summaryrefslogtreecommitdiff
path: root/src/lib/libssl/s3_clnt.c
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--src/lib/libssl/s3_clnt.c3329
1 files changed, 1539 insertions, 1790 deletions
diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c
index 64e7be8d67..b9ca6b6f9b 100644
--- a/src/lib/libssl/s3_clnt.c
+++ b/src/lib/libssl/s3_clnt.c
@@ -168,62 +168,60 @@
168#endif 168#endif
169 169
170static const SSL_METHOD *ssl3_get_client_method(int ver); 170static const SSL_METHOD *ssl3_get_client_method(int ver);
171static int ca_dn_cmp(const X509_NAME * const *a,const X509_NAME * const *b); 171static int ca_dn_cmp(const X509_NAME * const *a, const X509_NAME * const *b);
172 172
173static const SSL_METHOD *ssl3_get_client_method(int ver) 173static const SSL_METHOD
174 { 174*ssl3_get_client_method(int ver)
175{
175 if (ver == SSL3_VERSION) 176 if (ver == SSL3_VERSION)
176 return(SSLv3_client_method()); 177 return (SSLv3_client_method());
177 else 178 else
178 return(NULL); 179 return (NULL);
179 } 180}
180 181
181IMPLEMENT_ssl3_meth_func(SSLv3_client_method, 182IMPLEMENT_ssl3_meth_func(SSLv3_client_method,
182 ssl_undefined_function, 183 ssl_undefined_function, ssl3_connect, ssl3_get_client_method)
183 ssl3_connect,
184 ssl3_get_client_method)
185 184
186int ssl3_connect(SSL *s) 185int
187 { 186ssl3_connect(SSL *s)
188 BUF_MEM *buf=NULL; 187{
189 unsigned long Time=(unsigned long)time(NULL); 188 BUF_MEM *buf = NULL;
190 void (*cb)(const SSL *ssl,int type,int val)=NULL; 189 unsigned long Time = (unsigned long)time(NULL);
191 int ret= -1; 190 void (*cb)(const SSL *ssl, int type, int val) = NULL;
192 int new_state,state,skip=0; 191 int ret = -1;
192 int new_state, state, skip = 0;
193 193
194 RAND_add(&Time,sizeof(Time),0); 194 RAND_add(&Time, sizeof(Time), 0);
195 ERR_clear_error(); 195 ERR_clear_error();
196 errno = 0; 196 errno = 0;
197 197
198 if (s->info_callback != NULL) 198 if (s->info_callback != NULL)
199 cb=s->info_callback; 199 cb = s->info_callback;
200 else if (s->ctx->info_callback != NULL) 200 else if (s->ctx->info_callback != NULL)
201 cb=s->ctx->info_callback; 201 cb = s->ctx->info_callback;
202 202
203 s->in_handshake++; 203 s->in_handshake++;
204 if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); 204 if (!SSL_in_init(s) || SSL_in_before(s))
205 SSL_clear(s);
205 206
206#ifndef OPENSSL_NO_HEARTBEATS 207#ifndef OPENSSL_NO_HEARTBEATS
207 /* If we're awaiting a HeartbeatResponse, pretend we 208 /* If we're awaiting a HeartbeatResponse, pretend we
208 * already got and don't await it anymore, because 209 * already got and don't await it anymore, because
209 * Heartbeats don't make sense during handshakes anyway. 210 * Heartbeats don't make sense during handshakes anyway.
210 */ 211 */
211 if (s->tlsext_hb_pending) 212 if (s->tlsext_hb_pending) {
212 {
213 s->tlsext_hb_pending = 0; 213 s->tlsext_hb_pending = 0;
214 s->tlsext_hb_seq++; 214 s->tlsext_hb_seq++;
215 } 215 }
216#endif 216#endif
217 217
218 for (;;) 218 for (;;) {
219 { 219 state = s->state;
220 state=s->state;
221 220
222 switch(s->state) 221 switch (s->state) {
223 {
224 case SSL_ST_RENEGOTIATE: 222 case SSL_ST_RENEGOTIATE:
225 s->renegotiate=1; 223 s->renegotiate = 1;
226 s->state=SSL_ST_CONNECT; 224 s->state = SSL_ST_CONNECT;
227 s->ctx->stats.sess_connect_renegotiate++; 225 s->ctx->stats.sess_connect_renegotiate++;
228 /* break */ 226 /* break */
229 case SSL_ST_BEFORE: 227 case SSL_ST_BEFORE:
@@ -231,173 +229,172 @@ int ssl3_connect(SSL *s)
231 case SSL_ST_BEFORE|SSL_ST_CONNECT: 229 case SSL_ST_BEFORE|SSL_ST_CONNECT:
232 case SSL_ST_OK|SSL_ST_CONNECT: 230 case SSL_ST_OK|SSL_ST_CONNECT:
233 231
234 s->server=0; 232 s->server = 0;
235 if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1); 233 if (cb != NULL)
234 cb(s, SSL_CB_HANDSHAKE_START, 1);
236 235
237 if ((s->version & 0xff00 ) != 0x0300) 236 if ((s->version & 0xff00 ) != 0x0300) {
238 {
239 SSLerr(SSL_F_SSL3_CONNECT, ERR_R_INTERNAL_ERROR); 237 SSLerr(SSL_F_SSL3_CONNECT, ERR_R_INTERNAL_ERROR);
240 ret = -1; 238 ret = -1;
241 goto end; 239 goto end;
242 } 240 }
243 241
244 /* s->version=SSL3_VERSION; */ 242 /* s->version=SSL3_VERSION; */
245 s->type=SSL_ST_CONNECT; 243 s->type = SSL_ST_CONNECT;
246 244
247 if (s->init_buf == NULL) 245 if (s->init_buf == NULL) {
248 { 246 if ((buf = BUF_MEM_new()) == NULL) {
249 if ((buf=BUF_MEM_new()) == NULL) 247 ret = -1;
250 {
251 ret= -1;
252 goto end; 248 goto end;
253 } 249 }
254 if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH)) 250 if (!BUF_MEM_grow(buf, SSL3_RT_MAX_PLAIN_LENGTH)) {
255 { 251 ret = -1;
256 ret= -1;
257 goto end; 252 goto end;
258 }
259 s->init_buf=buf;
260 buf=NULL;
261 } 253 }
254 s->init_buf = buf;
255 buf = NULL;
256 }
262 257
263 if (!ssl3_setup_buffers(s)) { ret= -1; goto end; } 258 if (!ssl3_setup_buffers(s)) {
259 ret = -1;
260 goto end;
261 }
264 262
265 /* setup buffing BIO */ 263 /* setup buffing BIO */
266 if (!ssl_init_wbio_buffer(s,0)) { ret= -1; goto end; } 264 if (!ssl_init_wbio_buffer(s, 0)) {
265 ret = -1;
266 goto end;
267 }
267 268
268 /* don't push the buffering BIO quite yet */ 269 /* don't push the buffering BIO quite yet */
269 270
270 ssl3_init_finished_mac(s); 271 ssl3_init_finished_mac(s);
271 272
272 s->state=SSL3_ST_CW_CLNT_HELLO_A; 273 s->state = SSL3_ST_CW_CLNT_HELLO_A;
273 s->ctx->stats.sess_connect++; 274 s->ctx->stats.sess_connect++;
274 s->init_num=0; 275 s->init_num = 0;
275 break; 276 break;
276 277
277 case SSL3_ST_CW_CLNT_HELLO_A: 278 case SSL3_ST_CW_CLNT_HELLO_A:
278 case SSL3_ST_CW_CLNT_HELLO_B: 279 case SSL3_ST_CW_CLNT_HELLO_B:
279 280
280 s->shutdown=0; 281 s->shutdown = 0;
281 ret=ssl3_client_hello(s); 282 ret = ssl3_client_hello(s);
282 if (ret <= 0) goto end; 283 if (ret <= 0)
283 s->state=SSL3_ST_CR_SRVR_HELLO_A; 284 goto end;
284 s->init_num=0; 285 s->state = SSL3_ST_CR_SRVR_HELLO_A;
286 s->init_num = 0;
285 287
286 /* turn on buffering for the next lot of output */ 288 /* turn on buffering for the next lot of output */
287 if (s->bbio != s->wbio) 289 if (s->bbio != s->wbio)
288 s->wbio=BIO_push(s->bbio,s->wbio); 290 s->wbio = BIO_push(s->bbio, s->wbio);
289 291
290 break; 292 break;
291 293
292 case SSL3_ST_CR_SRVR_HELLO_A: 294 case SSL3_ST_CR_SRVR_HELLO_A:
293 case SSL3_ST_CR_SRVR_HELLO_B: 295 case SSL3_ST_CR_SRVR_HELLO_B:
294 ret=ssl3_get_server_hello(s); 296 ret = ssl3_get_server_hello(s);
295 if (ret <= 0) goto end; 297 if (ret <= 0)
298 goto end;
296 299
297 if (s->hit) 300 if (s->hit) {
298 { 301 s->state = SSL3_ST_CR_FINISHED_A;
299 s->state=SSL3_ST_CR_FINISHED_A;
300#ifndef OPENSSL_NO_TLSEXT 302#ifndef OPENSSL_NO_TLSEXT
301 if (s->tlsext_ticket_expected) 303 if (s->tlsext_ticket_expected) {
302 {
303 /* receive renewed session ticket */ 304 /* receive renewed session ticket */
304 s->state=SSL3_ST_CR_SESSION_TICKET_A; 305 s->state = SSL3_ST_CR_SESSION_TICKET_A;
305 }
306#endif
307 } 306 }
308 else 307#endif
309 s->state=SSL3_ST_CR_CERT_A; 308 } else
310 s->init_num=0; 309 s->state = SSL3_ST_CR_CERT_A;
310 s->init_num = 0;
311 break; 311 break;
312 312
313 case SSL3_ST_CR_CERT_A: 313 case SSL3_ST_CR_CERT_A:
314 case SSL3_ST_CR_CERT_B: 314 case SSL3_ST_CR_CERT_B:
315#ifndef OPENSSL_NO_TLSEXT 315#ifndef OPENSSL_NO_TLSEXT
316 ret=ssl3_check_finished(s); 316 ret = ssl3_check_finished(s);
317 if (ret <= 0) goto end; 317 if (ret <= 0)
318 if (ret == 2) 318 goto end;
319 { 319 if (ret == 2) {
320 s->hit = 1; 320 s->hit = 1;
321 if (s->tlsext_ticket_expected) 321 if (s->tlsext_ticket_expected)
322 s->state=SSL3_ST_CR_SESSION_TICKET_A; 322 s->state = SSL3_ST_CR_SESSION_TICKET_A;
323 else 323 else
324 s->state=SSL3_ST_CR_FINISHED_A; 324 s->state = SSL3_ST_CR_FINISHED_A;
325 s->init_num=0; 325 s->init_num = 0;
326 break; 326 break;
327 } 327 }
328#endif 328#endif
329 /* Check if it is anon DH/ECDH */ 329 /* Check if it is anon DH/ECDH */
330 /* or PSK */ 330 /* or PSK */
331 if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) && 331 if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) &&
332 !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) 332 !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) {
333 { 333 ret = ssl3_get_server_certificate(s);
334 ret=ssl3_get_server_certificate(s); 334 if (ret <= 0)
335 if (ret <= 0) goto end; 335 goto end;
336#ifndef OPENSSL_NO_TLSEXT 336#ifndef OPENSSL_NO_TLSEXT
337 if (s->tlsext_status_expected) 337 if (s->tlsext_status_expected)
338 s->state=SSL3_ST_CR_CERT_STATUS_A; 338 s->state = SSL3_ST_CR_CERT_STATUS_A;
339 else 339 else
340 s->state=SSL3_ST_CR_KEY_EXCH_A; 340 s->state = SSL3_ST_CR_KEY_EXCH_A;
341 } 341 } else {
342 else
343 {
344 skip = 1; 342 skip = 1;
345 s->state=SSL3_ST_CR_KEY_EXCH_A; 343 s->state = SSL3_ST_CR_KEY_EXCH_A;
346 } 344 }
347#else 345#else
348 } 346 } else
349 else 347 skip = 1;
350 skip=1;
351 348
352 s->state=SSL3_ST_CR_KEY_EXCH_A; 349 s->state = SSL3_ST_CR_KEY_EXCH_A;
353#endif 350#endif
354 s->init_num=0; 351 s->init_num = 0;
355 break; 352 break;
356 353
357 case SSL3_ST_CR_KEY_EXCH_A: 354 case SSL3_ST_CR_KEY_EXCH_A:
358 case SSL3_ST_CR_KEY_EXCH_B: 355 case SSL3_ST_CR_KEY_EXCH_B:
359 ret=ssl3_get_key_exchange(s); 356 ret = ssl3_get_key_exchange(s);
360 if (ret <= 0) goto end; 357 if (ret <= 0)
361 s->state=SSL3_ST_CR_CERT_REQ_A; 358 goto end;
362 s->init_num=0; 359 s->state = SSL3_ST_CR_CERT_REQ_A;
360 s->init_num = 0;
363 361
364 /* at this point we check that we have the 362 /* at this point we check that we have the
365 * required stuff from the server */ 363 * required stuff from the server */
366 if (!ssl3_check_cert_and_algorithm(s)) 364 if (!ssl3_check_cert_and_algorithm(s)) {
367 { 365 ret = -1;
368 ret= -1;
369 goto end; 366 goto end;
370 } 367 }
371 break; 368 break;
372 369
373 case SSL3_ST_CR_CERT_REQ_A: 370 case SSL3_ST_CR_CERT_REQ_A:
374 case SSL3_ST_CR_CERT_REQ_B: 371 case SSL3_ST_CR_CERT_REQ_B:
375 ret=ssl3_get_certificate_request(s); 372 ret = ssl3_get_certificate_request(s);
376 if (ret <= 0) goto end; 373 if (ret <= 0)
377 s->state=SSL3_ST_CR_SRVR_DONE_A; 374 goto end;
378 s->init_num=0; 375 s->state = SSL3_ST_CR_SRVR_DONE_A;
376 s->init_num = 0;
379 break; 377 break;
380 378
381 case SSL3_ST_CR_SRVR_DONE_A: 379 case SSL3_ST_CR_SRVR_DONE_A:
382 case SSL3_ST_CR_SRVR_DONE_B: 380 case SSL3_ST_CR_SRVR_DONE_B:
383 ret=ssl3_get_server_done(s); 381 ret = ssl3_get_server_done(s);
384 if (ret <= 0) goto end; 382 if (ret <= 0)
383 goto end;
385#ifndef OPENSSL_NO_SRP 384#ifndef OPENSSL_NO_SRP
386 if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kSRP) 385 if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kSRP) {
387 { 386 if ((ret = SRP_Calc_A_param(s)) <= 0) {
388 if ((ret = SRP_Calc_A_param(s))<=0) 387 SSLerr(SSL_F_SSL3_CONNECT, SSL_R_SRP_A_CALC);
389 { 388 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
390 SSLerr(SSL_F_SSL3_CONNECT,SSL_R_SRP_A_CALC);
391 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_INTERNAL_ERROR);
392 goto end; 389 goto end;
393 }
394 } 390 }
391 }
395#endif 392#endif
396 if (s->s3->tmp.cert_req) 393 if (s->s3->tmp.cert_req)
397 s->state=SSL3_ST_CW_CERT_A; 394 s->state = SSL3_ST_CW_CERT_A;
398 else 395 else
399 s->state=SSL3_ST_CW_KEY_EXCH_A; 396 s->state = SSL3_ST_CW_KEY_EXCH_A;
400 s->init_num=0; 397 s->init_num = 0;
401 398
402 break; 399 break;
403 400
@@ -405,16 +402,18 @@ int ssl3_connect(SSL *s)
405 case SSL3_ST_CW_CERT_B: 402 case SSL3_ST_CW_CERT_B:
406 case SSL3_ST_CW_CERT_C: 403 case SSL3_ST_CW_CERT_C:
407 case SSL3_ST_CW_CERT_D: 404 case SSL3_ST_CW_CERT_D:
408 ret=ssl3_send_client_certificate(s); 405 ret = ssl3_send_client_certificate(s);
409 if (ret <= 0) goto end; 406 if (ret <= 0)
410 s->state=SSL3_ST_CW_KEY_EXCH_A; 407 goto end;
411 s->init_num=0; 408 s->state = SSL3_ST_CW_KEY_EXCH_A;
409 s->init_num = 0;
412 break; 410 break;
413 411
414 case SSL3_ST_CW_KEY_EXCH_A: 412 case SSL3_ST_CW_KEY_EXCH_A:
415 case SSL3_ST_CW_KEY_EXCH_B: 413 case SSL3_ST_CW_KEY_EXCH_B:
416 ret=ssl3_send_client_key_exchange(s); 414 ret = ssl3_send_client_key_exchange(s);
417 if (ret <= 0) goto end; 415 if (ret <= 0)
416 goto end;
418 /* EAY EAY EAY need to check for DH fix cert 417 /* EAY EAY EAY need to check for DH fix cert
419 * sent back */ 418 * sent back */
420 /* For TLS, cert_req is set to 2, so a cert chain 419 /* For TLS, cert_req is set to 2, so a cert chain
@@ -426,170 +425,165 @@ int ssl3_connect(SSL *s)
426 * message when client's ECDH public key is sent 425 * message when client's ECDH public key is sent
427 * inside the client certificate. 426 * inside the client certificate.
428 */ 427 */
429 if (s->s3->tmp.cert_req == 1) 428 if (s->s3->tmp.cert_req == 1) {
430 { 429 s->state = SSL3_ST_CW_CERT_VRFY_A;
431 s->state=SSL3_ST_CW_CERT_VRFY_A; 430 } else {
432 } 431 s->state = SSL3_ST_CW_CHANGE_A;
433 else 432 s->s3->change_cipher_spec = 0;
434 { 433 }
435 s->state=SSL3_ST_CW_CHANGE_A; 434 if (s->s3->flags & TLS1_FLAGS_SKIP_CERT_VERIFY) {
436 s->s3->change_cipher_spec=0; 435 s->state = SSL3_ST_CW_CHANGE_A;
437 } 436 s->s3->change_cipher_spec = 0;
438 if (s->s3->flags & TLS1_FLAGS_SKIP_CERT_VERIFY) 437 }
439 {
440 s->state=SSL3_ST_CW_CHANGE_A;
441 s->s3->change_cipher_spec=0;
442 }
443 438
444 s->init_num=0; 439 s->init_num = 0;
445 break; 440 break;
446 441
447 case SSL3_ST_CW_CERT_VRFY_A: 442 case SSL3_ST_CW_CERT_VRFY_A:
448 case SSL3_ST_CW_CERT_VRFY_B: 443 case SSL3_ST_CW_CERT_VRFY_B:
449 ret=ssl3_send_client_verify(s); 444 ret = ssl3_send_client_verify(s);
450 if (ret <= 0) goto end; 445 if (ret <= 0)
451 s->state=SSL3_ST_CW_CHANGE_A; 446 goto end;
452 s->init_num=0; 447 s->state = SSL3_ST_CW_CHANGE_A;
453 s->s3->change_cipher_spec=0; 448 s->init_num = 0;
449 s->s3->change_cipher_spec = 0;
454 break; 450 break;
455 451
456 case SSL3_ST_CW_CHANGE_A: 452 case SSL3_ST_CW_CHANGE_A:
457 case SSL3_ST_CW_CHANGE_B: 453 case SSL3_ST_CW_CHANGE_B:
458 ret=ssl3_send_change_cipher_spec(s, 454 ret = ssl3_send_change_cipher_spec(s,
459 SSL3_ST_CW_CHANGE_A,SSL3_ST_CW_CHANGE_B); 455 SSL3_ST_CW_CHANGE_A, SSL3_ST_CW_CHANGE_B);
460 if (ret <= 0) goto end; 456 if (ret <= 0)
457 goto end;
461 458
462#if defined(OPENSSL_NO_TLSEXT) || defined(OPENSSL_NO_NEXTPROTONEG) 459#if defined(OPENSSL_NO_TLSEXT) || defined(OPENSSL_NO_NEXTPROTONEG)
463 s->state=SSL3_ST_CW_FINISHED_A; 460 s->state = SSL3_ST_CW_FINISHED_A;
464#else 461#else
465 if (s->s3->next_proto_neg_seen) 462 if (s->s3->next_proto_neg_seen)
466 s->state=SSL3_ST_CW_NEXT_PROTO_A; 463 s->state = SSL3_ST_CW_NEXT_PROTO_A;
467 else 464 else
468 s->state=SSL3_ST_CW_FINISHED_A; 465 s->state = SSL3_ST_CW_FINISHED_A;
469#endif 466#endif
470 s->init_num=0; 467 s->init_num = 0;
471 468
472 s->session->cipher=s->s3->tmp.new_cipher; 469 s->session->cipher = s->s3->tmp.new_cipher;
473#ifdef OPENSSL_NO_COMP 470#ifdef OPENSSL_NO_COMP
474 s->session->compress_meth=0; 471 s->session->compress_meth = 0;
475#else 472#else
476 if (s->s3->tmp.new_compression == NULL) 473 if (s->s3->tmp.new_compression == NULL)
477 s->session->compress_meth=0; 474 s->session->compress_meth = 0;
478 else 475 else
479 s->session->compress_meth= 476 s->session->compress_meth =
480 s->s3->tmp.new_compression->id; 477 s->s3->tmp.new_compression->id;
481#endif 478#endif
482 if (!s->method->ssl3_enc->setup_key_block(s)) 479 if (!s->method->ssl3_enc->setup_key_block(s)) {
483 { 480 ret = -1;
484 ret= -1;
485 goto end; 481 goto end;
486 } 482 }
487 483
488 if (!s->method->ssl3_enc->change_cipher_state(s, 484 if (!s->method->ssl3_enc->change_cipher_state(s,
489 SSL3_CHANGE_CIPHER_CLIENT_WRITE)) 485 SSL3_CHANGE_CIPHER_CLIENT_WRITE)) {
490 { 486 ret = -1;
491 ret= -1;
492 goto end; 487 goto end;
493 } 488 }
494 489
495 break; 490 break;
496 491
497#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) 492#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
498 case SSL3_ST_CW_NEXT_PROTO_A: 493 case SSL3_ST_CW_NEXT_PROTO_A:
499 case SSL3_ST_CW_NEXT_PROTO_B: 494 case SSL3_ST_CW_NEXT_PROTO_B:
500 ret=ssl3_send_next_proto(s); 495 ret = ssl3_send_next_proto(s);
501 if (ret <= 0) goto end; 496 if (ret <= 0)
502 s->state=SSL3_ST_CW_FINISHED_A; 497 goto end;
498 s->state = SSL3_ST_CW_FINISHED_A;
503 break; 499 break;
504#endif 500#endif
505 501
506 case SSL3_ST_CW_FINISHED_A: 502 case SSL3_ST_CW_FINISHED_A:
507 case SSL3_ST_CW_FINISHED_B: 503 case SSL3_ST_CW_FINISHED_B:
508 ret=ssl3_send_finished(s, 504 ret = ssl3_send_finished(s,
509 SSL3_ST_CW_FINISHED_A,SSL3_ST_CW_FINISHED_B, 505 SSL3_ST_CW_FINISHED_A, SSL3_ST_CW_FINISHED_B,
510 s->method->ssl3_enc->client_finished_label, 506 s->method->ssl3_enc->client_finished_label,
511 s->method->ssl3_enc->client_finished_label_len); 507 s->method->ssl3_enc->client_finished_label_len);
512 if (ret <= 0) goto end; 508 if (ret <= 0)
513 s->state=SSL3_ST_CW_FLUSH; 509 goto end;
510 s->state = SSL3_ST_CW_FLUSH;
514 511
515 /* clear flags */ 512 /* clear flags */
516 s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER; 513 s->s3->flags &= ~SSL3_FLAGS_POP_BUFFER;
517 if (s->hit) 514 if (s->hit) {
518 { 515 s->s3->tmp.next_state = SSL_ST_OK;
519 s->s3->tmp.next_state=SSL_ST_OK; 516 if (s->s3->flags & SSL3_FLAGS_DELAY_CLIENT_FINISHED) {
520 if (s->s3->flags & SSL3_FLAGS_DELAY_CLIENT_FINISHED) 517 s->state = SSL_ST_OK;
521 {
522 s->state=SSL_ST_OK;
523 s->s3->flags|=SSL3_FLAGS_POP_BUFFER; 518 s->s3->flags|=SSL3_FLAGS_POP_BUFFER;
524 s->s3->delay_buf_pop_ret=0; 519 s->s3->delay_buf_pop_ret = 0;
525 }
526 } 520 }
527 else 521 } else {
528 {
529#ifndef OPENSSL_NO_TLSEXT 522#ifndef OPENSSL_NO_TLSEXT
530 /* Allow NewSessionTicket if ticket expected */ 523 /* Allow NewSessionTicket if ticket expected */
531 if (s->tlsext_ticket_expected) 524 if (s->tlsext_ticket_expected)
532 s->s3->tmp.next_state=SSL3_ST_CR_SESSION_TICKET_A; 525 s->s3->tmp.next_state = SSL3_ST_CR_SESSION_TICKET_A;
533 else 526 else
534#endif 527#endif
535 528
536 s->s3->tmp.next_state=SSL3_ST_CR_FINISHED_A; 529 s->s3->tmp.next_state = SSL3_ST_CR_FINISHED_A;
537 } 530 }
538 s->init_num=0; 531 s->init_num = 0;
539 break; 532 break;
540 533
541#ifndef OPENSSL_NO_TLSEXT 534#ifndef OPENSSL_NO_TLSEXT
542 case SSL3_ST_CR_SESSION_TICKET_A: 535 case SSL3_ST_CR_SESSION_TICKET_A:
543 case SSL3_ST_CR_SESSION_TICKET_B: 536 case SSL3_ST_CR_SESSION_TICKET_B:
544 ret=ssl3_get_new_session_ticket(s); 537 ret = ssl3_get_new_session_ticket(s);
545 if (ret <= 0) goto end; 538 if (ret <= 0)
546 s->state=SSL3_ST_CR_FINISHED_A; 539 goto end;
547 s->init_num=0; 540 s->state = SSL3_ST_CR_FINISHED_A;
548 break; 541 s->init_num = 0;
542 break;
549 543
550 case SSL3_ST_CR_CERT_STATUS_A: 544 case SSL3_ST_CR_CERT_STATUS_A:
551 case SSL3_ST_CR_CERT_STATUS_B: 545 case SSL3_ST_CR_CERT_STATUS_B:
552 ret=ssl3_get_cert_status(s); 546 ret = ssl3_get_cert_status(s);
553 if (ret <= 0) goto end; 547 if (ret <= 0)
554 s->state=SSL3_ST_CR_KEY_EXCH_A; 548 goto end;
555 s->init_num=0; 549 s->state = SSL3_ST_CR_KEY_EXCH_A;
556 break; 550 s->init_num = 0;
551 break;
557#endif 552#endif
558 553
559 case SSL3_ST_CR_FINISHED_A: 554 case SSL3_ST_CR_FINISHED_A:
560 case SSL3_ST_CR_FINISHED_B: 555 case SSL3_ST_CR_FINISHED_B:
561 556
562 ret=ssl3_get_finished(s,SSL3_ST_CR_FINISHED_A, 557 ret = ssl3_get_finished(s, SSL3_ST_CR_FINISHED_A,
563 SSL3_ST_CR_FINISHED_B); 558 SSL3_ST_CR_FINISHED_B);
564 if (ret <= 0) goto end; 559 if (ret <= 0)
560 goto end;
565 561
566 if (s->hit) 562 if (s->hit)
567 s->state=SSL3_ST_CW_CHANGE_A; 563 s->state = SSL3_ST_CW_CHANGE_A;
568 else 564 else
569 s->state=SSL_ST_OK; 565 s->state = SSL_ST_OK;
570 s->init_num=0; 566 s->init_num = 0;
571 break; 567 break;
572 568
