summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authormcbride <>2014-04-24 20:44:49 +0000
committermcbride <>2014-04-24 20:44:49 +0000
commitd436f60f68787eee6620cab3a227f119e7813894 (patch)
treea69ef54313773566de89076dfa279885eec7bdef /src
parentdac42e8f29c0c2b2a7cf6aa2a3d9db8a970fdfd6 (diff)
downloadopenbsd-d436f60f68787eee6620cab3a227f119e7813894.tar.gz
openbsd-d436f60f68787eee6620cab3a227f119e7813894.tar.bz2
openbsd-d436f60f68787eee6620cab3a227f119e7813894.zip
Fix indentation.
Diffstat (limited to 'src')
-rw-r--r--src/lib/libssl/s3_clnt.c419
-rw-r--r--src/lib/libssl/src/ssl/s3_clnt.c419
2 files changed, 416 insertions, 422 deletions
diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c
index 9cdcd841b1..eb55fc9682 100644
--- a/src/lib/libssl/s3_clnt.c
+++ b/src/lib/libssl/s3_clnt.c
@@ -1436,243 +1436,240 @@ ssl3_get_key_exchange(SSL *s)
1436 SSL_PKEY_DSA_SIGN].x509); 1436 SSL_PKEY_DSA_SIGN].x509);
1437 } else 1437 } else
1438#endif /* !OPENSSL_NO_SRP */ 1438#endif /* !OPENSSL_NO_SRP */
1439 if (alg_k & SSL_kRSA) { 1439 if (alg_k & SSL_kRSA) {
1440 if ((rsa = RSA_new()) == NULL) { 1440 if ((rsa = RSA_new()) == NULL) {
1441 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, 1441 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1442 ERR_R_MALLOC_FAILURE); 1442 ERR_R_MALLOC_FAILURE);
1443 goto err; 1443 goto err;
1444 } 1444 }
1445 n2s(p, i); 1445 n2s(p, i);
1446 param_len = i + 2; 1446 param_len = i + 2;
1447 if (param_len > n) { 1447 if (param_len > n) {
1448 al = SSL_AD_DECODE_ERROR; 1448 al = SSL_AD_DECODE_ERROR;
1449 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, 1449 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1450 SSL_R_BAD_RSA_MODULUS_LENGTH); 1450 SSL_R_BAD_RSA_MODULUS_LENGTH);
1451 goto f_err; 1451 goto f_err;
1452 } 1452 }
1453 if (!(rsa->n = BN_bin2bn(p, i, rsa->n))) { 1453 if (!(rsa->n = BN_bin2bn(p, i, rsa->n))) {
1454 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, 1454 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1455 ERR_R_BN_LIB); 1455 ERR_R_BN_LIB);
1456 goto err; 1456 goto err;
1457 } 1457 }
1458 p += i; 1458 p += i;
1459 1459
1460 n2s(p, i); 1460 n2s(p, i);
1461 param_len += i + 2; 1461 param_len += i + 2;
1462 if (param_len > n) { 1462 if (param_len > n) {
1463 al = SSL_AD_DECODE_ERROR; 1463 al = SSL_AD_DECODE_ERROR;
1464 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, 1464 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1465 SSL_R_BAD_RSA_E_LENGTH); 1465 SSL_R_BAD_RSA_E_LENGTH);
1466 goto f_err; 1466 goto f_err;
1467 } 1467 }
1468 if (!(rsa->e = BN_bin2bn(p, i, rsa->e))) { 1468 if (!(rsa->e = BN_bin2bn(p, i, rsa->e))) {
1469 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, 1469 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1470 ERR_R_BN_LIB); 1470 ERR_R_BN_LIB);
1471 goto err; 1471 goto err;
1472 } 1472 }
1473 p += i; 1473 p += i;
1474 n -= param_len; 1474 n -= param_len;
1475 1475
1476 /* 1476 /*
1477 * This should be because we are using an 1477 * This should be because we are using an
1478 * export cipher 1478 * export cipher
1479 */ 1479 */
1480 if (alg_a & SSL_aRSA) 1480 if (alg_a & SSL_aRSA)
1481 pkey = X509_get_pubkey( 1481 pkey = X509_get_pubkey(
1482 s->session->sess_cert->peer_pkeys[ 1482 s->session->sess_cert->peer_pkeys[
1483 SSL_PKEY_RSA_ENC].x509); 1483 SSL_PKEY_RSA_ENC].x509);
1484 else { 1484 else {
1485 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, 1485 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1486 ERR_R_INTERNAL_ERROR); 1486 ERR_R_INTERNAL_ERROR);
1487 goto err; 1487 goto err;
