summaryrefslogtreecommitdiff
path: root/src/lib/libssl/s3_clnt.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libssl/s3_clnt.c')
-rw-r--r--src/lib/libssl/s3_clnt.c1023
1 files changed, 145 insertions, 878 deletions
diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c
index f6864cdc50..4163d97944 100644
--- a/src/lib/libssl/s3_clnt.c
+++ b/src/lib/libssl/s3_clnt.c
@@ -56,7 +56,7 @@
56 * [including the GNU Public Licence.] 56 * [including the GNU Public Licence.]
57 */ 57 */
58/* ==================================================================== 58/* ====================================================================
59 * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved. 59 * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
60 * 60 *
61 * Redistribution and use in source and binary forms, with or without 61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions 62 * modification, are permitted provided that the following conditions
@@ -108,19 +108,6 @@
108 * Hudson (tjh@cryptsoft.com). 108 * Hudson (tjh@cryptsoft.com).
109 * 109 *
110 */ 110 */
111/* ====================================================================
112 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
113 *
114 * Portions of the attached software ("Contribution") are developed by
115 * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
116 *
117 * The Contribution is licensed pursuant to the OpenSSL open source
118 * license provided above.
119 *
120 * ECC cipher suite support in OpenSSL originally written by
121 * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
122 *
123 */
124 111
125#include <stdio.h> 112#include <stdio.h>
126#include "ssl_locl.h" 113#include "ssl_locl.h"
@@ -130,22 +117,20 @@
130#include <openssl/objects.h> 117#include <openssl/objects.h>
131#include <openssl/evp.h> 118#include <openssl/evp.h>
132#include <openssl/md5.h> 119#include <openssl/md5.h>
133#ifndef OPENSSL_NO_DH 120#include <openssl/fips.h>
134#include <openssl/dh.h>
135#endif
136#include <openssl/bn.h>
137 121
138static SSL_METHOD *ssl3_get_client_method(int ver); 122static SSL_METHOD *ssl3_get_client_method(int ver);
123static int ssl3_client_hello(SSL *s);
124static int ssl3_get_server_hello(SSL *s);
125static int ssl3_get_certificate_request(SSL *s);
139static int ca_dn_cmp(const X509_NAME * const *a,const X509_NAME * const *b); 126static int ca_dn_cmp(const X509_NAME * const *a,const X509_NAME * const *b);
140#ifndef OPENSSL_NO_TLSEXT 127static int ssl3_get_server_done(SSL *s);
141static int ssl3_check_finished(SSL *s); 128static int ssl3_send_client_verify(SSL *s);
142#endif 129static int ssl3_send_client_certificate(SSL *s);
143 130static int ssl3_send_client_key_exchange(SSL *s);
144#ifndef OPENSSL_NO_ECDH 131static int ssl3_get_key_exchange(SSL *s);
145static int curve_id2nid(int curve_id); 132static int ssl3_get_server_certificate(SSL *s);
146int check_srvr_ecc_cert_and_alg(X509 *x, SSL_CIPHER *cs); 133static int ssl3_check_cert_and_algorithm(SSL *s);
147#endif
148
149static SSL_METHOD *ssl3_get_client_method(int ver) 134static SSL_METHOD *ssl3_get_client_method(int ver)
150 { 135 {
151 if (ver == SSL3_VERSION) 136 if (ver == SSL3_VERSION)
@@ -154,10 +139,28 @@ static SSL_METHOD *ssl3_get_client_method(int ver)
154 return(NULL); 139 return(NULL);
155 } 140 }
156 141
157IMPLEMENT_ssl3_meth_func(SSLv3_client_method, 142SSL_METHOD *SSLv3_client_method(void)
158 ssl_undefined_function, 143 {
159 ssl3_connect, 144 static int init=1;
160 ssl3_get_client_method) 145 static SSL_METHOD SSLv3_client_data;
146
147 if (init)
148 {
149 CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
150
151 if (init)
152 {
153 memcpy((char *)&SSLv3_client_data,(char *)sslv3_base_method(),
154 sizeof(SSL_METHOD));
155 SSLv3_client_data.ssl_connect=ssl3_connect;
156 SSLv3_client_data.get_ssl_method=ssl3_get_client_method;
157 init=0;
158 }
159
160 CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
161 }
162 return(&SSLv3_client_data);
163 }
161 164
162int ssl3_connect(SSL *s) 165int ssl3_connect(SSL *s)
163 { 166 {
@@ -166,7 +169,7 @@ int ssl3_connect(SSL *s)
166 long num1; 169 long num1;
167 void (*cb)(const SSL *ssl,int type,int val)=NULL; 170 void (*cb)(const SSL *ssl,int type,int val)=NULL;
168 int ret= -1; 171 int ret= -1;
169 int new_state,state,skip=0;; 172 int new_state,state,skip=0;
170 173
171 RAND_add(&Time,sizeof(Time),0); 174 RAND_add(&Time,sizeof(Time),0);
172 ERR_clear_error(); 175 ERR_clear_error();
@@ -267,43 +270,15 @@ int ssl3_connect(SSL *s)
267 270
268 case SSL3_ST_CR_CERT_A: 271 case SSL3_ST_CR_CERT_A:
269 case SSL3_ST_CR_CERT_B: 272 case SSL3_ST_CR_CERT_B:
270#ifndef OPENSSL_NO_TLSEXT 273 /* Check if it is anon DH */
271 ret=ssl3_check_finished(s);
272 if (ret <= 0) goto end;
273 if (ret == 2)
274 {
275 s->hit = 1;
276 if (s->tlsext_ticket_expected)
277 s->state=SSL3_ST_CR_SESSION_TICKET_A;
278 else
279 s->state=SSL3_ST_CR_FINISHED_A;
280 s->init_num=0;
281 break;
282 }
283#endif
284 /* Check if it is anon DH/ECDH */
285 if (!(s->s3->tmp.new_cipher->algorithms & SSL_aNULL)) 274 if (!(s->s3->tmp.new_cipher->algorithms & SSL_aNULL))
286 { 275 {
287 ret=ssl3_get_server_certificate(s); 276 ret=ssl3_get_server_certificate(s);
288 if (ret <= 0) goto end; 277 if (ret <= 0) goto end;
289#ifndef OPENSSL_NO_TLSEXT
290 if (s->tlsext_status_expected)
291 s->state=SSL3_ST_CR_CERT_STATUS_A;
292 else
293 s->state=SSL3_ST_CR_KEY_EXCH_A;
294 }
295 else
296 {
297 skip = 1;
298 s->state=SSL3_ST_CR_KEY_EXCH_A;
299 }
300#else
301 } 278 }
302 else 279 else
303 skip=1; 280 skip=1;
304
305 s->state=SSL3_ST_CR_KEY_EXCH_A; 281 s->state=SSL3_ST_CR_KEY_EXCH_A;
306#endif
307 s->init_num=0; 282 s->init_num=0;
308 break; 283 break;
309 284
@@ -362,13 +337,6 @@ int ssl3_connect(SSL *s)
362 * sent back */ 337 * sent back */
363 /* For TLS, cert_req is set to 2, so a cert chain 338 /* For TLS, cert_req is set to 2, so a cert chain
364 * of nothing is sent, but no verify packet is sent */ 339 * of nothing is sent, but no verify packet is sent */
365 /* XXX: For now, we do not support client
366 * authentication in ECDH cipher suites with
367 * ECDH (rather than ECDSA) certificates.
368 * We need to skip the certificate verify
369 * message when client's ECDH public key is sent
370 * inside the client certificate.
