summaryrefslogtreecommitdiff
path: root/src/lib/libssl/s3_clnt.c
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--src/lib/libssl/s3_clnt.c624
1 files changed, 462 insertions, 162 deletions
diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c
index 50308487aa..41769febab 100644
--- a/src/lib/libssl/s3_clnt.c
+++ b/src/lib/libssl/s3_clnt.c
@@ -56,7 +56,7 @@
56 * [including the GNU Public Licence.] 56 * [including the GNU Public Licence.]
57 */ 57 */
58/* ==================================================================== 58/* ====================================================================
59 * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved. 59 * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
60 * 60 *
61 * Redistribution and use in source and binary forms, with or without 61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions 62 * modification, are permitted provided that the following conditions
@@ -121,6 +121,32 @@
121 * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories. 121 * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
122 * 122 *
123 */ 123 */
124/* ====================================================================
125 * Copyright 2005 Nokia. All rights reserved.
126 *
127 * The portions of the attached software ("Contribution") is developed by
128 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
129 * license.
130 *
131 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
132 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
133 * support (see RFC 4279) to OpenSSL.
134 *
135 * No patent licenses or other rights except those expressly stated in
136 * the OpenSSL open source license shall be deemed granted or received
137 * expressly, by implication, estoppel, or otherwise.
138 *
139 * No assurances are provided by Nokia that the Contribution does not
140 * infringe the patent or other intellectual property rights of any third
141 * party or that the license provides you with all the necessary rights
142 * to make use of the Contribution.
143 *
144 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
145 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
146 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
147 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
148 * OTHERWISE.
149 */
124 150
125#include <stdio.h> 151#include <stdio.h>
126#include "ssl_locl.h" 152#include "ssl_locl.h"
@@ -130,10 +156,6 @@
130#include <openssl/objects.h> 156#include <openssl/objects.h>
131#include <openssl/evp.h> 157#include <openssl/evp.h>
132#include <openssl/md5.h> 158#include <openssl/md5.h>
133#ifdef OPENSSL_FIPS
134#include <openssl/fips.h>
135#endif
136
137#ifndef OPENSSL_NO_DH 159#ifndef OPENSSL_NO_DH
138#include <openssl/dh.h> 160#include <openssl/dh.h>
139#endif 161#endif
@@ -142,18 +164,10 @@
142#include <openssl/engine.h> 164#include <openssl/engine.h>
143#endif 165#endif
144 166
145static SSL_METHOD *ssl3_get_client_method(int ver); 167static const SSL_METHOD *ssl3_get_client_method(int ver);
146static int ca_dn_cmp(const X509_NAME * const *a,const X509_NAME * const *b); 168static int ca_dn_cmp(const X509_NAME * const *a,const X509_NAME * const *b);
147#ifndef OPENSSL_NO_TLSEXT
148static int ssl3_check_finished(SSL *s);
149#endif
150 169
151#ifndef OPENSSL_NO_ECDH 170static const SSL_METHOD *ssl3_get_client_method(int ver)
152static int curve_id2nid(int curve_id);
153int check_srvr_ecc_cert_and_alg(X509 *x, SSL_CIPHER *cs);
154#endif
155
156static SSL_METHOD *ssl3_get_client_method(int ver)
157 { 171 {
158 if (ver == SSL3_VERSION) 172 if (ver == SSL3_VERSION)
159 return(SSLv3_client_method()); 173 return(SSLv3_client_method());
@@ -169,8 +183,7 @@ IMPLEMENT_ssl3_meth_func(SSLv3_client_method,
169int ssl3_connect(SSL *s) 183int ssl3_connect(SSL *s)
170 { 184 {
171 BUF_MEM *buf=NULL; 185 BUF_MEM *buf=NULL;
172 unsigned long Time=(unsigned long)time(NULL),l; 186 unsigned long Time=(unsigned long)time(NULL);
173 long num1;
174 void (*cb)(const SSL *ssl,int type,int val)=NULL; 187 void (*cb)(const SSL *ssl,int type,int val)=NULL;
175 int ret= -1; 188 int ret= -1;
176 int new_state,state,skip=0; 189 int new_state,state,skip=0;
@@ -265,6 +278,7 @@ int ssl3_connect(SSL *s)
265 case SSL3_ST_CR_SRVR_HELLO_B: 278 case SSL3_ST_CR_SRVR_HELLO_B:
266 ret=ssl3_get_server_hello(s); 279 ret=ssl3_get_server_hello(s);
267 if (ret <= 0) goto end; 280 if (ret <= 0) goto end;
281
268 if (s->hit) 282 if (s->hit)
269 s->state=SSL3_ST_CR_FINISHED_A; 283 s->state=SSL3_ST_CR_FINISHED_A;
270 else 284 else
@@ -289,7 +303,9 @@ int ssl3_connect(SSL *s)
289 } 303 }
290#endif 304#endif
291 /* Check if it is anon DH/ECDH */ 305 /* Check if it is anon DH/ECDH */
292 if (!(s->s3->tmp.new_cipher->algorithms & SSL_aNULL)) 306 /* or PSK */
307 if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) &&
308 !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK))
293 { 309 {
294 ret=ssl3_get_server_certificate(s); 310 ret=ssl3_get_server_certificate(s);
295 if (ret <= 0) goto end; 311 if (ret <= 0) goto end;
@@ -364,7 +380,6 @@ int ssl3_connect(SSL *s)
364 case SSL3_ST_CW_KEY_EXCH_B: 380 case SSL3_ST_CW_KEY_EXCH_B:
365 ret=ssl3_send_client_key_exchange(s); 381 ret=ssl3_send_client_key_exchange(s);
366 if (ret <= 0) goto end; 382 if (ret <= 0) goto end;
367 l=s->s3->tmp.new_cipher->algorithms;
368 /* EAY EAY EAY need to check for DH fix cert 383 /* EAY EAY EAY need to check for DH fix cert
369 * sent back */ 384 * sent back */
370 /* For TLS, cert_req is set to 2, so a cert chain 385 /* For TLS, cert_req is set to 2, so a cert chain
@@ -385,6 +400,11 @@ int ssl3_connect(SSL *s)
385 s->state=SSL3_ST_CW_CHANGE_A; 400 s->state=SSL3_ST_CW_CHANGE_A;
386 s->s3->change_cipher_spec=0; 401 s->s3->change_cipher_spec=0;
387 } 402 }
403 if (s->s3->flags & TLS1_FLAGS_SKIP_CERT_VERIFY)
404 {
405 s->state=SSL3_ST_CW_CHANGE_A;
406 s->s3->change_cipher_spec=0;
407 }
388 408
389 s->init_num=0; 409 s->init_num=0;
390 break; 410 break;
@@ -499,16 +519,13 @@ int ssl3_connect(SSL *s)
499 break; 519 break;
500 520
501 case SSL3_ST_CW_FLUSH: 521 case SSL3_ST_CW_FLUSH:
502 /* number of bytes to be flushed */ 522 s->rwstate=SSL_WRITING;
503 num1=BIO_ctrl(s->wbio,BIO_CTRL_INFO,0,NULL); 523 if (BIO_flush(s->wbio) <= 0)
504 if (num1 > 0)
505 { 524 {
506 s->rwstate=SSL_WRITING; 525 ret= -1;
507 num1=BIO_flush(s->wbio); 526 goto end;
508 if (num1 <= 0) { ret= -1; goto end; }
509 s->rwstate=SSL_NOTHING;
510 } 527 }
511 528 s->rwstate=SSL_NOTHING;
