summaryrefslogtreecommitdiff
path: root/src/lib/libssl/s3_clnt.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libssl/s3_clnt.c')
-rw-r--r--src/lib/libssl/s3_clnt.c624
1 files changed, 162 insertions, 462 deletions
diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c
index 41769febab..50308487aa 100644
--- a/src/lib/libssl/s3_clnt.c
+++ b/src/lib/libssl/s3_clnt.c
@@ -56,7 +56,7 @@
56 * [including the GNU Public Licence.] 56 * [including the GNU Public Licence.]
57 */ 57 */
58/* ==================================================================== 58/* ====================================================================
59 * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. 59 * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved.
60 * 60 *
61 * Redistribution and use in source and binary forms, with or without 61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions 62 * modification, are permitted provided that the following conditions
@@ -121,32 +121,6 @@
121 * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories. 121 * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
122 * 122 *
123 */ 123 */
124/* ====================================================================
125 * Copyright 2005 Nokia. All rights reserved.
126 *
127 * The portions of the attached software ("Contribution") is developed by
128 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
129 * license.
130 *
131 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
132 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
133 * support (see RFC 4279) to OpenSSL.
134 *
135 * No patent licenses or other rights except those expressly stated in
136 * the OpenSSL open source license shall be deemed granted or received
137 * expressly, by implication, estoppel, or otherwise.
138 *
139 * No assurances are provided by Nokia that the Contribution does not
140 * infringe the patent or other intellectual property rights of any third
141 * party or that the license provides you with all the necessary rights
142 * to make use of the Contribution.
143 *
144 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
145 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
146 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
147 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
148 * OTHERWISE.
149 */
150 124
151#include <stdio.h> 125#include <stdio.h>
152#include "ssl_locl.h" 126#include "ssl_locl.h"
@@ -156,6 +130,10 @@
156#include <openssl/objects.h> 130#include <openssl/objects.h>
157#include <openssl/evp.h> 131#include <openssl/evp.h>
158#include <openssl/md5.h> 132#include <openssl/md5.h>
133#ifdef OPENSSL_FIPS
134#include <openssl/fips.h>
135#endif
136
159#ifndef OPENSSL_NO_DH 137#ifndef OPENSSL_NO_DH
160#include <openssl/dh.h> 138#include <openssl/dh.h>
161#endif 139#endif
@@ -164,10 +142,18 @@
164#include <openssl/engine.h> 142#include <openssl/engine.h>
165#endif 143#endif
166 144
167static const SSL_METHOD *ssl3_get_client_method(int ver); 145static SSL_METHOD *ssl3_get_client_method(int ver);
168static int ca_dn_cmp(const X509_NAME * const *a,const X509_NAME * const *b); 146static int ca_dn_cmp(const X509_NAME * const *a,const X509_NAME * const *b);
147#ifndef OPENSSL_NO_TLSEXT
148static int ssl3_check_finished(SSL *s);
149#endif
169 150
170static const SSL_METHOD *ssl3_get_client_method(int ver) 151#ifndef OPENSSL_NO_ECDH
152static int curve_id2nid(int curve_id);
153int check_srvr_ecc_cert_and_alg(X509 *x, SSL_CIPHER *cs);
154#endif
155
156static SSL_METHOD *ssl3_get_client_method(int ver)
171 { 157 {
172 if (ver == SSL3_VERSION) 158 if (ver == SSL3_VERSION)
173 return(SSLv3_client_method()); 159 return(SSLv3_client_method());
@@ -183,7 +169,8 @@ IMPLEMENT_ssl3_meth_func(SSLv3_client_method,
183int ssl3_connect(SSL *s) 169int ssl3_connect(SSL *s)
184 { 170 {
185 BUF_MEM *buf=NULL; 171 BUF_MEM *buf=NULL;
186 unsigned long Time=(unsigned long)time(NULL); 172 unsigned long Time=(unsigned long)time(NULL),l;
173 long num1;
187 void (*cb)(const SSL *ssl,int type,int val)=NULL; 174 void (*cb)(const SSL *ssl,int type,int val)=NULL;
188 int ret= -1; 175 int ret= -1;
189 int new_state,state,skip=0; 176 int new_state,state,skip=0;
@@ -278,7 +265,6 @@ int ssl3_connect(SSL *s)
278 case SSL3_ST_CR_SRVR_HELLO_B: 265 case SSL3_ST_CR_SRVR_HELLO_B:
279 ret=ssl3_get_server_hello(s); 266 ret=ssl3_get_server_hello(s);
280 if (ret <= 0) goto end; 267 if (ret <= 0) goto end;
281
282 if (s->hit) 268 if (s->hit)
283 s->state=SSL3_ST_CR_FINISHED_A; 269 s->state=SSL3_ST_CR_FINISHED_A;
284 else 270 else
@@ -303,9 +289,7 @@ int ssl3_connect(SSL *s)
303 } 289 }
304#endif 290#endif
305 /* Check if it is anon DH/ECDH */ 291 /* Check if it is anon DH/ECDH */
306 /* or PSK */ 292 if (!(s->s3->tmp.new_cipher->algorithms & SSL_aNULL))
307 if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) &&
308 !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK))
309 { 293 {
310 ret=ssl3_get_server_certificate(s); 294 ret=ssl3_get_server_certificate(s);
311 if (ret <= 0) goto end; 295 if (ret <= 0) goto end;
@@ -380,6 +364,7 @@ int ssl3_connect(SSL *s)
380 case SSL3_ST_CW_KEY_EXCH_B: 364 case SSL3_ST_CW_KEY_EXCH_B:
381 ret=ssl3_send_client_key_exchange(s); 365 ret=ssl3_send_client_key_exchange(s);
382 if (ret <= 0) goto end; 366 if (ret <= 0) goto end;
367 l=s->s3->tmp.new_cipher->algorithms;
383 /* EAY EAY EAY need to check for DH fix cert 368 /* EAY EAY EAY need to check for DH fix cert
384 * sent back */ 369 * sent back */
385 /* For TLS, cert_req is set to 2, so a cert chain 370 /* For TLS, cert_req is set to 2, so a cert chain
@@ -400,11 +385,6 @@ int ssl3_connect(SSL *s)
400 s->state=SSL3_ST_CW_CHANGE_A; 385 s->state=SSL3_ST_CW_CHANGE_A;
401 s->s3->change_cipher_spec=0; 386 s->s3->change_cipher_spec=0;
402 } 387 }
403 if (s->s3->flags & TLS1_FLAGS_SKIP_CERT_VERIFY)
404 {
405 s->state=SSL3_ST_CW_CHANGE_A;
406 s->s3->change_cipher_spec=0;
407 }
408 388
409 s->init_num=0; 389 s->init_num=0;
410 break; 390 break;
@@ -519,13 +499,16 @@ int ssl3_connect(SSL *s)
519 break; 499 break;
520 500
521 case SSL3_ST_CW_FLUSH: 501 case SSL3_ST_CW_FLUSH:
522 s->rwstate=SSL_WRITING; 502 /* number of bytes to be flushed */
523 if (BIO_flush(s->wbio) <= 0) 503 num1=BIO_ctrl(s->wbio,BIO_CTRL_INFO,0,NULL);
504 if (num1 > 0)
524 { 505 {
525 ret= -1; 506 s->rwstate=SSL_WRITING;
526 goto end; 507 num1=BIO_flush(s->wbio);
508 if (num1 <= 0) { ret= -1; goto end; }
509 s->rwstate=SSL_NOTHING;
527 } 510 }
528 s->rwstate=SSL_NOTHING; 511
529 s->state=s->s3->tmp.next_state; 512 s->state=s->s3->tmp.next_state;