371 */
372 if (s->s3->tmp.cert_req == 1) 340 if (s->s3->tmp.cert_req == 1)
373 { 341 {
374 s->state=SSL3_ST_CW_CERT_VRFY_A; 342 s->state=SSL3_ST_CW_CERT_VRFY_A;
@@ -400,15 +368,11 @@ int ssl3_connect(SSL *s)
400 s->init_num=0; 368 s->init_num=0;
401 369
402 s->session->cipher=s->s3->tmp.new_cipher; 370 s->session->cipher=s->s3->tmp.new_cipher;
403#ifdef OPENSSL_NO_COMP
404 s->session->compress_meth=0;
405#else
406 if (s->s3->tmp.new_compression == NULL) 371 if (s->s3->tmp.new_compression == NULL)
407 s->session->compress_meth=0; 372 s->session->compress_meth=0;
408 else 373 else
409 s->session->compress_meth= 374 s->session->compress_meth=
410 s->s3->tmp.new_compression->id; 375 s->s3->tmp.new_compression->id;
411#endif
412 if (!s->method->ssl3_enc->setup_key_block(s)) 376 if (!s->method->ssl3_enc->setup_key_block(s))
413 { 377 {
414 ret= -1; 378 ret= -1;
@@ -447,36 +411,11 @@ int ssl3_connect(SSL *s)
447 } 411 }
448 else 412 else
449 { 413 {
450#ifndef OPENSSL_NO_TLSEXT
451 /* Allow NewSessionTicket if ticket expected */
452 if (s->tlsext_ticket_expected)
453 s->s3->tmp.next_state=SSL3_ST_CR_SESSION_TICKET_A;
454 else
455#endif
456
457 s->s3->tmp.next_state=SSL3_ST_CR_FINISHED_A; 414 s->s3->tmp.next_state=SSL3_ST_CR_FINISHED_A;
458 } 415 }
459 s->init_num=0; 416 s->init_num=0;
460 break; 417 break;
461 418
462#ifndef OPENSSL_NO_TLSEXT
463 case SSL3_ST_CR_SESSION_TICKET_A:
464 case SSL3_ST_CR_SESSION_TICKET_B:
465 ret=ssl3_get_new_session_ticket(s);
466 if (ret <= 0) goto end;
467 s->state=SSL3_ST_CR_FINISHED_A;
468 s->init_num=0;
469 break;
470
471 case SSL3_ST_CR_CERT_STATUS_A:
472 case SSL3_ST_CR_CERT_STATUS_B:
473 ret=ssl3_get_cert_status(s);
474 if (ret <= 0) goto end;
475 s->state=SSL3_ST_CR_KEY_EXCH_A;
476 s->init_num=0;
477 break;
478#endif
479
480 case SSL3_ST_CR_FINISHED_A: 419 case SSL3_ST_CR_FINISHED_A:
481 case SSL3_ST_CR_FINISHED_B: 420 case SSL3_ST_CR_FINISHED_B:
482 421
@@ -573,16 +512,13 @@ end:
573 } 512 }
574 513
575 514
576int ssl3_client_hello(SSL *s) 515static int ssl3_client_hello(SSL *s)
577 { 516 {
578 unsigned char *buf; 517 unsigned char *buf;
579 unsigned char *p,*d; 518 unsigned char *p,*d;
580 int i; 519 int i,j;
581 unsigned long Time,l; 520 unsigned long Time,l;
582#ifndef OPENSSL_NO_COMP
583 int j;
584 SSL_COMP *comp; 521 SSL_COMP *comp;
585#endif
586 522
587 buf=(unsigned char *)s->init_buf->data; 523 buf=(unsigned char *)s->init_buf->data;
588 if (s->state == SSL3_ST_CW_CLNT_HELLO_A) 524 if (s->state == SSL3_ST_CW_CLNT_HELLO_A)
@@ -599,8 +535,8 @@ int ssl3_client_hello(SSL *s)
599 p=s->s3->client_random; 535 p=s->s3->client_random;
600 Time=(unsigned long)time(NULL); /* Time */ 536 Time=(unsigned long)time(NULL); /* Time */
601 l2n(Time,p); 537 l2n(Time,p);
602 if (RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0) 538 if(RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0)
603 goto err; 539 goto err;
604 540
605 /* Do the message type and length last */ 541 /* Do the message type and length last */
606 d=p= &(buf[4]); 542 d=p= &(buf[4]);
@@ -621,7 +557,7 @@ int ssl3_client_hello(SSL *s)
621 *(p++)=i; 557 *(p++)=i;
622 if (i != 0) 558 if (i != 0)
623 { 559 {
624 if (i > (int)sizeof(s->session->session_id)) 560 if (i > sizeof s->session->session_id)
625 { 561 {
626 SSLerr(SSL_F_SSL3_CLIENT_HELLO, ERR_R_INTERNAL_ERROR); 562 SSLerr(SSL_F_SSL3_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
627 goto err; 563 goto err;
@@ -641,9 +577,6 @@ int ssl3_client_hello(SSL *s)
641 p+=i; 577 p+=i;
642 578
643 /* COMPRESSION */ 579 /* COMPRESSION */
644#ifdef OPENSSL_NO_COMP
645 *(p++)=1;
646#else
647 if (s->ctx->comp_methods == NULL) 580 if (s->ctx->comp_methods == NULL)
648 j=0; 581 j=0;
649 else 582 else
@@ -654,15 +587,8 @@ int ssl3_client_hello(SSL *s)
654 comp=sk_SSL_COMP_value(s->ctx->comp_methods,i); 587 comp=sk_SSL_COMP_value(s->ctx->comp_methods,i);
655 *(p++)=comp->id; 588 *(p++)=comp->id;
656 } 589 }
657#endif
658 *(p++)=0; /* Add the NULL method */ 590 *(p++)=0; /* Add the NULL method */
659#ifndef OPENSSL_NO_TLSEXT 591
660 if ((p = ssl_add_clienthello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL)
661 {
662 SSLerr(SSL_F_SSL3_CLIENT_HELLO,ERR_R_INTERNAL_ERROR);
663 goto err;
664 }
665#endif
666 l=(p-d); 592 l=(p-d);
667 d=buf; 593 d=buf;
668 *(d++)=SSL3_MT_CLIENT_HELLO; 594 *(d++)=SSL3_MT_CLIENT_HELLO;
@@ -680,7 +606,7 @@ err:
680 return(-1); 606 return(-1);
681 } 607 }
682 608
683int ssl3_get_server_hello(SSL *s) 609static int ssl3_get_server_hello(SSL *s)
684 { 610 {
685 STACK_OF(SSL_CIPHER) *sk; 611 STACK_OF(SSL_CIPHER) *sk;
686 SSL_CIPHER *c; 612 SSL_CIPHER *c;
@@ -688,44 +614,16 @@ int ssl3_get_server_hello(SSL *s)
688 int i,al,ok; 614 int i,al,ok;
689 unsigned int j; 615 unsigned int j;
690 long n; 616 long n;
691#ifndef OPENSSL_NO_COMP
692 SSL_COMP *comp; 617 SSL_COMP *comp;
693#endif
694 618
695 n=s->method->ssl_get_message(s, 619 n=ssl3_get_message(s,
696 SSL3_ST_CR_SRVR_HELLO_A, 620 SSL3_ST_CR_SRVR_HELLO_A,
697 SSL3_ST_CR_SRVR_HELLO_B, 621 SSL3_ST_CR_SRVR_HELLO_B,
698 -1, 622 SSL3_MT_SERVER_HELLO,
699 20000, /* ?? */ 623 300, /* ?? */
700 &ok); 624 &ok);
701 625
702 if (!ok) return((int)n); 626 if (!ok) return((int)n);
703
704 if ( SSL_version(s) == DTLS1_VERSION)
705 {
706 if ( s->s3->tmp.message_type == DTLS1_MT_HELLO_VERIFY_REQUEST)
707 {
708 if ( s->d1->send_cookie == 0)
709 {
710 s->s3->tmp.reuse_message = 1;
711 return 1;
712 }
713 else /* already sent a cookie */
714 {
715 al=SSL_AD_UNEXPECTED_MESSAGE;
716 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_BAD_MESSAGE_TYPE);
717 goto f_err;
718 }
719 }
720 }
721
722 if ( s->s3->tmp.message_type != SSL3_MT_SERVER_HELLO)
723 {
724 al=SSL_AD_UNEXPECTED_MESSAGE;
725 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_BAD_MESSAGE_TYPE);