512 s->state=s->s3->tmp.next_state; 529 s->state=s->s3->tmp.next_state;
513 break; 530 break;
514 531
@@ -594,9 +611,15 @@ int ssl3_client_hello(SSL *s)
594 buf=(unsigned char *)s->init_buf->data; 611 buf=(unsigned char *)s->init_buf->data;
595 if (s->state == SSL3_ST_CW_CLNT_HELLO_A) 612 if (s->state == SSL3_ST_CW_CLNT_HELLO_A)
596 { 613 {
597 if ((s->session == NULL) || 614 SSL_SESSION *sess = s->session;
598 (s->session->ssl_version != s->version) || 615 if ((sess == NULL) ||
599 (s->session->not_resumable)) 616 (sess->ssl_version != s->version) ||
617#ifdef OPENSSL_NO_TLSEXT
618 !sess->session_id_length ||
619#else
620 (!sess->session_id_length && !sess->tlsext_tick) ||
621#endif
622 (sess->not_resumable))
600 { 623 {
601 if (!ssl_get_new_session(s,0)) 624 if (!ssl_get_new_session(s,0))
602 goto err; 625 goto err;
@@ -651,7 +674,9 @@ int ssl3_client_hello(SSL *s)
651#ifdef OPENSSL_NO_COMP 674#ifdef OPENSSL_NO_COMP
652 *(p++)=1; 675 *(p++)=1;
653#else 676#else
654 if (s->ctx->comp_methods == NULL) 677
678 if ((s->options & SSL_OP_NO_COMPRESSION)
679 || !s->ctx->comp_methods)
655 j=0; 680 j=0;
656 else 681 else
657 j=sk_SSL_COMP_num(s->ctx->comp_methods); 682 j=sk_SSL_COMP_num(s->ctx->comp_methods);
@@ -663,13 +688,21 @@ int ssl3_client_hello(SSL *s)
663 } 688 }
664#endif 689#endif
665 *(p++)=0; /* Add the NULL method */ 690 *(p++)=0; /* Add the NULL method */
691
666#ifndef OPENSSL_NO_TLSEXT 692#ifndef OPENSSL_NO_TLSEXT
693 /* TLS extensions*/
694 if (ssl_prepare_clienthello_tlsext(s) <= 0)
695 {
696 SSLerr(SSL_F_SSL3_CLIENT_HELLO,SSL_R_CLIENTHELLO_TLSEXT);
697 goto err;
698 }
667 if ((p = ssl_add_clienthello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) 699 if ((p = ssl_add_clienthello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL)
668 { 700 {
669 SSLerr(SSL_F_SSL3_CLIENT_HELLO,ERR_R_INTERNAL_ERROR); 701 SSLerr(SSL_F_SSL3_CLIENT_HELLO,ERR_R_INTERNAL_ERROR);
670 goto err; 702 goto err;
671 } 703 }
672#endif 704#endif
705
673 l=(p-d); 706 l=(p-d);
674 d=buf; 707 d=buf;
675 *(d++)=SSL3_MT_CLIENT_HELLO; 708 *(d++)=SSL3_MT_CLIENT_HELLO;
@@ -690,7 +723,7 @@ err:
690int ssl3_get_server_hello(SSL *s) 723int ssl3_get_server_hello(SSL *s)
691 { 724 {
692 STACK_OF(SSL_CIPHER) *sk; 725 STACK_OF(SSL_CIPHER) *sk;
693 SSL_CIPHER *c; 726 const SSL_CIPHER *c;
694 unsigned char *p,*d; 727 unsigned char *p,*d;
695 int i,al,ok; 728 int i,al,ok;
696 unsigned int j; 729 unsigned int j;
@@ -708,7 +741,7 @@ int ssl3_get_server_hello(SSL *s)
708 741
709 if (!ok) return((int)n); 742 if (!ok) return((int)n);
710 743
711 if ( SSL_version(s) == DTLS1_VERSION) 744 if ( SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER)
712 { 745 {
713 if ( s->s3->tmp.message_type == DTLS1_MT_HELLO_VERIFY_REQUEST) 746 if ( s->s3->tmp.message_type == DTLS1_MT_HELLO_VERIFY_REQUEST)
714 { 747 {
@@ -759,6 +792,23 @@ int ssl3_get_server_hello(SSL *s)
759 goto f_err; 792 goto f_err;
760 } 793 }
761 794
795#ifndef OPENSSL_NO_TLSEXT
796 /* check if we want to resume the session based on external pre-shared secret */
797 if (s->version >= TLS1_VERSION && s->tls_session_secret_cb)
798 {
799 SSL_CIPHER *pref_cipher=NULL;
800 s->session->master_key_length=sizeof(s->session->master_key);
801 if (s->tls_session_secret_cb(s, s->session->master_key,
802 &s->session->master_key_length,
803 NULL, &pref_cipher,
804 s->tls_session_secret_cb_arg))
805 {
806 s->session->cipher = pref_cipher ?
807 pref_cipher : ssl_get_cipher_by_char(s, p+j);
808 }
809 }
810#endif /* OPENSSL_NO_TLSEXT */
811
762 if (j != 0 && j == s->session->session_id_length 812 if (j != 0 && j == s->session->session_id_length
763 && memcmp(p,s->session->session_id,j) == 0) 813 && memcmp(p,s->session->session_id,j) == 0)
764 { 814 {
@@ -825,6 +875,8 @@ int ssl3_get_server_hello(SSL *s)
825 } 875 }
826 } 876 }
827 s->s3->tmp.new_cipher=c; 877 s->s3->tmp.new_cipher=c;
878 if (!ssl3_digest_cached_records(s))
879 goto f_err;
828 880
829 /* lets get the compression algorithm */ 881 /* lets get the compression algorithm */
830 /* COMPRESSION */ 882 /* COMPRESSION */
@@ -835,10 +887,31 @@ int ssl3_get_server_hello(SSL *s)
835 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM); 887 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
836 goto f_err; 888 goto f_err;
837 } 889 }
890 /* If compression is disabled we'd better not try to resume a session
891 * using compression.
892 */
893 if (s->session->compress_meth != 0)
894 {
895 al=SSL_AD_INTERNAL_ERROR;
896 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_INCONSISTENT_COMPRESSION);
897 goto f_err;
898 }
838#else 899#else
839 j= *(p++); 900 j= *(p++);
901 if (s->hit && j != s->session->compress_meth)
902 {
903 al=SSL_AD_ILLEGAL_PARAMETER;
904 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED);
905 goto f_err;
906 }
840 if (j == 0) 907 if (j == 0)
841 comp=NULL; 908 comp=NULL;
909 else if (s->options & SSL_OP_NO_COMPRESSION)
910 {
911 al=SSL_AD_ILLEGAL_PARAMETER;
912 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_COMPRESSION_DISABLED);
913 goto f_err;
914 }
842 else 915 else
843 comp=ssl3_comp_find(s->ctx->comp_methods,j); 916 comp=ssl3_comp_find(s->ctx->comp_methods,j);
844 917
@@ -853,9 +926,10 @@ int ssl3_get_server_hello(SSL *s)
853 s->s3->tmp.new_compression=comp; 926 s->s3->tmp.new_compression=comp;
854 } 927 }
855#endif 928#endif
929
856#ifndef OPENSSL_NO_TLSEXT 930#ifndef OPENSSL_NO_TLSEXT
857 /* TLS extensions*/ 931 /* TLS extensions*/
858 if (s->version > SSL3_VERSION) 932 if (s->version >= SSL3_VERSION)
859 { 933 {
860 if (!ssl_parse_serverhello_tlsext(s,&p,d,n, &al)) 934 if (!ssl_parse_serverhello_tlsext(s,&p,d,n, &al))
861 { 935 {
@@ -871,7 +945,6 @@ int ssl3_get_server_hello(SSL *s)
871 } 945 }
872#endif 946#endif
873 947
874
875 if (p != (d+n)) 948 if (p != (d+n))
876 { 949 {
877 /* wrong packet length */ 950 /* wrong packet length */
@@ -909,7 +982,7 @@ int ssl3_get_server_certificate(SSL *s)
909 if (!ok) return((int)n); 982 if (!ok) return((int)n);
910 983
911 if ((s->s3->tmp.message_type == SSL3_MT_SERVER_KEY_EXCHANGE) || 984 if ((s->s3->tmp.message_type == SSL3_MT_SERVER_KEY_EXCHANGE) ||
912 ((s->s3->tmp.new_cipher->algorithms & SSL_aKRB5) && 985 ((s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5) &&
913 (s->s3->tmp.message_type == SSL3_MT_SERVER_DONE))) 986 (s->s3->tmp.message_type == SSL3_MT_SERVER_DONE)))
914 { 987 {
915 s->s3->tmp.reuse_message=1; 988 s->s3->tmp.reuse_message=1;
@@ -974,10 +1047,10 @@ int ssl3_get_server_certificate(SSL *s)
