticket it cannot be a resumed session. */ 3241 /* If we have no ticket it cannot be a resumed session. */
2989 if (!s->session->tlsext_tick) 3242 if (!s->session->tlsext_tick)
2990 return 1; 3243 return 1;
@@ -3006,7 +3259,8 @@ ssl3_check_finished(SSL *s)
3006int 3259int
3007ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey) 3260ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey)
3008{ 3261{
3009 int i = 0; 3262 int i = 0;
3263
3010#ifndef OPENSSL_NO_ENGINE 3264#ifndef OPENSSL_NO_ENGINE
3011 if (s->ctx->client_cert_engine) { 3265 if (s->ctx->client_cert_engine) {
3012 i = ENGINE_load_ssl_client_cert(s->ctx->client_cert_engine, s, 3266 i = ENGINE_load_ssl_client_cert(s->ctx->client_cert_engine, s,
diff --git a/src/lib/libssl/src/ssl/s3_lib.c b/src/lib/libssl/src/ssl/s3_lib.c
index c79464da55..28a3d51b9e 100644
--- a/src/lib/libssl/src/ssl/s3_lib.c
+++ b/src/lib/libssl/src/ssl/s3_lib.c
@@ -2743,9 +2743,11 @@ SSL3_ENC_METHOD SSLv3_enc_data = {
2743long 2743long
2744ssl3_default_timeout(void) 2744ssl3_default_timeout(void)
2745{ 2745{
2746 /* 2 hours, the 24 hours mentioned in the SSLv3 spec 2746 /*
2747 * is way too long for http, the cache would over fill */ 2747 * 2 hours, the 24 hours mentioned in the SSLv3 spec
2748 return (60*60*2); 2748 * is way too long for http, the cache would over fill
2749 */
2750 return (60 * 60 * 2);
2749} 2751}
2750 2752
2751int 2753int
@@ -2769,13 +2771,14 @@ ssl3_pending(const SSL *s)
2769 if (s->rstate == SSL_ST_READ_BODY) 2771 if (s->rstate == SSL_ST_READ_BODY)
2770 return 0; 2772 return 0;
2771 2773
2772 return (s->s3->rrec.type == SSL3_RT_APPLICATION_DATA) ? s->s3->rrec.length : 0; 2774 return (s->s3->rrec.type == SSL3_RT_APPLICATION_DATA) ?
2775 s->s3->rrec.length : 0;
2773} 2776}
2774 2777
2775int 2778int
2776ssl3_new(SSL *s) 2779ssl3_new(SSL *s)
2777{ 2780{
2778 SSL3_STATE *s3; 2781 SSL3_STATE *s3;
2779 2782
2780 if ((s3 = calloc(1, sizeof *s3)) == NULL) 2783 if ((s3 = calloc(1, sizeof *s3)) == NULL)
2781 goto err; 2784 goto err;
@@ -2840,9 +2843,9 @@ ssl3_free(SSL *s)
2840void 2843void
2841ssl3_clear(SSL *s) 2844ssl3_clear(SSL *s)
2842{ 2845{
2843 unsigned char *rp, *wp; 2846 unsigned char *rp, *wp;
2844 size_t rlen, wlen; 2847 size_t rlen, wlen;
2845 int init_extra; 2848 int init_extra;
2846 2849
2847#ifdef TLSEXT_TYPE_opaque_prf_input 2850#ifdef TLSEXT_TYPE_opaque_prf_input
2848 if (s->s3->client_opaque_prf_input != NULL) 2851 if (s->s3->client_opaque_prf_input != NULL)
@@ -2932,7 +2935,8 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
2932 if (cmd == SSL_CTRL_SET_TMP_RSA || cmd == SSL_CTRL_SET_TMP_RSA_CB || 2935 if (cmd == SSL_CTRL_SET_TMP_RSA || cmd == SSL_CTRL_SET_TMP_RSA_CB ||
2933 cmd == SSL_CTRL_SET_TMP_DH || cmd == SSL_CTRL_SET_TMP_DH_CB) { 2936 cmd == SSL_CTRL_SET_TMP_DH || cmd == SSL_CTRL_SET_TMP_DH_CB) {
2934 if (!ssl_cert_inst(&s->cert)) { 2937 if (!ssl_cert_inst(&s->cert)) {
2935 SSLerr(SSL_F_SSL3_CTRL, ERR_R_MALLOC_FAILURE); 2938 SSLerr(SSL_F_SSL3_CTRL,
2939 ERR_R_MALLOC_FAILURE);
2936 return (0); 2940 return (0);
2937 } 2941 }
2938 } 2942 }
@@ -2959,18 +2963,21 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
2959 case SSL_CTRL_NEED_TMP_RSA: 2963 case SSL_CTRL_NEED_TMP_RSA:
2960 if ((s->cert != NULL) && (s->cert->rsa_tmp == NULL) && 2964 if ((s->cert != NULL) && (s->cert->rsa_tmp == NULL) &&
2961 ((s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) || 2965 ((s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) ||
2962 (EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) > (512 / 8)))) 2966 (EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey)
2967 > (512 / 8))))
2963 ret = 1; 2968 ret = 1;
2964 break; 2969 break;
2965 case SSL_CTRL_SET_TMP_RSA: 2970 case SSL_CTRL_SET_TMP_RSA:
2966 { 2971 {
2967 RSA *rsa = (RSA *)parg; 2972 RSA *rsa = (RSA *)parg;
2968 if (rsa == NULL) { 2973 if (rsa == NULL) {
2969 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER); 2974 SSLerr(SSL_F_SSL3_CTRL,
2975 ERR_R_PASSED_NULL_PARAMETER);
2970 return (ret); 2976 return (ret);
2971 } 2977 }
2972 if ((rsa = RSAPrivateKey_dup(rsa)) == NULL) { 2978 if ((rsa = RSAPrivateKey_dup(rsa)) == NULL) {
2973 SSLerr(SSL_F_SSL3_CTRL, ERR_R_RSA_LIB); 2979 SSLerr(SSL_F_SSL3_CTRL,
2980 ERR_R_RSA_LIB);
2974 return (ret); 2981 return (ret);
2975 } 2982 }
2976 if (s->cert->rsa_tmp != NULL) 2983 if (s->cert->rsa_tmp != NULL)
@@ -2981,7 +2988,8 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
2981 break; 2988 break;
2982 case SSL_CTRL_SET_TMP_RSA_CB: 2989 case SSL_CTRL_SET_TMP_RSA_CB:
2983 { 2990 {
2984 SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 2991 SSLerr(SSL_F_SSL3_CTRL,
2992 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2985 return (ret); 2993 return (ret);
2986 } 2994 }
2987 break; 2995 break;
@@ -2990,17 +2998,20 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
2990 { 2998 {
2991 DH *dh = (DH *)parg; 2999 DH *dh = (DH *)parg;
2992 if (dh == NULL) { 3000 if (dh == NULL) {
2993 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER); 3001 SSLerr(SSL_F_SSL3_CTRL,
3002 ERR_R_PASSED_NULL_PARAMETER);
2994 return (ret); 3003 return (ret);
2995 } 3004 }
2996 if ((dh = DHparams_dup(dh)) == NULL) { 3005 if ((dh = DHparams_dup(dh)) == NULL) {
2997 SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB); 3006 SSLerr(SSL_F_SSL3_CTRL,
3007 ERR_R_DH_LIB);
2998 return (ret); 3008 return (ret);
2999 } 3009 }
3000 if (!(s->options & SSL_OP_SINGLE_DH_USE)) { 3010 if (!(s->options & SSL_OP_SINGLE_DH_USE)) {
3001 if (!DH_generate_key(dh)) { 3011 if (!DH_generate_key(dh)) {
3002 DH_free(dh); 3012 DH_free(dh);
3003 SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB); 3013 SSLerr(SSL_F_SSL3_CTRL,
3014 ERR_R_DH_LIB);
3004 return (ret); 3015 return (ret);
3005 } 3016 }
3006 } 3017 }
@@ -3012,7 +3023,8 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
3012 break; 3023 break;
3013 case SSL_CTRL_SET_TMP_DH_CB: 3024 case SSL_CTRL_SET_TMP_DH_CB:
3014 { 3025 {
3015 SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 3026 SSLerr(SSL_F_SSL3_CTRL,
3027 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3016 return (ret); 3028 return (ret);
3017 } 3029 }
3018 break; 3030 break;
@@ -3023,18 +3035,21 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
3023 EC_KEY *ecdh = NULL; 3035 EC_KEY *ecdh = NULL;
3024 3036
3025 if (parg == NULL) { 3037 if (parg == NULL) {
3026 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER); 3038 SSLerr(SSL_F_SSL3_CTRL,
3039 ERR_R_PASSED_NULL_PARAMETER);
3027 return (ret); 3040 return (ret);
3028 } 3041 }
3029 if (!EC_KEY_up_ref((EC_KEY *)parg)) { 3042 if (!EC_KEY_up_ref((EC_KEY *)parg)) {
3030 SSLerr(SSL_F_SSL3_CTRL, ERR_R_ECDH_LIB); 3043 SSLerr(SSL_F_SSL3_CTRL,
3044 ERR_R_ECDH_LIB);
3031 return (ret); 3045 return (ret);
3032 } 3046 }
3033 ecdh = (EC_KEY *)parg; 3047 ecdh = (EC_KEY *)parg;
3034 if (!(s->options & SSL_OP_SINGLE_ECDH_USE)) { 3048 if (!(s->options & SSL_OP_SINGLE_ECDH_USE)) {
3035 if (!EC_KEY_generate_key(ecdh)) { 3049 if (!EC_KEY_generate_key(ecdh)) {
3036 EC_KEY_free(ecdh); 3050 EC_KEY_free(ecdh);
3037 SSLerr(SSL_F_SSL3_CTRL, ERR_R_ECDH_LIB); 3051 SSLerr(SSL_F_SSL3_CTRL,
3052 ERR_R_ECDH_LIB);
3038 return (ret); 3053 return (ret);
3039 } 3054 }
3040 } 3055 }
@@ -3046,7 +3061,8 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
3046 break; 3061 break;
3047 case SSL_CTRL_SET_TMP_ECDH_CB: 3062 case SSL_CTRL_SET_TMP_ECDH_CB:
3048 { 3063 {
3049 SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 3064 SSLerr(SSL_F_SSL3_CTRL,
3065 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3050 return (ret); 3066 return (ret);
3051 } 3067 }
3052 break; 3068 break;
@@ -3062,15 +3078,19 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
3062 if (parg == NULL) 3078 if (parg == NULL)
3063 break; 3079 break;
3064 if (strlen((char *)parg) > TLSEXT_MAXLEN_host_name) { 3080 if (strlen((char *)parg) > TLSEXT_MAXLEN_host_name) {
3065 SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME); 3081 SSLerr(SSL_F_SSL3_CTRL,
3082 SSL_R_SSL3_EXT_INVALID_SERVERNAME);
3066 return 0; 3083 return 0;
3067 } 3084 }
3068 if ((s->tlsext_hostname = BUF_strdup((char *)parg)) == NULL) { 3085 if ((s->tlsext_hostname = BUF_strdup((char *)parg))
3069 SSLerr(SSL_F_SSL3_CTRL, ERR_R_INTERNAL_ERROR); 3086 == NULL) {
3087 SSLerr(SSL_F_SSL3_CTRL,
3088 ERR_R_INTERNAL_ERROR);
3070 return 0; 3089 return 0;
3071 } 3090 }
3072 } else { 3091 } else {
3073 SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE); 3092 SSLerr(SSL_F_SSL3_CTRL,
3093 SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE);
3074 return 0; 3094 return 0;
3075 } 3095 }
3076 break; 3096 break;
@@ -3082,9 +3102,13 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
3082#ifdef TLSEXT_TYPE_opaque_prf_input 3102#ifdef TLSEXT_TYPE_opaque_prf_input
3083 case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT: 3103 case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT:
3084 if (larg > 12288) { 3104 if (larg > 12288) {
3085 /* actual internal limit is 2^16 for the complete hello message 3105 /*
3086 * (including the cert chain and everything) */ 3106 * Actual internal limit is 2^16 for the complete
3087 SSLerr(SSL_F_SSL3_CTRL, SSL_R_OPAQUE_PRF_INPUT_TOO_LONG); 3107 * hello message (including the cert chain and
3108 * everything)
3109 */
3110 SSLerr(SSL_F_SSL3_CTRL,
3111 SSL_R_OPAQUE_PRF_INPUT_TOO_LONG);
3088 break; 3112 break;
3089 } 3113 }
3090 if (s->tlsext_opaque_prf_input != NULL) 3114 if (s->tlsext_opaque_prf_input != NULL)
@@ -3148,11 +3172,12 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
3148long 3172long
3149ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void)) 3173ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void))
3150{ 3174{
3151 int ret = 0; 3175 int ret = 0;
3152 3176
3153 if (cmd == SSL_CTRL_SET_TMP_RSA_CB || cmd == SSL_CTRL_SET_TMP_DH_CB) { 3177 if (cmd == SSL_CTRL_SET_TMP_RSA_CB || cmd == SSL_CTRL_SET_TMP_DH_CB) {
3154 if (!ssl_cert_inst(&s->cert)) { 3178 if (!ssl_cert_inst(&s->cert)) {
3155 SSLerr(SSL_F_SSL3_CALLBACK_CTRL, ERR_R_MALLOC_FAILURE); 3179 SSLerr(SSL_F_SSL3_CALLBACK_CTRL,
3180 ERR_R_MALLOC_FAILURE);
3156 return (0); 3181 return (0);
3157 } 3182 }
3158 } 3183 }
@@ -3173,14 +3198,15 @@ ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void))
3173#ifndef OPENSSL_NO_ECDH 3198#ifndef OPENSSL_NO_ECDH
3174 case SSL_CTRL_SET_TMP_ECDH_CB: 3199 case SSL_CTRL_SET_TMP_ECDH_CB:
3175 { 3200 {
3176 s->cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp; 3201 s->cert->ecdh_tmp_cb =
3202 (EC_KEY *(*)(SSL *, int, int))fp;
3177 } 3203 }
3178 break; 3204 break;
3179#endif 3205#endif
3180#ifndef OPENSSL_NO_TLSEXT 3206#ifndef OPENSSL_NO_TLSEXT
3181 case SSL_CTRL_SET_TLSEXT_DEBUG_CB: 3207 case SSL_CTRL_SET_TLSEXT_DEBUG_CB:
3182 s->tlsext_debug_cb = (void (*)(SSL *, int , int, 3208 s->tlsext_debug_cb = (void (*)(SSL *, int , int,
3183 unsigned char *, int, void *))fp; 3209 unsigned char *, int, void *))fp;
3184 break; 3210 break;
3185#endif 3211#endif
3186 default: 3212 default:
@@ -3192,7 +3218,7 @@ ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void))
3192long 3218long
3193ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) 3219ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
3194{ 3220{
3195 CERT *cert; 3221 CERT *cert;
3196 3222
3197 cert = ctx->cert; 3223 cert = ctx->cert;
3198 3224
@@ -3200,7 +3226,8 @@ ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
3200 case SSL_CTRL_NEED_TMP_RSA: 3226 case SSL_CTRL_NEED_TMP_RSA:
3201 if ((cert->rsa_tmp == NULL) && 3227 if ((cert->rsa_tmp == NULL) &&
3202 ((cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) || 3228 ((cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) ||
3203 (EVP_PKEY_size(cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) > (512 / 8)))) 3229 (EVP_PKEY_size(cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) >
3230 (512 / 8))))
3204 return (1); 3231 return (1);
3205 else 3232 else
3206 return (0); 3233 return (0);
@@ -3219,7 +3246,8 @@ ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
3219 i = 0; 3246 i = 0;
3220 } 3247 }
3221 if (!i) { 3248 if (!i) {
3222 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_RSA_LIB); 3249 SSLerr(SSL_F_SSL3_CTX_CTRL,
3250 ERR_R_RSA_LIB);
3223 return (0); 3251 return (0);
3224 } else { 3252 } else {
3225 if (cert->rsa_tmp != NULL) 3253 if (cert->rsa_tmp != NULL)
@@ -3231,7 +3259,8 @@ ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
3231 /* break; */ 3259 /* break; */
3232 case SSL_CTRL_SET_TMP_RSA_CB: 3260 case SSL_CTRL_SET_TMP_RSA_CB:
3233 { 3261 {
3234 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 3262 SSLerr(SSL_F_SSL3_CTX_CTRL,
3263 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3235 return (0); 3264 return (0);
3236 } 3265 }
3237 break; 3266 break;
@@ -3242,12 +3271,14 @@ ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
3242 3271
3243 dh = (DH *)parg; 3272 dh = (DH *)parg;
3244 if ((new = DHparams_dup(dh)) == NULL) { 3273 if ((new = DHparams_dup(dh)) == NULL) {
3245 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_DH_LIB); 3274 SSLerr(SSL_F_SSL3_CTX_CTRL,
3275 ERR_R_DH_LIB);
3246 return 0; 3276 return 0;
3247 } 3277 }
3248 if (!(ctx->options & SSL_OP_SINGLE_DH_USE)) { 3278 if (!(ctx->options & SSL_OP_SINGLE_DH_USE)) {
3249 if (!DH_generate_key(new)) { 3279 if (!DH_generate_key(new)) {
3250 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_DH_LIB); 3280 SSLerr(SSL_F_SSL3_CTX_CTRL,
3281 ERR_R_DH_LIB);
3251 DH_free(new); 3282 DH_free(new);
3252 return 0; 3283 return 0;
3253 } 3284 }
@@ -3260,7 +3291,8 @@ ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
3260 /*break; */ 3291 /*break; */
3261 case SSL_CTRL_SET_TMP_DH_CB: 3292 case SSL_CTRL_SET_TMP_DH_CB:
3262 { 3293 {
3263 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 3294 SSLerr(SSL_F_SSL3_CTX_CTRL,
3295 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3264 return (0); 3296 return (0);
3265 } 3297 }
3266 break; 3298 break;
@@ -3271,18 +3303,21 @@ ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
3271 EC_KEY *ecdh = NULL; 3303 EC_KEY *ecdh = NULL;
3272 3304
3273 if (parg == NULL) { 3305 if (parg == NULL) {
3274 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_ECDH_LIB); 3306 SSLerr(SSL_F_SSL3_CTX_CTRL,
3307 ERR_R_ECDH_LIB);
3275 return 0; 3308 return 0;
3276 } 3309 }
3277 ecdh = EC_KEY_dup((EC_KEY *)parg); 3310 ecdh = EC_KEY_dup((EC_KEY *)parg);
3278 if (ecdh == NULL) { 3311 if (ecdh == NULL) {
3279 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_EC_LIB); 3312 SSLerr(SSL_F_SSL3_CTX_CTRL,
3313 ERR_R_EC_LIB);
3280 return 0; 3314 return 0;
3281 } 3315 }
3282 if (!(ctx->options & SSL_OP_SINGLE_ECDH_USE)) { 3316 if (!(ctx->options & SSL_OP_SINGLE_ECDH_USE)) {
3283 if (!EC_KEY_generate_key(ecdh)) { 3317 if (!EC_KEY_generate_key(ecdh)) {
3284 EC_KEY_free(ecdh); 3318 EC_KEY_free(ecdh);
3285 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_ECDH_LIB); 3319 SSLerr(SSL_F_SSL3_CTX_CTRL,
3320 ERR_R_ECDH_LIB);
3286 return 0; 3321 return 0;
3287 } 3322 }
3288 } 3323 }
@@ -3296,7 +3331,8 @@ ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
3296 /* break; */ 3331 /* break; */
3297 case SSL_CTRL_SET_TMP_ECDH_CB: 3332 case SSL_CTRL_SET_TMP_ECDH_CB:
3298 { 3333 {
3299 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 3334 SSLerr(SSL_F_SSL3_CTX_CTRL,
3335 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3300 return (0); 3336 return (0);
3301 } 3337 }
3302 break; 3338 break;
@@ -3312,17 +3348,21 @@ ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
3312 if (!keys) 3348 if (!keys)
3313 return 48; 3349 return 48;
3314 if (larg != 48) { 3350 if (larg != 48) {
3315 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_TICKET_KEYS_LENGTH); 3351 SSLerr(SSL_F_SSL3_CTX_CTRL,
3352 SSL_R_INVALID_TICKET_KEYS_LENGTH);
3316 return 0; 3353 return 0;
3317 } 3354 }
3318 if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS) { 3355 if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS) {
3319 memcpy(ctx->tlsext_tick_key_name, keys, 16); 3356 memcpy(ctx->tlsext_tick_key_name, keys, 16);
3320 memcpy(ctx->tlsext_tick_hmac_key, keys + 16, 16); 3357 memcpy(ctx->tlsext_tick_hmac_key,
3358 keys + 16, 16);
3321 memcpy(ctx->tlsext_tick_aes_key, keys + 32, 16); 3359 memcpy(ctx->tlsext_tick_aes_key, keys + 32, 16);
3322 } else { 3360 } else {
3323 memcpy(keys, ctx->tlsext_tick_key_name, 16); 3361 memcpy(keys, ctx->tlsext_tick_key_name, 16);
3324 memcpy(keys + 16, ctx->tlsext_tick_hmac_key, 16); 3362 memcpy(keys + 16,
3325 memcpy(keys + 32, ctx->tlsext_tick_aes_key, 16); 3363 ctx->tlsext_tick_hmac_key, 16);
3364 memcpy(keys + 32,
3365 ctx->tlsext_tick_aes_key, 16);
3326 } 3366 }
3327 return 1; 3367 return 1;
3328 } 3368 }
@@ -3346,17 +3386,21 @@ ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
3346 ctx->srp_ctx.login = NULL; 3386 ctx->srp_ctx.login = NULL;
3347 if (parg == NULL) 3387 if (parg == NULL)
3348 break; 3388 break;
3349 if (strlen((const char *)parg) > 255 || strlen((const char *)parg) < 1) { 3389 if (strlen((const char *)parg) > 255 ||
3350 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_SRP_USERNAME); 3390 strlen((const char *)parg) < 1) {
3391 SSLerr(SSL_F_SSL3_CTX_CTRL,
3392 SSL_R_INVALID_SRP_USERNAME);
3351 return 0; 3393 return 0;
3352 } 3394 }
3353 if ((ctx->srp_ctx.login = BUF_strdup((char *)parg)) == NULL) { 3395 if ((ctx->srp_ctx.login = BUF_strdup((char *)parg)) == NULL) {
3354 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_INTERNAL_ERROR); 3396 SSLerr(SSL_F_SSL3_CTX_CTRL,
3397 ERR_R_INTERNAL_ERROR);
3355 return 0; 3398 return 0;
3356 } 3399 }
3357 break; 3400 break;
3358 case SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD: 3401 case SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD:
3359 ctx->srp_ctx.SRP_give_srp_client_pwd_callback = srp_password_from_info_cb; 3402 ctx->srp_ctx.SRP_give_srp_client_pwd_callback =
3403 srp_password_from_info_cb;
3360 ctx->srp_ctx.info = parg; 3404 ctx->srp_ctx.info = parg;
3361 break; 3405 break;
3362 case SSL_CTRL_SET_SRP_ARG: 3406 case SSL_CTRL_SET_SRP_ARG:
@@ -3399,7 +3443,7 @@ ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
3399long 3443long
3400ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void)) 3444ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
3401{ 3445{
3402 CERT *cert; 3446 CERT *cert;
3403 3447
3404 cert = ctx->cert; 3448 cert = ctx->cert;
3405 3449
@@ -3425,12 +3469,14 @@ ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
3425#endif 3469#endif
3426#ifndef OPENSSL_NO_TLSEXT 3470#ifndef OPENSSL_NO_TLSEXT
3427 case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB: 3471 case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB:
3428 ctx->tlsext_servername_callback = (int (*)(SSL *, int *, void *))fp; 3472 ctx->tlsext_servername_callback =
3473 (int (*)(SSL *, int *, void *))fp;
3429 break; 3474 break;
3430 3475
3431#ifdef TLSEXT_TYPE_opaque_prf_input 3476#ifdef TLSEXT_TYPE_opaque_prf_input
3432 case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB: 3477 case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB:
3433 ctx->tlsext_opaque_prf_input_callback = (int (*)(SSL *, void *, size_t, void *))fp; 3478 ctx->tlsext_opaque_prf_input_callback =
3479 (int (*)(SSL *, void *, size_t, void *))fp;
3434 break; 3480 break;
3435#endif 3481#endif
3436 3482
@@ -3472,9 +3518,9 @@ ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
3472const SSL_CIPHER * 3518const SSL_CIPHER *
3473ssl3_get_cipher_by_char(const unsigned char *p) 3519ssl3_get_cipher_by_char(const unsigned char *p)
3474{ 3520{
3475 SSL_CIPHER c; 3521 SSL_CIPHER c;
3476 const SSL_CIPHER *cp; 3522 const SSL_CIPHER *cp;
3477 unsigned long id; 3523 unsigned long id;
3478 3524
3479 id = 0x03000000L | ((unsigned long)p[0] << 8L) | (unsigned long)p[1]; 3525 id = 0x03000000L | ((unsigned long)p[0] << 8L) | (unsigned long)p[1];
3480 c.id = id; 3526 c.id = id;
@@ -3492,7 +3538,7 @@ ssl3_get_cipher_by_char(const unsigned char *p)
3492int 3538int
3493ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p) 3539ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
3494{ 3540{
3495 long l; 3541 long l;
3496 3542
3497 if (p != NULL) { 3543 if (p != NULL) {
3498 l = c->id; 3544 l = c->id;
@@ -3507,9 +3553,9 @@ ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
3507SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, 3553SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
3508 STACK_OF(SSL_CIPHER) *srvr) 3554 STACK_OF(SSL_CIPHER) *srvr)
3509{ 3555{
3510 SSL_CIPHER *c, *ret = NULL; 3556 SSL_CIPHER *c, *ret = NULL;
3511 STACK_OF(SSL_CIPHER) *prio, *allow; 3557 STACK_OF(SSL_CIPHER) *prio, *allow;
3512 int i, ii, ok; 3558 int i, ii, ok;
3513#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_EC) 3559#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_EC)
3514 unsigned int j; 3560 unsigned int j;
3515 int ec_ok, ec_nid; 3561 int ec_ok, ec_nid;
@@ -3522,7 +3568,8 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
3522 cert = s->cert; 3568 cert = s->cert;
3523 3569
3524#if 0 3570#if 0
3525 /* Do not set the compare functions, because this may lead to a 3571 /*
3572 * Do not set the compare functions, because this may lead to a
3526 * reordering by "id". We want to keep the original ordering. 3573 * reordering by "id". We want to keep the original ordering.
3527 * We may pay a price in performance during sk_SSL_CIPHER_find(), 3574 * We may pay a price in performance during sk_SSL_CIPHER_find(),
3528 * but would have to pay with the price of sk_SSL_CIPHER_dup(). 3575 * but would have to pay with the price of sk_SSL_CIPHER_dup().