726 goto f_err;
727 }
728
729 d=p=(unsigned char *)s->init_msg; 627 d=p=(unsigned char *)s->init_msg;
730 628
731 if ((p[0] != (s->version>>8)) || (p[1] != (s->version&0xff))) 629 if ((p[0] != (s->version>>8)) || (p[1] != (s->version&0xff)))
@@ -821,14 +719,6 @@ int ssl3_get_server_hello(SSL *s)
821 719
822 /* lets get the compression algorithm */ 720 /* lets get the compression algorithm */
823 /* COMPRESSION */ 721 /* COMPRESSION */
824#ifdef OPENSSL_NO_COMP
825 if (*(p++) != 0)
826 {
827 al=SSL_AD_ILLEGAL_PARAMETER;
828 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
829 goto f_err;
830 }
831#else
832 j= *(p++); 722 j= *(p++);
833 if (j == 0) 723 if (j == 0)
834 comp=NULL; 724 comp=NULL;
@@ -845,25 +735,6 @@ int ssl3_get_server_hello(SSL *s)
845 { 735 {
846 s->s3->tmp.new_compression=comp; 736 s->s3->tmp.new_compression=comp;
847 } 737 }
848#endif
849#ifndef OPENSSL_NO_TLSEXT
850 /* TLS extensions*/
851 if (s->version > SSL3_VERSION)
852 {
853 if (!ssl_parse_serverhello_tlsext(s,&p,d,n, &al))
854 {
855 /* 'al' set by ssl_parse_serverhello_tlsext */
856 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_PARSE_TLSEXT);
857 goto f_err;
858 }
859 if (ssl_check_serverhello_tlsext(s) <= 0)
860 {
861 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_SERVERHELLO_TLSEXT);
862 goto err;
863 }
864 }
865#endif
866
867 738
868 if (p != (d+n)) 739 if (p != (d+n))
869 { 740 {
@@ -880,19 +751,18 @@ err:
880 return(-1); 751 return(-1);
881 } 752 }
882 753
883int ssl3_get_server_certificate(SSL *s) 754static int ssl3_get_server_certificate(SSL *s)
884 { 755 {
885 int al,i,ok,ret= -1; 756 int al,i,ok,ret= -1;
886 unsigned long n,nc,llen,l; 757 unsigned long n,nc,llen,l;
887 X509 *x=NULL; 758 X509 *x=NULL;
888 const unsigned char *q,*p; 759 unsigned char *p,*d,*q;
889 unsigned char *d;
890 STACK_OF(X509) *sk=NULL; 760 STACK_OF(X509) *sk=NULL;
891 SESS_CERT *sc; 761 SESS_CERT *sc;
892 EVP_PKEY *pkey=NULL; 762 EVP_PKEY *pkey=NULL;
893 int need_cert = 1; /* VRS: 0=> will allow null cert if auth == KRB5 */ 763 int need_cert = 1; /* VRS: 0=> will allow null cert if auth == KRB5 */
894 764
895 n=s->method->ssl_get_message(s, 765 n=ssl3_get_message(s,
896 SSL3_ST_CR_CERT_A, 766 SSL3_ST_CR_CERT_A,
897 SSL3_ST_CR_CERT_B, 767 SSL3_ST_CR_CERT_B,
898 -1, 768 -1,
@@ -901,9 +771,7 @@ int ssl3_get_server_certificate(SSL *s)
901 771
902 if (!ok) return((int)n); 772 if (!ok) return((int)n);
903 773
904 if ((s->s3->tmp.message_type == SSL3_MT_SERVER_KEY_EXCHANGE) || 774 if (s->s3->tmp.message_type == SSL3_MT_SERVER_KEY_EXCHANGE)
905 ((s->s3->tmp.new_cipher->algorithms & SSL_aKRB5) &&
906 (s->s3->tmp.message_type == SSL3_MT_SERVER_DONE)))
907 { 775 {
908 s->s3->tmp.reuse_message=1; 776 s->s3->tmp.reuse_message=1;
909 return(1); 777 return(1);
@@ -915,7 +783,7 @@ int ssl3_get_server_certificate(SSL *s)
915 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_BAD_MESSAGE_TYPE); 783 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_BAD_MESSAGE_TYPE);
916 goto f_err; 784 goto f_err;
917 } 785 }
918 p=d=(unsigned char *)s->init_msg; 786 d=p=(unsigned char *)s->init_msg;
919 787
920 if ((sk=sk_X509_new_null()) == NULL) 788 if ((sk=sk_X509_new_null()) == NULL)
921 { 789 {
@@ -967,10 +835,10 @@ int ssl3_get_server_certificate(SSL *s)
967 i=ssl_verify_cert_chain(s,sk); 835 i=ssl_verify_cert_chain(s,sk);
968 if ((s->verify_mode != SSL_VERIFY_NONE) && (!i) 836 if ((s->verify_mode != SSL_VERIFY_NONE) && (!i)
969#ifndef OPENSSL_NO_KRB5 837#ifndef OPENSSL_NO_KRB5
970 && (s->s3->tmp.new_cipher->algorithms & (SSL_MKEY_MASK|SSL_AUTH_MASK)) 838 && (s->s3->tmp.new_cipher->algorithms & (SSL_MKEY_MASK|SSL_AUTH_MASK))
971 != (SSL_aKRB5|SSL_kKRB5) 839 != (SSL_aKRB5|SSL_kKRB5)
972#endif /* OPENSSL_NO_KRB5 */ 840#endif /* OPENSSL_NO_KRB5 */
973 ) 841 )
974 { 842 {
975 al=ssl_verify_alarm_type(s->verify_result); 843 al=ssl_verify_alarm_type(s->verify_result);
976 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_CERTIFICATE_VERIFY_FAILED); 844 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_CERTIFICATE_VERIFY_FAILED);
@@ -993,16 +861,16 @@ int ssl3_get_server_certificate(SSL *s)
993 861
994 pkey=X509_get_pubkey(x); 862 pkey=X509_get_pubkey(x);
995 863
996 /* VRS: allow null cert if auth == KRB5 */ 864 /* VRS: allow null cert if auth == KRB5 */
997 need_cert = ((s->s3->tmp.new_cipher->algorithms 865 need_cert = ((s->s3->tmp.new_cipher->algorithms
998 & (SSL_MKEY_MASK|SSL_AUTH_MASK)) 866 & (SSL_MKEY_MASK|SSL_AUTH_MASK))
999 == (SSL_aKRB5|SSL_kKRB5))? 0: 1; 867 == (SSL_aKRB5|SSL_kKRB5))? 0: 1;
1000 868
1001#ifdef KSSL_DEBUG 869#ifdef KSSL_DEBUG
1002 printf("pkey,x = %p, %p\n", pkey,x); 870 printf("pkey,x = %p, %p\n", pkey,x);
1003 printf("ssl_cert_type(x,pkey) = %d\n", ssl_cert_type(x,pkey)); 871 printf("ssl_cert_type(x,pkey) = %d\n", ssl_cert_type(x,pkey));
1004 printf("cipher, alg, nc = %s, %lx, %d\n", s->s3->tmp.new_cipher->name, 872 printf("cipher, alg, nc = %s, %lx, %d\n", s->s3->tmp.new_cipher->name,
1005 s->s3->tmp.new_cipher->algorithms, need_cert); 873 s->s3->tmp.new_cipher->algorithms, need_cert);
1006#endif /* KSSL_DEBUG */ 874#endif /* KSSL_DEBUG */
1007 875
1008 if (need_cert && ((pkey == NULL) || EVP_PKEY_missing_parameters(pkey))) 876 if (need_cert && ((pkey == NULL) || EVP_PKEY_missing_parameters(pkey)))
@@ -1024,31 +892,31 @@ int ssl3_get_server_certificate(SSL *s)
1024 goto f_err; 892 goto f_err;
1025 } 893 }
1026 894
1027 if (need_cert) 895 if (need_cert)
1028 { 896 {
1029 sc->peer_cert_type=i; 897 sc->peer_cert_type=i;
1030 CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509); 898 CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509);
1031 /* Why would the following ever happen? 899 /* Why would the following ever happen?