530 break; 513 break;
531 514
@@ -611,15 +594,9 @@ int ssl3_client_hello(SSL *s)
611 buf=(unsigned char *)s->init_buf->data; 594 buf=(unsigned char *)s->init_buf->data;
612 if (s->state == SSL3_ST_CW_CLNT_HELLO_A) 595 if (s->state == SSL3_ST_CW_CLNT_HELLO_A)
613 { 596 {
614 SSL_SESSION *sess = s->session; 597 if ((s->session == NULL) ||
615 if ((sess == NULL) || 598 (s->session->ssl_version != s->version) ||
616 (sess->ssl_version != s->version) || 599 (s->session->not_resumable))
617#ifdef OPENSSL_NO_TLSEXT
618 !sess->session_id_length ||
619#else
620 (!sess->session_id_length && !sess->tlsext_tick) ||
621#endif
622 (sess->not_resumable))
623 { 600 {
624 if (!ssl_get_new_session(s,0)) 601 if (!ssl_get_new_session(s,0))
625 goto err; 602 goto err;
@@ -674,9 +651,7 @@ int ssl3_client_hello(SSL *s)
674#ifdef OPENSSL_NO_COMP 651#ifdef OPENSSL_NO_COMP
675 *(p++)=1; 652 *(p++)=1;
676#else 653#else
677 654 if (s->ctx->comp_methods == NULL)
678 if ((s->options & SSL_OP_NO_COMPRESSION)
679 || !s->ctx->comp_methods)
680 j=0; 655 j=0;
681 else 656 else
682 j=sk_SSL_COMP_num(s->ctx->comp_methods); 657 j=sk_SSL_COMP_num(s->ctx->comp_methods);
@@ -688,21 +663,13 @@ int ssl3_client_hello(SSL *s)
688 } 663 }
689#endif 664#endif
690 *(p++)=0; /* Add the NULL method */ 665 *(p++)=0; /* Add the NULL method */
691
692#ifndef OPENSSL_NO_TLSEXT 666#ifndef OPENSSL_NO_TLSEXT
693 /* TLS extensions*/
694 if (ssl_prepare_clienthello_tlsext(s) <= 0)
695 {
696 SSLerr(SSL_F_SSL3_CLIENT_HELLO,SSL_R_CLIENTHELLO_TLSEXT);
697 goto err;
698 }
699 if ((p = ssl_add_clienthello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) 667 if ((p = ssl_add_clienthello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL)
700 { 668 {
701 SSLerr(SSL_F_SSL3_CLIENT_HELLO,ERR_R_INTERNAL_ERROR); 669 SSLerr(SSL_F_SSL3_CLIENT_HELLO,ERR_R_INTERNAL_ERROR);
702 goto err; 670 goto err;
703 } 671 }
704#endif 672#endif
705
706 l=(p-d); 673 l=(p-d);
707 d=buf; 674 d=buf;
708 *(d++)=SSL3_MT_CLIENT_HELLO; 675 *(d++)=SSL3_MT_CLIENT_HELLO;
@@ -723,7 +690,7 @@ err:
723int ssl3_get_server_hello(SSL *s) 690int ssl3_get_server_hello(SSL *s)
724 { 691 {
725 STACK_OF(SSL_CIPHER) *sk; 692 STACK_OF(SSL_CIPHER) *sk;
726 const SSL_CIPHER *c; 693 SSL_CIPHER *c;
727 unsigned char *p,*d; 694 unsigned char *p,*d;
728 int i,al,ok; 695 int i,al,ok;
729 unsigned int j; 696 unsigned int j;
@@ -741,7 +708,7 @@ int ssl3_get_server_hello(SSL *s)
741 708
742 if (!ok) return((int)n); 709 if (!ok) return((int)n);
743 710
744 if ( SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER) 711 if ( SSL_version(s) == DTLS1_VERSION)
745 { 712 {
746 if ( s->s3->tmp.message_type == DTLS1_MT_HELLO_VERIFY_REQUEST) 713 if ( s->s3->tmp.message_type == DTLS1_MT_HELLO_VERIFY_REQUEST)
747 { 714 {
@@ -792,23 +759,6 @@ int ssl3_get_server_hello(SSL *s)
792 goto f_err; 759 goto f_err;
793 } 760 }
794 761
795#ifndef OPENSSL_NO_TLSEXT
796 /* check if we want to resume the session based on external pre-shared secret */
797 if (s->version >= TLS1_VERSION && s->tls_session_secret_cb)
798 {
799 SSL_CIPHER *pref_cipher=NULL;
800 s->session->master_key_length=sizeof(s->session->master_key);
801 if (s->tls_session_secret_cb(s, s->session->master_key,
802 &s->session->master_key_length,
803 NULL, &pref_cipher,
804 s->tls_session_secret_cb_arg))
805 {
806 s->session->cipher = pref_cipher ?
807 pref_cipher : ssl_get_cipher_by_char(s, p+j);
808 }
809 }
810#endif /* OPENSSL_NO_TLSEXT */
811
812 if (j != 0 && j == s->session->session_id_length 762 if (j != 0 && j == s->session->session_id_length
813 && memcmp(p,s->session->session_id,j) == 0) 763 && memcmp(p,s->session->session_id,j) == 0)
814 { 764 {
@@ -875,8 +825,6 @@ int ssl3_get_server_hello(SSL *s)
875 } 825 }
876 } 826 }
877 s->s3->tmp.new_cipher=c; 827 s->s3->tmp.new_cipher=c;
878 if (!ssl3_digest_cached_records(s))
879 goto f_err;
880 828
881 /* lets get the compression algorithm */ 829 /* lets get the compression algorithm */
882 /* COMPRESSION */ 830 /* COMPRESSION */
@@ -887,31 +835,10 @@ int ssl3_get_server_hello(SSL *s)
887 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM); 835 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
888 goto f_err; 836 goto f_err;
889 } 837 }
890 /* If compression is disabled we'd better not try to resume a session
891 * using compression.
892 */
893 if (s->session->compress_meth != 0)
894 {
895 al=SSL_AD_INTERNAL_ERROR;
896 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_INCONSISTENT_COMPRESSION);
897 goto f_err;
898 }
899#else 838#else
900 j= *(p++); 839 j= *(p++);
901 if (s->hit && j != s->session->compress_meth)
902 {
903 al=SSL_AD_ILLEGAL_PARAMETER;
904 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED);
905 goto f_err;
906 }
907 if (j == 0) 840 if (j == 0)
908 comp=NULL; 841 comp=NULL;
909 else if (s->options & SSL_OP_NO_COMPRESSION)
910 {
911 al=SSL_AD_ILLEGAL_PARAMETER;
912 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_COMPRESSION_DISABLED);
913 goto f_err;
914 }
915 else 842 else
916 comp=ssl3_comp_find(s->ctx->comp_methods,j); 843 comp=ssl3_comp_find(s->ctx->comp_methods,j);
917 844
@@ -926,10 +853,9 @@ int ssl3_get_server_hello(SSL *s)
926 s->s3->tmp.new_compression=comp; 853 s->s3->tmp.new_compression=comp;
927 } 854 }
928#endif 855#endif
929
930#ifndef OPENSSL_NO_TLSEXT 856#ifndef OPENSSL_NO_TLSEXT
931 /* TLS extensions*/ 857 /* TLS extensions*/
932 if (s->version >= SSL3_VERSION) 858 if (s->version > SSL3_VERSION)
933 { 859 {
934 if (!ssl_parse_serverhello_tlsext(s,&p,d,n, &al)) 860 if (!ssl_parse_serverhello_tlsext(s,&p,d,n, &al))
935 { 861 {
@@ -945,6 +871,7 @@ int ssl3_get_server_hello(SSL *s)
945 } 871 }
946#endif 872#endif
947 873
874
948 if (p != (d+n)) 875 if (p != (d+n))
949 { 876 {
950 /* wrong packet length */ 877 /* wrong packet length */
@@ -982,7 +909,7 @@ int ssl3_get_server_certificate(SSL *s)
982 if (!ok) return((int)n); 909 if (!ok) return((int)n);
983 910
984 if ((s->s3->tmp.message_type == SSL3_MT_SERVER_KEY_EXCHANGE) || 911 if ((s->s3->tmp.message_type == SSL3_MT_SERVER_KEY_EXCHANGE) ||
985 ((s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5) && 912 ((s->s3->tmp.new_cipher->algorithms & SSL_aKRB5) &&
986 (s->s3->tmp.message_type == SSL3_MT_SERVER_DONE))) 913 (s->s3->tmp.message_type == SSL3_MT_SERVER_DONE)))
987 { 914 {
988 s->s3->tmp.reuse_message=1; 915 s->s3->tmp.reuse_message=1;
@@ -1047,10 +974,10 @@ int ssl3_get_server_certificate(SSL *s)
1047 i=ssl_verify_cert_chain(s,sk); 974 i=ssl_verify_cert_chain(s,sk);
