summaryrefslogtreecommitdiff
path: root/src/lib/libssl/s3_clnt.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libssl/s3_clnt.c')
-rw-r--r--src/lib/libssl/s3_clnt.c1021
1 files changed, 877 insertions, 144 deletions
diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c
index 05194fdb31..f6864cdc50 100644
--- a/src/lib/libssl/s3_clnt.c
+++ b/src/lib/libssl/s3_clnt.c
@@ -56,7 +56,7 @@
56 * [including the GNU Public Licence.] 56 * [including the GNU Public Licence.]
57 */ 57 */
58/* ==================================================================== 58/* ====================================================================
59 * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. 59 * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved.
60 * 60 *
61 * Redistribution and use in source and binary forms, with or without 61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions 62 * modification, are permitted provided that the following conditions
@@ -108,6 +108,19 @@
108 * Hudson (tjh@cryptsoft.com). 108 * Hudson (tjh@cryptsoft.com).
109 * 109 *
110 */ 110 */
111/* ====================================================================
112 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
113 *
114 * Portions of the attached software ("Contribution") are developed by
115 * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
116 *
117 * The Contribution is licensed pursuant to the OpenSSL open source
118 * license provided above.
119 *
120 * ECC cipher suite support in OpenSSL originally written by
121 * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
122 *
123 */
111 124
112#include <stdio.h> 125#include <stdio.h>
113#include "ssl_locl.h" 126#include "ssl_locl.h"
@@ -117,20 +130,22 @@
117#include <openssl/objects.h> 130#include <openssl/objects.h>
118#include <openssl/evp.h> 131#include <openssl/evp.h>
119#include <openssl/md5.h> 132#include <openssl/md5.h>
120#include <openssl/fips.h> 133#ifndef OPENSSL_NO_DH
134#include <openssl/dh.h>
135#endif
136#include <openssl/bn.h>
121 137
122static SSL_METHOD *ssl3_get_client_method(int ver); 138static SSL_METHOD *ssl3_get_client_method(int ver);
123static int ssl3_client_hello(SSL *s);
124static int ssl3_get_server_hello(SSL *s);
125static int ssl3_get_certificate_request(SSL *s);
126static int ca_dn_cmp(const X509_NAME * const *a,const X509_NAME * const *b); 139static int ca_dn_cmp(const X509_NAME * const *a,const X509_NAME * const *b);
127static int ssl3_get_server_done(SSL *s); 140#ifndef OPENSSL_NO_TLSEXT
128static int ssl3_send_client_verify(SSL *s); 141static int ssl3_check_finished(SSL *s);
129static int ssl3_send_client_certificate(SSL *s); 142#endif
130static int ssl3_send_client_key_exchange(SSL *s); 143
131static int ssl3_get_key_exchange(SSL *s); 144#ifndef OPENSSL_NO_ECDH
132static int ssl3_get_server_certificate(SSL *s); 145static int curve_id2nid(int curve_id);
133static int ssl3_check_cert_and_algorithm(SSL *s); 146int check_srvr_ecc_cert_and_alg(X509 *x, SSL_CIPHER *cs);
147#endif
148
134static SSL_METHOD *ssl3_get_client_method(int ver) 149static SSL_METHOD *ssl3_get_client_method(int ver)