573 case SSL3_ST_CW_FLUSH: 569 case SSL3_ST_CW_FLUSH:
574 s->rwstate=SSL_WRITING; 570 s->rwstate = SSL_WRITING;
575 if (BIO_flush(s->wbio) <= 0) 571 if (BIO_flush(s->wbio) <= 0) {
576 { 572 ret = -1;
577 ret= -1;
578 goto end; 573 goto end;
579 } 574 }
580 s->rwstate=SSL_NOTHING; 575 s->rwstate = SSL_NOTHING;
581 s->state=s->s3->tmp.next_state; 576 s->state = s->s3->tmp.next_state;
582 break; 577 break;
583 578
584 case SSL_ST_OK: 579 case SSL_ST_OK:
585 /* clean a few things up */ 580 /* clean a few things up */
586 ssl3_cleanup_key_block(s); 581 ssl3_cleanup_key_block(s);
587 582
588 if (s->init_buf != NULL) 583 if (s->init_buf != NULL) {
589 {
590 BUF_MEM_free(s->init_buf); 584 BUF_MEM_free(s->init_buf);
591 s->init_buf=NULL; 585 s->init_buf = NULL;
592 } 586 }
593 587
594 /* If we are not 'joining' the last two packets, 588 /* If we are not 'joining' the last two packets,
595 * remove the buffering now */ 589 * remove the buffering now */
@@ -597,63 +591,63 @@ int ssl3_connect(SSL *s)
597 ssl_free_wbio_buffer(s); 591 ssl_free_wbio_buffer(s);
598 /* else do it later in ssl3_write */ 592 /* else do it later in ssl3_write */
599 593
600 s->init_num=0; 594 s->init_num = 0;
601 s->renegotiate=0; 595 s->renegotiate = 0;
602 s->new_session=0; 596 s->new_session = 0;
603 597
604 ssl_update_cache(s,SSL_SESS_CACHE_CLIENT); 598 ssl_update_cache(s, SSL_SESS_CACHE_CLIENT);
605 if (s->hit) s->ctx->stats.sess_hit++; 599 if (s->hit)
600 s->ctx->stats.sess_hit++;
606 601
607 ret=1; 602 ret = 1;
608 /* s->server=0; */ 603 /* s->server=0; */
609 s->handshake_func=ssl3_connect; 604 s->handshake_func = ssl3_connect;
610 s->ctx->stats.sess_connect_good++; 605 s->ctx->stats.sess_connect_good++;
611 606
612 if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1); 607 if (cb != NULL)
608 cb(s, SSL_CB_HANDSHAKE_DONE, 1);
613 609
614 goto end; 610 goto end;
615 /* break; */ 611 /* break; */
616 612
617 default: 613 default:
618 SSLerr(SSL_F_SSL3_CONNECT,SSL_R_UNKNOWN_STATE); 614 SSLerr(SSL_F_SSL3_CONNECT, SSL_R_UNKNOWN_STATE);
619 ret= -1; 615 ret = -1;
620 goto end; 616 goto end;
621 /* break; */ 617 /* break; */
622 } 618 }
623 619
624 /* did we do anything */ 620 /* did we do anything */
625 if (!s->s3->tmp.reuse_message && !skip) 621 if (!s->s3->tmp.reuse_message && !skip) {
626 { 622 if (s->debug) {
627 if (s->debug) 623 if ((ret = BIO_flush(s->wbio)) <= 0)
628 {
629 if ((ret=BIO_flush(s->wbio)) <= 0)
630 goto end; 624 goto end;
631 } 625 }
632 626
633 if ((cb != NULL) && (s->state != state)) 627 if ((cb != NULL) && (s->state != state)) {
634 { 628 new_state = s->state;
635 new_state=s->state; 629 s->state = state;
636 s->state=state; 630 cb(s, SSL_CB_CONNECT_LOOP, 1);
637 cb(s,SSL_CB_CONNECT_LOOP,1); 631 s->state = new_state;
638 s->state=new_state;
639 }
640 } 632 }
641 skip=0;
642 } 633 }
634 skip = 0;
635 }
643end: 636end:
644 s->in_handshake--; 637 s->in_handshake--;
645 if (buf != NULL) 638 if (buf != NULL)
646 BUF_MEM_free(buf); 639 BUF_MEM_free(buf);
647 if (cb != NULL) 640 if (cb != NULL)
648 cb(s,SSL_CB_CONNECT_EXIT,ret); 641 cb(s, SSL_CB_CONNECT_EXIT, ret);
649 return(ret); 642 return (ret);
650 } 643}
651 644
652 645
653int ssl3_client_hello(SSL *s) 646int
654 { 647ssl3_client_hello(SSL *s)
648{
655 unsigned char *buf; 649 unsigned char *buf;
656 unsigned char *p,*d; 650 unsigned char *p, *d;
657 int i; 651 int i;
658 unsigned long l; 652 unsigned long l;
659#ifndef OPENSSL_NO_COMP 653#ifndef OPENSSL_NO_COMP
@@ -661,31 +655,29 @@ int ssl3_client_hello(SSL *s)
661 SSL_COMP *comp; 655 SSL_COMP *comp;
662#endif 656#endif
663 657
664 buf=(unsigned char *)s->init_buf->data; 658 buf = (unsigned char *)s->init_buf->data;
665 if (s->state == SSL3_ST_CW_CLNT_HELLO_A) 659 if (s->state == SSL3_ST_CW_CLNT_HELLO_A) {
666 {
667 SSL_SESSION *sess = s->session; 660 SSL_SESSION *sess = s->session;
668 if ((sess == NULL) || 661 if ((sess == NULL) ||
669 (sess->ssl_version != s->version) || 662 (sess->ssl_version != s->version) ||
670#ifdef OPENSSL_NO_TLSEXT 663#ifdef OPENSSL_NO_TLSEXT
671 !sess->session_id_length || 664 !sess->session_id_length ||
672#else 665#else
673 (!sess->session_id_length && !sess->tlsext_tick) || 666 (!sess->session_id_length && !sess->tlsext_tick) ||
674#endif 667#endif
675 (sess->not_resumable)) 668 (sess->not_resumable)) {
676 { 669 if (!ssl_get_new_session(s, 0))
677 if (!ssl_get_new_session(s,0))
678 goto err; 670 goto err;
679 } 671 }
680 /* else use the pre-loaded session */ 672 /* else use the pre-loaded session */
681 673
682 p=s->s3->client_random; 674 p = s->s3->client_random;
683 675
684 if (ssl_fill_hello_random(s, 0, p, SSL3_RANDOM_SIZE) <= 0) 676 if (ssl_fill_hello_random(s, 0, p, SSL3_RANDOM_SIZE) <= 0)
685 goto err; 677 goto err;
686 678
687 /* Do the message type and length last */ 679 /* Do the message type and length last */
688 d=p= &(buf[4]); 680 d = p= &(buf[4]);
689 681
690 /* version indicates the negotiated version: for example from 682 /* version indicates the negotiated version: for example from
691 * an SSLv2/v3 compatible client hello). The client_version 683 * an SSLv2/v3 compatible client hello). The client_version
@@ -717,562 +709,510 @@ int ssl3_client_hello(SSL *s)
717 * the negotiated version. 709 * the negotiated version.
718 */ 710 */
719#if 0 711#if 0
720 *(p++)=s->version>>8; 712 *(p++) = s->version >> 8;
721 *(p++)=s->version&0xff; 713 *(p++) = s->version&0xff;
722 s->client_version=s->version; 714 s->client_version = s->version;
723#else 715#else
724 *(p++)=s->client_version>>8; 716 *(p++) = s->client_version >> 8;
725 *(p++)=s->client_version&0xff; 717 *(p++) = s->client_version&0xff;
726#endif 718#endif
727 719
728 /* Random stuff */ 720 /* Random stuff */
729 memcpy(p,s->s3->client_random,SSL3_RANDOM_SIZE); 721 memcpy(p, s->s3->client_random, SSL3_RANDOM_SIZE);
730 p+=SSL3_RANDOM_SIZE; 722 p += SSL3_RANDOM_SIZE;
731 723
732 /* Session ID */ 724 /* Session ID */
733 if (s->new_session) 725 if (s->new_session)
734 i=0; 726 i = 0;
735 else 727 else
736 i=s->session->session_id_length; 728 i = s->session->session_id_length;
737 *(p++)=i; 729 *(p++) = i;
738 if (i != 0) 730 if (i != 0) {
739 { 731 if (i > (int)sizeof(s->session->session_id)) {
740 if (i > (int)sizeof(s->session->session_id))
741 {
742 SSLerr(SSL_F_SSL3_CLIENT_HELLO, ERR_R_INTERNAL_ERROR); 732 SSLerr(SSL_F_SSL3_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
743 goto err; 733 goto err;
744 }
745 memcpy(p,s->session->session_id,i);
746 p+=i;
747 } 734 }
748 735 memcpy(p, s->session->session_id, i);
736 p += i;
737 }
738
749 /* Ciphers supported */ 739 /* Ciphers supported */
750 i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),&(p[2]),0); 740 i = ssl_cipher_list_to_bytes(s, SSL_get_ciphers(s), &(p[2]), 0);
751 if (i == 0) 741 if (i == 0) {
752 { 742 SSLerr(SSL_F_SSL3_CLIENT_HELLO, SSL_R_NO_CIPHERS_AVAILABLE);
753 SSLerr(SSL_F_SSL3_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE);
754 goto err; 743 goto err;
755 } 744 }
756#ifdef OPENSSL_MAX_TLS1_2_CIPHER_LENGTH 745#ifdef OPENSSL_MAX_TLS1_2_CIPHER_LENGTH
757 /* Some servers hang if client hello > 256 bytes 746 /* Some servers hang if client hello > 256 bytes
758 * as hack workaround chop number of supported ciphers 747 * as hack workaround chop number of supported ciphers
759 * to keep it well below this if we use TLS v1.2 748 * to keep it well below this if we use TLS v1.2
760 */ 749 */
761 if (TLS1_get_version(s) >= TLS1_2_VERSION 750 if (TLS1_get_version(s) >= TLS1_2_VERSION &&
762 && i > OPENSSL_MAX_TLS1_2_CIPHER_LENGTH) 751 i > OPENSSL_MAX_TLS1_2_CIPHER_LENGTH)
763 i = OPENSSL_MAX_TLS1_2_CIPHER_LENGTH & ~1; 752 i = OPENSSL_MAX_TLS1_2_CIPHER_LENGTH & ~1;
764#endif 753#endif
765 s2n(i,p); 754 s2n(i, p);
766 p+=i; 755 p += i;
767 756
768 /* COMPRESSION */ 757 /* COMPRESSION */
769#ifdef OPENSSL_NO_COMP 758#ifdef OPENSSL_NO_COMP
770 *(p++)=1; 759 *(p++) = 1;
771#else 760#else
772 761
773 if ((s->options & SSL_OP_NO_COMPRESSION) 762 if ((s->options & SSL_OP_NO_COMPRESSION) ||
774 || !s->ctx->comp_methods) 763 !s->ctx->comp_methods)
775 j=0; 764 j = 0;
776 else 765 else
777 j=sk_SSL_COMP_num(s->ctx->comp_methods); 766 j = sk_SSL_COMP_num(s->ctx->comp_methods);
778 *(p++)=1+j; 767 *(p++) = 1 + j;
779 for (i=0; i<j; i++) 768 for (i = 0; i < j; i++) {
780 { 769 comp = sk_SSL_COMP_value(s->ctx->comp_methods, i);
781 comp=sk_SSL_COMP_value(s->ctx->comp_methods,i); 770 *(p++) = comp->id;
782 *(p++)=comp->id; 771 }
783 }
784#endif 772#endif
785 *(p++)=0; /* Add the NULL method */ 773 *(p++) = 0; /* Add the NULL method */
786 774
787#ifndef OPENSSL_NO_TLSEXT 775#ifndef OPENSSL_NO_TLSEXT
788 /* TLS extensions*/ 776 /* TLS extensions*/
789 if (ssl_prepare_clienthello_tlsext(s) <= 0) 777 if (ssl_prepare_clienthello_tlsext(s) <= 0) {
790 { 778 SSLerr(SSL_F_SSL3_CLIENT_HELLO, SSL_R_CLIENTHELLO_TLSEXT);
791 SSLerr(SSL_F_SSL3_CLIENT_HELLO,SSL_R_CLIENTHELLO_TLSEXT);
792 goto err; 779 goto err;
793 } 780 }
794 if ((p = ssl_add_clienthello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) 781 if ((p = ssl_add_clienthello_tlsext(s, p, buf + SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) {
795 { 782 SSLerr(SSL_F_SSL3_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
796 SSLerr(SSL_F_SSL3_CLIENT_HELLO,ERR_R_INTERNAL_ERROR);
797 goto err; 783 goto err;
798 } 784 }
799#endif 785#endif
800
801 l=(p-d);
802 d=buf;
803 *(d++)=SSL3_MT_CLIENT_HELLO;
804 l2n3(l,d);
805 786
806 s->state=SSL3_ST_CW_CLNT_HELLO_B; 787 l = (p - d);
788 d = buf;
789 *(d++) = SSL3_MT_CLIENT_HELLO;
790 l2n3(l, d);
791
792 s->state = SSL3_ST_CW_CLNT_HELLO_B;
807 /* number of bytes to write */ 793 /* number of bytes to write */
808 s->init_num=p-buf; 794 s->init_num = p - buf;
809 s->init_off=0; 795 s->init_off = 0;
810 } 796 }
811 797
812 /* SSL3_ST_CW_CLNT_HELLO_B */ 798 /* SSL3_ST_CW_CLNT_HELLO_B */
813 return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); 799 return (ssl3_do_write(s, SSL3_RT_HANDSHAKE));
814err: 800err:
815 return(-1); 801 return (-1);
816 } 802}
817 803
818int ssl3_get_server_hello(SSL *s) 804int
819 { 805ssl3_get_server_hello(SSL *s)
806{
820 STACK_OF(SSL_CIPHER) *sk; 807 STACK_OF(SSL_CIPHER) *sk;
821 const SSL_CIPHER *c; 808 const SSL_CIPHER *c;
822 unsigned char *p,*d; 809 unsigned char *p, *d;
823 int i,al,ok; 810 int i, al, ok;
824 unsigned int j; 811 unsigned int j;
825 long n; 812 long n;
826#ifndef OPENSSL_NO_COMP 813#ifndef OPENSSL_NO_COMP
827 SSL_COMP *comp; 814 SSL_COMP *comp;
828#endif 815#endif
829 816
830 n=s->method->ssl_get_message(s, 817 n = s->method->ssl_get_message(s, SSL3_ST_CR_SRVR_HELLO_A,
831 SSL3_ST_CR_SRVR_HELLO_A, 818 SSL3_ST_CR_SRVR_HELLO_B, -1, 20000, /* ?? */ &ok);
832 SSL3_ST_CR_SRVR_HELLO_B,
833 -1,
834 20000, /* ?? */
835 &ok);
836 819
837 if (!ok) return((int)n); 820 if (!ok)
821 return ((int)n);
838 822
839 if ( SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER) 823 if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER) {
840 { 824 if (s->s3->tmp.message_type == DTLS1_MT_HELLO_VERIFY_REQUEST) {
841 if ( s->s3->tmp.message_type == DTLS1_MT_HELLO_VERIFY_REQUEST) 825 if (s->d1->send_cookie == 0) {
842 {
843 if ( s->d1->send_cookie == 0)
844 {
845 s->s3->tmp.reuse_message = 1; 826 s->s3->tmp.reuse_message = 1;
846 return 1; 827 return 1;
847 } 828 }
848 else /* already sent a cookie */ 829 else /* already sent a cookie */
849 { 830 {
850 al=SSL_AD_UNEXPECTED_MESSAGE; 831 al = SSL_AD_UNEXPECTED_MESSAGE;
851 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_BAD_MESSAGE_TYPE); 832 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_BAD_MESSAGE_TYPE);
852 goto f_err; 833 goto f_err;
853 }
854 } 834 }
855 } 835 }
856 836 }
857 if ( s->s3->tmp.message_type != SSL3_MT_SERVER_HELLO) 837
858 { 838 if (s->s3->tmp.message_type != SSL3_MT_SERVER_HELLO) {
859 al=SSL_AD_UNEXPECTED_MESSAGE; 839 al = SSL_AD_UNEXPECTED_MESSAGE;
860 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_BAD_MESSAGE_TYPE); 840 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_BAD_MESSAGE_TYPE);
861 goto f_err; 841 goto f_err;
862 } 842 }
863 843
864 d=p=(unsigned char *)s->init_msg; 844 d = p=(unsigned char *)s->init_msg;
865 845
866 if ((p[0] != (s->version>>8)) || (p[1] != (s->version&0xff))) 846 if ((p[0] != (s->version >> 8)) || (p[1] != (s->version & 0xff))) {
867 { 847 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_WRONG_SSL_VERSION);
868 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_WRONG_SSL_VERSION); 848 s->version = (s->version&0xff00)|p[1];
869 s->version=(s->version&0xff00)|p[1]; 849 al = SSL_AD_PROTOCOL_VERSION;
870 al=SSL_AD_PROTOCOL_VERSION;
871 goto f_err; 850 goto f_err;
872 } 851 }
873 p+=2; 852 p += 2;
874 853
875 /* load the server hello data */ 854 /* load the server hello data */
876 /* load the server random */ 855 /* load the server random */
877 memcpy(s->s3->server_random,p,SSL3_RANDOM_SIZE); 856 memcpy(s->s3->server_random, p, SSL3_RANDOM_SIZE);
878 p+=SSL3_RANDOM_SIZE; 857 p += SSL3_RANDOM_SIZE;
879 858
880 /* get the session-id */ 859 /* get the session-id */
881 j= *(p++); 860 j= *(p++);
882 861
883 if ((j > sizeof s->session->session_id) || (j > SSL3_SESSION_ID_SIZE)) 862 if ((j > sizeof s->session->session_id) || (j > SSL3_SESSION_ID_SIZE)) {
884 { 863 al = SSL_AD_ILLEGAL_PARAMETER;
885 al=SSL_AD_ILLEGAL_PARAMETER; 864 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_SSL3_SESSION_ID_TOO_LONG);
886 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_SSL3_SESSION_ID_TOO_LONG);
887 goto f_err; 865 goto f_err;
888 } 866 }
889 867
890#ifndef OPENSSL_NO_TLSEXT 868#ifndef OPENSSL_NO_TLSEXT
891 /* check if we want to resume the session based on external pre-shared secret */ 869 /* check if we want to resume the session based on external pre-shared secret */
892 if (s->version >= TLS1_VERSION && s->tls_session_secret_cb) 870 if (s->version >= TLS1_VERSION && s->tls_session_secret_cb) {
893 { 871 SSL_CIPHER *pref_cipher = NULL;
894 SSL_CIPHER *pref_cipher=NULL; 872 s->session->master_key_length = sizeof(s->session->master_key);
895 s->session->master_key_length=sizeof(s->session->master_key);
896 if (s->tls_session_secret_cb(s, s->session->master_key, 873 if (s->tls_session_secret_cb(s, s->session->master_key,
897 &s->session->master_key_length, 874 &s->session->master_key_length, NULL, &pref_cipher,
898 NULL, &pref_cipher, 875 s->tls_session_secret_cb_arg)) {
899 s->tls_session_secret_cb_arg))
900 {
901 s->session->cipher = pref_cipher ? 876 s->session->cipher = pref_cipher ?
902 pref_cipher : ssl_get_cipher_by_char(s, p+j); 877 pref_cipher : ssl_get_cipher_by_char(s, p + j);
903 }
904 } 878 }
879 }
905#endif /* OPENSSL_NO_TLSEXT */ 880#endif /* OPENSSL_NO_TLSEXT */
906 881
907 if (j != 0 && j == s->session->session_id_length 882 if (j != 0 && j == s->session->session_id_length &&
908 && memcmp(p,s->session->session_id,j) == 0) 883 memcmp(p, s->session->session_id, j) == 0) {
909 { 884 if (s->sid_ctx_length != s->session->sid_ctx_length ||
910 if(s->sid_ctx_length != s->session->sid_ctx_length 885 memcmp(s->session->sid_ctx, s->sid_ctx, s->sid_ctx_length)) {
911 || memcmp(s->session->sid_ctx,s->sid_ctx,s->sid_ctx_length)) 886 /* actually a client application bug */
912 { 887 al = SSL_AD_ILLEGAL_PARAMETER;
913 /* actually a client application bug */ 888 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT);
914 al=SSL_AD_ILLEGAL_PARAMETER; 889 goto f_err;
915 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT);
916 goto f_err;
917 } 890 }
918 s->hit=1; 891 s->hit = 1;
919 } 892 }
920 else /* a miss or crap from the other end */ 893 else /* a miss or crap from the other end */
921 { 894 {
922 /* If we were trying for session-id reuse, make a new 895 /* If we were trying for session-id reuse, make a new
923 * SSL_SESSION so we don't stuff up other people */ 896 * SSL_SESSION so we don't stuff up other people */
924 s->hit=0; 897 s->hit = 0;
925 if (s->session->session_id_length > 0) 898 if (s->session->session_id_length > 0) {
926 { 899 if (!ssl_get_new_session(s, 0)) {
927 if (!ssl_get_new_session(s,0)) 900 al = SSL_AD_INTERNAL_ERROR;
928 {
929 al=SSL_AD_INTERNAL_ERROR;
930 goto f_err; 901 goto f_err;
931 }
932 } 902 }
933 s->session->session_id_length=j;
934 memcpy(s->session->session_id,p,j); /* j could be 0 */
935 } 903 }
936 p+=j; 904 s->session->session_id_length = j;
937 c=ssl_get_cipher_by_char(s,p); 905 memcpy(s->session->session_id,p,j); /* j could be 0 */
938 if (c == NULL) 906 }
939 { 907 p += j;
908 c = ssl_get_cipher_by_char(s, p);
909 if (c == NULL) {
940 /* unknown cipher */ 910 /* unknown cipher */
941 al=SSL_AD_ILLEGAL_PARAMETER; 911 al = SSL_AD_ILLEGAL_PARAMETER;
942 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_UNKNOWN_CIPHER_RETURNED); 912 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_UNKNOWN_CIPHER_RETURNED);
943 goto f_err; 913 goto f_err;
944 } 914 }
945 /* TLS v1.2 only ciphersuites require v1.2 or later */ 915 /* TLS v1.2 only ciphersuites require v1.2 or later */
946 if ((c->algorithm_ssl & SSL_TLSV1_2) && 916 if ((c->algorithm_ssl & SSL_TLSV1_2) &&
947 (TLS1_get_version(s) < TLS1_2_VERSION)) 917 (TLS1_get_version(s) < TLS1_2_VERSION)) {
948 { 918 al = SSL_AD_ILLEGAL_PARAMETER;
949 al=SSL_AD_ILLEGAL_PARAMETER; 919 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_WRONG_CIPHER_RETURNED);
950 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_WRONG_CIPHER_RETURNED);
951 goto f_err; 920 goto f_err;
952 } 921 }
953 p+=ssl_put_cipher_by_char(s,NULL,NULL); 922 p += ssl_put_cipher_by_char(s, NULL, NULL);
954 923
955 sk=ssl_get_ciphers_by_id(s); 924 sk = ssl_get_ciphers_by_id(s);
956 i=sk_SSL_CIPHER_find(sk,c); 925 i = sk_SSL_CIPHER_find(sk, c);
957 if (i < 0) 926 if (i < 0) {
958 {
959 /* we did not say we would use this cipher */ 927 /* we did not say we would use this cipher */
960 al=SSL_AD_ILLEGAL_PARAMETER; 928 al = SSL_AD_ILLEGAL_PARAMETER;
961 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_WRONG_CIPHER_RETURNED); 929 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_WRONG_CIPHER_RETURNED);
962 goto f_err; 930 goto f_err;
963 } 931 }
964 932
965 /* Depending on the session caching (internal/external), the cipher 933 /* Depending on the session caching (internal/external), the cipher
966 and/or cipher_id values may not be set. Make sure that 934 and/or cipher_id values may not be set. Make sure that
967 cipher_id is set and use it for comparison. */ 935 cipher_id is set and use it for comparison. */
968 if (s->session->cipher) 936 if (s->session->cipher)
969 s->session->cipher_id = s->session->cipher->id; 937 s->session->cipher_id = s->session->cipher->id;
970 if (s->hit && (s->session->cipher_id != c->id)) 938 if (s->hit && (s->session->cipher_id != c->id)) {
971 {
972/* Workaround is now obsolete */ 939/* Workaround is now obsolete */
973#if 0 940#if 0
974 if (!(s->options & 941 if (!(s->options & SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG))
975 SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG))
976#endif 942#endif
977 { 943 {
978 al=SSL_AD_ILLEGAL_PARAMETER; 944 al = SSL_AD_ILLEGAL_PARAMETER;
979 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED); 945 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED);
980 goto f_err; 946 goto f_err;
981 }
982 } 947 }
983 s->s3->tmp.new_cipher=c; 948 }
949 s->s3->tmp.new_cipher = c;
984 /* Don't digest cached records if TLS v1.2: we may need them for 950 /* Don't digest cached records if TLS v1.2: we may need them for
985 * client authentication. 951 * client authentication.