1048 if ((s->verify_mode != SSL_VERIFY_NONE) && (i <= 0) 975 if ((s->verify_mode != SSL_VERIFY_NONE) && (i <= 0)
1049#ifndef OPENSSL_NO_KRB5 976#ifndef OPENSSL_NO_KRB5
1050 && !((s->s3->tmp.new_cipher->algorithm_mkey & SSL_kKRB5) && 977 && (s->s3->tmp.new_cipher->algorithms & (SSL_MKEY_MASK|SSL_AUTH_MASK))
1051 (s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5)) 978 != (SSL_aKRB5|SSL_kKRB5)
1052#endif /* OPENSSL_NO_KRB5 */ 979#endif /* OPENSSL_NO_KRB5 */
1053 ) 980 )
1054 { 981 {
1055 al=ssl_verify_alarm_type(s->verify_result); 982 al=ssl_verify_alarm_type(s->verify_result);
1056 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_CERTIFICATE_VERIFY_FAILED); 983 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_CERTIFICATE_VERIFY_FAILED);
@@ -1074,15 +1001,15 @@ int ssl3_get_server_certificate(SSL *s)
1074 pkey=X509_get_pubkey(x); 1001 pkey=X509_get_pubkey(x);
1075 1002
1076 /* VRS: allow null cert if auth == KRB5 */ 1003 /* VRS: allow null cert if auth == KRB5 */
1077 need_cert = ((s->s3->tmp.new_cipher->algorithm_mkey & SSL_kKRB5) && 1004 need_cert = ((s->s3->tmp.new_cipher->algorithms
1078 (s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5)) 1005 & (SSL_MKEY_MASK|SSL_AUTH_MASK))
1079 ? 0 : 1; 1006 == (SSL_aKRB5|SSL_kKRB5))? 0: 1;
1080 1007
1081#ifdef KSSL_DEBUG 1008#ifdef KSSL_DEBUG
1082 printf("pkey,x = %p, %p\n", pkey,x); 1009 printf("pkey,x = %p, %p\n", (void *)pkey,(void *)x);
1083 printf("ssl_cert_type(x,pkey) = %d\n", ssl_cert_type(x,pkey)); 1010 printf("ssl_cert_type(x,pkey) = %d\n", ssl_cert_type(x,pkey));
1084 printf("cipher, alg, nc = %s, %lx, %lx, %d\n", s->s3->tmp.new_cipher->name, 1011 printf("cipher, alg, nc = %s, %lx, %d\n", s->s3->tmp.new_cipher->name,
1085 s->s3->tmp.new_cipher->algorithm_mkey, s->s3->tmp.new_cipher->algorithm_auth, need_cert); 1012 s->s3->tmp.new_cipher->algorithms, need_cert);
1086#endif /* KSSL_DEBUG */ 1013#endif /* KSSL_DEBUG */
1087 1014
1088 if (need_cert && ((pkey == NULL) || EVP_PKEY_missing_parameters(pkey))) 1015 if (need_cert && ((pkey == NULL) || EVP_PKEY_missing_parameters(pkey)))
@@ -1154,7 +1081,7 @@ int ssl3_get_key_exchange(SSL *s)
1154 EVP_MD_CTX md_ctx; 1081 EVP_MD_CTX md_ctx;
1155 unsigned char *param,*p; 1082 unsigned char *param,*p;
1156 int al,i,j,param_len,ok; 1083 int al,i,j,param_len,ok;
1157 long n,alg_k,alg_a; 1084 long n,alg;
1158 EVP_PKEY *pkey=NULL; 1085 EVP_PKEY *pkey=NULL;
1159#ifndef OPENSSL_NO_RSA 1086#ifndef OPENSSL_NO_RSA
1160 RSA *rsa=NULL; 1087 RSA *rsa=NULL;
@@ -1178,28 +1105,17 @@ int ssl3_get_key_exchange(SSL *s)
1178 -1, 1105 -1,
1179 s->max_cert_list, 1106 s->max_cert_list,
1180 &ok); 1107 &ok);
1108
1181 if (!ok) return((int)n); 1109 if (!ok) return((int)n);
1182 1110
1183 if (s->s3->tmp.message_type != SSL3_MT_SERVER_KEY_EXCHANGE) 1111 if (s->s3->tmp.message_type != SSL3_MT_SERVER_KEY_EXCHANGE)
1184 { 1112 {
1185#ifndef OPENSSL_NO_PSK
1186 /* In plain PSK ciphersuite, ServerKeyExchange can be
1187 omitted if no identity hint is sent. Set
1188 session->sess_cert anyway to avoid problems
1189 later.*/
1190 if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)
1191 {
1192 s->session->sess_cert=ssl_sess_cert_new();
1193 if (s->ctx->psk_identity_hint)
1194 OPENSSL_free(s->ctx->psk_identity_hint);
1195 s->ctx->psk_identity_hint = NULL;
1196 }
1197#endif
1198 s->s3->tmp.reuse_message=1; 1113 s->s3->tmp.reuse_message=1;
1199 return(1); 1114 return(1);
1200 } 1115 }
1201 1116
1202 param=p=(unsigned char *)s->init_msg; 1117 param=p=(unsigned char *)s->init_msg;
1118
1203 if (s->session->sess_cert != NULL) 1119 if (s->session->sess_cert != NULL)
1204 { 1120 {
1205#ifndef OPENSSL_NO_RSA 1121#ifndef OPENSSL_NO_RSA
@@ -1230,57 +1146,11 @@ int ssl3_get_key_exchange(SSL *s)
1230 } 1146 }
1231 1147
1232 param_len=0; 1148 param_len=0;
1233 alg_k=s->s3->tmp.new_cipher->algorithm_mkey; 1149 alg=s->s3->tmp.new_cipher->algorithms;
1234 alg_a=s->s3->tmp.new_cipher->algorithm_auth;
1235 EVP_MD_CTX_init(&md_ctx); 1150 EVP_MD_CTX_init(&md_ctx);
1236 1151
1237#ifndef OPENSSL_NO_PSK
1238 if (alg_k & SSL_kPSK)
1239 {
1240 char tmp_id_hint[PSK_MAX_IDENTITY_LEN+1];
1241
1242 al=SSL_AD_HANDSHAKE_FAILURE;
1243 n2s(p,i);
1244 param_len=i+2;
1245 /* Store PSK identity hint for later use, hint is used
1246 * in ssl3_send_client_key_exchange. Assume that the
1247 * maximum length of a PSK identity hint can be as
1248 * long as the maximum length of a PSK identity. */
1249 if (i > PSK_MAX_IDENTITY_LEN)
1250 {
1251 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1252 SSL_R_DATA_LENGTH_TOO_LONG);
1253 goto f_err;
1254 }
1255 if (param_len > n)
1256 {
1257 al=SSL_AD_DECODE_ERROR;
1258 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1259 SSL_R_BAD_PSK_IDENTITY_HINT_LENGTH);
1260 goto f_err;
1261 }
1262 /* If received PSK identity hint contains NULL
1263 * characters, the hint is truncated from the first
1264 * NULL. p may not be ending with NULL, so create a
1265 * NULL-terminated string. */
1266 memcpy(tmp_id_hint, p, i);
1267 memset(tmp_id_hint+i, 0, PSK_MAX_IDENTITY_LEN+1-i);
1268 if (s->ctx->psk_identity_hint != NULL)
1269 OPENSSL_free(s->ctx->psk_identity_hint);
1270 s->ctx->psk_identity_hint = BUF_strdup(tmp_id_hint);
1271 if (s->ctx->psk_identity_hint == NULL)
1272 {
1273 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
1274 goto f_err;
1275 }
1276
1277 p+=i;
1278 n-=param_len;
1279 }
1280 else
1281#endif /* !OPENSSL_NO_PSK */
1282#ifndef OPENSSL_NO_RSA 1152#ifndef OPENSSL_NO_RSA
1283 if (alg_k & SSL_kRSA) 1153 if (alg & SSL_kRSA)
1284 { 1154 {
1285 if ((rsa=RSA_new()) == NULL) 1155 if ((rsa=RSA_new()) == NULL)
1286 { 1156 {
@@ -1319,7 +1189,7 @@ int ssl3_get_key_exchange(SSL *s)
1319 n-=param_len; 1189 n-=param_len;
1320 1190
1321 /* this should be because we are using an export cipher */ 1191 /* this should be because we are using an export cipher */
1322 if (alg_a & SSL_aRSA) 1192 if (alg & SSL_aRSA)
1323 pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509); 1193 pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
1324 else 1194 else
1325 { 1195 {
@@ -1334,7 +1204,7 @@ int ssl3_get_key_exchange(SSL *s)
1334 ; 1204 ;
1335#endif 1205#endif
1336#ifndef OPENSSL_NO_DH 1206#ifndef OPENSSL_NO_DH
1337 else if (alg_k & SSL_kEDH) 1207 else if (alg & SSL_kEDH)
1338 { 1208 {
1339 if ((dh=DH_new()) == NULL) 1209 if ((dh=DH_new()) == NULL)
1340 { 1210 {
@@ -1388,14 +1258,14 @@ int ssl3_get_key_exchange(SSL *s)
1388 n-=param_len; 1258 n-=param_len;
1389 1259
1390#ifndef OPENSSL_NO_RSA 1260#ifndef OPENSSL_NO_RSA
1391 if (alg_a & SSL_aRSA) 1261 if (alg & SSL_aRSA)