974 i=ssl_verify_cert_chain(s,sk); 1047 i=ssl_verify_cert_chain(s,sk);
975 if ((s->verify_mode != SSL_VERIFY_NONE) && (i <= 0) 1048 if ((s->verify_mode != SSL_VERIFY_NONE) && (i <= 0)
976#ifndef OPENSSL_NO_KRB5 1049#ifndef OPENSSL_NO_KRB5
977 && (s->s3->tmp.new_cipher->algorithms & (SSL_MKEY_MASK|SSL_AUTH_MASK)) 1050 && !((s->s3->tmp.new_cipher->algorithm_mkey & SSL_kKRB5) &&
978 != (SSL_aKRB5|SSL_kKRB5) 1051 (s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5))
979#endif /* OPENSSL_NO_KRB5 */ 1052#endif /* OPENSSL_NO_KRB5 */
980 ) 1053 )
981 { 1054 {
982 al=ssl_verify_alarm_type(s->verify_result); 1055 al=ssl_verify_alarm_type(s->verify_result);
983 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_CERTIFICATE_VERIFY_FAILED); 1056 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_CERTIFICATE_VERIFY_FAILED);
@@ -1001,15 +1074,15 @@ int ssl3_get_server_certificate(SSL *s)
1001 pkey=X509_get_pubkey(x); 1074 pkey=X509_get_pubkey(x);
1002 1075
1003 /* VRS: allow null cert if auth == KRB5 */ 1076 /* VRS: allow null cert if auth == KRB5 */
1004 need_cert = ((s->s3->tmp.new_cipher->algorithms 1077 need_cert = ((s->s3->tmp.new_cipher->algorithm_mkey & SSL_kKRB5) &&
1005 & (SSL_MKEY_MASK|SSL_AUTH_MASK)) 1078 (s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5))
1006 == (SSL_aKRB5|SSL_kKRB5))? 0: 1; 1079 ? 0 : 1;
1007 1080
1008#ifdef KSSL_DEBUG 1081#ifdef KSSL_DEBUG
1009 printf("pkey,x = %p, %p\n", (void *)pkey,(void *)x); 1082 printf("pkey,x = %p, %p\n", pkey,x);
1010 printf("ssl_cert_type(x,pkey) = %d\n", ssl_cert_type(x,pkey)); 1083 printf("ssl_cert_type(x,pkey) = %d\n", ssl_cert_type(x,pkey));
1011 printf("cipher, alg, nc = %s, %lx, %d\n", s->s3->tmp.new_cipher->name, 1084 printf("cipher, alg, nc = %s, %lx, %lx, %d\n", s->s3->tmp.new_cipher->name,
1012 s->s3->tmp.new_cipher->algorithms, need_cert); 1085 s->s3->tmp.new_cipher->algorithm_mkey, s->s3->tmp.new_cipher->algorithm_auth, need_cert);
1013#endif /* KSSL_DEBUG */ 1086#endif /* KSSL_DEBUG */
1014 1087
1015 if (need_cert && ((pkey == NULL) || EVP_PKEY_missing_parameters(pkey))) 1088 if (need_cert && ((pkey == NULL) || EVP_PKEY_missing_parameters(pkey)))
@@ -1081,7 +1154,7 @@ int ssl3_get_key_exchange(SSL *s)
1081 EVP_MD_CTX md_ctx; 1154 EVP_MD_CTX md_ctx;
1082 unsigned char *param,*p; 1155 unsigned char *param,*p;
1083 int al,i,j,param_len,ok; 1156 int al,i,j,param_len,ok;
1084 long n,alg; 1157 long n,alg_k,alg_a;
1085 EVP_PKEY *pkey=NULL; 1158 EVP_PKEY *pkey=NULL;
1086#ifndef OPENSSL_NO_RSA 1159#ifndef OPENSSL_NO_RSA
1087 RSA *rsa=NULL; 1160 RSA *rsa=NULL;
@@ -1105,17 +1178,28 @@ int ssl3_get_key_exchange(SSL *s)
1105 -1, 1178 -1,
1106 s->max_cert_list, 1179 s->max_cert_list,
1107 &ok); 1180 &ok);
1108
1109 if (!ok) return((int)n); 1181 if (!ok) return((int)n);
1110 1182
1111 if (s->s3->tmp.message_type != SSL3_MT_SERVER_KEY_EXCHANGE) 1183 if (s->s3->tmp.message_type != SSL3_MT_SERVER_KEY_EXCHANGE)
1112 { 1184 {
1185#ifndef OPENSSL_NO_PSK
1186 /* In plain PSK ciphersuite, ServerKeyExchange can be
1187 omitted if no identity hint is sent. Set
1188 session->sess_cert anyway to avoid problems
1189 later.*/
1190 if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)
1191 {
1192 s->session->sess_cert=ssl_sess_cert_new();
1193 if (s->ctx->psk_identity_hint)
1194 OPENSSL_free(s->ctx->psk_identity_hint);
1195 s->ctx->psk_identity_hint = NULL;
1196 }
1197#endif
1113 s->s3->tmp.reuse_message=1; 1198 s->s3->tmp.reuse_message=1;
1114 return(1); 1199 return(1);
1115 } 1200 }
1116 1201
1117 param=p=(unsigned char *)s->init_msg; 1202 param=p=(unsigned char *)s->init_msg;
1118
1119 if (s->session->sess_cert != NULL) 1203 if (s->session->sess_cert != NULL)
1120 { 1204 {
1121#ifndef OPENSSL_NO_RSA 1205#ifndef OPENSSL_NO_RSA
@@ -1146,11 +1230,57 @@ int ssl3_get_key_exchange(SSL *s)
1146 } 1230 }
1147 1231
1148 param_len=0; 1232 param_len=0;
1149 alg=s->s3->tmp.new_cipher->algorithms; 1233 alg_k=s->s3->tmp.new_cipher->algorithm_mkey;
1234 alg_a=s->s3->tmp.new_cipher->algorithm_auth;
1150 EVP_MD_CTX_init(&md_ctx); 1235 EVP_MD_CTX_init(&md_ctx);
1151 1236
1237#ifndef OPENSSL_NO_PSK
1238 if (alg_k & SSL_kPSK)
1239 {
1240 char tmp_id_hint[PSK_MAX_IDENTITY_LEN+1];
1241
1242 al=SSL_AD_HANDSHAKE_FAILURE;
1243 n2s(p,i);
1244 param_len=i+2;
1245 /* Store PSK identity hint for later use, hint is used
1246 * in ssl3_send_client_key_exchange. Assume that the
1247 * maximum length of a PSK identity hint can be as
1248 * long as the maximum length of a PSK identity. */
1249 if (i > PSK_MAX_IDENTITY_LEN)
1250 {
1251 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1252 SSL_R_DATA_LENGTH_TOO_LONG);
1253 goto f_err;
1254 }
1255 if (param_len > n)
1256 {
1257 al=SSL_AD_DECODE_ERROR;
1258 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1259 SSL_R_BAD_PSK_IDENTITY_HINT_LENGTH);
1260 goto f_err;
1261 }
1262 /* If received PSK identity hint contains NULL
1263 * characters, the hint is truncated from the first
1264 * NULL. p may not be ending with NULL, so create a
1265 * NULL-terminated string. */
1266 memcpy(tmp_id_hint, p, i);
1267 memset(tmp_id_hint+i, 0, PSK_MAX_IDENTITY_LEN+1-i);
1268 if (s->ctx->psk_identity_hint != NULL)
1269 OPENSSL_free(s->ctx->psk_identity_hint);
1270 s->ctx->psk_identity_hint = BUF_strdup(tmp_id_hint);
1271 if (s->ctx->psk_identity_hint == NULL)
1272 {
1273 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
1274 goto f_err;
1275 }
1276
1277 p+=i;
1278 n-=param_len;
1279 }
1280 else
1281#endif /* !OPENSSL_NO_PSK */
1152#ifndef OPENSSL_NO_RSA 1282#ifndef OPENSSL_NO_RSA
1153 if (alg & SSL_kRSA) 1283 if (alg_k & SSL_kRSA)
1154 { 1284 {
1155 if ((rsa=RSA_new()) == NULL) 1285 if ((rsa=RSA_new()) == NULL)
1156 { 1286 {
@@ -1189,7 +1319,7 @@ int ssl3_get_key_exchange(SSL *s)
1189 n-=param_len; 1319 n-=param_len;
1190 1320
1191 /* this should be because we are using an export cipher */ 1321 /* this should be because we are using an export cipher */
1192 if (alg & SSL_aRSA) 1322 if (alg_a & SSL_aRSA)
1193 pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509); 1323 pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
1194 else 1324 else
1195 { 1325 {
@@ -1204,7 +1334,7 @@ int ssl3_get_key_exchange(SSL *s)
1204 ; 1334 ;
1205#endif 1335#endif
1206#ifndef OPENSSL_NO_DH 1336#ifndef OPENSSL_NO_DH
1207 else if (alg & SSL_kEDH) 1337 else if (alg_k & SSL_kEDH)
1208 { 1338 {
1209 if ((dh=DH_new()) == NULL) 1339 if ((dh=DH_new()) == NULL)
1210 { 1340 {