986 */ 952 */
987 if (TLS1_get_version(s) < TLS1_2_VERSION && !ssl3_digest_cached_records(s)) 953 if (TLS1_get_version(s) < TLS1_2_VERSION && !ssl3_digest_cached_records(s)) {
988 {
989 al = SSL_AD_INTERNAL_ERROR; 954 al = SSL_AD_INTERNAL_ERROR;
990 goto f_err; 955 goto f_err;
991 } 956 }
992 /* lets get the compression algorithm */ 957 /* lets get the compression algorithm */
993 /* COMPRESSION */ 958 /* COMPRESSION */
994#ifdef OPENSSL_NO_COMP 959#ifdef OPENSSL_NO_COMP
995 if (*(p++) != 0) 960 if (*(p++) != 0) {
996 { 961 al = SSL_AD_ILLEGAL_PARAMETER;
997 al=SSL_AD_ILLEGAL_PARAMETER; 962 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
998 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
999 goto f_err; 963 goto f_err;
1000 } 964 }
1001 /* If compression is disabled we'd better not try to resume a session 965 /* If compression is disabled we'd better not try to resume a session
1002 * using compression. 966 * using compression.
1003 */ 967 */
1004 if (s->session->compress_meth != 0) 968 if (s->session->compress_meth != 0) {
1005 { 969 al = SSL_AD_INTERNAL_ERROR;
1006 al=SSL_AD_INTERNAL_ERROR; 970 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_INCONSISTENT_COMPRESSION);
1007 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_INCONSISTENT_COMPRESSION);
1008 goto f_err; 971 goto f_err;
1009 } 972 }
1010#else 973#else
1011 j= *(p++); 974 j= *(p++);
1012 if (s->hit && j != s->session->compress_meth) 975 if (s->hit && j != s->session->compress_meth) {
1013 { 976 al = SSL_AD_ILLEGAL_PARAMETER;
1014 al=SSL_AD_ILLEGAL_PARAMETER; 977 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED);
1015 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED);
1016 goto f_err; 978 goto f_err;
1017 } 979 }
1018 if (j == 0) 980 if (j == 0)
1019 comp=NULL; 981 comp = NULL;
1020 else if (s->options & SSL_OP_NO_COMPRESSION) 982 else if (s->options & SSL_OP_NO_COMPRESSION) {
1021 { 983 al = SSL_AD_ILLEGAL_PARAMETER;
1022 al=SSL_AD_ILLEGAL_PARAMETER; 984 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_COMPRESSION_DISABLED);
1023 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_COMPRESSION_DISABLED);
1024 goto f_err; 985 goto f_err;
1025 } 986 } else
1026 else 987 comp = ssl3_comp_find(s->ctx->comp_methods, j);
1027 comp=ssl3_comp_find(s->ctx->comp_methods,j); 988
1028 989 if ((j != 0) && (comp == NULL)) {
1029 if ((j != 0) && (comp == NULL)) 990 al = SSL_AD_ILLEGAL_PARAMETER;
1030 { 991 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
1031 al=SSL_AD_ILLEGAL_PARAMETER;
1032 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
1033 goto f_err; 992 goto f_err;
1034 } 993 } else {
1035 else 994 s->s3->tmp.new_compression = comp;
1036 { 995 }
1037 s->s3->tmp.new_compression=comp;
1038 }
1039#endif 996#endif
1040 997
1041#ifndef OPENSSL_NO_TLSEXT 998#ifndef OPENSSL_NO_TLSEXT
1042 /* TLS extensions*/ 999 /* TLS extensions*/
1043 if (s->version >= SSL3_VERSION) 1000 if (s->version >= SSL3_VERSION) {
1044 { 1001 if (!ssl_parse_serverhello_tlsext(s, &p, d, n, &al)) {
1045 if (!ssl_parse_serverhello_tlsext(s,&p,d,n, &al))
1046 {
1047 /* 'al' set by ssl_parse_serverhello_tlsext */ 1002 /* 'al' set by ssl_parse_serverhello_tlsext */
1048 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_PARSE_TLSEXT); 1003 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_PARSE_TLSEXT);
1049 goto f_err; 1004 goto f_err;
1050 } 1005
1051 if (ssl_check_serverhello_tlsext(s) <= 0)
1052 {
1053 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_SERVERHELLO_TLSEXT);
1054 goto err;
1055 }
1056 } 1006 }
1007 if (ssl_check_serverhello_tlsext(s) <= 0) {
1008 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_SERVERHELLO_TLSEXT);
1009 goto err;
1010 }
1011 }
1057#endif 1012#endif
1058 1013
1059 if (p != (d+n)) 1014 if (p != (d + n)) {
1060 {
1061 /* wrong packet length */ 1015 /* wrong packet length */
1062 al=SSL_AD_DECODE_ERROR; 1016 al = SSL_AD_DECODE_ERROR;
1063 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_BAD_PACKET_LENGTH); 1017 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_BAD_PACKET_LENGTH);
1064 goto f_err; 1018 goto f_err;
1065 } 1019 }
1066 1020
1067 return(1); 1021 return (1);
1068f_err: 1022f_err:
1069 ssl3_send_alert(s,SSL3_AL_FATAL,al); 1023 ssl3_send_alert(s, SSL3_AL_FATAL, al);
1070err: 1024err:
1071 return(-1); 1025 return (-1);
1072 } 1026}
1073 1027
1074int ssl3_get_server_certificate(SSL *s) 1028int
1075 { 1029ssl3_get_server_certificate(SSL *s)
1076 int al,i,ok,ret= -1; 1030{
1077 unsigned long n,nc,llen,l; 1031 int al, i, ok, ret = -1;
1078 X509 *x=NULL; 1032 unsigned long n, nc, llen, l;
1079 const unsigned char *q,*p; 1033 X509 *x = NULL;
1034 const unsigned char *q, *p;
1080 unsigned char *d; 1035 unsigned char *d;
1081 STACK_OF(X509) *sk=NULL; 1036 STACK_OF(X509) *sk = NULL;
1082 SESS_CERT *sc; 1037 SESS_CERT *sc;
1083 EVP_PKEY *pkey=NULL; 1038 EVP_PKEY *pkey = NULL;
1084 int need_cert = 1; /* VRS: 0=> will allow null cert if auth == KRB5 */ 1039 int need_cert = 1; /* VRS: 0=> will allow null cert if auth == KRB5 */
1085 1040
1086 n=s->method->ssl_get_message(s, 1041 n = s->method->ssl_get_message(s, SSL3_ST_CR_CERT_A,
1087 SSL3_ST_CR_CERT_A, 1042 SSL3_ST_CR_CERT_B, -1, s->max_cert_list, &ok);
1088 SSL3_ST_CR_CERT_B,
1089 -1,
1090 s->max_cert_list,
1091 &ok);
1092 1043
1093 if (!ok) return((int)n); 1044 if (!ok)
1045 return ((int)n);
1094 1046
1095 if ((s->s3->tmp.message_type == SSL3_MT_SERVER_KEY_EXCHANGE) || 1047 if ((s->s3->tmp.message_type == SSL3_MT_SERVER_KEY_EXCHANGE) ||
1096 ((s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5) && 1048 ((s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5) &&
1097 (s->s3->tmp.message_type == SSL3_MT_SERVER_DONE))) 1049 (s->s3->tmp.message_type == SSL3_MT_SERVER_DONE))) {
1098 { 1050 s->s3->tmp.reuse_message = 1;
1099 s->s3->tmp.reuse_message=1; 1051 return (1);
1100 return(1); 1052 }
1101 }
1102 1053
1103 if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE) 1054 if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE) {
1104 { 1055 al = SSL_AD_UNEXPECTED_MESSAGE;
1105 al=SSL_AD_UNEXPECTED_MESSAGE; 1056 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, SSL_R_BAD_MESSAGE_TYPE);
1106 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_BAD_MESSAGE_TYPE);
1107 goto f_err; 1057 goto f_err;
1108 } 1058 }
1109 p=d=(unsigned char *)s->init_msg; 1059 p = d = (unsigned char *)s->init_msg;
1110 1060
1111 if ((sk=sk_X509_new_null()) == NULL) 1061 if ((sk = sk_X509_new_null()) == NULL) {
1112 { 1062 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, ERR_R_MALLOC_FAILURE);
1113 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,ERR_R_MALLOC_FAILURE);
1114 goto err; 1063 goto err;
1115 } 1064 }
1116 1065
1117 n2l3(p,llen); 1066 n2l3(p, llen);
1118 if (llen+3 != n) 1067 if (llen + 3 != n) {
1119 { 1068 al = SSL_AD_DECODE_ERROR;
1120 al=SSL_AD_DECODE_ERROR; 1069 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, SSL_R_LENGTH_MISMATCH);
1121 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_LENGTH_MISMATCH);
1122 goto f_err; 1070 goto f_err;
1123 } 1071 }
1124 for (nc=0; nc<llen; ) 1072 for (nc = 0; nc < llen; ) {
1125 { 1073 n2l3(p, l);
1126 n2l3(p,l); 1074 if ((l + nc + 3) > llen) {
1127 if ((l+nc+3) > llen) 1075 al = SSL_AD_DECODE_ERROR;
1128 { 1076 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, SSL_R_CERT_LENGTH_MISMATCH);
1129 al=SSL_AD_DECODE_ERROR;
1130 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_CERT_LENGTH_MISMATCH);
1131 goto f_err; 1077 goto f_err;
1132 } 1078 }
1133 1079
1134 q=p; 1080 q = p;
1135 x=d2i_X509(NULL,&q,l); 1081 x = d2i_X509(NULL, &q, l);
1136 if (x == NULL) 1082 if (x == NULL) {
1137 { 1083 al = SSL_AD_BAD_CERTIFICATE;
1138 al=SSL_AD_BAD_CERTIFICATE; 1084 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, ERR_R_ASN1_LIB);
1139 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,ERR_R_ASN1_LIB);
1140 goto f_err; 1085 goto f_err;
1141 } 1086 }
1142 if (q != (p+l)) 1087 if (q != (p + l)) {
1143 { 1088 al = SSL_AD_DECODE_ERROR;
1144 al=SSL_AD_DECODE_ERROR; 1089 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, SSL_R_CERT_LENGTH_MISMATCH);
1145 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_CERT_LENGTH_MISMATCH);
1146 goto f_err; 1090 goto f_err;
1147 } 1091 }
1148 if (!sk_X509_push(sk,x)) 1092 if (!sk_X509_push(sk, x)) {
1149 { 1093 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, ERR_R_MALLOC_FAILURE);
1150 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,ERR_R_MALLOC_FAILURE);
1151 goto err; 1094 goto err;
1152 }
1153 x=NULL;
1154 nc+=l+3;
1155 p=q;
1156 } 1095 }
1096 x = NULL;
1097 nc += l + 3;
1098 p = q;
1099 }
1157 1100
1158 i=ssl_verify_cert_chain(s,sk); 1101 i = ssl_verify_cert_chain(s, sk);
1159 if ((s->verify_mode != SSL_VERIFY_NONE) && (i <= 0) 1102 if ((s->verify_mode != SSL_VERIFY_NONE) && (i <= 0)
1160#ifndef OPENSSL_NO_KRB5 1103#ifndef OPENSSL_NO_KRB5
1161 && !((s->s3->tmp.new_cipher->algorithm_mkey & SSL_kKRB5) && 1104 && !((s->s3->tmp.new_cipher->algorithm_mkey & SSL_kKRB5) &&
1162 (s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5)) 1105 (s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5))
1163#endif /* OPENSSL_NO_KRB5 */ 1106#endif /* OPENSSL_NO_KRB5 */
1164 ) 1107 ) {
1165 { 1108 al = ssl_verify_alarm_type(s->verify_result);
1166 al=ssl_verify_alarm_type(s->verify_result); 1109 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, SSL_R_CERTIFICATE_VERIFY_FAILED);
1167 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_CERTIFICATE_VERIFY_FAILED); 1110 goto f_err;
1168 goto f_err; 1111
1169 } 1112 }
1170 ERR_clear_error(); /* but we keep s->verify_result */ 1113 ERR_clear_error(); /* but we keep s->verify_result */
1171 1114
1172 sc=ssl_sess_cert_new(); 1115 sc = ssl_sess_cert_new();
1173 if (sc == NULL) goto err; 1116 if (sc == NULL)
1117 goto err;
1174 1118
1175 if (s->session->sess_cert) ssl_sess_cert_free(s->session->sess_cert); 1119 if (s->session->sess_cert)
1176 s->session->sess_cert=sc; 1120 ssl_sess_cert_free(s->session->sess_cert);
1121 s->session->sess_cert = sc;
1177 1122
1178 sc->cert_chain=sk; 1123 sc->cert_chain = sk;
1179 /* Inconsistency alert: cert_chain does include the peer's 1124 /* Inconsistency alert: cert_chain does include the peer's
1180 * certificate, which we don't include in s3_srvr.c */ 1125 * certificate, which we don't include in s3_srvr.c */
1181 x=sk_X509_value(sk,0); 1126 x = sk_X509_value(sk, 0);
1182 sk=NULL; 1127 sk = NULL;
1183 /* VRS 19990621: possible memory leak; sk=null ==> !sk_pop_free() @end*/ 1128 /* VRS 19990621: possible memory leak; sk=null ==> !sk_pop_free() @end*/
1184 1129
1185 pkey=X509_get_pubkey(x); 1130 pkey = X509_get_pubkey(x);
1186 1131
1187 /* VRS: allow null cert if auth == KRB5 */ 1132 /* VRS: allow null cert if auth == KRB5 */
1188 need_cert = ((s->s3->tmp.new_cipher->algorithm_mkey & SSL_kKRB5) && 1133 need_cert = ((s->s3->tmp.new_cipher->algorithm_mkey & SSL_kKRB5) &&
1189 (s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5)) 1134 (s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5))
1190 ? 0 : 1; 1135 ? 0 : 1;
1191 1136
1192#ifdef KSSL_DEBUG 1137#ifdef KSSL_DEBUG
1193 printf("pkey,x = %p, %p\n", pkey,x); 1138 printf("pkey, x = %p, %p\n", pkey, x);
1194 printf("ssl_cert_type(x,pkey) = %d\n", ssl_cert_type(x,pkey)); 1139 printf("ssl_cert_type(x, pkey) = %d\n", ssl_cert_type(x, pkey));
1195 printf("cipher, alg, nc = %s, %lx, %lx, %d\n", s->s3->tmp.new_cipher->name, 1140 printf("cipher, alg, nc = %s, %lx, %lx, %d\n", s->s3->tmp.new_cipher->name,
1196 s->s3->tmp.new_cipher->algorithm_mkey, s->s3->tmp.new_cipher->algorithm_auth, need_cert); 1141 s->s3->tmp.new_cipher->algorithm_mkey, s->s3->tmp.new_cipher->algorithm_auth, need_cert);
1197#endif /* KSSL_DEBUG */ 1142#endif /* KSSL_DEBUG */
1198 1143
1199 if (need_cert && ((pkey == NULL) || EVP_PKEY_missing_parameters(pkey))) 1144 if (need_cert && ((pkey == NULL) || EVP_PKEY_missing_parameters(pkey))) {
1200 { 1145 x = NULL;
1201 x=NULL; 1146 al = SSL3_AL_FATAL;
1202 al=SSL3_AL_FATAL;
1203 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, 1147 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,
1204 SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS); 1148 SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS);
1205 goto f_err; 1149 goto f_err;
1206 } 1150 }
1207 1151
1208 i=ssl_cert_type(x,pkey); 1152 i = ssl_cert_type(x, pkey);
1209 if (need_cert && i < 0) 1153 if (need_cert && i < 0) {
1210 { 1154 x = NULL;
1211 x=NULL; 1155 al = SSL3_AL_FATAL;
1212 al=SSL3_AL_FATAL;
1213 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, 1156 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,
1214 SSL_R_UNKNOWN_CERTIFICATE_TYPE); 1157 SSL_R_UNKNOWN_CERTIFICATE_TYPE);
1215 goto f_err; 1158 goto f_err;
1216 } 1159 }
1217 1160
1218 if (need_cert) 1161 if (need_cert) {
1219 { 1162 sc->peer_cert_type = i;
1220 sc->peer_cert_type=i; 1163 CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
1221 CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509);
1222 /* Why would the following ever happen? 1164 /* Why would the following ever happen?
1223 * We just created sc a couple of lines ago. */ 1165 * We just created sc a couple of lines ago. */
1224 if (sc->peer_pkeys[i].x509 != NULL) 1166 if (sc->peer_pkeys[i].x509 != NULL)
1225 X509_free(sc->peer_pkeys[i].x509); 1167 X509_free(sc->peer_pkeys[i].x509);
1226 sc->peer_pkeys[i].x509=x; 1168 sc->peer_pkeys[i].x509 = x;
1227 sc->peer_key= &(sc->peer_pkeys[i]); 1169 sc->peer_key = &(sc->peer_pkeys[i]);
1228 1170
1229 if (s->session->peer != NULL) 1171 if (s->session->peer != NULL)
1230 X509_free(s->session->peer); 1172 X509_free(s->session->peer);
1231 CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509); 1173 CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
1232 s->session->peer=x; 1174 s->session->peer = x;
1233 } 1175 } else {
1234 else 1176 sc->peer_cert_type = i;
1235 { 1177 sc->peer_key = NULL;
1236 sc->peer_cert_type=i;
1237 sc->peer_key= NULL;
1238 1178
1239 if (s->session->peer != NULL) 1179 if (s->session->peer != NULL)
1240 X509_free(s->session->peer); 1180 X509_free(s->session->peer);
1241 s->session->peer=NULL; 1181 s->session->peer = NULL;
1242 } 1182 }
1243 s->session->verify_result = s->verify_result; 1183 s->session->verify_result = s->verify_result;
1244 1184
1245 x=NULL; 1185 x = NULL;
1246 ret=1; 1186 ret = 1;
1247 1187
1248 if (0) 1188 if (0) {
1249 {
1250f_err: 1189f_err:
1251 ssl3_send_alert(s,SSL3_AL_FATAL,al); 1190 ssl3_send_alert(s, SSL3_AL_FATAL, al);
1252 } 1191 }
1253err: 1192err:
1254 EVP_PKEY_free(pkey); 1193 EVP_PKEY_free(pkey);
1255 X509_free(x); 1194 X509_free(x);
1256 sk_X509_pop_free(sk,X509_free); 1195 sk_X509_pop_free(sk, X509_free);
1257 return(ret); 1196 return (ret);
1258 } 1197}
1259 1198
1260int ssl3_get_key_exchange(SSL *s) 1199int
1261 { 1200ssl3_get_key_exchange(SSL *s)
1201{
1262#ifndef OPENSSL_NO_RSA 1202#ifndef OPENSSL_NO_RSA
1263 unsigned char *q,md_buf[EVP_MAX_MD_SIZE*2]; 1203 unsigned char *q, md_buf[EVP_MAX_MD_SIZE*2];
1264#endif 1204#endif
1265 EVP_MD_CTX md_ctx; 1205 EVP_MD_CTX md_ctx;
1266 unsigned char *param,*p; 1206 unsigned char *param, *p;
1267 int al,i,j,param_len,ok; 1207 int al, i, j, param_len, ok;
1268 long n,alg_k,alg_a; 1208 long n, alg_k, alg_a;
1269 EVP_PKEY *pkey=NULL; 1209 EVP_PKEY *pkey = NULL;
1270 const EVP_MD *md = NULL; 1210 const EVP_MD *md = NULL;
1271#ifndef OPENSSL_NO_RSA 1211#ifndef OPENSSL_NO_RSA
1272 RSA *rsa=NULL; 1212 RSA *rsa = NULL;
1273#endif 1213#endif
1274#ifndef OPENSSL_NO_DH 1214#ifndef OPENSSL_NO_DH
1275 DH *dh=NULL; 1215 DH *dh = NULL;
1276#endif 1216#endif
1277#ifndef OPENSSL_NO_ECDH 1217#ifndef OPENSSL_NO_ECDH
1278 EC_KEY *ecdh = NULL; 1218 EC_KEY *ecdh = NULL;
@@ -1284,336 +1224,291 @@ int ssl3_get_key_exchange(SSL *s)
1284 1224
1285 /* use same message size as in ssl3_get_certificate_request() 1225 /* use same message size as in ssl3_get_certificate_request()
1286 * as ServerKeyExchange message may be skipped */ 1226 * as ServerKeyExchange message may be skipped */
1287 n=s->method->ssl_get_message(s, 1227 n = s->method->ssl_get_message(s, SSL3_ST_CR_KEY_EXCH_A,
1288 SSL3_ST_CR_KEY_EXCH_A, 1228 SSL3_ST_CR_KEY_EXCH_B, -1, s->max_cert_list, &ok);
1289 SSL3_ST_CR_KEY_EXCH_B, 1229 if (!ok)
1290 -1, 1230 return ((int)n);
1291 s->max_cert_list, 1231
1292 &ok); 1232 if (s->s3->tmp.message_type != SSL3_MT_SERVER_KEY_EXCHANGE) {
1293 if (!ok) return((int)n);
1294
1295 if (s->s3->tmp.message_type != SSL3_MT_SERVER_KEY_EXCHANGE)
1296 {
1297#ifndef OPENSSL_NO_PSK 1233#ifndef OPENSSL_NO_PSK
1298 /* In plain PSK ciphersuite, ServerKeyExchange can be 1234 /* In plain PSK ciphersuite, ServerKeyExchange can be
1299 omitted if no identity hint is sent. Set 1235 omitted if no identity hint is sent. Set
1300 session->sess_cert anyway to avoid problems 1236 session->sess_cert anyway to avoid problems
1301 later.*/ 1237 later.*/
1302 if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK) 1238 if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK) {
1303 { 1239 s->session->sess_cert = ssl_sess_cert_new();
1304 s->session->sess_cert=ssl_sess_cert_new();
1305 if (s->ctx->psk_identity_hint) 1240 if (s->ctx->psk_identity_hint)
1306 OPENSSL_free(s->ctx->psk_identity_hint); 1241 OPENSSL_free(s->ctx->psk_identity_hint);
1307 s->ctx->psk_identity_hint = NULL; 1242 s->ctx->psk_identity_hint = NULL;
1308 }
1309#endif
1310 s->s3->tmp.reuse_message=1;
1311 return(1);
1312 } 1243 }
1244#endif
1245 s->s3->tmp.reuse_message = 1;
1246 return (1);
1247 }
1313 1248
1314 param=p=(unsigned char *)s->init_msg; 1249 param = p = (unsigned char *)s->init_msg;
1315 if (s->session->sess_cert != NULL) 1250 if (s->session->sess_cert != NULL) {
1316 {
1317#ifndef OPENSSL_NO_RSA 1251#ifndef OPENSSL_NO_RSA
1318 if (s->session->sess_cert->peer_rsa_tmp != NULL) 1252 if (s->session->sess_cert->peer_rsa_tmp != NULL) {
1319 {
1320 RSA_free(s->session->sess_cert->peer_rsa_tmp); 1253 RSA_free(s->session->sess_cert->peer_rsa_tmp);
1321 s->session->sess_cert->peer_rsa_tmp=NULL; 1254 s->session->sess_cert->peer_rsa_tmp = NULL;
1322 } 1255 }
1323#endif 1256#endif
1324#ifndef OPENSSL_NO_DH 1257#ifndef OPENSSL_NO_DH
1325 if (s->session->sess_cert->peer_dh_tmp) 1258 if (s->session->sess_cert->peer_dh_tmp) {
1326 {
1327 DH_free(s->session->sess_cert->peer_dh_tmp); 1259 DH_free(s->session->sess_cert->peer_dh_tmp);
1328 s->session->sess_cert->peer_dh_tmp=NULL; 1260 s->session->sess_cert->peer_dh_tmp = NULL;
1329 } 1261 }
1330#endif 1262#endif
1331#ifndef OPENSSL_NO_ECDH 1263#ifndef OPENSSL_NO_ECDH
1332 if (s->session->sess_cert->peer_ecdh_tmp) 1264 if (s->session->sess_cert->peer_ecdh_tmp) {
1333 {
1334 EC_KEY_free(s->session->sess_cert->peer_ecdh_tmp); 1265 EC_KEY_free(s->session->sess_cert->peer_ecdh_tmp);
1335 s->session->sess_cert->peer_ecdh_tmp=NULL; 1266 s->session->sess_cert->peer_ecdh_tmp = NULL;
1336 }
1337#endif
1338 }
1339 else
1340 {
1341 s->session->sess_cert=ssl_sess_cert_new();
1342 } 1267 }
1268#endif
1269 } else {
1270 s->session->sess_cert = ssl_sess_cert_new();
1271 }
1343 1272
1344 param_len=0; 1273 param_len = 0;
1345 alg_k=s->s3->tmp.new_cipher->algorithm_mkey; 1274 alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
1346 alg_a=s->s3->tmp.new_cipher->algorithm_auth; 1275 alg_a = s->s3->tmp.new_cipher->algorithm_auth;
1347 EVP_MD_CTX_init(&md_ctx); 1276 EVP_MD_CTX_init(&md_ctx);
1348 1277
1349#ifndef OPENSSL_NO_PSK 1278#ifndef OPENSSL_NO_PSK
1350 if (alg_k & SSL_kPSK) 1279 if (alg_k & SSL_kPSK) {
1351 { 1280 char tmp_id_hint[PSK_MAX_IDENTITY_LEN + 1];
1352 char tmp_id_hint[PSK_MAX_IDENTITY_LEN+1];
1353 1281
1354 al=SSL_AD_HANDSHAKE_FAILURE; 1282 al = SSL_AD_HANDSHAKE_FAILURE;
1355 n2s(p,i); 1283 n2s(p, i);
1356 param_len=i+2; 1284 param_len = i + 2;
1357 /* Store PSK identity hint for later use, hint is used 1285 /* Store PSK identity hint for later use, hint is used
1358 * in ssl3_send_client_key_exchange. Assume that the 1286 * in ssl3_send_client_key_exchange. Assume that the
1359 * maximum length of a PSK identity hint can be as 1287 * maximum length of a PSK identity hint can be as
1360 * long as the maximum length of a PSK identity. */ 1288 * long as the maximum length of a PSK identity. */
1361 if (i > PSK_MAX_IDENTITY_LEN) 1289 if (i > PSK_MAX_IDENTITY_LEN) {
1362 {
1363 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, 1290 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1364 SSL_R_DATA_LENGTH_TOO_LONG); 1291 SSL_R_DATA_LENGTH_TOO_LONG);
1365 goto f_err; 1292 goto f_err;
1366 } 1293 }
1367 if (param_len > n) 1294 if (param_len > n) {
1368 { 1295 al = SSL_AD_DECODE_ERROR;
1369 al=SSL_AD_DECODE_ERROR;
1370 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, 1296 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1371 SSL_R_BAD_PSK_IDENTITY_HINT_LENGTH); 1297 SSL_R_BAD_PSK_IDENTITY_HINT_LENGTH);
1372 goto f_err; 1298 goto f_err;
1373 } 1299 }
1374 /* If received PSK identity hint contains NULL 1300 /* If received PSK identity hint contains NULL
1375 * characters, the hint is truncated from the first 1301 * characters, the hint is truncated from the first
1376 * NULL. p may not be ending with NULL, so create a 1302 * NULL. p may not be ending with NULL, so create a
1377 * NULL-terminated string. */ 1303 * NULL-terminated string. */
1378 memcpy(tmp_id_hint, p, i); 1304 memcpy(tmp_id_hint, p, i);
1379 memset(tmp_id_hint+i, 0, PSK_MAX_IDENTITY_LEN+1-i); 1305 memset(tmp_id_hint + i, 0, PSK_MAX_IDENTITY_LEN + 1 - i);
1380 if (s->ctx->psk_identity_hint != NULL) 1306 if (s->ctx->psk_identity_hint != NULL)
1381 OPENSSL_free(s->ctx->psk_identity_hint); 1307 OPENSSL_free(s->ctx->psk_identity_hint);
1382 s->ctx->psk_identity_hint = BUF_strdup(tmp_id_hint); 1308 s->ctx->psk_identity_hint = BUF_strdup(tmp_id_hint);
1383 if (s->ctx->psk_identity_hint == NULL) 1309 if (s->ctx->psk_identity_hint == NULL) {
1384 {
1385 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE); 1310 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
1386 goto f_err; 1311 goto f_err;
1387 }
1388
1389 p+=i;
1390 n-=param_len;
1391 } 1312 }
1392 else 1313
1314 p += i;
1315 n -= param_len;
1316 } else
1393#endif /* !OPENSSL_NO_PSK */ 1317#endif /* !OPENSSL_NO_PSK */
1394#ifndef OPENSSL_NO_SRP 1318#ifndef OPENSSL_NO_SRP
1395 if (alg_k & SSL_kSRP) 1319 if (alg_k & SSL_kSRP) {
1396 { 1320 n2s(p, i);
1397 n2s(p,i); 1321 param_len = i + 2;
1398 param_len=i+2; 1322 if (param_len > n) {
1399 if (param_len > n) 1323 al = SSL_AD_DECODE_ERROR;
1400 { 1324 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_SRP_N_LENGTH);
1401 al=SSL_AD_DECODE_ERROR;
1402 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_SRP_N_LENGTH);
1403 goto f_err; 1325 goto f_err;
1404 } 1326 }
1405 if (!(s->srp_ctx.N=BN_bin2bn(p,i,NULL))) 1327 if (!(s->srp_ctx.N = BN_bin2bn(p, i, NULL))) {
1406 { 1328 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_BN_LIB);
1407 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB);
1408 goto err; 1329 goto err;
1409 } 1330 }
1410 p+=i; 1331 p += i;
1411 1332
1412 n2s(p,i); 1333 n2s(p, i);
1413 param_len+=i+2; 1334 param_len += i + 2;
1414 if (param_len > n) 1335 if (param_len > n) {
1415 { 1336 al = SSL_AD_DECODE_ERROR;
1416 al=SSL_AD_DECODE_ERROR; 1337 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_SRP_G_LENGTH);
1417 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_SRP_G_LENGTH);
1418 goto f_err; 1338 goto f_err;