1392 pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509); 1262 pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
1393#else 1263#else
1394 if (0) 1264 if (0)
1395 ; 1265 ;
1396#endif 1266#endif
1397#ifndef OPENSSL_NO_DSA 1267#ifndef OPENSSL_NO_DSA
1398 else if (alg_a & SSL_aDSS) 1268 else if (alg & SSL_aDSS)
1399 pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_DSA_SIGN].x509); 1269 pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_DSA_SIGN].x509);
1400#endif 1270#endif
1401 /* else anonymous DH, so no certificate or pkey. */ 1271 /* else anonymous DH, so no certificate or pkey. */
@@ -1403,7 +1273,7 @@ int ssl3_get_key_exchange(SSL *s)
1403 s->session->sess_cert->peer_dh_tmp=dh; 1273 s->session->sess_cert->peer_dh_tmp=dh;
1404 dh=NULL; 1274 dh=NULL;
1405 } 1275 }
1406 else if ((alg_k & SSL_kDHr) || (alg_k & SSL_kDHd)) 1276 else if ((alg & SSL_kDHr) || (alg & SSL_kDHd))
1407 { 1277 {
1408 al=SSL_AD_ILLEGAL_PARAMETER; 1278 al=SSL_AD_ILLEGAL_PARAMETER;
1409 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER); 1279 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER);
@@ -1412,7 +1282,7 @@ int ssl3_get_key_exchange(SSL *s)
1412#endif /* !OPENSSL_NO_DH */ 1282#endif /* !OPENSSL_NO_DH */
1413 1283
1414#ifndef OPENSSL_NO_ECDH 1284#ifndef OPENSSL_NO_ECDH
1415 else if (alg_k & SSL_kEECDH) 1285 else if (alg & SSL_kECDHE)
1416 { 1286 {
1417 EC_GROUP *ngroup; 1287 EC_GROUP *ngroup;
1418 const EC_GROUP *group; 1288 const EC_GROUP *group;
@@ -1435,7 +1305,7 @@ int ssl3_get_key_exchange(SSL *s)
1435 param_len=3; 1305 param_len=3;
1436 if ((param_len > n) || 1306 if ((param_len > n) ||
1437 (*p != NAMED_CURVE_TYPE) || 1307 (*p != NAMED_CURVE_TYPE) ||
1438 ((curve_nid = tls1_ec_curve_id2nid(*(p + 2))) == 0)) 1308 ((curve_nid = curve_id2nid(*(p + 2))) == 0))
1439 { 1309 {
1440 al=SSL_AD_INTERNAL_ERROR; 1310 al=SSL_AD_INTERNAL_ERROR;
1441 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS); 1311 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS);
@@ -1496,11 +1366,11 @@ int ssl3_get_key_exchange(SSL *s)
1496 */ 1366 */
1497 if (0) ; 1367 if (0) ;
1498#ifndef OPENSSL_NO_RSA 1368#ifndef OPENSSL_NO_RSA
1499 else if (alg_a & SSL_aRSA) 1369 else if (alg & SSL_aRSA)
1500 pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509); 1370 pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
1501#endif 1371#endif
1502#ifndef OPENSSL_NO_ECDSA 1372#ifndef OPENSSL_NO_ECDSA
1503 else if (alg_a & SSL_aECDSA) 1373 else if (alg & SSL_aECDSA)
1504 pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_ECC].x509); 1374 pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_ECC].x509);
1505#endif 1375#endif
1506 /* else anonymous ECDH, so no certificate or pkey. */ 1376 /* else anonymous ECDH, so no certificate or pkey. */
@@ -1511,13 +1381,19 @@ int ssl3_get_key_exchange(SSL *s)
1511 EC_POINT_free(srvr_ecpoint); 1381 EC_POINT_free(srvr_ecpoint);
1512 srvr_ecpoint = NULL; 1382 srvr_ecpoint = NULL;
1513 } 1383 }
1514 else if (alg_k) 1384 else if (alg & SSL_kECDH)
1515 { 1385 {
1516 al=SSL_AD_UNEXPECTED_MESSAGE; 1386 al=SSL_AD_UNEXPECTED_MESSAGE;
1517 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE); 1387 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE);
1518 goto f_err; 1388 goto f_err;
1519 } 1389 }
1520#endif /* !OPENSSL_NO_ECDH */ 1390#endif /* !OPENSSL_NO_ECDH */
1391 if (alg & SSL_aFZA)
1392 {
1393 al=SSL_AD_HANDSHAKE_FAILURE;
1394 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER);
1395 goto f_err;
1396 }
1521 1397
1522 1398
1523 /* p points to the next byte, there are 'n' bytes left */ 1399 /* p points to the next byte, there are 'n' bytes left */
@@ -1546,6 +1422,8 @@ int ssl3_get_key_exchange(SSL *s)
1546 q=md_buf; 1422 q=md_buf;
1547 for (num=2; num > 0; num--) 1423 for (num=2; num > 0; num--)
1548 { 1424 {
1425 EVP_MD_CTX_set_flags(&md_ctx,
1426 EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
1549 EVP_DigestInit_ex(&md_ctx,(num == 2) 1427 EVP_DigestInit_ex(&md_ctx,(num == 2)
1550 ?s->ctx->md5:s->ctx->sha1, NULL); 1428 ?s->ctx->md5:s->ctx->sha1, NULL);
1551 EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); 1429 EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
@@ -1616,13 +1494,12 @@ int ssl3_get_key_exchange(SSL *s)
1616 } 1494 }
1617 else 1495 else
1618 { 1496 {
1619 if (!(alg_a & SSL_aNULL) && !(alg_k & SSL_kPSK)) 1497 /* still data left over */
1620 /* aNULL or kPSK do not need public keys */ 1498 if (!(alg & SSL_aNULL))
1621 { 1499 {
1622 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR); 1500 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
1623 goto err; 1501 goto err;
1624 } 1502 }
1625 /* still data left over */
1626 if (n != 0) 1503 if (n != 0)
1627 { 1504 {
1628 al=SSL_AD_DECODE_ERROR; 1505 al=SSL_AD_DECODE_ERROR;
@@ -1692,7 +1569,8 @@ int ssl3_get_certificate_request(SSL *s)
1692 /* TLS does not like anon-DH with client cert */ 1569 /* TLS does not like anon-DH with client cert */
1693 if (s->version > SSL3_VERSION) 1570 if (s->version > SSL3_VERSION)
1694 { 1571 {
1695 if (s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) 1572 l=s->s3->tmp.new_cipher->algorithms;
1573 if (l & SSL_aNULL)
1696 { 1574 {
1697 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE); 1575 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE);
1698 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER); 1576 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER);
@@ -1837,7 +1715,6 @@ int ssl3_get_new_session_ticket(SSL *s)
1837 SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,SSL_R_LENGTH_MISMATCH); 1715 SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,SSL_R_LENGTH_MISMATCH);
1838 goto f_err; 1716 goto f_err;
1839 } 1717 }
1840
1841 p=d=(unsigned char *)s->init_msg; 1718 p=d=(unsigned char *)s->init_msg;
1842 n2l(p, s->session->tlsext_tick_lifetime_hint); 1719 n2l(p, s->session->tlsext_tick_lifetime_hint);
1843 n2s(p, ticklen); 1720 n2s(p, ticklen);
@@ -1861,28 +1738,7 @@ int ssl3_get_new_session_ticket(SSL *s)
1861 } 1738 }
1862 memcpy(s->session->tlsext_tick, p, ticklen); 1739 memcpy(s->session->tlsext_tick, p, ticklen);
1863 s->session->tlsext_ticklen = ticklen; 1740 s->session->tlsext_ticklen = ticklen;
1864 /* There are two ways to detect a resumed ticket sesion. 1741
1865 * One is to set an appropriate session ID and then the server
1866 * must return a match in ServerHello. This allows the normal
1867 * client session ID matching to work and we know much
1868 * earlier that the ticket has been accepted.