1488 }
1489 s->session->sess_cert->peer_rsa_tmp = rsa;
1490 rsa = NULL;
1491 } 1488 }
1489 s->session->sess_cert->peer_rsa_tmp = rsa;
1490 rsa = NULL;
1491 }
1492#ifndef OPENSSL_NO_DH 1492#ifndef OPENSSL_NO_DH
1493 else if (alg_k & SSL_kEDH) { 1493 else if (alg_k & SSL_kEDH) {
1494 if ((dh = DH_new()) == NULL) { 1494 if ((dh = DH_new()) == NULL) {
1495 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, 1495 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1496 ERR_R_DH_LIB); 1496 ERR_R_DH_LIB);
1497 goto err; 1497 goto err;
1498 } 1498 }
1499 n2s(p, i); 1499 n2s(p, i);
1500 param_len = i + 2; 1500 param_len = i + 2;
1501 if (param_len > n) { 1501 if (param_len > n) {
1502 al = SSL_AD_DECODE_ERROR; 1502 al = SSL_AD_DECODE_ERROR;
1503 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, 1503 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1504 SSL_R_BAD_DH_P_LENGTH); 1504 SSL_R_BAD_DH_P_LENGTH);
1505 goto f_err; 1505 goto f_err;
1506 } 1506 }
1507 if (!(dh->p = BN_bin2bn(p, i, NULL))) { 1507 if (!(dh->p = BN_bin2bn(p, i, NULL))) {
1508 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, 1508 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1509 ERR_R_BN_LIB); 1509 ERR_R_BN_LIB);
1510 goto err; 1510 goto err;
1511 } 1511 }
1512 p += i; 1512 p += i;
1513
1514 n2s(p, i);
1515 param_len += i + 2;
1516 if (param_len > n) {
1517 al = SSL_AD_DECODE_ERROR;
1518 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1519 SSL_R_BAD_DH_G_LENGTH);
1520 goto f_err;
1521 }
1522 if (!(dh->g = BN_bin2bn(p, i, NULL))) {
1523 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1524 ERR_R_BN_LIB);
1525 goto err;
1526 }
1527 p += i;
1528
1529 n2s(p, i);
1530 param_len += i + 2;
1531 if (param_len > n) {
1532 al = SSL_AD_DECODE_ERROR;
1533 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1534 SSL_R_BAD_DH_PUB_KEY_LENGTH);
1535 goto f_err;
1536 }
1537 if (!(dh->pub_key = BN_bin2bn(p, i, NULL))) {
1538 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1539 ERR_R_BN_LIB);
1540 goto err;
1541 }
1542 p += i;
1543 n -= param_len;
1544 1513
1545 if (alg_a & SSL_aRSA) 1514 n2s(p, i);
1546 pkey = X509_get_pubkey( 1515 param_len += i + 2;
1547 s->session->sess_cert->peer_pkeys[ 1516 if (param_len > n) {
1548 SSL_PKEY_RSA_ENC].x509); 1517 al = SSL_AD_DECODE_ERROR;
1549 else if (alg_a & SSL_aDSS) 1518 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1550 pkey = X509_get_pubkey( 1519 SSL_R_BAD_DH_G_LENGTH);
1551 s->session->sess_cert->peer_pkeys[ 1520 goto f_err;
1552 SSL_PKEY_DSA_SIGN].x509); 1521 }
1553 /* else anonymous DH, so no certificate or pkey. */ 1522 if (!(dh->g = BN_bin2bn(p, i, NULL))) {
1523 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1524 ERR_R_BN_LIB);
1525 goto err;
1526 }
1527 p += i;
1554 1528
1555 s->session->sess_cert->peer_dh_tmp = dh; 1529 n2s(p, i);
1556 dh = NULL; 1530 param_len += i + 2;
1557 } else if ((alg_k & SSL_kDHr) || (alg_k & SSL_kDHd)) { 1531 if (param_len > n) {
1558 al = SSL_AD_ILLEGAL_PARAMETER; 1532 al = SSL_AD_DECODE_ERROR;
1559 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, 1533 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1560 SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER); 1534 SSL_R_BAD_DH_PUB_KEY_LENGTH);
1561 goto f_err; 1535 goto f_err;
1562 } 1536 }
1537 if (!(dh->pub_key = BN_bin2bn(p, i, NULL))) {
1538 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1539 ERR_R_BN_LIB);
1540 goto err;
1541 }
1542 p += i;
1543 n -= param_len;
1544
1545 if (alg_a & SSL_aRSA)
1546 pkey = X509_get_pubkey(
1547 s->session->sess_cert->peer_pkeys[
