summaryrefslogtreecommitdiff
path: root/src/lib/libssl/s3_clnt.c
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--src/lib/libssl/s3_clnt.c40
1 files changed, 0 insertions, 40 deletions
diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c
index 602ab03fe1..4df299de9d 100644
--- a/src/lib/libssl/s3_clnt.c
+++ b/src/lib/libssl/s3_clnt.c
@@ -155,9 +155,7 @@
155#include <openssl/objects.h> 155#include <openssl/objects.h>
156#include <openssl/evp.h> 156#include <openssl/evp.h>
157#include <openssl/md5.h> 157#include <openssl/md5.h>
158#ifndef OPENSSL_NO_DH
159#include <openssl/dh.h> 158#include <openssl/dh.h>
160#endif
161#include <openssl/bn.h> 159#include <openssl/bn.h>
162#ifndef OPENSSL_NO_ENGINE 160#ifndef OPENSSL_NO_ENGINE
163#include <openssl/engine.h> 161#include <openssl/engine.h>
@@ -1263,16 +1261,12 @@ ssl3_get_key_exchange(SSL *s)
1263 EVP_PKEY *pkey = NULL; 1261 EVP_PKEY *pkey = NULL;
1264 const EVP_MD *md = NULL; 1262 const EVP_MD *md = NULL;
1265 RSA *rsa = NULL; 1263 RSA *rsa = NULL;
1266#ifndef OPENSSL_NO_DH
1267 DH *dh = NULL; 1264 DH *dh = NULL;
1268#endif
1269#ifndef OPENSSL_NO_ECDH
1270 EC_KEY *ecdh = NULL; 1265 EC_KEY *ecdh = NULL;
1271 BN_CTX *bn_ctx = NULL; 1266 BN_CTX *bn_ctx = NULL;
1272 EC_POINT *srvr_ecpoint = NULL; 1267 EC_POINT *srvr_ecpoint = NULL;
1273 int curve_nid = 0; 1268 int curve_nid = 0;
1274 int encoded_pt_len = 0; 1269 int encoded_pt_len = 0;
1275#endif
1276 1270
1277 /* 1271 /*
1278 * Use same message size as in ssl3_get_certificate_request() 1272 * Use same message size as in ssl3_get_certificate_request()
@@ -1306,18 +1300,14 @@ ssl3_get_key_exchange(SSL *s)
1306 RSA_free(s->session->sess_cert->peer_rsa_tmp); 1300 RSA_free(s->session->sess_cert->peer_rsa_tmp);
1307 s->session->sess_cert->peer_rsa_tmp = NULL; 1301 s->session->sess_cert->peer_rsa_tmp = NULL;
1308 } 1302 }
1309#ifndef OPENSSL_NO_DH
1310 if (s->session->sess_cert->peer_dh_tmp) { 1303 if (s->session->sess_cert->peer_dh_tmp) {
1311 DH_free(s->session->sess_cert->peer_dh_tmp); 1304 DH_free(s->session->sess_cert->peer_dh_tmp);
1312 s->session->sess_cert->peer_dh_tmp = NULL; 1305 s->session->sess_cert->peer_dh_tmp = NULL;
1313 } 1306 }
1314#endif
1315#ifndef OPENSSL_NO_ECDH
1316 if (s->session->sess_cert->peer_ecdh_tmp) { 1307 if (s->session->sess_cert->peer_ecdh_tmp) {
1317 EC_KEY_free(s->session->sess_cert->peer_ecdh_tmp); 1308 EC_KEY_free(s->session->sess_cert->peer_ecdh_tmp);
1318 s->session->sess_cert->peer_ecdh_tmp = NULL; 1309 s->session->sess_cert->peer_ecdh_tmp = NULL;
1319 } 1310 }
1320#endif
1321 } else { 1311 } else {
1322 s->session->sess_cert = ssl_sess_cert_new(); 1312 s->session->sess_cert = ssl_sess_cert_new();
1323 } 1313 }
@@ -1424,7 +1414,6 @@ ssl3_get_key_exchange(SSL *s)
1424 s->session->sess_cert->peer_rsa_tmp = rsa; 1414 s->session->sess_cert->peer_rsa_tmp = rsa;
1425 rsa = NULL; 1415 rsa = NULL;
1426 } 1416 }
1427#ifndef OPENSSL_NO_DH
1428 else if (alg_k & SSL_kEDH) { 1417 else if (alg_k & SSL_kEDH) {
1429 if ((dh = DH_new()) == NULL) { 1418 if ((dh = DH_new()) == NULL) {
1430 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, 1419 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