@@ -1258,14 +1388,14 @@ int ssl3_get_key_exchange(SSL *s)
1258 n-=param_len; 1388 n-=param_len;
1259 1389
1260#ifndef OPENSSL_NO_RSA 1390#ifndef OPENSSL_NO_RSA
1261 if (alg & SSL_aRSA) 1391 if (alg_a & SSL_aRSA)
1262 pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509); 1392 pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
1263#else 1393#else
1264 if (0) 1394 if (0)
1265 ; 1395 ;
1266#endif 1396#endif
1267#ifndef OPENSSL_NO_DSA 1397#ifndef OPENSSL_NO_DSA
1268 else if (alg & SSL_aDSS) 1398 else if (alg_a & SSL_aDSS)
1269 pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_DSA_SIGN].x509); 1399 pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_DSA_SIGN].x509);
1270#endif 1400#endif
1271 /* else anonymous DH, so no certificate or pkey. */ 1401 /* else anonymous DH, so no certificate or pkey. */
@@ -1273,7 +1403,7 @@ int ssl3_get_key_exchange(SSL *s)
1273 s->session->sess_cert->peer_dh_tmp=dh; 1403 s->session->sess_cert->peer_dh_tmp=dh;
1274 dh=NULL; 1404 dh=NULL;
1275 } 1405 }
1276 else if ((alg & SSL_kDHr) || (alg & SSL_kDHd)) 1406 else if ((alg_k & SSL_kDHr) || (alg_k & SSL_kDHd))
1277 { 1407 {
1278 al=SSL_AD_ILLEGAL_PARAMETER; 1408 al=SSL_AD_ILLEGAL_PARAMETER;
1279 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER); 1409 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER);
@@ -1282,7 +1412,7 @@ int ssl3_get_key_exchange(SSL *s)
1282#endif /* !OPENSSL_NO_DH */ 1412#endif /* !OPENSSL_NO_DH */
1283 1413
1284#ifndef OPENSSL_NO_ECDH 1414#ifndef OPENSSL_NO_ECDH
1285 else if (alg & SSL_kECDHE) 1415 else if (alg_k & SSL_kEECDH)
1286 { 1416 {
1287 EC_GROUP *ngroup; 1417 EC_GROUP *ngroup;
1288 const EC_GROUP *group; 1418 const EC_GROUP *group;
@@ -1305,7 +1435,7 @@ int ssl3_get_key_exchange(SSL *s)
1305 param_len=3; 1435 param_len=3;
1306 if ((param_len > n) || 1436 if ((param_len > n) ||
1307 (*p != NAMED_CURVE_TYPE) || 1437 (*p != NAMED_CURVE_TYPE) ||
1308 ((curve_nid = curve_id2nid(*(p + 2))) == 0)) 1438 ((curve_nid = tls1_ec_curve_id2nid(*(p + 2))) == 0))
1309 { 1439 {
1310 al=SSL_AD_INTERNAL_ERROR; 1440 al=SSL_AD_INTERNAL_ERROR;
1311 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS); 1441 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS);
@@ -1366,11 +1496,11 @@ int ssl3_get_key_exchange(SSL *s)
1366 */ 1496 */
1367 if (0) ; 1497 if (0) ;
1368#ifndef OPENSSL_NO_RSA 1498#ifndef OPENSSL_NO_RSA
1369 else if (alg & SSL_aRSA) 1499 else if (alg_a & SSL_aRSA)
1370 pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509); 1500 pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
1371#endif 1501#endif
1372#ifndef OPENSSL_NO_ECDSA 1502#ifndef OPENSSL_NO_ECDSA
1373 else if (alg & SSL_aECDSA) 1503 else if (alg_a & SSL_aECDSA)
1374 pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_ECC].x509); 1504 pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_ECC].x509);
1375#endif 1505#endif
1376 /* else anonymous ECDH, so no certificate or pkey. */ 1506 /* else anonymous ECDH, so no certificate or pkey. */
@@ -1381,19 +1511,13 @@ int ssl3_get_key_exchange(SSL *s)
1381 EC_POINT_free(srvr_ecpoint); 1511 EC_POINT_free(srvr_ecpoint);
1382 srvr_ecpoint = NULL; 1512 srvr_ecpoint = NULL;
1383 } 1513 }
1384 else if (alg & SSL_kECDH) 1514 else if (alg_k)
1385 { 1515 {
1386 al=SSL_AD_UNEXPECTED_MESSAGE; 1516 al=SSL_AD_UNEXPECTED_MESSAGE;
1387 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE); 1517 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE);
1388 goto f_err; 1518 goto f_err;
1389 } 1519 }
1390#endif /* !OPENSSL_NO_ECDH */ 1520#endif /* !OPENSSL_NO_ECDH */
1391 if (alg & SSL_aFZA)
1392 {
1393 al=SSL_AD_HANDSHAKE_FAILURE;
1394 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER);
1395 goto f_err;
1396 }
1397 1521
1398 1522
1399 /* p points to the next byte, there are 'n' bytes left */ 1523 /* p points to the next byte, there are 'n' bytes left */
@@ -1422,8 +1546,6 @@ int ssl3_get_key_exchange(SSL *s)
1422 q=md_buf; 1546 q=md_buf;
1423 for (num=2; num > 0; num--) 1547 for (num=2; num > 0; num--)
1424 { 1548 {
1425 EVP_MD_CTX_set_flags(&md_ctx,
1426 EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
1427 EVP_DigestInit_ex(&md_ctx,(num == 2) 1549 EVP_DigestInit_ex(&md_ctx,(num == 2)
1428 ?s->ctx->md5:s->ctx->sha1, NULL); 1550 ?s->ctx->md5:s->ctx->sha1, NULL);
1429 EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); 1551 EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
@@ -1494,12 +1616,13 @@ int ssl3_get_key_exchange(SSL *s)
1494 } 1616 }
1495 else 1617 else
1496 { 1618 {
1497 /* still data left over */ 1619 if (!(alg_a & SSL_aNULL) && !(alg_k & SSL_kPSK))
1498 if (!(alg & SSL_aNULL)) 1620 /* aNULL or kPSK do not need public keys */
1499 { 1621 {
1500 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR); 1622 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
1501 goto err; 1623 goto err;
1502 } 1624 }
1625 /* still data left over */
1503 if (n != 0) 1626 if (n != 0)
1504 { 1627 {
1505 al=SSL_AD_DECODE_ERROR; 1628 al=SSL_AD_DECODE_ERROR;
@@ -1569,8 +1692,7 @@ int ssl3_get_certificate_request(SSL *s)
1569 /* TLS does not like anon-DH with client cert */ 1692 /* TLS does not like anon-DH with client cert */
1570 if (s->version > SSL3_VERSION) 1693 if (s->version > SSL3_VERSION)
1571 { 1694 {
1572 l=s->s3->tmp.new_cipher->algorithms; 1695 if (s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL)
1573 if (l & SSL_aNULL)
1574 { 1696 {
1575 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE); 1697 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE);
1576 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER); 1698 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER);
@@ -1715,6 +1837,7 @@ int ssl3_get_new_session_ticket(SSL *s)
1715 SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,SSL_R_LENGTH_MISMATCH); 1837 SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,SSL_R_LENGTH_MISMATCH);
1716 goto f_err; 1838 goto f_err;
1717 } 1839 }
1840
1718 p=d=(unsigned char *)s->init_msg; 1841 p=d=(unsigned char *)s->init_msg;
1719 n2l(p, s->session->tlsext_tick_lifetime_hint); 1842 n2l(p, s->session->tlsext_tick_lifetime_hint);
1720 n2s(p, ticklen); 1843 n2s(p, ticklen);
@@ -1738,7 +1861,28 @@ int ssl3_get_new_session_ticket(SSL *s)
1738 } 1861 }
1739 memcpy(s->session->tlsext_tick, p, ticklen); 1862 memcpy(s->session->tlsext_tick, p, ticklen);
1740 s->session->tlsext_ticklen = ticklen; 1863 s->session->tlsext_ticklen = ticklen;
1741 1864 /* There are two ways to detect a resumed ticket sesion.