1548 SSL_PKEY_RSA_ENC].x509);
1549 else if (alg_a & SSL_aDSS)
1550 pkey = X509_get_pubkey(
1551 s->session->sess_cert->peer_pkeys[
1552 SSL_PKEY_DSA_SIGN].x509);
1553 /* else anonymous DH, so no certificate or pkey. */
1554
1555 s->session->sess_cert->peer_dh_tmp = dh;
1556 dh = NULL;
1557 } else if ((alg_k & SSL_kDHr) || (alg_k & SSL_kDHd)) {
1558 al = SSL_AD_ILLEGAL_PARAMETER;
1559 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1560 SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER);
1561 goto f_err;
1562 }
1563#endif /* !OPENSSL_NO_DH */ 1563#endif /* !OPENSSL_NO_DH */
1564 1564
1565#ifndef OPENSSL_NO_ECDH 1565#ifndef OPENSSL_NO_ECDH
1566 else if (alg_k & SSL_kEECDH) { 1566 else if (alg_k & SSL_kEECDH) {
1567 EC_GROUP *ngroup; 1567 EC_GROUP *ngroup;
1568 const EC_GROUP *group; 1568 const EC_GROUP *group;
1569 1569
1570 if ((ecdh = EC_KEY_new()) == NULL) { 1570 if ((ecdh = EC_KEY_new()) == NULL) {
1571 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, 1571 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1572 ERR_R_MALLOC_FAILURE); 1572 ERR_R_MALLOC_FAILURE);
1573 goto err; 1573 goto err;
1574 } 1574 }
1575 1575
1576 /* 1576 /*
1577 * Extract elliptic curve parameters and the 1577 * Extract elliptic curve parameters and the
1578 * server's ephemeral ECDH public key. 1578 * server's ephemeral ECDH public key.
1579 * Keep accumulating lengths of various components in 1579 * Keep accumulating lengths of various components in
1580 * param_len and make sure it never exceeds n. 1580 * param_len and make sure it never exceeds n.
1581 */ 1581 */
1582 1582
1583 /* 1583 /*
1584 * XXX: For now we only support named (not generic) 1584 * XXX: For now we only support named (not generic) curves
1585 * curves and the ECParameters in this case is just 1585 * and the ECParameters in this case is just three bytes.
1586 * three bytes. 1586 */
1587 */ 1587 param_len = 3;
1588 param_len = 3; 1588 if ((param_len > n) || (*p != NAMED_CURVE_TYPE) ||
1589 if ((param_len > n) || (*p != NAMED_CURVE_TYPE) || 1589 ((curve_nid = tls1_ec_curve_id2nid(*(p + 2))) == 0)) {
1590 ((curve_nid = tls1_ec_curve_id2nid(*(p + 2))) 1590 al = SSL_AD_INTERNAL_ERROR;
1591 == 0)) { 1591 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1592 al = SSL_AD_INTERNAL_ERROR; 1592 SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS);
1593 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, 1593 goto f_err;
1594 SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS); 1594 }
1595 goto f_err;
1596 }
1597 1595
1598 ngroup = EC_GROUP_new_by_curve_name(curve_nid); 1596 ngroup = EC_GROUP_new_by_curve_name(curve_nid);
1599 if (ngroup == NULL) { 1597 if (ngroup == NULL) {
1600 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, 1598 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1601 ERR_R_EC_LIB); 1599 ERR_R_EC_LIB);
1602 goto err; 1600 goto err;
1603 } 1601 }
1604 if (EC_KEY_set_group(ecdh, ngroup) == 0) { 1602 if (EC_KEY_set_group(ecdh, ngroup) == 0) {
1605 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, 1603 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1606 ERR_R_EC_LIB); 1604 ERR_R_EC_LIB);
1607 goto err; 1605 goto err;
1608 } 1606 }
1609 EC_GROUP_free(ngroup); 1607 EC_GROUP_free(ngroup);
1610 1608
1611 group = EC_KEY_get0_group(ecdh); 1609 group = EC_KEY_get0_group(ecdh);
1612 1610
1613 if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && 1611 if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) &&
1614 (EC_GROUP_get_degree(group) > 163)) { 1612 (EC_GROUP_get_degree(group) > 163)) {