@@ -1495,9 +1484,7 @@ ssl3_get_key_exchange(SSL *s)
1495 SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER); 1484 SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER);
1496 goto f_err; 1485 goto f_err;
1497 } 1486 }
1498#endif /* !OPENSSL_NO_DH */
1499 1487
1500#ifndef OPENSSL_NO_ECDH
1501 else if (alg_k & SSL_kEECDH) { 1488 else if (alg_k & SSL_kEECDH) {
1502 EC_GROUP *ngroup; 1489 EC_GROUP *ngroup;
1503 const EC_GROUP *group; 1490 const EC_GROUP *group;
@@ -1585,12 +1572,10 @@ ssl3_get_key_exchange(SSL *s)
1585 pkey = X509_get_pubkey( 1572 pkey = X509_get_pubkey(
1586 s->session->sess_cert->peer_pkeys[ 1573 s->session->sess_cert->peer_pkeys[
1587 SSL_PKEY_RSA_ENC].x509); 1574 SSL_PKEY_RSA_ENC].x509);
1588#ifndef OPENSSL_NO_ECDSA
1589 else if (alg_a & SSL_aECDSA) 1575 else if (alg_a & SSL_aECDSA)
1590 pkey = X509_get_pubkey( 1576 pkey = X509_get_pubkey(
1591 s->session->sess_cert->peer_pkeys[ 1577 s->session->sess_cert->peer_pkeys[
1592 SSL_PKEY_ECC].x509); 1578 SSL_PKEY_ECC].x509);
1593#endif
1594 /* Else anonymous ECDH, so no certificate or pkey. */ 1579 /* Else anonymous ECDH, so no certificate or pkey. */
1595 EC_KEY_set_public_key(ecdh, srvr_ecpoint); 1580 EC_KEY_set_public_key(ecdh, srvr_ecpoint);
1596 s->session->sess_cert->peer_ecdh_tmp = ecdh; 1581 s->session->sess_cert->peer_ecdh_tmp = ecdh;
@@ -1605,7 +1590,6 @@ ssl3_get_key_exchange(SSL *s)
1605 SSL_R_UNEXPECTED_MESSAGE); 1590 SSL_R_UNEXPECTED_MESSAGE);
1606 goto f_err; 1591 goto f_err;
1607 } 1592 }
1608#endif /* !OPENSSL_NO_ECDH */
1609 1593
1610 /* p points to the next byte, there are 'n' bytes left */ 1594 /* p points to the next byte, there are 'n' bytes left */
1611 1595
@@ -1731,16 +1715,12 @@ ssl3_get_key_exchange(SSL *s)
1731 EVP_PKEY_free(pkey); 1715 EVP_PKEY_free(pkey);
1732 if (rsa != NULL) 1716 if (rsa != NULL)
1733 RSA_free(rsa); 1717 RSA_free(rsa);
1734#ifndef OPENSSL_NO_DH
1735 if (dh != NULL) 1718 if (dh != NULL)
1736 DH_free(dh); 1719 DH_free(dh);
1737#endif
1738#ifndef OPENSSL_NO_ECDH
1739 BN_CTX_free(bn_ctx); 1720 BN_CTX_free(bn_ctx);
1740 EC_POINT_free(srvr_ecpoint); 1721 EC_POINT_free(srvr_ecpoint);
1741 if (ecdh != NULL) 1722 if (ecdh != NULL)
1742 EC_KEY_free(ecdh); 1723 EC_KEY_free(ecdh);
1743#endif
1744 EVP_MD_CTX_cleanup(&md_ctx); 1724 EVP_MD_CTX_cleanup(&md_ctx);
1745 return (-1); 1725 return (-1);
1746} 1726}
@@ -2084,14 +2064,12 @@ ssl3_send_client_key_exchange(SSL *s)
2084 unsigned long alg_k; 2064 unsigned long alg_k;
2085 unsigned char *q; 2065 unsigned char *q;
2086 EVP_PKEY *pkey = NULL; 2066 EVP_PKEY *pkey = NULL;
2087#ifndef OPENSSL_NO_ECDH
2088 EC_KEY *clnt_ecdh = NULL; 2067 EC_KEY *clnt_ecdh = NULL;
2089 const EC_POINT *srvr_ecpoint = NULL; 2068 const EC_POINT *srvr_ecpoint = NULL;
2090 EVP_PKEY *srvr_pub_pkey = NULL; 2069 EVP_PKEY *srvr_pub_pkey = NULL;
2091 unsigned char *encodedPoint = NULL; 2070 unsigned char *encodedPoint = NULL;
2092 int encoded_pt_len = 0; 2071 int encoded_pt_len = 0;
2093 BN_CTX *bn_ctx = NULL; 2072 BN_CTX *bn_ctx = NULL;
2094#endif
2095 2073
2096 if (s->state == SSL3_ST_CW_KEY_EXCH_A) { 2074 if (s->state == SSL3_ST_CW_KEY_EXCH_A) {
2097 d = (unsigned char *)s->init_buf->data; 2075 d = (unsigned char *)s->init_buf->data;