1032 * We just created sc a couple of lines ago. */ 900 * We just created sc a couple of lines ago. */
1033 if (sc->peer_pkeys[i].x509 != NULL) 901 if (sc->peer_pkeys[i].x509 != NULL)
1034 X509_free(sc->peer_pkeys[i].x509); 902 X509_free(sc->peer_pkeys[i].x509);
1035 sc->peer_pkeys[i].x509=x; 903 sc->peer_pkeys[i].x509=x;
1036 sc->peer_key= &(sc->peer_pkeys[i]); 904 sc->peer_key= &(sc->peer_pkeys[i]);
1037 905
1038 if (s->session->peer != NULL) 906 if (s->session->peer != NULL)
1039 X509_free(s->session->peer); 907 X509_free(s->session->peer);
1040 CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509); 908 CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509);
1041 s->session->peer=x; 909 s->session->peer=x;
1042 } 910 }
1043 else 911 else
1044 { 912 {
1045 sc->peer_cert_type=i; 913 sc->peer_cert_type=i;
1046 sc->peer_key= NULL; 914 sc->peer_key= NULL;
1047 915
1048 if (s->session->peer != NULL) 916 if (s->session->peer != NULL)
1049 X509_free(s->session->peer); 917 X509_free(s->session->peer);
1050 s->session->peer=NULL; 918 s->session->peer=NULL;
1051 } 919 }
1052 s->session->verify_result = s->verify_result; 920 s->session->verify_result = s->verify_result;
1053 921
1054 x=NULL; 922 x=NULL;
@@ -1066,7 +934,7 @@ err:
1066 return(ret); 934 return(ret);
1067 } 935 }
1068 936
1069int ssl3_get_key_exchange(SSL *s) 937static int ssl3_get_key_exchange(SSL *s)
1070 { 938 {
1071#ifndef OPENSSL_NO_RSA 939#ifndef OPENSSL_NO_RSA
1072 unsigned char *q,md_buf[EVP_MAX_MD_SIZE*2]; 940 unsigned char *q,md_buf[EVP_MAX_MD_SIZE*2];
@@ -1082,17 +950,10 @@ int ssl3_get_key_exchange(SSL *s)
1082#ifndef OPENSSL_NO_DH 950#ifndef OPENSSL_NO_DH
1083 DH *dh=NULL; 951 DH *dh=NULL;
1084#endif 952#endif
1085#ifndef OPENSSL_NO_ECDH
1086 EC_KEY *ecdh = NULL;
1087 BN_CTX *bn_ctx = NULL;
1088 EC_POINT *srvr_ecpoint = NULL;
1089 int curve_nid = 0;
1090 int encoded_pt_len = 0;
1091#endif
1092 953
1093 /* use same message size as in ssl3_get_certificate_request() 954 /* use same message size as in ssl3_get_certificate_request()
1094 * as ServerKeyExchange message may be skipped */ 955 * as ServerKeyExchange message may be skipped */
1095 n=s->method->ssl_get_message(s, 956 n=ssl3_get_message(s,
1096 SSL3_ST_CR_KEY_EXCH_A, 957 SSL3_ST_CR_KEY_EXCH_A,
1097 SSL3_ST_CR_KEY_EXCH_B, 958 SSL3_ST_CR_KEY_EXCH_B,
1098 -1, 959 -1,
@@ -1125,13 +986,6 @@ int ssl3_get_key_exchange(SSL *s)
1125 s->session->sess_cert->peer_dh_tmp=NULL; 986 s->session->sess_cert->peer_dh_tmp=NULL;
1126 } 987 }
1127#endif 988#endif
1128#ifndef OPENSSL_NO_ECDH
1129 if (s->session->sess_cert->peer_ecdh_tmp)
1130 {
1131 EC_KEY_free(s->session->sess_cert->peer_ecdh_tmp);
1132 s->session->sess_cert->peer_ecdh_tmp=NULL;
1133 }
1134#endif
1135 } 989 }
1136 else 990 else
1137 { 991 {
@@ -1273,114 +1127,6 @@ int ssl3_get_key_exchange(SSL *s)
1273 goto f_err; 1127 goto f_err;
1274 } 1128 }
1275#endif /* !OPENSSL_NO_DH */ 1129#endif /* !OPENSSL_NO_DH */
1276
1277#ifndef OPENSSL_NO_ECDH
1278 else if (alg & SSL_kECDHE)
1279 {
1280 EC_GROUP *ngroup;
1281 const EC_GROUP *group;
1282
1283 if ((ecdh=EC_KEY_new()) == NULL)
1284 {
1285 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
1286 goto err;
1287 }
1288
1289 /* Extract elliptic curve parameters and the
1290 * server's ephemeral ECDH public key.
1291 * Keep accumulating lengths of various components in
1292 * param_len and make sure it never exceeds n.
1293 */
1294
1295 /* XXX: For now we only support named (not generic) curves
1296 * and the ECParameters in this case is just three bytes.
1297 */
1298 param_len=3;
1299 if ((param_len > n) ||
1300 (*p != NAMED_CURVE_TYPE) ||
1301 ((curve_nid = curve_id2nid(*(p + 2))) == 0))
1302 {
1303 al=SSL_AD_INTERNAL_ERROR;
1304 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS);
1305 goto f_err;
1306 }
1307
1308 ngroup = EC_GROUP_new_by_curve_name(curve_nid);
1309 if (ngroup == NULL)
1310 {
1311 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_EC_LIB);
1312 goto err;
1313 }
1314 if (EC_KEY_set_group(ecdh, ngroup) == 0)
1315 {
1316 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_EC_LIB);
1317 goto err;
1318 }
1319 EC_GROUP_free(ngroup);
1320
1321 group = EC_KEY_get0_group(ecdh);
1322
1323 if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) &&
1324 (EC_GROUP_get_degree(group) > 163))
1325 {
1326 al=SSL_AD_EXPORT_RESTRICTION;
1327 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER);
1328 goto f_err;
1329 }
1330
1331 p+=3;
1332
1333 /* Next, get the encoded ECPoint */
1334 if (((srvr_ecpoint = EC_POINT_new(group)) == NULL) ||
1335 ((bn_ctx = BN_CTX_new()) == NULL))
1336 {
1337 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
1338 goto err;
1339 }
1340
1341 encoded_pt_len = *p; /* length of encoded point */
1342 p+=1;
1343 param_len += (1 + encoded_pt_len);
1344 if ((param_len > n) ||
1345 (EC_POINT_oct2point(group, srvr_ecpoint,
1346 p, encoded_pt_len, bn_ctx) == 0))
1347 {
1348 al=SSL_AD_DECODE_ERROR;
1349 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_ECPOINT);
1350 goto f_err;
1351 }
1352
1353 n-=param_len;
1354 p+=encoded_pt_len;
1355
1356 /* The ECC/TLS specification does not mention
1357 * the use of DSA to sign ECParameters in the server
1358 * key exchange message. We do support RSA and ECDSA.
1359 */
1360 if (0) ;
1361#ifndef OPENSSL_NO_RSA
1362 else if (alg & SSL_aRSA)
1363 pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
1364#endif
1365#ifndef OPENSSL_NO_ECDSA
1366 else if (alg & SSL_aECDSA)
1367 pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_ECC].x509);
1368#endif
1369 /* else anonymous ECDH, so no certificate or pkey. */
1370 EC_KEY_set_public_key(ecdh, srvr_ecpoint);
1371 s->session->sess_cert->peer_ecdh_tmp=ecdh;
1372 ecdh=NULL;
1373 BN_CTX_free(bn_ctx);
1374 EC_POINT_free(srvr_ecpoint);
1375 srvr_ecpoint = NULL;
1376 }
1377 else if (alg & SSL_kECDH)
1378 {
1379 al=SSL_AD_UNEXPECTED_MESSAGE;
1380 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE);
1381 goto f_err;
1382 }
1383#endif /* !OPENSSL_NO_ECDH */
1384 if (alg & SSL_aFZA) 1130 if (alg & SSL_aFZA)
1385 { 1131 {
1386 al=SSL_AD_HANDSHAKE_FAILURE; 1132 al=SSL_AD_HANDSHAKE_FAILURE;
@@ -1391,6 +1137,7 @@ int ssl3_get_key_exchange(SSL *s)
1391 1137
1392 /* p points to the next byte, there are 'n' bytes left */ 1138 /* p points to the next byte, there are 'n' bytes left */
1393 1139
1140
1394 /* if it was signed, check the signature */ 1141 /* if it was signed, check the signature */