1615 al = SSL_AD_EXPORT_RESTRICTION; 1613 al = SSL_AD_EXPORT_RESTRICTION;
1616 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, 1614 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1617 SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER); 1615 SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER);
1618 goto f_err; 1616 goto f_err;
1619 } 1617 }
1620 1618
1621 p += 3; 1619 p += 3;
1622 1620
1623 /* Next, get the encoded ECPoint */ 1621 /* Next, get the encoded ECPoint */
1624 if (((srvr_ecpoint = EC_POINT_new(group)) == NULL) || 1622 if (((srvr_ecpoint = EC_POINT_new(group)) == NULL) ||
1625 ((bn_ctx = BN_CTX_new()) == NULL)) { 1623 ((bn_ctx = BN_CTX_new()) == NULL)) {
1626 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, 1624 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1627 ERR_R_MALLOC_FAILURE); 1625 ERR_R_MALLOC_FAILURE);
1628 goto err; 1626 goto err;
1629 } 1627 }
1630 1628
1631 encoded_pt_len = *p; 1629 encoded_pt_len = *p;
1632 /* length of encoded point */ 1630 /* length of encoded point */
1633 p += 1; 1631 p += 1;
1634 param_len += (1 + encoded_pt_len); 1632 param_len += (1 + encoded_pt_len);
1635 if ((param_len > n) || 1633 if ((param_len > n) || (EC_POINT_oct2point(group, srvr_ecpoint,
1636 (EC_POINT_oct2point(group, srvr_ecpoint, 1634 p, encoded_pt_len, bn_ctx) == 0)) {
1637 p, encoded_pt_len, bn_ctx) == 0)) { 1635 al = SSL_AD_DECODE_ERROR;
1638 al = SSL_AD_DECODE_ERROR; 1636 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1639 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, 1637 SSL_R_BAD_ECPOINT);
1640 SSL_R_BAD_ECPOINT); 1638 goto f_err;
1641 goto f_err; 1639 }
1642 }
1643 1640
1644 n -= param_len; 1641 n -= param_len;
1645 p += encoded_pt_len; 1642 p += encoded_pt_len;
1646 1643
1647 /* 1644 /*
1648 * The ECC/TLS specification does not mention the use 1645 * The ECC/TLS specification does not mention the use
1649 * of DSA to sign ECParameters in the server key 1646 * of DSA to sign ECParameters in the server key
1650 * exchange message. We do support RSA and ECDSA. 1647 * exchange message. We do support RSA and ECDSA.
1651 */ 1648 */
1652 if (alg_a & SSL_aRSA) 1649 if (alg_a & SSL_aRSA)
1653 pkey = X509_get_pubkey( 1650 pkey = X509_get_pubkey(
1654 s->session->sess_cert->peer_pkeys[ 1651 s->session->sess_cert->peer_pkeys[
1655 SSL_PKEY_RSA_ENC].x509); 1652 SSL_PKEY_RSA_ENC].x509);
1656#ifndef OPENSSL_NO_ECDSA 1653#ifndef OPENSSL_NO_ECDSA
1657 else if (alg_a & SSL_aECDSA) 1654 else if (alg_a & SSL_aECDSA)
1658 pkey = X509_get_pubkey( 1655 pkey = X509_get_pubkey(
1659 s->session->sess_cert->peer_pkeys[ 1656 s->session->sess_cert->peer_pkeys[
1660 SSL_PKEY_ECC].x509); 1657 SSL_PKEY_ECC].x509);
1661#endif 1658#endif
1662 /* Else anonymous ECDH, so no certificate or pkey. */ 1659 /* Else anonymous ECDH, so no certificate or pkey. */
1663 EC_KEY_set_public_key(ecdh, srvr_ecpoint); 1660 EC_KEY_set_public_key(ecdh, srvr_ecpoint);
1664 s->session->sess_cert->peer_ecdh_tmp = ecdh; 1661 s->session->sess_cert->peer_ecdh_tmp = ecdh;
1665 ecdh = NULL; 1662 ecdh = NULL;
1666 BN_CTX_free(bn_ctx); 1663 BN_CTX_free(bn_ctx);
1667 bn_ctx = NULL; 1664 bn_ctx = NULL;
1668 EC_POINT_free(srvr_ecpoint); 1665 EC_POINT_free(srvr_ecpoint);
1669 srvr_ecpoint = NULL; 1666 srvr_ecpoint = NULL;
1670 } else if (alg_k) { 1667 } else if (alg_k) {
1671 al = SSL_AD_UNEXPECTED_MESSAGE; 1668 al = SSL_AD_UNEXPECTED_MESSAGE;
1672 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, 1669 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1673 SSL_R_UNEXPECTED_MESSAGE); 1670 SSL_R_UNEXPECTED_MESSAGE);