@@ -3532,12 +3579,14 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
3532#endif 3579#endif
3533 3580
3534#ifdef CIPHER_DEBUG 3581#ifdef CIPHER_DEBUG
3535 printf("Server has %d from %p:\n", sk_SSL_CIPHER_num(srvr), (void *)srvr); 3582 printf("Server has %d from %p:\n", sk_SSL_CIPHER_num(srvr),
3583 (void *)srvr);
3536 for (i = 0; i < sk_SSL_CIPHER_num(srvr); ++i) { 3584 for (i = 0; i < sk_SSL_CIPHER_num(srvr); ++i) {
3537 c = sk_SSL_CIPHER_value(srvr, i); 3585 c = sk_SSL_CIPHER_value(srvr, i);
3538 printf("%p:%s\n",(void *)c, c->name); 3586 printf("%p:%s\n",(void *)c, c->name);
3539 } 3587 }
3540 printf("Client sent %d from %p:\n", sk_SSL_CIPHER_num(clnt), (void *)clnt); 3588 printf("Client sent %d from %p:\n", sk_SSL_CIPHER_num(clnt),
3589 (void *)clnt);
3541 for (i = 0; i < sk_SSL_CIPHER_num(clnt); ++i) { 3590 for (i = 0; i < sk_SSL_CIPHER_num(clnt); ++i) {
3542 c = sk_SSL_CIPHER_value(clnt, i); 3591 c = sk_SSL_CIPHER_value(clnt, i);
3543 printf("%p:%s\n",(void *)c, c->name); 3592 printf("%p:%s\n",(void *)c, c->name);
@@ -3592,26 +3641,35 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
3592 if (SSL_C_IS_EXPORT(c)) { 3641 if (SSL_C_IS_EXPORT(c)) {
3593 ok = (alg_k & emask_k) && (alg_a & emask_a); 3642 ok = (alg_k & emask_k) && (alg_a & emask_a);
3594#ifdef CIPHER_DEBUG 3643#ifdef CIPHER_DEBUG
3595 printf("%d:[%08lX:%08lX:%08lX:%08lX]%p:%s (export)\n", ok, alg_k, alg_a, emask_k, emask_a, 3644 printf("%d:[%08lX:%08lX:%08lX:%08lX]%p:%s (export)\n",
3596 (void *)c, c->name); 3645 ok, alg_k, alg_a, emask_k, emask_a, (void *)c,
3646 c->name);
3597#endif 3647#endif
3598 } else { 3648 } else {
3599 ok = (alg_k & mask_k) && (alg_a & mask_a); 3649 ok = (alg_k & mask_k) && (alg_a & mask_a);
3600#ifdef CIPHER_DEBUG 3650#ifdef CIPHER_DEBUG
3601 printf("%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n", ok, alg_k, alg_a, mask_k, mask_a,(void *)c, 3651 printf("%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n",
3602 c->name); 3652 ok, alg_k, alg_a, mask_k, mask_a,(void *)c,
3653 c->name);
3603#endif 3654#endif
3604 } 3655 }
3605 3656
3606#ifndef OPENSSL_NO_TLSEXT 3657#ifndef OPENSSL_NO_TLSEXT
3607#ifndef OPENSSL_NO_EC 3658#ifndef OPENSSL_NO_EC
3608 if ( 3659 if (
3609 /* if we are considering an ECC cipher suite that uses our certificate */ 3660 /*
3661 * if we are considering an ECC cipher suite that uses our
3662 * certificate
3663 */
3610 (alg_a & SSL_aECDSA || alg_a & SSL_aECDH) 3664 (alg_a & SSL_aECDSA || alg_a & SSL_aECDH)
3611 /* and we have an ECC certificate */ 3665 /* and we have an ECC certificate */
3612 && (s->cert->pkeys[SSL_PKEY_ECC].x509 != NULL) 3666 && (s->cert->pkeys[SSL_PKEY_ECC].x509 != NULL)
3613 /* and the client specified a Supported Point Formats extension */ 3667 /*
3614 && ((s->session->tlsext_ecpointformatlist_length > 0) && (s->session->tlsext_ecpointformatlist != NULL)) 3668 * and the client specified a Supported Point Formats
3669 * extension
3670 */
3671 && ((s->session->tlsext_ecpointformatlist_length > 0) &&
3672 (s->session->tlsext_ecpointformatlist != NULL))
3615 /* and our certificate's point is compressed */ 3673 /* and our certificate's point is compressed */
3616 && ( 3674 && (
3617 (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info != NULL) 3675 (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info != NULL)
@@ -3625,8 +3683,11 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
3625 ) 3683 )
3626 ) { 3684 ) {
3627 ec_ok = 0; 3685 ec_ok = 0;
3628 /* if our certificate's curve is over a field type that the client does not support 3686 /*
3629 * then do not allow this cipher suite to be negotiated */ 3687 * If our certificate's curve is over a field type
3688 * that the client does not support then do not allow
3689 * this cipher suite to be negotiated
3690 */
3630 if ( 3691 if (
3631 (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec != NULL) 3692 (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec != NULL)
3632 && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group != NULL) 3693 && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group != NULL)
@@ -3650,7 +3711,10 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
3650 ok = ok && ec_ok; 3711 ok = ok && ec_ok;
3651 } 3712 }
3652 if ( 3713 if (
3653 /* if we are considering an ECC cipher suite that uses our certificate */ 3714 /*
3715 * If we are considering an ECC cipher suite that uses our
3716 * certificate
3717 */
3654 (alg_a & SSL_aECDSA || alg_a & SSL_aECDH) 3718 (alg_a & SSL_aECDSA || alg_a & SSL_aECDH)
3655 /* and we have an ECC certificate */ 3719 /* and we have an ECC certificate */
3656 && (s->cert->pkeys[SSL_PKEY_ECC].x509 != NULL) 3720 && (s->cert->pkeys[SSL_PKEY_ECC].x509 != NULL)
@@ -3689,7 +3753,10 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
3689 ok = ok && ec_ok; 3753 ok = ok && ec_ok;
3690 } 3754 }
3691 if ( 3755 if (
3692 /* if we are considering an ECC cipher suite that uses an ephemeral EC key */ 3756 /*
3757 * if we are considering an ECC cipher suite that uses an
3758 * ephemeral EC key
3759 */
3693 (alg_k & SSL_kEECDH) 3760 (alg_k & SSL_kEECDH)
3694 /* and we have an ephemeral EC key */ 3761 /* and we have an ephemeral EC key */
3695 && (s->cert->ecdh_tmp != NULL) 3762 && (s->cert->ecdh_tmp != NULL)
@@ -3732,7 +3799,8 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
3732 ii = sk_SSL_CIPHER_find(allow, c); 3799 ii = sk_SSL_CIPHER_find(allow, c);
3733 if (ii >= 0) { 3800 if (ii >= 0) {
3734#if !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_TLSEXT) 3801#if !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_TLSEXT)
3735 if ((alg_k & SSL_kEECDH) && (alg_a & SSL_aECDSA) && s->s3->is_probably_safari) { 3802 if ((alg_k & SSL_kEECDH) &&
3803 (alg_a & SSL_aECDSA) && s->s3->is_probably_safari) {
3736 if (!ret) 3804 if (!ret)
3737 ret = sk_SSL_CIPHER_value(allow, ii); 3805 ret = sk_SSL_CIPHER_value(allow, ii);
3738 continue; 3806 continue;
@@ -3748,8 +3816,8 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
3748int 3816int
3749ssl3_get_req_cert_type(SSL *s, unsigned char *p) 3817ssl3_get_req_cert_type(SSL *s, unsigned char *p)
3750{ 3818{
3751 int ret = 0; 3819 int ret = 0;
3752 unsigned long alg_k; 3820 unsigned long alg_k;
3753 3821
3754 alg_k = s->s3->tmp.new_cipher->algorithm_mkey; 3822 alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
3755 3823
@@ -3784,7 +3852,8 @@ ssl3_get_req_cert_type(SSL *s, unsigned char *p)
3784#endif 3852#endif
3785 3853
3786#ifndef OPENSSL_NO_ECDSA 3854#ifndef OPENSSL_NO_ECDSA
3787 /* ECDSA certs can be used with RSA cipher suites as well 3855 /*
3856 * ECDSA certs can be used with RSA cipher suites as well
3788 * so we don't need to check for SSL_kECDH or SSL_kEECDH 3857 * so we don't need to check for SSL_kECDH or SSL_kEECDH
3789 */ 3858 */
3790 if (s->version >= TLS1_VERSION) { 3859 if (s->version >= TLS1_VERSION) {
@@ -3797,10 +3866,12 @@ ssl3_get_req_cert_type(SSL *s, unsigned char *p)
3797int 3866int
3798ssl3_shutdown(SSL *s) 3867ssl3_shutdown(SSL *s)
3799{ 3868{
3800 int ret; 3869 int ret;
3801 3870
3802 /* Don't do anything much if we have not done the handshake or 3871 /*
3803 * we don't want to send messages :-) */ 3872 * Don't do anything much if we have not done the handshake or
3873 * we don't want to send messages :-)
3874 */
3804 if ((s->quiet_shutdown) || (s->state == SSL_ST_BEFORE)) { 3875 if ((s->quiet_shutdown) || (s->state == SSL_ST_BEFORE)) {
3805 s->shutdown = (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); 3876 s->shutdown = (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
3806 return (1); 3877 return (1);
@@ -3811,8 +3882,10 @@ ssl3_shutdown(SSL *s)
3811#if 1 3882#if 1
3812 ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY); 3883 ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY);
3813#endif 3884#endif
3814 /* our shutdown alert has been sent now, and if it still needs 3885 /*
3815 * to be written, s->s3->alert_dispatch will be true */ 3886 * Our shutdown alert has been sent now, and if it still needs
3887 * to be written, s->s3->alert_dispatch will be true
3888 */
3816 if (s->s3->alert_dispatch) 3889 if (s->s3->alert_dispatch)
3817 return(-1); /* return WANT_WRITE */ 3890 return(-1); /* return WANT_WRITE */
3818 } else if (s->s3->alert_dispatch) { 3891 } else if (s->s3->alert_dispatch) {
@@ -3820,10 +3893,12 @@ ssl3_shutdown(SSL *s)
3820#if 1 3893#if 1
3821 ret = s->method->ssl_dispatch_alert(s); 3894 ret = s->method->ssl_dispatch_alert(s);
3822 if (ret == -1) { 3895 if (ret == -1) {
3823 /* we only get to return -1 here the 2nd/Nth 3896 /*
3897 * We only get to return -1 here the 2nd/Nth
3824 * invocation, we must have already signalled 3898 * invocation, we must have already signalled
3825 * return 0 upon a previous invoation, 3899 * return 0 upon a previous invoation,
3826 * return WANT_WRITE */ 3900 * return WANT_WRITE
3901 */
3827 return (ret); 3902 return (ret);
3828 } 3903 }
3829#endif 3904#endif
@@ -3845,7 +3920,7 @@ ssl3_shutdown(SSL *s)
3845int 3920int
3846ssl3_write(SSL *s, const void *buf, int len) 3921ssl3_write(SSL *s, const void *buf, int len)
3847{ 3922{
3848 int ret, n; 3923 int ret, n;
3849 3924
3850#if 0 3925#if 0
3851 if (s->shutdown & SSL_SEND_SHUTDOWN) { 3926 if (s->shutdown & SSL_SEND_SHUTDOWN) {
@@ -3857,16 +3932,18 @@ ssl3_write(SSL *s, const void *buf, int len)
3857 if (s->s3->renegotiate) 3932 if (s->s3->renegotiate)
3858 ssl3_renegotiate_check(s); 3933 ssl3_renegotiate_check(s);
3859 3934
3860 /* This is an experimental flag that sends the 3935 /*
3936 * This is an experimental flag that sends the
3861 * last handshake message in the same packet as the first 3937 * last handshake message in the same packet as the first
3862 * use data - used to see if it helps the TCP protocol during 3938 * use data - used to see if it helps the TCP protocol during
3863 * session-id reuse */ 3939 * session-id reuse
3940 */
3864 /* The second test is because the buffer may have been removed */ 3941 /* The second test is because the buffer may have been removed */
3865 if ((s->s3->flags & SSL3_FLAGS_POP_BUFFER) && (s->wbio == s->bbio)) { 3942 if ((s->s3->flags & SSL3_FLAGS_POP_BUFFER) && (s->wbio == s->bbio)) {
3866 /* First time through, we write into the buffer */ 3943 /* First time through, we write into the buffer */
3867 if (s->s3->delay_buf_pop_ret == 0) { 3944 if (s->s3->delay_buf_pop_ret == 0) {
3868 ret = ssl3_write_bytes(s, SSL3_RT_APPLICATION_DATA, 3945 ret = ssl3_write_bytes(s, SSL3_RT_APPLICATION_DATA,
3869 buf, len); 3946 buf, len);
3870 if (ret <= 0) 3947 if (ret <= 0)
3871 return (ret); 3948 return (ret);
3872 3949
@@ -3887,7 +3964,7 @@ ssl3_write(SSL *s, const void *buf, int len)
3887 s->s3->delay_buf_pop_ret = 0; 3964 s->s3->delay_buf_pop_ret = 0;
3888 } else { 3965 } else {
3889 ret = s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA, 3966 ret = s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA,
3890 buf, len); 3967 buf, len);
3891 if (ret <= 0) 3968 if (ret <= 0)
3892 return (ret); 3969 return (ret);
3893 } 3970 }
@@ -3898,21 +3975,25 @@ ssl3_write(SSL *s, const void *buf, int len)
3898static int 3975static int
3899ssl3_read_internal(SSL *s, void *buf, int len, int peek) 3976ssl3_read_internal(SSL *s, void *buf, int len, int peek)
3900{ 3977{
3901 int ret; 3978 int ret;
3902 3979
3903 errno = 0; 3980 errno = 0;
3904 if (s->s3->renegotiate) 3981 if (s->s3->renegotiate)
3905 ssl3_renegotiate_check(s); 3982 ssl3_renegotiate_check(s);
3906 s->s3->in_read_app_data = 1; 3983 s->s3->in_read_app_data = 1;
3907 ret = s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len, peek); 3984 ret = s->method->ssl_read_bytes(s,
3985 SSL3_RT_APPLICATION_DATA, buf, len, peek);
3908 if ((ret == -1) && (s->s3->in_read_app_data == 2)) { 3986 if ((ret == -1) && (s->s3->in_read_app_data == 2)) {
3909 /* ssl3_read_bytes decided to call s->handshake_func, which 3987 /*
3988 * ssl3_read_bytes decided to call s->handshake_func, which
3910 * called ssl3_read_bytes to read handshake data. 3989 * called ssl3_read_bytes to read handshake data.
3911 * However, ssl3_read_bytes actually found application data 3990 * However, ssl3_read_bytes actually found application data
3912 * and thinks that application data makes sense here; so disable 3991 * and thinks that application data makes sense here; so disable
3913 * handshake processing and try to read application data again. */ 3992 * handshake processing and try to read application data again.
3993 */
3914 s->in_handshake++; 3994 s->in_handshake++;
3915 ret = s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len, peek); 3995 ret = s->method->ssl_read_bytes(s,
3996 SSL3_RT_APPLICATION_DATA, buf, len, peek);
3916 s->in_handshake--; 3997 s->in_handshake--;
3917 } else 3998 } else
3918 s->s3->in_read_app_data = 0; 3999 s->s3->in_read_app_data = 0;
@@ -3948,7 +4029,7 @@ ssl3_renegotiate(SSL *s)
3948int 4029int
3949ssl3_renegotiate_check(SSL *s) 4030ssl3_renegotiate_check(SSL *s)
3950{ 4031{
3951 int ret = 0; 4032 int ret = 0;
3952 4033
3953 if (s->s3->renegotiate) { 4034 if (s->s3->renegotiate) {
3954 if ((s->s3->rbuf.left == 0) && (s->s3->wbuf.left == 0) && 4035 if ((s->s3->rbuf.left == 0) && (s->s3->wbuf.left == 0) &&
@@ -3968,13 +4049,14 @@ ssl3_renegotiate_check(SSL *s)
3968 } 4049 }
3969 return (ret); 4050 return (ret);
3970} 4051}
3971/* If we are using TLS v1.2 or later and default SHA1+MD5 algorithms switch 4052/*
4053 * If we are using TLS v1.2 or later and default SHA1+MD5 algorithms switch
3972 * to new SHA256 PRF and handshake macs 4054 * to new SHA256 PRF and handshake macs
3973 */ 4055 */
3974long 4056long
3975ssl_get_algorithm2(SSL *s) 4057ssl_get_algorithm2(SSL *s)
3976{ 4058{
3977 long alg2 = s->s3->tmp.new_cipher->algorithm2; 4059 long alg2 = s->s3->tmp.new_cipher->algorithm2;
3978 4060
3979 if (s->method->version == TLS1_2_VERSION && 4061 if (s->method->version == TLS1_2_VERSION &&
3980 alg2 == (SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF)) 4062 alg2 == (SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF))
diff --git a/src/lib/libssl/src/ssl/ssl_lib.c b/src/lib/libssl/src/ssl/ssl_lib.c
index cde564cade..830f574183 100644
--- a/src/lib/libssl/src/ssl/ssl_lib.c
+++ b/src/lib/libssl/src/ssl/ssl_lib.c
@@ -160,7 +160,10 @@
160const char *SSL_version_str = OPENSSL_VERSION_TEXT; 160const char *SSL_version_str = OPENSSL_VERSION_TEXT;
161 161
162SSL3_ENC_METHOD ssl3_undef_enc_method = { 162SSL3_ENC_METHOD ssl3_undef_enc_method = {
163 /* evil casts, but these functions are only called if there's a library bug */ 163 /*
164 * Evil casts, but these functions are only called if there's a
165 * library bug.
166 */
164 (int (*)(SSL *, int))ssl_undefined_function, 167 (int (*)(SSL *, int))ssl_undefined_function,
165 (int (*)(SSL *, unsigned char *, int))ssl_undefined_function, 168 (int (*)(SSL *, unsigned char *, int))ssl_undefined_function,
166 ssl_undefined_function, 169 ssl_undefined_function,
@@ -182,9 +185,9 @@ SSL3_ENC_METHOD ssl3_undef_enc_method = {
182int 185int
183SSL_clear(SSL *s) 186SSL_clear(SSL *s)
184{ 187{
185
186 if (s->method == NULL) { 188 if (s->method == NULL) {
187 SSLerr(SSL_F_SSL_CLEAR, SSL_R_NO_METHOD_SPECIFIED); 189 SSLerr(SSL_F_SSL_CLEAR,
190 SSL_R_NO_METHOD_SPECIFIED);
188 return (0); 191 return (0);
189 } 192 }
190 193
@@ -198,7 +201,8 @@ SSL_clear(SSL *s)
198 s->shutdown = 0; 201 s->shutdown = 0;
199 202
200 if (s->renegotiate) { 203 if (s->renegotiate) {
201 SSLerr(SSL_F_SSL_CLEAR, ERR_R_INTERNAL_ERROR); 204 SSLerr(SSL_F_SSL_CLEAR,
205 ERR_R_INTERNAL_ERROR);
202 return 0; 206 return 0;
203 } 207 }
204 208
@@ -226,16 +230,19 @@ SSL_clear(SSL *s)
226 s->first_packet = 0; 230 s->first_packet = 0;
227 231
228#if 1 232#if 1
229 /* Check to see if we were changed into a different method, if 233 /*
230 * so, revert back if we are not doing session-id reuse. */ 234 * Check to see if we were changed into a different method, if
231 if (!s->in_handshake && (s->session == NULL) && (s->method != s->ctx->method)) { 235 * so, revert back if we are not doing session-id reuse.
236 */
237 if (!s->in_handshake && (s->session == NULL) &&
238 (s->method != s->ctx->method)) {
232 s->method->ssl_free(s); 239 s->method->ssl_free(s);
233 s->method = s->ctx->method; 240 s->method = s->ctx->method;
234 if (!s->method->ssl_new(s)) 241 if (!s->method->ssl_new(s))
235 return (0); 242 return (0);
236 } else 243 } else
237#endif 244#endif
238 s->method->ssl_clear(s); 245 s->method->ssl_clear(s);
239 return (1); 246 return (1);
240} 247}
241 248
@@ -243,14 +250,15 @@ SSL_clear(SSL *s)
243int 250int
244SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth) 251SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth)
245{ 252{
246 STACK_OF(SSL_CIPHER) *sk; 253 STACK_OF(SSL_CIPHER) *sk;
247 254
248 ctx->method = meth; 255 ctx->method = meth;
249 256
250 sk = ssl_create_cipher_list(ctx->method, &(ctx->cipher_list), 257 sk = ssl_create_cipher_list(ctx->method, &(ctx->cipher_list),
251 &(ctx->cipher_list_by_id), SSL_DEFAULT_CIPHER_LIST); 258 &(ctx->cipher_list_by_id), SSL_DEFAULT_CIPHER_LIST);
252 if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) { 259 if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) {
253 SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS); 260 SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION,
261 SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);
254 return (0); 262 return (0);
255 } 263 }
256 return (1); 264 return (1);
@@ -259,14 +267,16 @@ SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth)
259SSL * 267SSL *
260SSL_new(SSL_CTX *ctx) 268SSL_new(SSL_CTX *ctx)
261{ 269{
262 SSL *s; 270 SSL *s;
263 271
264 if (ctx == NULL) { 272 if (ctx == NULL) {
265 SSLerr(SSL_F_SSL_NEW, SSL_R_NULL_SSL_CTX); 273 SSLerr(SSL_F_SSL_NEW,
274 SSL_R_NULL_SSL_CTX);
266 return (NULL); 275 return (NULL);
267 } 276 }
268 if (ctx->method == NULL) { 277 if (ctx->method == NULL) {
269 SSLerr(SSL_F_SSL_NEW, SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION); 278 SSLerr(SSL_F_SSL_NEW,
279 SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION);
270 return (NULL); 280 return (NULL);
271 } 281 }
272 282
@@ -283,7 +293,8 @@ SSL_new(SSL_CTX *ctx)
283 s->max_cert_list = ctx->max_cert_list; 293 s->max_cert_list = ctx->max_cert_list;
284 294
285 if (ctx->cert != NULL) { 295 if (ctx->cert != NULL) {
286 /* Earlier library versions used to copy the pointer to 296 /*
297 * Earlier library versions used to copy the pointer to
287 * the CERT, not its contents; only when setting new 298 * the CERT, not its contents; only when setting new
288 * parameters for the per-SSL copy, ssl_cert_new would be 299 * parameters for the per-SSL copy, ssl_cert_new would be
289 * called (and the direct reference to the per-SSL_CTX 300 * called (and the direct reference to the per-SSL_CTX
@@ -291,8 +302,8 @@ SSL_new(SSL_CTX *ctx)
291 * accessed for various purposes, and for that reason they 302 * accessed for various purposes, and for that reason they
292 * used to be known as s->ctx->default_cert). 303 * used to be known as s->ctx->default_cert).
293 * Now we don't look at the SSL_CTX's CERT after having 304 * Now we don't look at the SSL_CTX's CERT after having
294 * duplicated it once. */ 305 * duplicated it once.
295 306 */
296 s->cert = ssl_cert_dup(ctx->cert); 307 s->cert = ssl_cert_dup(ctx->cert);
297 if (s->cert == NULL) 308 if (s->cert == NULL)
298 goto err; 309 goto err;
@@ -362,7 +373,7 @@ SSL_new(SSL_CTX *ctx)
362#endif 373#endif
363 374
364 return (s); 375 return (s);
365err: 376 err:
366 if (s != NULL) { 377 if (s != NULL) {
367 if (s->cert != NULL) 378 if (s->cert != NULL)
368 ssl_cert_free(s->cert); 379 ssl_cert_free(s->cert);
@@ -370,7 +381,8 @@ err:
370 SSL_CTX_free(s->ctx); /* decrement reference count */ 381 SSL_CTX_free(s->ctx); /* decrement reference count */
371 free(s); 382 free(s);
372 } 383 }
373 SSLerr(SSL_F_SSL_NEW, ERR_R_MALLOC_FAILURE); 384 SSLerr(SSL_F_SSL_NEW,
385 ERR_R_MALLOC_FAILURE);
374 return (NULL); 386 return (NULL);
375} 387}
376 388
@@ -379,7 +391,8 @@ SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx,
379 unsigned int sid_ctx_len) 391 unsigned int sid_ctx_len)
380{ 392{
381 if (sid_ctx_len > sizeof ctx->sid_ctx) { 393 if (sid_ctx_len > sizeof ctx->sid_ctx) {
382 SSLerr(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT, SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG); 394 SSLerr(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT,
395 SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
383 return 0; 396 return 0;
384 } 397 }
385 ctx->sid_ctx_length = sid_ctx_len; 398 ctx->sid_ctx_length = sid_ctx_len;
@@ -393,7 +406,8 @@ SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx,
393 unsigned int sid_ctx_len) 406 unsigned int sid_ctx_len)
394{ 407{
395 if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) { 408 if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) {
396 SSLerr(SSL_F_SSL_SET_SESSION_ID_CONTEXT, SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG); 409 SSLerr(SSL_F_SSL_SET_SESSION_ID_CONTEXT,
410 SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
397 return 0; 411 return 0;
398 } 412 }
399 ssl->sid_ctx_length = sid_ctx_len; 413 ssl->sid_ctx_length = sid_ctx_len;
@@ -485,7 +499,7 @@ SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm)
485void 499void
486SSL_free(SSL *s) 500SSL_free(SSL *s)
487{ 501{
488 int i; 502 int i;
489 503
490 if (s == NULL) 504 if (s == NULL)
491 return; 505 return;
@@ -550,7 +564,7 @@ SSL_free(SSL *s)
550 free(s->tlsext_opaque_prf_input); 564 free(s->tlsext_opaque_prf_input);
551 if (s->tlsext_ocsp_exts) 565 if (s->tlsext_ocsp_exts)
552 sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts, 566 sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts,
553 X509_EXTENSION_free); 567 X509_EXTENSION_free);
554 if (s->tlsext_ocsp_ids) 568 if (s->tlsext_ocsp_ids)
555 sk_OCSP_RESPID_pop_free(s->tlsext_ocsp_ids, OCSP_RESPID_free); 569 sk_OCSP_RESPID_pop_free(s->tlsext_ocsp_ids, OCSP_RESPID_free);
556 if (s->tlsext_ocsp_resp) 570 if (s->tlsext_ocsp_resp)
@@ -587,8 +601,7 @@ SSL_free(SSL *s)
587void 601void
588SSL_set_bio(SSL *s, BIO *rbio, BIO *wbio) 602SSL_set_bio(SSL *s, BIO *rbio, BIO *wbio)
589{ 603{
590 /* If the output buffering BIO is still in place, remove it 604 /* If the output buffering BIO is still in place, remove it */
591 */
592 if (s->bbio != NULL) { 605 if (s->bbio != NULL) {
593 if (s->wbio == s->bbio) { 606 if (s->wbio == s->bbio) {
594 s->wbio = s->wbio->next_bio; 607 s->wbio = s->wbio->next_bio;
@@ -624,8 +637,8 @@ SSL_get_fd(const SSL *s)
624int 637int
625SSL_get_rfd(const SSL *s) 638SSL_get_rfd(const SSL *s)
626{ 639{
627 int ret = -1; 640 int ret = -1;
628 BIO *b, *r; 641 BIO *b, *r;
629 642
630 b = SSL_get_rbio(s); 643 b = SSL_get_rbio(s);
631 r = BIO_find_type(b, BIO_TYPE_DESCRIPTOR); 644 r = BIO_find_type(b, BIO_TYPE_DESCRIPTOR);
@@ -637,8 +650,8 @@ SSL_get_rfd(const SSL *s)
637int 650int
638SSL_get_wfd(const SSL *s) 651SSL_get_wfd(const SSL *s)
639{ 652{
640 int ret = -1; 653 int ret = -1;
641 BIO *b, *r; 654 BIO *b, *r;
642 655
643 b = SSL_get_wbio(s); 656 b = SSL_get_wbio(s);
644 r = BIO_find_type(b, BIO_TYPE_DESCRIPTOR); 657 r = BIO_find_type(b, BIO_TYPE_DESCRIPTOR);
@@ -651,34 +664,36 @@ SSL_get_wfd(const SSL *s)
651int 664int
652SSL_set_fd(SSL *s, int fd) 665SSL_set_fd(SSL *s, int fd)
653{ 666{
654 int ret = 0; 667 int ret = 0;
655 BIO *bio = NULL; 668 BIO *bio = NULL;
656 669
657 bio = BIO_new(BIO_s_socket()); 670 bio = BIO_new(BIO_s_socket());
658 671
659 if (bio == NULL) { 672 if (bio == NULL) {
660 SSLerr(SSL_F_SSL_SET_FD, ERR_R_BUF_LIB); 673 SSLerr(SSL_F_SSL_SET_FD,
674 ERR_R_BUF_LIB);
661 goto err; 675 goto err;
662 } 676 }
663 BIO_set_fd(bio, fd, BIO_NOCLOSE); 677 BIO_set_fd(bio, fd, BIO_NOCLOSE);
664 SSL_set_bio(s, bio, bio); 678 SSL_set_bio(s, bio, bio);
665 ret = 1; 679 ret = 1;
666err: 680 err:
667 return (ret); 681 return (ret);
668} 682}
669 683
670int 684int
671SSL_set_wfd(SSL *s, int fd) 685SSL_set_wfd(SSL *s, int fd)
672{ 686{
673 int ret = 0; 687 int ret = 0;
674 BIO *bio = NULL; 688 BIO *bio = NULL;
675 689
676 if ((s->rbio == NULL) || (BIO_method_type(s->rbio) != BIO_TYPE_SOCKET) 690 if ((s->rbio == NULL) || (BIO_method_type(s->rbio) != BIO_TYPE_SOCKET)
677 || ((int)BIO_get_fd(s->rbio, NULL) != fd)) { 691 || ((int)BIO_get_fd(s->rbio, NULL) != fd)) {
678 bio = BIO_new(BIO_s_socket()); 692 bio = BIO_new(BIO_s_socket());
679 693
680 if (bio == NULL) 694 if (bio == NULL) {
681 { SSLerr(SSL_F_SSL_SET_WFD, ERR_R_BUF_LIB); 695 SSLerr(SSL_F_SSL_SET_WFD,
696 ERR_R_BUF_LIB);
682 goto err; 697 goto err;
683 } 698 }
684 BIO_set_fd(bio, fd, BIO_NOCLOSE); 699 BIO_set_fd(bio, fd, BIO_NOCLOSE);
@@ -686,22 +701,23 @@ SSL_set_wfd(SSL *s, int fd)
686 } else 701 } else
687 SSL_set_bio(s, SSL_get_rbio(s), SSL_get_rbio(s)); 702 SSL_set_bio(s, SSL_get_rbio(s), SSL_get_rbio(s));
688 ret = 1; 703 ret = 1;
689err: 704 err:
690 return (ret); 705 return (ret);
691} 706}
692 707
693int 708int
694SSL_set_rfd(SSL *s, int fd) 709SSL_set_rfd(SSL *s, int fd)
695{ 710{
696 int ret = 0; 711 int ret = 0;
697 BIO *bio = NULL; 712 BIO *bio = NULL;
698 713
699 if ((s->wbio == NULL) || (BIO_method_type(s->wbio) != BIO_TYPE_SOCKET) 714 if ((s->wbio == NULL) || (BIO_method_type(s->wbio) != BIO_TYPE_SOCKET)
700 || ((int)BIO_get_fd(s->wbio, NULL) != fd)) { 715 || ((int)BIO_get_fd(s->wbio, NULL) != fd)) {
701 bio = BIO_new(BIO_s_socket()); 716 bio = BIO_new(BIO_s_socket());
702 717
703 if (bio == NULL) { 718 if (bio == NULL) {
704 SSLerr(SSL_F_SSL_SET_RFD, ERR_R_BUF_LIB); 719 SSLerr(SSL_F_SSL_SET_RFD,
720 ERR_R_BUF_LIB);
705 goto err; 721 goto err;
706 } 722 }
707 BIO_set_fd(bio, fd, BIO_NOCLOSE); 723 BIO_set_fd(bio, fd, BIO_NOCLOSE);
@@ -709,7 +725,7 @@ SSL_set_rfd(SSL *s, int fd)
709 } else 725 } else
710 SSL_set_bio(s, SSL_get_wbio(s), SSL_get_wbio(s)); 726 SSL_set_bio(s, SSL_get_wbio(s), SSL_get_wbio(s));
711 ret = 1; 727 ret = 1;
712err: 728 err:
713 return (ret); 729 return (ret);
714} 730}
715#endif 731#endif
@@ -719,7 +735,7 @@ err:
719size_t 735size_t
720SSL_get_finished(const SSL *s, void *buf, size_t count) 736SSL_get_finished(const SSL *s, void *buf, size_t count)
721{ 737{
722 size_t ret = 0; 738 size_t ret = 0;
723 739
724 if (s->s3 != NULL) { 740 if (s->s3 != NULL) {
725 ret = s->s3->tmp.finish_md_len; 741 ret = s->s3->tmp.finish_md_len;
@@ -734,7 +750,7 @@ SSL_get_finished(const SSL *s, void *buf, size_t count)
734size_t 750size_t
735SSL_get_peer_finished(const SSL *s, void *buf, size_t count) 751SSL_get_peer_finished(const SSL *s, void *buf, size_t count)
736{ 752{
737 size_t ret = 0; 753 size_t ret = 0;
738 754
739 if (s->s3 != NULL) { 755 if (s->s3 != NULL) {
740 ret = s->s3->tmp.peer_finish_md_len; 756 ret = s->s3->tmp.peer_finish_md_len;
@@ -810,7 +826,8 @@ SSL_get_read_ahead(const SSL *s)
810int 826int
811SSL_pending(const SSL *s) 827SSL_pending(const SSL *s)
812{ 828{
813 /* SSL_pending cannot work properly if read-ahead is enabled 829 /*
830 * SSL_pending cannot work properly if read-ahead is enabled
814 * (SSL_[CTX_]ctrl(..., SSL_CTRL_SET_READ_AHEAD, 1, NULL)), 831 * (SSL_[CTX_]ctrl(..., SSL_CTRL_SET_READ_AHEAD, 1, NULL)),
815 * and it is impossible to fix since SSL_pending cannot report 832 * and it is impossible to fix since SSL_pending cannot report
816 * errors that may be observed while scanning the new data. 833 * errors that may be observed while scanning the new data.
@@ -823,7 +840,7 @@ SSL_pending(const SSL *s)
823X509 * 840X509 *
824SSL_get_peer_certificate(const SSL *s) 841SSL_get_peer_certificate(const SSL *s)
825{ 842{
826 X509 *r; 843 X509 *r;
827 844
828 if ((s == NULL) || (s->session == NULL)) 845 if ((s == NULL) || (s->session == NULL))
829 r = NULL; 846 r = NULL;
@@ -841,32 +858,38 @@ SSL_get_peer_certificate(const SSL *s)
841STACK_OF(X509) * 858STACK_OF(X509) *
842SSL_get_peer_cert_chain(const SSL *s) 859SSL_get_peer_cert_chain(const SSL *s)
843{ 860{
844 STACK_OF(X509) *r; 861 STACK_OF(X509) *r;
845 862
846 if ((s == NULL) || (s->session == NULL) || (s->session->sess_cert == NULL)) 863 if ((s == NULL) || (s->session == NULL) ||
864 (s->session->sess_cert == NULL))
847 r = NULL; 865 r = NULL;
848 else 866 else
849 r = s->session->sess_cert->cert_chain; 867 r = s->session->sess_cert->cert_chain;
850 868
851 /* If we are a client, cert_chain includes the peer's own 869 /*
870 * If we are a client, cert_chain includes the peer's own
852 * certificate; 871 * certificate;
853if we are a server, it does not. */ 872 * if we are a server, it does not.