135 { 150 {
136 if (ver == SSL3_VERSION) 151 if (ver == SSL3_VERSION)
@@ -139,28 +154,10 @@ static SSL_METHOD *ssl3_get_client_method(int ver)
139 return(NULL); 154 return(NULL);
140 } 155 }
141 156
142SSL_METHOD *SSLv3_client_method(void) 157IMPLEMENT_ssl3_meth_func(SSLv3_client_method,
143 { 158 ssl_undefined_function,
144 static int init=1; 159 ssl3_connect,
145 static SSL_METHOD SSLv3_client_data; 160 ssl3_get_client_method)
146
147 if (init)
148 {
149 CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
150
151 if (init)
152 {
153 memcpy((char *)&SSLv3_client_data,(char *)sslv3_base_method(),
154 sizeof(SSL_METHOD));
155 SSLv3_client_data.ssl_connect=ssl3_connect;
156 SSLv3_client_data.get_ssl_method=ssl3_get_client_method;
157 init=0;
158 }
159
160 CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
161 }
162 return(&SSLv3_client_data);
163 }
164 161
165int ssl3_connect(SSL *s) 162int ssl3_connect(SSL *s)
166 { 163 {
@@ -270,15 +267,43 @@ int ssl3_connect(SSL *s)
270 267
271 case SSL3_ST_CR_CERT_A: 268 case SSL3_ST_CR_CERT_A:
272 case SSL3_ST_CR_CERT_B: 269 case SSL3_ST_CR_CERT_B:
273 /* Check if it is anon DH */ 270#ifndef OPENSSL_NO_TLSEXT
271 ret=ssl3_check_finished(s);
272 if (ret <= 0) goto end;
273 if (ret == 2)
274 {
275 s->hit = 1;
276 if (s->tlsext_ticket_expected)
277 s->state=SSL3_ST_CR_SESSION_TICKET_A;
278 else
279 s->state=SSL3_ST_CR_FINISHED_A;
280 s->init_num=0;
281 break;
282 }
283#endif
284 /* Check if it is anon DH/ECDH */
274 if (!(s->s3->tmp.new_cipher->algorithms & SSL_aNULL)) 285 if (!(s->s3->tmp.new_cipher->algorithms & SSL_aNULL))
275 { 286 {
276 ret=ssl3_get_server_certificate(s); 287 ret=ssl3_get_server_certificate(s);
277 if (ret <= 0) goto end; 288 if (ret <= 0) goto end;
289#ifndef OPENSSL_NO_TLSEXT
290 if (s->tlsext_status_expected)
291 s->state=SSL3_ST_CR_CERT_STATUS_A;
292 else
293 s->state=SSL3_ST_CR_KEY_EXCH_A;
294 }
295 else
296 {
297 skip = 1;
298 s->state=SSL3_ST_CR_KEY_EXCH_A;
299 }
300#else
278 } 301 }
279 else 302 else
280 skip=1; 303 skip=1;
304
281 s->state=SSL3_ST_CR_KEY_EXCH_A; 305 s->state=SSL3_ST_CR_KEY_EXCH_A;
306#endif
282 s->init_num=0; 307 s->init_num=0;
283 break; 308 break;
284 309
@@ -337,6 +362,13 @@ int ssl3_connect(SSL *s)
337 * sent back */ 362 * sent back */
338 /* For TLS, cert_req is set to 2, so a cert chain 363 /* For TLS, cert_req is set to 2, so a cert chain
339 * of nothing is sent, but no verify packet is sent */ 364 * of nothing is sent, but no verify packet is sent */
365 /* XXX: For now, we do not support client
366 * authentication in ECDH cipher suites with
367 * ECDH (rather than ECDSA) certificates.
368 * We need to skip the certificate verify
369 * message when client's ECDH public key is sent
370 * inside the client certificate.
371 */
340 if (s->s3->tmp.cert_req == 1) 372 if (s->s3->tmp.cert_req == 1)
341 { 373 {
342 s->state=SSL3_ST_CW_CERT_VRFY_A; 374 s->state=SSL3_ST_CW_CERT_VRFY_A;
@@ -368,11 +400,15 @@ int ssl3_connect(SSL *s)
368 s->init_num=0; 400 s->init_num=0;
369 401
370 s->session->cipher=s->s3->tmp.new_cipher; 402 s->session->cipher=s->s3->tmp.new_cipher;