1674 goto f_err; 1671 goto f_err;
1675 } 1672 }
1676#endif /* !OPENSSL_NO_ECDH */ 1673#endif /* !OPENSSL_NO_ECDH */
1677 1674
1678 /* p points to the next byte, there are 'n' bytes left */ 1675 /* p points to the next byte, there are 'n' bytes left */
diff --git a/src/lib/libssl/src/ssl/s3_clnt.c b/src/lib/libssl/src/ssl/s3_clnt.c
index 9cdcd841b1..eb55fc9682 100644
--- a/src/lib/libssl/src/ssl/s3_clnt.c
+++ b/src/lib/libssl/src/ssl/s3_clnt.c
@@ -1436,243 +1436,240 @@ ssl3_get_key_exchange(SSL *s)
1436 SSL_PKEY_DSA_SIGN].x509); 1436 SSL_PKEY_DSA_SIGN].x509);
1437 } else 1437 } else
1438#endif /* !OPENSSL_NO_SRP */ 1438#endif /* !OPENSSL_NO_SRP */
1439 if (alg_k & SSL_kRSA) { 1439 if (alg_k & SSL_kRSA) {
1440 if ((rsa = RSA_new()) == NULL) { 1440 if ((rsa = RSA_new()) == NULL) {
1441 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, 1441 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1442 ERR_R_MALLOC_FAILURE); 1442 ERR_R_MALLOC_FAILURE);
1443 goto err; 1443 goto err;
1444 } 1444 }
1445 n2s(p, i); 1445 n2s(p, i);
1446 param_len = i + 2; 1446 param_len = i + 2;
1447 if (param_len > n) { 1447 if (param_len > n) {
1448 al = SSL_AD_DECODE_ERROR; 1448 al = SSL_AD_DECODE_ERROR;
1449 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, 1449 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1450 SSL_R_BAD_RSA_MODULUS_LENGTH); 1450 SSL_R_BAD_RSA_MODULUS_LENGTH);
1451 goto f_err; 1451 goto f_err;
1452 } 1452 }
1453 if (!(rsa->n = BN_bin2bn(p, i, rsa->n))) { 1453 if (!(rsa->n = BN_bin2bn(p, i, rsa->n))) {
1454 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, 1454 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1455 ERR_R_BN_LIB); 1455 ERR_R_BN_LIB);
1456 goto err; 1456 goto err;
1457 } 1457 }
1458 p += i; 1458 p += i;
1459 1459
1460 n2s(p, i); 1460 n2s(p, i);
1461 param_len += i + 2; 1461 param_len += i + 2;
1462 if (param_len > n) { 1462 if (param_len > n) {
1463 al = SSL_AD_DECODE_ERROR; 1463 al = SSL_AD_DECODE_ERROR;
1464 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, 1464 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1465 SSL_R_BAD_RSA_E_LENGTH); 1465 SSL_R_BAD_RSA_E_LENGTH);
1466 goto f_err; 1466 goto f_err;
1467 } 1467 }
1468 if (!(rsa->e = BN_bin2bn(p, i, rsa->e))) { 1468 if (!(rsa->e = BN_bin2bn(p, i, rsa->e))) {
1469 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, 1469 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1470 ERR_R_BN_LIB); 1470 ERR_R_BN_LIB);
1471 goto err; 1471 goto err;
1472 } 1472 }
1473 p += i; 1473 p += i;
1474 n -= param_len; 1474 n -= param_len;
1475 1475
1476 /* 1476 /*
1477 * This should be because we are using an 1477 * This should be because we are using an
1478 * export cipher 1478 * export cipher
1479 */ 1479 */
1480 if (alg_a & SSL_aRSA) 1480 if (alg_a & SSL_aRSA)
1481 pkey = X509_get_pubkey( 1481 pkey = X509_get_pubkey(
1482 s->session->sess_cert->peer_pkeys[ 1482 s->session->sess_cert->peer_pkeys[
1483 SSL_PKEY_RSA_ENC].x509); 1483 SSL_PKEY_RSA_ENC].x509);
1484 else { 1484 else {
1485 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, 1485 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1486 ERR_R_INTERNAL_ERROR); 1486 ERR_R_INTERNAL_ERROR);
1487 goto err; 1487 goto err;
1488 }
1489 s->session->sess_cert->peer_rsa_tmp = rsa;
1490 rsa = NULL;
1491 } 1488 }
1489 s->session->sess_cert->peer_rsa_tmp = rsa;
1490 rsa = NULL;
1491 }
1492#ifndef OPENSSL_NO_DH 1492#ifndef OPENSSL_NO_DH
1493 else if (alg_k & SSL_kEDH) { 1493 else if (alg_k & SSL_kEDH) {
1494 if ((dh = DH_new()) == NULL) { 1494 if ((dh = DH_new()) == NULL) {