854 873 */
855 return (r); 874 return (r);
856} 875}
857 876
858/* Now in theory, since the calling process own 't' it should be safe to 877/*
859 * modify. We need to be able to read f without being hassled */ 878 * Now in theory, since the calling process own 't' it should be safe to
879 * modify. We need to be able to read f without being hassled
880 */
860void 881void
861SSL_copy_session_id(SSL *t, const SSL *f) 882SSL_copy_session_id(SSL *t, const SSL *f)
862{ 883{
863 CERT *tmp; 884 CERT *tmp;
864 885
865 /* Do we need to to SSL locking? */ 886 /* Do we need to to SSL locking? */
866 SSL_set_session(t, SSL_get_session(f)); 887 SSL_set_session(t, SSL_get_session(f));
867 888
868 /* what if we are setup as SSLv2 but want to talk SSLv3 or 889 /*
869 * vice-versa */ 890 * What if we are setup as SSLv2 but want to talk SSLv3 or
891 * vice-versa.
892 */
870 if (t->method != f->method) { 893 if (t->method != f->method) {
871 t->method->ssl_free(t); /* cleanup current */ 894 t->method->ssl_free(t); /* cleanup current */
872 t->method=f->method; /* change method */ 895 t->method=f->method; /* change method */
@@ -888,17 +911,19 @@ SSL_copy_session_id(SSL *t, const SSL *f)
888int 911int
889SSL_CTX_check_private_key(const SSL_CTX *ctx) 912SSL_CTX_check_private_key(const SSL_CTX *ctx)
890{ 913{
891 if ((ctx == NULL) || 914 if ((ctx == NULL) || (ctx->cert == NULL) ||
892 (ctx->cert == NULL) || 915 (ctx->cert->key->x509 == NULL)) {
893 (ctx->cert->key->x509 == NULL)) { 916 SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY,
894 SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY, SSL_R_NO_CERTIFICATE_ASSIGNED); 917 SSL_R_NO_CERTIFICATE_ASSIGNED);
895 return (0); 918 return (0);
896 } 919 }
897 if (ctx->cert->key->privatekey == NULL) { 920 if (ctx->cert->key->privatekey == NULL) {
898 SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY, SSL_R_NO_PRIVATE_KEY_ASSIGNED); 921 SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY,
922 SSL_R_NO_PRIVATE_KEY_ASSIGNED);
899 return (0); 923 return (0);
900 } 924 }
901 return (X509_check_private_key(ctx->cert->key->x509, ctx->cert->key->privatekey)); 925 return (X509_check_private_key(ctx->cert->key->x509,
926 ctx->cert->key->privatekey));
902} 927}
903 928
904/* Fix this function so that it takes an optional type parameter */ 929/* Fix this function so that it takes an optional type parameter */
@@ -906,31 +931,34 @@ int
906SSL_check_private_key(const SSL *ssl) 931SSL_check_private_key(const SSL *ssl)
907{ 932{
908 if (ssl == NULL) { 933 if (ssl == NULL) {
909 SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, ERR_R_PASSED_NULL_PARAMETER); 934 SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,
935 ERR_R_PASSED_NULL_PARAMETER);
910 return (0); 936 return (0);
911 } 937 }
912 if (ssl->cert == NULL) { 938 if (ssl->cert == NULL) {
913 SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, SSL_R_NO_CERTIFICATE_ASSIGNED); 939 SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,
940 SSL_R_NO_CERTIFICATE_ASSIGNED);
914 return 0; 941 return 0;
915 } 942 }
916 if (ssl->cert->key->x509 == NULL) { 943 if (ssl->cert->key->x509 == NULL) {
917 SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, SSL_R_NO_CERTIFICATE_ASSIGNED); 944 SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,
945 SSL_R_NO_CERTIFICATE_ASSIGNED);
918 return (0); 946 return (0);
919 } 947 }
920 if (ssl->cert->key->privatekey == NULL) { 948 if (ssl->cert->key->privatekey == NULL) {
921 SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, SSL_R_NO_PRIVATE_KEY_ASSIGNED); 949 SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,
950 SSL_R_NO_PRIVATE_KEY_ASSIGNED);
922 return (0); 951 return (0);
923 } 952 }
924 return(X509_check_private_key(ssl->cert->key->x509, 953 return (X509_check_private_key(ssl->cert->key->x509,
925 ssl->cert->key->privatekey)); 954 ssl->cert->key->privatekey));
926} 955}
927 956
928int 957int
929SSL_accept(SSL *s) 958SSL_accept(SSL *s)
930{ 959{
931 if (s->handshake_func == 0) 960 if (s->handshake_func == 0)
932 /* Not properly initialized yet */ 961 SSL_set_accept_state(s); /* Not properly initialized yet */
933 SSL_set_accept_state(s);
934 962
935 return (s->method->ssl_accept(s)); 963 return (s->method->ssl_accept(s));
936} 964}
@@ -939,8 +967,7 @@ int
939SSL_connect(SSL *s) 967SSL_connect(SSL *s)
940{ 968{
941 if (s->handshake_func == 0) 969 if (s->handshake_func == 0)
942 /* Not properly initialized yet */ 970 SSL_set_connect_state(s); /* Not properly initialized yet */
943 SSL_set_connect_state(s);
944 971
945 return (s->method->ssl_connect(s)); 972 return (s->method->ssl_connect(s));
946} 973}
@@ -955,7 +982,8 @@ int
955SSL_read(SSL *s, void *buf, int num) 982SSL_read(SSL *s, void *buf, int num)
956{ 983{
957 if (s->handshake_func == 0) { 984 if (s->handshake_func == 0) {
958 SSLerr(SSL_F_SSL_READ, SSL_R_UNINITIALIZED); 985 SSLerr(SSL_F_SSL_READ,
986 SSL_R_UNINITIALIZED);
959 return -1; 987 return -1;
960 } 988 }
961 989
@@ -970,7 +998,8 @@ int
970SSL_peek(SSL *s, void *buf, int num) 998SSL_peek(SSL *s, void *buf, int num)
971{ 999{
972 if (s->handshake_func == 0) { 1000 if (s->handshake_func == 0) {
973 SSLerr(SSL_F_SSL_PEEK, SSL_R_UNINITIALIZED); 1001 SSLerr(SSL_F_SSL_PEEK,
1002 SSL_R_UNINITIALIZED);
974 return -1; 1003 return -1;
975 } 1004 }
976 1005
@@ -984,13 +1013,15 @@ int
984SSL_write(SSL *s, const void *buf, int num) 1013SSL_write(SSL *s, const void *buf, int num)
985{ 1014{
986 if (s->handshake_func == 0) { 1015 if (s->handshake_func == 0) {
987 SSLerr(SSL_F_SSL_WRITE, SSL_R_UNINITIALIZED); 1016 SSLerr(SSL_F_SSL_WRITE,
1017 SSL_R_UNINITIALIZED);
988 return -1; 1018 return -1;
989 } 1019 }
990 1020
991 if (s->shutdown & SSL_SENT_SHUTDOWN) { 1021 if (s->shutdown & SSL_SENT_SHUTDOWN) {
992 s->rwstate = SSL_NOTHING; 1022 s->rwstate = SSL_NOTHING;
993 SSLerr(SSL_F_SSL_WRITE, SSL_R_PROTOCOL_IS_SHUTDOWN); 1023 SSLerr(SSL_F_SSL_WRITE,
1024 SSL_R_PROTOCOL_IS_SHUTDOWN);
994 return (-1); 1025 return (-1);
995 } 1026 }
996 return (s->method->ssl_write(s, buf, num)); 1027 return (s->method->ssl_write(s, buf, num));
@@ -999,14 +1030,16 @@ SSL_write(SSL *s, const void *buf, int num)
999int 1030int
1000SSL_shutdown(SSL *s) 1031SSL_shutdown(SSL *s)
1001{ 1032{
1002 /* Note that this function behaves differently from what one might 1033 /*
1034 * Note that this function behaves differently from what one might
1003 * expect. Return values are 0 for no success (yet), 1035 * expect. Return values are 0 for no success (yet),
1004 * 1 for success; but calling it once is usually not enough, 1036 * 1 for success; but calling it once is usually not enough,
1005 * even if blocking I/O is used (see ssl3_shutdown). 1037 * even if blocking I/O is used (see ssl3_shutdown).
1006 */ 1038 */
1007 1039
1008 if (s->handshake_func == 0) { 1040 if (s->handshake_func == 0) {
1009 SSLerr(SSL_F_SSL_SHUTDOWN, SSL_R_UNINITIALIZED); 1041 SSLerr(SSL_F_SSL_SHUTDOWN,
1042 SSL_R_UNINITIALIZED);
1010 return -1; 1043 return -1;
1011 } 1044 }
1012 1045
@@ -1041,15 +1074,17 @@ SSL_renegotiate_abbreviated(SSL *s)
1041int 1074int
1042SSL_renegotiate_pending(SSL *s) 1075SSL_renegotiate_pending(SSL *s)
1043{ 1076{
1044 /* becomes true when negotiation is requested; 1077 /*
1045 * false again once a handshake has finished */ 1078 * Becomes true when negotiation is requested;
1079 * false again once a handshake has finished.
1080 */
1046 return (s->renegotiate != 0); 1081 return (s->renegotiate != 0);
1047} 1082}
1048 1083
1049long 1084long
1050SSL_ctrl(SSL *s, int cmd, long larg, void *parg) 1085SSL_ctrl(SSL *s, int cmd, long larg, void *parg)
1051{ 1086{
1052 long l; 1087 long l;
1053 1088
1054 switch (cmd) { 1089 switch (cmd) {
1055 case SSL_CTRL_GET_READ_AHEAD: 1090 case SSL_CTRL_GET_READ_AHEAD:
@@ -1084,7 +1119,7 @@ SSL_ctrl(SSL *s, int cmd, long larg, void *parg)
1084#endif 1119#endif
1085 1120
1086 if (SSL_version(s) == DTLS1_VERSION || 1121 if (SSL_version(s) == DTLS1_VERSION ||
1087 SSL_version(s) == DTLS1_BAD_VER) { 1122 SSL_version(s) == DTLS1_BAD_VER) {
1088 s->d1->mtu = larg; 1123 s->d1->mtu = larg;
1089 return larg; 1124 return larg;
1090 } 1125 }
@@ -1108,7 +1143,9 @@ SSL_callback_ctrl(SSL *s, int cmd, void (*fp)(void))
1108{ 1143{
1109 switch (cmd) { 1144 switch (cmd) {
1110 case SSL_CTRL_SET_MSG_CALLBACK: 1145 case SSL_CTRL_SET_MSG_CALLBACK:
1111 s->msg_callback = (void (*)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg))(fp); 1146 s->msg_callback = (void (*)(int write_p, int version,
1147 int content_type, const void *buf, size_t len,
1148 SSL *ssl, void *arg))(fp);
1112 return 1; 1149 return 1;
1113 1150
1114 default: 1151 default:
@@ -1125,7 +1162,7 @@ SSL_CTX_sessions(SSL_CTX *ctx)
1125long 1162long
1126SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) 1163SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
1127{ 1164{
1128 long l; 1165 long l;
1129 1166
1130 switch (cmd) { 1167 switch (cmd) {
1131 case SSL_CTRL_GET_READ_AHEAD: 1168 case SSL_CTRL_GET_READ_AHEAD:
@@ -1206,7 +1243,9 @@ SSL_CTX_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
1206{ 1243{
1207 switch (cmd) { 1244 switch (cmd) {
1208 case SSL_CTRL_SET_MSG_CALLBACK: 1245 case SSL_CTRL_SET_MSG_CALLBACK:
1209 ctx->msg_callback = (void (*)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg))(fp); 1246 ctx->msg_callback = (void (*)(int write_p, int version,
1247 int content_type, const void *buf, size_t len, SSL *ssl,
1248 void *arg))(fp);
1210 return 1; 1249 return 1;
1211 1250
1212 default: 1251 default:
@@ -1217,7 +1256,7 @@ SSL_CTX_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
1217int 1256int
1218ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b) 1257ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b)
1219{ 1258{
1220 long l; 1259 long l;
1221 1260
1222 l = a->id - b->id; 1261 l = a->id - b->id;
1223 if (l == 0L) 1262 if (l == 0L)
@@ -1230,7 +1269,7 @@ int
1230ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap, 1269ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap,
1231 const SSL_CIPHER * const *bp) 1270 const SSL_CIPHER * const *bp)
1232{ 1271{
1233 long l; 1272 long l;
1234 1273
1235 l = (*ap)->id - (*bp)->id; 1274 l = (*ap)->id - (*bp)->id;
1236 if (l == 0L) 1275 if (l == 0L)
@@ -1239,24 +1278,27 @@ ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap,
1239 return ((l > 0) ? 1:-1); 1278 return ((l > 0) ? 1:-1);
1240} 1279}
1241 1280
1242/** return a STACK of the ciphers available for the SSL and in order of 1281/*
1243 * preference */ 1282 * Return a STACK of the ciphers available for the SSL and in order of
1283 * preference.
1284 */
1244STACK_OF(SSL_CIPHER) * 1285STACK_OF(SSL_CIPHER) *
1245SSL_get_ciphers(const SSL *s) 1286SSL_get_ciphers(const SSL *s)
1246{ 1287{
1247 if (s != NULL) { 1288 if (s != NULL) {
1248 if (s->cipher_list != NULL) { 1289 if (s->cipher_list != NULL) {
1249 return (s->cipher_list); 1290 return (s->cipher_list);
1250 } else if ((s->ctx != NULL) && 1291 } else if ((s->ctx != NULL) && (s->ctx->cipher_list != NULL)) {
1251 (s->ctx->cipher_list != NULL)) {
1252 return (s->ctx->cipher_list); 1292 return (s->ctx->cipher_list);
1253 } 1293 }
1254 } 1294 }
1255 return (NULL); 1295 return (NULL);
1256} 1296}
1257 1297
1258/** return a STACK of the ciphers available for the SSL and in order of 1298/*
1259 * algorithm id */ 1299 * Return a STACK of the ciphers available for the SSL and in order of
1300 * algorithm id.
1301 */
1260STACK_OF(SSL_CIPHER) * 1302STACK_OF(SSL_CIPHER) *
1261ssl_get_ciphers_by_id(SSL *s) 1303ssl_get_ciphers_by_id(SSL *s)
1262{ 1304{
@@ -1264,19 +1306,19 @@ ssl_get_ciphers_by_id(SSL *s)
1264 if (s->cipher_list_by_id != NULL) { 1306 if (s->cipher_list_by_id != NULL) {
1265 return (s->cipher_list_by_id); 1307 return (s->cipher_list_by_id);
1266 } else if ((s->ctx != NULL) && 1308 } else if ((s->ctx != NULL) &&
1267 (s->ctx->cipher_list_by_id != NULL)) { 1309 (s->ctx->cipher_list_by_id != NULL)) {
1268 return (s->ctx->cipher_list_by_id); 1310 return (s->ctx->cipher_list_by_id);
1269 } 1311 }
1270 } 1312 }
1271 return (NULL); 1313 return (NULL);
1272} 1314}
1273 1315
1274/** The old interface to get the same thing as SSL_get_ciphers() */ 1316/* The old interface to get the same thing as SSL_get_ciphers(). */
1275const char * 1317const char *
1276SSL_get_cipher_list(const SSL *s, int n) 1318SSL_get_cipher_list(const SSL *s, int n)
1277{ 1319{
1278 SSL_CIPHER *c; 1320 SSL_CIPHER *c;
1279 STACK_OF(SSL_CIPHER) *sk; 1321 STACK_OF(SSL_CIPHER) *sk;
1280 1322
1281 if (s == NULL) 1323 if (s == NULL)
1282 return (NULL); 1324 return (NULL);
@@ -1289,35 +1331,38 @@ SSL_get_cipher_list(const SSL *s, int n)
1289 return (c->name); 1331 return (c->name);
1290} 1332}
1291 1333
1292/** specify the ciphers to be used by default by the SSL_CTX */ 1334/* Specify the ciphers to be used by default by the SSL_CTX. */
1293int 1335int
1294SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str) 1336SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str)
1295{ 1337{
1296 STACK_OF(SSL_CIPHER) *sk; 1338 STACK_OF(SSL_CIPHER) *sk;
1297 1339
1298 sk = ssl_create_cipher_list(ctx->method, &ctx->cipher_list, 1340 sk = ssl_create_cipher_list(ctx->method, &ctx->cipher_list,
1299 &ctx->cipher_list_by_id, str); 1341 &ctx->cipher_list_by_id, str);
1300 /* ssl_create_cipher_list may return an empty stack if it 1342 /*
1343 * ssl_create_cipher_list may return an empty stack if it
1301 * was unable to find a cipher matching the given rule string 1344 * was unable to find a cipher matching the given rule string
1302 * (for example if the rule string specifies a cipher which 1345 * (for example if the rule string specifies a cipher which
1303 * has been disabled). This is not an error as far as 1346 * has been disabled). This is not an error as far as
1304 * ssl_create_cipher_list is concerned, and hence 1347 * ssl_create_cipher_list is concerned, and hence
1305 * ctx->cipher_list and ctx->cipher_list_by_id has been 1348 * ctx->cipher_list and ctx->cipher_list_by_id has been
1306 * updated. */ 1349 * updated.
1350 */
1307 if (sk == NULL) 1351 if (sk == NULL)
1308 return 0; 1352 return 0;
1309 else if (sk_SSL_CIPHER_num(sk) == 0) { 1353 else if (sk_SSL_CIPHER_num(sk) == 0) {
1310 SSLerr(SSL_F_SSL_CTX_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH); 1354 SSLerr(SSL_F_SSL_CTX_SET_CIPHER_LIST,
1355 SSL_R_NO_CIPHER_MATCH);
1311 return 0; 1356 return 0;
1312 } 1357 }
1313 return 1; 1358 return 1;
1314} 1359}
1315 1360
1316/** specify the ciphers to be used by the SSL */ 1361/* Specify the ciphers to be used by the SSL. */
1317int 1362int
1318SSL_set_cipher_list(SSL *s, const char *str) 1363SSL_set_cipher_list(SSL *s, const char *str)
1319{ 1364{
1320 STACK_OF(SSL_CIPHER) *sk; 1365 STACK_OF(SSL_CIPHER) *sk;
1321 1366
1322 sk = ssl_create_cipher_list(s->ctx->method, &s->cipher_list, 1367 sk = ssl_create_cipher_list(s->ctx->method, &s->cipher_list,
1323 &s->cipher_list_by_id, str); 1368 &s->cipher_list_by_id, str);
@@ -1325,7 +1370,8 @@ SSL_set_cipher_list(SSL *s, const char *str)
1325 if (sk == NULL) 1370 if (sk == NULL)
1326 return 0; 1371 return 0;
1327 else if (sk_SSL_CIPHER_num(sk) == 0) { 1372 else if (sk_SSL_CIPHER_num(sk) == 0) {
1328 SSLerr(SSL_F_SSL_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH); 1373 SSLerr(SSL_F_SSL_SET_CIPHER_LIST,
1374 SSL_R_NO_CIPHER_MATCH);
1329 return 0; 1375 return 0;
1330 } 1376 }
1331 return 1; 1377 return 1;
@@ -1335,11 +1381,11 @@ SSL_set_cipher_list(SSL *s, const char *str)
1335char * 1381char *
1336SSL_get_shared_ciphers(const SSL *s, char *buf, int len) 1382SSL_get_shared_ciphers(const SSL *s, char *buf, int len)
1337{ 1383{
1338 char *end; 1384 char *end;
1339 STACK_OF(SSL_CIPHER) *sk; 1385 STACK_OF(SSL_CIPHER) *sk;
1340 SSL_CIPHER *c; 1386 SSL_CIPHER *c;
1341 size_t curlen = 0; 1387 size_t curlen = 0;
1342 int i; 1388 int i;
1343 1389
1344 if ((s->session == NULL) || (s->session->ciphers == NULL) || 1390 if ((s->session == NULL) || (s->session->ciphers == NULL) ||
1345 (len < 2)) 1391 (len < 2))
@@ -1351,7 +1397,7 @@ SSL_get_shared_ciphers(const SSL *s, char *buf, int len)
1351 c = sk_SSL_CIPHER_value(sk, i); 1397 c = sk_SSL_CIPHER_value(sk, i);
1352 end = buf + curlen; 1398 end = buf + curlen;
1353 if (strlcat(buf, c->name, len) >= len || 1399 if (strlcat(buf, c->name, len) >= len ||
1354 (curlen = strlcat(buf, ":", len)) >= len) { 1400 (curlen = strlcat(buf, ":", len)) >= len) {
1355 /* remove truncated cipher from list */ 1401 /* remove truncated cipher from list */
1356 *end = '\0'; 1402 *end = '\0';
1357 break; 1403 break;
@@ -1367,11 +1413,11 @@ int
1367ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, unsigned char *p, 1413ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, unsigned char *p,
1368 int (*put_cb)(const SSL_CIPHER *, unsigned char *)) 1414 int (*put_cb)(const SSL_CIPHER *, unsigned char *))
1369{ 1415{
1370 int i, j = 0; 1416 int i, j = 0;
1371 SSL_CIPHER *c; 1417 SSL_CIPHER *c;
1372 unsigned char *q; 1418 unsigned char *q;
1373#ifndef OPENSSL_NO_KRB5 1419#ifndef OPENSSL_NO_KRB5
1374 int nokrb5 = !kssl_tgt_is_available(s->kssl_ctx); 1420 int nokrb5 = !kssl_tgt_is_available(s->kssl_ctx);
1375#endif /* OPENSSL_NO_KRB5 */ 1421#endif /* OPENSSL_NO_KRB5 */
1376 1422
1377 if (sk == NULL) 1423 if (sk == NULL)
@@ -1382,30 +1428,33 @@ ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, unsigned char *p,
1382 c = sk_SSL_CIPHER_value(sk, i); 1428 c = sk_SSL_CIPHER_value(sk, i);
1383 /* Skip TLS v1.2 only ciphersuites if lower than v1.2 */ 1429 /* Skip TLS v1.2 only ciphersuites if lower than v1.2 */
1384 if ((c->algorithm_ssl & SSL_TLSV1_2) && 1430 if ((c->algorithm_ssl & SSL_TLSV1_2) &&
1385 (TLS1_get_client_version(s) < TLS1_2_VERSION)) 1431 (TLS1_get_client_version(s) < TLS1_2_VERSION))
1386 continue; 1432 continue;
1387#ifndef OPENSSL_NO_KRB5 1433#ifndef OPENSSL_NO_KRB5
1388 if (((c->algorithm_mkey & SSL_kKRB5) || (c->algorithm_auth & SSL_aKRB5)) && 1434 if (((c->algorithm_mkey & SSL_kKRB5) ||
1389 nokrb5) 1435 (c->algorithm_auth & SSL_aKRB5)) && nokrb5)
1390 continue; 1436 continue;
1391#endif /* OPENSSL_NO_KRB5 */ 1437#endif /* OPENSSL_NO_KRB5 */
1392#ifndef OPENSSL_NO_PSK 1438#ifndef OPENSSL_NO_PSK
1393 /* with PSK there must be client callback set */ 1439 /* with PSK there must be client callback set */
1394 if (((c->algorithm_mkey & SSL_kPSK) || (c->algorithm_auth & SSL_aPSK)) && 1440 if (((c->algorithm_mkey & SSL_kPSK) ||
1395 s->psk_client_callback == NULL) 1441 (c->algorithm_auth & SSL_aPSK)) &&
1396 continue; 1442 s->psk_client_callback == NULL)
1443 continue;
1397#endif /* OPENSSL_NO_PSK */ 1444#endif /* OPENSSL_NO_PSK */
1398 j = put_cb ? put_cb(c, p) : ssl_put_cipher_by_char(s, c, p); 1445 j = put_cb ? put_cb(c, p) : ssl_put_cipher_by_char(s, c, p);
1399 p += j; 1446 p += j;
1400 } 1447 }
1401 /* If p == q, no ciphers and caller indicates an error. Otherwise 1448 /*
1449 * If p == q, no ciphers and caller indicates an error. Otherwise
1402 * add SCSV if not renegotiating. 1450 * add SCSV if not renegotiating.
1403 */ 1451 */
1404 if (p != q && !s->renegotiate) { 1452 if (p != q && !s->renegotiate) {
1405 static SSL_CIPHER scsv = { 1453 static SSL_CIPHER scsv = {
1406 0, NULL, SSL3_CK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0 1454 0, NULL, SSL3_CK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0
1407 }; 1455 };
1408 j = put_cb ? put_cb(&scsv, p) : ssl_put_cipher_by_char(s, &scsv, p); 1456 j = put_cb ? put_cb(&scsv, p) :
1457 ssl_put_cipher_by_char(s, &scsv, p);
1409 p += j; 1458 p += j;
1410#ifdef OPENSSL_RI_DEBUG 1459#ifdef OPENSSL_RI_DEBUG
1411 fprintf(stderr, "SCSV sent by client\n"); 1460 fprintf(stderr, "SCSV sent by client\n");
@@ -1419,15 +1468,17 @@ STACK_OF(SSL_CIPHER) *
1419ssl_bytes_to_cipher_list(SSL *s, unsigned char *p, int num, 1468ssl_bytes_to_cipher_list(SSL *s, unsigned char *p, int num,
1420 STACK_OF(SSL_CIPHER) **skp) 1469 STACK_OF(SSL_CIPHER) **skp)
1421{ 1470{
1422 const SSL_CIPHER *c; 1471 const SSL_CIPHER *c;
1423 STACK_OF(SSL_CIPHER) *sk; 1472 STACK_OF(SSL_CIPHER) *sk;
1424 int i, n; 1473 int i, n;
1474
1425 if (s->s3) 1475 if (s->s3)
1426 s->s3->send_connection_binding = 0; 1476 s->s3->send_connection_binding = 0;
1427 1477
1428 n = ssl_put_cipher_by_char(s, NULL, NULL); 1478 n = ssl_put_cipher_by_char(s, NULL, NULL);
1429 if ((num % n) != 0) { 1479 if ((num % n) != 0) {
1430 SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST); 1480 SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,
1481 SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
1431 return (NULL); 1482 return (NULL);
1432 } 1483 }
1433 if ((skp == NULL) || (*skp == NULL)) 1484 if ((skp == NULL) || (*skp == NULL))
@@ -1440,12 +1491,14 @@ ssl_bytes_to_cipher_list(SSL *s, unsigned char *p, int num,
1440 for (i = 0; i < num; i += n) { 1491 for (i = 0; i < num; i += n) {
1441 /* Check for SCSV */ 1492 /* Check for SCSV */
1442 if (s->s3 && (n != 3 || !p[0]) && 1493 if (s->s3 && (n != 3 || !p[0]) &&
1443 (p[n - 2] == ((SSL3_CK_SCSV >> 8) & 0xff)) && 1494 (p[n - 2] == ((SSL3_CK_SCSV >> 8) & 0xff)) &&
1444 (p[n - 1] == (SSL3_CK_SCSV & 0xff))) { 1495 (p[n - 1] == (SSL3_CK_SCSV & 0xff))) {
1445 /* SCSV fatal if renegotiating */ 1496 /* SCSV fatal if renegotiating */
1446 if (s->renegotiate) { 1497 if (s->renegotiate) {
1447 SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING); 1498 SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,
1448 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); 1499 SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING);
1500 ssl3_send_alert(s, SSL3_AL_FATAL,
1501 SSL_AD_HANDSHAKE_FAILURE);
1449 1502
1450 goto err; 1503 goto err;
1451 } 1504 }
@@ -1461,7 +1514,8 @@ ssl_bytes_to_cipher_list(SSL *s, unsigned char *p, int num,
1461 p += n; 1514 p += n;
1462 if (c != NULL) { 1515 if (c != NULL) {
1463 if (!sk_SSL_CIPHER_push(sk, c)) { 1516 if (!sk_SSL_CIPHER_push(sk, c)) {
1464 SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, ERR_R_MALLOC_FAILURE); 1517 SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,
1518 ERR_R_MALLOC_FAILURE);
1465 goto err; 1519 goto err;
1466 } 1520 }
1467 } 1521 }
@@ -1470,7 +1524,7 @@ ssl_bytes_to_cipher_list(SSL *s, unsigned char *p, int num,
1470 if (skp != NULL) 1524 if (skp != NULL)
1471 *skp = sk; 1525 *skp = sk;
1472 return (sk); 1526 return (sk);
1473err: 1527 err:
1474 if ((skp == NULL) || (*skp == NULL)) 1528 if ((skp == NULL) || (*skp == NULL))
1475 sk_SSL_CIPHER_free(sk); 1529 sk_SSL_CIPHER_free(sk);
1476 return (NULL); 1530 return (NULL);
@@ -1478,10 +1532,10 @@ err:
1478 1532
1479 1533
1480#ifndef OPENSSL_NO_TLSEXT 1534#ifndef OPENSSL_NO_TLSEXT
1481/** return a servername extension value if provided in Client Hello, or NULL. 1535/*
1536 * Return a servername extension value if provided in Client Hello, or NULL.
1482 * So far, only host_name types are defined (RFC 3546). 1537 * So far, only host_name types are defined (RFC 3546).
1483 */ 1538 */
1484
1485const char * 1539const char *
1486SSL_get_servername(const SSL *s, const int type) 1540SSL_get_servername(const SSL *s, const int type)
1487{ 1541{
@@ -1489,20 +1543,23 @@ SSL_get_servername(const SSL *s, const int type)
1489 return NULL; 1543 return NULL;
1490 1544
1491 return s->session && !s->tlsext_hostname ? 1545 return s->session && !s->tlsext_hostname ?
1492 s->session->tlsext_hostname : 1546 s->session->tlsext_hostname :
1493 s->tlsext_hostname; 1547 s->tlsext_hostname;
1494} 1548}
1495 1549
1496int 1550int
1497SSL_get_servername_type(const SSL *s) 1551SSL_get_servername_type(const SSL *s)
1498{ 1552{
1499 if (s->session && (!s->tlsext_hostname ? s->session->tlsext_hostname : s->tlsext_hostname)) 1553 if (s->session &&
1554 (!s->tlsext_hostname ?
1555 s->session->tlsext_hostname : s->tlsext_hostname))
1500 return TLSEXT_NAMETYPE_host_name; 1556 return TLSEXT_NAMETYPE_host_name;
1501 return -1; 1557 return -1;
1502} 1558}
1503 1559
1504# ifndef OPENSSL_NO_NEXTPROTONEG 1560# ifndef OPENSSL_NO_NEXTPROTONEG
1505/* SSL_select_next_proto implements the standard protocol selection. It is 1561/*
1562 * SSL_select_next_proto implements the standard protocol selection. It is
1506 * expected that this function is called from the callback set by 1563 * expected that this function is called from the callback set by
1507 * SSL_CTX_set_next_proto_select_cb. 1564 * SSL_CTX_set_next_proto_select_cb.
1508 * 1565 *
@@ -1533,17 +1590,23 @@ SSL_get_servername_type(const SSL *s)
1533 * OPENSSL_NPN_NO_OVERLAP if the fallback case was reached. 1590 * OPENSSL_NPN_NO_OVERLAP if the fallback case was reached.
1534 */ 1591 */
1535int 1592int
1536SSL_select_next_proto(unsigned char **out, unsigned char *outlen, const unsigned char *server, unsigned int server_len, const unsigned char *client, unsigned int client_len) 1593SSL_select_next_proto(unsigned char **out, unsigned char *outlen,
1594 const unsigned char *server, unsigned int server_len,
1595 const unsigned char *client, unsigned int client_len)
1537{ 1596{
1538 unsigned int i, j; 1597 unsigned int i, j;
1539 const unsigned char *result; 1598 const unsigned char *result;
1540 int status = OPENSSL_NPN_UNSUPPORTED; 1599 int status = OPENSSL_NPN_UNSUPPORTED;
1541 1600
1542 /* For each protocol in server preference order, see if we support it. */ 1601 /*
1602 * For each protocol in server preference order,
1603 * see if we support it.