1869 *
1870 * The other way is to set zero length session ID when the
1871 * ticket is presented and rely on the handshake to determine
1872 * session resumption.
1873 *
1874 * We choose the former approach because this fits in with
1875 * assumptions elsewhere in OpenSSL. The session ID is set
1876 * to the SHA256 (or SHA1 is SHA256 is disabled) hash of the
1877 * ticket.
1878 */
1879 EVP_Digest(p, ticklen,
1880 s->session->session_id, &s->session->session_id_length,
1881#ifndef OPENSSL_NO_SHA256
1882 EVP_sha256(), NULL);
1883#else
1884 EVP_sha1(), NULL);
1885#endif
1886 ret=1; 1742 ret=1;
1887 return(ret); 1743 return(ret);
1888f_err: 1744f_err:
@@ -1894,7 +1750,8 @@ err:
1894int ssl3_get_cert_status(SSL *s) 1750int ssl3_get_cert_status(SSL *s)
1895 { 1751 {
1896 int ok, al; 1752 int ok, al;
1897 unsigned long resplen,n; 1753 unsigned long resplen;
1754 long n;
1898 const unsigned char *p; 1755 const unsigned char *p;
1899 1756
1900 n=s->method->ssl_get_message(s, 1757 n=s->method->ssl_get_message(s,
@@ -1920,7 +1777,7 @@ int ssl3_get_cert_status(SSL *s)
1920 goto f_err; 1777 goto f_err;
1921 } 1778 }
1922 n2l3(p, resplen); 1779 n2l3(p, resplen);
1923 if (resplen + 4 != n) 1780 if (resplen + 4 != (unsigned long)n)
1924 { 1781 {
1925 al = SSL_AD_DECODE_ERROR; 1782 al = SSL_AD_DECODE_ERROR;
1926 SSLerr(SSL_F_SSL3_GET_CERT_STATUS,SSL_R_LENGTH_MISMATCH); 1783 SSLerr(SSL_F_SSL3_GET_CERT_STATUS,SSL_R_LENGTH_MISMATCH);
@@ -1989,7 +1846,7 @@ int ssl3_send_client_key_exchange(SSL *s)
1989 { 1846 {
1990 unsigned char *p,*d; 1847 unsigned char *p,*d;
1991 int n; 1848 int n;
1992 unsigned long alg_k; 1849 unsigned long l;
1993#ifndef OPENSSL_NO_RSA 1850#ifndef OPENSSL_NO_RSA
1994 unsigned char *q; 1851 unsigned char *q;
1995 EVP_PKEY *pkey=NULL; 1852 EVP_PKEY *pkey=NULL;
@@ -2011,12 +1868,12 @@ int ssl3_send_client_key_exchange(SSL *s)
2011 d=(unsigned char *)s->init_buf->data; 1868 d=(unsigned char *)s->init_buf->data;
2012 p= &(d[4]); 1869 p= &(d[4]);
2013 1870
2014 alg_k=s->s3->tmp.new_cipher->algorithm_mkey; 1871 l=s->s3->tmp.new_cipher->algorithms;
2015 1872
2016 /* Fool emacs indentation */ 1873 /* Fool emacs indentation */
2017 if (0) {} 1874 if (0) {}
2018#ifndef OPENSSL_NO_RSA 1875#ifndef OPENSSL_NO_RSA
2019 else if (alg_k & SSL_kRSA) 1876 else if (l & SSL_kRSA)
2020 { 1877 {
2021 RSA *rsa; 1878 RSA *rsa;
2022 unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH]; 1879 unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
@@ -2075,7 +1932,7 @@ int ssl3_send_client_key_exchange(SSL *s)
2075 } 1932 }
2076#endif 1933#endif
2077#ifndef OPENSSL_NO_KRB5 1934#ifndef OPENSSL_NO_KRB5
2078 else if (alg_k & SSL_kKRB5) 1935 else if (l & SSL_kKRB5)
2079 { 1936 {
2080 krb5_error_code krb5rc; 1937 krb5_error_code krb5rc;
2081 KSSL_CTX *kssl_ctx = s->kssl_ctx; 1938 KSSL_CTX *kssl_ctx = s->kssl_ctx;
@@ -2083,7 +1940,7 @@ int ssl3_send_client_key_exchange(SSL *s)
2083 krb5_data *enc_ticket; 1940 krb5_data *enc_ticket;
2084 krb5_data authenticator, *authp = NULL; 1941 krb5_data authenticator, *authp = NULL;
2085 EVP_CIPHER_CTX ciph_ctx; 1942 EVP_CIPHER_CTX ciph_ctx;
2086 const EVP_CIPHER *enc = NULL; 1943 EVP_CIPHER *enc = NULL;
2087 unsigned char iv[EVP_MAX_IV_LENGTH]; 1944 unsigned char iv[EVP_MAX_IV_LENGTH];
2088 unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH]; 1945 unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
2089 unsigned char epms[SSL_MAX_MASTER_KEY_LENGTH 1946 unsigned char epms[SSL_MAX_MASTER_KEY_LENGTH
@@ -2094,7 +1951,7 @@ int ssl3_send_client_key_exchange(SSL *s)
2094 1951
2095#ifdef KSSL_DEBUG 1952#ifdef KSSL_DEBUG
2096 printf("ssl3_send_client_key_exchange(%lx & %lx)\n", 1953 printf("ssl3_send_client_key_exchange(%lx & %lx)\n",
2097 alg_k, SSL_kKRB5); 1954 l, SSL_kKRB5);
2098#endif /* KSSL_DEBUG */ 1955#endif /* KSSL_DEBUG */
2099 1956
2100 authp = NULL; 1957 authp = NULL;
@@ -2186,7 +2043,7 @@ int ssl3_send_client_key_exchange(SSL *s)
2186 sizeof tmp_buf); 2043 sizeof tmp_buf);
2187 EVP_EncryptFinal_ex(&ciph_ctx,&(epms[outl]),&padl); 2044 EVP_EncryptFinal_ex(&ciph_ctx,&(epms[outl]),&padl);
2188 outl += padl; 2045 outl += padl;
2189 if (outl > (int)sizeof epms) 2046 if (outl > sizeof epms)
2190 { 2047 {
2191 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); 2048 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
2192 goto err; 2049 goto err;
@@ -2200,7 +2057,7 @@ int ssl3_send_client_key_exchange(SSL *s)
2200 n+=outl + 2; 2057 n+=outl + 2;
2201 2058
2202 s->session->master_key_length= 2059 s->session->master_key_length=
2203 s->method->ssl3_enc->generate_master_secret(s, 2060 s->method->ssl3_enc->generate_master_secret(s,
2204 s->session->master_key, 2061 s->session->master_key,
2205 tmp_buf, sizeof tmp_buf); 2062 tmp_buf, sizeof tmp_buf);
2206 2063
@@ -2209,7 +2066,7 @@ int ssl3_send_client_key_exchange(SSL *s)
2209 } 2066 }
2210#endif 2067#endif
2211#ifndef OPENSSL_NO_DH 2068#ifndef OPENSSL_NO_DH
2212 else if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) 2069 else if (l & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
2213 { 2070 {
2214 DH *dh_srvr,*dh_clnt; 2071 DH *dh_srvr,*dh_clnt;
2215 2072
@@ -2218,7 +2075,7 @@ int ssl3_send_client_key_exchange(SSL *s)
2218 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE); 2075 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE);
2219 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE); 2076 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE);
2220 goto err; 2077 goto err;
2221 } 2078 }
2222 2079
2223 if (s->session->sess_cert->peer_dh_tmp != NULL) 2080 if (s->session->sess_cert->peer_dh_tmp != NULL)
2224 dh_srvr=s->session->sess_cert->peer_dh_tmp; 2081 dh_srvr=s->session->sess_cert->peer_dh_tmp;
@@ -2273,7 +2130,7 @@ int ssl3_send_client_key_exchange(SSL *s)
2273#endif 2130#endif
2274 2131
2275#ifndef OPENSSL_NO_ECDH 2132#ifndef OPENSSL_NO_ECDH
2276 else if (alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) 2133 else if ((l & SSL_kECDH) || (l & SSL_kECDHE))
2277 { 2134 {
2278 const EC_GROUP *srvr_group = NULL; 2135 const EC_GROUP *srvr_group = NULL;
2279 EC_KEY *tkey; 2136 EC_KEY *tkey;
@@ -2285,7 +2142,7 @@ int ssl3_send_client_key_exchange(SSL *s)
2285 * computation as part of client certificate? 2142 * computation as part of client certificate?