1865 * One is to set an appropriate session ID and then the server
1866 * must return a match in ServerHello. This allows the normal
1867 * client session ID matching to work and we know much
1868 * earlier that the ticket has been accepted.
1869 *
1870 * The other way is to set zero length session ID when the
1871 * ticket is presented and rely on the handshake to determine
1872 * session resumption.
1873 *
1874 * We choose the former approach because this fits in with
1875 * assumptions elsewhere in OpenSSL. The session ID is set
1876 * to the SHA256 (or SHA1 is SHA256 is disabled) hash of the
1877 * ticket.
1878 */
1879 EVP_Digest(p, ticklen,
1880 s->session->session_id, &s->session->session_id_length,
1881#ifndef OPENSSL_NO_SHA256
1882 EVP_sha256(), NULL);
1883#else
1884 EVP_sha1(), NULL);
1885#endif
1742 ret=1; 1886 ret=1;
1743 return(ret); 1887 return(ret);
1744f_err: 1888f_err:
@@ -1750,8 +1894,7 @@ err:
1750int ssl3_get_cert_status(SSL *s) 1894int ssl3_get_cert_status(SSL *s)
1751 { 1895 {
1752 int ok, al; 1896 int ok, al;
1753 unsigned long resplen; 1897 unsigned long resplen,n;
1754 long n;
1755 const unsigned char *p; 1898 const unsigned char *p;
1756 1899
1757 n=s->method->ssl_get_message(s, 1900 n=s->method->ssl_get_message(s,
@@ -1777,7 +1920,7 @@ int ssl3_get_cert_status(SSL *s)
1777 goto f_err; 1920 goto f_err;
1778 } 1921 }
1779 n2l3(p, resplen); 1922 n2l3(p, resplen);
1780 if (resplen + 4 != (unsigned long)n) 1923 if (resplen + 4 != n)
1781 { 1924 {
1782 al = SSL_AD_DECODE_ERROR; 1925 al = SSL_AD_DECODE_ERROR;
1783 SSLerr(SSL_F_SSL3_GET_CERT_STATUS,SSL_R_LENGTH_MISMATCH); 1926 SSLerr(SSL_F_SSL3_GET_CERT_STATUS,SSL_R_LENGTH_MISMATCH);
@@ -1846,7 +1989,7 @@ int ssl3_send_client_key_exchange(SSL *s)
1846 { 1989 {
1847 unsigned char *p,*d; 1990 unsigned char *p,*d;
1848 int n; 1991 int n;
1849 unsigned long l; 1992 unsigned long alg_k;
1850#ifndef OPENSSL_NO_RSA 1993#ifndef OPENSSL_NO_RSA
1851 unsigned char *q; 1994 unsigned char *q;
1852 EVP_PKEY *pkey=NULL; 1995 EVP_PKEY *pkey=NULL;
@@ -1868,12 +2011,12 @@ int ssl3_send_client_key_exchange(SSL *s)
1868 d=(unsigned char *)s->init_buf->data; 2011 d=(unsigned char *)s->init_buf->data;
1869 p= &(d[4]); 2012 p= &(d[4]);
1870 2013
1871 l=s->s3->tmp.new_cipher->algorithms; 2014 alg_k=s->s3->tmp.new_cipher->algorithm_mkey;
1872 2015
1873 /* Fool emacs indentation */ 2016 /* Fool emacs indentation */
1874 if (0) {} 2017 if (0) {}
1875#ifndef OPENSSL_NO_RSA 2018#ifndef OPENSSL_NO_RSA
1876 else if (l & SSL_kRSA) 2019 else if (alg_k & SSL_kRSA)
1877 { 2020 {
1878 RSA *rsa; 2021 RSA *rsa;
1879 unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH]; 2022 unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
@@ -1932,7 +2075,7 @@ int ssl3_send_client_key_exchange(SSL *s)
1932 } 2075 }
1933#endif 2076#endif
1934#ifndef OPENSSL_NO_KRB5 2077#ifndef OPENSSL_NO_KRB5
1935 else if (l & SSL_kKRB5) 2078 else if (alg_k & SSL_kKRB5)
1936 { 2079 {
1937 krb5_error_code krb5rc; 2080 krb5_error_code krb5rc;
1938 KSSL_CTX *kssl_ctx = s->kssl_ctx; 2081 KSSL_CTX *kssl_ctx = s->kssl_ctx;
@@ -1940,7 +2083,7 @@ int ssl3_send_client_key_exchange(SSL *s)
1940 krb5_data *enc_ticket; 2083 krb5_data *enc_ticket;
1941 krb5_data authenticator, *authp = NULL; 2084 krb5_data authenticator, *authp = NULL;
1942 EVP_CIPHER_CTX ciph_ctx; 2085 EVP_CIPHER_CTX ciph_ctx;
1943 EVP_CIPHER *enc = NULL; 2086 const EVP_CIPHER *enc = NULL;
1944 unsigned char iv[EVP_MAX_IV_LENGTH]; 2087 unsigned char iv[EVP_MAX_IV_LENGTH];
1945 unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH]; 2088 unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
1946 unsigned char epms[SSL_MAX_MASTER_KEY_LENGTH 2089 unsigned char epms[SSL_MAX_MASTER_KEY_LENGTH
@@ -1951,7 +2094,7 @@ int ssl3_send_client_key_exchange(SSL *s)
1951 2094
1952#ifdef KSSL_DEBUG 2095#ifdef KSSL_DEBUG
1953 printf("ssl3_send_client_key_exchange(%lx & %lx)\n", 2096 printf("ssl3_send_client_key_exchange(%lx & %lx)\n",
1954 l, SSL_kKRB5); 2097 alg_k, SSL_kKRB5);
1955#endif /* KSSL_DEBUG */ 2098#endif /* KSSL_DEBUG */
1956 2099
1957 authp = NULL; 2100 authp = NULL;
@@ -2043,7 +2186,7 @@ int ssl3_send_client_key_exchange(SSL *s)
2043 sizeof tmp_buf); 2186 sizeof tmp_buf);
2044 EVP_EncryptFinal_ex(&ciph_ctx,&(epms[outl]),&padl); 2187 EVP_EncryptFinal_ex(&ciph_ctx,&(epms[outl]),&padl);
2045 outl += padl; 2188 outl += padl;
2046 if (outl > sizeof epms) 2189 if (outl > (int)sizeof epms)
2047 { 2190 {
2048 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); 2191 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
2049 goto err; 2192 goto err;
@@ -2057,7 +2200,7 @@ int ssl3_send_client_key_exchange(SSL *s)
2057 n+=outl + 2; 2200 n+=outl + 2;
2058 2201
2059 s->session->master_key_length= 2202 s->session->master_key_length=
2060 s->method->ssl3_enc->generate_master_secret(s, 2203 s->method->ssl3_enc->generate_master_secret(s,
2061 s->session->master_key, 2204 s->session->master_key,
2062 tmp_buf, sizeof tmp_buf); 2205 tmp_buf, sizeof tmp_buf);
2063 2206
@@ -2066,7 +2209,7 @@ int ssl3_send_client_key_exchange(SSL *s)
2066 } 2209 }
2067#endif 2210#endif
2068#ifndef OPENSSL_NO_DH 2211#ifndef OPENSSL_NO_DH
2069 else if (l & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) 2212 else if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
2070 { 2213 {
2071 DH *dh_srvr,*dh_clnt; 2214 DH *dh_srvr,*dh_clnt;
2072 2215
@@ -2075,7 +2218,7 @@ int ssl3_send_client_key_exchange(SSL *s)
2075 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE); 2218 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE);
2076 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE); 2219 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE);
2077 goto err; 2220 goto err;
2078 } 2221 }
2079 2222
2080 if (s->session->sess_cert->peer_dh_tmp != NULL) 2223 if (s->session->sess_cert->peer_dh_tmp != NULL)
2081 dh_srvr=s->session->sess_cert->peer_dh_tmp; 2224 dh_srvr=s->session->sess_cert->peer_dh_tmp;
@@ -2130,7 +2273,7 @@ int ssl3_send_client_key_exchange(SSL *s)
2130#endif 2273#endif
2131 2274
2132#ifndef OPENSSL_NO_ECDH 2275#ifndef OPENSSL_NO_ECDH
2133 else if ((l & SSL_kECDH) || (l & SSL_kECDHE)) 2276 else if (alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe))
2134 { 2277 {
2135 const EC_GROUP *srvr_group = NULL; 2278 const EC_GROUP *srvr_group = NULL;
2136 EC_KEY *tkey; 2279 EC_KEY *tkey;
@@ -2142,7 +2285,7 @@ int ssl3_send_client_key_exchange(SSL *s)
2142 * computation as part of client certificate? 2285 * computation as part of client certificate?