1604 */
1543 for (i = 0; i < server_len; ) { 1605 for (i = 0; i < server_len; ) {
1544 for (j = 0; j < client_len; ) { 1606 for (j = 0; j < client_len; ) {
1545 if (server[i] == client[j] && 1607 if (server[i] == client[j] &&
1546 memcmp(&server[i + 1], &client[j + 1], server[i]) == 0) { 1608 memcmp(&server[i + 1],
1609 &client[j + 1], server[i]) == 0) {
1547 /* We found a match */ 1610 /* We found a match */
1548 result = &server[i]; 1611 result = &server[i];
1549 status = OPENSSL_NPN_NEGOTIATED; 1612 status = OPENSSL_NPN_NEGOTIATED;
@@ -1560,13 +1623,14 @@ SSL_select_next_proto(unsigned char **out, unsigned char *outlen, const unsigned
1560 result = client; 1623 result = client;
1561 status = OPENSSL_NPN_NO_OVERLAP; 1624 status = OPENSSL_NPN_NO_OVERLAP;
1562 1625
1563 found: 1626 found:
1564 *out = (unsigned char *) result + 1; 1627 *out = (unsigned char *) result + 1;
1565 *outlen = result[0]; 1628 *outlen = result[0];
1566 return status; 1629 return status;
1567} 1630}
1568 1631
1569/* SSL_get0_next_proto_negotiated sets *data and *len to point to the client's 1632/*
1633 * SSL_get0_next_proto_negotiated sets *data and *len to point to the client's
1570 * requested protocol for this connection and returns 0. If the client didn't 1634 * requested protocol for this connection and returns 0. If the client didn't
1571 * request any protocol, then *data is set to NULL. 1635 * request any protocol, then *data is set to NULL.
1572 * 1636 *
@@ -1575,7 +1639,8 @@ SSL_select_next_proto(unsigned char **out, unsigned char *outlen, const unsigned
1575 * provided by the callback. 1639 * provided by the callback.
1576 */ 1640 */
1577void 1641void
1578SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data, unsigned *len) 1642SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data,
1643 unsigned *len)
1579{ 1644{
1580 *data = s->next_proto_negotiated; 1645 *data = s->next_proto_negotiated;
1581 if (!*data) { 1646 if (!*data) {
@@ -1585,23 +1650,27 @@ SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data, unsigne
1585 } 1650 }
1586} 1651}
1587 1652
1588/* SSL_CTX_set_next_protos_advertised_cb sets a callback that is called when a 1653/*
1654 * SSL_CTX_set_next_protos_advertised_cb sets a callback that is called when a
1589 * TLS server needs a list of supported protocols for Next Protocol 1655 * TLS server needs a list of supported protocols for Next Protocol
1590 * Negotiation. The returned list must be in wire format. The list is returned 1656 * Negotiation. The returned list must be in wire format. The list is returned
1591 * by setting |out| to point to it and |outlen| to its length. This memory will 1657 * by setting |out| to point to it and |outlen| to its length. This memory will
1592 * not be modified, but one should assume that the SSL* keeps a reference to 1658 * not be modified, but one should assume that the SSL* keeps a reference to
1593 * it. 1659 * it.
1594 * 1660 *
1595 * The callback should return SSL_TLSEXT_ERR_OK if it wishes to advertise. Otherwise, no 1661 * The callback should return SSL_TLSEXT_ERR_OK if it wishes to advertise.
1596 * such extension will be included in the ServerHello. */ 1662 * Otherwise, no such extension will be included in the ServerHello.
1663 */
1597void 1664void
1598SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *ctx, int (*cb) (SSL *ssl, const unsigned char **out, unsigned int *outlen, void *arg), void *arg) 1665SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *ctx, int (*cb) (SSL *ssl,
1666 const unsigned char **out, unsigned int *outlen, void *arg), void *arg)
1599{ 1667{
1600 ctx->next_protos_advertised_cb = cb; 1668 ctx->next_protos_advertised_cb = cb;
1601 ctx->next_protos_advertised_cb_arg = arg; 1669 ctx->next_protos_advertised_cb_arg = arg;
1602} 1670}
1603 1671
1604/* SSL_CTX_set_next_proto_select_cb sets a callback that is called when a 1672/*
1673 * SSL_CTX_set_next_proto_select_cb sets a callback that is called when a
1605 * client needs to select a protocol from the server's provided list. |out| 1674 * client needs to select a protocol from the server's provided list. |out|
1606 * must be set to point to the selected protocol (which may be within |in|). 1675 * must be set to point to the selected protocol (which may be within |in|).
1607 * The length of the protocol name must be written into |outlen|. The server's 1676 * The length of the protocol name must be written into |outlen|. The server's
@@ -1612,7 +1681,9 @@ SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *ctx, int (*cb) (SSL *ssl, const u
1612 * callback returns a value other than SSL_TLSEXT_ERR_OK. 1681 * callback returns a value other than SSL_TLSEXT_ERR_OK.
1613 */ 1682 */
1614void 1683void
1615SSL_CTX_set_next_proto_select_cb(SSL_CTX *ctx, int (*cb) (SSL *s, unsigned char **out, unsigned char *outlen, const unsigned char *in, unsigned int inlen, void *arg), void *arg) 1684SSL_CTX_set_next_proto_select_cb(SSL_CTX *ctx, int (*cb) (SSL *s,
1685 unsigned char **out, unsigned char *outlen, const unsigned char *in,
1686 unsigned int inlen, void *arg), void *arg)
1616{ 1687{
1617 ctx->next_proto_select_cb = cb; 1688 ctx->next_proto_select_cb = cb;
1618 ctx->next_proto_select_cb_arg = arg; 1689 ctx->next_proto_select_cb_arg = arg;
@@ -1623,34 +1694,35 @@ SSL_CTX_set_next_proto_select_cb(SSL_CTX *ctx, int (*cb) (SSL *s, unsigned char
1623int 1694int
1624SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen, 1695SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen,
1625 const char *label, size_t llen, const unsigned char *p, size_t plen, 1696 const char *label, size_t llen, const unsigned char *p, size_t plen,
1626int use_context) 1697 int use_context)
1627{ 1698{
1628 if (s->version < TLS1_VERSION) 1699 if (s->version < TLS1_VERSION)
1629 return -1; 1700 return -1;
1630 1701
1631 return s->method->ssl3_enc->export_keying_material(s, out, olen, label, 1702 return s->method->ssl3_enc->export_keying_material(s, out, olen,
1632 llen, p, plen, 1703 label, llen, p, plen, use_context);
1633 use_context);
1634} 1704}
1635 1705
1636static unsigned long 1706static unsigned long
1637ssl_session_hash(const SSL_SESSION *a) 1707ssl_session_hash(const SSL_SESSION *a)
1638{ 1708{
1639 unsigned long l; 1709 unsigned long l;
1640 1710
1641 l = (unsigned long) 1711 l = (unsigned long)
1642 ((unsigned int) a->session_id[0] )| 1712 ((unsigned int) a->session_id[0] )|
1643 ((unsigned int) a->session_id[1]<< 8L)| 1713 ((unsigned int) a->session_id[1]<< 8L)|
1644 ((unsigned long)a->session_id[2]<<16L)| 1714 ((unsigned long)a->session_id[2]<<16L)|
1645 ((unsigned long)a->session_id[3]<<24L); 1715 ((unsigned long)a->session_id[3]<<24L);
1646 return (l); 1716 return (l);
1647} 1717}
1648 1718
1649/* NB: If this function (or indeed the hash function which uses a sort of 1719/*
1720 * NB: If this function (or indeed the hash function which uses a sort of
1650 * coarser function than this one) is changed, ensure 1721 * coarser function than this one) is changed, ensure
1651 * SSL_CTX_has_matching_session_id() is checked accordingly. It relies on being 1722 * SSL_CTX_has_matching_session_id() is checked accordingly. It relies on being
1652 * able to construct an SSL_SESSION that will collide with any existing session 1723 * able to construct an SSL_SESSION that will collide with any existing session
1653 * with a matching session ID. */ 1724 * with a matching session ID.
1725 */
1654static int 1726static int
1655ssl_session_cmp(const SSL_SESSION *a, const SSL_SESSION *b) 1727ssl_session_cmp(const SSL_SESSION *a, const SSL_SESSION *b)
1656{ 1728{
@@ -1661,10 +1733,12 @@ ssl_session_cmp(const SSL_SESSION *a, const SSL_SESSION *b)
1661 return (memcmp(a->session_id, b->session_id, a->session_id_length)); 1733 return (memcmp(a->session_id, b->session_id, a->session_id_length));
1662} 1734}
1663 1735
1664/* These wrapper functions should remain rather than redeclaring 1736/*
1737 * These wrapper functions should remain rather than redeclaring
1665 * SSL_SESSION_hash and SSL_SESSION_cmp for void* types and casting each 1738 * SSL_SESSION_hash and SSL_SESSION_cmp for void* types and casting each
1666 * variable. The reason is that the functions aren't static, they're exposed via 1739 * variable. The reason is that the functions aren't static, they're exposed via
1667 * ssl.h. */ 1740 * ssl.h.
1741 */
1668static 1742static
1669IMPLEMENT_LHASH_HASH_FN(ssl_session, SSL_SESSION) 1743IMPLEMENT_LHASH_HASH_FN(ssl_session, SSL_SESSION)
1670static 1744static
@@ -1673,15 +1747,17 @@ IMPLEMENT_LHASH_COMP_FN(ssl_session, SSL_SESSION)
1673SSL_CTX * 1747SSL_CTX *
1674SSL_CTX_new(const SSL_METHOD *meth) 1748SSL_CTX_new(const SSL_METHOD *meth)
1675{ 1749{
1676 SSL_CTX *ret = NULL; 1750 SSL_CTX *ret = NULL;
1677 1751
1678 if (meth == NULL) { 1752 if (meth == NULL) {
1679 SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_NULL_SSL_METHOD_PASSED); 1753 SSLerr(SSL_F_SSL_CTX_NEW,
1754 SSL_R_NULL_SSL_METHOD_PASSED);
1680 return (NULL); 1755 return (NULL);
1681 } 1756 }
1682 1757
1683 if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0) { 1758 if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0) {
1684 SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_X509_VERIFICATION_SETUP_PROBLEMS); 1759 SSLerr(SSL_F_SSL_CTX_NEW,
1760 SSL_R_X509_VERIFICATION_SETUP_PROBLEMS);
1685 goto err; 1761 goto err;
1686 } 1762 }
1687 ret = calloc(1, sizeof(SSL_CTX)); 1763 ret = calloc(1, sizeof(SSL_CTX));
@@ -1748,7 +1824,8 @@ SSL_CTX_new(const SSL_METHOD *meth)
1748 &ret->cipher_list_by_id, SSL_DEFAULT_CIPHER_LIST); 1824 &ret->cipher_list_by_id, SSL_DEFAULT_CIPHER_LIST);
1749 if (ret->cipher_list == NULL || 1825 if (ret->cipher_list == NULL ||
1750 sk_SSL_CIPHER_num(ret->cipher_list) <= 0) { 1826 sk_SSL_CIPHER_num(ret->cipher_list) <= 0) {
1751 SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_LIBRARY_HAS_NO_CIPHERS); 1827 SSLerr(SSL_F_SSL_CTX_NEW,
1828 SSL_R_LIBRARY_HAS_NO_CIPHERS);
1752 goto err2; 1829 goto err2;
1753 } 1830 }
1754 1831
@@ -1757,11 +1834,13 @@ SSL_CTX_new(const SSL_METHOD *meth)
1757 goto err; 1834 goto err;
1758 1835
1759 if ((ret->md5 = EVP_get_digestbyname("ssl3-md5")) == NULL) { 1836 if ((ret->md5 = EVP_get_digestbyname("ssl3-md5")) == NULL) {
1760 SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES); 1837 SSLerr(SSL_F_SSL_CTX_NEW,
1838 SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES);
1761 goto err2; 1839 goto err2;
1762 } 1840 }
1763 if ((ret->sha1 = EVP_get_digestbyname("ssl3-sha1")) == NULL) { 1841 if ((ret->sha1 = EVP_get_digestbyname("ssl3-sha1")) == NULL) {
1764 SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES); 1842 SSLerr(SSL_F_SSL_CTX_NEW,
1843 SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES);
1765 goto err2; 1844 goto err2;
1766 } 1845 }
1767 1846
@@ -1782,9 +1861,9 @@ SSL_CTX_new(const SSL_METHOD *meth)
1782 ret->tlsext_servername_arg = NULL; 1861 ret->tlsext_servername_arg = NULL;
1783 /* Setup RFC4507 ticket keys */ 1862 /* Setup RFC4507 ticket keys */
1784 if ((RAND_pseudo_bytes(ret->tlsext_tick_key_name, 16) <= 0) 1863 if ((RAND_pseudo_bytes(ret->tlsext_tick_key_name, 16) <= 0)
1785 || (RAND_bytes(ret->tlsext_tick_hmac_key, 16) <= 0) 1864 || (RAND_bytes(ret->tlsext_tick_hmac_key, 16) <= 0)
1786 || (RAND_bytes(ret->tlsext_tick_aes_key, 16) <= 0)) 1865 || (RAND_bytes(ret->tlsext_tick_aes_key, 16) <= 0))
1787 ret->options |= SSL_OP_NO_TICKET; 1866 ret->options |= SSL_OP_NO_TICKET;
1788 1867
1789 ret->tlsext_status_cb = 0; 1868 ret->tlsext_status_cb = 0;
1790 ret->tlsext_status_arg = NULL; 1869 ret->tlsext_status_arg = NULL;
@@ -1814,22 +1893,25 @@ SSL_CTX_new(const SSL_METHOD *meth)
1814 if (!eng) { 1893 if (!eng) {
1815 ERR_clear_error(); 1894 ERR_clear_error();
1816 ENGINE_load_builtin_engines(); 1895 ENGINE_load_builtin_engines();
1817 eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO)); 1896 eng = ENGINE_by_id(eng_str(
1897 OPENSSL_SSL_CLIENT_ENGINE_AUTO));
1818 } 1898 }
1819 if (!eng || !SSL_CTX_set_client_cert_engine(ret, eng)) 1899 if (!eng || !SSL_CTX_set_client_cert_engine(ret, eng))
1820 ERR_clear_error(); 1900 ERR_clear_error();
1821 } 1901 }
1822#endif 1902#endif
1823#endif 1903#endif
1824 /* Default is to connect to non-RI servers. When RI is more widely 1904 /*
1905 * Default is to connect to non-RI servers. When RI is more widely
1825 * deployed might change this. 1906 * deployed might change this.
1826 */ 1907 */
1827 ret->options |= SSL_OP_LEGACY_SERVER_CONNECT; 1908 ret->options |= SSL_OP_LEGACY_SERVER_CONNECT;
1828 1909
1829 return (ret); 1910 return (ret);
1830err: 1911 err:
1831 SSLerr(SSL_F_SSL_CTX_NEW, ERR_R_MALLOC_FAILURE); 1912 SSLerr(SSL_F_SSL_CTX_NEW,
1832err2: 1913 ERR_R_MALLOC_FAILURE);
1914 err2:
1833 if (ret != NULL) 1915 if (ret != NULL)
1834 SSL_CTX_free(ret); 1916 SSL_CTX_free(ret);
1835 return (NULL); 1917 return (NULL);
@@ -1845,7 +1927,7 @@ SSL_COMP_free(SSL_COMP *comp)
1845void 1927void
1846SSL_CTX_free(SSL_CTX *a) 1928SSL_CTX_free(SSL_CTX *a)
1847{ 1929{
1848 int i; 1930 int i;
1849 1931
1850 if (a == NULL) 1932 if (a == NULL)
1851 return; 1933 return;
@@ -1926,7 +2008,8 @@ SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u)
1926} 2008}
1927 2009
1928void 2010void
1929SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*cb)(X509_STORE_CTX *, void *), void *arg) 2011SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*cb)(X509_STORE_CTX *,
2012 void *), void *arg)
1930{ 2013{
1931 ctx->app_verify_callback = cb; 2014 ctx->app_verify_callback = cb;
1932 ctx->app_verify_arg = arg; 2015 ctx->app_verify_arg = arg;
@@ -1948,18 +2031,18 @@ SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth)
1948void 2031void
1949ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) 2032ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
1950{ 2033{
1951 CERT_PKEY *cpk; 2034 CERT_PKEY *cpk;
1952 int rsa_enc, rsa_tmp, rsa_sign, dh_tmp, dh_rsa, dh_dsa, dsa_sign; 2035 int rsa_enc, rsa_tmp, rsa_sign, dh_tmp, dh_rsa, dh_dsa, dsa_sign;
1953 int rsa_enc_export, dh_rsa_export, dh_dsa_export; 2036 int rsa_enc_export, dh_rsa_export, dh_dsa_export;
1954 int rsa_tmp_export, dh_tmp_export, kl; 2037 int rsa_tmp_export, dh_tmp_export, kl;
1955 unsigned long mask_k, mask_a, emask_k, emask_a; 2038 unsigned long mask_k, mask_a, emask_k, emask_a;
1956 int have_ecc_cert, ecdh_ok, ecdsa_ok, ecc_pkey_size; 2039 int have_ecc_cert, ecdh_ok, ecdsa_ok, ecc_pkey_size;
1957#ifndef OPENSSL_NO_ECDH 2040#ifndef OPENSSL_NO_ECDH
1958 int have_ecdh_tmp; 2041 int have_ecdh_tmp;
1959#endif 2042#endif
1960 X509 *x = NULL; 2043 X509 *x = NULL;
1961 EVP_PKEY *ecc_pkey = NULL; 2044 EVP_PKEY *ecc_pkey = NULL;
1962 int signature_nid = 0, pk_nid = 0, md_nid = 0; 2045 int signature_nid = 0, pk_nid = 0, md_nid = 0;
1963 2046
1964 if (c == NULL) 2047 if (c == NULL)
1965 return; 2048 return;
@@ -2005,8 +2088,8 @@ ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
2005 2088
2006#ifdef CIPHER_DEBUG 2089#ifdef CIPHER_DEBUG
2007 printf("rt=%d rte=%d dht=%d ecdht=%d re=%d ree=%d rs=%d ds=%d dhr=%d dhd=%d\n", 2090 printf("rt=%d rte=%d dht=%d ecdht=%d re=%d ree=%d rs=%d ds=%d dhr=%d dhd=%d\n",
2008 rsa_tmp, rsa_tmp_export, dh_tmp, have_ecdh_tmp, 2091 rsa_tmp, rsa_tmp_export, dh_tmp, have_ecdh_tmp,
2009 rsa_enc, rsa_enc_export, rsa_sign, dsa_sign, dh_rsa, dh_dsa); 2092 rsa_enc, rsa_enc_export, rsa_sign, dsa_sign, dh_rsa, dh_dsa);
2010#endif 2093#endif
2011 2094
2012 cpk = &(c->pkeys[SSL_PKEY_GOST01]); 2095 cpk = &(c->pkeys[SSL_PKEY_GOST01]);
@@ -2071,7 +2154,8 @@ ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
2071 emask_a|=SSL_aKRB5; 2154 emask_a|=SSL_aKRB5;
2072#endif 2155#endif
2073 2156
2074 /* An ECC certificate may be usable for ECDH and/or 2157 /*
2158 * An ECC certificate may be usable for ECDH and/or
2075 * ECDSA cipher suites depending on the key usage extension. 2159 * ECDSA cipher suites depending on the key usage extension.
2076 */ 2160 */
2077 if (have_ecc_cert) { 2161 if (have_ecc_cert) {
@@ -2150,11 +2234,11 @@ ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
2150int 2234int
2151ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s) 2235ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s)
2152{ 2236{
2153 unsigned long alg_k, alg_a; 2237 unsigned long alg_k, alg_a;
2154 EVP_PKEY *pkey = NULL; 2238 EVP_PKEY *pkey = NULL;
2155 int keysize = 0; 2239 int keysize = 0;
2156 int signature_nid = 0, md_nid = 0, pk_nid = 0; 2240 int signature_nid = 0, md_nid = 0, pk_nid = 0;
2157 const SSL_CIPHER *cs = s->s3->tmp.new_cipher; 2241 const SSL_CIPHER *cs = s->s3->tmp.new_cipher;
2158 2242
2159 alg_k = cs->algorithm_mkey; 2243 alg_k = cs->algorithm_mkey;
2160 alg_a = cs->algorithm_auth; 2244 alg_a = cs->algorithm_auth;
@@ -2179,21 +2263,25 @@ ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s)
2179 if (alg_k & SSL_kECDHe || alg_k & SSL_kECDHr) { 2263 if (alg_k & SSL_kECDHe || alg_k & SSL_kECDHr) {
2180 /* key usage, if present, must allow key agreement */ 2264 /* key usage, if present, must allow key agreement */
2181 if (ku_reject(x, X509v3_KU_KEY_AGREEMENT)) { 2265 if (ku_reject(x, X509v3_KU_KEY_AGREEMENT)) {
2182 SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_NOT_FOR_KEY_AGREEMENT); 2266 SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG,
2267 SSL_R_ECC_CERT_NOT_FOR_KEY_AGREEMENT);
2183 return 0; 2268 return 0;
2184 } 2269 }
2185 if ((alg_k & SSL_kECDHe) && TLS1_get_version(s) < TLS1_2_VERSION) { 2270 if ((alg_k & SSL_kECDHe) && TLS1_get_version(s) <
2271 TLS1_2_VERSION) {
2186 /* signature alg must be ECDSA */ 2272 /* signature alg must be ECDSA */
2187 if (pk_nid != NID_X9_62_id_ecPublicKey) { 2273 if (pk_nid != NID_X9_62_id_ecPublicKey) {
2188 SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE); 2274 SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG,
2275 SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE);
2189 return 0; 2276 return 0;
2190 } 2277 }
2191 } 2278 }
2192 if ((alg_k & SSL_kECDHr) && TLS1_get_version(s) < TLS1_2_VERSION) { 2279 if ((alg_k & SSL_kECDHr) && TLS1_get_version(s) <
2280 TLS1_2_VERSION) {
2193 /* signature alg must be RSA */ 2281 /* signature alg must be RSA */
2194
2195 if (pk_nid != NID_rsaEncryption && pk_nid != NID_rsa) { 2282 if (pk_nid != NID_rsaEncryption && pk_nid != NID_rsa) {
2196 SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE); 2283 SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG,
2284 SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE);
2197 return 0; 2285 return 0;
2198 } 2286 }
2199 } 2287 }
@@ -2201,7 +2289,8 @@ ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s)
2201 if (alg_a & SSL_aECDSA) { 2289 if (alg_a & SSL_aECDSA) {
2202 /* key usage, if present, must allow signing */ 2290 /* key usage, if present, must allow signing */
2203 if (ku_reject(x, X509v3_KU_DIGITAL_SIGNATURE)) { 2291 if (ku_reject(x, X509v3_KU_DIGITAL_SIGNATURE)) {
2204 SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_NOT_FOR_SIGNING); 2292 SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG,
2293 SSL_R_ECC_CERT_NOT_FOR_SIGNING);
2205 return 0; 2294 return 0;
2206 } 2295 }
2207 } 2296 }
@@ -2216,9 +2305,9 @@ ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s)
2216CERT_PKEY * 2305CERT_PKEY *
2217ssl_get_server_send_pkey(const SSL *s) 2306ssl_get_server_send_pkey(const SSL *s)
2218{ 2307{
2219 unsigned long alg_k, alg_a; 2308 unsigned long alg_k, alg_a;
2220 CERT *c; 2309 CERT *c;
2221 int i; 2310 int i;
2222 2311
2223 c = s->cert; 2312 c = s->cert;
2224 ssl_set_cert_masks(c, s->s3->tmp.new_cipher); 2313 ssl_set_cert_masks(c, s->s3->tmp.new_cipher);
@@ -2227,7 +2316,8 @@ ssl_get_server_send_pkey(const SSL *s)
2227 alg_a = s->s3->tmp.new_cipher->algorithm_auth; 2316 alg_a = s->s3->tmp.new_cipher->algorithm_auth;
2228 2317
2229 if (alg_k & (SSL_kECDHr|SSL_kECDHe)) { 2318 if (alg_k & (SSL_kECDHr|SSL_kECDHe)) {
2230 /* we don't need to look at SSL_kEECDH 2319 /*
2320 * We don't need to look at SSL_kEECDH
2231 * since no certificate is needed for 2321 * since no certificate is needed for
2232 * anon ECDH and for authenticated 2322 * anon ECDH and for authenticated
2233 * EECDH, the check for the auth 2323 * EECDH, the check for the auth
@@ -2242,7 +2332,7 @@ ssl_get_server_send_pkey(const SSL *s)
2242 } else if (alg_a & SSL_aECDSA) { 2332 } else if (alg_a & SSL_aECDSA) {
2243 i = SSL_PKEY_ECC; 2333 i = SSL_PKEY_ECC;
2244 } else if (alg_k & SSL_kDHr) 2334 } else if (alg_k & SSL_kDHr)
2245 i = SSL_PKEY_DH_RSA; 2335 i = SSL_PKEY_DH_RSA;
2246 else if (alg_k & SSL_kDHd) 2336 else if (alg_k & SSL_kDHd)
2247 i = SSL_PKEY_DH_DSA; 2337 i = SSL_PKEY_DH_DSA;
2248 else if (alg_a & SSL_aDSS) 2338 else if (alg_a & SSL_aDSS)
@@ -2256,12 +2346,12 @@ ssl_get_server_send_pkey(const SSL *s)
2256 /* VRS something else here? */ 2346 /* VRS something else here? */
2257 return (NULL); 2347 return (NULL);
2258 } else if (alg_a & SSL_aGOST94) 2348 } else if (alg_a & SSL_aGOST94)
2259 i = SSL_PKEY_GOST94; 2349 i = SSL_PKEY_GOST94;
2260 else if (alg_a & SSL_aGOST01) 2350 else if (alg_a & SSL_aGOST01)
2261 i = SSL_PKEY_GOST01; 2351 i = SSL_PKEY_GOST01;
2262 else /* if (alg_a & SSL_aNULL) */ 2352 else { /* if (alg_a & SSL_aNULL) */
2263 { 2353 SSLerr(SSL_F_SSL_GET_SERVER_SEND_PKEY,
2264 SSLerr(SSL_F_SSL_GET_SERVER_SEND_PKEY, ERR_R_INTERNAL_ERROR); 2354 ERR_R_INTERNAL_ERROR);
2265 return (NULL); 2355 return (NULL);
2266 } 2356 }
2267 2357
@@ -2271,7 +2361,8 @@ ssl_get_server_send_pkey(const SSL *s)
2271X509 * 2361X509 *
2272ssl_get_server_send_cert(const SSL *s) 2362ssl_get_server_send_cert(const SSL *s)
2273{ 2363{
2274 CERT_PKEY *cpk; 2364 CERT_PKEY *cpk;
2365
2275 cpk = ssl_get_server_send_pkey(s); 2366 cpk = ssl_get_server_send_pkey(s);
2276 if (!cpk) 2367 if (!cpk)
2277 return NULL; 2368 return NULL;
@@ -2281,26 +2372,27 @@ ssl_get_server_send_cert(const SSL *s)
2281EVP_PKEY * 2372EVP_PKEY *
2282ssl_get_sign_pkey(SSL *s, const SSL_CIPHER *cipher, const EVP_MD **pmd) 2373ssl_get_sign_pkey(SSL *s, const SSL_CIPHER *cipher, const EVP_MD **pmd)
2283{ 2374{
2284 unsigned long alg_a; 2375 unsigned long alg_a;
2285 CERT *c; 2376 CERT *c;
2286 int idx = -1; 2377 int idx = -1;
2287 2378
2288 alg_a = cipher->algorithm_auth; 2379 alg_a = cipher->algorithm_auth;
2289 c = s->cert; 2380 c = s->cert;
2290 2381
2291 if ((alg_a & SSL_aDSS) && 2382 if ((alg_a & SSL_aDSS) &&
2292 (c->pkeys[SSL_PKEY_DSA_SIGN].privatekey != NULL)) 2383 (c->pkeys[SSL_PKEY_DSA_SIGN].privatekey != NULL))
2293 idx = SSL_PKEY_DSA_SIGN; 2384 idx = SSL_PKEY_DSA_SIGN;
2294 else if (alg_a & SSL_aRSA) { 2385 else if (alg_a & SSL_aRSA) {
2295 if (c->pkeys[SSL_PKEY_RSA_SIGN].privatekey != NULL) 2386 if (c->pkeys[SSL_PKEY_RSA_SIGN].privatekey != NULL)
2296 idx = SSL_PKEY_RSA_SIGN; 2387 idx = SSL_PKEY_RSA_SIGN;
2297 else if (c->pkeys[SSL_PKEY_RSA_ENC].privatekey != NULL) 2388 else if (c->pkeys[SSL_PKEY_RSA_ENC].privatekey != NULL)
2298 idx = SSL_PKEY_RSA_ENC; 2389 idx = SSL_PKEY_RSA_ENC;
2299 } else if ((alg_a & SSL_aECDSA) && 2390 } else if ((alg_a & SSL_aECDSA) &&
2300 (c->pkeys[SSL_PKEY_ECC].privatekey != NULL)) 2391 (c->pkeys[SSL_PKEY_ECC].privatekey != NULL))
2301 idx = SSL_PKEY_ECC; 2392 idx = SSL_PKEY_ECC;
2302 if (idx == -1) { 2393 if (idx == -1) {
2303 SSLerr(SSL_F_SSL_GET_SIGN_PKEY, ERR_R_INTERNAL_ERROR); 2394 SSLerr(SSL_F_SSL_GET_SIGN_PKEY,
2395 ERR_R_INTERNAL_ERROR);
2304 return (NULL); 2396 return (NULL);
2305 } 2397 }
2306 if (pmd) 2398 if (pmd)
@@ -2311,18 +2403,19 @@ ssl_get_sign_pkey(SSL *s, const SSL_CIPHER *cipher, const EVP_MD **pmd)
2311void 2403void
2312ssl_update_cache(SSL *s, int mode) 2404ssl_update_cache(SSL *s, int mode)
2313{ 2405{
2314 int i; 2406 int i;
2315 2407
2316 /* If the session_id_length is 0, we are not supposed to cache it, 2408 /*
2317 * and it would be rather hard to do anyway :-) */ 2409 * If the session_id_length is 0, we are not supposed to cache it,
2410 * and it would be rather hard to do anyway :-)
2411 */
2318 if (s->session->session_id_length == 0) 2412 if (s->session->session_id_length == 0)
2319 return; 2413 return;
2320 2414
2321 i = s->session_ctx->session_cache_mode; 2415 i = s->session_ctx->session_cache_mode;
2322 if ((i & mode) && (!s->hit) 2416 if ((i & mode) && (!s->hit) && ((i & SSL_SESS_CACHE_NO_INTERNAL_STORE)
2323 && ((i & SSL_SESS_CACHE_NO_INTERNAL_STORE) 2417 || SSL_CTX_add_session(s->session_ctx, s->session))
2324 || SSL_CTX_add_session(s->session_ctx, s->session)) 2418 && (s->session_ctx->new_session_cb != NULL)) {
2325 && (s->session_ctx->new_session_cb != NULL)) {
2326 CRYPTO_add(&s->session->references, 1, CRYPTO_LOCK_SSL_SESSION); 2419 CRYPTO_add(&s->session->references, 1, CRYPTO_LOCK_SSL_SESSION);
2327 if (!s->session_ctx->new_session_cb(s, s->session)) 2420 if (!s->session_ctx->new_session_cb(s, s->session))
2328 SSL_SESSION_free(s->session); 2421 SSL_SESSION_free(s->session);
@@ -2330,10 +2423,10 @@ ssl_update_cache(SSL *s, int mode)
2330 2423
2331 /* auto flush every 255 connections */ 2424 /* auto flush every 255 connections */
2332 if ((!(i & SSL_SESS_CACHE_NO_AUTO_CLEAR)) && 2425 if ((!(i & SSL_SESS_CACHE_NO_AUTO_CLEAR)) &&
2333 ((i & mode) == mode)) { 2426 ((i & mode) == mode)) {
2334 if ((((mode & SSL_SESS_CACHE_CLIENT) 2427 if ((((mode & SSL_SESS_CACHE_CLIENT) ?