2286 * If so, set ecdh_clnt_cert to 1. 2143 * If so, set ecdh_clnt_cert to 1.
2287 */ 2144 */
2288 if ((alg_k & (SSL_kECDHr|SSL_kECDHe)) && (s->cert != NULL)) 2145 if ((l & SSL_kECDH) && (s->cert != NULL))
2289 { 2146 {
2290 /* XXX: For now, we do not support client 2147 /* XXX: For now, we do not support client
2291 * authentication using ECDH certificates. 2148 * authentication using ECDH certificates.
@@ -2457,178 +2314,6 @@ int ssl3_send_client_key_exchange(SSL *s)
2457 EVP_PKEY_free(srvr_pub_pkey); 2314 EVP_PKEY_free(srvr_pub_pkey);
2458 } 2315 }
2459#endif /* !OPENSSL_NO_ECDH */ 2316#endif /* !OPENSSL_NO_ECDH */
2460 else if (alg_k & SSL_kGOST)
2461 {
2462 /* GOST key exchange message creation */
2463 EVP_PKEY_CTX *pkey_ctx;
2464 X509 *peer_cert;
2465 size_t msglen;
2466 unsigned int md_len;
2467 int keytype;
2468 unsigned char premaster_secret[32],shared_ukm[32], tmp[256];
2469 EVP_MD_CTX *ukm_hash;
2470 EVP_PKEY *pub_key;
2471
2472 /* Get server sertificate PKEY and create ctx from it */
2473 peer_cert=s->session->sess_cert->peer_pkeys[(keytype=SSL_PKEY_GOST01)].x509;
2474 if (!peer_cert)
2475 peer_cert=s->session->sess_cert->peer_pkeys[(keytype=SSL_PKEY_GOST94)].x509;
2476 if (!peer_cert) {
2477 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER);
2478 goto err;
2479 }
2480
2481 pkey_ctx=EVP_PKEY_CTX_new(pub_key=X509_get_pubkey(peer_cert),NULL);
2482 /* If we have send a certificate, and certificate key
2483
2484 * parameters match those of server certificate, use
2485 * certificate key for key exchange
2486 */
2487
2488 /* Otherwise, generate ephemeral key pair */
2489
2490 EVP_PKEY_encrypt_init(pkey_ctx);
2491 /* Generate session key */
2492 RAND_bytes(premaster_secret,32);
2493 /* If we have client certificate, use its secret as peer key */
2494 if (s->s3->tmp.cert_req && s->cert->key->privatekey) {
2495 if (EVP_PKEY_derive_set_peer(pkey_ctx,s->cert->key->privatekey) <=0) {
2496 /* If there was an error - just ignore it. Ephemeral key
2497 * would be used
2498 */
2499 ERR_clear_error();
2500 }
2501 }
2502 /* Compute shared IV and store it in algorithm-specific
2503 * context data */
2504 ukm_hash = EVP_MD_CTX_create();
2505 EVP_DigestInit(ukm_hash,EVP_get_digestbynid(NID_id_GostR3411_94));
2506 EVP_DigestUpdate(ukm_hash,s->s3->client_random,SSL3_RANDOM_SIZE);
2507 EVP_DigestUpdate(ukm_hash,s->s3->server_random,SSL3_RANDOM_SIZE);
2508 EVP_DigestFinal_ex(ukm_hash, shared_ukm, &md_len);
2509 EVP_MD_CTX_destroy(ukm_hash);
2510 if (EVP_PKEY_CTX_ctrl(pkey_ctx,-1,EVP_PKEY_OP_ENCRYPT,EVP_PKEY_CTRL_SET_IV,
2511 8,shared_ukm)<0) {
2512 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2513 SSL_R_LIBRARY_BUG);
2514 goto err;
2515 }
2516 /* Make GOST keytransport blob message */
2517 /*Encapsulate it into sequence */
2518 *(p++)=V_ASN1_SEQUENCE | V_ASN1_CONSTRUCTED;
2519 msglen=255;
2520 if (EVP_PKEY_encrypt(pkey_ctx,tmp,&msglen,premaster_secret,32)<0) {
2521 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2522 SSL_R_LIBRARY_BUG);
2523 goto err;
2524 }
2525 if (msglen >= 0x80)
2526 {
2527 *(p++)=0x81;
2528 *(p++)= msglen & 0xff;
2529 n=msglen+3;
2530 }
2531 else
2532 {
2533 *(p++)= msglen & 0xff;
2534 n=msglen+2;
2535 }
2536 memcpy(p, tmp, msglen);
2537 /* Check if pubkey from client certificate was used */
2538 if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 2, NULL) > 0)
2539 {
2540 /* Set flag "skip certificate verify" */
2541 s->s3->flags |= TLS1_FLAGS_SKIP_CERT_VERIFY;
2542 }
2543 EVP_PKEY_CTX_free(pkey_ctx);
2544 s->session->master_key_length=
2545 s->method->ssl3_enc->generate_master_secret(s,
2546 s->session->master_key,premaster_secret,32);
2547 EVP_PKEY_free(pub_key);
2548
2549 }
2550#ifndef OPENSSL_NO_PSK
2551 else if (alg_k & SSL_kPSK)
2552 {
2553 char identity[PSK_MAX_IDENTITY_LEN];
2554 unsigned char *t = NULL;
2555 unsigned char psk_or_pre_ms[PSK_MAX_PSK_LEN*2+4];
2556 unsigned int pre_ms_len = 0, psk_len = 0;
2557 int psk_err = 1;
2558
2559 n = 0;
2560 if (s->psk_client_callback == NULL)
2561 {
2562 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2563 SSL_R_PSK_NO_CLIENT_CB);
2564 goto err;
2565 }
2566
2567 psk_len = s->psk_client_callback(s, s->ctx->psk_identity_hint,
2568 identity, PSK_MAX_IDENTITY_LEN,
2569 psk_or_pre_ms, sizeof(psk_or_pre_ms));
2570 if (psk_len > PSK_MAX_PSK_LEN)
2571 {
2572 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2573 ERR_R_INTERNAL_ERROR);
2574 goto psk_err;
2575 }
2576 else if (psk_len == 0)
2577 {
2578 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2579 SSL_R_PSK_IDENTITY_NOT_FOUND);
2580 goto psk_err;
2581 }
2582
2583 /* create PSK pre_master_secret */
2584 pre_ms_len = 2+psk_len+2+psk_len;
2585 t = psk_or_pre_ms;
2586 memmove(psk_or_pre_ms+psk_len+4, psk_or_pre_ms, psk_len);
2587 s2n(psk_len, t);
2588 memset(t, 0, psk_len);
2589 t+=psk_len;
2590 s2n(psk_len, t);
2591
2592 if (s->session->psk_identity_hint != NULL)
2593 OPENSSL_free(s->session->psk_identity_hint);
2594 s->session->psk_identity_hint = BUF_strdup(s->ctx->psk_identity_hint);
2595 if (s->ctx->psk_identity_hint != NULL &&
2596 s->session->psk_identity_hint == NULL)
2597 {
2598 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2599 ERR_R_MALLOC_FAILURE);
2600 goto psk_err;
2601 }
2602
2603 if (s->session->psk_identity != NULL)
2604 OPENSSL_free(s->session->psk_identity);
2605 s->session->psk_identity = BUF_strdup(identity);
2606 if (s->session->psk_identity == NULL)
2607 {
2608 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2609 ERR_R_MALLOC_FAILURE);
2610 goto psk_err;
2611 }
2612
2613 s->session->master_key_length =
2614 s->method->ssl3_enc->generate_master_secret(s,
2615 s->session->master_key,
2616 psk_or_pre_ms, pre_ms_len);
2617 n = strlen(identity);
2618 s2n(n, p);
2619 memcpy(p, identity, n);
2620 n+=2;
2621 psk_err = 0;
2622 psk_err:
2623 OPENSSL_cleanse(identity, PSK_MAX_IDENTITY_LEN);
2624 OPENSSL_cleanse(psk_or_pre_ms, sizeof(psk_or_pre_ms));
2625 if (psk_err != 0)
2626 {
2627 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
2628 goto err;
2629 }