1395 if (pkey != NULL) 1142 if (pkey != NULL)
1396 { 1143 {
@@ -1415,11 +1162,14 @@ int ssl3_get_key_exchange(SSL *s)
1415 q=md_buf; 1162 q=md_buf;
1416 for (num=2; num > 0; num--) 1163 for (num=2; num > 0; num--)
1417 { 1164 {
1165 EVP_MD_CTX_set_flags(&md_ctx,
1166 EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
1418 EVP_DigestInit_ex(&md_ctx,(num == 2) 1167 EVP_DigestInit_ex(&md_ctx,(num == 2)
1419 ?s->ctx->md5:s->ctx->sha1, NULL); 1168 ?s->ctx->md5:s->ctx->sha1, NULL);
1420 EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); 1169 EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
1421 EVP_DigestUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE); 1170 EVP_DigestUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
1422 EVP_DigestUpdate(&md_ctx,param,param_len); 1171 EVP_DigestUpdate(&md_ctx,param,param_len);
1172
1423 EVP_DigestFinal_ex(&md_ctx,q,(unsigned int *)&i); 1173 EVP_DigestFinal_ex(&md_ctx,q,(unsigned int *)&i);
1424 q+=i; 1174 q+=i;
1425 j+=i; 1175 j+=i;
@@ -1460,24 +1210,6 @@ int ssl3_get_key_exchange(SSL *s)
1460 } 1210 }
1461 else 1211 else
1462#endif 1212#endif
1463#ifndef OPENSSL_NO_ECDSA
1464 if (pkey->type == EVP_PKEY_EC)
1465 {
1466 /* let's do ECDSA */
1467 EVP_VerifyInit_ex(&md_ctx,EVP_ecdsa(), NULL);
1468 EVP_VerifyUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
1469 EVP_VerifyUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
1470 EVP_VerifyUpdate(&md_ctx,param,param_len);
1471 if (!EVP_VerifyFinal(&md_ctx,p,(int)n,pkey))
1472 {
1473 /* bad signature */
1474 al=SSL_AD_DECRYPT_ERROR;
1475 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_SIGNATURE);
1476 goto f_err;
1477 }
1478 }
1479 else
1480#endif
1481 { 1213 {
1482 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR); 1214 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
1483 goto err; 1215 goto err;
@@ -1513,27 +1245,20 @@ err:
1513 if (dh != NULL) 1245 if (dh != NULL)
1514 DH_free(dh); 1246 DH_free(dh);
1515#endif 1247#endif
1516#ifndef OPENSSL_NO_ECDH
1517 BN_CTX_free(bn_ctx);
1518 EC_POINT_free(srvr_ecpoint);
1519 if (ecdh != NULL)
1520 EC_KEY_free(ecdh);
1521#endif
1522 EVP_MD_CTX_cleanup(&md_ctx); 1248 EVP_MD_CTX_cleanup(&md_ctx);
1523 return(-1); 1249 return(-1);
1524 } 1250 }
1525 1251
1526int ssl3_get_certificate_request(SSL *s) 1252static int ssl3_get_certificate_request(SSL *s)
1527 { 1253 {
1528 int ok,ret=0; 1254 int ok,ret=0;
1529 unsigned long n,nc,l; 1255 unsigned long n,nc,l;
1530 unsigned int llen,ctype_num,i; 1256 unsigned int llen,ctype_num,i;
1531 X509_NAME *xn=NULL; 1257 X509_NAME *xn=NULL;
1532 const unsigned char *p,*q; 1258 unsigned char *p,*d,*q;
1533 unsigned char *d;
1534 STACK_OF(X509_NAME) *ca_sk=NULL; 1259 STACK_OF(X509_NAME) *ca_sk=NULL;
1535 1260
1536 n=s->method->ssl_get_message(s, 1261 n=ssl3_get_message(s,
1537 SSL3_ST_CR_CERT_REQ_A, 1262 SSL3_ST_CR_CERT_REQ_A,
1538 SSL3_ST_CR_CERT_REQ_B, 1263 SSL3_ST_CR_CERT_REQ_B,
1539 -1, 1264 -1,
@@ -1569,7 +1294,7 @@ int ssl3_get_certificate_request(SSL *s)
1569 } 1294 }
1570 } 1295 }
1571 1296
1572 p=d=(unsigned char *)s->init_msg; 1297 d=p=(unsigned char *)s->init_msg;
1573 1298
1574 if ((ca_sk=sk_X509_NAME_new(ca_dn_cmp)) == NULL) 1299 if ((ca_sk=sk_X509_NAME_new(ca_dn_cmp)) == NULL)
1575 { 1300 {
@@ -1670,150 +1395,13 @@ static int ca_dn_cmp(const X509_NAME * const *a, const X509_NAME * const *b)
1670 { 1395 {
1671 return(X509_NAME_cmp(*a,*b)); 1396 return(X509_NAME_cmp(*a,*b));
1672 } 1397 }
1673#ifndef OPENSSL_NO_TLSEXT
1674int ssl3_get_new_session_ticket(SSL *s)
1675 {
1676 int ok,al,ret=0, ticklen;
1677 long n;
1678 const unsigned char *p;
1679 unsigned char *d;
1680 1398
1681 n=s->method->ssl_get_message(s, 1399static int ssl3_get_server_done(SSL *s)
1682 SSL3_ST_CR_SESSION_TICKET_A,
1683 SSL3_ST_CR_SESSION_TICKET_B,
1684 -1,
1685 16384,
1686 &ok);
1687
1688 if (!ok)
1689 return((int)n);
1690
1691 if (s->s3->tmp.message_type == SSL3_MT_FINISHED)
1692 {
1693 s->s3->tmp.reuse_message=1;
1694 return(1);
1695 }
1696 if (s->s3->tmp.message_type != SSL3_MT_NEWSESSION_TICKET)
1697 {
1698 al=SSL_AD_UNEXPECTED_MESSAGE;
1699 SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,SSL_R_BAD_MESSAGE_TYPE);
1700 goto f_err;
1701 }
1702 if (n < 6)
1703 {
1704 /* need at least ticket_lifetime_hint + ticket length */
1705 al = SSL3_AL_FATAL,SSL_AD_DECODE_ERROR;
1706 SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,SSL_R_LENGTH_MISMATCH);
1707 goto f_err;
1708 }
1709 p=d=(unsigned char *)s->init_msg;
1710 n2l(p, s->session->tlsext_tick_lifetime_hint);
1711 n2s(p, ticklen);
1712 /* ticket_lifetime_hint + ticket_length + ticket */
1713 if (ticklen + 6 != n)
1714 {
1715 al = SSL3_AL_FATAL,SSL_AD_DECODE_ERROR;
1716 SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,SSL_R_LENGTH_MISMATCH);
1717 goto f_err;
1718 }
1719 if (s->session->tlsext_tick)
1720 {
1721 OPENSSL_free(s->session->tlsext_tick);
1722 s->session->tlsext_ticklen = 0;
1723 }
1724 s->session->tlsext_tick = OPENSSL_malloc(ticklen);
1725 if (!s->session->tlsext_tick)
1726 {
1727 SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,ERR_R_MALLOC_FAILURE);
1728 goto err;
1729 }
1730 memcpy(s->session->tlsext_tick, p, ticklen);
1731 s->session->tlsext_ticklen = ticklen;
1732
1733 ret=1;
1734 return(ret);
1735f_err:
1736 ssl3_send_alert(s,SSL3_AL_FATAL,al);
1737err:
1738 return(-1);
1739 }
1740
1741int ssl3_get_cert_status(SSL *s)
1742 {
1743 int ok, al;
1744 unsigned long resplen;
1745 long n;
1746 const unsigned char *p;
1747
1748 n=s->method->ssl_get_message(s,
1749 SSL3_ST_CR_CERT_STATUS_A,
1750 SSL3_ST_CR_CERT_STATUS_B,
1751 SSL3_MT_CERTIFICATE_STATUS,
1752 16384,
1753 &ok);
1754
1755 if (!ok) return((int)n);
1756 if (n < 4)
1757 {
1758 /* need at least status type + length */
1759 al = SSL_AD_DECODE_ERROR;
1760 SSLerr(SSL_F_SSL3_GET_CERT_STATUS,SSL_R_LENGTH_MISMATCH);
1761 goto f_err;
1762 }
1763 p = (unsigned char *)s->init_msg;
1764 if (*p++ != TLSEXT_STATUSTYPE_ocsp)
1765 {
1766 al = SSL_AD_DECODE_ERROR;
1767 SSLerr(SSL_F_SSL3_GET_CERT_STATUS,SSL_R_UNSUPPORTED_STATUS_TYPE);
1768 goto f_err;
1769 }
1770 n2l3(p, resplen);
1771 if (resplen + 4 != n)
1772 {
1773 al = SSL_AD_DECODE_ERROR;
1774 SSLerr(SSL_F_SSL3_GET_CERT_STATUS,SSL_R_LENGTH_MISMATCH);
1775 goto f_err;
1776 }
1777 if (s->tlsext_ocsp_resp)
1778 OPENSSL_free(s->tlsext_ocsp_resp);
1779 s->tlsext_ocsp_resp = BUF_memdup(p, resplen);
1780 if (!s->tlsext_ocsp_resp)
1781 {
1782 al = SSL_AD_INTERNAL_ERROR;