2143 * If so, set ecdh_clnt_cert to 1. 2286 * If so, set ecdh_clnt_cert to 1.
2144 */ 2287 */
2145 if ((l & SSL_kECDH) && (s->cert != NULL)) 2288 if ((alg_k & (SSL_kECDHr|SSL_kECDHe)) && (s->cert != NULL))
2146 { 2289 {
2147 /* XXX: For now, we do not support client 2290 /* XXX: For now, we do not support client
2148 * authentication using ECDH certificates. 2291 * authentication using ECDH certificates.
@@ -2314,6 +2457,178 @@ int ssl3_send_client_key_exchange(SSL *s)
2314 EVP_PKEY_free(srvr_pub_pkey); 2457 EVP_PKEY_free(srvr_pub_pkey);
2315 } 2458 }
2316#endif /* !OPENSSL_NO_ECDH */ 2459#endif /* !OPENSSL_NO_ECDH */
2460 else if (alg_k & SSL_kGOST)
2461 {
2462 /* GOST key exchange message creation */
2463 EVP_PKEY_CTX *pkey_ctx;
2464 X509 *peer_cert;
2465 size_t msglen;
2466 unsigned int md_len;
2467 int keytype;
2468 unsigned char premaster_secret[32],shared_ukm[32], tmp[256];
2469 EVP_MD_CTX *ukm_hash;
2470 EVP_PKEY *pub_key;
2471
2472 /* Get server sertificate PKEY and create ctx from it */
2473 peer_cert=s->session->sess_cert->peer_pkeys[(keytype=SSL_PKEY_GOST01)].x509;
2474 if (!peer_cert)
2475 peer_cert=s->session->sess_cert->peer_pkeys[(keytype=SSL_PKEY_GOST94)].x509;
2476 if (!peer_cert) {
2477 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER);
2478 goto err;
2479 }
2480
2481 pkey_ctx=EVP_PKEY_CTX_new(pub_key=X509_get_pubkey(peer_cert),NULL);
2482 /* If we have send a certificate, and certificate key
2483
2484 * parameters match those of server certificate, use
2485 * certificate key for key exchange
2486 */
2487
2488 /* Otherwise, generate ephemeral key pair */
2489
2490 EVP_PKEY_encrypt_init(pkey_ctx);
2491 /* Generate session key */
2492 RAND_bytes(premaster_secret,32);
2493 /* If we have client certificate, use its secret as peer key */
2494 if (s->s3->tmp.cert_req && s->cert->key->privatekey) {
2495 if (EVP_PKEY_derive_set_peer(pkey_ctx,s->cert->key->privatekey) <=0) {
2496 /* If there was an error - just ignore it. Ephemeral key
2497 * would be used
2498 */
2499 ERR_clear_error();
2500 }
2501 }
2502 /* Compute shared IV and store it in algorithm-specific
2503 * context data */
2504 ukm_hash = EVP_MD_CTX_create();
2505 EVP_DigestInit(ukm_hash,EVP_get_digestbynid(NID_id_GostR3411_94));
2506 EVP_DigestUpdate(ukm_hash,s->s3->client_random,SSL3_RANDOM_SIZE);
2507 EVP_DigestUpdate(ukm_hash,s->s3->server_random,SSL3_RANDOM_SIZE);
2508 EVP_DigestFinal_ex(ukm_hash, shared_ukm, &md_len);
2509 EVP_MD_CTX_destroy(ukm_hash);
2510 if (EVP_PKEY_CTX_ctrl(pkey_ctx,-1,EVP_PKEY_OP_ENCRYPT,EVP_PKEY_CTRL_SET_IV,
2511 8,shared_ukm)<0) {
2512 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2513 SSL_R_LIBRARY_BUG);
2514 goto err;
2515 }
2516 /* Make GOST keytransport blob message */
2517 /*Encapsulate it into sequence */
2518 *(p++)=V_ASN1_SEQUENCE | V_ASN1_CONSTRUCTED;
2519 msglen=255;
2520 if (EVP_PKEY_encrypt(pkey_ctx,tmp,&msglen,premaster_secret,32)<0) {
2521 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2522 SSL_R_LIBRARY_BUG);
2523 goto err;
2524 }
2525 if (msglen >= 0x80)
2526 {
2527 *(p++)=0x81;
2528 *(p++)= msglen & 0xff;
2529 n=msglen+3;
2530 }
2531 else
2532 {
2533 *(p++)= msglen & 0xff;
2534 n=msglen+2;
2535 }
2536 memcpy(p, tmp, msglen);
2537 /* Check if pubkey from client certificate was used */
2538 if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 2, NULL) > 0)
2539 {
2540 /* Set flag "skip certificate verify" */
2541 s->s3->flags |= TLS1_FLAGS_SKIP_CERT_VERIFY;
2542 }
2543 EVP_PKEY_CTX_free(pkey_ctx);
2544 s->session->master_key_length=
2545 s->method->ssl3_enc->generate_master_secret(s,
2546 s->session->master_key,premaster_secret,32);
2547 EVP_PKEY_free(pub_key);
2548
2549 }
2550#ifndef OPENSSL_NO_PSK
2551 else if (alg_k & SSL_kPSK)
2552 {
2553 char identity[PSK_MAX_IDENTITY_LEN];
2554 unsigned char *t = NULL;
2555 unsigned char psk_or_pre_ms[PSK_MAX_PSK_LEN*2+4];
2556 unsigned int pre_ms_len = 0, psk_len = 0;
2557 int psk_err = 1;
2558
2559 n = 0;
2560 if (s->psk_client_callback == NULL)
2561 {
2562 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2563 SSL_R_PSK_NO_CLIENT_CB);
2564 goto err;
2565 }
2566
2567 psk_len = s->psk_client_callback(s, s->ctx->psk_identity_hint,
2568 identity, PSK_MAX_IDENTITY_LEN,
2569 psk_or_pre_ms, sizeof(psk_or_pre_ms));
2570 if (psk_len > PSK_MAX_PSK_LEN)
2571 {
2572 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2573 ERR_R_INTERNAL_ERROR);
2574 goto psk_err;
2575 }
2576 else if (psk_len == 0)
2577 {
2578 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2579 SSL_R_PSK_IDENTITY_NOT_FOUND);
2580 goto psk_err;
2581 }
2582
2583 /* create PSK pre_master_secret */
2584 pre_ms_len = 2+psk_len+2+psk_len;
2585 t = psk_or_pre_ms;
2586 memmove(psk_or_pre_ms+psk_len+4, psk_or_pre_ms, psk_len);
2587 s2n(psk_len, t);
2588 memset(t, 0, psk_len);
2589 t+=psk_len;
2590 s2n(psk_len, t);
2591
2592 if (s->session->psk_identity_hint != NULL)
2593 OPENSSL_free(s->session->psk_identity_hint);
2594 s->session->psk_identity_hint = BUF_strdup(s->ctx->psk_identity_hint);
2595 if (s->ctx->psk_identity_hint != NULL &&
2596 s->session->psk_identity_hint == NULL)
2597 {
2598 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2599 ERR_R_MALLOC_FAILURE);
2600 goto psk_err;
2601 }
2602
2603 if (s->session->psk_identity != NULL)
2604 OPENSSL_free(s->session->psk_identity);
2605 s->session->psk_identity = BUF_strdup(identity);
2606 if (s->session->psk_identity == NULL)
2607 {
2608 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2609 ERR_R_MALLOC_FAILURE);
2610 goto psk_err;
2611 }
2612
2613 s->session->master_key_length =
2614 s->method->ssl3_enc->generate_master_secret(s,
2615 s->session->master_key,
2616 psk_or_pre_ms, pre_ms_len);
2617 n = strlen(identity);
2618 s2n(n, p);
2619 memcpy(p, identity, n);
2620 n+=2;
2621 psk_err = 0;
2622 psk_err:
2623 OPENSSL_cleanse(identity, PSK_MAX_IDENTITY_LEN);
2624 OPENSSL_cleanse(psk_or_pre_ms, sizeof(psk_or_pre_ms));
2625 if (psk_err != 0)
2626 {
2627 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
2628 goto err;
2629 }