2630 }
2631#endif
2632 else 2317 else
2633 { 2318 {
2634 ssl3_send_alert(s, SSL3_AL_FATAL, 2319 ssl3_send_alert(s, SSL3_AL_FATAL,
@@ -2665,37 +2350,28 @@ int ssl3_send_client_verify(SSL *s)
2665 unsigned char *p,*d; 2350 unsigned char *p,*d;
2666 unsigned char data[MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH]; 2351 unsigned char data[MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH];
2667 EVP_PKEY *pkey; 2352 EVP_PKEY *pkey;
2668 EVP_PKEY_CTX *pctx=NULL;
2669#ifndef OPENSSL_NO_RSA 2353#ifndef OPENSSL_NO_RSA
2670 unsigned u=0; 2354 unsigned u=0;
2671#endif 2355#endif
2672 unsigned long n; 2356 unsigned long n;
2357#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECDSA)
2673 int j; 2358 int j;
2359#endif
2674 2360
2675 if (s->state == SSL3_ST_CW_CERT_VRFY_A) 2361 if (s->state == SSL3_ST_CW_CERT_VRFY_A)
2676 { 2362 {
2677 d=(unsigned char *)s->init_buf->data; 2363 d=(unsigned char *)s->init_buf->data;
2678 p= &(d[4]); 2364 p= &(d[4]);
2679 pkey=s->cert->key->privatekey; 2365 pkey=s->cert->key->privatekey;
2680/* Create context from key and test if sha1 is allowed as digest */ 2366
2681 pctx = EVP_PKEY_CTX_new(pkey,NULL); 2367 s->method->ssl3_enc->cert_verify_mac(s,&(s->s3->finish_dgst2),
2682 EVP_PKEY_sign_init(pctx); 2368 &(data[MD5_DIGEST_LENGTH]));
2683 if (EVP_PKEY_CTX_set_signature_md(pctx, EVP_sha1())>0) 2369
2684 {
2685 s->method->ssl3_enc->cert_verify_mac(s,
2686 NID_sha1,
2687 &(data[MD5_DIGEST_LENGTH]));
2688 }
2689 else
2690 {
2691 ERR_clear_error();
2692 }
2693#ifndef OPENSSL_NO_RSA 2370#ifndef OPENSSL_NO_RSA
2694 if (pkey->type == EVP_PKEY_RSA) 2371 if (pkey->type == EVP_PKEY_RSA)
2695 { 2372 {
2696 s->method->ssl3_enc->cert_verify_mac(s, 2373 s->method->ssl3_enc->cert_verify_mac(s,
2697 NID_md5, 2374 &(s->s3->finish_dgst1),&(data[0]));
2698 &(data[0]));
2699 if (RSA_sign(NID_md5_sha1, data, 2375 if (RSA_sign(NID_md5_sha1, data,
2700 MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH, 2376 MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH,
2701 &(p[2]), &u, pkey->pkey.rsa) <= 0 ) 2377 &(p[2]), &u, pkey->pkey.rsa) <= 0 )
@@ -2741,30 +2417,10 @@ int ssl3_send_client_verify(SSL *s)
2741 } 2417 }
2742 else 2418 else
2743#endif 2419#endif
2744 if (pkey->type == NID_id_GostR3410_94 || pkey->type == NID_id_GostR3410_2001) 2420 {
2745 {
2746 unsigned char signbuf[64];
2747 int i;
2748 size_t sigsize=64;
2749 s->method->ssl3_enc->cert_verify_mac(s,
2750 NID_id_GostR3411_94,
2751 data);
2752 if (EVP_PKEY_sign(pctx, signbuf, &sigsize, data, 32) <= 0) {
2753 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,
2754 ERR_R_INTERNAL_ERROR);
2755 goto err;
2756 }
2757 for (i=63,j=0; i>=0; j++, i--) {
2758 p[2+j]=signbuf[i];
2759 }
2760 s2n(j,p);
2761 n=j+2;
2762 }
2763 else
2764 {
2765 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,ERR_R_INTERNAL_ERROR); 2421 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,ERR_R_INTERNAL_ERROR);
2766 goto err; 2422 goto err;
2767 } 2423 }
2768 *(d++)=SSL3_MT_CERTIFICATE_VERIFY; 2424 *(d++)=SSL3_MT_CERTIFICATE_VERIFY;
2769 l2n3(n,d); 2425 l2n3(n,d);
2770 2426
@@ -2772,10 +2428,8 @@ int ssl3_send_client_verify(SSL *s)
2772 s->init_num=(int)n+4; 2428 s->init_num=(int)n+4;
2773 s->init_off=0; 2429 s->init_off=0;
2774 } 2430 }
2775 EVP_PKEY_CTX_free(pctx);
2776 return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); 2431 return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
2777err: 2432err:
2778 EVP_PKEY_CTX_free(pctx);
2779 return(-1); 2433 return(-1);
2780 } 2434 }
2781 2435
@@ -2860,7 +2514,7 @@ int ssl3_send_client_certificate(SSL *s)
2860int ssl3_check_cert_and_algorithm(SSL *s) 2514int ssl3_check_cert_and_algorithm(SSL *s)
2861 { 2515 {
2862 int i,idx; 2516 int i,idx;
2863 long alg_k,alg_a; 2517 long algs;
2864 EVP_PKEY *pkey=NULL; 2518 EVP_PKEY *pkey=NULL;
2865 SESS_CERT *sc; 2519 SESS_CERT *sc;
2866#ifndef OPENSSL_NO_RSA 2520#ifndef OPENSSL_NO_RSA
@@ -2870,14 +2524,14 @@ int ssl3_check_cert_and_algorithm(SSL *s)
2870 DH *dh; 2524 DH *dh;
2871#endif 2525#endif
2872 2526
2873 alg_k=s->s3->tmp.new_cipher->algorithm_mkey; 2527 sc=s->session->sess_cert;
2874 alg_a=s->s3->tmp.new_cipher->algorithm_auth; 2528
2529 algs=s->s3->tmp.new_cipher->algorithms;
2875 2530
2876 /* we don't have a certificate */ 2531 /* we don't have a certificate */
2877 if ((alg_a & (SSL_aDH|SSL_aNULL|SSL_aKRB5)) || (alg_k & SSL_kPSK)) 2532 if (algs & (SSL_aDH|SSL_aNULL|SSL_aKRB5))
2878 return(1); 2533 return(1);
2879 2534
2880 sc=s->session->sess_cert;
2881 if (sc == NULL) 2535 if (sc == NULL)
2882 { 2536 {
2883 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,ERR_R_INTERNAL_ERROR); 2537 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,ERR_R_INTERNAL_ERROR);
@@ -2897,11 +2551,11 @@ int ssl3_check_cert_and_algorithm(SSL *s)
2897#ifndef OPENSSL_NO_ECDH 2551#ifndef OPENSSL_NO_ECDH
2898 if (idx == SSL_PKEY_ECC) 2552 if (idx == SSL_PKEY_ECC)
2899 { 2553 {
2900 if (ssl_check_srvr_ecc_cert_and_alg(sc->peer_pkeys[idx].x509, 2554 if (check_srvr_ecc_cert_and_alg(sc->peer_pkeys[idx].x509,
2901 s->s3->tmp.new_cipher) == 0) 2555 s->s3->tmp.new_cipher) == 0)
2902 { /* check failed */ 2556 { /* check failed */
2903 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_BAD_ECC_CERT); 2557 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_BAD_ECC_CERT);
2904 goto f_err; 2558 goto f_err;
2905 } 2559 }
2906 else 2560 else
2907 { 2561 {
@@ -2915,20 +2569,20 @@ int ssl3_check_cert_and_algorithm(SSL *s)
2915 2569
2916 2570
2917 /* Check that we have a certificate if we require one */ 2571 /* Check that we have a certificate if we require one */
2918 if ((alg_a & SSL_aRSA) && !has_bits(i,EVP_PK_RSA|EVP_PKT_SIGN)) 2572 if ((algs & SSL_aRSA) && !has_bits(i,EVP_PK_RSA|EVP_PKT_SIGN))
2919 { 2573 {
2920 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_RSA_SIGNING_CERT); 2574 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_RSA_SIGNING_CERT);
2921 goto f_err; 2575 goto f_err;
2922 } 2576 }
2923#ifndef OPENSSL_NO_DSA 2577#ifndef OPENSSL_NO_DSA