@@ -2151,7 +2129,6 @@ ssl3_send_client_key_exchange(SSL *s)
2151 s, s->session->master_key, tmp_buf, sizeof tmp_buf); 2129 s, s->session->master_key, tmp_buf, sizeof tmp_buf);
2152 OPENSSL_cleanse(tmp_buf, sizeof tmp_buf); 2130 OPENSSL_cleanse(tmp_buf, sizeof tmp_buf);
2153 } 2131 }
2154#ifndef OPENSSL_NO_DH
2155 else if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) { 2132 else if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) {
2156 DH *dh_srvr, *dh_clnt; 2133 DH *dh_srvr, *dh_clnt;
2157 2134
@@ -2217,9 +2194,7 @@ ssl3_send_client_key_exchange(SSL *s)
2217 2194
2218 /* perhaps clean things up a bit EAY EAY EAY EAY*/ 2195 /* perhaps clean things up a bit EAY EAY EAY EAY*/
2219 } 2196 }
2220#endif
2221 2197
2222#ifndef OPENSSL_NO_ECDH
2223 else if (alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) { 2198 else if (alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) {
2224 const EC_GROUP *srvr_group = NULL; 2199 const EC_GROUP *srvr_group = NULL;
2225 EC_KEY *tkey; 2200 EC_KEY *tkey;
@@ -2399,7 +2374,6 @@ ssl3_send_client_key_exchange(SSL *s)
2399 EC_KEY_free(clnt_ecdh); 2374 EC_KEY_free(clnt_ecdh);
2400 EVP_PKEY_free(srvr_pub_pkey); 2375 EVP_PKEY_free(srvr_pub_pkey);
2401 } 2376 }
2402#endif /* !OPENSSL_NO_ECDH */
2403 else if (alg_k & SSL_kGOST) { 2377 else if (alg_k & SSL_kGOST) {
2404 /* GOST key exchange message creation */ 2378 /* GOST key exchange message creation */
2405 EVP_PKEY_CTX *pkey_ctx; 2379 EVP_PKEY_CTX *pkey_ctx;
@@ -2608,13 +2582,11 @@ ssl3_send_client_key_exchange(SSL *s)
2608 /* SSL3_ST_CW_KEY_EXCH_B */ 2582 /* SSL3_ST_CW_KEY_EXCH_B */
2609 return (ssl3_do_write(s, SSL3_RT_HANDSHAKE)); 2583 return (ssl3_do_write(s, SSL3_RT_HANDSHAKE));
2610 err: 2584 err:
2611#ifndef OPENSSL_NO_ECDH
2612 BN_CTX_free(bn_ctx); 2585 BN_CTX_free(bn_ctx);
2613 free(encodedPoint); 2586 free(encodedPoint);
2614 if (clnt_ecdh != NULL) 2587 if (clnt_ecdh != NULL)
2615 EC_KEY_free(clnt_ecdh); 2588 EC_KEY_free(clnt_ecdh);
2616 EVP_PKEY_free(srvr_pub_pkey); 2589 EVP_PKEY_free(srvr_pub_pkey);
2617#endif
2618 return (-1); 2590 return (-1);
2619} 2591}
2620 2592
@@ -2703,7 +2675,6 @@ ssl3_send_client_verify(SSL *s)
2703 s2n(j, p); 2675 s2n(j, p);
2704 n = j + 2; 2676 n = j + 2;
2705 } else 2677 } else
2706#ifndef OPENSSL_NO_ECDSA
2707 if (pkey->type == EVP_PKEY_EC) { 2678 if (pkey->type == EVP_PKEY_EC) {
2708 if (!ECDSA_sign(pkey->save_type, 2679 if (!ECDSA_sign(pkey->save_type,
2709 &(data[MD5_DIGEST_LENGTH]), 2680 &(data[MD5_DIGEST_LENGTH]),
@@ -2716,7 +2687,6 @@ ssl3_send_client_verify(SSL *s)
2716 s2n(j, p); 2687 s2n(j, p);
2717 n = j + 2; 2688 n = j + 2;
2718 } else 2689 } else
2719#endif
2720 if (pkey->type == NID_id_GostR3410_94 || 2690 if (pkey->type == NID_id_GostR3410_94 ||
2721 pkey->type == NID_id_GostR3410_2001) { 2691 pkey->type == NID_id_GostR3410_2001) {
2722 unsigned char signbuf[64]; 2692 unsigned char signbuf[64];
@@ -2836,9 +2806,7 @@ ssl3_check_cert_and_algorithm(SSL *s)
2836 EVP_PKEY *pkey = NULL; 2806 EVP_PKEY *pkey = NULL;
2837 SESS_CERT *sc; 2807 SESS_CERT *sc;
2838 RSA *rsa; 2808 RSA *rsa;
2839#ifndef OPENSSL_NO_DH
2840 DH *dh; 2809 DH *dh;
2841#endif
2842 2810