1495 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, 1495 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1496 ERR_R_DH_LIB); 1496 ERR_R_DH_LIB);
1497 goto err; 1497 goto err;
1498 } 1498 }
1499 n2s(p, i); 1499 n2s(p, i);
1500 param_len = i + 2; 1500 param_len = i + 2;
1501 if (param_len > n) { 1501 if (param_len > n) {
1502 al = SSL_AD_DECODE_ERROR; 1502 al = SSL_AD_DECODE_ERROR;
1503 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, 1503 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1504 SSL_R_BAD_DH_P_LENGTH); 1504 SSL_R_BAD_DH_P_LENGTH);
1505 goto f_err; 1505 goto f_err;
1506 } 1506 }
1507 if (!(dh->p = BN_bin2bn(p, i, NULL))) { 1507 if (!(dh->p = BN_bin2bn(p, i, NULL))) {
1508 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, 1508 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1509 ERR_R_BN_LIB); 1509 ERR_R_BN_LIB);
1510 goto err; 1510 goto err;
1511 } 1511 }
1512 p += i; 1512 p += i;
1513
1514 n2s(p, i);
1515 param_len += i + 2;
1516 if (param_len > n) {
1517 al = SSL_AD_DECODE_ERROR;
1518 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1519 SSL_R_BAD_DH_G_LENGTH);
1520 goto f_err;
1521 }
1522 if (!(dh->g = BN_bin2bn(p, i, NULL))) {
1523 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1524 ERR_R_BN_LIB);
1525 goto err;
1526 }
1527 p += i;
1528
1529 n2s(p, i);
1530 param_len += i + 2;
1531 if (param_len > n) {
1532 al = SSL_AD_DECODE_ERROR;
1533 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1534 SSL_R_BAD_DH_PUB_KEY_LENGTH);
1535 goto f_err;
1536 }
1537 if (!(dh->pub_key = BN_bin2bn(p, i, NULL))) {
1538 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1539 ERR_R_BN_LIB);
1540 goto err;
1541 }
1542 p += i;
1543 n -= param_len;
1544 1513
1545 if (alg_a & SSL_aRSA) 1514 n2s(p, i);
1546 pkey = X509_get_pubkey( 1515 param_len += i + 2;
1547 s->session->sess_cert->peer_pkeys[ 1516 if (param_len > n) {
1548 SSL_PKEY_RSA_ENC].x509); 1517 al = SSL_AD_DECODE_ERROR;
1549 else if (alg_a & SSL_aDSS) 1518 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1550 pkey = X509_get_pubkey( 1519 SSL_R_BAD_DH_G_LENGTH);
1551 s->session->sess_cert->peer_pkeys[ 1520 goto f_err;
1552 SSL_PKEY_DSA_SIGN].x509); 1521 }
1553 /* else anonymous DH, so no certificate or pkey. */ 1522 if (!(dh->g = BN_bin2bn(p, i, NULL))) {
1523 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1524 ERR_R_BN_LIB);
1525 goto err;
1526 }
1527 p += i;
1554 1528
1555 s->session->sess_cert->peer_dh_tmp = dh; 1529 n2s(p, i);
1556 dh = NULL; 1530 param_len += i + 2;
1557 } else if ((alg_k & SSL_kDHr) || (alg_k & SSL_kDHd)) { 1531 if (param_len > n) {
1558 al = SSL_AD_ILLEGAL_PARAMETER; 1532 al = SSL_AD_DECODE_ERROR;
1559 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, 1533 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1560 SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER); 1534 SSL_R_BAD_DH_PUB_KEY_LENGTH);
1561 goto f_err; 1535 goto f_err;
1562 } 1536 }
1537 if (!(dh->pub_key = BN_bin2bn(p, i, NULL))) {
1538 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1539 ERR_R_BN_LIB);
1540 goto err;
1541 }
1542 p += i;
1543 n -= param_len;
1544
1545 if (alg_a & SSL_aRSA)
1546 pkey = X509_get_pubkey(
1547 s->session->sess_cert->peer_pkeys[
1548 SSL_PKEY_RSA_ENC].x509);
1549 else if (alg_a & SSL_aDSS)
1550 pkey = X509_get_pubkey(
1551 s->session->sess_cert->peer_pkeys[
1552 SSL_PKEY_DSA_SIGN].x509);
1553 /* else anonymous DH, so no certificate or pkey. */
1554
1555 s->session->sess_cert->peer_dh_tmp = dh;
1556 dh = NULL;
1557 } else if ((alg_k & SSL_kDHr) || (alg_k & SSL_kDHd)) {