1783 SSLerr(SSL_F_SSL3_GET_CERT_STATUS,ERR_R_MALLOC_FAILURE);
1784 goto f_err;
1785 }
1786 s->tlsext_ocsp_resplen = resplen;
1787 if (s->ctx->tlsext_status_cb)
1788 {
1789 int ret;
1790 ret = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg);
1791 if (ret == 0)
1792 {
1793 al = SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE;
1794 SSLerr(SSL_F_SSL3_GET_CERT_STATUS,SSL_R_INVALID_STATUS_RESPONSE);
1795 goto f_err;
1796 }
1797 if (ret < 0)
1798 {
1799 al = SSL_AD_INTERNAL_ERROR;
1800 SSLerr(SSL_F_SSL3_GET_CERT_STATUS,ERR_R_MALLOC_FAILURE);
1801 goto f_err;
1802 }
1803 }
1804 return 1;
1805f_err:
1806 ssl3_send_alert(s,SSL3_AL_FATAL,al);
1807 return(-1);
1808 }
1809#endif
1810
1811int ssl3_get_server_done(SSL *s)
1812 { 1400 {
1813 int ok,ret=0; 1401 int ok,ret=0;
1814 long n; 1402 long n;
1815 1403
1816 n=s->method->ssl_get_message(s, 1404 n=ssl3_get_message(s,
1817 SSL3_ST_CR_SRVR_DONE_A, 1405 SSL3_ST_CR_SRVR_DONE_A,
1818 SSL3_ST_CR_SRVR_DONE_B, 1406 SSL3_ST_CR_SRVR_DONE_B,
1819 SSL3_MT_SERVER_DONE, 1407 SSL3_MT_SERVER_DONE,
@@ -1832,8 +1420,7 @@ int ssl3_get_server_done(SSL *s)
1832 return(ret); 1420 return(ret);
1833 } 1421 }
1834 1422
1835 1423static int ssl3_send_client_key_exchange(SSL *s)
1836int ssl3_send_client_key_exchange(SSL *s)
1837 { 1424 {
1838 unsigned char *p,*d; 1425 unsigned char *p,*d;
1839 int n; 1426 int n;
@@ -1843,16 +1430,8 @@ int ssl3_send_client_key_exchange(SSL *s)
1843 EVP_PKEY *pkey=NULL; 1430 EVP_PKEY *pkey=NULL;
1844#endif 1431#endif
1845#ifndef OPENSSL_NO_KRB5 1432#ifndef OPENSSL_NO_KRB5
1846 KSSL_ERR kssl_err; 1433 KSSL_ERR kssl_err;
1847#endif /* OPENSSL_NO_KRB5 */ 1434#endif /* OPENSSL_NO_KRB5 */
1848#ifndef OPENSSL_NO_ECDH
1849 EC_KEY *clnt_ecdh = NULL;
1850 const EC_POINT *srvr_ecpoint = NULL;
1851 EVP_PKEY *srvr_pub_pkey = NULL;
1852 unsigned char *encodedPoint = NULL;
1853 int encoded_pt_len = 0;
1854 BN_CTX * bn_ctx = NULL;
1855#endif
1856 1435
1857 if (s->state == SSL3_ST_CW_KEY_EXCH_A) 1436 if (s->state == SSL3_ST_CW_KEY_EXCH_A)
1858 { 1437 {
@@ -1861,8 +1440,8 @@ int ssl3_send_client_key_exchange(SSL *s)
1861 1440
1862 l=s->s3->tmp.new_cipher->algorithms; 1441 l=s->s3->tmp.new_cipher->algorithms;
1863 1442
1864 /* Fool emacs indentation */ 1443 /* Fool emacs indentation */
1865 if (0) {} 1444 if (0) {}
1866#ifndef OPENSSL_NO_RSA 1445#ifndef OPENSSL_NO_RSA
1867 else if (l & SSL_kRSA) 1446 else if (l & SSL_kRSA)
1868 { 1447 {
@@ -1924,12 +1503,12 @@ int ssl3_send_client_key_exchange(SSL *s)
1924#endif 1503#endif
1925#ifndef OPENSSL_NO_KRB5 1504#ifndef OPENSSL_NO_KRB5
1926 else if (l & SSL_kKRB5) 1505 else if (l & SSL_kKRB5)
1927 { 1506 {
1928 krb5_error_code krb5rc; 1507 krb5_error_code krb5rc;
1929 KSSL_CTX *kssl_ctx = s->kssl_ctx; 1508 KSSL_CTX *kssl_ctx = s->kssl_ctx;
1930 /* krb5_data krb5_ap_req; */ 1509 /* krb5_data krb5_ap_req; */
1931 krb5_data *enc_ticket; 1510 krb5_data *enc_ticket;
1932 krb5_data authenticator, *authp = NULL; 1511 krb5_data authenticator, *authp = NULL;
1933 EVP_CIPHER_CTX ciph_ctx; 1512 EVP_CIPHER_CTX ciph_ctx;
1934 EVP_CIPHER *enc = NULL; 1513 EVP_CIPHER *enc = NULL;
1935 unsigned char iv[EVP_MAX_IV_LENGTH]; 1514 unsigned char iv[EVP_MAX_IV_LENGTH];
@@ -1941,8 +1520,8 @@ int ssl3_send_client_key_exchange(SSL *s)
1941 EVP_CIPHER_CTX_init(&ciph_ctx); 1520 EVP_CIPHER_CTX_init(&ciph_ctx);
1942 1521
1943#ifdef KSSL_DEBUG 1522#ifdef KSSL_DEBUG
1944 printf("ssl3_send_client_key_exchange(%lx & %lx)\n", 1523 printf("ssl3_send_client_key_exchange(%lx & %lx)\n",
1945 l, SSL_kKRB5); 1524 l, SSL_kKRB5);
1946#endif /* KSSL_DEBUG */ 1525#endif /* KSSL_DEBUG */
1947 1526
1948 authp = NULL; 1527 authp = NULL;
@@ -1950,37 +1529,37 @@ int ssl3_send_client_key_exchange(SSL *s)
1950 if (KRB5SENDAUTH) authp = &authenticator; 1529 if (KRB5SENDAUTH) authp = &authenticator;
1951#endif /* KRB5SENDAUTH */ 1530#endif /* KRB5SENDAUTH */
1952 1531
1953 krb5rc = kssl_cget_tkt(kssl_ctx, &enc_ticket, authp, 1532 krb5rc = kssl_cget_tkt(kssl_ctx, &enc_ticket, authp,
1954 &kssl_err); 1533 &kssl_err);
1955 enc = kssl_map_enc(kssl_ctx->enctype); 1534 enc = kssl_map_enc(kssl_ctx->enctype);
1956 if (enc == NULL) 1535 if (enc == NULL)
1957 goto err; 1536 goto err;
1958#ifdef KSSL_DEBUG 1537#ifdef KSSL_DEBUG
1959 { 1538 {
1960 printf("kssl_cget_tkt rtn %d\n", krb5rc); 1539 printf("kssl_cget_tkt rtn %d\n", krb5rc);
1961 if (krb5rc && kssl_err.text) 1540 if (krb5rc && kssl_err.text)
1962 printf("kssl_cget_tkt kssl_err=%s\n", kssl_err.text); 1541 printf("kssl_cget_tkt kssl_err=%s\n", kssl_err.text);
1963 } 1542 }
1964#endif /* KSSL_DEBUG */ 1543#endif /* KSSL_DEBUG */
1965 1544
1966 if (krb5rc) 1545 if (krb5rc)
1967 { 1546 {
1968 ssl3_send_alert(s,SSL3_AL_FATAL, 1547 ssl3_send_alert(s,SSL3_AL_FATAL,
1969 SSL_AD_HANDSHAKE_FAILURE); 1548 SSL_AD_HANDSHAKE_FAILURE);
1970 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, 1549 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
1971 kssl_err.reason); 1550 kssl_err.reason);
1972 goto err; 1551 goto err;
1973 } 1552 }
1974 1553
1975 /* 20010406 VRS - Earlier versions used KRB5 AP_REQ 1554 /* 20010406 VRS - Earlier versions used KRB5 AP_REQ
1976 ** in place of RFC 2712 KerberosWrapper, as in: 1555 ** in place of RFC 2712 KerberosWrapper, as in:
1977 ** 1556 **
1978 ** Send ticket (copy to *p, set n = length) 1557 ** Send ticket (copy to *p, set n = length)
1979 ** n = krb5_ap_req.length; 1558 ** n = krb5_ap_req.length;
1980 ** memcpy(p, krb5_ap_req.data, krb5_ap_req.length); 1559 ** memcpy(p, krb5_ap_req.data, krb5_ap_req.length);
1981 ** if (krb5_ap_req.data) 1560 ** if (krb5_ap_req.data)
1982 ** kssl_krb5_free_data_contents(NULL,&krb5_ap_req); 1561 ** kssl_krb5_free_data_contents(NULL,&krb5_ap_req);
1983 ** 1562 **
1984 ** Now using real RFC 2712 KerberosWrapper 1563 ** Now using real RFC 2712 KerberosWrapper
1985 ** (Thanks to Simon Wilkinson <sxw@sxw.org.uk>) 1564 ** (Thanks to Simon Wilkinson <sxw@sxw.org.uk>)
1986 ** Note: 2712 "opaque" types are here replaced 1565 ** Note: 2712 "opaque" types are here replaced
@@ -2015,10 +1594,8 @@ int ssl3_send_client_key_exchange(SSL *s)
2015 n+=2; 1594 n+=2;
2016 } 1595 }
2017 1596
2018 tmp_buf[0]=s->client_version>>8; 1597 if (RAND_bytes(tmp_buf,sizeof tmp_buf) <= 0)
2019 tmp_buf[1]=s->client_version&0xff; 1598 goto err;
2020 if (RAND_bytes(&(tmp_buf[2]),sizeof tmp_buf-2) <= 0)
2021 goto err;
2022 1599
2023 /* 20010420 VRS. Tried it this way; failed. 1600 /* 20010420 VRS. Tried it this way; failed.