2335 ?s->session_ctx->stats.sess_connect_good 2428 s->session_ctx->stats.sess_connect_good :
2336 :s->session_ctx->stats.sess_accept_good) & 0xff) == 0xff) { 2429 s->session_ctx->stats.sess_accept_good) & 0xff) == 0xff) {
2337 SSL_CTX_flush_sessions(s->session_ctx, time(NULL)); 2430 SSL_CTX_flush_sessions(s->session_ctx, time(NULL));
2338 } 2431 }
2339 } 2432 }
@@ -2348,8 +2441,8 @@ SSL_get_ssl_method(SSL *s)
2348int 2441int
2349SSL_set_ssl_method(SSL *s, const SSL_METHOD *meth) 2442SSL_set_ssl_method(SSL *s, const SSL_METHOD *meth)
2350{ 2443{
2351 int conn = -1; 2444 int conn = -1;
2352 int ret = 1; 2445 int ret = 1;
2353 2446
2354 if (s->method != meth) { 2447 if (s->method != meth) {
2355 if (s->handshake_func != NULL) 2448 if (s->handshake_func != NULL)
@@ -2374,9 +2467,9 @@ SSL_set_ssl_method(SSL *s, const SSL_METHOD *meth)
2374int 2467int
2375SSL_get_error(const SSL *s, int i) 2468SSL_get_error(const SSL *s, int i)
2376{ 2469{
2377 int reason; 2470 int reason;
2378 unsigned long l; 2471 unsigned long l;
2379 BIO *bio; 2472 BIO *bio;
2380 2473
2381 if (i > 0) 2474 if (i > 0)
2382 return (SSL_ERROR_NONE); 2475 return (SSL_ERROR_NONE);
@@ -2422,8 +2515,11 @@ SSL_get_error(const SSL *s, int i)
2422 if (BIO_should_write(bio)) 2515 if (BIO_should_write(bio))
2423 return (SSL_ERROR_WANT_WRITE); 2516 return (SSL_ERROR_WANT_WRITE);
2424 else if (BIO_should_read(bio)) 2517 else if (BIO_should_read(bio))
2425 /* See above (SSL_want_read(s) with BIO_should_write(bio)) */ 2518 return (SSL_ERROR_WANT_READ);
2426 return (SSL_ERROR_WANT_READ); 2519 /*
2520 * See above (SSL_want_read(s) with
2521 * BIO_should_write(bio))
2522 */
2427 else if (BIO_should_io_special(bio)) { 2523 else if (BIO_should_io_special(bio)) {
2428 reason = BIO_get_retry_reason(bio); 2524 reason = BIO_get_retry_reason(bio);
2429 if (reason == BIO_RR_CONNECT) 2525 if (reason == BIO_RR_CONNECT)
@@ -2449,10 +2545,11 @@ SSL_get_error(const SSL *s, int i)
2449int 2545int
2450SSL_do_handshake(SSL *s) 2546SSL_do_handshake(SSL *s)
2451{ 2547{
2452 int ret = 1; 2548 int ret = 1;
2453 2549
2454 if (s->handshake_func == NULL) { 2550 if (s->handshake_func == NULL) {
2455 SSLerr(SSL_F_SSL_DO_HANDSHAKE, SSL_R_CONNECTION_TYPE_NOT_SET); 2551 SSLerr(SSL_F_SSL_DO_HANDSHAKE,
2552 SSL_R_CONNECTION_TYPE_NOT_SET);
2456 return (-1); 2553 return (-1);
2457 } 2554 }
2458 2555
@@ -2464,8 +2561,10 @@ SSL_do_handshake(SSL *s)
2464 return (ret); 2561 return (ret);
2465} 2562}
2466 2563
2467/* For the next 2 functions, SSL_clear() sets shutdown and so 2564/*
2468 * one of these calls will reset it */ 2565 * For the next 2 functions, SSL_clear() sets shutdown and so
2566 * one of these calls will reset it
2567 */
2469void 2568void
2470SSL_set_accept_state(SSL *s) 2569SSL_set_accept_state(SSL *s)
2471{ 2570{
@@ -2495,28 +2594,32 @@ SSL_set_connect_state(SSL *s)
2495int 2594int
2496ssl_undefined_function(SSL *s) 2595ssl_undefined_function(SSL *s)
2497{ 2596{
2498 SSLerr(SSL_F_SSL_UNDEFINED_FUNCTION, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 2597 SSLerr(SSL_F_SSL_UNDEFINED_FUNCTION,
2598 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2499 return (0); 2599 return (0);
2500} 2600}
2501 2601
2502int 2602int
2503ssl_undefined_void_function(void) 2603ssl_undefined_void_function(void)
2504{ 2604{
2505 SSLerr(SSL_F_SSL_UNDEFINED_VOID_FUNCTION, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 2605 SSLerr(SSL_F_SSL_UNDEFINED_VOID_FUNCTION,
2606 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2506 return (0); 2607 return (0);
2507} 2608}
2508 2609
2509int 2610int
2510ssl_undefined_const_function(const SSL *s) 2611ssl_undefined_const_function(const SSL *s)
2511{ 2612{
2512 SSLerr(SSL_F_SSL_UNDEFINED_CONST_FUNCTION, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 2613 SSLerr(SSL_F_SSL_UNDEFINED_CONST_FUNCTION,
2614 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2513 return (0); 2615 return (0);
2514} 2616}
2515 2617
2516SSL_METHOD * 2618SSL_METHOD *
2517ssl_bad_method(int ver) 2619ssl_bad_method(int ver)
2518{ 2620{
2519 SSLerr(SSL_F_SSL_BAD_METHOD, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 2621 SSLerr(SSL_F_SSL_BAD_METHOD,
2622 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2520 return (NULL); 2623 return (NULL);
2521} 2624}
2522 2625
@@ -2554,10 +2657,12 @@ SSL_dup(SSL *s)
2554 /* This copies session-id, SSL_METHOD, sid_ctx, and 'cert' */ 2657 /* This copies session-id, SSL_METHOD, sid_ctx, and 'cert' */
2555 SSL_copy_session_id(ret, s); 2658 SSL_copy_session_id(ret, s);
2556 } else { 2659 } else {
2557 /* No session has been established yet, so we have to expect 2660 /*
2661 * No session has been established yet, so we have to expect
2558 * that s->cert or ret->cert will be changed later -- 2662 * that s->cert or ret->cert will be changed later --
2559 * they should not both point to the same object, 2663 * they should not both point to the same object,
2560 * and thus we can't use SSL_copy_session_id. */ 2664 * and thus we can't use SSL_copy_session_id.
2665 */
2561 2666
2562 ret->method->ssl_free(ret); 2667 ret->method->ssl_free(ret);
2563 ret->method = s->method; 2668 ret->method = s->method;
@@ -2592,7 +2697,8 @@ SSL_dup(SSL *s)
2592 ret->debug = s->debug; 2697 ret->debug = s->debug;
2593 2698
2594 /* copy app data, a little dangerous perhaps */ 2699 /* copy app data, a little dangerous perhaps */
2595 if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL, &ret->ex_data, &s->ex_data)) 2700 if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL,
2701 &ret->ex_data, &s->ex_data))
2596 goto err; 2702 goto err;
2597 2703
2598 /* setup rbio, and wbio */ 2704 /* setup rbio, and wbio */
@@ -2615,22 +2721,30 @@ SSL_dup(SSL *s)
2615 ret->new_session = s->new_session; 2721 ret->new_session = s->new_session;
2616 ret->quiet_shutdown = s->quiet_shutdown; 2722 ret->quiet_shutdown = s->quiet_shutdown;
2617 ret->shutdown = s->shutdown; 2723 ret->shutdown = s->shutdown;
2618 ret->state=s->state; /* SSL_dup does not really work at any state, though */ 2724 /* SSL_dup does not really work at any state, though */
2725 ret->state=s->state;
2619 ret->rstate = s->rstate; 2726 ret->rstate = s->rstate;
2620 ret->init_num = 0; /* would have to copy ret->init_buf, ret->init_msg, ret->init_num, ret->init_off */ 2727
2728 /*
2729 * Would have to copy ret->init_buf, ret->init_msg, ret->init_num,
2730 * ret->init_off
2731 */
2732 ret->init_num = 0;
2733
2621 ret->hit = s->hit; 2734 ret->hit = s->hit;
2622 2735
2623 X509_VERIFY_PARAM_inherit(ret->param, s->param); 2736 X509_VERIFY_PARAM_inherit(ret->param, s->param);
2624 2737
2625 /* dup the cipher_list and cipher_list_by_id stacks */ 2738 /* dup the cipher_list and cipher_list_by_id stacks */
2626 if (s->cipher_list != NULL) { 2739 if (s->cipher_list != NULL) {
2627 if ((ret->cipher_list = sk_SSL_CIPHER_dup(s->cipher_list)) == NULL) 2740 if ((ret->cipher_list =
2741 sk_SSL_CIPHER_dup(s->cipher_list)) == NULL)
2628 goto err; 2742 goto err;
2629 } 2743 }
2630 if (s->cipher_list_by_id != NULL) 2744 if (s->cipher_list_by_id != NULL)
2631 if ((ret->cipher_list_by_id = sk_SSL_CIPHER_dup(s->cipher_list_by_id)) 2745 if ((ret->cipher_list_by_id =
2632 == NULL) 2746 sk_SSL_CIPHER_dup(s->cipher_list_by_id)) == NULL)
2633 goto err; 2747 goto err;
2634 2748
2635 /* Dup the client_CA list */ 2749 /* Dup the client_CA list */
2636 if (s->client_CA != NULL) { 2750 if (s->client_CA != NULL) {
@@ -2638,7 +2752,8 @@ SSL_dup(SSL *s)
2638 ret->client_CA = sk; 2752 ret->client_CA = sk;
2639 for (i = 0; i < sk_X509_NAME_num(sk); i++) { 2753 for (i = 0; i < sk_X509_NAME_num(sk); i++) {
2640 xn = sk_X509_NAME_value(sk, i); 2754 xn = sk_X509_NAME_value(sk, i);
2641 if (sk_X509_NAME_set(sk, i, X509_NAME_dup(xn)) == NULL) { 2755 if (sk_X509_NAME_set(sk, i,
2756 X509_NAME_dup(xn)) == NULL) {
2642 X509_NAME_free(xn); 2757 X509_NAME_free(xn);
2643 goto err; 2758 goto err;
2644 } 2759 }
@@ -2646,7 +2761,7 @@ SSL_dup(SSL *s)
2646 } 2761 }
2647 2762
2648 if (0) { 2763 if (0) {
2649err: 2764 err:
2650 if (ret != NULL) 2765 if (ret != NULL)
2651 SSL_free(ret); 2766 SSL_free(ret);
2652 ret = NULL; 2767 ret = NULL;
@@ -2740,7 +2855,7 @@ SSL_get_current_expansion(SSL *s)
2740int 2855int
2741ssl_init_wbio_buffer(SSL *s, int push) 2856ssl_init_wbio_buffer(SSL *s, int push)
2742{ 2857{
2743 BIO *bbio; 2858 BIO *bbio;
2744 2859
2745 if (s->bbio == NULL) { 2860 if (s->bbio == NULL) {
2746 bbio = BIO_new(BIO_f_buffer()); 2861 bbio = BIO_new(BIO_f_buffer());
@@ -2755,7 +2870,8 @@ ssl_init_wbio_buffer(SSL *s, int push)
2755 (void)BIO_reset(bbio); 2870 (void)BIO_reset(bbio);
2756/* if (!BIO_set_write_buffer_size(bbio,16*1024)) */ 2871/* if (!BIO_set_write_buffer_size(bbio,16*1024)) */
2757 if (!BIO_set_read_buffer_size(bbio, 1)) { 2872 if (!BIO_set_read_buffer_size(bbio, 1)) {
2758 SSLerr(SSL_F_SSL_INIT_WBIO_BUFFER, ERR_R_BUF_LIB); 2873 SSLerr(SSL_F_SSL_INIT_WBIO_BUFFER,
2874 ERR_R_BUF_LIB);
2759 return (0); 2875 return (0);
2760 } 2876 }
2761 if (push) { 2877 if (push) {
@@ -2871,8 +2987,10 @@ SSL_set_info_callback(SSL *ssl,
2871 ssl->info_callback = cb; 2987 ssl->info_callback = cb;
2872} 2988}
2873 2989
2874/* One compiler (Diab DCC) doesn't like argument names in returned 2990/*
2875 function pointer. */ 2991 * One compiler (Diab DCC) doesn't like argument names in returned
2992 * function pointer.
2993 */
2876void (*SSL_get_info_callback(const SSL *ssl))(const SSL * /*ssl*/,int /*type*/,int /*val*/) 2994void (*SSL_get_info_callback(const SSL *ssl))(const SSL * /*ssl*/,int /*type*/,int /*val*/)
2877{ 2995{
2878 return ssl->info_callback; 2996 return ssl->info_callback;
@@ -2907,7 +3025,7 @@ SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
2907 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) 3025 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
2908{ 3026{
2909 return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL, argl, argp, 3027 return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL, argl, argp,
2910 new_func, dup_func, free_func); 3028 new_func, dup_func, free_func);
2911} 3029}
2912 3030
2913int 3031int
@@ -2927,7 +3045,7 @@ SSL_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
2927 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) 3045 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
2928{ 3046{
2929 return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_CTX, argl, argp, 3047 return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_CTX, argl, argp,
2930 new_func, dup_func, free_func); 3048 new_func, dup_func, free_func);
2931} 3049}
2932 3050
2933int 3051int
@@ -3030,10 +3148,11 @@ SSL_set_tmp_dh_callback(SSL *ssl, DH *(*dh)(SSL *ssl, int is_export,
3030 3148
3031#ifndef OPENSSL_NO_ECDH 3149#ifndef OPENSSL_NO_ECDH
3032void 3150void
3033SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx, EC_KEY *(*ecdh)(SSL *ssl, int is_export, 3151SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx, EC_KEY *(*ecdh)(SSL *ssl,
3034 int keylength)) 3152 int is_export, int keylength))
3035{ 3153{
3036 SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TMP_ECDH_CB,(void (*)(void))ecdh); 3154 SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TMP_ECDH_CB,
3155 (void (*)(void))ecdh);
3037} 3156}
3038 3157
3039void 3158void
@@ -3048,8 +3167,10 @@ SSL_set_tmp_ecdh_callback(SSL *ssl, EC_KEY *(*ecdh)(SSL *ssl, int is_export,
3048int 3167int
3049SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint) 3168SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint)
3050{ 3169{
3051 if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN) { 3170 if (identity_hint != NULL && strlen(identity_hint) >
3052 SSLerr(SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT, SSL_R_DATA_LENGTH_TOO_LONG); 3171 PSK_MAX_IDENTITY_LEN) {
3172 SSLerr(SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT,
3173 SSL_R_DATA_LENGTH_TOO_LONG);
3053 return 0; 3174 return 0;
3054 } 3175 }
3055 if (ctx->psk_identity_hint != NULL) 3176 if (ctx->psk_identity_hint != NULL)
@@ -3072,8 +3193,10 @@ SSL_use_psk_identity_hint(SSL *s, const char *identity_hint)
3072 if (s->session == NULL) 3193 if (s->session == NULL)
3073 return 1; /* session not created yet, ignored */ 3194 return 1; /* session not created yet, ignored */
3074 3195
3075 if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN) { 3196 if (identity_hint != NULL && strlen(identity_hint) >
3076 SSLerr(SSL_F_SSL_USE_PSK_IDENTITY_HINT, SSL_R_DATA_LENGTH_TOO_LONG); 3197 PSK_MAX_IDENTITY_LEN) {
3198 SSLerr(SSL_F_SSL_USE_PSK_IDENTITY_HINT,
3199 SSL_R_DATA_LENGTH_TOO_LONG);
3077 return 0; 3200 return 0;
3078 } 3201 }
3079 if (s->session->psk_identity_hint != NULL) 3202 if (s->session->psk_identity_hint != NULL)
@@ -3106,7 +3229,7 @@ SSL_get_psk_identity(const SSL *s)
3106void 3229void
3107SSL_set_psk_client_callback(SSL *s, 3230SSL_set_psk_client_callback(SSL *s,
3108 unsigned int (*cb)(SSL *ssl, const char *hint, 3231 unsigned int (*cb)(SSL *ssl, const char *hint,
3109char *identity, unsigned int max_identity_len, unsigned char *psk, 3232 char *identity, unsigned int max_identity_len, unsigned char *psk,
3110 unsigned int max_psk_len)) 3233 unsigned int max_psk_len))
3111{ 3234{
3112 s->psk_client_callback = cb; 3235 s->psk_client_callback = cb;
@@ -3115,7 +3238,7 @@ char *identity, unsigned int max_identity_len, unsigned char *psk,
3115void 3238void
3116SSL_CTX_set_psk_client_callback(SSL_CTX *ctx, 3239SSL_CTX_set_psk_client_callback(SSL_CTX *ctx,
3117 unsigned int (*cb)(SSL *ssl, const char *hint, 3240 unsigned int (*cb)(SSL *ssl, const char *hint,
3118char *identity, unsigned int max_identity_len, unsigned char *psk, 3241 char *identity, unsigned int max_identity_len, unsigned char *psk,
3119 unsigned int max_psk_len)) 3242 unsigned int max_psk_len))
3120{ 3243{
3121 ctx->psk_client_callback = cb; 3244 ctx->psk_client_callback = cb;
@@ -3124,7 +3247,7 @@ char *identity, unsigned int max_identity_len, unsigned char *psk,
3124void 3247void
3125SSL_set_psk_server_callback(SSL *s, 3248SSL_set_psk_server_callback(SSL *s,
3126 unsigned int (*cb)(SSL *ssl, const char *identity, 3249 unsigned int (*cb)(SSL *ssl, const char *identity,
3127unsigned char *psk, unsigned int max_psk_len)) 3250 unsigned char *psk, unsigned int max_psk_len))
3128{ 3251{
3129 s->psk_server_callback = cb; 3252 s->psk_server_callback = cb;
3130} 3253}
@@ -3132,30 +3255,33 @@ unsigned char *psk, unsigned int max_psk_len))
3132void 3255void
3133SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, 3256SSL_CTX_set_psk_server_callback(SSL_CTX *ctx,
3134 unsigned int (*cb)(SSL *ssl, const char *identity, 3257 unsigned int (*cb)(SSL *ssl, const char *identity,
3135unsigned char *psk, unsigned int max_psk_len)) 3258 unsigned char *psk, unsigned int max_psk_len))
3136{ 3259{
3137 ctx->psk_server_callback = cb; 3260 ctx->psk_server_callback = cb;
3138} 3261}
3139#endif 3262#endif
3140 3263
3141void 3264void
3142SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)) 3265SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version,
3266 int content_type, const void *buf, size_t len, SSL *ssl, void *arg))
3143{ 3267{
3144 SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb); 3268 SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_MSG_CALLBACK,
3269 (void (*)(void))cb);
3145} 3270}
3146 3271
3147void 3272void
3148SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)) 3273SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version,
3274 int content_type, const void *buf, size_t len, SSL *ssl, void *arg))
3149{ 3275{
3150 SSL_callback_ctrl(ssl, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb); 3276 SSL_callback_ctrl(ssl, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb);
3151} 3277}
3152 3278
3153/* Allocates new EVP_MD_CTX and sets pointer to it into given pointer 3279/*
3280 * Allocates new EVP_MD_CTX and sets pointer to it into given pointer
3154 * vairable, freeing EVP_MD_CTX previously stored in that variable, if 3281 * vairable, freeing EVP_MD_CTX previously stored in that variable, if
3155 * any. If EVP_MD pointer is passed, initializes ctx with this md 3282 * any. If EVP_MD pointer is passed, initializes ctx with this md
3156 * Returns newly allocated ctx; 3283 * Returns newly allocated ctx;
3157 */ 3284 */
3158
3159EVP_MD_CTX * 3285EVP_MD_CTX *
3160ssl_replace_hash(EVP_MD_CTX **hash, const EVP_MD *md) 3286ssl_replace_hash(EVP_MD_CTX **hash, const EVP_MD *md)
3161{ 3287{
@@ -3169,7 +3295,6 @@ ssl_replace_hash(EVP_MD_CTX **hash, const EVP_MD *md)
3169void 3295void
3170ssl_clear_hash_ctx(EVP_MD_CTX **hash) 3296ssl_clear_hash_ctx(EVP_MD_CTX **hash)
3171{ 3297{
3172
3173 if (*hash) 3298 if (*hash)
3174 EVP_MD_CTX_destroy(*hash); 3299 EVP_MD_CTX_destroy(*hash);
3175 *hash = NULL; 3300 *hash = NULL;
@@ -3190,4 +3315,4 @@ SSL_cache_hit(SSL *s)
3190IMPLEMENT_STACK_OF(SSL_CIPHER) 3315IMPLEMENT_STACK_OF(SSL_CIPHER)
3191IMPLEMENT_STACK_OF(SSL_COMP) 3316IMPLEMENT_STACK_OF(SSL_COMP)
3192IMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER, 3317IMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER,
3193ssl_cipher_id); 3318 ssl_cipher_id);
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
index cde564cade..830f574183 100644
--- a/src/lib/libssl/ssl_lib.c
+++ b/src/lib/libssl/ssl_lib.c
@@ -160,7 +160,10 @@
160const char *SSL_version_str = OPENSSL_VERSION_TEXT; 160const char *SSL_version_str = OPENSSL_VERSION_TEXT;
161 161
162SSL3_ENC_METHOD ssl3_undef_enc_method = { 162SSL3_ENC_METHOD ssl3_undef_enc_method = {
163 /* evil casts, but these functions are only called if there's a library bug */ 163 /*
164 * Evil casts, but these functions are only called if there's a
165 * library bug.
166 */
164 (int (*)(SSL *, int))ssl_undefined_function, 167 (int (*)(SSL *, int))ssl_undefined_function,
165 (int (*)(SSL *, unsigned char *, int))ssl_undefined_function, 168 (int (*)(SSL *, unsigned char *, int))ssl_undefined_function,
166 ssl_undefined_function, 169 ssl_undefined_function,
@@ -182,9 +185,9 @@ SSL3_ENC_METHOD ssl3_undef_enc_method = {
182int 185int
183SSL_clear(SSL *s) 186SSL_clear(SSL *s)
184{ 187{
185
186 if (s->method == NULL) { 188 if (s->method == NULL) {
187 SSLerr(SSL_F_SSL_CLEAR, SSL_R_NO_METHOD_SPECIFIED); 189 SSLerr(SSL_F_SSL_CLEAR,
190 SSL_R_NO_METHOD_SPECIFIED);
188 return (0); 191 return (0);
189 } 192 }
190 193
@@ -198,7 +201,8 @@ SSL_clear(SSL *s)
198 s->shutdown = 0; 201 s->shutdown = 0;
199 202
200 if (s->renegotiate) { 203 if (s->renegotiate) {
201 SSLerr(SSL_F_SSL_CLEAR, ERR_R_INTERNAL_ERROR); 204 SSLerr(SSL_F_SSL_CLEAR,
205 ERR_R_INTERNAL_ERROR);
202 return 0; 206 return 0;
203 } 207 }
204 208
@@ -226,16 +230,19 @@ SSL_clear(SSL *s)
226 s->first_packet = 0; 230 s->first_packet = 0;
227 231
228#if 1 232#if 1
229 /* Check to see if we were changed into a different method, if 233 /*
230 * so, revert back if we are not doing session-id reuse. */ 234 * Check to see if we were changed into a different method, if
231 if (!s->in_handshake && (s->session == NULL) && (s->method != s->ctx->method)) { 235 * so, revert back if we are not doing session-id reuse.
236 */
237 if (!s->in_handshake && (s->session == NULL) &&
238 (s->method != s->ctx->method)) {
232 s->method->ssl_free(s); 239 s->method->ssl_free(s);
233 s->method = s->ctx->method; 240 s->method = s->ctx->method;
234 if (!s->method->ssl_new(s)) 241 if (!s->method->ssl_new(s))
235 return (0); 242 return (0);
236 } else 243 } else
237#endif 244#endif
238 s->method->ssl_clear(s); 245 s->method->ssl_clear(s);
239 return (1); 246 return (1);
240} 247}
241 248
@@ -243,14 +250,15 @@ SSL_clear(SSL *s)
243int 250int
244SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth) 251SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth)
245{ 252{
246 STACK_OF(SSL_CIPHER) *sk; 253 STACK_OF(SSL_CIPHER) *sk;
247 254
248 ctx->method = meth; 255 ctx->method = meth;
249 256
250 sk = ssl_create_cipher_list(ctx->method, &(ctx->cipher_list), 257 sk = ssl_create_cipher_list(ctx->method, &(ctx->cipher_list),
251 &(ctx->cipher_list_by_id), SSL_DEFAULT_CIPHER_LIST); 258 &(ctx->cipher_list_by_id), SSL_DEFAULT_CIPHER_LIST);
252 if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) { 259 if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) {
253 SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS); 260 SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION,
261 SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);
254 return (0); 262 return (0);
255 } 263 }
256 return (1); 264 return (1);
@@ -259,14 +267,16 @@ SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth)
259SSL * 267SSL *
260SSL_new(SSL_CTX *ctx) 268SSL_new(SSL_CTX *ctx)
261{ 269{
262 SSL *s; 270 SSL *s;
263 271
264 if (ctx == NULL) { 272 if (ctx == NULL) {
265 SSLerr(SSL_F_SSL_NEW, SSL_R_NULL_SSL_CTX); 273 SSLerr(SSL_F_SSL_NEW,
274 SSL_R_NULL_SSL_CTX);
266 return (NULL); 275 return (NULL);
267 } 276 }
268 if (ctx->method == NULL) { 277 if (ctx->method == NULL) {
269 SSLerr(SSL_F_SSL_NEW, SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION); 278 SSLerr(SSL_F_SSL_NEW,
279 SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION);
270 return (NULL); 280 return (NULL);
271 } 281 }
272 282
@@ -283,7 +293,8 @@ SSL_new(SSL_CTX *ctx)
283 s->max_cert_list = ctx->max_cert_list; 293 s->max_cert_list = ctx->max_cert_list;
284 294
285 if (ctx->cert != NULL) { 295 if (ctx->cert != NULL) {
286 /* Earlier library versions used to copy the pointer to 296 /*
297 * Earlier library versions used to copy the pointer to
287 * the CERT, not its contents; only when setting new 298 * the CERT, not its contents; only when setting new
288 * parameters for the per-SSL copy, ssl_cert_new would be 299 * parameters for the per-SSL copy, ssl_cert_new would be
289 * called (and the direct reference to the per-SSL_CTX 300 * called (and the direct reference to the per-SSL_CTX
@@ -291,8 +302,8 @@ SSL_new(SSL_CTX *ctx)
291 * accessed for various purposes, and for that reason they 302 * accessed for various purposes, and for that reason they
292 * used to be known as s->ctx->default_cert). 303 * used to be known as s->ctx->default_cert).
293 * Now we don't look at the SSL_CTX's CERT after having 304 * Now we don't look at the SSL_CTX's CERT after having
294 * duplicated it once. */ 305 * duplicated it once.