2630 }
2631#endif
2317 else 2632 else
2318 { 2633 {
2319 ssl3_send_alert(s, SSL3_AL_FATAL, 2634 ssl3_send_alert(s, SSL3_AL_FATAL,
@@ -2350,28 +2665,37 @@ int ssl3_send_client_verify(SSL *s)
2350 unsigned char *p,*d; 2665 unsigned char *p,*d;
2351 unsigned char data[MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH]; 2666 unsigned char data[MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH];
2352 EVP_PKEY *pkey; 2667 EVP_PKEY *pkey;
2668 EVP_PKEY_CTX *pctx=NULL;
2353#ifndef OPENSSL_NO_RSA 2669#ifndef OPENSSL_NO_RSA
2354 unsigned u=0; 2670 unsigned u=0;
2355#endif 2671#endif
2356 unsigned long n; 2672 unsigned long n;
2357#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECDSA)
2358 int j; 2673 int j;
2359#endif
2360 2674
2361 if (s->state == SSL3_ST_CW_CERT_VRFY_A) 2675 if (s->state == SSL3_ST_CW_CERT_VRFY_A)
2362 { 2676 {
2363 d=(unsigned char *)s->init_buf->data; 2677 d=(unsigned char *)s->init_buf->data;
2364 p= &(d[4]); 2678 p= &(d[4]);
2365 pkey=s->cert->key->privatekey; 2679 pkey=s->cert->key->privatekey;
2366 2680/* Create context from key and test if sha1 is allowed as digest */
2367 s->method->ssl3_enc->cert_verify_mac(s,&(s->s3->finish_dgst2), 2681 pctx = EVP_PKEY_CTX_new(pkey,NULL);
2368 &(data[MD5_DIGEST_LENGTH])); 2682 EVP_PKEY_sign_init(pctx);
2369 2683 if (EVP_PKEY_CTX_set_signature_md(pctx, EVP_sha1())>0)
2684 {
2685 s->method->ssl3_enc->cert_verify_mac(s,
2686 NID_sha1,
2687 &(data[MD5_DIGEST_LENGTH]));
2688 }
2689 else
2690 {
2691 ERR_clear_error();
2692 }
2370#ifndef OPENSSL_NO_RSA 2693#ifndef OPENSSL_NO_RSA
2371 if (pkey->type == EVP_PKEY_RSA) 2694 if (pkey->type == EVP_PKEY_RSA)
2372 { 2695 {
2373 s->method->ssl3_enc->cert_verify_mac(s, 2696 s->method->ssl3_enc->cert_verify_mac(s,
2374 &(s->s3->finish_dgst1),&(data[0])); 2697 NID_md5,
2698 &(data[0]));
2375 if (RSA_sign(NID_md5_sha1, data, 2699 if (RSA_sign(NID_md5_sha1, data,
2376 MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH, 2700 MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH,
2377 &(p[2]), &u, pkey->pkey.rsa) <= 0 ) 2701 &(p[2]), &u, pkey->pkey.rsa) <= 0 )
@@ -2417,10 +2741,30 @@ int ssl3_send_client_verify(SSL *s)
2417 } 2741 }
2418 else 2742 else
2419#endif 2743#endif
2420 { 2744 if (pkey->type == NID_id_GostR3410_94 || pkey->type == NID_id_GostR3410_2001)
2745 {
2746 unsigned char signbuf[64];
2747 int i;
2748 size_t sigsize=64;
2749 s->method->ssl3_enc->cert_verify_mac(s,
2750 NID_id_GostR3411_94,
2751 data);
2752 if (EVP_PKEY_sign(pctx, signbuf, &sigsize, data, 32) <= 0) {
2753 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,
2754 ERR_R_INTERNAL_ERROR);
2755 goto err;
2756 }
2757 for (i=63,j=0; i>=0; j++, i--) {
2758 p[2+j]=signbuf[i];
2759 }
2760 s2n(j,p);
2761 n=j+2;
2762 }
2763 else
2764 {
2421 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,ERR_R_INTERNAL_ERROR); 2765 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,ERR_R_INTERNAL_ERROR);
2422 goto err; 2766 goto err;
2423 } 2767 }
2424 *(d++)=SSL3_MT_CERTIFICATE_VERIFY; 2768 *(d++)=SSL3_MT_CERTIFICATE_VERIFY;
2425 l2n3(n,d); 2769 l2n3(n,d);
2426 2770
@@ -2428,8 +2772,10 @@ int ssl3_send_client_verify(SSL *s)
2428 s->init_num=(int)n+4; 2772 s->init_num=(int)n+4;
2429 s->init_off=0; 2773 s->init_off=0;
2430 } 2774 }
2775 EVP_PKEY_CTX_free(pctx);
2431 return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); 2776 return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
2432err: 2777err:
2778 EVP_PKEY_CTX_free(pctx);
2433 return(-1); 2779 return(-1);
2434 } 2780 }
2435 2781
@@ -2514,7 +2860,7 @@ int ssl3_send_client_certificate(SSL *s)
2514int ssl3_check_cert_and_algorithm(SSL *s) 2860int ssl3_check_cert_and_algorithm(SSL *s)
2515 { 2861 {
2516 int i,idx; 2862 int i,idx;
2517 long algs; 2863 long alg_k,alg_a;
2518 EVP_PKEY *pkey=NULL; 2864 EVP_PKEY *pkey=NULL;
2519 SESS_CERT *sc; 2865 SESS_CERT *sc;
2520#ifndef OPENSSL_NO_RSA 2866#ifndef OPENSSL_NO_RSA
@@ -2524,14 +2870,14 @@ int ssl3_check_cert_and_algorithm(SSL *s)
2524 DH *dh; 2870 DH *dh;
2525#endif 2871#endif
2526 2872
2527 sc=s->session->sess_cert; 2873 alg_k=s->s3->tmp.new_cipher->algorithm_mkey;
2528 2874 alg_a=s->s3->tmp.new_cipher->algorithm_auth;
2529 algs=s->s3->tmp.new_cipher->algorithms;
2530 2875
2531 /* we don't have a certificate */ 2876 /* we don't have a certificate */
2532 if (algs & (SSL_aDH|SSL_aNULL|SSL_aKRB5)) 2877 if ((alg_a & (SSL_aDH|SSL_aNULL|SSL_aKRB5)) || (alg_k & SSL_kPSK))
2533 return(1); 2878 return(1);
2534 2879
2880 sc=s->session->sess_cert;
2535 if (sc == NULL) 2881 if (sc == NULL)
2536 { 2882 {
2537 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,ERR_R_INTERNAL_ERROR); 2883 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,ERR_R_INTERNAL_ERROR);
@@ -2551,11 +2897,11 @@ int ssl3_check_cert_and_algorithm(SSL *s)
2551#ifndef OPENSSL_NO_ECDH 2897#ifndef OPENSSL_NO_ECDH
2552 if (idx == SSL_PKEY_ECC) 2898 if (idx == SSL_PKEY_ECC)
2553 { 2899 {
2554 if (check_srvr_ecc_cert_and_alg(sc->peer_pkeys[idx].x509, 2900 if (ssl_check_srvr_ecc_cert_and_alg(sc->peer_pkeys[idx].x509,
2555 s->s3->tmp.new_cipher) == 0) 2901 s->s3->tmp.new_cipher) == 0)
2556 { /* check failed */ 2902 { /* check failed */
2557 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_BAD_ECC_CERT); 2903 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_BAD_ECC_CERT);
2558 goto f_err; 2904 goto f_err;
2559 } 2905 }
2560 else 2906 else
2561 { 2907 {
@@ -2569,20 +2915,20 @@ int ssl3_check_cert_and_algorithm(SSL *s)
2569 2915
2570 2916
2571 /* Check that we have a certificate if we require one */ 2917 /* Check that we have a certificate if we require one */
2572 if ((algs & SSL_aRSA) && !has_bits(i,EVP_PK_RSA|EVP_PKT_SIGN)) 2918 if ((alg_a & SSL_aRSA) && !has_bits(i,EVP_PK_RSA|EVP_PKT_SIGN))
2573 { 2919 {
2574 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_RSA_SIGNING_CERT); 2920 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_RSA_SIGNING_CERT);
2575 goto f_err; 2921 goto f_err;
2576 } 2922 }
2577#ifndef OPENSSL_NO_DSA 2923#ifndef OPENSSL_NO_DSA