403#ifdef OPENSSL_NO_COMP
404 s->session->compress_meth=0;
405#else
371 if (s->s3->tmp.new_compression == NULL) 406 if (s->s3->tmp.new_compression == NULL)
372 s->session->compress_meth=0; 407 s->session->compress_meth=0;
373 else 408 else
374 s->session->compress_meth= 409 s->session->compress_meth=
375 s->s3->tmp.new_compression->id; 410 s->s3->tmp.new_compression->id;
411#endif
376 if (!s->method->ssl3_enc->setup_key_block(s)) 412 if (!s->method->ssl3_enc->setup_key_block(s))
377 { 413 {
378 ret= -1; 414 ret= -1;
@@ -411,11 +447,36 @@ int ssl3_connect(SSL *s)
411 } 447 }
412 else 448 else
413 { 449 {
450#ifndef OPENSSL_NO_TLSEXT
451 /* Allow NewSessionTicket if ticket expected */
452 if (s->tlsext_ticket_expected)
453 s->s3->tmp.next_state=SSL3_ST_CR_SESSION_TICKET_A;
454 else
455#endif
456
414 s->s3->tmp.next_state=SSL3_ST_CR_FINISHED_A; 457 s->s3->tmp.next_state=SSL3_ST_CR_FINISHED_A;
415 } 458 }
416 s->init_num=0; 459 s->init_num=0;
417 break; 460 break;
418 461
462#ifndef OPENSSL_NO_TLSEXT
463 case SSL3_ST_CR_SESSION_TICKET_A:
464 case SSL3_ST_CR_SESSION_TICKET_B:
465 ret=ssl3_get_new_session_ticket(s);
466 if (ret <= 0) goto end;
467 s->state=SSL3_ST_CR_FINISHED_A;
468 s->init_num=0;
469 break;
470
471 case SSL3_ST_CR_CERT_STATUS_A:
472 case SSL3_ST_CR_CERT_STATUS_B:
473 ret=ssl3_get_cert_status(s);
474 if (ret <= 0) goto end;
475 s->state=SSL3_ST_CR_KEY_EXCH_A;
476 s->init_num=0;
477 break;
478#endif
479
419 case SSL3_ST_CR_FINISHED_A: 480 case SSL3_ST_CR_FINISHED_A:
420 case SSL3_ST_CR_FINISHED_B: 481 case SSL3_ST_CR_FINISHED_B:
421 482
@@ -512,13 +573,16 @@ end:
512 } 573 }
513 574
514 575
515static int ssl3_client_hello(SSL *s) 576int ssl3_client_hello(SSL *s)
516 { 577 {
517 unsigned char *buf; 578 unsigned char *buf;
518 unsigned char *p,*d; 579 unsigned char *p,*d;
519 int i,j; 580 int i;
520 unsigned long Time,l; 581 unsigned long Time,l;
582#ifndef OPENSSL_NO_COMP
583 int j;
521 SSL_COMP *comp; 584 SSL_COMP *comp;
585#endif
522 586
523 buf=(unsigned char *)s->init_buf->data; 587 buf=(unsigned char *)s->init_buf->data;
524 if (s->state == SSL3_ST_CW_CLNT_HELLO_A) 588 if (s->state == SSL3_ST_CW_CLNT_HELLO_A)
@@ -535,8 +599,8 @@ static int ssl3_client_hello(SSL *s)
535 p=s->s3->client_random; 599 p=s->s3->client_random;
536 Time=(unsigned long)time(NULL); /* Time */ 600 Time=(unsigned long)time(NULL); /* Time */
537 l2n(Time,p); 601 l2n(Time,p);
538 if(RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0) 602 if (RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0)
539 goto err; 603 goto err;
540 604
541 /* Do the message type and length last */ 605 /* Do the message type and length last */
542 d=p= &(buf[4]); 606 d=p= &(buf[4]);
@@ -557,7 +621,7 @@ static int ssl3_client_hello(SSL *s)
557 *(p++)=i; 621 *(p++)=i;
558 if (i != 0) 622 if (i != 0)
559 { 623 {
560 if (i > sizeof s->session->session_id) 624 if (i > (int)sizeof(s->session->session_id))
561 { 625 {
562 SSLerr(SSL_F_SSL3_CLIENT_HELLO, ERR_R_INTERNAL_ERROR); 626 SSLerr(SSL_F_SSL3_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
563 goto err; 627 goto err;