295 306 */
296 s->cert = ssl_cert_dup(ctx->cert); 307 s->cert = ssl_cert_dup(ctx->cert);
297 if (s->cert == NULL) 308 if (s->cert == NULL)
298 goto err; 309 goto err;
@@ -362,7 +373,7 @@ SSL_new(SSL_CTX *ctx)
362#endif 373#endif
363 374
364 return (s); 375 return (s);
365err: 376 err:
366 if (s != NULL) { 377 if (s != NULL) {
367 if (s->cert != NULL) 378 if (s->cert != NULL)
368 ssl_cert_free(s->cert); 379 ssl_cert_free(s->cert);
@@ -370,7 +381,8 @@ err:
370 SSL_CTX_free(s->ctx); /* decrement reference count */ 381 SSL_CTX_free(s->ctx); /* decrement reference count */
371 free(s); 382 free(s);
372 } 383 }
373 SSLerr(SSL_F_SSL_NEW, ERR_R_MALLOC_FAILURE); 384 SSLerr(SSL_F_SSL_NEW,
385 ERR_R_MALLOC_FAILURE);
374 return (NULL); 386 return (NULL);
375} 387}
376 388
@@ -379,7 +391,8 @@ SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx,
379 unsigned int sid_ctx_len) 391 unsigned int sid_ctx_len)
380{ 392{
381 if (sid_ctx_len > sizeof ctx->sid_ctx) { 393 if (sid_ctx_len > sizeof ctx->sid_ctx) {
382 SSLerr(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT, SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG); 394 SSLerr(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT,
395 SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
383 return 0; 396 return 0;
384 } 397 }
385 ctx->sid_ctx_length = sid_ctx_len; 398 ctx->sid_ctx_length = sid_ctx_len;
@@ -393,7 +406,8 @@ SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx,
393 unsigned int sid_ctx_len) 406 unsigned int sid_ctx_len)
394{ 407{
395 if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) { 408 if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) {
396 SSLerr(SSL_F_SSL_SET_SESSION_ID_CONTEXT, SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG); 409 SSLerr(SSL_F_SSL_SET_SESSION_ID_CONTEXT,
410 SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
397 return 0; 411 return 0;
398 } 412 }
399 ssl->sid_ctx_length = sid_ctx_len; 413 ssl->sid_ctx_length = sid_ctx_len;
@@ -485,7 +499,7 @@ SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm)
485void 499void
486SSL_free(SSL *s) 500SSL_free(SSL *s)
487{ 501{
488 int i; 502 int i;
489 503
490 if (s == NULL) 504 if (s == NULL)
491 return; 505 return;
@@ -550,7 +564,7 @@ SSL_free(SSL *s)
550 free(s->tlsext_opaque_prf_input); 564 free(s->tlsext_opaque_prf_input);
551 if (s->tlsext_ocsp_exts) 565 if (s->tlsext_ocsp_exts)
552 sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts, 566 sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts,
553 X509_EXTENSION_free); 567 X509_EXTENSION_free);
554 if (s->tlsext_ocsp_ids) 568 if (s->tlsext_ocsp_ids)
555 sk_OCSP_RESPID_pop_free(s->tlsext_ocsp_ids, OCSP_RESPID_free); 569 sk_OCSP_RESPID_pop_free(s->tlsext_ocsp_ids, OCSP_RESPID_free);
556 if (s->tlsext_ocsp_resp) 570 if (s->tlsext_ocsp_resp)
@@ -587,8 +601,7 @@ SSL_free(SSL *s)
587void 601void
588SSL_set_bio(SSL *s, BIO *rbio, BIO *wbio) 602SSL_set_bio(SSL *s, BIO *rbio, BIO *wbio)
589{ 603{
590 /* If the output buffering BIO is still in place, remove it 604 /* If the output buffering BIO is still in place, remove it */
591 */
592 if (s->bbio != NULL) { 605 if (s->bbio != NULL) {
593 if (s->wbio == s->bbio) { 606 if (s->wbio == s->bbio) {
594 s->wbio = s->wbio->next_bio; 607 s->wbio = s->wbio->next_bio;
@@ -624,8 +637,8 @@ SSL_get_fd(const SSL *s)
624int 637int
625SSL_get_rfd(const SSL *s) 638SSL_get_rfd(const SSL *s)
626{ 639{
627 int ret = -1; 640 int ret = -1;
628 BIO *b, *r; 641 BIO *b, *r;
629 642
630 b = SSL_get_rbio(s); 643 b = SSL_get_rbio(s);
631 r = BIO_find_type(b, BIO_TYPE_DESCRIPTOR); 644 r = BIO_find_type(b, BIO_TYPE_DESCRIPTOR);
@@ -637,8 +650,8 @@ SSL_get_rfd(const SSL *s)
637int 650int
638SSL_get_wfd(const SSL *s) 651SSL_get_wfd(const SSL *s)
639{ 652{
640 int ret = -1; 653 int ret = -1;
641 BIO *b, *r; 654 BIO *b, *r;
642 655
643 b = SSL_get_wbio(s); 656 b = SSL_get_wbio(s);
644 r = BIO_find_type(b, BIO_TYPE_DESCRIPTOR); 657 r = BIO_find_type(b, BIO_TYPE_DESCRIPTOR);
@@ -651,34 +664,36 @@ SSL_get_wfd(const SSL *s)
651int 664int
652SSL_set_fd(SSL *s, int fd) 665SSL_set_fd(SSL *s, int fd)
653{ 666{
654 int ret = 0; 667 int ret = 0;
655 BIO *bio = NULL; 668 BIO *bio = NULL;
656 669
657 bio = BIO_new(BIO_s_socket()); 670 bio = BIO_new(BIO_s_socket());
658 671
659 if (bio == NULL) { 672 if (bio == NULL) {
660 SSLerr(SSL_F_SSL_SET_FD, ERR_R_BUF_LIB); 673 SSLerr(SSL_F_SSL_SET_FD,
674 ERR_R_BUF_LIB);
661 goto err; 675 goto err;
662 } 676 }
663 BIO_set_fd(bio, fd, BIO_NOCLOSE); 677 BIO_set_fd(bio, fd, BIO_NOCLOSE);
664 SSL_set_bio(s, bio, bio); 678 SSL_set_bio(s, bio, bio);
665 ret = 1; 679 ret = 1;
666err: 680 err:
667 return (ret); 681 return (ret);
668} 682}
669 683
670int 684int
671SSL_set_wfd(SSL *s, int fd) 685SSL_set_wfd(SSL *s, int fd)
672{ 686{
673 int ret = 0; 687 int ret = 0;
674 BIO *bio = NULL; 688 BIO *bio = NULL;
675 689
676 if ((s->rbio == NULL) || (BIO_method_type(s->rbio) != BIO_TYPE_SOCKET) 690 if ((s->rbio == NULL) || (BIO_method_type(s->rbio) != BIO_TYPE_SOCKET)
677 || ((int)BIO_get_fd(s->rbio, NULL) != fd)) { 691 || ((int)BIO_get_fd(s->rbio, NULL) != fd)) {
678 bio = BIO_new(BIO_s_socket()); 692 bio = BIO_new(BIO_s_socket());
679 693
680 if (bio == NULL) 694 if (bio == NULL) {
681 { SSLerr(SSL_F_SSL_SET_WFD, ERR_R_BUF_LIB); 695 SSLerr(SSL_F_SSL_SET_WFD,
696 ERR_R_BUF_LIB);
682 goto err; 697 goto err;
683 } 698 }
684 BIO_set_fd(bio, fd, BIO_NOCLOSE); 699 BIO_set_fd(bio, fd, BIO_NOCLOSE);
@@ -686,22 +701,23 @@ SSL_set_wfd(SSL *s, int fd)
686 } else 701 } else
687 SSL_set_bio(s, SSL_get_rbio(s), SSL_get_rbio(s)); 702 SSL_set_bio(s, SSL_get_rbio(s), SSL_get_rbio(s));
688 ret = 1; 703 ret = 1;
689err: 704 err:
690 return (ret); 705 return (ret);
691} 706}
692 707
693int 708int
694SSL_set_rfd(SSL *s, int fd) 709SSL_set_rfd(SSL *s, int fd)
695{ 710{
696 int ret = 0; 711 int ret = 0;
697 BIO *bio = NULL; 712 BIO *bio = NULL;
698 713
699 if ((s->wbio == NULL) || (BIO_method_type(s->wbio) != BIO_TYPE_SOCKET) 714 if ((s->wbio == NULL) || (BIO_method_type(s->wbio) != BIO_TYPE_SOCKET)
700 || ((int)BIO_get_fd(s->wbio, NULL) != fd)) { 715 || ((int)BIO_get_fd(s->wbio, NULL) != fd)) {
701 bio = BIO_new(BIO_s_socket()); 716 bio = BIO_new(BIO_s_socket());
702 717
703 if (bio == NULL) { 718 if (bio == NULL) {
704 SSLerr(SSL_F_SSL_SET_RFD, ERR_R_BUF_LIB); 719 SSLerr(SSL_F_SSL_SET_RFD,
720 ERR_R_BUF_LIB);
705 goto err; 721 goto err;
706 } 722 }
707 BIO_set_fd(bio, fd, BIO_NOCLOSE); 723 BIO_set_fd(bio, fd, BIO_NOCLOSE);
@@ -709,7 +725,7 @@ SSL_set_rfd(SSL *s, int fd)
709 } else 725 } else
710 SSL_set_bio(s, SSL_get_wbio(s), SSL_get_wbio(s)); 726 SSL_set_bio(s, SSL_get_wbio(s), SSL_get_wbio(s));
711 ret = 1; 727 ret = 1;
712err: 728 err:
713 return (ret); 729 return (ret);
714} 730}
715#endif 731#endif
@@ -719,7 +735,7 @@ err:
719size_t 735size_t
720SSL_get_finished(const SSL *s, void *buf, size_t count) 736SSL_get_finished(const SSL *s, void *buf, size_t count)
721{ 737{
722 size_t ret = 0; 738 size_t ret = 0;
723 739
724 if (s->s3 != NULL) { 740 if (s->s3 != NULL) {
725 ret = s->s3->tmp.finish_md_len; 741 ret = s->s3->tmp.finish_md_len;
@@ -734,7 +750,7 @@ SSL_get_finished(const SSL *s, void *buf, size_t count)
734size_t 750size_t
735SSL_get_peer_finished(const SSL *s, void *buf, size_t count) 751SSL_get_peer_finished(const SSL *s, void *buf, size_t count)
736{ 752{
737 size_t ret = 0; 753 size_t ret = 0;
738 754
739 if (s->s3 != NULL) { 755 if (s->s3 != NULL) {
740 ret = s->s3->tmp.peer_finish_md_len; 756 ret = s->s3->tmp.peer_finish_md_len;
@@ -810,7 +826,8 @@ SSL_get_read_ahead(const SSL *s)
810int 826int
811SSL_pending(const SSL *s) 827SSL_pending(const SSL *s)
812{ 828{
813 /* SSL_pending cannot work properly if read-ahead is enabled 829 /*
830 * SSL_pending cannot work properly if read-ahead is enabled
814 * (SSL_[CTX_]ctrl(..., SSL_CTRL_SET_READ_AHEAD, 1, NULL)), 831 * (SSL_[CTX_]ctrl(..., SSL_CTRL_SET_READ_AHEAD, 1, NULL)),
815 * and it is impossible to fix since SSL_pending cannot report 832 * and it is impossible to fix since SSL_pending cannot report
816 * errors that may be observed while scanning the new data. 833 * errors that may be observed while scanning the new data.
@@ -823,7 +840,7 @@ SSL_pending(const SSL *s)
823X509 * 840X509 *
824SSL_get_peer_certificate(const SSL *s) 841SSL_get_peer_certificate(const SSL *s)
825{ 842{
826 X509 *r; 843 X509 *r;
827 844
828 if ((s == NULL) || (s->session == NULL)) 845 if ((s == NULL) || (s->session == NULL))
829 r = NULL; 846 r = NULL;
@@ -841,32 +858,38 @@ SSL_get_peer_certificate(const SSL *s)
841STACK_OF(X509) * 858STACK_OF(X509) *
842SSL_get_peer_cert_chain(const SSL *s) 859SSL_get_peer_cert_chain(const SSL *s)
843{ 860{
844 STACK_OF(X509) *r; 861 STACK_OF(X509) *r;
845 862
846 if ((s == NULL) || (s->session == NULL) || (s->session->sess_cert == NULL)) 863 if ((s == NULL) || (s->session == NULL) ||
864 (s->session->sess_cert == NULL))
847 r = NULL; 865 r = NULL;
848 else 866 else
849 r = s->session->sess_cert->cert_chain; 867 r = s->session->sess_cert->cert_chain;
850 868
851 /* If we are a client, cert_chain includes the peer's own 869 /*
870 * If we are a client, cert_chain includes the peer's own
852 * certificate; 871 * certificate;
853if we are a server, it does not. */ 872 * if we are a server, it does not.
854 873 */
855 return (r); 874 return (r);
856} 875}
857 876
858/* Now in theory, since the calling process own 't' it should be safe to 877/*
859 * modify. We need to be able to read f without being hassled */ 878 * Now in theory, since the calling process own 't' it should be safe to
879 * modify. We need to be able to read f without being hassled
880 */
860void 881void
861SSL_copy_session_id(SSL *t, const SSL *f) 882SSL_copy_session_id(SSL *t, const SSL *f)
862{ 883{
863 CERT *tmp; 884 CERT *tmp;
864 885
865 /* Do we need to to SSL locking? */ 886 /* Do we need to to SSL locking? */
866 SSL_set_session(t, SSL_get_session(f)); 887 SSL_set_session(t, SSL_get_session(f));
867 888
868 /* what if we are setup as SSLv2 but want to talk SSLv3 or 889 /*
869 * vice-versa */ 890 * What if we are setup as SSLv2 but want to talk SSLv3 or
891 * vice-versa.
892 */
870 if (t->method != f->method) { 893 if (t->method != f->method) {
871 t->method->ssl_free(t); /* cleanup current */ 894 t->method->ssl_free(t); /* cleanup current */
872 t->method=f->method; /* change method */ 895 t->method=f->method; /* change method */
@@ -888,17 +911,19 @@ SSL_copy_session_id(SSL *t, const SSL *f)
888int 911int
889SSL_CTX_check_private_key(const SSL_CTX *ctx) 912SSL_CTX_check_private_key(const SSL_CTX *ctx)
890{ 913{
891 if ((ctx == NULL) || 914 if ((ctx == NULL) || (ctx->cert == NULL) ||
892 (ctx->cert == NULL) || 915 (ctx->cert->key->x509 == NULL)) {
893 (ctx->cert->key->x509 == NULL)) { 916 SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY,
894 SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY, SSL_R_NO_CERTIFICATE_ASSIGNED); 917 SSL_R_NO_CERTIFICATE_ASSIGNED);
895 return (0); 918 return (0);
896 } 919 }
897 if (ctx->cert->key->privatekey == NULL) { 920 if (ctx->cert->key->privatekey == NULL) {
898 SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY, SSL_R_NO_PRIVATE_KEY_ASSIGNED); 921 SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY,
922 SSL_R_NO_PRIVATE_KEY_ASSIGNED);
899 return (0); 923 return (0);
900 } 924 }
901 return (X509_check_private_key(ctx->cert->key->x509, ctx->cert->key->privatekey)); 925 return (X509_check_private_key(ctx->cert->key->x509,
926 ctx->cert->key->privatekey));
902} 927}
903 928
904/* Fix this function so that it takes an optional type parameter */ 929/* Fix this function so that it takes an optional type parameter */
@@ -906,31 +931,34 @@ int
906SSL_check_private_key(const SSL *ssl) 931SSL_check_private_key(const SSL *ssl)
907{ 932{
908 if (ssl == NULL) { 933 if (ssl == NULL) {
909 SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, ERR_R_PASSED_NULL_PARAMETER); 934 SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,
935 ERR_R_PASSED_NULL_PARAMETER);
910 return (0); 936 return (0);
911 } 937 }
912 if (ssl->cert == NULL) { 938 if (ssl->cert == NULL) {
913 SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, SSL_R_NO_CERTIFICATE_ASSIGNED); 939 SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,
940 SSL_R_NO_CERTIFICATE_ASSIGNED);
914 return 0; 941 return 0;
915 } 942 }
916 if (ssl->cert->key->x509 == NULL) { 943 if (ssl->cert->key->x509 == NULL) {
917 SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, SSL_R_NO_CERTIFICATE_ASSIGNED); 944 SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,
945 SSL_R_NO_CERTIFICATE_ASSIGNED);
918 return (0); 946 return (0);
919 } 947 }
920 if (ssl->cert->key->privatekey == NULL) { 948 if (ssl->cert->key->privatekey == NULL) {
921 SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, SSL_R_NO_PRIVATE_KEY_ASSIGNED); 949 SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,
950 SSL_R_NO_PRIVATE_KEY_ASSIGNED);
922 return (0); 951 return (0);
923 } 952 }
924 return(X509_check_private_key(ssl->cert->key->x509, 953 return (X509_check_private_key(ssl->cert->key->x509,
925 ssl->cert->key->privatekey)); 954 ssl->cert->key->privatekey));
926} 955}
927 956
928int 957int
929SSL_accept(SSL *s) 958SSL_accept(SSL *s)
930{ 959{
931 if (s->handshake_func == 0) 960 if (s->handshake_func == 0)
932 /* Not properly initialized yet */ 961 SSL_set_accept_state(s); /* Not properly initialized yet */
933 SSL_set_accept_state(s);
934 962
935 return (s->method->ssl_accept(s)); 963 return (s->method->ssl_accept(s));
936} 964}
@@ -939,8 +967,7 @@ int
939SSL_connect(SSL *s) 967SSL_connect(SSL *s)
940{ 968{
941 if (s->handshake_func == 0) 969 if (s->handshake_func == 0)
942 /* Not properly initialized yet */ 970 SSL_set_connect_state(s); /* Not properly initialized yet */
943 SSL_set_connect_state(s);
944 971
945 return (s->method->ssl_connect(s)); 972 return (s->method->ssl_connect(s));
946} 973}
@@ -955,7 +982,8 @@ int
955SSL_read(SSL *s, void *buf, int num) 982SSL_read(SSL *s, void *buf, int num)
956{ 983{
957 if (s->handshake_func == 0) { 984 if (s->handshake_func == 0) {
958 SSLerr(SSL_F_SSL_READ, SSL_R_UNINITIALIZED); 985 SSLerr(SSL_F_SSL_READ,
986 SSL_R_UNINITIALIZED);
959 return -1; 987 return -1;
960 } 988 }
961 989
@@ -970,7 +998,8 @@ int
970SSL_peek(SSL *s, void *buf, int num) 998SSL_peek(SSL *s, void *buf, int num)
971{ 999{
972 if (s->handshake_func == 0) { 1000 if (s->handshake_func == 0) {
973 SSLerr(SSL_F_SSL_PEEK, SSL_R_UNINITIALIZED); 1001 SSLerr(SSL_F_SSL_PEEK,
1002 SSL_R_UNINITIALIZED);
974 return -1; 1003 return -1;
975 } 1004 }
976 1005
@@ -984,13 +1013,15 @@ int
984SSL_write(SSL *s, const void *buf, int num) 1013SSL_write(SSL *s, const void *buf, int num)
985{ 1014{
986 if (s->handshake_func == 0) { 1015 if (s->handshake_func == 0) {
987 SSLerr(SSL_F_SSL_WRITE, SSL_R_UNINITIALIZED); 1016 SSLerr(SSL_F_SSL_WRITE,
1017 SSL_R_UNINITIALIZED);
988 return -1; 1018 return -1;
989 } 1019 }
990 1020
991 if (s->shutdown & SSL_SENT_SHUTDOWN) { 1021 if (s->shutdown & SSL_SENT_SHUTDOWN) {
992 s->rwstate = SSL_NOTHING; 1022 s->rwstate = SSL_NOTHING;
993 SSLerr(SSL_F_SSL_WRITE, SSL_R_PROTOCOL_IS_SHUTDOWN); 1023 SSLerr(SSL_F_SSL_WRITE,
1024 SSL_R_PROTOCOL_IS_SHUTDOWN);
994 return (-1); 1025 return (-1);
995 } 1026 }
996 return (s->method->ssl_write(s, buf, num)); 1027 return (s->method->ssl_write(s, buf, num));
@@ -999,14 +1030,16 @@ SSL_write(SSL *s, const void *buf, int num)
999int 1030int
1000SSL_shutdown(SSL *s) 1031SSL_shutdown(SSL *s)
1001{ 1032{
1002 /* Note that this function behaves differently from what one might 1033 /*
1034 * Note that this function behaves differently from what one might
1003 * expect. Return values are 0 for no success (yet), 1035 * expect. Return values are 0 for no success (yet),
1004 * 1 for success; but calling it once is usually not enough, 1036 * 1 for success; but calling it once is usually not enough,
1005 * even if blocking I/O is used (see ssl3_shutdown). 1037 * even if blocking I/O is used (see ssl3_shutdown).
1006 */ 1038 */
1007 1039
1008 if (s->handshake_func == 0) { 1040 if (s->handshake_func == 0) {
1009 SSLerr(SSL_F_SSL_SHUTDOWN, SSL_R_UNINITIALIZED); 1041 SSLerr(SSL_F_SSL_SHUTDOWN,
1042 SSL_R_UNINITIALIZED);
1010 return -1; 1043 return -1;
1011 } 1044 }
1012 1045
@@ -1041,15 +1074,17 @@ SSL_renegotiate_abbreviated(SSL *s)
1041int 1074int
1042SSL_renegotiate_pending(SSL *s) 1075SSL_renegotiate_pending(SSL *s)
1043{ 1076{
1044 /* becomes true when negotiation is requested; 1077 /*
1045 * false again once a handshake has finished */ 1078 * Becomes true when negotiation is requested;
1079 * false again once a handshake has finished.
1080 */
1046 return (s->renegotiate != 0); 1081 return (s->renegotiate != 0);
1047} 1082}
1048 1083
1049long 1084long
1050SSL_ctrl(SSL *s, int cmd, long larg, void *parg) 1085SSL_ctrl(SSL *s, int cmd, long larg, void *parg)
1051{ 1086{
1052 long l; 1087 long l;
1053 1088
1054 switch (cmd) { 1089 switch (cmd) {
1055 case SSL_CTRL_GET_READ_AHEAD: 1090 case SSL_CTRL_GET_READ_AHEAD:
@@ -1084,7 +1119,7 @@ SSL_ctrl(SSL *s, int cmd, long larg, void *parg)
1084#endif 1119#endif
1085 1120
1086 if (SSL_version(s) == DTLS1_VERSION || 1121 if (SSL_version(s) == DTLS1_VERSION ||
1087 SSL_version(s) == DTLS1_BAD_VER) { 1122 SSL_version(s) == DTLS1_BAD_VER) {
1088 s->d1->mtu = larg; 1123 s->d1->mtu = larg;
1089 return larg; 1124 return larg;
1090 } 1125 }
@@ -1108,7 +1143,9 @@ SSL_callback_ctrl(SSL *s, int cmd, void (*fp)(void))
1108{ 1143{
1109 switch (cmd) { 1144 switch (cmd) {
1110 case SSL_CTRL_SET_MSG_CALLBACK: 1145 case SSL_CTRL_SET_MSG_CALLBACK:
1111 s->msg_callback = (void (*)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg))(fp); 1146 s->msg_callback = (void (*)(int write_p, int version,
1147 int content_type, const void *buf, size_t len,
1148 SSL *ssl, void *arg))(fp);
1112 return 1; 1149 return 1;
1113 1150
1114 default: 1151 default:
@@ -1125,7 +1162,7 @@ SSL_CTX_sessions(SSL_CTX *ctx)
1125long 1162long
1126SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) 1163SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
1127{ 1164{
1128 long l; 1165 long l;
1129 1166
1130 switch (cmd) { 1167 switch (cmd) {
1131 case SSL_CTRL_GET_READ_AHEAD: 1168 case SSL_CTRL_GET_READ_AHEAD:
@@ -1206,7 +1243,9 @@ SSL_CTX_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
1206{ 1243{
1207 switch (cmd) { 1244 switch (cmd) {
1208 case SSL_CTRL_SET_MSG_CALLBACK: 1245 case SSL_CTRL_SET_MSG_CALLBACK:
1209 ctx->msg_callback = (void (*)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg))(fp); 1246 ctx->msg_callback = (void (*)(int write_p, int version,
1247 int content_type, const void *buf, size_t len, SSL *ssl,
1248 void *arg))(fp);
1210 return 1; 1249 return 1;
1211 1250
1212 default: 1251 default:
@@ -1217,7 +1256,7 @@ SSL_CTX_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
1217int 1256int
1218ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b) 1257ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b)
1219{ 1258{
1220 long l; 1259 long l;
1221 1260
1222 l = a->id - b->id; 1261 l = a->id - b->id;
1223 if (l == 0L) 1262 if (l == 0L)
@@ -1230,7 +1269,7 @@ int
1230ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap, 1269ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap,
1231 const SSL_CIPHER * const *bp) 1270 const SSL_CIPHER * const *bp)
1232{ 1271{
1233 long l; 1272 long l;
1234 1273
1235 l = (*ap)->id - (*bp)->id; 1274 l = (*ap)->id - (*bp)->id;
1236 if (l == 0L) 1275 if (l == 0L)
@@ -1239,24 +1278,27 @@ ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap,
1239 return ((l > 0) ? 1:-1); 1278 return ((l > 0) ? 1:-1);
1240} 1279}
1241 1280
1242/** return a STACK of the ciphers available for the SSL and in order of 1281/*
1243 * preference */ 1282 * Return a STACK of the ciphers available for the SSL and in order of
1283 * preference.
1284 */
1244STACK_OF(SSL_CIPHER) * 1285STACK_OF(SSL_CIPHER) *
1245SSL_get_ciphers(const SSL *s) 1286SSL_get_ciphers(const SSL *s)
1246{ 1287{
1247 if (s != NULL) { 1288 if (s != NULL) {
1248 if (s->cipher_list != NULL) { 1289 if (s->cipher_list != NULL) {
1249 return (s->cipher_list); 1290 return (s->cipher_list);
1250 } else if ((s->ctx != NULL) && 1291 } else if ((s->ctx != NULL) && (s->ctx->cipher_list != NULL)) {
1251 (s->ctx->cipher_list != NULL)) {
1252 return (s->ctx->cipher_list); 1292 return (s->ctx->cipher_list);
1253 } 1293 }
1254 } 1294 }
1255 return (NULL); 1295 return (NULL);
1256} 1296}
1257 1297
1258/** return a STACK of the ciphers available for the SSL and in order of 1298/*
1259 * algorithm id */ 1299 * Return a STACK of the ciphers available for the SSL and in order of
1300 * algorithm id.
1301 */
1260STACK_OF(SSL_CIPHER) * 1302STACK_OF(SSL_CIPHER) *
1261ssl_get_ciphers_by_id(SSL *s) 1303ssl_get_ciphers_by_id(SSL *s)
1262{ 1304{
@@ -1264,19 +1306,19 @@ ssl_get_ciphers_by_id(SSL *s)
1264 if (s->cipher_list_by_id != NULL) { 1306 if (s->cipher_list_by_id != NULL) {
1265 return (s->cipher_list_by_id); 1307 return (s->cipher_list_by_id);
1266 } else if ((s->ctx != NULL) && 1308 } else if ((s->ctx != NULL) &&
1267 (s->ctx->cipher_list_by_id != NULL)) { 1309 (s->ctx->cipher_list_by_id != NULL)) {
1268 return (s->ctx->cipher_list_by_id); 1310 return (s->ctx->cipher_list_by_id);
1269 } 1311 }
1270 } 1312 }
1271 return (NULL); 1313 return (NULL);
1272} 1314}
1273 1315
1274/** The old interface to get the same thing as SSL_get_ciphers() */ 1316/* The old interface to get the same thing as SSL_get_ciphers(). */
1275const char * 1317const char *
1276SSL_get_cipher_list(const SSL *s, int n) 1318SSL_get_cipher_list(const SSL *s, int n)
1277{ 1319{
1278 SSL_CIPHER *c; 1320 SSL_CIPHER *c;
1279 STACK_OF(SSL_CIPHER) *sk; 1321 STACK_OF(SSL_CIPHER) *sk;
1280 1322
1281 if (s == NULL) 1323 if (s == NULL)
1282 return (NULL); 1324 return (NULL);
@@ -1289,35 +1331,38 @@ SSL_get_cipher_list(const SSL *s, int n)
1289 return (c->name); 1331 return (c->name);
1290} 1332}
1291 1333
1292/** specify the ciphers to be used by default by the SSL_CTX */ 1334/* Specify the ciphers to be used by default by the SSL_CTX. */
1293int 1335int
1294SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str) 1336SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str)
1295{ 1337{
1296 STACK_OF(SSL_CIPHER) *sk; 1338 STACK_OF(SSL_CIPHER) *sk;
1297 1339
1298 sk = ssl_create_cipher_list(ctx->method, &ctx->cipher_list, 1340 sk = ssl_create_cipher_list(ctx->method, &ctx->cipher_list,
1299 &ctx->cipher_list_by_id, str); 1341 &ctx->cipher_list_by_id, str);
1300 /* ssl_create_cipher_list may return an empty stack if it 1342 /*
1343 * ssl_create_cipher_list may return an empty stack if it
1301 * was unable to find a cipher matching the given rule string 1344 * was unable to find a cipher matching the given rule string
1302 * (for example if the rule string specifies a cipher which 1345 * (for example if the rule string specifies a cipher which
1303 * has been disabled). This is not an error as far as 1346 * has been disabled). This is not an error as far as
1304 * ssl_create_cipher_list is concerned, and hence 1347 * ssl_create_cipher_list is concerned, and hence
1305 * ctx->cipher_list and ctx->cipher_list_by_id has been 1348 * ctx->cipher_list and ctx->cipher_list_by_id has been
1306 * updated. */ 1349 * updated.
1350 */
1307 if (sk == NULL) 1351 if (sk == NULL)
1308 return 0; 1352 return 0;
1309 else if (sk_SSL_CIPHER_num(sk) == 0) { 1353 else if (sk_SSL_CIPHER_num(sk) == 0) {
1310 SSLerr(SSL_F_SSL_CTX_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH); 1354 SSLerr(SSL_F_SSL_CTX_SET_CIPHER_LIST,
1355 SSL_R_NO_CIPHER_MATCH);
1311 return 0; 1356 return 0;
1312 } 1357 }
1313 return 1; 1358 return 1;
1314} 1359}
1315 1360
1316/** specify the ciphers to be used by the SSL */ 1361/* Specify the ciphers to be used by the SSL. */
1317int 1362int
1318SSL_set_cipher_list(SSL *s, const char *str) 1363SSL_set_cipher_list(SSL *s, const char *str)
1319{ 1364{
1320 STACK_OF(SSL_CIPHER) *sk; 1365 STACK_OF(SSL_CIPHER) *sk;
1321 1366
1322 sk = ssl_create_cipher_list(s->ctx->method, &s->cipher_list, 1367 sk = ssl_create_cipher_list(s->ctx->method, &s->cipher_list,
1323 &s->cipher_list_by_id, str); 1368 &s->cipher_list_by_id, str);
@@ -1325,7 +1370,8 @@ SSL_set_cipher_list(SSL *s, const char *str)
1325 if (sk == NULL) 1370 if (sk == NULL)
1326 return 0; 1371 return 0;
1327 else if (sk_SSL_CIPHER_num(sk) == 0) { 1372 else if (sk_SSL_CIPHER_num(sk) == 0) {
1328 SSLerr(SSL_F_SSL_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH); 1373 SSLerr(SSL_F_SSL_SET_CIPHER_LIST,
1374 SSL_R_NO_CIPHER_MATCH);
1329 return 0; 1375 return 0;
1330 } 1376 }
1331 return 1; 1377 return 1;
@@ -1335,11 +1381,11 @@ SSL_set_cipher_list(SSL *s, const char *str)
1335char * 1381char *
1336SSL_get_shared_ciphers(const SSL *s, char *buf, int len) 1382SSL_get_shared_ciphers(const SSL *s, char *buf, int len)
1337{ 1383{
1338 char *end; 1384 char *end;
1339 STACK_OF(SSL_CIPHER) *sk; 1385 STACK_OF(SSL_CIPHER) *sk;
1340 SSL_CIPHER *c; 1386 SSL_CIPHER *c;
1341 size_t curlen = 0; 1387 size_t curlen = 0;
1342 int i; 1388 int i;
1343 1389
1344 if ((s->session == NULL) || (s->session->ciphers == NULL) || 1390 if ((s->session == NULL) || (s->session->ciphers == NULL) ||
1345 (len < 2)) 1391 (len < 2))
@@ -1351,7 +1397,7 @@ SSL_get_shared_ciphers(const SSL *s, char *buf, int len)
1351 c = sk_SSL_CIPHER_value(sk, i); 1397 c = sk_SSL_CIPHER_value(sk, i);
1352 end = buf + curlen; 1398 end = buf + curlen;
1353 if (strlcat(buf, c->name, len) >= len || 1399 if (strlcat(buf, c->name, len) >= len ||
1354 (curlen = strlcat(buf, ":", len)) >= len) { 1400 (curlen = strlcat(buf, ":", len)) >= len) {
1355 /* remove truncated cipher from list */ 1401 /* remove truncated cipher from list */
1356 *end = '\0'; 1402 *end = '\0';
1357 break; 1403 break;
@@ -1367,11 +1413,11 @@ int
1367ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, unsigned char *p, 1413ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, unsigned char *p,
1368 int (*put_cb)(const SSL_CIPHER *, unsigned char *)) 1414 int (*put_cb)(const SSL_CIPHER *, unsigned char *))
1369{ 1415{
1370 int i, j = 0; 1416 int i, j = 0;
1371 SSL_CIPHER *c; 1417 SSL_CIPHER *c;
1372 unsigned char *q; 1418 unsigned char *q;
1373#ifndef OPENSSL_NO_KRB5 1419#ifndef OPENSSL_NO_KRB5
1374 int nokrb5 = !kssl_tgt_is_available(s->kssl_ctx); 1420 int nokrb5 = !kssl_tgt_is_available(s->kssl_ctx);
1375#endif /* OPENSSL_NO_KRB5 */ 1421#endif /* OPENSSL_NO_KRB5 */
1376 1422
1377 if (sk == NULL) 1423 if (sk == NULL)
@@ -1382,30 +1428,33 @@ ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, unsigned char *p,
1382 c = sk_SSL_CIPHER_value(sk, i); 1428 c = sk_SSL_CIPHER_value(sk, i);
1383 /* Skip TLS v1.2 only ciphersuites if lower than v1.2 */ 1429 /* Skip TLS v1.2 only ciphersuites if lower than v1.2 */
1384 if ((c->algorithm_ssl & SSL_TLSV1_2) && 1430 if ((c->algorithm_ssl & SSL_TLSV1_2) &&
1385 (TLS1_get_client_version(s) < TLS1_2_VERSION)) 1431 (TLS1_get_client_version(s) < TLS1_2_VERSION))
1386 continue; 1432 continue;
1387#ifndef OPENSSL_NO_KRB5 1433#ifndef OPENSSL_NO_KRB5
1388 if (((c->algorithm_mkey & SSL_kKRB5) || (c->algorithm_auth & SSL_aKRB5)) && 1434 if (((c->algorithm_mkey & SSL_kKRB5) ||
1389 nokrb5) 1435 (c->algorithm_auth & SSL_aKRB5)) && nokrb5)
1390 continue; 1436 continue;
1391#endif /* OPENSSL_NO_KRB5 */ 1437#endif /* OPENSSL_NO_KRB5 */
1392#ifndef OPENSSL_NO_PSK 1438#ifndef OPENSSL_NO_PSK
1393 /* with PSK there must be client callback set */ 1439 /* with PSK there must be client callback set */
1394 if (((c->algorithm_mkey & SSL_kPSK) || (c->algorithm_auth & SSL_aPSK)) && 1440 if (((c->algorithm_mkey & SSL_kPSK) ||
1395 s->psk_client_callback == NULL) 1441 (c->algorithm_auth & SSL_aPSK)) &&
1396 continue; 1442 s->psk_client_callback == NULL)
1443 continue;
1397#endif /* OPENSSL_NO_PSK */ 1444#endif /* OPENSSL_NO_PSK */
1398 j = put_cb ? put_cb(c, p) : ssl_put_cipher_by_char(s, c, p); 1445 j = put_cb ? put_cb(c, p) : ssl_put_cipher_by_char(s, c, p);
1399 p += j; 1446 p += j;
1400 } 1447 }
1401 /* If p == q, no ciphers and caller indicates an error. Otherwise 1448 /*
1449 * If p == q, no ciphers and caller indicates an error. Otherwise
1402 * add SCSV if not renegotiating. 1450 * add SCSV if not renegotiating.