2578 else if ((algs & SSL_aDSS) && !has_bits(i,EVP_PK_DSA|EVP_PKT_SIGN)) 2924 else if ((alg_a & SSL_aDSS) && !has_bits(i,EVP_PK_DSA|EVP_PKT_SIGN))
2579 { 2925 {
2580 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DSA_SIGNING_CERT); 2926 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DSA_SIGNING_CERT);
2581 goto f_err; 2927 goto f_err;
2582 } 2928 }
2583#endif 2929#endif
2584#ifndef OPENSSL_NO_RSA 2930#ifndef OPENSSL_NO_RSA
2585 if ((algs & SSL_kRSA) && 2931 if ((alg_k & SSL_kRSA) &&
2586 !(has_bits(i,EVP_PK_RSA|EVP_PKT_ENC) || (rsa != NULL))) 2932 !(has_bits(i,EVP_PK_RSA|EVP_PKT_ENC) || (rsa != NULL)))
2587 { 2933 {
2588 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_RSA_ENCRYPTING_CERT); 2934 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_RSA_ENCRYPTING_CERT);
@@ -2590,19 +2936,19 @@ int ssl3_check_cert_and_algorithm(SSL *s)
2590 } 2936 }
2591#endif 2937#endif
2592#ifndef OPENSSL_NO_DH 2938#ifndef OPENSSL_NO_DH
2593 if ((algs & SSL_kEDH) && 2939 if ((alg_k & SSL_kEDH) &&
2594 !(has_bits(i,EVP_PK_DH|EVP_PKT_EXCH) || (dh != NULL))) 2940 !(has_bits(i,EVP_PK_DH|EVP_PKT_EXCH) || (dh != NULL)))
2595 { 2941 {
2596 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_KEY); 2942 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_KEY);
2597 goto f_err; 2943 goto f_err;
2598 } 2944 }
2599 else if ((algs & SSL_kDHr) && !has_bits(i,EVP_PK_DH|EVP_PKS_RSA)) 2945 else if ((alg_k & SSL_kDHr) && !has_bits(i,EVP_PK_DH|EVP_PKS_RSA))
2600 { 2946 {
2601 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_RSA_CERT); 2947 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_RSA_CERT);
2602 goto f_err; 2948 goto f_err;
2603 } 2949 }
2604#ifndef OPENSSL_NO_DSA 2950#ifndef OPENSSL_NO_DSA
2605 else if ((algs & SSL_kDHd) && !has_bits(i,EVP_PK_DH|EVP_PKS_DSA)) 2951 else if ((alg_k & SSL_kDHd) && !has_bits(i,EVP_PK_DH|EVP_PKS_DSA))
2606 { 2952 {
2607 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_DSA_CERT); 2953 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_DSA_CERT);
2608 goto f_err; 2954 goto f_err;
@@ -2613,7 +2959,7 @@ int ssl3_check_cert_and_algorithm(SSL *s)
2613 if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && !has_bits(i,EVP_PKT_EXP)) 2959 if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && !has_bits(i,EVP_PKT_EXP))
2614 { 2960 {
2615#ifndef OPENSSL_NO_RSA 2961#ifndef OPENSSL_NO_RSA
2616 if (algs & SSL_kRSA) 2962 if (alg_k & SSL_kRSA)
2617 { 2963 {
2618 if (rsa == NULL 2964 if (rsa == NULL
2619 || RSA_size(rsa)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) 2965 || RSA_size(rsa)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher))
@@ -2625,7 +2971,7 @@ int ssl3_check_cert_and_algorithm(SSL *s)
2625 else 2971 else
2626#endif 2972#endif
2627#ifndef OPENSSL_NO_DH 2973#ifndef OPENSSL_NO_DH
2628 if (algs & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) 2974 if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
2629 { 2975 {
2630 if (dh == NULL 2976 if (dh == NULL
2631 || DH_size(dh)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) 2977 || DH_size(dh)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher))
@@ -2648,64 +2994,18 @@ err:
2648 return(0); 2994 return(0);
2649 } 2995 }
2650 2996
2651
2652#ifndef OPENSSL_NO_ECDH
2653/* This is the complement of nid2curve_id in s3_srvr.c. */
2654static int curve_id2nid(int curve_id)
2655{
2656 /* ECC curves from draft-ietf-tls-ecc-01.txt (Mar 15, 2001)
2657 * (no changes in draft-ietf-tls-ecc-03.txt [June 2003]) */
2658 static int nid_list[26] =
2659 {
2660 0,
2661 NID_sect163k1, /* sect163k1 (1) */
2662 NID_sect163r1, /* sect163r1 (2) */
2663 NID_sect163r2, /* sect163r2 (3) */
2664 NID_sect193r1, /* sect193r1 (4) */
2665 NID_sect193r2, /* sect193r2 (5) */
2666 NID_sect233k1, /* sect233k1 (6) */
2667 NID_sect233r1, /* sect233r1 (7) */
2668 NID_sect239k1, /* sect239k1 (8) */
2669 NID_sect283k1, /* sect283k1 (9) */
2670 NID_sect283r1, /* sect283r1 (10) */
2671 NID_sect409k1, /* sect409k1 (11) */
2672 NID_sect409r1, /* sect409r1 (12) */
2673 NID_sect571k1, /* sect571k1 (13) */
2674 NID_sect571r1, /* sect571r1 (14) */
2675 NID_secp160k1, /* secp160k1 (15) */
2676 NID_secp160r1, /* secp160r1 (16) */
2677 NID_secp160r2, /* secp160r2 (17) */
2678 NID_secp192k1, /* secp192k1 (18) */
2679 NID_X9_62_prime192v1, /* secp192r1 (19) */
2680 NID_secp224k1, /* secp224k1 (20) */
2681 NID_secp224r1, /* secp224r1 (21) */
2682 NID_secp256k1, /* secp256k1 (22) */
2683 NID_X9_62_prime256v1, /* secp256r1 (23) */
2684 NID_secp384r1, /* secp384r1 (24) */
2685 NID_secp521r1 /* secp521r1 (25) */
2686 };
2687
2688 if ((curve_id < 1) || (curve_id > 25)) return 0;
2689
2690 return nid_list[curve_id];
2691}
2692#endif
2693
2694/* Check to see if handshake is full or resumed. Usually this is just a 2997/* Check to see if handshake is full or resumed. Usually this is just a
2695 * case of checking to see if a cache hit has occurred. In the case of 2998 * case of checking to see if a cache hit has occurred. In the case of
2696 * session tickets we have to check the next message to be sure. 2999 * session tickets we have to check the next message to be sure.
2697 */ 3000 */
2698 3001
2699#ifndef OPENSSL_NO_TLSEXT 3002#ifndef OPENSSL_NO_TLSEXT
2700static int ssl3_check_finished(SSL *s) 3003int ssl3_check_finished(SSL *s)
2701 { 3004 {
2702 int ok; 3005 int ok;
2703 long n; 3006 long n;
2704 /* If we have no ticket or session ID is non-zero length (a match of 3007 /* If we have no ticket it cannot be a resumed session. */
2705 * a non-zero session length would never reach here) it cannot be a 3008 if (!s->session->tlsext_tick)
2706 * resumed session.
2707 */
2708 if (!s->session->tlsext_tick || s->session->session_id_length)
2709 return 1; 3009 return 1;
2710 /* this function is called when we really expect a Certificate 3010 /* this function is called when we really expect a Certificate
2711 * message, so permit appropriate message length */ 3011 * message, so permit appropriate message length */
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-11-03 01:45:35 +0000