1419 } 1339 }
1420 if (!(s->srp_ctx.g=BN_bin2bn(p,i,NULL))) 1340 if (!(s->srp_ctx.g = BN_bin2bn(p, i, NULL))) {
1421 { 1341 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_BN_LIB);
1422 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB);
1423 goto err; 1342 goto err;
1424 } 1343 }
1425 p+=i; 1344 p += i;
1426 1345
1427 i = (unsigned int)(p[0]); 1346 i = (unsigned int)(p[0]);
1428 p++; 1347 p++;
1429 param_len+=i+1; 1348 param_len += i + 1;
1430 if (param_len > n) 1349 if (param_len > n) {
1431 { 1350 al = SSL_AD_DECODE_ERROR;
1432 al=SSL_AD_DECODE_ERROR; 1351 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_SRP_S_LENGTH);
1433 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_SRP_S_LENGTH);
1434 goto f_err; 1352 goto f_err;
1435 } 1353 }
1436 if (!(s->srp_ctx.s=BN_bin2bn(p,i,NULL))) 1354 if (!(s->srp_ctx.s = BN_bin2bn(p, i, NULL))) {
1437 { 1355 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_BN_LIB);
1438 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB);
1439 goto err; 1356 goto err;
1440 } 1357 }
1441 p+=i; 1358 p += i;
1442 1359
1443 n2s(p,i); 1360 n2s(p, i);
1444 param_len+=i+2; 1361 param_len += i + 2;
1445 if (param_len > n) 1362 if (param_len > n) {
1446 { 1363 al = SSL_AD_DECODE_ERROR;
1447 al=SSL_AD_DECODE_ERROR; 1364 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_SRP_B_LENGTH);
1448 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_SRP_B_LENGTH);
1449 goto f_err; 1365 goto f_err;
1450 } 1366 }
1451 if (!(s->srp_ctx.B=BN_bin2bn(p,i,NULL))) 1367 if (!(s->srp_ctx.B = BN_bin2bn(p, i, NULL))) {
1452 { 1368 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_BN_LIB);
1453 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB);
1454 goto err; 1369 goto err;
1455 } 1370 }
1456 p+=i; 1371 p += i;
1457 n-=param_len; 1372 n -= param_len;
1458 1373
1459/* We must check if there is a certificate */ 1374/* We must check if there is a certificate */
1460#ifndef OPENSSL_NO_RSA 1375#ifndef OPENSSL_NO_RSA
1461 if (alg_a & SSL_aRSA) 1376 if (alg_a & SSL_aRSA)
1462 pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509); 1377 pkey = X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
1463#else 1378#else
1464 if (0) 1379 if (0)
1465 ; 1380;
1466#endif 1381#endif
1467#ifndef OPENSSL_NO_DSA 1382#ifndef OPENSSL_NO_DSA
1468 else if (alg_a & SSL_aDSS) 1383 else if (alg_a & SSL_aDSS)
1469 pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_DSA_SIGN].x509); 1384 pkey = X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_DSA_SIGN].x509);
1470#endif 1385#endif
1471 } 1386 } else
1472 else
1473#endif /* !OPENSSL_NO_SRP */ 1387#endif /* !OPENSSL_NO_SRP */
1474#ifndef OPENSSL_NO_RSA 1388#ifndef OPENSSL_NO_RSA
1475 if (alg_k & SSL_kRSA) 1389 if (alg_k & SSL_kRSA) {
1476 { 1390 if ((rsa = RSA_new()) == NULL) {
1477 if ((rsa=RSA_new()) == NULL) 1391 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
1478 {
1479 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
1480 goto err; 1392 goto err;
1481 } 1393 }
1482 n2s(p,i); 1394 n2s(p, i);
1483 param_len=i+2; 1395 param_len = i + 2;
1484 if (param_len > n) 1396 if (param_len > n) {
1485 { 1397 al = SSL_AD_DECODE_ERROR;
1486 al=SSL_AD_DECODE_ERROR; 1398 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_RSA_MODULUS_LENGTH);
1487 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_RSA_MODULUS_LENGTH);
1488 goto f_err; 1399 goto f_err;
1489 } 1400 }
1490 if (!(rsa->n=BN_bin2bn(p,i,rsa->n))) 1401 if (!(rsa->n = BN_bin2bn(p, i, rsa->n))) {
1491 { 1402 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_BN_LIB);
1492 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB);
1493 goto err; 1403 goto err;
1494 } 1404 }
1495 p+=i; 1405 p += i;
1496 1406
1497 n2s(p,i); 1407 n2s(p, i);
1498 param_len+=i+2; 1408 param_len += i + 2;
1499 if (param_len > n) 1409 if (param_len > n) {
1500 { 1410 al = SSL_AD_DECODE_ERROR;
1501 al=SSL_AD_DECODE_ERROR; 1411 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_RSA_E_LENGTH);
1502 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_RSA_E_LENGTH);
1503 goto f_err; 1412 goto f_err;
1504 } 1413 }
1505 if (!(rsa->e=BN_bin2bn(p,i,rsa->e))) 1414 if (!(rsa->e = BN_bin2bn(p, i, rsa->e))) {
1506 { 1415 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_BN_LIB);
1507 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB);
1508 goto err; 1416 goto err;
1509 } 1417 }
1510 p+=i; 1418 p += i;
1511 n-=param_len; 1419 n -= param_len;
1512 1420
1513 /* this should be because we are using an export cipher */ 1421 /* this should be because we are using an export cipher */
1514 if (alg_a & SSL_aRSA) 1422 if (alg_a & SSL_aRSA)
1515 pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509); 1423 pkey = X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
1516 else 1424 else {
1517 { 1425 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
1518 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
1519 goto err; 1426 goto err;
1520 }
1521 s->session->sess_cert->peer_rsa_tmp=rsa;
1522 rsa=NULL;
1523 } 1427 }
1428 s->session->sess_cert->peer_rsa_tmp = rsa;
1429 rsa = NULL;
1430 }
1524#else /* OPENSSL_NO_RSA */ 1431#else /* OPENSSL_NO_RSA */
1525 if (0) 1432 if (0)
1526 ; 1433;
1527#endif 1434#endif
1528#ifndef OPENSSL_NO_DH 1435#ifndef OPENSSL_NO_DH
1529 else if (alg_k & SSL_kEDH) 1436 else if (alg_k & SSL_kEDH) {
1530 { 1437 if ((dh = DH_new()) == NULL) {
1531 if ((dh=DH_new()) == NULL) 1438 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_DH_LIB);
1532 {
1533 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_DH_LIB);
1534 goto err; 1439 goto err;
1535 } 1440 }
1536 n2s(p,i); 1441 n2s(p, i);
1537 param_len=i+2; 1442 param_len = i + 2;
1538 if (param_len > n) 1443 if (param_len > n) {
1539 { 1444 al = SSL_AD_DECODE_ERROR;
1540 al=SSL_AD_DECODE_ERROR; 1445 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_DH_P_LENGTH);
1541 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_DH_P_LENGTH);
1542 goto f_err; 1446 goto f_err;
1543 } 1447 }
1544 if (!(dh->p=BN_bin2bn(p,i,NULL))) 1448 if (!(dh->p = BN_bin2bn(p, i, NULL))) {
1545 { 1449 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_BN_LIB);
1546 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB);
1547 goto err; 1450 goto err;
1548 } 1451 }
1549 p+=i; 1452 p += i;
1550 1453
1551 n2s(p,i); 1454 n2s(p, i);
1552 param_len+=i+2; 1455 param_len += i + 2;
1553 if (param_len > n) 1456 if (param_len > n) {
1554 { 1457 al = SSL_AD_DECODE_ERROR;
1555 al=SSL_AD_DECODE_ERROR; 1458 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_DH_G_LENGTH);
1556 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_DH_G_LENGTH);
1557 goto f_err; 1459 goto f_err;
1558 } 1460 }
1559 if (!(dh->g=BN_bin2bn(p,i,NULL))) 1461 if (!(dh->g = BN_bin2bn(p, i, NULL))) {
1560 { 1462 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_BN_LIB);
1561 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB);
1562 goto err; 1463 goto err;
1563 } 1464 }
1564 p+=i; 1465 p += i;
1565 1466
1566 n2s(p,i); 1467 n2s(p, i);
1567 param_len+=i+2; 1468 param_len += i + 2;
1568 if (param_len > n) 1469 if (param_len > n) {
1569 { 1470 al = SSL_AD_DECODE_ERROR;
1570 al=SSL_AD_DECODE_ERROR; 1471 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_DH_PUB_KEY_LENGTH);
1571 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_DH_PUB_KEY_LENGTH);
1572 goto f_err; 1472 goto f_err;
1573 } 1473 }
1574 if (!(dh->pub_key=BN_bin2bn(p,i,NULL))) 1474 if (!(dh->pub_key = BN_bin2bn(p, i, NULL))) {
1575 { 1475 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_BN_LIB);
1576 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB);
1577 goto err; 1476 goto err;
1578 } 1477 }
1579 p+=i; 1478 p += i;
1580 n-=param_len; 1479 n -= param_len;
1581 1480
1582#ifndef OPENSSL_NO_RSA 1481#ifndef OPENSSL_NO_RSA
1583 if (alg_a & SSL_aRSA) 1482 if (alg_a & SSL_aRSA)
1584 pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509); 1483 pkey = X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
1585#else 1484#else
1586 if (0) 1485 if (0)
1587 ; 1486;
1588#endif 1487#endif
1589#ifndef OPENSSL_NO_DSA 1488#ifndef OPENSSL_NO_DSA
1590 else if (alg_a & SSL_aDSS) 1489 else if (alg_a & SSL_aDSS)
1591 pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_DSA_SIGN].x509); 1490 pkey = X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_DSA_SIGN].x509);
1592#endif 1491#endif
1593 /* else anonymous DH, so no certificate or pkey. */ 1492 /* else anonymous DH, so no certificate or pkey. */
1594 1493
1595 s->session->sess_cert->peer_dh_tmp=dh; 1494 s->session->sess_cert->peer_dh_tmp = dh;
1596 dh=NULL; 1495 dh = NULL;
1597 } 1496 } else if ((alg_k & SSL_kDHr) || (alg_k & SSL_kDHd)) {
1598 else if ((alg_k & SSL_kDHr) || (alg_k & SSL_kDHd)) 1497 al = SSL_AD_ILLEGAL_PARAMETER;
1599 { 1498 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER);
1600 al=SSL_AD_ILLEGAL_PARAMETER;
1601 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER);
1602 goto f_err; 1499 goto f_err;
1603 } 1500 }
1604#endif /* !OPENSSL_NO_DH */ 1501#endif /* !OPENSSL_NO_DH */
1605 1502
1606#ifndef OPENSSL_NO_ECDH 1503#ifndef OPENSSL_NO_ECDH
1607 else if (alg_k & SSL_kEECDH) 1504 else if (alg_k & SSL_kEECDH) {
1608 {
1609 EC_GROUP *ngroup; 1505 EC_GROUP *ngroup;
1610 const EC_GROUP *group; 1506 const EC_GROUP *group;
1611 1507
1612 if ((ecdh=EC_KEY_new()) == NULL) 1508 if ((ecdh = EC_KEY_new()) == NULL) {
1613 { 1509 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
1614 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
1615 goto err; 1510 goto err;
1616 } 1511 }
1617 1512
1618 /* Extract elliptic curve parameters and the 1513 /* Extract elliptic curve parameters and the
1619 * server's ephemeral ECDH public key. 1514 * server's ephemeral ECDH public key.
@@ -1624,217 +1519,194 @@ int ssl3_get_key_exchange(SSL *s)
1624 /* XXX: For now we only support named (not generic) curves 1519 /* XXX: For now we only support named (not generic) curves
1625 * and the ECParameters in this case is just three bytes. 1520 * and the ECParameters in this case is just three bytes.
1626 */ 1521 */
1627 param_len=3; 1522 param_len = 3;
1628 if ((param_len > n) || 1523 if ((param_len > n) ||
1629 (*p != NAMED_CURVE_TYPE) || 1524 (*p != NAMED_CURVE_TYPE) ||
1630 ((curve_nid = tls1_ec_curve_id2nid(*(p + 2))) == 0)) 1525 ((curve_nid = tls1_ec_curve_id2nid(*(p + 2))) == 0)) {
1631 { 1526 al = SSL_AD_INTERNAL_ERROR;
1632 al=SSL_AD_INTERNAL_ERROR; 1527 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS);
1633 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS);
1634 goto f_err; 1528 goto f_err;
1635 } 1529 }
1636 1530
1637 ngroup = EC_GROUP_new_by_curve_name(curve_nid); 1531 ngroup = EC_GROUP_new_by_curve_name(curve_nid);
1638 if (ngroup == NULL) 1532 if (ngroup == NULL) {
1639 { 1533 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_EC_LIB);
1640 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_EC_LIB);
1641 goto err; 1534 goto err;
1642 } 1535 }
1643 if (EC_KEY_set_group(ecdh, ngroup) == 0) 1536 if (EC_KEY_set_group(ecdh, ngroup) == 0) {
1644 { 1537 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_EC_LIB);
1645 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_EC_LIB);
1646 goto err; 1538 goto err;
1647 } 1539 }
1648 EC_GROUP_free(ngroup); 1540 EC_GROUP_free(ngroup);
1649 1541
1650 group = EC_KEY_get0_group(ecdh); 1542 group = EC_KEY_get0_group(ecdh);
1651 1543
1652 if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && 1544 if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) &&
1653 (EC_GROUP_get_degree(group) > 163)) 1545 (EC_GROUP_get_degree(group) > 163)) {
1654 { 1546 al = SSL_AD_EXPORT_RESTRICTION;
1655 al=SSL_AD_EXPORT_RESTRICTION; 1547 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER);
1656 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER);
1657 goto f_err; 1548 goto f_err;
1658 } 1549 }
1659 1550
1660 p+=3; 1551 p += 3;
1661 1552
1662 /* Next, get the encoded ECPoint */ 1553 /* Next, get the encoded ECPoint */
1663 if (((srvr_ecpoint = EC_POINT_new(group)) == NULL) || 1554 if (((srvr_ecpoint = EC_POINT_new(group)) == NULL) ||
1664 ((bn_ctx = BN_CTX_new()) == NULL)) 1555 ((bn_ctx = BN_CTX_new()) == NULL)) {
1665 { 1556 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
1666 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
1667 goto err; 1557 goto err;
1668 } 1558 }
1669 1559
1670 encoded_pt_len = *p; /* length of encoded point */ 1560 encoded_pt_len = *p;
1671 p+=1; 1561 /* length of encoded point */
1562 p += 1;
1672 param_len += (1 + encoded_pt_len); 1563 param_len += (1 + encoded_pt_len);
1673 if ((param_len > n) || 1564 if ((param_len > n) ||
1674 (EC_POINT_oct2point(group, srvr_ecpoint, 1565 (EC_POINT_oct2point(group, srvr_ecpoint,
1675 p, encoded_pt_len, bn_ctx) == 0)) 1566 p, encoded_pt_len, bn_ctx) == 0)) {
1676 { 1567 al = SSL_AD_DECODE_ERROR;
1677 al=SSL_AD_DECODE_ERROR; 1568 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_ECPOINT);
1678 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_ECPOINT);
1679 goto f_err; 1569 goto f_err;
1680 } 1570 }
1681 1571
1682 n-=param_len; 1572 n -= param_len;
1683 p+=encoded_pt_len; 1573 p += encoded_pt_len;
1684 1574
1685 /* The ECC/TLS specification does not mention 1575 /* The ECC/TLS specification does not mention
1686 * the use of DSA to sign ECParameters in the server 1576 * the use of DSA to sign ECParameters in the server
1687 * key exchange message. We do support RSA and ECDSA. 1577 * key exchange message. We do support RSA and ECDSA.
1688 */ 1578 */
1689 if (0) ; 1579 if (0);
1690#ifndef OPENSSL_NO_RSA 1580#ifndef OPENSSL_NO_RSA
1691 else if (alg_a & SSL_aRSA) 1581 else if (alg_a & SSL_aRSA)
1692 pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509); 1582 pkey = X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
1693#endif 1583#endif
1694#ifndef OPENSSL_NO_ECDSA 1584#ifndef OPENSSL_NO_ECDSA
1695 else if (alg_a & SSL_aECDSA) 1585 else if (alg_a & SSL_aECDSA)
1696 pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_ECC].x509); 1586 pkey = X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_ECC].x509);
1697#endif 1587#endif
1698 /* else anonymous ECDH, so no certificate or pkey. */ 1588 /* else anonymous ECDH, so no certificate or pkey. */
1699 EC_KEY_set_public_key(ecdh, srvr_ecpoint); 1589 EC_KEY_set_public_key(ecdh, srvr_ecpoint);
1700 s->session->sess_cert->peer_ecdh_tmp=ecdh; 1590 s->session->sess_cert->peer_ecdh_tmp = ecdh;
1701 ecdh=NULL; 1591 ecdh = NULL;
1702 BN_CTX_free(bn_ctx); 1592 BN_CTX_free(bn_ctx);
1703 bn_ctx = NULL; 1593 bn_ctx = NULL;
1704 EC_POINT_free(srvr_ecpoint); 1594 EC_POINT_free(srvr_ecpoint);
1705 srvr_ecpoint = NULL; 1595 srvr_ecpoint = NULL;
1706 } 1596 } else if (alg_k) {
1707 else if (alg_k) 1597 al = SSL_AD_UNEXPECTED_MESSAGE;
1708 { 1598 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_UNEXPECTED_MESSAGE);
1709 al=SSL_AD_UNEXPECTED_MESSAGE;
1710 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE);
1711 goto f_err; 1599 goto f_err;
1712 } 1600 }
1713#endif /* !OPENSSL_NO_ECDH */ 1601#endif /* !OPENSSL_NO_ECDH */
1714 1602
1715 1603
1716 /* p points to the next byte, there are 'n' bytes left */ 1604 /* p points to the next byte, there are 'n' bytes left */
1717 1605
1718 /* if it was signed, check the signature */ 1606 /* if it was signed, check the signature */
1719 if (pkey != NULL) 1607 if (pkey != NULL) {
1720 { 1608 if (TLS1_get_version(s) >= TLS1_2_VERSION) {
1721 if (TLS1_get_version(s) >= TLS1_2_VERSION)
1722 {
1723 int sigalg = tls12_get_sigid(pkey); 1609 int sigalg = tls12_get_sigid(pkey);
1724 /* Should never happen */ 1610 /* Should never happen */
1725 if (sigalg == -1) 1611 if (sigalg == -1) {
1726 { 1612 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
1727 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
1728 goto err; 1613 goto err;
1729 } 1614 }
1730 /* Check key type is consistent with signature */ 1615 /* Check key type is consistent with signature */
1731 if (sigalg != (int)p[1]) 1616 if (sigalg != (int)p[1]) {
1732 { 1617 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_WRONG_SIGNATURE_TYPE);
1733 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_WRONG_SIGNATURE_TYPE); 1618 al = SSL_AD_DECODE_ERROR;
1734 al=SSL_AD_DECODE_ERROR;
1735 goto f_err; 1619 goto f_err;
1736 } 1620 }
1737 md = tls12_get_hash(p[0]); 1621 md = tls12_get_hash(p[0]);
1738 if (md == NULL) 1622 if (md == NULL) {
1739 { 1623 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_UNKNOWN_DIGEST);
1740 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_UNKNOWN_DIGEST); 1624 al = SSL_AD_DECODE_ERROR;
1741 al=SSL_AD_DECODE_ERROR;
1742 goto f_err; 1625 goto f_err;
1743 } 1626 }
1744#ifdef SSL_DEBUG 1627#ifdef SSL_DEBUG
1745fprintf(stderr, "USING TLSv1.2 HASH %s\n", EVP_MD_name(md)); 1628 fprintf(stderr, "USING TLSv1.2 HASH %s\n", EVP_MD_name(md));
1746#endif 1629#endif
1747 p += 2; 1630 p += 2;
1748 n -= 2; 1631 n -= 2;
1749 } 1632 } else
1750 else
1751 md = EVP_sha1(); 1633 md = EVP_sha1();
1752
1753 n2s(p,i);
1754 n-=2;
1755 j=EVP_PKEY_size(pkey);
1756 1634
1757 if ((i != n) || (n > j) || (n <= 0)) 1635 n2s(p, i);
1758 { 1636 n -= 2;
1637 j = EVP_PKEY_size(pkey);
1638
1639 if ((i != n) || (n > j) || (n <= 0)) {
1759 /* wrong packet length */ 1640 /* wrong packet length */
1760 al=SSL_AD_DECODE_ERROR; 1641 al = SSL_AD_DECODE_ERROR;
1761 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_WRONG_SIGNATURE_LENGTH); 1642 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_WRONG_SIGNATURE_LENGTH);
1762 goto f_err; 1643 goto f_err;
1763 } 1644 }
1764 1645
1765#ifndef OPENSSL_NO_RSA 1646#ifndef OPENSSL_NO_RSA
1766 if (pkey->type == EVP_PKEY_RSA && TLS1_get_version(s) < TLS1_2_VERSION) 1647 if (pkey->type == EVP_PKEY_RSA && TLS1_get_version(s) < TLS1_2_VERSION) {
1767 {
1768 int num; 1648 int num;
1769 1649
1770 j=0; 1650 j = 0;
1771 q=md_buf; 1651 q = md_buf;
1772 for (num=2; num > 0; num--) 1652 for (num = 2; num > 0; num--) {
1773 {
1774 EVP_MD_CTX_set_flags(&md_ctx, 1653 EVP_MD_CTX_set_flags(&md_ctx,
1775 EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); 1654 EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
1776 EVP_DigestInit_ex(&md_ctx,(num == 2) 1655 EVP_DigestInit_ex(&md_ctx,(num == 2)
1777 ?s->ctx->md5:s->ctx->sha1, NULL); 1656 ?s->ctx->md5 : s->ctx->sha1, NULL);
1778 EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); 1657 EVP_DigestUpdate(&md_ctx, &(s->s3->client_random[0]), SSL3_RANDOM_SIZE);
1779 EVP_DigestUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE); 1658 EVP_DigestUpdate(&md_ctx, &(s->s3->server_random[0]), SSL3_RANDOM_SIZE);
1780 EVP_DigestUpdate(&md_ctx,param,param_len); 1659 EVP_DigestUpdate(&md_ctx, param, param_len);
1781 EVP_DigestFinal_ex(&md_ctx,q,(unsigned int *)&i); 1660 EVP_DigestFinal_ex(&md_ctx, q,(unsigned int *)&i);
1782 q+=i; 1661 q += i;
1783 j+=i; 1662 j += i;
1784 } 1663 }
1785 i=RSA_verify(NID_md5_sha1, md_buf, j, p, n, 1664 i = RSA_verify(NID_md5_sha1, md_buf, j, p, n,
1786 pkey->pkey.rsa); 1665 pkey->pkey.rsa);
1787 if (i < 0) 1666 if (i < 0) {
1788 { 1667 al = SSL_AD_DECRYPT_ERROR;
1789 al=SSL_AD_DECRYPT_ERROR; 1668 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_RSA_DECRYPT);
1790 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_RSA_DECRYPT);
1791 goto f_err; 1669 goto f_err;
1792 } 1670 }
1793 if (i == 0) 1671 if (i == 0) {
1794 {
1795 /* bad signature */ 1672 /* bad signature */
1796 al=SSL_AD_DECRYPT_ERROR; 1673 al = SSL_AD_DECRYPT_ERROR;
1797 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_SIGNATURE); 1674 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_SIGNATURE);
1798 goto f_err; 1675 goto f_err;
1799 }
1800 } 1676 }
1801 else 1677 } else
1802#endif 1678#endif
1803 { 1679 {
1804 EVP_VerifyInit_ex(&md_ctx, md, NULL); 1680 EVP_VerifyInit_ex(&md_ctx, md, NULL);
1805 EVP_VerifyUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); 1681 EVP_VerifyUpdate(&md_ctx, &(s->s3->client_random[0]), SSL3_RANDOM_SIZE);
1806 EVP_VerifyUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE); 1682 EVP_VerifyUpdate(&md_ctx, &(s->s3->server_random[0]), SSL3_RANDOM_SIZE);
1807 EVP_VerifyUpdate(&md_ctx,param,param_len); 1683 EVP_VerifyUpdate(&md_ctx, param, param_len);
1808 if (EVP_VerifyFinal(&md_ctx,p,(int)n,pkey) <= 0) 1684 if (EVP_VerifyFinal(&md_ctx, p,(int)n, pkey) <= 0) {
1809 {
1810 /* bad signature */ 1685 /* bad signature */
1811 al=SSL_AD_DECRYPT_ERROR; 1686 al = SSL_AD_DECRYPT_ERROR;
1812 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_SIGNATURE); 1687 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_SIGNATURE);
1813 goto f_err; 1688 goto f_err;
1814 }
1815 } 1689 }
1816 } 1690 }
1817 else 1691 } else {
1818 {
1819 if (!(alg_a & SSL_aNULL) && !(alg_k & SSL_kPSK)) 1692 if (!(alg_a & SSL_aNULL) && !(alg_k & SSL_kPSK))
1820 /* aNULL or kPSK do not need public keys */ 1693 /* aNULL or kPSK do not need public keys */
1821 { 1694 {
1822 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR); 1695 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
1823 goto err; 1696 goto err;
1824 } 1697 }
1825 /* still data left over */ 1698 /* still data left over */
1826 if (n != 0) 1699 if (n != 0) {
1827 { 1700 al = SSL_AD_DECODE_ERROR;
1828 al=SSL_AD_DECODE_ERROR; 1701 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_EXTRA_DATA_IN_MESSAGE);
1829 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_EXTRA_DATA_IN_MESSAGE);
1830 goto f_err; 1702 goto f_err;
1831 }
1832 } 1703 }
1704 }
1833 EVP_PKEY_free(pkey); 1705 EVP_PKEY_free(pkey);
1834 EVP_MD_CTX_cleanup(&md_ctx); 1706 EVP_MD_CTX_cleanup(&md_ctx);
1835 return(1); 1707 return (1);
1836f_err: 1708f_err:
1837 ssl3_send_alert(s,SSL3_AL_FATAL,al); 1709 ssl3_send_alert(s, SSL3_AL_FATAL, al);
1838err: 1710err:
1839 EVP_PKEY_free(pkey); 1711 EVP_PKEY_free(pkey);
1840#ifndef OPENSSL_NO_RSA 1712#ifndef OPENSSL_NO_RSA
@@ -1852,241 +1724,219 @@ err:
1852 EC_KEY_free(ecdh); 1724 EC_KEY_free(ecdh);
1853#endif 1725#endif
1854 EVP_MD_CTX_cleanup(&md_ctx); 1726 EVP_MD_CTX_cleanup(&md_ctx);
1855 return(-1); 1727 return (-1);
1856 } 1728}
1857 1729
1858int ssl3_get_certificate_request(SSL *s) 1730int
1859 { 1731ssl3_get_certificate_request(SSL *s)
1860 int ok,ret=0; 1732{
1861 unsigned long n,nc,l; 1733 int ok, ret = 0;
1862 unsigned int llen, ctype_num,i; 1734 unsigned long n, nc, l;
1863 X509_NAME *xn=NULL; 1735 unsigned int llen, ctype_num, i;
1864 const unsigned char *p,*q; 1736 X509_NAME *xn = NULL;
1737 const unsigned char *p, *q;
1865 unsigned char *d; 1738 unsigned char *d;
1866 STACK_OF(X509_NAME) *ca_sk=NULL; 1739 STACK_OF(X509_NAME) *ca_sk = NULL;
1867 1740
1868 n=s->method->ssl_get_message(s, 1741 n = s->method->ssl_get_message(s,
1869 SSL3_ST_CR_CERT_REQ_A, 1742 SSL3_ST_CR_CERT_REQ_A,
1870 SSL3_ST_CR_CERT_REQ_B, 1743 SSL3_ST_CR_CERT_REQ_B,
1871 -1, 1744 -1,
1872 s->max_cert_list, 1745 s->max_cert_list,
1873 &ok); 1746 &ok);
1874 1747
1875 if (!ok) return((int)n); 1748 if (!ok)
1749 return ((int)n);
1876 1750
1877 s->s3->tmp.cert_req=0; 1751 s->s3->tmp.cert_req = 0;
1878 1752
1879 if (s->s3->tmp.message_type == SSL3_MT_SERVER_DONE) 1753 if (s->s3->tmp.message_type == SSL3_MT_SERVER_DONE) {
1880 { 1754 s->s3->tmp.reuse_message = 1;
1881 s->s3->tmp.reuse_message=1;
1882 /* If we get here we don't need any cached handshake records 1755 /* If we get here we don't need any cached handshake records
1883 * as we wont be doing client auth. 1756 * as we wont be doing client auth.