1558 al = SSL_AD_ILLEGAL_PARAMETER;
1559 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1560 SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER);
1561 goto f_err;
1562 }
1563#endif /* !OPENSSL_NO_DH */ 1563#endif /* !OPENSSL_NO_DH */
1564 1564
1565#ifndef OPENSSL_NO_ECDH 1565#ifndef OPENSSL_NO_ECDH
1566 else if (alg_k & SSL_kEECDH) { 1566 else if (alg_k & SSL_kEECDH) {
1567 EC_GROUP *ngroup; 1567 EC_GROUP *ngroup;
1568 const EC_GROUP *group; 1568 const EC_GROUP *group;
1569 1569
1570 if ((ecdh = EC_KEY_new()) == NULL) { 1570 if ((ecdh = EC_KEY_new()) == NULL) {
1571 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, 1571 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1572 ERR_R_MALLOC_FAILURE); 1572 ERR_R_MALLOC_FAILURE);
1573 goto err; 1573 goto err;
1574 } 1574 }
1575 1575
1576 /* 1576 /*
1577 * Extract elliptic curve parameters and the 1577 * Extract elliptic curve parameters and the
1578 * server's ephemeral ECDH public key. 1578 * server's ephemeral ECDH public key.
1579 * Keep accumulating lengths of various components in 1579 * Keep accumulating lengths of various components in
1580 * param_len and make sure it never exceeds n. 1580 * param_len and make sure it never exceeds n.
1581 */ 1581 */
1582 1582
1583 /* 1583 /*
1584 * XXX: For now we only support named (not generic) 1584 * XXX: For now we only support named (not generic) curves
1585 * curves and the ECParameters in this case is just 1585 * and the ECParameters in this case is just three bytes.
1586 * three bytes. 1586 */
1587 */ 1587 param_len = 3;
1588 param_len = 3; 1588 if ((param_len > n) || (*p != NAMED_CURVE_TYPE) ||
1589 if ((param_len > n) || (*p != NAMED_CURVE_TYPE) || 1589 ((curve_nid = tls1_ec_curve_id2nid(*(p + 2))) == 0)) {
1590 ((curve_nid = tls1_ec_curve_id2nid(*(p + 2))) 1590 al = SSL_AD_INTERNAL_ERROR;
1591 == 0)) { 1591 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1592 al = SSL_AD_INTERNAL_ERROR; 1592 SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS);
1593 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, 1593 goto f_err;
1594 SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS); 1594 }
1595 goto f_err;
1596 }
1597 1595
1598 ngroup = EC_GROUP_new_by_curve_name(curve_nid); 1596 ngroup = EC_GROUP_new_by_curve_name(curve_nid);
1599 if (ngroup == NULL) { 1597 if (ngroup == NULL) {
1600 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, 1598 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1601 ERR_R_EC_LIB); 1599 ERR_R_EC_LIB);
1602 goto err; 1600 goto err;
1603 } 1601 }
1604 if (EC_KEY_set_group(ecdh, ngroup) == 0) { 1602 if (EC_KEY_set_group(ecdh, ngroup) == 0) {
1605 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, 1603 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1606 ERR_R_EC_LIB); 1604 ERR_R_EC_LIB);
1607 goto err; 1605 goto err;
1608 } 1606 }
1609 EC_GROUP_free(ngroup); 1607 EC_GROUP_free(ngroup);
1610 1608
1611 group = EC_KEY_get0_group(ecdh); 1609 group = EC_KEY_get0_group(ecdh);
1612 1610
1613 if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && 1611 if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) &&
1614 (EC_GROUP_get_degree(group) > 163)) { 1612 (EC_GROUP_get_degree(group) > 163)) {
1615 al = SSL_AD_EXPORT_RESTRICTION; 1613 al = SSL_AD_EXPORT_RESTRICTION;
1616 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, 1614 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1617 SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER); 1615 SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER);
1618 goto f_err; 1616 goto f_err;