1403 */ 1451 */
1404 if (p != q && !s->renegotiate) { 1452 if (p != q && !s->renegotiate) {
1405 static SSL_CIPHER scsv = { 1453 static SSL_CIPHER scsv = {
1406 0, NULL, SSL3_CK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0 1454 0, NULL, SSL3_CK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0
1407 }; 1455 };
1408 j = put_cb ? put_cb(&scsv, p) : ssl_put_cipher_by_char(s, &scsv, p); 1456 j = put_cb ? put_cb(&scsv, p) :
1457 ssl_put_cipher_by_char(s, &scsv, p);
1409 p += j; 1458 p += j;
1410#ifdef OPENSSL_RI_DEBUG 1459#ifdef OPENSSL_RI_DEBUG
1411 fprintf(stderr, "SCSV sent by client\n"); 1460 fprintf(stderr, "SCSV sent by client\n");
@@ -1419,15 +1468,17 @@ STACK_OF(SSL_CIPHER) *
1419ssl_bytes_to_cipher_list(SSL *s, unsigned char *p, int num, 1468ssl_bytes_to_cipher_list(SSL *s, unsigned char *p, int num,
1420 STACK_OF(SSL_CIPHER) **skp) 1469 STACK_OF(SSL_CIPHER) **skp)
1421{ 1470{
1422 const SSL_CIPHER *c; 1471 const SSL_CIPHER *c;
1423 STACK_OF(SSL_CIPHER) *sk; 1472 STACK_OF(SSL_CIPHER) *sk;
1424 int i, n; 1473 int i, n;
1474
1425 if (s->s3) 1475 if (s->s3)
1426 s->s3->send_connection_binding = 0; 1476 s->s3->send_connection_binding = 0;
1427 1477
1428 n = ssl_put_cipher_by_char(s, NULL, NULL); 1478 n = ssl_put_cipher_by_char(s, NULL, NULL);
1429 if ((num % n) != 0) { 1479 if ((num % n) != 0) {
1430 SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST); 1480 SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,
1481 SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
1431 return (NULL); 1482 return (NULL);
1432 } 1483 }
1433 if ((skp == NULL) || (*skp == NULL)) 1484 if ((skp == NULL) || (*skp == NULL))
@@ -1440,12 +1491,14 @@ ssl_bytes_to_cipher_list(SSL *s, unsigned char *p, int num,
1440 for (i = 0; i < num; i += n) { 1491 for (i = 0; i < num; i += n) {
1441 /* Check for SCSV */ 1492 /* Check for SCSV */
1442 if (s->s3 && (n != 3 || !p[0]) && 1493 if (s->s3 && (n != 3 || !p[0]) &&
1443 (p[n - 2] == ((SSL3_CK_SCSV >> 8) & 0xff)) && 1494 (p[n - 2] == ((SSL3_CK_SCSV >> 8) & 0xff)) &&
1444 (p[n - 1] == (SSL3_CK_SCSV & 0xff))) { 1495 (p[n - 1] == (SSL3_CK_SCSV & 0xff))) {
1445 /* SCSV fatal if renegotiating */ 1496 /* SCSV fatal if renegotiating */
1446 if (s->renegotiate) { 1497 if (s->renegotiate) {
1447 SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING); 1498 SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,
1448 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); 1499 SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING);
1500 ssl3_send_alert(s, SSL3_AL_FATAL,
1501 SSL_AD_HANDSHAKE_FAILURE);
1449 1502
1450 goto err; 1503 goto err;
1451 } 1504 }
@@ -1461,7 +1514,8 @@ ssl_bytes_to_cipher_list(SSL *s, unsigned char *p, int num,
1461 p += n; 1514 p += n;
1462 if (c != NULL) { 1515 if (c != NULL) {
1463 if (!sk_SSL_CIPHER_push(sk, c)) { 1516 if (!sk_SSL_CIPHER_push(sk, c)) {
1464 SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, ERR_R_MALLOC_FAILURE); 1517 SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,
1518 ERR_R_MALLOC_FAILURE);
1465 goto err; 1519 goto err;
1466 } 1520 }
1467 } 1521 }
@@ -1470,7 +1524,7 @@ ssl_bytes_to_cipher_list(SSL *s, unsigned char *p, int num,
1470 if (skp != NULL) 1524 if (skp != NULL)
1471 *skp = sk; 1525 *skp = sk;
1472 return (sk); 1526 return (sk);
1473err: 1527 err:
1474 if ((skp == NULL) || (*skp == NULL)) 1528 if ((skp == NULL) || (*skp == NULL))
1475 sk_SSL_CIPHER_free(sk); 1529 sk_SSL_CIPHER_free(sk);
1476 return (NULL); 1530 return (NULL);
@@ -1478,10 +1532,10 @@ err:
1478 1532
1479 1533
1480#ifndef OPENSSL_NO_TLSEXT 1534#ifndef OPENSSL_NO_TLSEXT
1481/** return a servername extension value if provided in Client Hello, or NULL. 1535/*
1536 * Return a servername extension value if provided in Client Hello, or NULL.
1482 * So far, only host_name types are defined (RFC 3546). 1537 * So far, only host_name types are defined (RFC 3546).
1483 */ 1538 */
1484
1485const char * 1539const char *
1486SSL_get_servername(const SSL *s, const int type) 1540SSL_get_servername(const SSL *s, const int type)
1487{ 1541{
@@ -1489,20 +1543,23 @@ SSL_get_servername(const SSL *s, const int type)
1489 return NULL; 1543 return NULL;
1490 1544
1491 return s->session && !s->tlsext_hostname ? 1545 return s->session && !s->tlsext_hostname ?
1492 s->session->tlsext_hostname : 1546 s->session->tlsext_hostname :
1493 s->tlsext_hostname; 1547 s->tlsext_hostname;
1494} 1548}
1495 1549
1496int 1550int
1497SSL_get_servername_type(const SSL *s) 1551SSL_get_servername_type(const SSL *s)
1498{ 1552{
1499 if (s->session && (!s->tlsext_hostname ? s->session->tlsext_hostname : s->tlsext_hostname)) 1553 if (s->session &&
1554 (!s->tlsext_hostname ?
1555 s->session->tlsext_hostname : s->tlsext_hostname))
1500 return TLSEXT_NAMETYPE_host_name; 1556 return TLSEXT_NAMETYPE_host_name;
1501 return -1; 1557 return -1;
1502} 1558}
1503 1559
1504# ifndef OPENSSL_NO_NEXTPROTONEG 1560# ifndef OPENSSL_NO_NEXTPROTONEG
1505/* SSL_select_next_proto implements the standard protocol selection. It is 1561/*
1562 * SSL_select_next_proto implements the standard protocol selection. It is
1506 * expected that this function is called from the callback set by 1563 * expected that this function is called from the callback set by
1507 * SSL_CTX_set_next_proto_select_cb. 1564 * SSL_CTX_set_next_proto_select_cb.
1508 * 1565 *
@@ -1533,17 +1590,23 @@ SSL_get_servername_type(const SSL *s)
1533 * OPENSSL_NPN_NO_OVERLAP if the fallback case was reached. 1590 * OPENSSL_NPN_NO_OVERLAP if the fallback case was reached.
1534 */ 1591 */
1535int 1592int
1536SSL_select_next_proto(unsigned char **out, unsigned char *outlen, const unsigned char *server, unsigned int server_len, const unsigned char *client, unsigned int client_len) 1593SSL_select_next_proto(unsigned char **out, unsigned char *outlen,
1594 const unsigned char *server, unsigned int server_len,
1595 const unsigned char *client, unsigned int client_len)
1537{ 1596{
1538 unsigned int i, j; 1597 unsigned int i, j;
1539 const unsigned char *result; 1598 const unsigned char *result;
1540 int status = OPENSSL_NPN_UNSUPPORTED; 1599 int status = OPENSSL_NPN_UNSUPPORTED;
1541 1600
1542 /* For each protocol in server preference order, see if we support it. */ 1601 /*
1602 * For each protocol in server preference order,
1603 * see if we support it.
1604 */
1543 for (i = 0; i < server_len; ) { 1605 for (i = 0; i < server_len; ) {
1544 for (j = 0; j < client_len; ) { 1606 for (j = 0; j < client_len; ) {
1545 if (server[i] == client[j] && 1607 if (server[i] == client[j] &&
1546 memcmp(&server[i + 1], &client[j + 1], server[i]) == 0) { 1608 memcmp(&server[i + 1],
1609 &client[j + 1], server[i]) == 0) {
1547 /* We found a match */ 1610 /* We found a match */
1548 result = &server[i]; 1611 result = &server[i];
1549 status = OPENSSL_NPN_NEGOTIATED; 1612 status = OPENSSL_NPN_NEGOTIATED;
@@ -1560,13 +1623,14 @@ SSL_select_next_proto(unsigned char **out, unsigned char *outlen, const unsigned
1560 result = client; 1623 result = client;
1561 status = OPENSSL_NPN_NO_OVERLAP; 1624 status = OPENSSL_NPN_NO_OVERLAP;
1562 1625
1563 found: 1626 found:
1564 *out = (unsigned char *) result + 1; 1627 *out = (unsigned char *) result + 1;
1565 *outlen = result[0]; 1628 *outlen = result[0];
1566 return status; 1629 return status;
1567} 1630}
1568 1631
1569/* SSL_get0_next_proto_negotiated sets *data and *len to point to the client's 1632/*
1633 * SSL_get0_next_proto_negotiated sets *data and *len to point to the client's
1570 * requested protocol for this connection and returns 0. If the client didn't 1634 * requested protocol for this connection and returns 0. If the client didn't
1571 * request any protocol, then *data is set to NULL. 1635 * request any protocol, then *data is set to NULL.
1572 * 1636 *
@@ -1575,7 +1639,8 @@ SSL_select_next_proto(unsigned char **out, unsigned char *outlen, const unsigned
1575 * provided by the callback. 1639 * provided by the callback.
1576 */ 1640 */
1577void 1641void
1578SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data, unsigned *len) 1642SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data,
1643 unsigned *len)
1579{ 1644{
1580 *data = s->next_proto_negotiated; 1645 *data = s->next_proto_negotiated;
1581 if (!*data) { 1646 if (!*data) {
@@ -1585,23 +1650,27 @@ SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data, unsigne
1585 } 1650 }
1586} 1651}
1587 1652
1588/* SSL_CTX_set_next_protos_advertised_cb sets a callback that is called when a 1653/*
1654 * SSL_CTX_set_next_protos_advertised_cb sets a callback that is called when a
1589 * TLS server needs a list of supported protocols for Next Protocol 1655 * TLS server needs a list of supported protocols for Next Protocol
1590 * Negotiation. The returned list must be in wire format. The list is returned 1656 * Negotiation. The returned list must be in wire format. The list is returned
1591 * by setting |out| to point to it and |outlen| to its length. This memory will 1657 * by setting |out| to point to it and |outlen| to its length. This memory will
1592 * not be modified, but one should assume that the SSL* keeps a reference to 1658 * not be modified, but one should assume that the SSL* keeps a reference to
1593 * it. 1659 * it.
1594 * 1660 *
1595 * The callback should return SSL_TLSEXT_ERR_OK if it wishes to advertise. Otherwise, no 1661 * The callback should return SSL_TLSEXT_ERR_OK if it wishes to advertise.
1596 * such extension will be included in the ServerHello. */ 1662 * Otherwise, no such extension will be included in the ServerHello.
1663 */
1597void 1664void
1598SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *ctx, int (*cb) (SSL *ssl, const unsigned char **out, unsigned int *outlen, void *arg), void *arg) 1665SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *ctx, int (*cb) (SSL *ssl,
1666 const unsigned char **out, unsigned int *outlen, void *arg), void *arg)
1599{ 1667{
1600 ctx->next_protos_advertised_cb = cb; 1668 ctx->next_protos_advertised_cb = cb;
1601 ctx->next_protos_advertised_cb_arg = arg; 1669 ctx->next_protos_advertised_cb_arg = arg;
1602} 1670}
1603 1671
1604/* SSL_CTX_set_next_proto_select_cb sets a callback that is called when a 1672/*
1673 * SSL_CTX_set_next_proto_select_cb sets a callback that is called when a
1605 * client needs to select a protocol from the server's provided list. |out| 1674 * client needs to select a protocol from the server's provided list. |out|
1606 * must be set to point to the selected protocol (which may be within |in|). 1675 * must be set to point to the selected protocol (which may be within |in|).
1607 * The length of the protocol name must be written into |outlen|. The server's 1676 * The length of the protocol name must be written into |outlen|. The server's
@@ -1612,7 +1681,9 @@ SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *ctx, int (*cb) (SSL *ssl, const u
1612 * callback returns a value other than SSL_TLSEXT_ERR_OK. 1681 * callback returns a value other than SSL_TLSEXT_ERR_OK.
1613 */ 1682 */
1614void 1683void
1615SSL_CTX_set_next_proto_select_cb(SSL_CTX *ctx, int (*cb) (SSL *s, unsigned char **out, unsigned char *outlen, const unsigned char *in, unsigned int inlen, void *arg), void *arg) 1684SSL_CTX_set_next_proto_select_cb(SSL_CTX *ctx, int (*cb) (SSL *s,
1685 unsigned char **out, unsigned char *outlen, const unsigned char *in,
1686 unsigned int inlen, void *arg), void *arg)
1616{ 1687{
1617 ctx->next_proto_select_cb = cb; 1688 ctx->next_proto_select_cb = cb;
1618 ctx->next_proto_select_cb_arg = arg; 1689 ctx->next_proto_select_cb_arg = arg;
@@ -1623,34 +1694,35 @@ SSL_CTX_set_next_proto_select_cb(SSL_CTX *ctx, int (*cb) (SSL *s, unsigned char
1623int 1694int
1624SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen, 1695SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen,
1625 const char *label, size_t llen, const unsigned char *p, size_t plen, 1696 const char *label, size_t llen, const unsigned char *p, size_t plen,
1626int use_context) 1697 int use_context)
1627{ 1698{
1628 if (s->version < TLS1_VERSION) 1699 if (s->version < TLS1_VERSION)
1629 return -1; 1700 return -1;
1630 1701
1631 return s->method->ssl3_enc->export_keying_material(s, out, olen, label, 1702 return s->method->ssl3_enc->export_keying_material(s, out, olen,
1632 llen, p, plen, 1703 label, llen, p, plen, use_context);
1633 use_context);
1634} 1704}
1635 1705
1636static unsigned long 1706static unsigned long
1637ssl_session_hash(const SSL_SESSION *a) 1707ssl_session_hash(const SSL_SESSION *a)
1638{ 1708{
1639 unsigned long l; 1709 unsigned long l;
1640 1710
1641 l = (unsigned long) 1711 l = (unsigned long)
1642 ((unsigned int) a->session_id[0] )| 1712 ((unsigned int) a->session_id[0] )|
1643 ((unsigned int) a->session_id[1]<< 8L)| 1713 ((unsigned int) a->session_id[1]<< 8L)|
1644 ((unsigned long)a->session_id[2]<<16L)| 1714 ((unsigned long)a->session_id[2]<<16L)|
1645 ((unsigned long)a->session_id[3]<<24L); 1715 ((unsigned long)a->session_id[3]<<24L);
1646 return (l); 1716 return (l);
1647} 1717}
1648 1718
1649/* NB: If this function (or indeed the hash function which uses a sort of 1719/*
1720 * NB: If this function (or indeed the hash function which uses a sort of
1650 * coarser function than this one) is changed, ensure 1721 * coarser function than this one) is changed, ensure
1651 * SSL_CTX_has_matching_session_id() is checked accordingly. It relies on being 1722 * SSL_CTX_has_matching_session_id() is checked accordingly. It relies on being
1652 * able to construct an SSL_SESSION that will collide with any existing session 1723 * able to construct an SSL_SESSION that will collide with any existing session
1653 * with a matching session ID. */ 1724 * with a matching session ID.
1725 */
1654static int 1726static int
1655ssl_session_cmp(const SSL_SESSION *a, const SSL_SESSION *b) 1727ssl_session_cmp(const SSL_SESSION *a, const SSL_SESSION *b)
1656{ 1728{
@@ -1661,10 +1733,12 @@ ssl_session_cmp(const SSL_SESSION *a, const SSL_SESSION *b)
1661 return (memcmp(a->session_id, b->session_id, a->session_id_length)); 1733 return (memcmp(a->session_id, b->session_id, a->session_id_length));
1662} 1734}
1663 1735
1664/* These wrapper functions should remain rather than redeclaring 1736/*
1737 * These wrapper functions should remain rather than redeclaring
1665 * SSL_SESSION_hash and SSL_SESSION_cmp for void* types and casting each 1738 * SSL_SESSION_hash and SSL_SESSION_cmp for void* types and casting each
1666 * variable. The reason is that the functions aren't static, they're exposed via 1739 * variable. The reason is that the functions aren't static, they're exposed via
1667 * ssl.h. */ 1740 * ssl.h.
1741 */
1668static 1742static
1669IMPLEMENT_LHASH_HASH_FN(ssl_session, SSL_SESSION) 1743IMPLEMENT_LHASH_HASH_FN(ssl_session, SSL_SESSION)
1670static 1744static
@@ -1673,15 +1747,17 @@ IMPLEMENT_LHASH_COMP_FN(ssl_session, SSL_SESSION)
1673SSL_CTX * 1747SSL_CTX *
1674SSL_CTX_new(const SSL_METHOD *meth) 1748SSL_CTX_new(const SSL_METHOD *meth)
1675{ 1749{
1676 SSL_CTX *ret = NULL; 1750 SSL_CTX *ret = NULL;
1677 1751
1678 if (meth == NULL) { 1752 if (meth == NULL) {
1679 SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_NULL_SSL_METHOD_PASSED); 1753 SSLerr(SSL_F_SSL_CTX_NEW,
1754 SSL_R_NULL_SSL_METHOD_PASSED);
1680 return (NULL); 1755 return (NULL);
1681 } 1756 }
1682 1757
1683 if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0) { 1758 if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0) {
1684 SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_X509_VERIFICATION_SETUP_PROBLEMS); 1759 SSLerr(SSL_F_SSL_CTX_NEW,
1760 SSL_R_X509_VERIFICATION_SETUP_PROBLEMS);
1685 goto err; 1761 goto err;
1686 } 1762 }
1687 ret = calloc(1, sizeof(SSL_CTX)); 1763 ret = calloc(1, sizeof(SSL_CTX));
@@ -1748,7 +1824,8 @@ SSL_CTX_new(const SSL_METHOD *meth)
1748 &ret->cipher_list_by_id, SSL_DEFAULT_CIPHER_LIST); 1824 &ret->cipher_list_by_id, SSL_DEFAULT_CIPHER_LIST);
1749 if (ret->cipher_list == NULL || 1825 if (ret->cipher_list == NULL ||
1750 sk_SSL_CIPHER_num(ret->cipher_list) <= 0) { 1826 sk_SSL_CIPHER_num(ret->cipher_list) <= 0) {
1751 SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_LIBRARY_HAS_NO_CIPHERS); 1827 SSLerr(SSL_F_SSL_CTX_NEW,
1828 SSL_R_LIBRARY_HAS_NO_CIPHERS);
1752 goto err2; 1829 goto err2;
1753 } 1830 }
1754 1831
@@ -1757,11 +1834,13 @@ SSL_CTX_new(const SSL_METHOD *meth)
1757 goto err; 1834 goto err;
1758 1835
1759 if ((ret->md5 = EVP_get_digestbyname("ssl3-md5")) == NULL) { 1836 if ((ret->md5 = EVP_get_digestbyname("ssl3-md5")) == NULL) {
1760 SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES); 1837 SSLerr(SSL_F_SSL_CTX_NEW,
1838 SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES);
1761 goto err2; 1839 goto err2;
1762 } 1840 }
1763 if ((ret->sha1 = EVP_get_digestbyname("ssl3-sha1")) == NULL) { 1841 if ((ret->sha1 = EVP_get_digestbyname("ssl3-sha1")) == NULL) {
1764 SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES); 1842 SSLerr(SSL_F_SSL_CTX_NEW,
1843 SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES);
1765 goto err2; 1844 goto err2;
1766 } 1845 }
1767 1846
@@ -1782,9 +1861,9 @@ SSL_CTX_new(const SSL_METHOD *meth)
1782 ret->tlsext_servername_arg = NULL; 1861 ret->tlsext_servername_arg = NULL;
1783 /* Setup RFC4507 ticket keys */ 1862 /* Setup RFC4507 ticket keys */
1784 if ((RAND_pseudo_bytes(ret->tlsext_tick_key_name, 16) <= 0) 1863 if ((RAND_pseudo_bytes(ret->tlsext_tick_key_name, 16) <= 0)
1785 || (RAND_bytes(ret->tlsext_tick_hmac_key, 16) <= 0) 1864 || (RAND_bytes(ret->tlsext_tick_hmac_key, 16) <= 0)
1786 || (RAND_bytes(ret->tlsext_tick_aes_key, 16) <= 0)) 1865 || (RAND_bytes(ret->tlsext_tick_aes_key, 16) <= 0))
1787 ret->options |= SSL_OP_NO_TICKET; 1866 ret->options |= SSL_OP_NO_TICKET;
1788 1867
1789 ret->tlsext_status_cb = 0; 1868 ret->tlsext_status_cb = 0;
1790 ret->tlsext_status_arg = NULL; 1869 ret->tlsext_status_arg = NULL;
@@ -1814,22 +1893,25 @@ SSL_CTX_new(const SSL_METHOD *meth)
1814 if (!eng) { 1893 if (!eng) {
1815 ERR_clear_error(); 1894 ERR_clear_error();
1816 ENGINE_load_builtin_engines(); 1895 ENGINE_load_builtin_engines();
1817 eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO)); 1896 eng = ENGINE_by_id(eng_str(
1897 OPENSSL_SSL_CLIENT_ENGINE_AUTO));
1818 } 1898 }
1819 if (!eng || !SSL_CTX_set_client_cert_engine(ret, eng)) 1899 if (!eng || !SSL_CTX_set_client_cert_engine(ret, eng))
1820 ERR_clear_error(); 1900 ERR_clear_error();
1821 } 1901 }
1822#endif 1902#endif
1823#endif 1903#endif
1824 /* Default is to connect to non-RI servers. When RI is more widely 1904 /*
1905 * Default is to connect to non-RI servers. When RI is more widely
1825 * deployed might change this. 1906 * deployed might change this.
1826 */ 1907 */
1827 ret->options |= SSL_OP_LEGACY_SERVER_CONNECT; 1908 ret->options |= SSL_OP_LEGACY_SERVER_CONNECT;
1828 1909
1829 return (ret); 1910 return (ret);
1830err: 1911 err:
1831 SSLerr(SSL_F_SSL_CTX_NEW, ERR_R_MALLOC_FAILURE); 1912 SSLerr(SSL_F_SSL_CTX_NEW,
1832err2: 1913 ERR_R_MALLOC_FAILURE);
1914 err2:
1833 if (ret != NULL) 1915 if (ret != NULL)
1834 SSL_CTX_free(ret); 1916 SSL_CTX_free(ret);
1835 return (NULL); 1917 return (NULL);
@@ -1845,7 +1927,7 @@ SSL_COMP_free(SSL_COMP *comp)
1845void 1927void
1846SSL_CTX_free(SSL_CTX *a) 1928SSL_CTX_free(SSL_CTX *a)
1847{ 1929{
1848 int i; 1930 int i;
1849 1931
1850 if (a == NULL) 1932 if (a == NULL)
1851 return; 1933 return;
@@ -1926,7 +2008,8 @@ SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u)
1926} 2008}
1927 2009
1928void 2010void
1929SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*cb)(X509_STORE_CTX *, void *), void *arg) 2011SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*cb)(X509_STORE_CTX *,
2012 void *), void *arg)
1930{ 2013{
1931 ctx->app_verify_callback = cb; 2014 ctx->app_verify_callback = cb;
1932 ctx->app_verify_arg = arg; 2015 ctx->app_verify_arg = arg;
@@ -1948,18 +2031,18 @@ SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth)
1948void 2031void
1949ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) 2032ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
1950{ 2033{
1951 CERT_PKEY *cpk; 2034 CERT_PKEY *cpk;
1952 int rsa_enc, rsa_tmp, rsa_sign, dh_tmp, dh_rsa, dh_dsa, dsa_sign; 2035 int rsa_enc, rsa_tmp, rsa_sign, dh_tmp, dh_rsa, dh_dsa, dsa_sign;
1953 int rsa_enc_export, dh_rsa_export, dh_dsa_export; 2036 int rsa_enc_export, dh_rsa_export, dh_dsa_export;
1954 int rsa_tmp_export, dh_tmp_export, kl; 2037 int rsa_tmp_export, dh_tmp_export, kl;
1955 unsigned long mask_k, mask_a, emask_k, emask_a; 2038 unsigned long mask_k, mask_a, emask_k, emask_a;
1956 int have_ecc_cert, ecdh_ok, ecdsa_ok, ecc_pkey_size; 2039 int have_ecc_cert, ecdh_ok, ecdsa_ok, ecc_pkey_size;
1957#ifndef OPENSSL_NO_ECDH 2040#ifndef OPENSSL_NO_ECDH
1958 int have_ecdh_tmp; 2041 int have_ecdh_tmp;
1959#endif 2042#endif
1960 X509 *x = NULL; 2043 X509 *x = NULL;
1961 EVP_PKEY *ecc_pkey = NULL; 2044 EVP_PKEY *ecc_pkey = NULL;
1962 int signature_nid = 0, pk_nid = 0, md_nid = 0; 2045 int signature_nid = 0, pk_nid = 0, md_nid = 0;
1963 2046
1964 if (c == NULL) 2047 if (c == NULL)
1965 return; 2048 return;
@@ -2005,8 +2088,8 @@ ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
2005 2088
2006#ifdef CIPHER_DEBUG 2089#ifdef CIPHER_DEBUG
2007 printf("rt=%d rte=%d dht=%d ecdht=%d re=%d ree=%d rs=%d ds=%d dhr=%d dhd=%d\n", 2090 printf("rt=%d rte=%d dht=%d ecdht=%d re=%d ree=%d rs=%d ds=%d dhr=%d dhd=%d\n",
2008 rsa_tmp, rsa_tmp_export, dh_tmp, have_ecdh_tmp, 2091 rsa_tmp, rsa_tmp_export, dh_tmp, have_ecdh_tmp,
2009 rsa_enc, rsa_enc_export, rsa_sign, dsa_sign, dh_rsa, dh_dsa); 2092 rsa_enc, rsa_enc_export, rsa_sign, dsa_sign, dh_rsa, dh_dsa);
2010#endif 2093#endif
2011 2094
2012 cpk = &(c->pkeys[SSL_PKEY_GOST01]); 2095 cpk = &(c->pkeys[SSL_PKEY_GOST01]);
@@ -2071,7 +2154,8 @@ ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
2071 emask_a|=SSL_aKRB5; 2154 emask_a|=SSL_aKRB5;
2072#endif 2155#endif
2073 2156
2074 /* An ECC certificate may be usable for ECDH and/or 2157 /*
2158 * An ECC certificate may be usable for ECDH and/or
2075 * ECDSA cipher suites depending on the key usage extension. 2159 * ECDSA cipher suites depending on the key usage extension.
