summaryrefslogtreecommitdiff
path: root/src/lib/libssl/s3_clnt.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libssl/s3_clnt.c')
-rw-r--r--src/lib/libssl/s3_clnt.c42
1 files changed, 34 insertions, 8 deletions
diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c
index 9a87c1cfb3..9b823fddbd 100644
--- a/src/lib/libssl/s3_clnt.c
+++ b/src/lib/libssl/s3_clnt.c
@@ -130,10 +130,17 @@
130#include <openssl/objects.h> 130#include <openssl/objects.h>
131#include <openssl/evp.h> 131#include <openssl/evp.h>
132#include <openssl/md5.h> 132#include <openssl/md5.h>
133#ifdef OPENSSL_FIPS
134#include <openssl/fips.h>
135#endif
136
133#ifndef OPENSSL_NO_DH 137#ifndef OPENSSL_NO_DH
134#include <openssl/dh.h> 138#include <openssl/dh.h>
135#endif 139#endif
136#include <openssl/bn.h> 140#include <openssl/bn.h>
141#ifndef OPENSSL_NO_ENGINE
142#include <openssl/engine.h>
143#endif
137 144
138static SSL_METHOD *ssl3_get_client_method(int ver); 145static SSL_METHOD *ssl3_get_client_method(int ver);
139static int ca_dn_cmp(const X509_NAME * const *a,const X509_NAME * const *b); 146static int ca_dn_cmp(const X509_NAME * const *a,const X509_NAME * const *b);
@@ -1415,6 +1422,8 @@ int ssl3_get_key_exchange(SSL *s)
1415 q=md_buf; 1422 q=md_buf;
1416 for (num=2; num > 0; num--) 1423 for (num=2; num > 0; num--)
1417 { 1424 {
1425 EVP_MD_CTX_set_flags(&md_ctx,
1426 EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
1418 EVP_DigestInit_ex(&md_ctx,(num == 2) 1427 EVP_DigestInit_ex(&md_ctx,(num == 2)
1419 ?s->ctx->md5:s->ctx->sha1, NULL); 1428 ?s->ctx->md5:s->ctx->sha1, NULL);
1420 EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); 1429 EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
@@ -2061,12 +2070,12 @@ int ssl3_send_client_key_exchange(SSL *s)
2061 { 2070 {
2062 DH *dh_srvr,*dh_clnt; 2071 DH *dh_srvr,*dh_clnt;
2063 2072
2064 if (s->session->sess_cert == NULL) 2073 if (s->session->sess_cert == NULL)
2065 { 2074 {
2066 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE); 2075 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE);
2067 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE); 2076 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE);
2068 goto err; 2077 goto err;
2069 } 2078 }
2070 2079
2071 if (s->session->sess_cert->peer_dh_tmp != NULL) 2080 if (s->session->sess_cert->peer_dh_tmp != NULL)
2072 dh_srvr=s->session->sess_cert->peer_dh_tmp; 2081 dh_srvr=s->session->sess_cert->peer_dh_tmp;
@@ -2448,8 +2457,7 @@ int ssl3_send_client_certificate(SSL *s)
2448 * ssl->rwstate=SSL_X509_LOOKUP; return(-1); 2457 * ssl->rwstate=SSL_X509_LOOKUP; return(-1);
2449 * We then get retied later */ 2458 * We then get retied later */
2450 i=0; 2459 i=0;
2451 if (s->ctx->client_cert_cb != NULL) 2460 i = ssl_do_client_cert_cb(s, &x509, &pkey);
2452 i=s->ctx->client_cert_cb(s,&(x509),&(pkey));
2453 if (i < 0) 2461 if (i < 0)
2454 { 2462 {
2455 s->rwstate=SSL_X509_LOOKUP; 2463 s->rwstate=SSL_X509_LOOKUP;
@@ -2716,3 +2724,21 @@ static int ssl3_check_finished(SSL *s)
2716 return 1; 2724 return 1;
2717 } 2725 }
2718#endif 2726#endif
2727
2728int ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey)
2729 {
2730 int i = 0;
2731#ifndef OPENSSL_NO_ENGINE
2732 if (s->ctx->client_cert_engine)
2733 {
2734 i = ENGINE_load_ssl_client_cert(s->ctx->client_cert_engine, s,
2735 SSL_get_client_CA_list(s),
2736 px509, ppkey, NULL, NULL, NULL);
2737 if (i != 0)
2738 return i;
2739 }
2740#endif
2741 if (s->ctx->client_cert_cb)
2742 i = s->ctx->client_cert_cb(s,px509,ppkey);
2743 return i;
2744 }
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-26 22:15:00 +0000