2024 ** EVP_EncryptInit_ex(&ciph_ctx,enc, NULL,NULL); 1601 ** EVP_EncryptInit_ex(&ciph_ctx,enc, NULL,NULL);
@@ -2047,27 +1624,20 @@ int ssl3_send_client_key_exchange(SSL *s)
2047 p+=outl; 1624 p+=outl;
2048 n+=outl + 2; 1625 n+=outl + 2;
2049 1626
2050 s->session->master_key_length= 1627 s->session->master_key_length=
2051 s->method->ssl3_enc->generate_master_secret(s, 1628 s->method->ssl3_enc->generate_master_secret(s,
2052 s->session->master_key, 1629 s->session->master_key,
2053 tmp_buf, sizeof tmp_buf); 1630 tmp_buf, sizeof tmp_buf);
2054 1631
2055 OPENSSL_cleanse(tmp_buf, sizeof tmp_buf); 1632 OPENSSL_cleanse(tmp_buf, sizeof tmp_buf);
2056 OPENSSL_cleanse(epms, outl); 1633 OPENSSL_cleanse(epms, outl);
2057 } 1634 }
2058#endif 1635#endif
2059#ifndef OPENSSL_NO_DH 1636#ifndef OPENSSL_NO_DH
2060 else if (l & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) 1637 else if (l & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
2061 { 1638 {
2062 DH *dh_srvr,*dh_clnt; 1639 DH *dh_srvr,*dh_clnt;
2063 1640
2064 if (s->session->sess_cert == NULL)
2065 {
2066 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE);
2067 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE);
2068 goto err;
2069 }
2070
2071 if (s->session->sess_cert->peer_dh_tmp != NULL) 1641 if (s->session->sess_cert->peer_dh_tmp != NULL)
2072 dh_srvr=s->session->sess_cert->peer_dh_tmp; 1642 dh_srvr=s->session->sess_cert->peer_dh_tmp;
2073 else 1643 else
@@ -2119,198 +1689,10 @@ int ssl3_send_client_key_exchange(SSL *s)
2119 /* perhaps clean things up a bit EAY EAY EAY EAY*/ 1689 /* perhaps clean things up a bit EAY EAY EAY EAY*/
2120 } 1690 }
2121#endif 1691#endif
2122
2123#ifndef OPENSSL_NO_ECDH
2124 else if ((l & SSL_kECDH) || (l & SSL_kECDHE))
2125 {
2126 const EC_GROUP *srvr_group = NULL;
2127 EC_KEY *tkey;
2128 int ecdh_clnt_cert = 0;
2129 int field_size = 0;
2130
2131 /* Did we send out the client's
2132 * ECDH share for use in premaster
2133 * computation as part of client certificate?
2134 * If so, set ecdh_clnt_cert to 1.
2135 */
2136 if ((l & SSL_kECDH) && (s->cert != NULL))
2137 {
2138 /* XXX: For now, we do not support client
2139 * authentication using ECDH certificates.
2140 * To add such support, one needs to add
2141 * code that checks for appropriate
2142 * conditions and sets ecdh_clnt_cert to 1.
2143 * For example, the cert have an ECC
2144 * key on the same curve as the server's
2145 * and the key should be authorized for
2146 * key agreement.
2147 *
2148 * One also needs to add code in ssl3_connect
2149 * to skip sending the certificate verify
2150 * message.
2151 *
2152 * if ((s->cert->key->privatekey != NULL) &&
2153 * (s->cert->key->privatekey->type ==
2154 * EVP_PKEY_EC) && ...)
2155 * ecdh_clnt_cert = 1;
2156 */
2157 }
2158
2159 if (s->session->sess_cert->peer_ecdh_tmp != NULL)
2160 {
2161 tkey = s->session->sess_cert->peer_ecdh_tmp;
2162 }
2163 else
2164 {
2165 /* Get the Server Public Key from Cert */
2166 srvr_pub_pkey = X509_get_pubkey(s->session-> \
2167 sess_cert->peer_pkeys[SSL_PKEY_ECC].x509);
2168 if ((srvr_pub_pkey == NULL) ||
2169 (srvr_pub_pkey->type != EVP_PKEY_EC) ||
2170 (srvr_pub_pkey->pkey.ec == NULL))
2171 {
2172 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2173 ERR_R_INTERNAL_ERROR);
2174 goto err;
2175 }
2176
2177 tkey = srvr_pub_pkey->pkey.ec;
2178 }
2179
2180 srvr_group = EC_KEY_get0_group(tkey);
2181 srvr_ecpoint = EC_KEY_get0_public_key(tkey);
2182
2183 if ((srvr_group == NULL) || (srvr_ecpoint == NULL))
2184 {
2185 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2186 ERR_R_INTERNAL_ERROR);
2187 goto err;
2188 }
2189
2190 if ((clnt_ecdh=EC_KEY_new()) == NULL)
2191 {
2192 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
2193 goto err;
2194 }
2195
2196 if (!EC_KEY_set_group(clnt_ecdh, srvr_group))
2197 {
2198 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_EC_LIB);
2199 goto err;
2200 }
2201 if (ecdh_clnt_cert)
2202 {
2203 /* Reuse key info from our certificate
2204 * We only need our private key to perform
2205 * the ECDH computation.
2206 */
2207 const BIGNUM *priv_key;
2208 tkey = s->cert->key->privatekey->pkey.ec;
2209 priv_key = EC_KEY_get0_private_key(tkey);
2210 if (priv_key == NULL)
2211 {
2212 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
2213 goto err;
2214 }
2215 if (!EC_KEY_set_private_key(clnt_ecdh, priv_key))
2216 {
2217 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_EC_LIB);
2218 goto err;
2219 }
2220 }
2221 else
2222 {
2223 /* Generate a new ECDH key pair */
2224 if (!(EC_KEY_generate_key(clnt_ecdh)))
2225 {
2226 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_ECDH_LIB);
2227 goto err;
2228 }
2229 }
2230
2231 /* use the 'p' output buffer for the ECDH key, but
2232 * make sure to clear it out afterwards
2233 */
2234
2235 field_size = EC_GROUP_get_degree(srvr_group);
2236 if (field_size <= 0)
2237 {
2238 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2239 ERR_R_ECDH_LIB);
2240 goto err;
2241 }
2242 n=ECDH_compute_key(p, (field_size+7)/8, srvr_ecpoint, clnt_ecdh, NULL);
2243 if (n <= 0)
2244 {
2245 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2246 ERR_R_ECDH_LIB);
2247 goto err;
2248 }
2249
2250 /* generate master key from the result */
2251 s->session->master_key_length = s->method->ssl3_enc \
2252 -> generate_master_secret(s,
2253 s->session->master_key,
2254 p, n);
2255
2256 memset(p, 0, n); /* clean up */
2257
2258 if (ecdh_clnt_cert)
2259 {
2260 /* Send empty client key exch message */
2261 n = 0;
2262 }
2263 else
2264 {
2265 /* First check the size of encoding and
2266 * allocate memory accordingly.