1884 */ 1757 */
1885 if (s->s3->handshake_buffer) 1758 if (s->s3->handshake_buffer) {
1886 {
1887 if (!ssl3_digest_cached_records(s)) 1759 if (!ssl3_digest_cached_records(s))
1888 goto err; 1760 goto err;
1889 }
1890 return(1);
1891 } 1761 }
1762 return (1);
1763 }
1892 1764
1893 if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE_REQUEST) 1765 if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE_REQUEST) {
1894 { 1766 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
1895 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE); 1767 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, SSL_R_WRONG_MESSAGE_TYPE);
1896 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_WRONG_MESSAGE_TYPE);
1897 goto err; 1768 goto err;
1898 } 1769 }
1899 1770
1900 /* TLS does not like anon-DH with client cert */ 1771 /* TLS does not like anon-DH with client cert */
1901 if (s->version > SSL3_VERSION) 1772 if (s->version > SSL3_VERSION) {
1902 { 1773 if (s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) {
1903 if (s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) 1774 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
1904 { 1775 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER);
1905 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE);
1906 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER);
1907 goto err; 1776 goto err;
1908 }
1909 } 1777 }
1778 }
1910 1779
1911 p=d=(unsigned char *)s->init_msg; 1780 p = d=(unsigned char *)s->init_msg;
1912 1781
1913 if ((ca_sk=sk_X509_NAME_new(ca_dn_cmp)) == NULL) 1782 if ((ca_sk = sk_X509_NAME_new(ca_dn_cmp)) == NULL) {
1914 { 1783 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, ERR_R_MALLOC_FAILURE);
1915 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,ERR_R_MALLOC_FAILURE);
1916 goto err; 1784 goto err;
1917 } 1785 }
1918 1786
1919 /* get the certificate types */ 1787 /* get the certificate types */
1920 ctype_num= *(p++); 1788 ctype_num= *(p++);
1921 if (ctype_num > SSL3_CT_NUMBER) 1789 if (ctype_num > SSL3_CT_NUMBER)
1922 ctype_num=SSL3_CT_NUMBER; 1790 ctype_num = SSL3_CT_NUMBER;
1923 for (i=0; i<ctype_num; i++) 1791 for (i = 0; i < ctype_num; i++)
1924 s->s3->tmp.ctype[i]= p[i]; 1792 s->s3->tmp.ctype[i] = p[i];
1925 p+=ctype_num; 1793 p += ctype_num;
1926 if (TLS1_get_version(s) >= TLS1_2_VERSION) 1794 if (TLS1_get_version(s) >= TLS1_2_VERSION) {
1927 {
1928 n2s(p, llen); 1795 n2s(p, llen);
1929 /* Check we have enough room for signature algorithms and 1796 /* Check we have enough room for signature algorithms and
1930 * following length value. 1797 * following length value.
1931 */ 1798 */
1932 if ((unsigned long)(p - d + llen + 2) > n) 1799 if ((unsigned long)(p - d + llen + 2) > n) {
1933 { 1800 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
1934 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR); 1801 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, SSL_R_DATA_LENGTH_TOO_LONG);
1935 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_DATA_LENGTH_TOO_LONG);
1936 goto err; 1802 goto err;
1937 } 1803 }
1938 if ((llen & 1) || !tls1_process_sigalgs(s, p, llen)) 1804 if ((llen & 1) || !tls1_process_sigalgs(s, p, llen)) {
1939 { 1805 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
1940 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR); 1806 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, SSL_R_SIGNATURE_ALGORITHMS_ERROR);
1941 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_SIGNATURE_ALGORITHMS_ERROR);
1942 goto err; 1807 goto err;
1943 }
1944 p += llen;
1945 } 1808 }
1809 p += llen;
1810 }
1946 1811
1947 /* get the CA RDNs */ 1812 /* get the CA RDNs */
1948 n2s(p,llen); 1813 n2s(p, llen);
1949#if 0 1814#if 0
1950{ 1815 {
1951FILE *out; 1816 FILE *out;
1952out=fopen("/tmp/vsign.der","w"); 1817 out = fopen("/tmp/vsign.der", "w");
1953fwrite(p,1,llen,out); 1818 fwrite(p, 1, llen, out);
1954fclose(out); 1819 fclose(out);
1955} 1820 }
1956#endif 1821#endif
1957 1822
1958 if ((unsigned long)(p - d + llen) != n) 1823 if ((unsigned long)(p - d + llen) != n) {
1959 { 1824 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
1960 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR); 1825 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, SSL_R_LENGTH_MISMATCH);
1961 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_LENGTH_MISMATCH);
1962 goto err; 1826 goto err;
1963 } 1827 }
1964 1828
1965 for (nc=0; nc<llen; ) 1829 for (nc = 0; nc < llen; ) {
1966 { 1830 n2s(p, l);
1967 n2s(p,l); 1831 if ((l + nc + 2) > llen) {
1968 if ((l+nc+2) > llen)
1969 {
1970 if ((s->options & SSL_OP_NETSCAPE_CA_DN_BUG)) 1832 if ((s->options & SSL_OP_NETSCAPE_CA_DN_BUG))
1971 goto cont; /* netscape bugs */ 1833 goto cont; /* netscape bugs */
1972 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR); 1834 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
1973 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_CA_DN_TOO_LONG); 1835 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, SSL_R_CA_DN_TOO_LONG);
1974 goto err; 1836 goto err;
1975 } 1837 }
1976 1838
1977 q=p; 1839 q = p;
1978 1840
1979 if ((xn=d2i_X509_NAME(NULL,&q,l)) == NULL) 1841 if ((xn = d2i_X509_NAME(NULL, &q, l)) == NULL) {
1980 {
1981 /* If netscape tolerance is on, ignore errors */ 1842 /* If netscape tolerance is on, ignore errors */
1982 if (s->options & SSL_OP_NETSCAPE_CA_DN_BUG) 1843 if (s->options & SSL_OP_NETSCAPE_CA_DN_BUG)
1983 goto cont; 1844 goto cont;
1984 else 1845 else {
1985 { 1846 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
1986 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR); 1847 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, ERR_R_ASN1_LIB);
1987 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,ERR_R_ASN1_LIB);
1988 goto err; 1848 goto err;
1989 }
1990 } 1849 }
1850 }
1991 1851
1992 if (q != (p+l)) 1852 if (q != (p + l)) {
1993 { 1853 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
1994 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR); 1854 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, SSL_R_CA_DN_LENGTH_MISMATCH);
1995 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_CA_DN_LENGTH_MISMATCH);
1996 goto err; 1855 goto err;
1997 } 1856 }
1998 if (!sk_X509_NAME_push(ca_sk,xn)) 1857 if (!sk_X509_NAME_push(ca_sk, xn)) {
1999 { 1858 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, ERR_R_MALLOC_FAILURE);
2000 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,ERR_R_MALLOC_FAILURE);
2001 goto err; 1859 goto err;
2002 }
2003
2004 p+=l;
2005 nc+=l+2;
2006 } 1860 }
2007 1861
2008 if (0) 1862 p += l;
2009 { 1863 nc += l + 2;
1864 }
1865
1866 if (0) {
2010cont: 1867cont:
2011 ERR_clear_error(); 1868 ERR_clear_error();
2012 } 1869 }
2013 1870
2014 /* we should setup a certificate to return.... */ 1871 /* we should setup a certificate to return.... */
2015 s->s3->tmp.cert_req=1; 1872 s->s3->tmp.cert_req = 1;
2016 s->s3->tmp.ctype_num=ctype_num; 1873 s->s3->tmp.ctype_num = ctype_num;
2017 if (s->s3->tmp.ca_names != NULL) 1874 if (s->s3->tmp.ca_names != NULL)
2018 sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free); 1875 sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);
2019 s->s3->tmp.ca_names=ca_sk; 1876 s->s3->tmp.ca_names = ca_sk;
2020 ca_sk=NULL; 1877 ca_sk = NULL;
2021 1878
2022 ret=1; 1879 ret = 1;
2023err: 1880err:
2024 if (ca_sk != NULL) sk_X509_NAME_pop_free(ca_sk,X509_NAME_free); 1881 if (ca_sk != NULL)
2025 return(ret); 1882 sk_X509_NAME_pop_free(ca_sk, X509_NAME_free);
2026 } 1883 return (ret);
1884}
1885
1886static int
1887ca_dn_cmp(const X509_NAME * const *a, const X509_NAME * const *b)
1888{
1889 return (X509_NAME_cmp(*a, *b));
1890}
2027 1891
2028static int ca_dn_cmp(const X509_NAME * const *a, const X509_NAME * const *b)
2029 {
2030 return(X509_NAME_cmp(*a,*b));
2031 }
2032#ifndef OPENSSL_NO_TLSEXT 1892#ifndef OPENSSL_NO_TLSEXT
2033int ssl3_get_new_session_ticket(SSL *s) 1893int
2034 { 1894ssl3_get_new_session_ticket(SSL *s)
2035 int ok,al,ret=0, ticklen; 1895{
1896 int ok, al, ret = 0, ticklen;
2036 long n; 1897 long n;
2037 const unsigned char *p; 1898 const unsigned char *p;
2038 unsigned char *d; 1899 unsigned char *d;
2039 1900
2040 n=s->method->ssl_get_message(s, 1901 n = s->method->ssl_get_message(s, SSL3_ST_CR_SESSION_TICKET_A,
2041 SSL3_ST_CR_SESSION_TICKET_A, 1902 SSL3_ST_CR_SESSION_TICKET_B, -1, 16384, &ok);
2042 SSL3_ST_CR_SESSION_TICKET_B,
2043 -1,
2044 16384,
2045 &ok);
2046
2047 if (!ok) 1903 if (!ok)
2048 return((int)n); 1904 return ((int)n);
2049 1905
2050 if (s->s3->tmp.message_type == SSL3_MT_FINISHED) 1906 if (s->s3->tmp.message_type == SSL3_MT_FINISHED) {
2051 { 1907 s->s3->tmp.reuse_message = 1;
2052 s->s3->tmp.reuse_message=1; 1908 return (1);
2053 return(1); 1909 }
2054 } 1910 if (s->s3->tmp.message_type != SSL3_MT_NEWSESSION_TICKET) {
2055 if (s->s3->tmp.message_type != SSL3_MT_NEWSESSION_TICKET) 1911 al = SSL_AD_UNEXPECTED_MESSAGE;
2056 { 1912 SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET, SSL_R_BAD_MESSAGE_TYPE);
2057 al=SSL_AD_UNEXPECTED_MESSAGE;
2058 SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,SSL_R_BAD_MESSAGE_TYPE);
2059 goto f_err; 1913 goto f_err;
2060 } 1914 }
2061 if (n < 6) 1915 if (n < 6) {
2062 {
2063 /* need at least ticket_lifetime_hint + ticket length */ 1916 /* need at least ticket_lifetime_hint + ticket length */
2064 al = SSL_AD_DECODE_ERROR; 1917 al = SSL_AD_DECODE_ERROR;
2065 SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,SSL_R_LENGTH_MISMATCH); 1918 SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET, SSL_R_LENGTH_MISMATCH);
2066 goto f_err; 1919 goto f_err;
2067 } 1920 }
2068 1921
2069 p=d=(unsigned char *)s->init_msg; 1922 p = d = (unsigned char *)s->init_msg;
2070 n2l(p, s->session->tlsext_tick_lifetime_hint); 1923 n2l(p, s->session->tlsext_tick_lifetime_hint);
2071 n2s(p, ticklen); 1924 n2s(p, ticklen);
2072 /* ticket_lifetime_hint + ticket_length + ticket */ 1925 /* ticket_lifetime_hint + ticket_length + ticket */
2073 if (ticklen + 6 != n) 1926 if (ticklen + 6 != n) {
2074 {
2075 al = SSL_AD_DECODE_ERROR; 1927 al = SSL_AD_DECODE_ERROR;
2076 SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,SSL_R_LENGTH_MISMATCH); 1928 SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET, SSL_R_LENGTH_MISMATCH);
2077 goto f_err; 1929 goto f_err;
2078 } 1930 }
2079 if (s->session->tlsext_tick) 1931 if (s->session->tlsext_tick) {
2080 {
2081 OPENSSL_free(s->session->tlsext_tick); 1932 OPENSSL_free(s->session->tlsext_tick);
2082 s->session->tlsext_ticklen = 0; 1933 s->session->tlsext_ticklen = 0;
2083 } 1934 }
2084 s->session->tlsext_tick = OPENSSL_malloc(ticklen); 1935 s->session->tlsext_tick = OPENSSL_malloc(ticklen);
2085 if (!s->session->tlsext_tick) 1936 if (!s->session->tlsext_tick) {
2086 { 1937 SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET, ERR_R_MALLOC_FAILURE);
2087 SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,ERR_R_MALLOC_FAILURE);
2088 goto err; 1938 goto err;
2089 } 1939 }
2090 memcpy(s->session->tlsext_tick, p, ticklen); 1940 memcpy(s->session->tlsext_tick, p, ticklen);
2091 s->session->tlsext_ticklen = ticklen; 1941 s->session->tlsext_ticklen = ticklen;
2092 /* There are two ways to detect a resumed ticket sesion. 1942 /* There are two ways to detect a resumed ticket sesion.
@@ -2105,122 +1955,116 @@ int ssl3_get_new_session_ticket(SSL *s)
2105 * ticket. 1955 * ticket.
2106 */ 1956 */
2107 EVP_Digest(p, ticklen, 1957 EVP_Digest(p, ticklen,
2108 s->session->session_id, &s->session->session_id_length, 1958 s->session->session_id, &s->session->session_id_length,
2109#ifndef OPENSSL_NO_SHA256 1959#ifndef OPENSSL_NO_SHA256
2110 EVP_sha256(), NULL); 1960 EVP_sha256(), NULL);
2111#else 1961#else
2112 EVP_sha1(), NULL); 1962 EVP_sha1(), NULL);
2113#endif 1963#endif
2114 ret=1; 1964 ret = 1;
2115 return(ret); 1965 return (ret);
2116f_err: 1966f_err:
2117 ssl3_send_alert(s,SSL3_AL_FATAL,al); 1967 ssl3_send_alert(s, SSL3_AL_FATAL, al);
2118err: 1968err:
2119 return(-1); 1969 return (-1);
2120 } 1970}
2121 1971
2122int ssl3_get_cert_status(SSL *s) 1972int
2123 { 1973ssl3_get_cert_status(SSL *s)
1974{
2124 int ok, al; 1975 int ok, al;
2125 unsigned long resplen,n; 1976 unsigned long resplen, n;
2126 const unsigned char *p; 1977 const unsigned char *p;
2127 1978
2128 n=s->method->ssl_get_message(s, 1979 n = s->method->ssl_get_message(s,
2129 SSL3_ST_CR_CERT_STATUS_A, 1980 SSL3_ST_CR_CERT_STATUS_A,
2130 SSL3_ST_CR_CERT_STATUS_B, 1981 SSL3_ST_CR_CERT_STATUS_B,
2131 SSL3_MT_CERTIFICATE_STATUS, 1982 SSL3_MT_CERTIFICATE_STATUS,
2132 16384, 1983 16384,
2133 &ok); 1984 &ok);
2134 1985
2135 if (!ok) return((int)n); 1986 if (!ok)
2136 if (n < 4) 1987 return ((int)n);
2137 { 1988 if (n < 4) {
2138 /* need at least status type + length */ 1989 /* need at least status type + length */
2139 al = SSL_AD_DECODE_ERROR; 1990 al = SSL_AD_DECODE_ERROR;
2140 SSLerr(SSL_F_SSL3_GET_CERT_STATUS,SSL_R_LENGTH_MISMATCH); 1991 SSLerr(SSL_F_SSL3_GET_CERT_STATUS, SSL_R_LENGTH_MISMATCH);
2141 goto f_err; 1992 goto f_err;
2142 } 1993 }
2143 p = (unsigned char *)s->init_msg; 1994 p = (unsigned char *)s->init_msg;
2144 if (*p++ != TLSEXT_STATUSTYPE_ocsp) 1995 if (*p++ != TLSEXT_STATUSTYPE_ocsp) {
2145 {
2146 al = SSL_AD_DECODE_ERROR; 1996 al = SSL_AD_DECODE_ERROR;
2147 SSLerr(SSL_F_SSL3_GET_CERT_STATUS,SSL_R_UNSUPPORTED_STATUS_TYPE); 1997 SSLerr(SSL_F_SSL3_GET_CERT_STATUS, SSL_R_UNSUPPORTED_STATUS_TYPE);
2148 goto f_err; 1998 goto f_err;
2149 } 1999 }
2150 n2l3(p, resplen); 2000 n2l3(p, resplen);
2151 if (resplen + 4 != n) 2001 if (resplen + 4 != n) {
2152 {
2153 al = SSL_AD_DECODE_ERROR; 2002 al = SSL_AD_DECODE_ERROR;
2154 SSLerr(SSL_F_SSL3_GET_CERT_STATUS,SSL_R_LENGTH_MISMATCH); 2003 SSLerr(SSL_F_SSL3_GET_CERT_STATUS, SSL_R_LENGTH_MISMATCH);
2155 goto f_err; 2004 goto f_err;
2156 } 2005 }
2157 if (s->tlsext_ocsp_resp) 2006 if (s->tlsext_ocsp_resp)
2158 OPENSSL_free(s->tlsext_ocsp_resp); 2007 OPENSSL_free(s->tlsext_ocsp_resp);
2159 s->tlsext_ocsp_resp = BUF_memdup(p, resplen); 2008 s->tlsext_ocsp_resp = BUF_memdup(p, resplen);
2160 if (!s->tlsext_ocsp_resp) 2009 if (!s->tlsext_ocsp_resp) {
2161 {
2162 al = SSL_AD_INTERNAL_ERROR; 2010 al = SSL_AD_INTERNAL_ERROR;
2163 SSLerr(SSL_F_SSL3_GET_CERT_STATUS,ERR_R_MALLOC_FAILURE); 2011 SSLerr(SSL_F_SSL3_GET_CERT_STATUS, ERR_R_MALLOC_FAILURE);
2164 goto f_err; 2012 goto f_err;
2165 } 2013 }
2166 s->tlsext_ocsp_resplen = resplen; 2014 s->tlsext_ocsp_resplen = resplen;
2167 if (s->ctx->tlsext_status_cb) 2015 if (s->ctx->tlsext_status_cb) {
2168 {
2169 int ret; 2016 int ret;
2170 ret = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg); 2017 ret = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg);
2171 if (ret == 0) 2018 if (ret == 0) {
2172 {
2173 al = SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE; 2019 al = SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE;
2174 SSLerr(SSL_F_SSL3_GET_CERT_STATUS,SSL_R_INVALID_STATUS_RESPONSE); 2020 SSLerr(SSL_F_SSL3_GET_CERT_STATUS, SSL_R_INVALID_STATUS_RESPONSE);
2175 goto f_err; 2021 goto f_err;
2176 } 2022 }
2177 if (ret < 0) 2023 if (ret < 0) {
2178 {
2179 al = SSL_AD_INTERNAL_ERROR; 2024 al = SSL_AD_INTERNAL_ERROR;
2180 SSLerr(SSL_F_SSL3_GET_CERT_STATUS,ERR_R_MALLOC_FAILURE); 2025 SSLerr(SSL_F_SSL3_GET_CERT_STATUS, ERR_R_MALLOC_FAILURE);
2181 goto f_err; 2026 goto f_err;
2182 }
2183 } 2027 }
2028 }
2184 return 1; 2029 return 1;
2185f_err: 2030f_err:
2186 ssl3_send_alert(s,SSL3_AL_FATAL,al); 2031 ssl3_send_alert(s, SSL3_AL_FATAL, al);
2187 return(-1); 2032 return (-1);
2188 } 2033}
2189#endif 2034#endif
2190 2035
2191int ssl3_get_server_done(SSL *s) 2036int
2192 { 2037ssl3_get_server_done(SSL *s)
2193 int ok,ret=0; 2038{
2039 int ok, ret = 0;
2194 long n; 2040 long n;
2195 2041
2196 n=s->method->ssl_get_message(s, 2042 n = s->method->ssl_get_message(s, SSL3_ST_CR_SRVR_DONE_A,
2197 SSL3_ST_CR_SRVR_DONE_A, 2043 SSL3_ST_CR_SRVR_DONE_B, SSL3_MT_SERVER_DONE,
2198 SSL3_ST_CR_SRVR_DONE_B, 2044 30, /* should be very small, like 0 :-) */ &ok);
2199 SSL3_MT_SERVER_DONE,
2200 30, /* should be very small, like 0 :-) */
2201 &ok);
2202 2045
2203 if (!ok) return((int)n); 2046 if (!ok)
2204 if (n > 0) 2047 return ((int)n);
2205 { 2048 if (n > 0) {
2206 /* should contain no data */ 2049 /* should contain no data */
2207 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR); 2050 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
2208 SSLerr(SSL_F_SSL3_GET_SERVER_DONE,SSL_R_LENGTH_MISMATCH); 2051 SSLerr(SSL_F_SSL3_GET_SERVER_DONE, SSL_R_LENGTH_MISMATCH);
2209 return -1; 2052 return -1;
2210 }
2211 ret=1;
2212 return(ret);
2213 } 2053 }
2054 ret = 1;
2055 return (ret);
2056}
2214 2057
2215 2058
2216int ssl3_send_client_key_exchange(SSL *s) 2059int
2217 { 2060ssl3_send_client_key_exchange(SSL *s)
2218 unsigned char *p,*d; 2061{
2062 unsigned char *p, *d;
2219 int n; 2063 int n;
2220 unsigned long alg_k; 2064 unsigned long alg_k;
2221#ifndef OPENSSL_NO_RSA 2065#ifndef OPENSSL_NO_RSA
2222 unsigned char *q; 2066 unsigned char *q;
2223 EVP_PKEY *pkey=NULL; 2067 EVP_PKEY *pkey = NULL;
2224#endif 2068#endif
2225#ifndef OPENSSL_NO_KRB5 2069#ifndef OPENSSL_NO_KRB5
2226 KSSL_ERR kssl_err; 2070 KSSL_ERR kssl_err;
@@ -2234,77 +2078,73 @@ int ssl3_send_client_key_exchange(SSL *s)
2234 BN_CTX * bn_ctx = NULL; 2078 BN_CTX * bn_ctx = NULL;
2235#endif 2079#endif
2236 2080
2237 if (s->state == SSL3_ST_CW_KEY_EXCH_A) 2081 if (s->state == SSL3_ST_CW_KEY_EXCH_A) {
2238 { 2082 d = (unsigned char *)s->init_buf->data;
2239 d=(unsigned char *)s->init_buf->data; 2083 p = &(d[4]);
2240 p= &(d[4]);
2241 2084
2242 alg_k=s->s3->tmp.new_cipher->algorithm_mkey; 2085 alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
2243 2086
2244 /* Fool emacs indentation */ 2087 /* Fool emacs indentation */
2245 if (0) {} 2088 if (0) {
2089 }
2246#ifndef OPENSSL_NO_RSA 2090#ifndef OPENSSL_NO_RSA
2247 else if (alg_k & SSL_kRSA) 2091 else if (alg_k & SSL_kRSA) {
2248 {
2249 RSA *rsa; 2092 RSA *rsa;
2250 unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH]; 2093 unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
2251 2094
2252 if (s->session->sess_cert->peer_rsa_tmp != NULL) 2095 if (s->session->sess_cert->peer_rsa_tmp != NULL)
2253 rsa=s->session->sess_cert->peer_rsa_tmp; 2096 rsa = s->session->sess_cert->peer_rsa_tmp;
2254 else 2097 else {
2255 { 2098 pkey = X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
2256 pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
2257 if ((pkey == NULL) || 2099 if ((pkey == NULL) ||
2258 (pkey->type != EVP_PKEY_RSA) || 2100 (pkey->type != EVP_PKEY_RSA) ||
2259 (pkey->pkey.rsa == NULL)) 2101 (pkey->pkey.rsa == NULL)) {
2260 { 2102 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
2261 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
2262 goto err; 2103 goto err;
2263 }
2264 rsa=pkey->pkey.rsa;
2265 EVP_PKEY_free(pkey);
2266 } 2104 }
2267 2105 rsa = pkey->pkey.rsa;