@@ -577,6 +641,9 @@ static int ssl3_client_hello(SSL *s)
577 p+=i; 641 p+=i;
578 642
579 /* COMPRESSION */ 643 /* COMPRESSION */
644#ifdef OPENSSL_NO_COMP
645 *(p++)=1;
646#else
580 if (s->ctx->comp_methods == NULL) 647 if (s->ctx->comp_methods == NULL)
581 j=0; 648 j=0;
582 else 649 else
@@ -587,8 +654,15 @@ static int ssl3_client_hello(SSL *s)
587 comp=sk_SSL_COMP_value(s->ctx->comp_methods,i); 654 comp=sk_SSL_COMP_value(s->ctx->comp_methods,i);
588 *(p++)=comp->id; 655 *(p++)=comp->id;
589 } 656 }
657#endif
590 *(p++)=0; /* Add the NULL method */ 658 *(p++)=0; /* Add the NULL method */
591 659#ifndef OPENSSL_NO_TLSEXT
660 if ((p = ssl_add_clienthello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL)
661 {
662 SSLerr(SSL_F_SSL3_CLIENT_HELLO,ERR_R_INTERNAL_ERROR);
663 goto err;
664 }
665#endif
592 l=(p-d); 666 l=(p-d);
593 d=buf; 667 d=buf;
594 *(d++)=SSL3_MT_CLIENT_HELLO; 668 *(d++)=SSL3_MT_CLIENT_HELLO;
@@ -606,7 +680,7 @@ err:
606 return(-1); 680 return(-1);
607 } 681 }
608 682
609static int ssl3_get_server_hello(SSL *s) 683int ssl3_get_server_hello(SSL *s)
610 { 684 {
611 STACK_OF(SSL_CIPHER) *sk; 685 STACK_OF(SSL_CIPHER) *sk;
612 SSL_CIPHER *c; 686 SSL_CIPHER *c;
@@ -614,16 +688,44 @@ static int ssl3_get_server_hello(SSL *s)
614 int i,al,ok; 688 int i,al,ok;
615 unsigned int j; 689 unsigned int j;
616 long n; 690 long n;
691#ifndef OPENSSL_NO_COMP
617 SSL_COMP *comp; 692 SSL_COMP *comp;
693#endif
618 694
619 n=ssl3_get_message(s, 695 n=s->method->ssl_get_message(s,
620 SSL3_ST_CR_SRVR_HELLO_A, 696 SSL3_ST_CR_SRVR_HELLO_A,
621 SSL3_ST_CR_SRVR_HELLO_B, 697 SSL3_ST_CR_SRVR_HELLO_B,
622 SSL3_MT_SERVER_HELLO, 698 -1,
623 300, /* ?? */ 699 20000, /* ?? */
624 &ok); 700 &ok);
625 701
626 if (!ok) return((int)n); 702 if (!ok) return((int)n);
703
704 if ( SSL_version(s) == DTLS1_VERSION)
705 {
706 if ( s->s3->tmp.message_type == DTLS1_MT_HELLO_VERIFY_REQUEST)
707 {
708 if ( s->d1->send_cookie == 0)
709 {
710 s->s3->tmp.reuse_message = 1;
711 return 1;
712 }
713 else /* already sent a cookie */
714 {
715 al=SSL_AD_UNEXPECTED_MESSAGE;
716 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_BAD_MESSAGE_TYPE);
717 goto f_err;
718 }
719 }
720 }
721
722 if ( s->s3->tmp.message_type != SSL3_MT_SERVER_HELLO)
723 {
724 al=SSL_AD_UNEXPECTED_MESSAGE;
725 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_BAD_MESSAGE_TYPE);
726 goto f_err;
727 }
728
627 d=p=(unsigned char *)s->init_msg; 729 d=p=(unsigned char *)s->init_msg;
628 730
629 if ((p[0] != (s->version>>8)) || (p[1] != (s->version&0xff))) 731 if ((p[0] != (s->version>>8)) || (p[1] != (s->version&0xff)))
@@ -719,6 +821,14 @@ static int ssl3_get_server_hello(SSL *s)
719 821
720 /* lets get the compression algorithm */ 822 /* lets get the compression algorithm */
721 /* COMPRESSION */ 823 /* COMPRESSION */
824#ifdef OPENSSL_NO_COMP
825 if (*(p++) != 0)
826 {
827 al=SSL_AD_ILLEGAL_PARAMETER;
828 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
829 goto f_err;
830 }
831#else
722 j= *(p++); 832 j= *(p++);
723 if (j == 0) 833 if (j == 0)
724 comp=NULL; 834 comp=NULL;
@@ -735,6 +845,25 @@ static int ssl3_get_server_hello(SSL *s)