2267 */
2268 encoded_pt_len =
2269 EC_POINT_point2oct(srvr_group,
2270 EC_KEY_get0_public_key(clnt_ecdh),
2271 POINT_CONVERSION_UNCOMPRESSED,
2272 NULL, 0, NULL);
2273
2274 encodedPoint = (unsigned char *)
2275 OPENSSL_malloc(encoded_pt_len *
2276 sizeof(unsigned char));
2277 bn_ctx = BN_CTX_new();
2278 if ((encodedPoint == NULL) ||
2279 (bn_ctx == NULL))
2280 {
2281 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
2282 goto err;
2283 }
2284
2285 /* Encode the public key */
2286 n = EC_POINT_point2oct(srvr_group,
2287 EC_KEY_get0_public_key(clnt_ecdh),
2288 POINT_CONVERSION_UNCOMPRESSED,
2289 encodedPoint, encoded_pt_len, bn_ctx);
2290
2291 *p = n; /* length of encoded point */
2292 /* Encoded point will be copied here */
2293 p += 1;
2294 /* copy the point */
2295 memcpy((unsigned char *)p, encodedPoint, n);
2296 /* increment n to account for length field */
2297 n += 1;
2298 }
2299
2300 /* Free allocated memory */
2301 BN_CTX_free(bn_ctx);
2302 if (encodedPoint != NULL) OPENSSL_free(encodedPoint);
2303 if (clnt_ecdh != NULL)
2304 EC_KEY_free(clnt_ecdh);
2305 EVP_PKEY_free(srvr_pub_pkey);
2306 }
2307#endif /* !OPENSSL_NO_ECDH */
2308 else 1692 else
2309 { 1693 {
2310 ssl3_send_alert(s, SSL3_AL_FATAL, 1694 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE);
2311 SSL_AD_HANDSHAKE_FAILURE); 1695 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
2312 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2313 ERR_R_INTERNAL_ERROR);
2314 goto err; 1696 goto err;
2315 } 1697 }
2316 1698
@@ -2326,17 +1708,10 @@ int ssl3_send_client_key_exchange(SSL *s)
2326 /* SSL3_ST_CW_KEY_EXCH_B */ 1708 /* SSL3_ST_CW_KEY_EXCH_B */
2327 return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); 1709 return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
2328err: 1710err:
2329#ifndef OPENSSL_NO_ECDH
2330 BN_CTX_free(bn_ctx);
2331 if (encodedPoint != NULL) OPENSSL_free(encodedPoint);
2332 if (clnt_ecdh != NULL)
2333 EC_KEY_free(clnt_ecdh);
2334 EVP_PKEY_free(srvr_pub_pkey);
2335#endif
2336 return(-1); 1711 return(-1);
2337 } 1712 }
2338 1713
2339int ssl3_send_client_verify(SSL *s) 1714static int ssl3_send_client_verify(SSL *s)
2340 { 1715 {
2341 unsigned char *p,*d; 1716 unsigned char *p,*d;
2342 unsigned char data[MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH]; 1717 unsigned char data[MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH];
@@ -2345,7 +1720,7 @@ int ssl3_send_client_verify(SSL *s)
2345 unsigned u=0; 1720 unsigned u=0;
2346#endif 1721#endif
2347 unsigned long n; 1722 unsigned long n;
2348#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECDSA) 1723#ifndef OPENSSL_NO_DSA
2349 int j; 1724 int j;
2350#endif 1725#endif
2351 1726
@@ -2391,23 +1766,6 @@ int ssl3_send_client_verify(SSL *s)
2391 } 1766 }
2392 else 1767 else
2393#endif 1768#endif
2394#ifndef OPENSSL_NO_ECDSA
2395 if (pkey->type == EVP_PKEY_EC)
2396 {
2397 if (!ECDSA_sign(pkey->save_type,
2398 &(data[MD5_DIGEST_LENGTH]),
2399 SHA_DIGEST_LENGTH,&(p[2]),
2400 (unsigned int *)&j,pkey->pkey.ec))
2401 {
2402 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,
2403 ERR_R_ECDSA_LIB);
2404 goto err;
2405 }
2406 s2n(j,p);
2407 n=j+2;
2408 }
2409 else
2410#endif
2411 { 1769 {
2412 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,ERR_R_INTERNAL_ERROR); 1770 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,ERR_R_INTERNAL_ERROR);
2413 goto err; 1771 goto err;
@@ -2424,7 +1782,7 @@ err:
2424 return(-1); 1782 return(-1);
2425 } 1783 }
2426 1784
2427int ssl3_send_client_certificate(SSL *s) 1785static int ssl3_send_client_certificate(SSL *s)
2428 { 1786 {
2429 X509 *x509=NULL; 1787 X509 *x509=NULL;
2430 EVP_PKEY *pkey=NULL; 1788 EVP_PKEY *pkey=NULL;
@@ -2503,7 +1861,7 @@ int ssl3_send_client_certificate(SSL *s)
2503 1861
2504#define has_bits(i,m) (((i)&(m)) == (m)) 1862#define has_bits(i,m) (((i)&(m)) == (m))
2505 1863
2506int ssl3_check_cert_and_algorithm(SSL *s) 1864static int ssl3_check_cert_and_algorithm(SSL *s)
2507 { 1865 {
2508 int i,idx; 1866 int i,idx;
2509 long algs; 1867 long algs;
@@ -2518,18 +1876,18 @@ int ssl3_check_cert_and_algorithm(SSL *s)
2518 1876
2519 sc=s->session->sess_cert; 1877 sc=s->session->sess_cert;
2520 1878
2521 algs=s->s3->tmp.new_cipher->algorithms;
2522
2523 /* we don't have a certificate */
2524 if (algs & (SSL_aDH|SSL_aNULL|SSL_aKRB5))
2525 return(1);
2526
2527 if (sc == NULL) 1879 if (sc == NULL)
2528 { 1880 {
2529 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,ERR_R_INTERNAL_ERROR); 1881 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,ERR_R_INTERNAL_ERROR);
2530 goto err; 1882 goto err;
2531 } 1883 }
2532 1884
1885 algs=s->s3->tmp.new_cipher->algorithms;
1886
1887 /* we don't have a certificate */
1888 if (algs & (SSL_aDH|SSL_aNULL|SSL_aKRB5))
1889 return(1);
1890
2533#ifndef OPENSSL_NO_RSA 1891#ifndef OPENSSL_NO_RSA
2534 rsa=s->session->sess_cert->peer_rsa_tmp; 1892 rsa=s->session->sess_cert->peer_rsa_tmp;
2535#endif 1893#endif
@@ -2540,21 +1898,6 @@ int ssl3_check_cert_and_algorithm(SSL *s)
2540 /* This is the passed certificate */ 1898 /* This is the passed certificate */
2541 1899
2542 idx=sc->peer_cert_type; 1900 idx=sc->peer_cert_type;
2543#ifndef OPENSSL_NO_ECDH
2544 if (idx == SSL_PKEY_ECC)
2545 {
2546 if (check_srvr_ecc_cert_and_alg(sc->peer_pkeys[idx].x509,
2547 s->s3->tmp.new_cipher) == 0)
2548 { /* check failed */
2549 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_BAD_ECC_CERT);
2550 goto f_err;
2551 }
2552 else
2553 {
2554 return 1;
2555 }
2556 }
2557#endif
2558 pkey=X509_get_pubkey(sc->peer_pkeys[idx].x509); 1901 pkey=X509_get_pubkey(sc->peer_pkeys[idx].x509);
2559 i=X509_certificate_type(sc->peer_pkeys[idx].x509,pkey); 1902 i=X509_certificate_type(sc->peer_pkeys[idx].x509,pkey);
2560 EVP_PKEY_free(pkey); 1903 EVP_PKEY_free(pkey);
@@ -2640,79 +1983,3 @@ err:
2640 return(0); 1983 return(0);
2641 } 1984 }
2642 1985
2643
2644#ifndef OPENSSL_NO_ECDH
2645/* This is the complement of nid2curve_id in s3_srvr.c. */
2646static int curve_id2nid(int curve_id)
2647{
2648 /* ECC curves from draft-ietf-tls-ecc-01.txt (Mar 15, 2001)
2649 * (no changes in draft-ietf-tls-ecc-03.txt [June 2003]) */
2650 static int nid_list[26] =
2651 {
2652 0,
2653 NID_sect163k1, /* sect163k1 (1) */
2654 NID_sect163r1, /* sect163r1 (2) */
2655 NID_sect163r2, /* sect163r2 (3) */
2656 NID_sect193r1, /* sect193r1 (4) */
2657 NID_sect193r2, /* sect193r2 (5) */
2658 NID_sect233k1, /* sect233k1 (6) */
2659 NID_sect233r1, /* sect233r1 (7) */
2660 NID_sect239k1, /* sect239k1 (8) */
2661 NID_sect283k1, /* sect283k1 (9) */
2662 NID_sect283r1, /* sect283r1 (10) */
2663 NID_sect409k1, /* sect409k1 (11) */
2664 NID_sect409r1, /* sect409r1 (12) */
2665 NID_sect571k1, /* sect571k1 (13) */
2666 NID_sect571r1, /* sect571r1 (14) */
2667 NID_secp160k1, /* secp160k1 (15) */
2668 NID_secp160r1, /* secp160r1 (16) */
2669 NID_secp160r2, /* secp160r2 (17) */
2670 NID_secp192k1, /* secp192k1 (18) */
2671 NID_X9_62_prime192v1, /* secp192r1 (19) */
2672 NID_secp224k1, /* secp224k1 (20) */
2673 NID_secp224r1, /* secp224r1 (21) */
2674 NID_secp256k1, /* secp256k1 (22) */
2675 NID_X9_62_prime256v1, /* secp256r1 (23) */
2676 NID_secp384r1, /* secp384r1 (24) */
2677 NID_secp521r1 /* secp521r1 (25) */
2678 };
2679
2680 if ((curve_id < 1) || (curve_id > 25)) return 0;
2681
2682 return nid_list[curve_id];
2683}
2684#endif
2685
2686/* Check to see if handshake is full or resumed. Usually this is just a
2687 * case of checking to see if a cache hit has occurred. In the case of
2688 * session tickets we have to check the next message to be sure.
2689 */
2690
2691#ifndef OPENSSL_NO_TLSEXT
2692static int ssl3_check_finished(SSL *s)
2693 {
2694 int ok;
2695 long n;
2696 /* If we have no ticket or session ID is non-zero length (a match of
2697 * a non-zero session length would never reach here) it cannot be a
2698 * resumed session.
2699 */
2700 if (!s->session->tlsext_tick || s->session->session_id_length)
2701 return 1;
2702 /* this function is called when we really expect a Certificate
2703 * message, so permit appropriate message length */
2704 n=s->method->ssl_get_message(s,
2705 SSL3_ST_CR_CERT_A,
2706 SSL3_ST_CR_CERT_B,
2707 -1,
2708 s->max_cert_list,
2709 &ok);
2710 if (!ok) return((int)n);
2711 s->s3->tmp.reuse_message = 1;
2712 if ((s->s3->tmp.message_type == SSL3_MT_FINISHED)
2713 || (s->s3->tmp.message_type == SSL3_MT_NEWSESSION_TICKET))
2714 return 2;
2715
2716 return 1;
2717 }
2718#endif
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-26 22:27:43 +0000