2924 else if ((alg_a & SSL_aDSS) && !has_bits(i,EVP_PK_DSA|EVP_PKT_SIGN)) 2578 else if ((algs & SSL_aDSS) && !has_bits(i,EVP_PK_DSA|EVP_PKT_SIGN))
2925 { 2579 {
2926 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DSA_SIGNING_CERT); 2580 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DSA_SIGNING_CERT);
2927 goto f_err; 2581 goto f_err;
2928 } 2582 }
2929#endif 2583#endif
2930#ifndef OPENSSL_NO_RSA 2584#ifndef OPENSSL_NO_RSA
2931 if ((alg_k & SSL_kRSA) && 2585 if ((algs & SSL_kRSA) &&
2932 !(has_bits(i,EVP_PK_RSA|EVP_PKT_ENC) || (rsa != NULL))) 2586 !(has_bits(i,EVP_PK_RSA|EVP_PKT_ENC) || (rsa != NULL)))
2933 { 2587 {
2934 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_RSA_ENCRYPTING_CERT); 2588 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_RSA_ENCRYPTING_CERT);
@@ -2936,19 +2590,19 @@ int ssl3_check_cert_and_algorithm(SSL *s)
2936 } 2590 }
2937#endif 2591#endif
2938#ifndef OPENSSL_NO_DH 2592#ifndef OPENSSL_NO_DH
2939 if ((alg_k & SSL_kEDH) && 2593 if ((algs & SSL_kEDH) &&
2940 !(has_bits(i,EVP_PK_DH|EVP_PKT_EXCH) || (dh != NULL))) 2594 !(has_bits(i,EVP_PK_DH|EVP_PKT_EXCH) || (dh != NULL)))
2941 { 2595 {
2942 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_KEY); 2596 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_KEY);
2943 goto f_err; 2597 goto f_err;
2944 } 2598 }
2945 else if ((alg_k & SSL_kDHr) && !has_bits(i,EVP_PK_DH|EVP_PKS_RSA)) 2599 else if ((algs & SSL_kDHr) && !has_bits(i,EVP_PK_DH|EVP_PKS_RSA))
2946 { 2600 {
2947 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_RSA_CERT); 2601 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_RSA_CERT);
2948 goto f_err; 2602 goto f_err;
2949 } 2603 }
2950#ifndef OPENSSL_NO_DSA 2604#ifndef OPENSSL_NO_DSA
2951 else if ((alg_k & SSL_kDHd) && !has_bits(i,EVP_PK_DH|EVP_PKS_DSA)) 2605 else if ((algs & SSL_kDHd) && !has_bits(i,EVP_PK_DH|EVP_PKS_DSA))
2952 { 2606 {
2953 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_DSA_CERT); 2607 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_DSA_CERT);
2954 goto f_err; 2608 goto f_err;
@@ -2959,7 +2613,7 @@ int ssl3_check_cert_and_algorithm(SSL *s)
2959 if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && !has_bits(i,EVP_PKT_EXP)) 2613 if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && !has_bits(i,EVP_PKT_EXP))
2960 { 2614 {
2961#ifndef OPENSSL_NO_RSA 2615#ifndef OPENSSL_NO_RSA
2962 if (alg_k & SSL_kRSA) 2616 if (algs & SSL_kRSA)
2963 { 2617 {
2964 if (rsa == NULL 2618 if (rsa == NULL
2965 || RSA_size(rsa)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) 2619 || RSA_size(rsa)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher))
@@ -2971,7 +2625,7 @@ int ssl3_check_cert_and_algorithm(SSL *s)
2971 else 2625 else
2972#endif 2626#endif
2973#ifndef OPENSSL_NO_DH 2627#ifndef OPENSSL_NO_DH
2974 if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) 2628 if (algs & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
2975 { 2629 {
2976 if (dh == NULL 2630 if (dh == NULL
2977 || DH_size(dh)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) 2631 || DH_size(dh)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher))
@@ -2994,18 +2648,64 @@ err:
2994 return(0); 2648 return(0);
2995 } 2649 }
2996 2650
2651
2652#ifndef OPENSSL_NO_ECDH
2653/* This is the complement of nid2curve_id in s3_srvr.c. */
2654static int curve_id2nid(int curve_id)
2655{
2656 /* ECC curves from draft-ietf-tls-ecc-01.txt (Mar 15, 2001)
2657 * (no changes in draft-ietf-tls-ecc-03.txt [June 2003]) */
2658 static int nid_list[26] =
2659 {
2660 0,
2661 NID_sect163k1, /* sect163k1 (1) */
2662 NID_sect163r1, /* sect163r1 (2) */
2663 NID_sect163r2, /* sect163r2 (3) */
2664 NID_sect193r1, /* sect193r1 (4) */
2665 NID_sect193r2, /* sect193r2 (5) */
2666 NID_sect233k1, /* sect233k1 (6) */
2667 NID_sect233r1, /* sect233r1 (7) */
2668 NID_sect239k1, /* sect239k1 (8) */
2669 NID_sect283k1, /* sect283k1 (9) */
2670 NID_sect283r1, /* sect283r1 (10) */
2671 NID_sect409k1, /* sect409k1 (11) */
2672 NID_sect409r1, /* sect409r1 (12) */
2673 NID_sect571k1, /* sect571k1 (13) */
2674 NID_sect571r1, /* sect571r1 (14) */
2675 NID_secp160k1, /* secp160k1 (15) */
2676 NID_secp160r1, /* secp160r1 (16) */
2677 NID_secp160r2, /* secp160r2 (17) */
2678 NID_secp192k1, /* secp192k1 (18) */
2679 NID_X9_62_prime192v1, /* secp192r1 (19) */
2680 NID_secp224k1, /* secp224k1 (20) */
2681 NID_secp224r1, /* secp224r1 (21) */
2682 NID_secp256k1, /* secp256k1 (22) */
2683 NID_X9_62_prime256v1, /* secp256r1 (23) */
2684 NID_secp384r1, /* secp384r1 (24) */
2685 NID_secp521r1 /* secp521r1 (25) */
2686 };
2687
2688 if ((curve_id < 1) || (curve_id > 25)) return 0;
2689
2690 return nid_list[curve_id];
2691}
2692#endif
2693
2997/* Check to see if handshake is full or resumed. Usually this is just a 2694/* Check to see if handshake is full or resumed. Usually this is just a
2998 * case of checking to see if a cache hit has occurred. In the case of 2695 * case of checking to see if a cache hit has occurred. In the case of
2999 * session tickets we have to check the next message to be sure. 2696 * session tickets we have to check the next message to be sure.
3000 */ 2697 */
3001 2698
3002#ifndef OPENSSL_NO_TLSEXT 2699#ifndef OPENSSL_NO_TLSEXT
3003int ssl3_check_finished(SSL *s) 2700static int ssl3_check_finished(SSL *s)
3004 { 2701 {
3005 int ok; 2702 int ok;
3006 long n; 2703 long n;
3007 /* If we have no ticket it cannot be a resumed session. */ 2704 /* If we have no ticket or session ID is non-zero length (a match of
3008 if (!s->session->tlsext_tick) 2705 * a non-zero session length would never reach here) it cannot be a
2706 * resumed session.
2707 */
2708 if (!s->session->tlsext_tick || s->session->session_id_length)
3009 return 1; 2709 return 1;
3010 /* this function is called when we really expect a Certificate 2710 /* this function is called when we really expect a Certificate
3011 * message, so permit appropriate message length */ 2711 * message, so permit appropriate message length */
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-04 05:54:19 +0000