2268 tmp_buf[0]=s->client_version>>8; 2106 EVP_PKEY_free(pkey);
2269 tmp_buf[1]=s->client_version&0xff; 2107 }
2270 if (RAND_bytes(&(tmp_buf[2]),sizeof tmp_buf-2) <= 0) 2108
2271 goto err; 2109 tmp_buf[0] = s->client_version >> 8;
2110 tmp_buf[1] = s->client_version & 0xff;
2111 if (RAND_bytes(&(tmp_buf[2]), sizeof tmp_buf - 2) <= 0)
2112 goto err;
2272 2113
2273 s->session->master_key_length=sizeof tmp_buf; 2114 s->session->master_key_length = sizeof tmp_buf;
2274 2115
2275 q=p; 2116 q = p;
2276 /* Fix buf for TLS and beyond */ 2117 /* Fix buf for TLS and beyond */
2277 if (s->version > SSL3_VERSION) 2118 if (s->version > SSL3_VERSION)
2278 p+=2; 2119 p += 2;
2279 n=RSA_public_encrypt(sizeof tmp_buf, 2120 n = RSA_public_encrypt(sizeof tmp_buf,
2280 tmp_buf,p,rsa,RSA_PKCS1_PADDING); 2121 tmp_buf, p, rsa, RSA_PKCS1_PADDING);
2281#ifdef PKCS1_CHECK 2122#ifdef PKCS1_CHECK
2282 if (s->options & SSL_OP_PKCS1_CHECK_1) p[1]++; 2123 if (s->options & SSL_OP_PKCS1_CHECK_1)
2283 if (s->options & SSL_OP_PKCS1_CHECK_2) tmp_buf[0]=0x70; 2124 p[1]++;
2125 if (s->options & SSL_OP_PKCS1_CHECK_2)
2126 tmp_buf[0] = 0x70;
2284#endif 2127#endif
2285 if (n <= 0) 2128 if (n <= 0) {
2286 { 2129 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, SSL_R_BAD_RSA_ENCRYPT);
2287 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_ENCRYPT);
2288 goto err; 2130 goto err;
2289 } 2131 }
2290 2132
2291 /* Fix buf for TLS and beyond */ 2133 /* Fix buf for TLS and beyond */
2292 if (s->version > SSL3_VERSION) 2134 if (s->version > SSL3_VERSION) {
2293 { 2135 s2n(n, q);
2294 s2n(n,q); 2136 n += 2;
2295 n+=2;
2296 }
2297
2298 s->session->master_key_length=
2299 s->method->ssl3_enc->generate_master_secret(s,
2300 s->session->master_key,
2301 tmp_buf,sizeof tmp_buf);
2302 OPENSSL_cleanse(tmp_buf,sizeof tmp_buf);
2303 } 2137 }
2138
2139 s->session->master_key_length =
2140 s->method->ssl3_enc->generate_master_secret(
2141 s, s->session->master_key, tmp_buf,
2142 sizeof tmp_buf);
2143 OPENSSL_cleanse(tmp_buf, sizeof tmp_buf);
2144 }
2304#endif 2145#endif
2305#ifndef OPENSSL_NO_KRB5 2146#ifndef OPENSSL_NO_KRB5
2306 else if (alg_k & SSL_kKRB5) 2147 else if (alg_k & SSL_kKRB5) {
2307 {
2308 krb5_error_code krb5rc; 2148 krb5_error_code krb5rc;
2309 KSSL_CTX *kssl_ctx = s->kssl_ctx; 2149 KSSL_CTX *kssl_ctx = s->kssl_ctx;
2310 /* krb5_data krb5_ap_req; */ 2150 /* krb5_data krb5_ap_req; */
@@ -2314,43 +2154,43 @@ int ssl3_send_client_key_exchange(SSL *s)
2314 const EVP_CIPHER *enc = NULL; 2154 const EVP_CIPHER *enc = NULL;
2315 unsigned char iv[EVP_MAX_IV_LENGTH]; 2155 unsigned char iv[EVP_MAX_IV_LENGTH];
2316 unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH]; 2156 unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
2317 unsigned char epms[SSL_MAX_MASTER_KEY_LENGTH 2157 unsigned char epms[SSL_MAX_MASTER_KEY_LENGTH
2318 + EVP_MAX_IV_LENGTH]; 2158 + EVP_MAX_IV_LENGTH];
2319 int padl, outl = sizeof(epms); 2159 int padl, outl = sizeof(epms);
2320 2160
2321 EVP_CIPHER_CTX_init(&ciph_ctx); 2161 EVP_CIPHER_CTX_init(&ciph_ctx);
2322 2162
2323#ifdef KSSL_DEBUG 2163#ifdef KSSL_DEBUG
2324 printf("ssl3_send_client_key_exchange(%lx & %lx)\n", 2164 printf("ssl3_send_client_key_exchange(%lx & %lx)\n",
2325 alg_k, SSL_kKRB5); 2165 alg_k, SSL_kKRB5);
2326#endif /* KSSL_DEBUG */ 2166#endif /* KSSL_DEBUG */
2327 2167
2328 authp = NULL; 2168 authp = NULL;
2329#ifdef KRB5SENDAUTH 2169#ifdef KRB5SENDAUTH
2330 if (KRB5SENDAUTH) authp = &authenticator; 2170 if (KRB5SENDAUTH)
2171 authp = &authenticator;
2331#endif /* KRB5SENDAUTH */ 2172#endif /* KRB5SENDAUTH */
2332 2173
2333 krb5rc = kssl_cget_tkt(kssl_ctx, &enc_ticket, authp, 2174 krb5rc = kssl_cget_tkt(kssl_ctx, &enc_ticket,
2334 &kssl_err); 2175 authp, &kssl_err);
2335 enc = kssl_map_enc(kssl_ctx->enctype); 2176 enc = kssl_map_enc(kssl_ctx->enctype);
2336 if (enc == NULL) 2177 if (enc == NULL)
2337 goto err; 2178 goto err;
2338#ifdef KSSL_DEBUG 2179#ifdef KSSL_DEBUG
2339 { 2180 {
2340 printf("kssl_cget_tkt rtn %d\n", krb5rc); 2181 printf("kssl_cget_tkt rtn %d\n", krb5rc);
2341 if (krb5rc && kssl_err.text) 2182 if (krb5rc && kssl_err.text)
2342 printf("kssl_cget_tkt kssl_err=%s\n", kssl_err.text); 2183 printf("kssl_cget_tkt kssl_err=%s\n", kssl_err.text);
2343 } 2184 }
2344#endif /* KSSL_DEBUG */ 2185#endif /* KSSL_DEBUG */
2345 2186
2346 if (krb5rc) 2187 if (krb5rc) {
2347 { 2188 ssl3_send_alert(s, SSL3_AL_FATAL,
2348 ssl3_send_alert(s,SSL3_AL_FATAL, 2189 SSL_AD_HANDSHAKE_FAILURE);
2349 SSL_AD_HANDSHAKE_FAILURE);
2350 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, 2190 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2351 kssl_err.reason); 2191 kssl_err.reason);
2352 goto err; 2192 goto err;
2353 } 2193 }
2354 2194
2355 /* 20010406 VRS - Earlier versions used KRB5 AP_REQ 2195 /* 20010406 VRS - Earlier versions used KRB5 AP_REQ
2356 ** in place of RFC 2712 KerberosWrapper, as in: 2196 ** in place of RFC 2712 KerberosWrapper, as in:
@@ -2372,32 +2212,29 @@ int ssl3_send_client_key_exchange(SSL *s)
2372 */ 2212 */
2373 2213
2374 /* KerberosWrapper.Ticket */ 2214 /* KerberosWrapper.Ticket */
2375 s2n(enc_ticket->length,p); 2215 s2n(enc_ticket->length, p);
2376 memcpy(p, enc_ticket->data, enc_ticket->length); 2216 memcpy(p, enc_ticket->data, enc_ticket->length);
2377 p+= enc_ticket->length; 2217 p += enc_ticket->length;
2378 n = enc_ticket->length + 2; 2218 n = enc_ticket->length + 2;
2379 2219
2380 /* KerberosWrapper.Authenticator */ 2220 /* KerberosWrapper.Authenticator */
2381 if (authp && authp->length) 2221 if (authp && authp->length) {
2382 { 2222 s2n(authp->length, p);
2383 s2n(authp->length,p);
2384 memcpy(p, authp->data, authp->length); 2223 memcpy(p, authp->data, authp->length);
2385 p+= authp->length; 2224 p += authp->length;
2386 n+= authp->length + 2; 2225 n += authp->length + 2;
2387 2226
2388 free(authp->data); 2227 free(authp->data);
2389 authp->data = NULL; 2228 authp->data = NULL;
2390 authp->length = 0; 2229 authp->length = 0;
2391 } 2230 } else {
2392 else
2393 {
2394 s2n(0,p);/* null authenticator length */ 2231 s2n(0,p);/* null authenticator length */
2395 n+=2; 2232 n += 2;
2396 } 2233 }
2397 2234
2398 tmp_buf[0]=s->client_version>>8; 2235 tmp_buf[0] = s->client_version >> 8;
2399 tmp_buf[1]=s->client_version&0xff; 2236 tmp_buf[1] = s->client_version&0xff;
2400 if (RAND_bytes(&(tmp_buf[2]),sizeof tmp_buf-2) <= 0) 2237 if (RAND_bytes(&(tmp_buf[2]), sizeof tmp_buf - 2) <= 0)
2401 goto err; 2238 goto err;
2402 2239
2403 /* 20010420 VRS. Tried it this way; failed. 2240 /* 20010420 VRS. Tried it this way; failed.
@@ -2407,104 +2244,97 @@ int ssl3_send_client_key_exchange(SSL *s)
2407 ** EVP_EncryptInit_ex(&ciph_ctx,NULL, key,iv); 2244 ** EVP_EncryptInit_ex(&ciph_ctx,NULL, key,iv);
2408 */ 2245 */
2409 2246
2410 memset(iv, 0, sizeof iv); /* per RFC 1510 */ 2247 memset(iv, 0, sizeof iv);
2411 EVP_EncryptInit_ex(&ciph_ctx,enc, NULL, 2248 /* per RFC 1510 */
2412 kssl_ctx->key,iv); 2249 EVP_EncryptInit_ex(&ciph_ctx, enc, NULL,
2413 EVP_EncryptUpdate(&ciph_ctx,epms,&outl,tmp_buf, 2250 kssl_ctx->key, iv);
2414 sizeof tmp_buf); 2251 EVP_EncryptUpdate(&ciph_ctx, epms, &outl, tmp_buf,
2415 EVP_EncryptFinal_ex(&ciph_ctx,&(epms[outl]),&padl); 2252 sizeof tmp_buf);
2253 EVP_EncryptFinal_ex(&ciph_ctx, &(epms[outl]), &padl);
2416 outl += padl; 2254 outl += padl;
2417 if (outl > (int)sizeof epms) 2255 if (outl > (int)sizeof epms) {
2418 {
2419 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); 2256 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
2420 goto err; 2257 goto err;
2421 } 2258 }
2422 EVP_CIPHER_CTX_cleanup(&ciph_ctx); 2259 EVP_CIPHER_CTX_cleanup(&ciph_ctx);
2423 2260
2424 /* KerberosWrapper.EncryptedPreMasterSecret */ 2261 /* KerberosWrapper.EncryptedPreMasterSecret */
2425 s2n(outl,p); 2262 s2n(outl, p);
2426 memcpy(p, epms, outl); 2263 memcpy(p, epms, outl);
2427 p+=outl; 2264 p += outl;
2428 n+=outl + 2; 2265 n += outl + 2;
2429 2266
2430 s->session->master_key_length= 2267 s->session->master_key_length =
2431 s->method->ssl3_enc->generate_master_secret(s, 2268 s->method->ssl3_enc->generate_master_secret(s,
2432 s->session->master_key, 2269 s->session->master_key,
2433 tmp_buf, sizeof tmp_buf); 2270 tmp_buf, sizeof tmp_buf);
2434 2271
2435 OPENSSL_cleanse(tmp_buf, sizeof tmp_buf); 2272 OPENSSL_cleanse(tmp_buf, sizeof tmp_buf);
2436 OPENSSL_cleanse(epms, outl); 2273 OPENSSL_cleanse(epms, outl);
2437 } 2274 }
2438#endif 2275#endif
2439#ifndef OPENSSL_NO_DH 2276#ifndef OPENSSL_NO_DH
2440 else if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) 2277 else if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) {
2441 { 2278 DH *dh_srvr, *dh_clnt;
2442 DH *dh_srvr,*dh_clnt;
2443 2279
2444 if (s->session->sess_cert == NULL) 2280 if (s->session->sess_cert == NULL) {
2445 { 2281 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
2446 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE); 2282 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, SSL_R_UNEXPECTED_MESSAGE);
2447 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE);
2448 goto err; 2283 goto err;
2449 } 2284 }
2450 2285
2451 if (s->session->sess_cert->peer_dh_tmp != NULL) 2286 if (s->session->sess_cert->peer_dh_tmp != NULL)
2452 dh_srvr=s->session->sess_cert->peer_dh_tmp; 2287 dh_srvr = s->session->sess_cert->peer_dh_tmp;
2453 else 2288 else {
2454 {
2455 /* we get them from the cert */ 2289 /* we get them from the cert */
2456 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE); 2290 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
2457 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNABLE_TO_FIND_DH_PARAMETERS); 2291 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, SSL_R_UNABLE_TO_FIND_DH_PARAMETERS);
2458 goto err; 2292 goto err;
2459 } 2293 }
2460 2294
2461 /* generate a new random key */ 2295 /* generate a new random key */
2462 if ((dh_clnt=DHparams_dup(dh_srvr)) == NULL) 2296 if ((dh_clnt = DHparams_dup(dh_srvr)) == NULL) {
2463 { 2297 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_DH_LIB);
2464 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB);
2465 goto err; 2298 goto err;
2466 } 2299 }
2467 if (!DH_generate_key(dh_clnt)) 2300 if (!DH_generate_key(dh_clnt)) {
2468 { 2301 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_DH_LIB);
2469 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB);
2470 DH_free(dh_clnt); 2302 DH_free(dh_clnt);
2471 goto err; 2303 goto err;
2472 } 2304 }
2473 2305
2474 /* use the 'p' output buffer for the DH key, but 2306 /* use the 'p' output buffer for the DH key, but
2475 * make sure to clear it out afterwards */ 2307 * make sure to clear it out afterwards */
2476 2308
2477 n=DH_compute_key(p,dh_srvr->pub_key,dh_clnt); 2309 n = DH_compute_key(p, dh_srvr->pub_key, dh_clnt);
2478 2310
2479 if (n <= 0) 2311 if (n <= 0) {
2480 { 2312 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_DH_LIB);
2481 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB);
2482 DH_free(dh_clnt); 2313 DH_free(dh_clnt);
2483 goto err; 2314 goto err;
2484 } 2315 }
2485 2316
2486 /* generate master key from the result */ 2317 /* generate master key from the result */
2487 s->session->master_key_length= 2318 s->session->master_key_length =
2488 s->method->ssl3_enc->generate_master_secret(s, 2319 s->method->ssl3_enc->generate_master_secret(s,
2489 s->session->master_key,p,n); 2320 s->session->master_key, p, n);
2490 /* clean up */ 2321 /* clean up */
2491 memset(p,0,n); 2322 memset(p, 0, n);
2492 2323
2493 /* send off the data */ 2324 /* send off the data */
2494 n=BN_num_bytes(dh_clnt->pub_key); 2325 n = BN_num_bytes(dh_clnt->pub_key);
2495 s2n(n,p); 2326 s2n(n, p);
2496 BN_bn2bin(dh_clnt->pub_key,p); 2327 BN_bn2bin(dh_clnt->pub_key, p);
2497 n+=2; 2328 n += 2;
2498 2329
2499 DH_free(dh_clnt); 2330 DH_free(dh_clnt);
2500 2331
2501 /* perhaps clean things up a bit EAY EAY EAY EAY*/ 2332 /* perhaps clean things up a bit EAY EAY EAY EAY*/
2502 } 2333 }
2503#endif 2334#endif
2504 2335
2505#ifndef OPENSSL_NO_ECDH 2336#ifndef OPENSSL_NO_ECDH
2506 else if (alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) 2337 else if (alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) {
2507 {
2508 const EC_GROUP *srvr_group = NULL; 2338 const EC_GROUP *srvr_group = NULL;
2509 EC_KEY *tkey; 2339 EC_KEY *tkey;
2510 int ecdh_clnt_cert = 0; 2340 int ecdh_clnt_cert = 0;
@@ -2515,8 +2345,7 @@ int ssl3_send_client_key_exchange(SSL *s)
2515 * computation as part of client certificate? 2345 * computation as part of client certificate?
2516 * If so, set ecdh_clnt_cert to 1. 2346 * If so, set ecdh_clnt_cert to 1.
2517 */ 2347 */
2518 if ((alg_k & (SSL_kECDHr|SSL_kECDHe)) && (s->cert != NULL)) 2348 if ((alg_k & (SSL_kECDHr|SSL_kECDHe)) && (s->cert != NULL)) {
2519 {
2520 /* XXX: For now, we do not support client 2349 /* XXX: For now, we do not support client
2521 * authentication using ECDH certificates. 2350 * authentication using ECDH certificates.
2522 * To add such support, one needs to add 2351 * To add such support, one needs to add
@@ -2536,52 +2365,44 @@ int ssl3_send_client_key_exchange(SSL *s)
2536 * EVP_PKEY_EC) && ...) 2365 * EVP_PKEY_EC) && ...)
2537 * ecdh_clnt_cert = 1; 2366 * ecdh_clnt_cert = 1;
2538 */ 2367 */
2539 } 2368 }
2540 2369
2541 if (s->session->sess_cert->peer_ecdh_tmp != NULL) 2370 if (s->session->sess_cert->peer_ecdh_tmp != NULL) {
2542 {
2543 tkey = s->session->sess_cert->peer_ecdh_tmp; 2371 tkey = s->session->sess_cert->peer_ecdh_tmp;
2544 } 2372 } else {
2545 else
2546 {
2547 /* Get the Server Public Key from Cert */ 2373 /* Get the Server Public Key from Cert */
2548 srvr_pub_pkey = X509_get_pubkey(s->session-> \ 2374 srvr_pub_pkey = X509_get_pubkey(s->session-> \
2549 sess_cert->peer_pkeys[SSL_PKEY_ECC].x509); 2375 sess_cert->peer_pkeys[SSL_PKEY_ECC].x509);
2550 if ((srvr_pub_pkey == NULL) || 2376 if ((srvr_pub_pkey == NULL) ||
2551 (srvr_pub_pkey->type != EVP_PKEY_EC) || 2377 (srvr_pub_pkey->type != EVP_PKEY_EC) ||
2552 (srvr_pub_pkey->pkey.ec == NULL)) 2378 (srvr_pub_pkey->pkey.ec == NULL)) {
2553 {
2554 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, 2379 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2555 ERR_R_INTERNAL_ERROR); 2380 ERR_R_INTERNAL_ERROR);
2556 goto err; 2381 goto err;
2557 } 2382 }
2558 2383
2559 tkey = srvr_pub_pkey->pkey.ec; 2384 tkey = srvr_pub_pkey->pkey.ec;
2560 } 2385 }
2561 2386
2562 srvr_group = EC_KEY_get0_group(tkey); 2387 srvr_group = EC_KEY_get0_group(tkey);
2563 srvr_ecpoint = EC_KEY_get0_public_key(tkey); 2388 srvr_ecpoint = EC_KEY_get0_public_key(tkey);
2564 2389
2565 if ((srvr_group == NULL) || (srvr_ecpoint == NULL)) 2390 if ((srvr_group == NULL) || (srvr_ecpoint == NULL)) {
2566 {
2567 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, 2391 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2568 ERR_R_INTERNAL_ERROR); 2392 ERR_R_INTERNAL_ERROR);
2569 goto err; 2393 goto err;
2570 } 2394 }
2571 2395
2572 if ((clnt_ecdh=EC_KEY_new()) == NULL) 2396 if ((clnt_ecdh = EC_KEY_new()) == NULL) {
2573 { 2397 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
2574 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
2575 goto err; 2398 goto err;
2576 } 2399 }
2577 2400
2578 if (!EC_KEY_set_group(clnt_ecdh, srvr_group)) 2401 if (!EC_KEY_set_group(clnt_ecdh, srvr_group)) {
2579 { 2402 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_EC_LIB);
2580 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_EC_LIB);
2581 goto err; 2403 goto err;
2582 } 2404 }
2583 if (ecdh_clnt_cert) 2405 if (ecdh_clnt_cert) {
2584 {
2585 /* Reuse key info from our certificate 2406 /* Reuse key info from our certificate
2586 * We only need our private key to perform 2407 * We only need our private key to perform
2587 * the ECDH computation. 2408 * the ECDH computation.
@@ -2589,581 +2410,529 @@ int ssl3_send_client_key_exchange(SSL *s)
2589 const BIGNUM *priv_key; 2410 const BIGNUM *priv_key;
2590 tkey = s->cert->key->privatekey->pkey.ec; 2411 tkey = s->cert->key->privatekey->pkey.ec;
2591 priv_key = EC_KEY_get0_private_key(tkey); 2412 priv_key = EC_KEY_get0_private_key(tkey);
2592 if (priv_key == NULL) 2413 if (priv_key == NULL) {
2593 { 2414 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
2594 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
2595 goto err; 2415 goto err;
2596 } 2416 }
2597 if (!EC_KEY_set_private_key(clnt_ecdh, priv_key)) 2417 if (!EC_KEY_set_private_key(clnt_ecdh, priv_key)) {
2598 { 2418 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_EC_LIB);
2599 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_EC_LIB);
2600 goto err; 2419 goto err;
2601 }
2602 } 2420 }
2603 else 2421 } else {
2604 {
2605 /* Generate a new ECDH key pair */ 2422 /* Generate a new ECDH key pair */
2606 if (!(EC_KEY_generate_key(clnt_ecdh))) 2423 if (!(EC_KEY_generate_key(clnt_ecdh))) {
2607 {
2608 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_ECDH_LIB); 2424 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_ECDH_LIB);
2609 goto err; 2425 goto err;
2610 }
2611 } 2426 }
2427 }
2612 2428
2613 /* use the 'p' output buffer for the ECDH key, but 2429 /* use the 'p' output buffer for the ECDH key, but
2614 * make sure to clear it out afterwards 2430 * make sure to clear it out afterwards
2615 */ 2431 */
2616 2432
2617 field_size = EC_GROUP_get_degree(srvr_group); 2433 field_size = EC_GROUP_get_degree(srvr_group);
2618 if (field_size <= 0) 2434 if (field_size <= 0) {
2619 { 2435 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2620 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, 2436 ERR_R_ECDH_LIB);
2621 ERR_R_ECDH_LIB);
2622 goto err; 2437 goto err;
2623 } 2438 }
2624 n=ECDH_compute_key(p, (field_size+7)/8, srvr_ecpoint, clnt_ecdh, NULL); 2439 n = ECDH_compute_key(p, (field_size + 7)/8, srvr_ecpoint, clnt_ecdh, NULL);
2625 if (n <= 0) 2440 if (n <= 0) {
2626 { 2441 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2627 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, 2442 ERR_R_ECDH_LIB);
2628 ERR_R_ECDH_LIB);
2629 goto err; 2443 goto err;
2630 } 2444 }
2631 2445
2632 /* generate master key from the result */ 2446 /* generate master key from the result */
2633 s->session->master_key_length = s->method->ssl3_enc \ 2447 s->session->master_key_length = s->method->ssl3_enc \
2634 -> generate_master_secret(s, 2448 -> generate_master_secret(s,
2635 s->session->master_key, 2449 s->session->master_key,
2636 p, n); 2450 p, n);
2637 2451
2638 memset(p, 0, n); /* clean up */ 2452 memset(p, 0, n); /* clean up */
2639 2453
2640 if (ecdh_clnt_cert) 2454 if (ecdh_clnt_cert) {
2641 {
2642 /* Send empty client key exch message */ 2455 /* Send empty client key exch message */
2643 n = 0; 2456 n = 0;
2644 } 2457 } else {
2645 else
2646 {
2647 /* First check the size of encoding and 2458 /* First check the size of encoding and
2648 * allocate memory accordingly. 2459 * allocate memory accordingly.