2843 alg_k = s->s3->tmp.new_cipher->algorithm_mkey; 2811 alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
2844 alg_a = s->s3->tmp.new_cipher->algorithm_auth; 2812 alg_a = s->s3->tmp.new_cipher->algorithm_auth;
@@ -2855,14 +2823,11 @@ ssl3_check_cert_and_algorithm(SSL *s)
2855 } 2823 }
2856 2824
2857 rsa = s->session->sess_cert->peer_rsa_tmp; 2825 rsa = s->session->sess_cert->peer_rsa_tmp;
2858#ifndef OPENSSL_NO_DH
2859 dh = s->session->sess_cert->peer_dh_tmp; 2826 dh = s->session->sess_cert->peer_dh_tmp;
2860#endif
2861 2827
2862 /* This is the passed certificate. */ 2828 /* This is the passed certificate. */
2863 2829
2864 idx = sc->peer_cert_type; 2830 idx = sc->peer_cert_type;
2865#ifndef OPENSSL_NO_ECDH
2866 if (idx == SSL_PKEY_ECC) { 2831 if (idx == SSL_PKEY_ECC) {
2867 if (ssl_check_srvr_ecc_cert_and_alg(sc->peer_pkeys[idx].x509, 2832 if (ssl_check_srvr_ecc_cert_and_alg(sc->peer_pkeys[idx].x509,
2868 s) == 0) 2833 s) == 0)
@@ -2874,7 +2839,6 @@ ssl3_check_cert_and_algorithm(SSL *s)
2874 return (1); 2839 return (1);
2875 } 2840 }
2876 } 2841 }
2877#endif
2878 pkey = X509_get_pubkey(sc->peer_pkeys[idx].x509); 2842 pkey = X509_get_pubkey(sc->peer_pkeys[idx].x509);
2879 i = X509_certificate_type(sc->peer_pkeys[idx].x509, pkey); 2843 i = X509_certificate_type(sc->peer_pkeys[idx].x509, pkey);
2880 EVP_PKEY_free(pkey); 2844 EVP_PKEY_free(pkey);
@@ -2897,7 +2861,6 @@ ssl3_check_cert_and_algorithm(SSL *s)
2897 SSL_R_MISSING_RSA_ENCRYPTING_CERT); 2861 SSL_R_MISSING_RSA_ENCRYPTING_CERT);
2898 goto f_err; 2862 goto f_err;
2899 } 2863 }
2900#ifndef OPENSSL_NO_DH
2901 if ((alg_k & SSL_kEDH) && 2864 if ((alg_k & SSL_kEDH) &&
2902 !(has_bits(i, EVP_PK_DH|EVP_PKT_EXCH) || (dh != NULL))) { 2865 !(has_bits(i, EVP_PK_DH|EVP_PKT_EXCH) || (dh != NULL))) {
2903 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, 2866 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
@@ -2913,7 +2876,6 @@ ssl3_check_cert_and_algorithm(SSL *s)
2913 SSL_R_MISSING_DH_DSA_CERT); 2876 SSL_R_MISSING_DH_DSA_CERT);
2914 goto f_err; 2877 goto f_err;
2915 } 2878 }
2916#endif
2917 2879
2918 if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && 2880 if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) &&
2919 !has_bits(i, EVP_PKT_EXP)) { 2881 !has_bits(i, EVP_PKT_EXP)) {
@@ -2925,7 +2887,6 @@ ssl3_check_cert_and_algorithm(SSL *s)
2925 goto f_err; 2887 goto f_err;
2926 } 2888 }
2927 } else 2889 } else
2928#ifndef OPENSSL_NO_DH
2929 if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) { 2890 if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) {
2930 if (dh == NULL || DH_size(dh) * 8 > 2891 if (dh == NULL || DH_size(dh) * 8 >
2931 SSL_C_EXPORT_PKEYLENGTH( 2892 SSL_C_EXPORT_PKEYLENGTH(
@@ -2936,7 +2897,6 @@ ssl3_check_cert_and_algorithm(SSL *s)
2936 goto f_err; 2897 goto f_err;
2937 } 2898 }
2938 } else 2899 } else
2939#endif
2940 { 2900 {
2941 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, 2901 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
2942 SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE); 2902 SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE);
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-25 06:46:31 +0000