1619 } 1617 }
1620 1618
1621 p += 3; 1619 p += 3;
1622 1620
1623 /* Next, get the encoded ECPoint */ 1621 /* Next, get the encoded ECPoint */
1624 if (((srvr_ecpoint = EC_POINT_new(group)) == NULL) || 1622 if (((srvr_ecpoint = EC_POINT_new(group)) == NULL) ||
1625 ((bn_ctx = BN_CTX_new()) == NULL)) { 1623 ((bn_ctx = BN_CTX_new()) == NULL)) {
1626 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, 1624 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1627 ERR_R_MALLOC_FAILURE); 1625 ERR_R_MALLOC_FAILURE);
1628 goto err; 1626 goto err;
1629 } 1627 }
1630 1628
1631 encoded_pt_len = *p; 1629 encoded_pt_len = *p;
1632 /* length of encoded point */ 1630 /* length of encoded point */
1633 p += 1; 1631 p += 1;
1634 param_len += (1 + encoded_pt_len); 1632 param_len += (1 + encoded_pt_len);
1635 if ((param_len > n) || 1633 if ((param_len > n) || (EC_POINT_oct2point(group, srvr_ecpoint,
1636 (EC_POINT_oct2point(group, srvr_ecpoint, 1634 p, encoded_pt_len, bn_ctx) == 0)) {
1637 p, encoded_pt_len, bn_ctx) == 0)) { 1635 al = SSL_AD_DECODE_ERROR;
1638 al = SSL_AD_DECODE_ERROR; 1636 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1639 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, 1637 SSL_R_BAD_ECPOINT);
1640 SSL_R_BAD_ECPOINT); 1638 goto f_err;
1641 goto f_err; 1639 }
1642 }
1643 1640
1644 n -= param_len; 1641 n -= param_len;
1645 p += encoded_pt_len; 1642 p += encoded_pt_len;
1646 1643
1647 /* 1644 /*
1648 * The ECC/TLS specification does not mention the use 1645 * The ECC/TLS specification does not mention the use
1649 * of DSA to sign ECParameters in the server key 1646 * of DSA to sign ECParameters in the server key
1650 * exchange message. We do support RSA and ECDSA. 1647 * exchange message. We do support RSA and ECDSA.
1651 */ 1648 */
1652 if (alg_a & SSL_aRSA) 1649 if (alg_a & SSL_aRSA)
1653 pkey = X509_get_pubkey( 1650 pkey = X509_get_pubkey(
1654 s->session->sess_cert->peer_pkeys[ 1651 s->session->sess_cert->peer_pkeys[
1655 SSL_PKEY_RSA_ENC].x509); 1652 SSL_PKEY_RSA_ENC].x509);
1656#ifndef OPENSSL_NO_ECDSA 1653#ifndef OPENSSL_NO_ECDSA
1657 else if (alg_a & SSL_aECDSA) 1654 else if (alg_a & SSL_aECDSA)
1658 pkey = X509_get_pubkey( 1655 pkey = X509_get_pubkey(
1659 s->session->sess_cert->peer_pkeys[ 1656 s->session->sess_cert->peer_pkeys[
1660 SSL_PKEY_ECC].x509); 1657 SSL_PKEY_ECC].x509);
1661#endif 1658#endif
1662 /* Else anonymous ECDH, so no certificate or pkey. */ 1659 /* Else anonymous ECDH, so no certificate or pkey. */
1663 EC_KEY_set_public_key(ecdh, srvr_ecpoint); 1660 EC_KEY_set_public_key(ecdh, srvr_ecpoint);
1664 s->session->sess_cert->peer_ecdh_tmp = ecdh; 1661 s->session->sess_cert->peer_ecdh_tmp = ecdh;
1665 ecdh = NULL; 1662 ecdh = NULL;
1666 BN_CTX_free(bn_ctx); 1663 BN_CTX_free(bn_ctx);
1667 bn_ctx = NULL; 1664 bn_ctx = NULL;
1668 EC_POINT_free(srvr_ecpoint); 1665 EC_POINT_free(srvr_ecpoint);
1669 srvr_ecpoint = NULL; 1666 srvr_ecpoint = NULL;
1670 } else if (alg_k) { 1667 } else if (alg_k) {
1671 al = SSL_AD_UNEXPECTED_MESSAGE; 1668 al = SSL_AD_UNEXPECTED_MESSAGE;
1672 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, 1669 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1673 SSL_R_UNEXPECTED_MESSAGE); 1670 SSL_R_UNEXPECTED_MESSAGE);
1674 goto f_err; 1671 goto f_err;
1675 } 1672 }
1676#endif /* !OPENSSL_NO_ECDH */ 1673#endif /* !OPENSSL_NO_ECDH */
1677 1674
1678 /* p points to the next byte, there are 'n' bytes left */ 1675 /* p points to the next byte, there are 'n' bytes left */
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-23 16:01:26 +0000