2649 */ 2460 */
2650 encoded_pt_len = 2461 encoded_pt_len =
2651 EC_POINT_point2oct(srvr_group, 2462 EC_POINT_point2oct(srvr_group,
2652 EC_KEY_get0_public_key(clnt_ecdh), 2463 EC_KEY_get0_public_key(clnt_ecdh),
2653 POINT_CONVERSION_UNCOMPRESSED, 2464 POINT_CONVERSION_UNCOMPRESSED,
2654 NULL, 0, NULL); 2465 NULL, 0, NULL);
2655 2466
2656 encodedPoint = (unsigned char *) 2467 encodedPoint =
2657 OPENSSL_malloc(encoded_pt_len * 2468 (unsigned char *)OPENSSL_malloc(
2658 sizeof(unsigned char)); 2469 encoded_pt_len * sizeof(unsigned char));
2470
2659 bn_ctx = BN_CTX_new(); 2471 bn_ctx = BN_CTX_new();
2660 if ((encodedPoint == NULL) || 2472 if ((encodedPoint == NULL) ||
2661 (bn_ctx == NULL)) 2473 (bn_ctx == NULL)) {
2662 { 2474 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
2663 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
2664 goto err; 2475 goto err;
2665 } 2476 }
2666 2477
2667 /* Encode the public key */ 2478 /* Encode the public key */
2668 n = EC_POINT_point2oct(srvr_group, 2479 n = EC_POINT_point2oct(srvr_group,
2669 EC_KEY_get0_public_key(clnt_ecdh), 2480 EC_KEY_get0_public_key(clnt_ecdh),
2670 POINT_CONVERSION_UNCOMPRESSED, 2481 POINT_CONVERSION_UNCOMPRESSED,
2671 encodedPoint, encoded_pt_len, bn_ctx); 2482 encodedPoint, encoded_pt_len, bn_ctx);
2672 2483
2673 *p = n; /* length of encoded point */ 2484 *p = n; /* length of encoded point */
2674 /* Encoded point will be copied here */ 2485 /* Encoded point will be copied here */
2675 p += 1; 2486 p += 1;
2487
2676 /* copy the point */ 2488 /* copy the point */
2677 memcpy((unsigned char *)p, encodedPoint, n); 2489 memcpy((unsigned char *)p, encodedPoint, n);
2678 /* increment n to account for length field */ 2490 /* increment n to account for length field */
2679 n += 1; 2491 n += 1;
2680 } 2492
2493 }
2681 2494
2682 /* Free allocated memory */ 2495 /* Free allocated memory */
2683 BN_CTX_free(bn_ctx); 2496 BN_CTX_free(bn_ctx);
2684 if (encodedPoint != NULL) OPENSSL_free(encodedPoint); 2497 if (encodedPoint != NULL)
2685 if (clnt_ecdh != NULL) 2498 OPENSSL_free(encodedPoint);
2686 EC_KEY_free(clnt_ecdh); 2499 if (clnt_ecdh != NULL)
2500 EC_KEY_free(clnt_ecdh);
2687 EVP_PKEY_free(srvr_pub_pkey); 2501 EVP_PKEY_free(srvr_pub_pkey);
2688 } 2502 }
2689#endif /* !OPENSSL_NO_ECDH */ 2503#endif /* !OPENSSL_NO_ECDH */
2690 else if (alg_k & SSL_kGOST) 2504 else if (alg_k & SSL_kGOST) {
2691 {
2692 /* GOST key exchange message creation */ 2505 /* GOST key exchange message creation */
2693 EVP_PKEY_CTX *pkey_ctx; 2506 EVP_PKEY_CTX *pkey_ctx;
2694 X509 *peer_cert; 2507 X509 *peer_cert;
2508
2695 size_t msglen; 2509 size_t msglen;
2696 unsigned int md_len; 2510 unsigned int md_len;
2697 int keytype; 2511 int keytype;
2698 unsigned char premaster_secret[32],shared_ukm[32], tmp[256]; 2512 unsigned char premaster_secret[32], shared_ukm[32], tmp[256];
2699 EVP_MD_CTX *ukm_hash; 2513 EVP_MD_CTX *ukm_hash;
2700 EVP_PKEY *pub_key; 2514 EVP_PKEY *pub_key;
2701 2515
2702 /* Get server sertificate PKEY and create ctx from it */ 2516 /* Get server sertificate PKEY and create ctx from it */
2703 peer_cert=s->session->sess_cert->peer_pkeys[(keytype=SSL_PKEY_GOST01)].x509; 2517 peer_cert = s->session->sess_cert->peer_pkeys[(keytype = SSL_PKEY_GOST01)].x509;
2704 if (!peer_cert) 2518 if (!peer_cert)
2705 peer_cert=s->session->sess_cert->peer_pkeys[(keytype=SSL_PKEY_GOST94)].x509; 2519 peer_cert = s->session->sess_cert->peer_pkeys[(keytype = SSL_PKEY_GOST94)].x509;
2706 if (!peer_cert) { 2520 if (!peer_cert) {
2707 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER); 2521 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER);
2708 goto err; 2522 goto err;
2709 } 2523 }
2710 2524
2711 pkey_ctx=EVP_PKEY_CTX_new(pub_key=X509_get_pubkey(peer_cert),NULL); 2525 pkey_ctx = EVP_PKEY_CTX_new(pub_key = X509_get_pubkey(peer_cert), NULL);
2712 /* If we have send a certificate, and certificate key 2526 /* If we have send a certificate, and certificate key
2713 2527
2714 * parameters match those of server certificate, use 2528 * parameters match those of server certificate, use
2715 * certificate key for key exchange 2529 * certificate key for key exchange
2716 */ 2530 */
2717 2531
2718 /* Otherwise, generate ephemeral key pair */ 2532 /* Otherwise, generate ephemeral key pair */
2719 2533
2720 EVP_PKEY_encrypt_init(pkey_ctx); 2534 EVP_PKEY_encrypt_init(pkey_ctx);
2721 /* Generate session key */ 2535 /* Generate session key */
2722 RAND_bytes(premaster_secret,32); 2536 RAND_bytes(premaster_secret, 32);
2723 /* If we have client certificate, use its secret as peer key */ 2537 /* If we have client certificate, use its secret as peer key */
2724 if (s->s3->tmp.cert_req && s->cert->key->privatekey) { 2538 if (s->s3->tmp.cert_req && s->cert->key->privatekey) {
2725 if (EVP_PKEY_derive_set_peer(pkey_ctx,s->cert->key->privatekey) <=0) { 2539 if (EVP_PKEY_derive_set_peer(pkey_ctx, s->cert->key->privatekey) <=0) {
2726 /* If there was an error - just ignore it. Ephemeral key 2540 /* If there was an error - just ignore it. Ephemeral key
2727 * would be used 2541 * would be used
2728 */ 2542 */
2729 ERR_clear_error(); 2543 ERR_clear_error();
2730 } 2544 }
2731 } 2545 }
2732 /* Compute shared IV and store it in algorithm-specific 2546 /* Compute shared IV and store it in algorithm-specific
2733 * context data */ 2547 * context data */
2734 ukm_hash = EVP_MD_CTX_create(); 2548 ukm_hash = EVP_MD_CTX_create();
2735 EVP_DigestInit(ukm_hash,EVP_get_digestbynid(NID_id_GostR3411_94)); 2549 EVP_DigestInit(ukm_hash, EVP_get_digestbynid(NID_id_GostR3411_94));
2736 EVP_DigestUpdate(ukm_hash,s->s3->client_random,SSL3_RANDOM_SIZE); 2550 EVP_DigestUpdate(ukm_hash, s->s3->client_random, SSL3_RANDOM_SIZE);
2737 EVP_DigestUpdate(ukm_hash,s->s3->server_random,SSL3_RANDOM_SIZE); 2551 EVP_DigestUpdate(ukm_hash, s->s3->server_random, SSL3_RANDOM_SIZE);
2738 EVP_DigestFinal_ex(ukm_hash, shared_ukm, &md_len); 2552 EVP_DigestFinal_ex(ukm_hash, shared_ukm, &md_len);
2739 EVP_MD_CTX_destroy(ukm_hash); 2553 EVP_MD_CTX_destroy(ukm_hash);
2740 if (EVP_PKEY_CTX_ctrl(pkey_ctx,-1,EVP_PKEY_OP_ENCRYPT,EVP_PKEY_CTRL_SET_IV, 2554 if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, EVP_PKEY_OP_ENCRYPT, EVP_PKEY_CTRL_SET_IV,
2741 8,shared_ukm)<0) { 2555 8, shared_ukm) < 0) {
2742 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, 2556 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2743 SSL_R_LIBRARY_BUG); 2557 SSL_R_LIBRARY_BUG);
2744 goto err; 2558 goto err;
2745 } 2559 }
2746 /* Make GOST keytransport blob message */ 2560 /* Make GOST keytransport blob message */
2747 /*Encapsulate it into sequence */ 2561 /*Encapsulate it into sequence */
2748 *(p++)=V_ASN1_SEQUENCE | V_ASN1_CONSTRUCTED; 2562 *(p++) = V_ASN1_SEQUENCE | V_ASN1_CONSTRUCTED;
2749 msglen=255; 2563 msglen = 255;
2750 if (EVP_PKEY_encrypt(pkey_ctx,tmp,&msglen,premaster_secret,32)<0) { 2564 if (EVP_PKEY_encrypt(pkey_ctx, tmp, &msglen, premaster_secret, 32) < 0) {
2751 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, 2565 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2752 SSL_R_LIBRARY_BUG); 2566 SSL_R_LIBRARY_BUG);
2753 goto err; 2567 goto err;
2754 } 2568 }
2755 if (msglen >= 0x80) 2569 if (msglen >= 0x80) {
2756 { 2570 *(p++) = 0x81;
2757 *(p++)=0x81; 2571 *(p++) = msglen & 0xff;
2758 *(p++)= msglen & 0xff; 2572 n = msglen + 3;
2759 n=msglen+3; 2573 } else {
2760 } 2574 *(p++) = msglen & 0xff;
2761 else 2575 n = msglen + 2;
2762 { 2576 }
2763 *(p++)= msglen & 0xff;
2764 n=msglen+2;
2765 }
2766 memcpy(p, tmp, msglen); 2577 memcpy(p, tmp, msglen);
2767 /* Check if pubkey from client certificate was used */ 2578 /* Check if pubkey from client certificate was used */
2768 if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 2, NULL) > 0) 2579 if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 2, NULL) > 0) {
2769 {
2770 /* Set flag "skip certificate verify" */ 2580 /* Set flag "skip certificate verify" */
2771 s->s3->flags |= TLS1_FLAGS_SKIP_CERT_VERIFY; 2581 s->s3->flags |= TLS1_FLAGS_SKIP_CERT_VERIFY;
2772 } 2582 }
2773 EVP_PKEY_CTX_free(pkey_ctx); 2583 EVP_PKEY_CTX_free(pkey_ctx);
2774 s->session->master_key_length= 2584 s->session->master_key_length =
2775 s->method->ssl3_enc->generate_master_secret(s, 2585 s->method->ssl3_enc->generate_master_secret(s,
2776 s->session->master_key,premaster_secret,32); 2586 s->session->master_key, premaster_secret, 32);
2777 EVP_PKEY_free(pub_key); 2587 EVP_PKEY_free(pub_key);
2778 2588
2779 } 2589 }
2780#ifndef OPENSSL_NO_SRP 2590#ifndef OPENSSL_NO_SRP
2781 else if (alg_k & SSL_kSRP) 2591 else if (alg_k & SSL_kSRP) {
2782 { 2592 if (s->srp_ctx.A != NULL) {
2783 if (s->srp_ctx.A != NULL)
2784 {
2785 /* send off the data */ 2593 /* send off the data */
2786 n=BN_num_bytes(s->srp_ctx.A); 2594 n = BN_num_bytes(s->srp_ctx.A);
2787 s2n(n,p); 2595 s2n(n, p);
2788 BN_bn2bin(s->srp_ctx.A,p); 2596 BN_bn2bin(s->srp_ctx.A, p);
2789 n+=2; 2597 n += 2;
2790 } 2598 } else {
2791 else 2599 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
2792 {
2793 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
2794 goto err; 2600 goto err;
2795 } 2601 }
2796 if (s->session->srp_username != NULL) 2602 if (s->session->srp_username != NULL)
2797 OPENSSL_free(s->session->srp_username); 2603 OPENSSL_free(s->session->srp_username);
2798 s->session->srp_username = BUF_strdup(s->srp_ctx.login); 2604 s->session->srp_username = BUF_strdup(s->srp_ctx.login);
2799 if (s->session->srp_username == NULL) 2605 if (s->session->srp_username == NULL) {
2800 {
2801 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, 2606 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2802 ERR_R_MALLOC_FAILURE); 2607 ERR_R_MALLOC_FAILURE);
2803 goto err; 2608 goto err;
2804 } 2609 }
2805 2610
2806 if ((s->session->master_key_length = SRP_generate_client_master_secret(s,s->session->master_key))<0) 2611 if ((s->session->master_key_length = SRP_generate_client_master_secret(s, s->session->master_key)) < 0) {
2807 { 2612 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
2808 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
2809 goto err; 2613 goto err;
2810 }
2811 } 2614 }
2615 }
2812#endif 2616#endif
2813#ifndef OPENSSL_NO_PSK 2617#ifndef OPENSSL_NO_PSK
2814 else if (alg_k & SSL_kPSK) 2618 else if (alg_k & SSL_kPSK) {
2815 {
2816 char identity[PSK_MAX_IDENTITY_LEN]; 2619 char identity[PSK_MAX_IDENTITY_LEN];
2817 unsigned char *t = NULL; 2620 unsigned char *t = NULL;
2818 unsigned char psk_or_pre_ms[PSK_MAX_PSK_LEN*2+4]; 2621 unsigned char psk_or_pre_ms[PSK_MAX_PSK_LEN*2 + 4];
2819 unsigned int pre_ms_len = 0, psk_len = 0; 2622 unsigned int pre_ms_len = 0, psk_len = 0;
2820 int psk_err = 1; 2623 int psk_err = 1;
2821 2624
2822 n = 0; 2625 n = 0;
2823 if (s->psk_client_callback == NULL) 2626 if (s->psk_client_callback == NULL) {
2824 {
2825 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, 2627 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2826 SSL_R_PSK_NO_CLIENT_CB); 2628 SSL_R_PSK_NO_CLIENT_CB);
2827 goto err; 2629 goto err;
2828 } 2630 }
2829 2631
2830 psk_len = s->psk_client_callback(s, s->ctx->psk_identity_hint, 2632 psk_len = s->psk_client_callback(s, s->ctx->psk_identity_hint,
2831 identity, PSK_MAX_IDENTITY_LEN, 2633 identity, PSK_MAX_IDENTITY_LEN,
2832 psk_or_pre_ms, sizeof(psk_or_pre_ms)); 2634 psk_or_pre_ms, sizeof(psk_or_pre_ms));
2833 if (psk_len > PSK_MAX_PSK_LEN) 2635 if (psk_len > PSK_MAX_PSK_LEN) {
2834 {
2835 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, 2636 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2836 ERR_R_INTERNAL_ERROR); 2637 ERR_R_INTERNAL_ERROR);
2837 goto psk_err; 2638 goto psk_err;
2838 } 2639 } else if (psk_len == 0) {
2839 else if (psk_len == 0)
2840 {
2841 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, 2640 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2842 SSL_R_PSK_IDENTITY_NOT_FOUND); 2641 SSL_R_PSK_IDENTITY_NOT_FOUND);
2843 goto psk_err; 2642 goto psk_err;
2844 } 2643 }
2845 2644
2846 /* create PSK pre_master_secret */ 2645 /* create PSK pre_master_secret */
2847 pre_ms_len = 2+psk_len+2+psk_len; 2646 pre_ms_len = 2 + psk_len + 2 + psk_len;
2848 t = psk_or_pre_ms; 2647 t = psk_or_pre_ms;
2849 memmove(psk_or_pre_ms+psk_len+4, psk_or_pre_ms, psk_len); 2648 memmove(psk_or_pre_ms + psk_len + 4, psk_or_pre_ms, psk_len);
2850 s2n(psk_len, t); 2649 s2n(psk_len, t);
2851 memset(t, 0, psk_len); 2650 memset(t, 0, psk_len);
2852 t+=psk_len; 2651 t += psk_len;
2853 s2n(psk_len, t); 2652 s2n(psk_len, t);
2854 2653
2855 if (s->session->psk_identity_hint != NULL) 2654 if (s->session->psk_identity_hint != NULL)
2856 OPENSSL_free(s->session->psk_identity_hint); 2655 OPENSSL_free(s->session->psk_identity_hint);
2857 s->session->psk_identity_hint = BUF_strdup(s->ctx->psk_identity_hint); 2656 s->session->psk_identity_hint = BUF_strdup(s->ctx->psk_identity_hint);
2858 if (s->ctx->psk_identity_hint != NULL && 2657 if (s->ctx->psk_identity_hint != NULL &&
2859 s->session->psk_identity_hint == NULL) 2658 s->session->psk_identity_hint == NULL) {
2860 {
2861 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, 2659 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2862 ERR_R_MALLOC_FAILURE); 2660 ERR_R_MALLOC_FAILURE);
2863 goto psk_err; 2661 goto psk_err;
2864 } 2662 }
2865 2663
2866 if (s->session->psk_identity != NULL) 2664 if (s->session->psk_identity != NULL)
2867 OPENSSL_free(s->session->psk_identity); 2665 OPENSSL_free(s->session->psk_identity);
2868 s->session->psk_identity = BUF_strdup(identity); 2666 s->session->psk_identity = BUF_strdup(identity);
2869 if (s->session->psk_identity == NULL) 2667 if (s->session->psk_identity == NULL) {
2870 {
2871 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, 2668 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2872 ERR_R_MALLOC_FAILURE); 2669 ERR_R_MALLOC_FAILURE);
2873 goto psk_err; 2670 goto psk_err;
2874 } 2671 }
2875 2672
2876 s->session->master_key_length = 2673 s->session->master_key_length =
2877 s->method->ssl3_enc->generate_master_secret(s, 2674 s->method->ssl3_enc->generate_master_secret(
2878 s->session->master_key, 2675 s, s->session->master_key, psk_or_pre_ms,
2879 psk_or_pre_ms, pre_ms_len); 2676 pre_ms_len);
2677
2880 n = strlen(identity); 2678 n = strlen(identity);
2881 s2n(n, p); 2679 s2n(n, p);
2882 memcpy(p, identity, n); 2680 memcpy(p, identity, n);
2883 n+=2; 2681 n += 2;
2884 psk_err = 0; 2682 psk_err = 0;
2885 psk_err: 2683 psk_err:
2886 OPENSSL_cleanse(identity, PSK_MAX_IDENTITY_LEN); 2684 OPENSSL_cleanse(identity, PSK_MAX_IDENTITY_LEN);
2887 OPENSSL_cleanse(psk_or_pre_ms, sizeof(psk_or_pre_ms)); 2685 OPENSSL_cleanse(psk_or_pre_ms, sizeof(psk_or_pre_ms));
2888 if (psk_err != 0) 2686 if (psk_err != 0) {
2889 {
2890 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); 2687 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
2891 goto err; 2688 goto err;
2892 }
2893 } 2689 }
2690 }
2894#endif 2691#endif
2895 else 2692 else {
2896 {
2897 ssl3_send_alert(s, SSL3_AL_FATAL, 2693 ssl3_send_alert(s, SSL3_AL_FATAL,
2898 SSL_AD_HANDSHAKE_FAILURE); 2694 SSL_AD_HANDSHAKE_FAILURE);
2899 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, 2695 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2900 ERR_R_INTERNAL_ERROR); 2696 ERR_R_INTERNAL_ERROR);
2901 goto err; 2697 goto err;
2902 } 2698 }
2903
2904 *(d++)=SSL3_MT_CLIENT_KEY_EXCHANGE;
2905 l2n3(n,d);
2906 2699
2907 s->state=SSL3_ST_CW_KEY_EXCH_B; 2700 *(d++) = SSL3_MT_CLIENT_KEY_EXCHANGE;
2701 l2n3(n, d);
2702
2703 s->state = SSL3_ST_CW_KEY_EXCH_B;
2908 /* number of bytes to write */ 2704 /* number of bytes to write */
2909 s->init_num=n+4; 2705 s->init_num = n + 4;
2910 s->init_off=0; 2706 s->init_off = 0;
2911 } 2707 }
2912 2708
2913 /* SSL3_ST_CW_KEY_EXCH_B */ 2709 /* SSL3_ST_CW_KEY_EXCH_B */
2914 return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); 2710 return (ssl3_do_write(s, SSL3_RT_HANDSHAKE));
2915err: 2711err:
2916#ifndef OPENSSL_NO_ECDH 2712#ifndef OPENSSL_NO_ECDH
2917 BN_CTX_free(bn_ctx); 2713 BN_CTX_free(bn_ctx);
2918 if (encodedPoint != NULL) OPENSSL_free(encodedPoint); 2714 if (encodedPoint != NULL)
2919 if (clnt_ecdh != NULL) 2715 OPENSSL_free(encodedPoint);
2716 if (clnt_ecdh != NULL)
2920 EC_KEY_free(clnt_ecdh); 2717 EC_KEY_free(clnt_ecdh);
2921 EVP_PKEY_free(srvr_pub_pkey); 2718 EVP_PKEY_free(srvr_pub_pkey);
2922#endif 2719#endif
2923 return(-1); 2720 return (-1);
2924 } 2721}
2925 2722
2926int ssl3_send_client_verify(SSL *s) 2723int
2927 { 2724ssl3_send_client_verify(SSL *s)
2928 unsigned char *p,*d; 2725{
2929 unsigned char data[MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH]; 2726 unsigned char *p, *d;
2727 unsigned char data[MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH];
2930 EVP_PKEY *pkey; 2728 EVP_PKEY *pkey;
2931 EVP_PKEY_CTX *pctx=NULL; 2729 EVP_PKEY_CTX *pctx = NULL;
2932 EVP_MD_CTX mctx; 2730 EVP_MD_CTX mctx;
2933 unsigned u=0; 2731 unsigned u = 0;
2934 unsigned long n; 2732 unsigned long n;
2935 int j; 2733 int j;
2936 2734
2937 EVP_MD_CTX_init(&mctx); 2735 EVP_MD_CTX_init(&mctx);
2938 2736
2939 if (s->state == SSL3_ST_CW_CERT_VRFY_A) 2737 if (s->state == SSL3_ST_CW_CERT_VRFY_A) {
2940 { 2738 d = (unsigned char *)s->init_buf->data;
2941 d=(unsigned char *)s->init_buf->data; 2739 p = &(d[4]);
2942 p= &(d[4]); 2740 pkey = s->cert->key->privatekey;
2943 pkey=s->cert->key->privatekey;
2944/* Create context from key and test if sha1 is allowed as digest */ 2741/* Create context from key and test if sha1 is allowed as digest */
2945 pctx = EVP_PKEY_CTX_new(pkey,NULL); 2742 pctx = EVP_PKEY_CTX_new(pkey, NULL);
2946 EVP_PKEY_sign_init(pctx); 2743 EVP_PKEY_sign_init(pctx);
2947 if (EVP_PKEY_CTX_set_signature_md(pctx, EVP_sha1())>0) 2744 if (EVP_PKEY_CTX_set_signature_md(pctx, EVP_sha1()) > 0) {
2948 {
2949 if (TLS1_get_version(s) < TLS1_2_VERSION) 2745 if (TLS1_get_version(s) < TLS1_2_VERSION)
2950 s->method->ssl3_enc->cert_verify_mac(s, 2746 s->method->ssl3_enc->cert_verify_mac(s,
2951 NID_sha1, 2747 NID_sha1,
2952 &(data[MD5_DIGEST_LENGTH])); 2748 &(data[MD5_DIGEST_LENGTH]));
2953 } 2749 } else {
2954 else
2955 {
2956 ERR_clear_error(); 2750 ERR_clear_error();
2957 } 2751 }
2958 /* For TLS v1.2 send signature algorithm and signature 2752 /* For TLS v1.2 send signature algorithm and signature
2959 * using agreed digest and cached handshake records. 2753 * using agreed digest and cached handshake records.