2076 */ 2160 */
2077 if (have_ecc_cert) { 2161 if (have_ecc_cert) {
@@ -2150,11 +2234,11 @@ ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
2150int 2234int
2151ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s) 2235ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s)
2152{ 2236{
2153 unsigned long alg_k, alg_a; 2237 unsigned long alg_k, alg_a;
2154 EVP_PKEY *pkey = NULL; 2238 EVP_PKEY *pkey = NULL;
2155 int keysize = 0; 2239 int keysize = 0;
2156 int signature_nid = 0, md_nid = 0, pk_nid = 0; 2240 int signature_nid = 0, md_nid = 0, pk_nid = 0;
2157 const SSL_CIPHER *cs = s->s3->tmp.new_cipher; 2241 const SSL_CIPHER *cs = s->s3->tmp.new_cipher;
2158 2242
2159 alg_k = cs->algorithm_mkey; 2243 alg_k = cs->algorithm_mkey;
2160 alg_a = cs->algorithm_auth; 2244 alg_a = cs->algorithm_auth;
@@ -2179,21 +2263,25 @@ ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s)
2179 if (alg_k & SSL_kECDHe || alg_k & SSL_kECDHr) { 2263 if (alg_k & SSL_kECDHe || alg_k & SSL_kECDHr) {
2180 /* key usage, if present, must allow key agreement */ 2264 /* key usage, if present, must allow key agreement */
2181 if (ku_reject(x, X509v3_KU_KEY_AGREEMENT)) { 2265 if (ku_reject(x, X509v3_KU_KEY_AGREEMENT)) {
2182 SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_NOT_FOR_KEY_AGREEMENT); 2266 SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG,
2267 SSL_R_ECC_CERT_NOT_FOR_KEY_AGREEMENT);
2183 return 0; 2268 return 0;
2184 } 2269 }
2185 if ((alg_k & SSL_kECDHe) && TLS1_get_version(s) < TLS1_2_VERSION) { 2270 if ((alg_k & SSL_kECDHe) && TLS1_get_version(s) <
2271 TLS1_2_VERSION) {
2186 /* signature alg must be ECDSA */ 2272 /* signature alg must be ECDSA */
2187 if (pk_nid != NID_X9_62_id_ecPublicKey) { 2273 if (pk_nid != NID_X9_62_id_ecPublicKey) {
2188 SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE); 2274 SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG,
2275 SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE);
2189 return 0; 2276 return 0;
2190 } 2277 }
2191 } 2278 }
2192 if ((alg_k & SSL_kECDHr) && TLS1_get_version(s) < TLS1_2_VERSION) { 2279 if ((alg_k & SSL_kECDHr) && TLS1_get_version(s) <
2280 TLS1_2_VERSION) {
2193 /* signature alg must be RSA */ 2281 /* signature alg must be RSA */
2194
2195 if (pk_nid != NID_rsaEncryption && pk_nid != NID_rsa) { 2282 if (pk_nid != NID_rsaEncryption && pk_nid != NID_rsa) {
2196 SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE); 2283 SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG,
2284 SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE);
2197 return 0; 2285 return 0;
2198 } 2286 }
2199 } 2287 }
@@ -2201,7 +2289,8 @@ ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s)
2201 if (alg_a & SSL_aECDSA) { 2289 if (alg_a & SSL_aECDSA) {
2202 /* key usage, if present, must allow signing */ 2290 /* key usage, if present, must allow signing */
2203 if (ku_reject(x, X509v3_KU_DIGITAL_SIGNATURE)) { 2291 if (ku_reject(x, X509v3_KU_DIGITAL_SIGNATURE)) {
2204 SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_NOT_FOR_SIGNING); 2292 SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG,
2293 SSL_R_ECC_CERT_NOT_FOR_SIGNING);
2205 return 0; 2294 return 0;
2206 } 2295 }
2207 } 2296 }
@@ -2216,9 +2305,9 @@ ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s)
2216CERT_PKEY * 2305CERT_PKEY *
2217ssl_get_server_send_pkey(const SSL *s) 2306ssl_get_server_send_pkey(const SSL *s)
2218{ 2307{
2219 unsigned long alg_k, alg_a; 2308 unsigned long alg_k, alg_a;
2220 CERT *c; 2309 CERT *c;
2221 int i; 2310 int i;
2222 2311
2223 c = s->cert; 2312 c = s->cert;
2224 ssl_set_cert_masks(c, s->s3->tmp.new_cipher); 2313 ssl_set_cert_masks(c, s->s3->tmp.new_cipher);
@@ -2227,7 +2316,8 @@ ssl_get_server_send_pkey(const SSL *s)
2227 alg_a = s->s3->tmp.new_cipher->algorithm_auth; 2316 alg_a = s->s3->tmp.new_cipher->algorithm_auth;
2228 2317
2229 if (alg_k & (SSL_kECDHr|SSL_kECDHe)) { 2318 if (alg_k & (SSL_kECDHr|SSL_kECDHe)) {
2230 /* we don't need to look at SSL_kEECDH 2319 /*
2320 * We don't need to look at SSL_kEECDH
2231 * since no certificate is needed for 2321 * since no certificate is needed for
2232 * anon ECDH and for authenticated 2322 * anon ECDH and for authenticated
2233 * EECDH, the check for the auth 2323 * EECDH, the check for the auth
@@ -2242,7 +2332,7 @@ ssl_get_server_send_pkey(const SSL *s)
2242 } else if (alg_a & SSL_aECDSA) { 2332 } else if (alg_a & SSL_aECDSA) {
2243 i = SSL_PKEY_ECC; 2333 i = SSL_PKEY_ECC;
2244 } else if (alg_k & SSL_kDHr) 2334 } else if (alg_k & SSL_kDHr)
2245 i = SSL_PKEY_DH_RSA; 2335 i = SSL_PKEY_DH_RSA;
2246 else if (alg_k & SSL_kDHd) 2336 else if (alg_k & SSL_kDHd)
2247 i = SSL_PKEY_DH_DSA; 2337 i = SSL_PKEY_DH_DSA;
2248 else if (alg_a & SSL_aDSS) 2338 else if (alg_a & SSL_aDSS)
@@ -2256,12 +2346,12 @@ ssl_get_server_send_pkey(const SSL *s)
2256 /* VRS something else here? */ 2346 /* VRS something else here? */
2257 return (NULL); 2347 return (NULL);
2258 } else if (alg_a & SSL_aGOST94) 2348 } else if (alg_a & SSL_aGOST94)
2259 i = SSL_PKEY_GOST94; 2349 i = SSL_PKEY_GOST94;
2260 else if (alg_a & SSL_aGOST01) 2350 else if (alg_a & SSL_aGOST01)
2261 i = SSL_PKEY_GOST01; 2351 i = SSL_PKEY_GOST01;
2262 else /* if (alg_a & SSL_aNULL) */ 2352 else { /* if (alg_a & SSL_aNULL) */
2263 { 2353 SSLerr(SSL_F_SSL_GET_SERVER_SEND_PKEY,
2264 SSLerr(SSL_F_SSL_GET_SERVER_SEND_PKEY, ERR_R_INTERNAL_ERROR); 2354 ERR_R_INTERNAL_ERROR);
2265 return (NULL); 2355 return (NULL);
2266 } 2356 }
2267 2357
@@ -2271,7 +2361,8 @@ ssl_get_server_send_pkey(const SSL *s)
2271X509 * 2361X509 *
2272ssl_get_server_send_cert(const SSL *s) 2362ssl_get_server_send_cert(const SSL *s)
2273{ 2363{
2274 CERT_PKEY *cpk; 2364 CERT_PKEY *cpk;
2365
2275 cpk = ssl_get_server_send_pkey(s); 2366 cpk = ssl_get_server_send_pkey(s);
2276 if (!cpk) 2367 if (!cpk)
2277 return NULL; 2368 return NULL;
@@ -2281,26 +2372,27 @@ ssl_get_server_send_cert(const SSL *s)
2281EVP_PKEY * 2372EVP_PKEY *
2282ssl_get_sign_pkey(SSL *s, const SSL_CIPHER *cipher, const EVP_MD **pmd) 2373ssl_get_sign_pkey(SSL *s, const SSL_CIPHER *cipher, const EVP_MD **pmd)
2283{ 2374{
2284 unsigned long alg_a; 2375 unsigned long alg_a;
2285 CERT *c; 2376 CERT *c;
2286 int idx = -1; 2377 int idx = -1;
2287 2378
2288 alg_a = cipher->algorithm_auth; 2379 alg_a = cipher->algorithm_auth;
2289 c = s->cert; 2380 c = s->cert;
2290 2381
2291 if ((alg_a & SSL_aDSS) && 2382 if ((alg_a & SSL_aDSS) &&
2292 (c->pkeys[SSL_PKEY_DSA_SIGN].privatekey != NULL)) 2383 (c->pkeys[SSL_PKEY_DSA_SIGN].privatekey != NULL))
2293 idx = SSL_PKEY_DSA_SIGN; 2384 idx = SSL_PKEY_DSA_SIGN;
2294 else if (alg_a & SSL_aRSA) { 2385 else if (alg_a & SSL_aRSA) {
2295 if (c->pkeys[SSL_PKEY_RSA_SIGN].privatekey != NULL) 2386 if (c->pkeys[SSL_PKEY_RSA_SIGN].privatekey != NULL)
2296 idx = SSL_PKEY_RSA_SIGN; 2387 idx = SSL_PKEY_RSA_SIGN;
2297 else if (c->pkeys[SSL_PKEY_RSA_ENC].privatekey != NULL) 2388 else if (c->pkeys[SSL_PKEY_RSA_ENC].privatekey != NULL)
2298 idx = SSL_PKEY_RSA_ENC; 2389 idx = SSL_PKEY_RSA_ENC;
2299 } else if ((alg_a & SSL_aECDSA) && 2390 } else if ((alg_a & SSL_aECDSA) &&
2300 (c->pkeys[SSL_PKEY_ECC].privatekey != NULL)) 2391 (c->pkeys[SSL_PKEY_ECC].privatekey != NULL))
2301 idx = SSL_PKEY_ECC; 2392 idx = SSL_PKEY_ECC;
2302 if (idx == -1) { 2393 if (idx == -1) {
2303 SSLerr(SSL_F_SSL_GET_SIGN_PKEY, ERR_R_INTERNAL_ERROR); 2394 SSLerr(SSL_F_SSL_GET_SIGN_PKEY,
2395 ERR_R_INTERNAL_ERROR);
2304 return (NULL); 2396 return (NULL);
2305 } 2397 }
2306 if (pmd) 2398 if (pmd)
@@ -2311,18 +2403,19 @@ ssl_get_sign_pkey(SSL *s, const SSL_CIPHER *cipher, const EVP_MD **pmd)
2311void 2403void
2312ssl_update_cache(SSL *s, int mode) 2404ssl_update_cache(SSL *s, int mode)
2313{ 2405{
2314 int i; 2406 int i;
2315 2407
2316 /* If the session_id_length is 0, we are not supposed to cache it, 2408 /*
2317 * and it would be rather hard to do anyway :-) */ 2409 * If the session_id_length is 0, we are not supposed to cache it,
2410 * and it would be rather hard to do anyway :-)
2411 */
2318 if (s->session->session_id_length == 0) 2412 if (s->session->session_id_length == 0)
2319 return; 2413 return;
2320 2414
2321 i = s->session_ctx->session_cache_mode; 2415 i = s->session_ctx->session_cache_mode;
2322 if ((i & mode) && (!s->hit) 2416 if ((i & mode) && (!s->hit) && ((i & SSL_SESS_CACHE_NO_INTERNAL_STORE)
2323 && ((i & SSL_SESS_CACHE_NO_INTERNAL_STORE) 2417 || SSL_CTX_add_session(s->session_ctx, s->session))
2324 || SSL_CTX_add_session(s->session_ctx, s->session)) 2418 && (s->session_ctx->new_session_cb != NULL)) {
2325 && (s->session_ctx->new_session_cb != NULL)) {
2326 CRYPTO_add(&s->session->references, 1, CRYPTO_LOCK_SSL_SESSION); 2419 CRYPTO_add(&s->session->references, 1, CRYPTO_LOCK_SSL_SESSION);
2327 if (!s->session_ctx->new_session_cb(s, s->session)) 2420 if (!s->session_ctx->new_session_cb(s, s->session))
2328 SSL_SESSION_free(s->session); 2421 SSL_SESSION_free(s->session);
@@ -2330,10 +2423,10 @@ ssl_update_cache(SSL *s, int mode)
2330 2423
2331 /* auto flush every 255 connections */ 2424 /* auto flush every 255 connections */
2332 if ((!(i & SSL_SESS_CACHE_NO_AUTO_CLEAR)) && 2425 if ((!(i & SSL_SESS_CACHE_NO_AUTO_CLEAR)) &&
2333 ((i & mode) == mode)) { 2426 ((i & mode) == mode)) {
2334 if ((((mode & SSL_SESS_CACHE_CLIENT) 2427 if ((((mode & SSL_SESS_CACHE_CLIENT) ?
2335 ?s->session_ctx->stats.sess_connect_good 2428 s->session_ctx->stats.sess_connect_good :
2336 :s->session_ctx->stats.sess_accept_good) & 0xff) == 0xff) { 2429 s->session_ctx->stats.sess_accept_good) & 0xff) == 0xff) {
2337 SSL_CTX_flush_sessions(s->session_ctx, time(NULL)); 2430 SSL_CTX_flush_sessions(s->session_ctx, time(NULL));
2338 } 2431 }
2339 } 2432 }
@@ -2348,8 +2441,8 @@ SSL_get_ssl_method(SSL *s)
2348int 2441int
2349SSL_set_ssl_method(SSL *s, const SSL_METHOD *meth) 2442SSL_set_ssl_method(SSL *s, const SSL_METHOD *meth)
2350{ 2443{
2351 int conn = -1; 2444 int conn = -1;
2352 int ret = 1; 2445 int ret = 1;
2353 2446
2354 if (s->method != meth) { 2447 if (s->method != meth) {
2355 if (s->handshake_func != NULL) 2448 if (s->handshake_func != NULL)
@@ -2374,9 +2467,9 @@ SSL_set_ssl_method(SSL *s, const SSL_METHOD *meth)
2374int 2467int
2375SSL_get_error(const SSL *s, int i) 2468SSL_get_error(const SSL *s, int i)
2376{ 2469{
2377 int reason; 2470 int reason;
2378 unsigned long l; 2471 unsigned long l;
2379 BIO *bio; 2472 BIO *bio;
2380 2473
2381 if (i > 0) 2474 if (i > 0)
2382 return (SSL_ERROR_NONE); 2475 return (SSL_ERROR_NONE);
@@ -2422,8 +2515,11 @@ SSL_get_error(const SSL *s, int i)
2422 if (BIO_should_write(bio)) 2515 if (BIO_should_write(bio))
2423 return (SSL_ERROR_WANT_WRITE); 2516 return (SSL_ERROR_WANT_WRITE);
2424 else if (BIO_should_read(bio)) 2517 else if (BIO_should_read(bio))
2425 /* See above (SSL_want_read(s) with BIO_should_write(bio)) */ 2518 return (SSL_ERROR_WANT_READ);
2426 return (SSL_ERROR_WANT_READ); 2519 /*
2520 * See above (SSL_want_read(s) with
2521 * BIO_should_write(bio))
2522 */
2427 else if (BIO_should_io_special(bio)) { 2523 else if (BIO_should_io_special(bio)) {
2428 reason = BIO_get_retry_reason(bio); 2524 reason = BIO_get_retry_reason(bio);
2429 if (reason == BIO_RR_CONNECT) 2525 if (reason == BIO_RR_CONNECT)
@@ -2449,10 +2545,11 @@ SSL_get_error(const SSL *s, int i)
2449int 2545int
2450SSL_do_handshake(SSL *s) 2546SSL_do_handshake(SSL *s)
2451{ 2547{
2452 int ret = 1; 2548 int ret = 1;
2453 2549
2454 if (s->handshake_func == NULL) { 2550 if (s->handshake_func == NULL) {
2455 SSLerr(SSL_F_SSL_DO_HANDSHAKE, SSL_R_CONNECTION_TYPE_NOT_SET); 2551 SSLerr(SSL_F_SSL_DO_HANDSHAKE,
2552 SSL_R_CONNECTION_TYPE_NOT_SET);
2456 return (-1); 2553 return (-1);
2457 } 2554 }
2458 2555
@@ -2464,8 +2561,10 @@ SSL_do_handshake(SSL *s)
2464 return (ret); 2561 return (ret);
2465} 2562}
2466 2563
2467/* For the next 2 functions, SSL_clear() sets shutdown and so 2564/*
2468 * one of these calls will reset it */ 2565 * For the next 2 functions, SSL_clear() sets shutdown and so
2566 * one of these calls will reset it
2567 */
2469void 2568void
2470SSL_set_accept_state(SSL *s) 2569SSL_set_accept_state(SSL *s)
2471{ 2570{
@@ -2495,28 +2594,32 @@ SSL_set_connect_state(SSL *s)
2495int 2594int
2496ssl_undefined_function(SSL *s) 2595ssl_undefined_function(SSL *s)
2497{ 2596{
2498 SSLerr(SSL_F_SSL_UNDEFINED_FUNCTION, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 2597 SSLerr(SSL_F_SSL_UNDEFINED_FUNCTION,
2598 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2499 return (0); 2599 return (0);
2500} 2600}
2501 2601
2502int 2602int
2503ssl_undefined_void_function(void) 2603ssl_undefined_void_function(void)
2504{ 2604{
2505 SSLerr(SSL_F_SSL_UNDEFINED_VOID_FUNCTION, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 2605 SSLerr(SSL_F_SSL_UNDEFINED_VOID_FUNCTION,
2606 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2506 return (0); 2607 return (0);
2507} 2608}
2508 2609
2509int 2610int
2510ssl_undefined_const_function(const SSL *s) 2611ssl_undefined_const_function(const SSL *s)
2511{ 2612{
2512 SSLerr(SSL_F_SSL_UNDEFINED_CONST_FUNCTION, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 2613 SSLerr(SSL_F_SSL_UNDEFINED_CONST_FUNCTION,
2614 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2513 return (0); 2615 return (0);
2514} 2616}
2515 2617
2516SSL_METHOD * 2618SSL_METHOD *
2517ssl_bad_method(int ver) 2619ssl_bad_method(int ver)
2518{ 2620{
2519 SSLerr(SSL_F_SSL_BAD_METHOD, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 2621 SSLerr(SSL_F_SSL_BAD_METHOD,
2622 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2520 return (NULL); 2623 return (NULL);
2521} 2624}
2522 2625
@@ -2554,10 +2657,12 @@ SSL_dup(SSL *s)
2554 /* This copies session-id, SSL_METHOD, sid_ctx, and 'cert' */ 2657 /* This copies session-id, SSL_METHOD, sid_ctx, and 'cert' */
2555 SSL_copy_session_id(ret, s); 2658 SSL_copy_session_id(ret, s);
2556 } else { 2659 } else {
2557 /* No session has been established yet, so we have to expect 2660 /*
2661 * No session has been established yet, so we have to expect
2558 * that s->cert or ret->cert will be changed later -- 2662 * that s->cert or ret->cert will be changed later --
2559 * they should not both point to the same object, 2663 * they should not both point to the same object,
2560 * and thus we can't use SSL_copy_session_id. */ 2664 * and thus we can't use SSL_copy_session_id.
2665 */
2561 2666
2562 ret->method->ssl_free(ret); 2667 ret->method->ssl_free(ret);
2563 ret->method = s->method; 2668 ret->method = s->method;
@@ -2592,7 +2697,8 @@ SSL_dup(SSL *s)
2592 ret->debug = s->debug; 2697 ret->debug = s->debug;
2593 2698
2594 /* copy app data, a little dangerous perhaps */ 2699 /* copy app data, a little dangerous perhaps */
2595 if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL, &ret->ex_data, &s->ex_data)) 2700 if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL,
2701 &ret->ex_data, &s->ex_data))
2596 goto err; 2702 goto err;
2597 2703
2598 /* setup rbio, and wbio */ 2704 /* setup rbio, and wbio */
@@ -2615,22 +2721,30 @@ SSL_dup(SSL *s)
2615 ret->new_session = s->new_session; 2721 ret->new_session = s->new_session;
2616 ret->quiet_shutdown = s->quiet_shutdown; 2722 ret->quiet_shutdown = s->quiet_shutdown;
2617 ret->shutdown = s->shutdown; 2723 ret->shutdown = s->shutdown;
2618 ret->state=s->state; /* SSL_dup does not really work at any state, though */ 2724 /* SSL_dup does not really work at any state, though */
2725 ret->state=s->state;
2619 ret->rstate = s->rstate; 2726 ret->rstate = s->rstate;
2620 ret->init_num = 0; /* would have to copy ret->init_buf, ret->init_msg, ret->init_num, ret->init_off */ 2727
2728 /*
2729 * Would have to copy ret->init_buf, ret->init_msg, ret->init_num,
2730 * ret->init_off
2731 */
2732 ret->init_num = 0;
2733
2621 ret->hit = s->hit; 2734 ret->hit = s->hit;
2622 2735
2623 X509_VERIFY_PARAM_inherit(ret->param, s->param); 2736 X509_VERIFY_PARAM_inherit(ret->param, s->param);
2624 2737
2625 /* dup the cipher_list and cipher_list_by_id stacks */ 2738 /* dup the cipher_list and cipher_list_by_id stacks */
2626 if (s->cipher_list != NULL) { 2739 if (s->cipher_list != NULL) {
2627 if ((ret->cipher_list = sk_SSL_CIPHER_dup(s->cipher_list)) == NULL) 2740 if ((ret->cipher_list =
2741 sk_SSL_CIPHER_dup(s->cipher_list)) == NULL)
2628 goto err; 2742 goto err;
2629 } 2743 }
2630 if (s->cipher_list_by_id != NULL) 2744 if (s->cipher_list_by_id != NULL)
2631 if ((ret->cipher_list_by_id = sk_SSL_CIPHER_dup(s->cipher_list_by_id)) 2745 if ((ret->cipher_list_by_id =
2632 == NULL) 2746 sk_SSL_CIPHER_dup(s->cipher_list_by_id)) == NULL)
2633 goto err; 2747 goto err;
2634 2748
2635 /* Dup the client_CA list */ 2749 /* Dup the client_CA list */
2636 if (s->client_CA != NULL) { 2750 if (s->client_CA != NULL) {
@@ -2638,7 +2752,8 @@ SSL_dup(SSL *s)
2638 ret->client_CA = sk; 2752 ret->client_CA = sk;
2639 for (i = 0; i < sk_X509_NAME_num(sk); i++) { 2753 for (i = 0; i < sk_X509_NAME_num(sk); i++) {
2640 xn = sk_X509_NAME_value(sk, i); 2754 xn = sk_X509_NAME_value(sk, i);
2641 if (sk_X509_NAME_set(sk, i, X509_NAME_dup(xn)) == NULL) { 2755 if (sk_X509_NAME_set(sk, i,
2756 X509_NAME_dup(xn)) == NULL) {
2642 X509_NAME_free(xn); 2757 X509_NAME_free(xn);
2643 goto err; 2758 goto err;
2644 } 2759 }
@@ -2646,7 +2761,7 @@ SSL_dup(SSL *s)
2646 } 2761 }
2647 2762
2648 if (0) { 2763 if (0) {
2649err: 2764 err:
2650 if (ret != NULL) 2765 if (ret != NULL)
2651 SSL_free(ret); 2766 SSL_free(ret);
2652 ret = NULL; 2767 ret = NULL;
@@ -2740,7 +2855,7 @@ SSL_get_current_expansion(SSL *s)
2740int 2855int
2741ssl_init_wbio_buffer(SSL *s, int push) 2856ssl_init_wbio_buffer(SSL *s, int push)
2742{ 2857{
2743 BIO *bbio; 2858 BIO *bbio;
2744 2859
2745 if (s->bbio == NULL) { 2860 if (s->bbio == NULL) {
2746 bbio = BIO_new(BIO_f_buffer()); 2861 bbio = BIO_new(BIO_f_buffer());
@@ -2755,7 +2870,8 @@ ssl_init_wbio_buffer(SSL *s, int push)
2755 (void)BIO_reset(bbio); 2870 (void)BIO_reset(bbio);
2756/* if (!BIO_set_write_buffer_size(bbio,16*1024)) */ 2871/* if (!BIO_set_write_buffer_size(bbio,16*1024)) */
2757 if (!BIO_set_read_buffer_size(bbio, 1)) { 2872 if (!BIO_set_read_buffer_size(bbio, 1)) {
2758 SSLerr(SSL_F_SSL_INIT_WBIO_BUFFER, ERR_R_BUF_LIB); 2873 SSLerr(SSL_F_SSL_INIT_WBIO_BUFFER,
2874 ERR_R_BUF_LIB);
2759 return (0); 2875 return (0);
2760 } 2876 }
2761 if (push) { 2877 if (push) {
@@ -2871,8 +2987,10 @@ SSL_set_info_callback(SSL *ssl,
2871 ssl->info_callback = cb; 2987 ssl->info_callback = cb;
2872} 2988}
2873 2989
2874/* One compiler (Diab DCC) doesn't like argument names in returned 2990/*
2875 function pointer. */ 2991 * One compiler (Diab DCC) doesn't like argument names in returned
2992 * function pointer.
2993 */
2876void (*SSL_get_info_callback(const SSL *ssl))(const SSL * /*ssl*/,int /*type*/,int /*val*/) 2994void (*SSL_get_info_callback(const SSL *ssl))(const SSL * /*ssl*/,int /*type*/,int /*val*/)
2877{ 2995{
2878 return ssl->info_callback; 2996 return ssl->info_callback;
@@ -2907,7 +3025,7 @@ SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
2907 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) 3025 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
2908{ 3026{
2909 return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL, argl, argp, 3027 return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL, argl, argp,
2910 new_func, dup_func, free_func); 3028 new_func, dup_func, free_func);
2911} 3029}
2912 3030
2913int 3031int
@@ -2927,7 +3045,7 @@ SSL_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
2927 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) 3045 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
2928{ 3046{
2929 return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_CTX, argl, argp, 3047 return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_CTX, argl, argp,
2930 new_func, dup_func, free_func); 3048 new_func, dup_func, free_func);
2931} 3049}
2932 3050
2933int 3051int
@@ -3030,10 +3148,11 @@ SSL_set_tmp_dh_callback(SSL *ssl, DH *(*dh)(SSL *ssl, int is_export,
3030 3148
3031#ifndef OPENSSL_NO_ECDH 3149#ifndef OPENSSL_NO_ECDH
3032void 3150void
3033SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx, EC_KEY *(*ecdh)(SSL *ssl, int is_export, 3151SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx, EC_KEY *(*ecdh)(SSL *ssl,
3034 int keylength)) 3152 int is_export, int keylength))
3035{ 3153{
3036 SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TMP_ECDH_CB,(void (*)(void))ecdh); 3154 SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TMP_ECDH_CB,
3155 (void (*)(void))ecdh);
3037} 3156}
3038 3157
3039void 3158void
@@ -3048,8 +3167,10 @@ SSL_set_tmp_ecdh_callback(SSL *ssl, EC_KEY *(*ecdh)(SSL *ssl, int is_export,
3048int 3167int
3049SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint) 3168SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint)
3050{ 3169{
3051 if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN) { 3170 if (identity_hint != NULL && strlen(identity_hint) >
3052 SSLerr(SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT, SSL_R_DATA_LENGTH_TOO_LONG); 3171 PSK_MAX_IDENTITY_LEN) {
3172 SSLerr(SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT,
3173 SSL_R_DATA_LENGTH_TOO_LONG);
3053 return 0; 3174 return 0;
3054 } 3175 }
3055 if (ctx->psk_identity_hint != NULL) 3176 if (ctx->psk_identity_hint != NULL)
@@ -3072,8 +3193,10 @@ SSL_use_psk_identity_hint(SSL *s, const char *identity_hint)
3072 if (s->session == NULL) 3193 if (s->session == NULL)
3073 return 1; /* session not created yet, ignored */ 3194 return 1; /* session not created yet, ignored */
3074 3195
3075 if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN) { 3196 if (identity_hint != NULL && strlen(identity_hint) >
3076 SSLerr(SSL_F_SSL_USE_PSK_IDENTITY_HINT, SSL_R_DATA_LENGTH_TOO_LONG); 3197 PSK_MAX_IDENTITY_LEN) {
3198 SSLerr(SSL_F_SSL_USE_PSK_IDENTITY_HINT,
3199 SSL_R_DATA_LENGTH_TOO_LONG);
3077 return 0; 3200 return 0;
3078 } 3201 }
3079 if (s->session->psk_identity_hint != NULL) 3202 if (s->session->psk_identity_hint != NULL)
@@ -3106,7 +3229,7 @@ SSL_get_psk_identity(const SSL *s)
3106void 3229void
3107SSL_set_psk_client_callback(SSL *s, 3230SSL_set_psk_client_callback(SSL *s,
3108 unsigned int (*cb)(SSL *ssl, const char *hint, 3231 unsigned int (*cb)(SSL *ssl, const char *hint,
3109char *identity, unsigned int max_identity_len, unsigned char *psk, 3232 char *identity, unsigned int max_identity_len, unsigned char *psk,
3110 unsigned int max_psk_len)) 3233 unsigned int max_psk_len))
3111{ 3234{
3112 s->psk_client_callback = cb; 3235 s->psk_client_callback = cb;
@@ -3115,7 +3238,7 @@ char *identity, unsigned int max_identity_len, unsigned char *psk,
3115void 3238void
3116SSL_CTX_set_psk_client_callback(SSL_CTX *ctx, 3239SSL_CTX_set_psk_client_callback(SSL_CTX *ctx,
3117 unsigned int (*cb)(SSL *ssl, const char *hint, 3240 unsigned int (*cb)(SSL *ssl, const char *hint,
3118char *identity, unsigned int max_identity_len, unsigned char *psk, 3241 char *identity, unsigned int max_identity_len, unsigned char *psk,
3119 unsigned int max_psk_len)) 3242 unsigned int max_psk_len))
3120{ 3243{
3121 ctx->psk_client_callback = cb; 3244 ctx->psk_client_callback = cb;
@@ -3124,7 +3247,7 @@ char *identity, unsigned int max_identity_len, unsigned char *psk,
3124void 3247void
3125SSL_set_psk_server_callback(SSL *s, 3248SSL_set_psk_server_callback(SSL *s,
3126 unsigned int (*cb)(SSL *ssl, const char *identity, 3249 unsigned int (*cb)(SSL *ssl, const char *identity,
3127unsigned char *psk, unsigned int max_psk_len)) 3250 unsigned char *psk, unsigned int max_psk_len))
3128{ 3251{
3129 s->psk_server_callback = cb; 3252 s->psk_server_callback = cb;
3130} 3253}
@@ -3132,30 +3255,33 @@ unsigned char *psk, unsigned int max_psk_len))
3132void 3255void
3133SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, 3256SSL_CTX_set_psk_server_callback(SSL_CTX *ctx,
3134 unsigned int (*cb)(SSL *ssl, const char *identity, 3257 unsigned int (*cb)(SSL *ssl, const char *identity,
3135unsigned char *psk, unsigned int max_psk_len)) 3258 unsigned char *psk, unsigned int max_psk_len))
3136{ 3259{
3137 ctx->psk_server_callback = cb; 3260 ctx->psk_server_callback = cb;
3138} 3261}
3139#endif 3262#endif
3140 3263
3141void 3264void
3142SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)) 3265SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version,
3266 int content_type, const void *buf, size_t len, SSL *ssl, void *arg))
3143{ 3267{
3144 SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb); 3268 SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_MSG_CALLBACK,
3269 (void (*)(void))cb);
3145} 3270}
3146 3271
3147void 3272void
3148SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)) 3273SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version,
3274 int content_type, const void *buf, size_t len, SSL *ssl, void *arg))
3149{ 3275{
3150 SSL_callback_ctrl(ssl, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb); 3276 SSL_callback_ctrl(ssl, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb);
3151} 3277}
3152 3278
3153/* Allocates new EVP_MD_CTX and sets pointer to it into given pointer 3279/*
3280 * Allocates new EVP_MD_CTX and sets pointer to it into given pointer
3154 * vairable, freeing EVP_MD_CTX previously stored in that variable, if 3281 * vairable, freeing EVP_MD_CTX previously stored in that variable, if
3155 * any. If EVP_MD pointer is passed, initializes ctx with this md 3282 * any. If EVP_MD pointer is passed, initializes ctx with this md
3156 * Returns newly allocated ctx; 3283 * Returns newly allocated ctx;
3157 */ 3284 */
3158
3159EVP_MD_CTX * 3285EVP_MD_CTX *
3160ssl_replace_hash(EVP_MD_CTX **hash, const EVP_MD *md) 3286ssl_replace_hash(EVP_MD_CTX **hash, const EVP_MD *md)
3161{ 3287{
@@ -3169,7 +3295,6 @@ ssl_replace_hash(EVP_MD_CTX **hash, const EVP_MD *md)
3169void 3295void
3170ssl_clear_hash_ctx(EVP_MD_CTX **hash) 3296ssl_clear_hash_ctx(EVP_MD_CTX **hash)
3171{ 3297{
3172
3173 if (*hash) 3298 if (*hash)
3174 EVP_MD_CTX_destroy(*hash); 3299 EVP_MD_CTX_destroy(*hash);
3175 *hash = NULL; 3300 *hash = NULL;
@@ -3190,4 +3315,4 @@ SSL_cache_hit(SSL *s)
3190IMPLEMENT_STACK_OF(SSL_CIPHER) 3315IMPLEMENT_STACK_OF(SSL_CIPHER)
3191IMPLEMENT_STACK_OF(SSL_COMP) 3316IMPLEMENT_STACK_OF(SSL_COMP)
3192IMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER, 3317IMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER,
3193ssl_cipher_id); 3318 ssl_cipher_id);
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-28 11:39:52 +0000