2960 */ 2754 */
2961 if (TLS1_get_version(s) >= TLS1_2_VERSION) 2755 if (TLS1_get_version(s) >= TLS1_2_VERSION) {
2962 {
2963 long hdatalen = 0; 2756 long hdatalen = 0;
2964 void *hdata; 2757 void *hdata;
2965 const EVP_MD *md = s->cert->key->digest; 2758 const EVP_MD *md = s->cert->key->digest;
2966 hdatalen = BIO_get_mem_data(s->s3->handshake_buffer, 2759 hdatalen = BIO_get_mem_data(s->s3->handshake_buffer,
2967 &hdata); 2760 &hdata);
2968 if (hdatalen <= 0 || !tls12_get_sigandhash(p, pkey, md)) 2761 if (hdatalen <= 0 || !tls12_get_sigandhash(p, pkey, md)) {
2969 {
2970 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, 2762 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,
2971 ERR_R_INTERNAL_ERROR); 2763 ERR_R_INTERNAL_ERROR);
2972 goto err; 2764 goto err;
2973 } 2765 }
2974 p += 2; 2766 p += 2;
2975#ifdef SSL_DEBUG 2767#ifdef SSL_DEBUG
2976 fprintf(stderr, "Using TLS 1.2 with client alg %s\n", 2768 fprintf(stderr, "Using TLS 1.2 with client alg %s\n",
2977 EVP_MD_name(md)); 2769 EVP_MD_name(md));
2978#endif 2770#endif
2979 if (!EVP_SignInit_ex(&mctx, md, NULL) 2771 if (!EVP_SignInit_ex(&mctx, md, NULL) ||
2980 || !EVP_SignUpdate(&mctx, hdata, hdatalen) 2772 !EVP_SignUpdate(&mctx, hdata, hdatalen) ||
2981 || !EVP_SignFinal(&mctx, p + 2, &u, pkey)) 2773 !EVP_SignFinal(&mctx, p + 2, &u, pkey)) {
2982 {
2983 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, 2774 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,
2984 ERR_R_EVP_LIB); 2775 ERR_R_EVP_LIB);
2985 goto err; 2776 goto err;
2986 } 2777 }
2987 s2n(u,p); 2778 s2n(u, p);
2988 n = u + 4; 2779 n = u + 4;
2989 if (!ssl3_digest_cached_records(s)) 2780 if (!ssl3_digest_cached_records(s))
2990 goto err; 2781 goto err;
2991 } 2782 } else
2992 else
2993#ifndef OPENSSL_NO_RSA 2783#ifndef OPENSSL_NO_RSA
2994 if (pkey->type == EVP_PKEY_RSA) 2784 if (pkey->type == EVP_PKEY_RSA) {
2995 { 2785 s->method->ssl3_enc->cert_verify_mac(
2996 s->method->ssl3_enc->cert_verify_mac(s, 2786 s, NID_md5, &(data[0]));
2997 NID_md5,
2998 &(data[0]));
2999 if (RSA_sign(NID_md5_sha1, data, 2787 if (RSA_sign(NID_md5_sha1, data,
3000 MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH, 2788 MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH, &(p[2]),
3001 &(p[2]), &u, pkey->pkey.rsa) <= 0 ) 2789 &u, pkey->pkey.rsa) <= 0 ) {
3002 { 2790 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, ERR_R_RSA_LIB);
3003 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,ERR_R_RSA_LIB);
3004 goto err; 2791 goto err;
3005 }
3006 s2n(u,p);
3007 n=u+2;
3008 } 2792 }
3009 else 2793 s2n(u, p);
2794 n = u + 2;
2795 } else
3010#endif 2796#endif
3011#ifndef OPENSSL_NO_DSA 2797#ifndef OPENSSL_NO_DSA
3012 if (pkey->type == EVP_PKEY_DSA) 2798 if (pkey->type == EVP_PKEY_DSA) {
3013 {
3014 if (!DSA_sign(pkey->save_type, 2799 if (!DSA_sign(pkey->save_type,
3015 &(data[MD5_DIGEST_LENGTH]), 2800 &(data[MD5_DIGEST_LENGTH]),
3016 SHA_DIGEST_LENGTH,&(p[2]), 2801 SHA_DIGEST_LENGTH, &(p[2]),
3017 (unsigned int *)&j,pkey->pkey.dsa)) 2802 (unsigned int *)&j, pkey->pkey.dsa)) {
3018 { 2803 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, ERR_R_DSA_LIB);
3019 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,ERR_R_DSA_LIB);
3020 goto err; 2804 goto err;
3021 }
3022 s2n(j,p);
3023 n=j+2;
3024 } 2805 }
3025 else 2806 s2n(j, p);
2807 n = j + 2;
2808 } else
3026#endif 2809#endif
3027#ifndef OPENSSL_NO_ECDSA 2810#ifndef OPENSSL_NO_ECDSA
3028 if (pkey->type == EVP_PKEY_EC) 2811 if (pkey->type == EVP_PKEY_EC) {
3029 {
3030 if (!ECDSA_sign(pkey->save_type, 2812 if (!ECDSA_sign(pkey->save_type,
3031 &(data[MD5_DIGEST_LENGTH]), 2813 &(data[MD5_DIGEST_LENGTH]),
3032 SHA_DIGEST_LENGTH,&(p[2]), 2814 SHA_DIGEST_LENGTH, &(p[2]),
3033 (unsigned int *)&j,pkey->pkey.ec)) 2815 (unsigned int *)&j, pkey->pkey.ec)) {
3034 {
3035 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, 2816 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,
3036 ERR_R_ECDSA_LIB); 2817 ERR_R_ECDSA_LIB);
3037 goto err; 2818 goto err;
3038 }
3039 s2n(j,p);
3040 n=j+2;
3041 } 2819 }
3042 else 2820 s2n(j, p);
2821 n = j + 2;
2822 } else
3043#endif 2823#endif
3044 if (pkey->type == NID_id_GostR3410_94 || pkey->type == NID_id_GostR3410_2001) 2824 if (pkey->type == NID_id_GostR3410_94 || pkey->type == NID_id_GostR3410_2001) {
3045 { 2825 unsigned char signbuf[64];
3046 unsigned char signbuf[64]; 2826 int i;
3047 int i; 2827 size_t sigsize = 64;
3048 size_t sigsize=64; 2828 s->method->ssl3_enc->cert_verify_mac(s,
3049 s->method->ssl3_enc->cert_verify_mac(s,
3050 NID_id_GostR3411_94, 2829 NID_id_GostR3411_94,
3051 data); 2830 data);
3052 if (EVP_PKEY_sign(pctx, signbuf, &sigsize, data, 32) <= 0) { 2831 if (EVP_PKEY_sign(pctx, signbuf, &sigsize, data, 32) <= 0) {
3053 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, 2832 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,
3054 ERR_R_INTERNAL_ERROR); 2833 ERR_R_INTERNAL_ERROR);
3055 goto err; 2834 goto err;
3056 } 2835 }
3057 for (i=63,j=0; i>=0; j++, i--) { 2836 for (i = 63, j = 0; i >= 0; j++, i--) {
3058 p[2+j]=signbuf[i]; 2837 p[2 + j] = signbuf[i];
3059 } 2838 }
3060 s2n(j,p); 2839 s2n(j, p);
3061 n=j+2; 2840 n = j + 2;
3062 } 2841 } else {
3063 else 2842 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, ERR_R_INTERNAL_ERROR);
3064 {
3065 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,ERR_R_INTERNAL_ERROR);
3066 goto err; 2843 goto err;
3067 } 2844 }
3068 *(d++)=SSL3_MT_CERTIFICATE_VERIFY; 2845 *(d++) = SSL3_MT_CERTIFICATE_VERIFY;
3069 l2n3(n,d); 2846 l2n3(n, d);
3070 2847
3071 s->state=SSL3_ST_CW_CERT_VRFY_B; 2848 s->state = SSL3_ST_CW_CERT_VRFY_B;
3072 s->init_num=(int)n+4; 2849 s->init_num = (int)n + 4;
3073 s->init_off=0; 2850 s->init_off = 0;
3074 } 2851 }
3075 EVP_MD_CTX_cleanup(&mctx); 2852 EVP_MD_CTX_cleanup(&mctx);
3076 EVP_PKEY_CTX_free(pctx); 2853 EVP_PKEY_CTX_free(pctx);
3077 return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); 2854 return (ssl3_do_write(s, SSL3_RT_HANDSHAKE));
3078err: 2855err:
3079 EVP_MD_CTX_cleanup(&mctx); 2856 EVP_MD_CTX_cleanup(&mctx);
3080 EVP_PKEY_CTX_free(pctx); 2857 EVP_PKEY_CTX_free(pctx);
3081 return(-1); 2858 return (-1);
3082 } 2859}
3083 2860
3084int ssl3_send_client_certificate(SSL *s) 2861int
3085 { 2862ssl3_send_client_certificate(SSL *s)
3086 X509 *x509=NULL; 2863{
3087 EVP_PKEY *pkey=NULL; 2864 X509 *x509 = NULL;
2865 EVP_PKEY *pkey = NULL;
3088 int i; 2866 int i;
3089 unsigned long l; 2867 unsigned long l;
3090 2868
3091 if (s->state == SSL3_ST_CW_CERT_A) 2869 if (s->state == SSL3_ST_CW_CERT_A) {
3092 { 2870 if ((s->cert == NULL) || (s->cert->key->x509 == NULL) ||
3093 if ((s->cert == NULL) || 2871 (s->cert->key->privatekey == NULL))
3094 (s->cert->key->x509 == NULL) || 2872 s->state = SSL3_ST_CW_CERT_B;
3095 (s->cert->key->privatekey == NULL))
3096 s->state=SSL3_ST_CW_CERT_B;
3097 else 2873 else
3098 s->state=SSL3_ST_CW_CERT_C; 2874 s->state = SSL3_ST_CW_CERT_C;
3099 } 2875 }
3100 2876
3101 /* We need to get a client cert */ 2877 /* We need to get a client cert */
3102 if (s->state == SSL3_ST_CW_CERT_B) 2878 if (s->state == SSL3_ST_CW_CERT_B) {
3103 {
3104 /* If we get an error, we need to 2879 /* If we get an error, we need to
3105 * ssl->rwstate=SSL_X509_LOOKUP; return(-1); 2880 * ssl->rwstate=SSL_X509_LOOKUP; return(-1);
3106 * We then get retied later */ 2881 * We then get retied later */
3107 i=0; 2882 i = 0;
3108 i = ssl_do_client_cert_cb(s, &x509, &pkey); 2883 i = ssl_do_client_cert_cb(s, &x509, &pkey);
3109 if (i < 0) 2884 if (i < 0) {
3110 { 2885 s->rwstate = SSL_X509_LOOKUP;
3111 s->rwstate=SSL_X509_LOOKUP; 2886 return (-1);
3112 return(-1); 2887 }
3113 } 2888 s->rwstate = SSL_NOTHING;
3114 s->rwstate=SSL_NOTHING; 2889 if ((i == 1) && (pkey != NULL) && (x509 != NULL)) {
3115 if ((i == 1) && (pkey != NULL) && (x509 != NULL)) 2890 s->state = SSL3_ST_CW_CERT_B;
3116 { 2891 if (!SSL_use_certificate(s, x509) ||
3117 s->state=SSL3_ST_CW_CERT_B; 2892 !SSL_use_PrivateKey(s, pkey))
3118 if ( !SSL_use_certificate(s,x509) || 2893 i = 0;
3119 !SSL_use_PrivateKey(s,pkey)) 2894 } else if (i == 1) {
3120 i=0; 2895 i = 0;
3121 } 2896 SSLerr(SSL_F_SSL3_SEND_CLIENT_CERTIFICATE, SSL_R_BAD_DATA_RETURNED_BY_CALLBACK);
3122 else if (i == 1) 2897 }
3123 { 2898
3124 i=0; 2899 if (x509 != NULL)
3125 SSLerr(SSL_F_SSL3_SEND_CLIENT_CERTIFICATE,SSL_R_BAD_DATA_RETURNED_BY_CALLBACK); 2900 X509_free(x509);
3126 } 2901 if (pkey != NULL)
3127 2902 EVP_PKEY_free(pkey);
3128 if (x509 != NULL) X509_free(x509); 2903 if (i == 0) {
3129 if (pkey != NULL) EVP_PKEY_free(pkey); 2904 if (s->version == SSL3_VERSION) {
3130 if (i == 0) 2905 s->s3->tmp.cert_req = 0;
3131 { 2906 ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_NO_CERTIFICATE);
3132 if (s->version == SSL3_VERSION) 2907 return (1);
3133 { 2908 } else {
3134 s->s3->tmp.cert_req=0; 2909 s->s3->tmp.cert_req = 2;
3135 ssl3_send_alert(s,SSL3_AL_WARNING,SSL_AD_NO_CERTIFICATE);
3136 return(1);
3137 }
3138 else
3139 {
3140 s->s3->tmp.cert_req=2;
3141 }
3142 } 2910 }
2911 }
3143 2912
3144 /* Ok, we have a cert */ 2913 /* Ok, we have a cert */
3145 s->state=SSL3_ST_CW_CERT_C; 2914 s->state = SSL3_ST_CW_CERT_C;
3146 } 2915 }
3147 2916
3148 if (s->state == SSL3_ST_CW_CERT_C) 2917 if (s->state == SSL3_ST_CW_CERT_C) {
3149 { 2918 s->state = SSL3_ST_CW_CERT_D;
3150 s->state=SSL3_ST_CW_CERT_D; 2919 l = ssl3_output_cert_chain(s,
3151 l=ssl3_output_cert_chain(s, 2920 (s->s3->tmp.cert_req == 2) ? NULL : s->cert->key->x509);
3152 (s->s3->tmp.cert_req == 2)?NULL:s->cert->key->x509); 2921 s->init_num = (int)l;
3153 s->init_num=(int)l; 2922 s->init_off = 0;
3154 s->init_off=0;
3155 }
3156 /* SSL3_ST_CW_CERT_D */
3157 return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
3158 } 2923 }
2924 /* SSL3_ST_CW_CERT_D */
2925 return (ssl3_do_write(s, SSL3_RT_HANDSHAKE));
2926}
3159 2927
3160#define has_bits(i,m) (((i)&(m)) == (m)) 2928#define has_bits(i,m) (((i)&(m)) == (m))
3161 2929
3162int ssl3_check_cert_and_algorithm(SSL *s) 2930int
3163 { 2931ssl3_check_cert_and_algorithm(SSL *s)
3164 int i,idx; 2932{
3165 long alg_k,alg_a; 2933 int i, idx;
3166 EVP_PKEY *pkey=NULL; 2934 long alg_k, alg_a;
2935 EVP_PKEY *pkey = NULL;
3167 SESS_CERT *sc; 2936 SESS_CERT *sc;
3168#ifndef OPENSSL_NO_RSA 2937#ifndef OPENSSL_NO_RSA
3169 RSA *rsa; 2938 RSA *rsa;
@@ -3172,138 +2941,120 @@ int ssl3_check_cert_and_algorithm(SSL *s)
3172 DH *dh; 2941 DH *dh;
3173#endif 2942#endif
3174 2943
3175 alg_k=s->s3->tmp.new_cipher->algorithm_mkey; 2944 alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
3176 alg_a=s->s3->tmp.new_cipher->algorithm_auth; 2945 alg_a = s->s3->tmp.new_cipher->algorithm_auth;
3177 2946
3178 /* we don't have a certificate */ 2947 /* we don't have a certificate */
3179 if ((alg_a & (SSL_aDH|SSL_aNULL|SSL_aKRB5)) || (alg_k & SSL_kPSK)) 2948 if ((alg_a & (SSL_aDH|SSL_aNULL|SSL_aKRB5)) || (alg_k & SSL_kPSK))
3180 return(1); 2949 return (1);
3181 2950
3182 sc=s->session->sess_cert; 2951 sc = s->session->sess_cert;
3183 if (sc == NULL) 2952 if (sc == NULL) {
3184 { 2953 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, ERR_R_INTERNAL_ERROR);
3185 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,ERR_R_INTERNAL_ERROR);
3186 goto err; 2954 goto err;
3187 } 2955 }
3188 2956
3189#ifndef OPENSSL_NO_RSA 2957#ifndef OPENSSL_NO_RSA
3190 rsa=s->session->sess_cert->peer_rsa_tmp; 2958 rsa = s->session->sess_cert->peer_rsa_tmp;
3191#endif 2959#endif
3192#ifndef OPENSSL_NO_DH 2960#ifndef OPENSSL_NO_DH
3193 dh=s->session->sess_cert->peer_dh_tmp; 2961 dh = s->session->sess_cert->peer_dh_tmp;
3194#endif 2962#endif
3195 2963
3196 /* This is the passed certificate */ 2964 /* This is the passed certificate */
3197 2965
3198 idx=sc->peer_cert_type; 2966 idx = sc->peer_cert_type;
3199#ifndef OPENSSL_NO_ECDH 2967#ifndef OPENSSL_NO_ECDH
3200 if (idx == SSL_PKEY_ECC) 2968 if (idx == SSL_PKEY_ECC) {
3201 {
3202 if (ssl_check_srvr_ecc_cert_and_alg(sc->peer_pkeys[idx].x509, 2969 if (ssl_check_srvr_ecc_cert_and_alg(sc->peer_pkeys[idx].x509,
3203 s) == 0) 2970 s) == 0)
3204 { /* check failed */ 2971 { /* check failed */
3205 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_BAD_ECC_CERT); 2972 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_BAD_ECC_CERT);
3206 goto f_err; 2973 goto f_err;
3207 } 2974 } else {
3208 else
3209 {
3210 return 1; 2975 return 1;
3211 }
3212 } 2976 }
2977 }
3213#endif 2978#endif
3214 pkey=X509_get_pubkey(sc->peer_pkeys[idx].x509); 2979 pkey = X509_get_pubkey(sc->peer_pkeys[idx].x509);
3215 i=X509_certificate_type(sc->peer_pkeys[idx].x509,pkey); 2980 i = X509_certificate_type(sc->peer_pkeys[idx].x509, pkey);
3216 EVP_PKEY_free(pkey); 2981 EVP_PKEY_free(pkey);
3217 2982
3218 2983
3219 /* Check that we have a certificate if we require one */ 2984 /* Check that we have a certificate if we require one */
3220 if ((alg_a & SSL_aRSA) && !has_bits(i,EVP_PK_RSA|EVP_PKT_SIGN)) 2985 if ((alg_a & SSL_aRSA) && !has_bits(i, EVP_PK_RSA|EVP_PKT_SIGN)) {
3221 { 2986 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_MISSING_RSA_SIGNING_CERT);
3222 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_RSA_SIGNING_CERT);
3223 goto f_err; 2987 goto f_err;
3224 } 2988 }
3225#ifndef OPENSSL_NO_DSA 2989#ifndef OPENSSL_NO_DSA
3226 else if ((alg_a & SSL_aDSS) && !has_bits(i,EVP_PK_DSA|EVP_PKT_SIGN)) 2990 else if ((alg_a & SSL_aDSS) && !has_bits(i, EVP_PK_DSA|EVP_PKT_SIGN)) {
3227 { 2991 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_MISSING_DSA_SIGNING_CERT);
3228 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DSA_SIGNING_CERT);
3229 goto f_err; 2992 goto f_err;
3230 } 2993 }
3231#endif 2994#endif
3232#ifndef OPENSSL_NO_RSA 2995#ifndef OPENSSL_NO_RSA
3233 if ((alg_k & SSL_kRSA) && 2996 if ((alg_k & SSL_kRSA) &&
3234 !(has_bits(i,EVP_PK_RSA|EVP_PKT_ENC) || (rsa != NULL))) 2997 !(has_bits(i, EVP_PK_RSA|EVP_PKT_ENC) || (rsa != NULL))) {
3235 { 2998 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_MISSING_RSA_ENCRYPTING_CERT);
3236 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_RSA_ENCRYPTING_CERT);
3237 goto f_err; 2999 goto f_err;
3238 } 3000 }
3239#endif 3001#endif
3240#ifndef OPENSSL_NO_DH 3002#ifndef OPENSSL_NO_DH
3241 if ((alg_k & SSL_kEDH) && 3003 if ((alg_k & SSL_kEDH) &&
3242 !(has_bits(i,EVP_PK_DH|EVP_PKT_EXCH) || (dh != NULL))) 3004 !(has_bits(i, EVP_PK_DH|EVP_PKT_EXCH) || (dh != NULL))) {
3243 { 3005 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_MISSING_DH_KEY);
3244 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_KEY);
3245 goto f_err; 3006 goto f_err;
3246 } 3007 } else if ((alg_k & SSL_kDHr) && !has_bits(i, EVP_PK_DH|EVP_PKS_RSA)) {
3247 else if ((alg_k & SSL_kDHr) && !has_bits(i,EVP_PK_DH|EVP_PKS_RSA)) 3008 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_MISSING_DH_RSA_CERT);
3248 {
3249 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_RSA_CERT);
3250 goto f_err; 3009 goto f_err;
3251 } 3010 }
3252#ifndef OPENSSL_NO_DSA 3011#ifndef OPENSSL_NO_DSA
3253 else if ((alg_k & SSL_kDHd) && !has_bits(i,EVP_PK_DH|EVP_PKS_DSA)) 3012 else if ((alg_k & SSL_kDHd) && !has_bits(i, EVP_PK_DH|EVP_PKS_DSA)) {
3254 { 3013 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_MISSING_DH_DSA_CERT);
3255 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_DSA_CERT);
3256 goto f_err; 3014 goto f_err;
3257 } 3015 }
3258#endif 3016#endif
3259#endif 3017#endif
3260 3018
3261 if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && !has_bits(i,EVP_PKT_EXP)) 3019 if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && !has_bits(i, EVP_PKT_EXP)) {
3262 {
3263#ifndef OPENSSL_NO_RSA 3020#ifndef OPENSSL_NO_RSA
3264 if (alg_k & SSL_kRSA) 3021 if (alg_k & SSL_kRSA) {
3265 { 3022 if (rsa == NULL ||
3266 if (rsa == NULL 3023 RSA_size(rsa) * 8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) {
3267 || RSA_size(rsa)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) 3024 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_MISSING_EXPORT_TMP_RSA_KEY);
3268 {
3269 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_EXPORT_TMP_RSA_KEY);
3270 goto f_err; 3025 goto f_err;
3271 }
3272 } 3026 }
3273 else 3027 } else
3274#endif 3028#endif
3275#ifndef OPENSSL_NO_DH 3029#ifndef OPENSSL_NO_DH
3276 if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) 3030 if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) {
3277 { 3031 if (dh == NULL ||
3278 if (dh == NULL 3032 DH_size(dh) * 8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) {
3279 || DH_size(dh)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) 3033 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_MISSING_EXPORT_TMP_DH_KEY);
3280 {
3281 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_EXPORT_TMP_DH_KEY);
3282 goto f_err; 3034 goto f_err;
3283 }
3284 } 3035 }
3285 else 3036 } else
3286#endif 3037#endif
3287 { 3038 {
3288 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE); 3039 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE);
3289 goto f_err; 3040 goto f_err;
3290 }
3291 } 3041 }
3292 return(1); 3042 }
3043 return (1);
3293f_err: 3044f_err:
3294 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE); 3045 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
3295err: 3046err:
3296 return(0); 3047 return (0);
3297 } 3048}
3298 3049
3299#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) 3050#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
3300int ssl3_send_next_proto(SSL *s) 3051int
3301 { 3052ssl3_send_next_proto(SSL *s)
3053{
3302 unsigned int len, padding_len; 3054 unsigned int len, padding_len;
3303 unsigned char *d; 3055 unsigned char *d;
3304 3056
3305 if (s->state == SSL3_ST_CW_NEXT_PROTO_A) 3057 if (s->state == SSL3_ST_CW_NEXT_PROTO_A) {
3306 {
3307 len = s->next_proto_negotiated_len; 3058 len = s->next_proto_negotiated_len;
3308 padding_len = 32 - ((len + 2) % 32); 3059 padding_len = 32 - ((len + 2) % 32);
3309 d = (unsigned char *)s->init_buf->data; 3060 d = (unsigned char *)s->init_buf->data;
@@ -3311,12 +3062,12 @@ int ssl3_send_next_proto(SSL *s)
3311 memcpy(d + 5, s->next_proto_negotiated, len); 3062 memcpy(d + 5, s->next_proto_negotiated, len);
3312 d[5 + len] = padding_len; 3063 d[5 + len] = padding_len;
3313 memset(d + 6 + len, 0, padding_len); 3064 memset(d + 6 + len, 0, padding_len);
3314 *(d++)=SSL3_MT_NEXT_PROTO; 3065 *(d++) = SSL3_MT_NEXT_PROTO;
3315 l2n3(2 + len + padding_len, d); 3066 l2n3(2 + len + padding_len, d);
3316 s->state = SSL3_ST_CW_NEXT_PROTO_B; 3067 s->state = SSL3_ST_CW_NEXT_PROTO_B;
3317 s->init_num = 4 + 2 + len + padding_len; 3068 s->init_num = 4 + 2 + len + padding_len;
3318 s->init_off = 0; 3069 s->init_off = 0;
3319 } 3070 }
3320 3071
3321 return ssl3_do_write(s, SSL3_RT_HANDSHAKE); 3072 return ssl3_do_write(s, SSL3_RT_HANDSHAKE);
3322} 3073}
@@ -3328,8 +3079,9 @@ int ssl3_send_next_proto(SSL *s)
3328 */ 3079 */
3329 3080
3330#ifndef OPENSSL_NO_TLSEXT 3081#ifndef OPENSSL_NO_TLSEXT
3331int ssl3_check_finished(SSL *s) 3082int
3332 { 3083ssl3_check_finished(SSL *s)
3084{
3333 int ok; 3085 int ok;
3334 long n; 3086 long n;
3335 /* If we have no ticket it cannot be a resumed session. */ 3087 /* If we have no ticket it cannot be a resumed session. */
@@ -3337,36 +3089,33 @@ int ssl3_check_finished(SSL *s)
3337 return 1; 3089 return 1;
3338 /* this function is called when we really expect a Certificate 3090 /* this function is called when we really expect a Certificate
3339 * message, so permit appropriate message length */ 3091 * message, so permit appropriate message length */
3340 n=s->method->ssl_get_message(s, 3092 n = s->method->ssl_get_message(s, SSL3_ST_CR_CERT_A,
3341 SSL3_ST_CR_CERT_A, 3093 SSL3_ST_CR_CERT_B, -1, s->max_cert_list, &ok);
3342 SSL3_ST_CR_CERT_B, 3094 if (!ok)
3343 -1, 3095 return ((int)n);
3344 s->max_cert_list,
3345 &ok);
3346 if (!ok) return((int)n);
3347 s->s3->tmp.reuse_message = 1; 3096 s->s3->tmp.reuse_message = 1;
3348 if ((s->s3->tmp.message_type == SSL3_MT_FINISHED) 3097 if ((s->s3->tmp.message_type == SSL3_MT_FINISHED) ||
3349 || (s->s3->tmp.message_type == SSL3_MT_NEWSESSION_TICKET)) 3098 (s->s3->tmp.message_type == SSL3_MT_NEWSESSION_TICKET))
3350 return 2; 3099 return 2;
3351 3100
3352 return 1; 3101 return 1;
3353 } 3102}
3354#endif 3103#endif
3355 3104
3356int ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey) 3105int
3357 { 3106ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey)
3107{
3358 int i = 0; 3108 int i = 0;
3359#ifndef OPENSSL_NO_ENGINE 3109#ifndef OPENSSL_NO_ENGINE
3360 if (s->ctx->client_cert_engine) 3110 if (s->ctx->client_cert_engine) {
3361 {
3362 i = ENGINE_load_ssl_client_cert(s->ctx->client_cert_engine, s, 3111 i = ENGINE_load_ssl_client_cert(s->ctx->client_cert_engine, s,
3363 SSL_get_client_CA_list(s), 3112 SSL_get_client_CA_list(s),
3364 px509, ppkey, NULL, NULL, NULL); 3113 px509, ppkey, NULL, NULL, NULL);
3365 if (i != 0) 3114 if (i != 0)
3366 return i; 3115 return i;
3367 } 3116 }
3368#endif 3117#endif
3369 if (s->ctx->client_cert_cb) 3118 if (s->ctx->client_cert_cb)
3370 i = s->ctx->client_cert_cb(s,px509,ppkey); 3119 i = s->ctx->client_cert_cb(s, px509, ppkey);
3371 return i; 3120 return i;
3372 } 3121}
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-11-02 12:49:37 +0000