735 { 845 {
736 s->s3->tmp.new_compression=comp; 846 s->s3->tmp.new_compression=comp;
737 } 847 }
848#endif
849#ifndef OPENSSL_NO_TLSEXT
850 /* TLS extensions*/
851 if (s->version > SSL3_VERSION)
852 {
853 if (!ssl_parse_serverhello_tlsext(s,&p,d,n, &al))
854 {
855 /* 'al' set by ssl_parse_serverhello_tlsext */
856 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_PARSE_TLSEXT);
857 goto f_err;
858 }
859 if (ssl_check_serverhello_tlsext(s) <= 0)
860 {
861 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_SERVERHELLO_TLSEXT);
862 goto err;
863 }
864 }
865#endif
866
738 867
739 if (p != (d+n)) 868 if (p != (d+n))
740 { 869 {
@@ -751,18 +880,19 @@ err:
751 return(-1); 880 return(-1);
752 } 881 }
753 882
754static int ssl3_get_server_certificate(SSL *s) 883int ssl3_get_server_certificate(SSL *s)
755 { 884 {
756 int al,i,ok,ret= -1; 885 int al,i,ok,ret= -1;
757 unsigned long n,nc,llen,l; 886 unsigned long n,nc,llen,l;
758 X509 *x=NULL; 887 X509 *x=NULL;
759 unsigned char *p,*d,*q; 888 const unsigned char *q,*p;
889 unsigned char *d;
760 STACK_OF(X509) *sk=NULL; 890 STACK_OF(X509) *sk=NULL;
761 SESS_CERT *sc; 891 SESS_CERT *sc;
762 EVP_PKEY *pkey=NULL; 892 EVP_PKEY *pkey=NULL;
763 int need_cert = 1; /* VRS: 0=> will allow null cert if auth == KRB5 */ 893 int need_cert = 1; /* VRS: 0=> will allow null cert if auth == KRB5 */
764 894
765 n=ssl3_get_message(s, 895 n=s->method->ssl_get_message(s,
766 SSL3_ST_CR_CERT_A, 896 SSL3_ST_CR_CERT_A,
767 SSL3_ST_CR_CERT_B, 897 SSL3_ST_CR_CERT_B,
768 -1, 898 -1,
@@ -771,7 +901,9 @@ static int ssl3_get_server_certificate(SSL *s)
771 901
772 if (!ok) return((int)n); 902 if (!ok) return((int)n);
773 903
774 if (s->s3->tmp.message_type == SSL3_MT_SERVER_KEY_EXCHANGE) 904 if ((s->s3->tmp.message_type == SSL3_MT_SERVER_KEY_EXCHANGE) ||
905 ((s->s3->tmp.new_cipher->algorithms & SSL_aKRB5) &&
906 (s->s3->tmp.message_type == SSL3_MT_SERVER_DONE)))
775 { 907 {
776 s->s3->tmp.reuse_message=1; 908 s->s3->tmp.reuse_message=1;
777 return(1); 909 return(1);
@@ -783,7 +915,7 @@ static int ssl3_get_server_certificate(SSL *s)
783 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_BAD_MESSAGE_TYPE); 915 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_BAD_MESSAGE_TYPE);
784 goto f_err; 916 goto f_err;
785 } 917 }
786 d=p=(unsigned char *)s->init_msg; 918 p=d=(unsigned char *)s->init_msg;
787 919
788 if ((sk=sk_X509_new_null()) == NULL) 920 if ((sk=sk_X509_new_null()) == NULL)
789 { 921 {
@@ -835,10 +967,10 @@ static int ssl3_get_server_certificate(SSL *s)
835 i=ssl_verify_cert_chain(s,sk); 967 i=ssl_verify_cert_chain(s,sk);
836 if ((s->verify_mode != SSL_VERIFY_NONE) && (!i) 968 if ((s->verify_mode != SSL_VERIFY_NONE) && (!i)
837#ifndef OPENSSL_NO_KRB5 969#ifndef OPENSSL_NO_KRB5
838 && (s->s3->tmp.new_cipher->algorithms & (SSL_MKEY_MASK|SSL_AUTH_MASK)) 970 && (s->s3->tmp.new_cipher->algorithms & (SSL_MKEY_MASK|SSL_AUTH_MASK))
839 != (SSL_aKRB5|SSL_kKRB5) 971 != (SSL_aKRB5|SSL_kKRB5)
840#endif /* OPENSSL_NO_KRB5 */ 972#endif /* OPENSSL_NO_KRB5 */
841 ) 973 )
842 { 974 {
843 al=ssl_verify_alarm_type(s->verify_result); 975 al=ssl_verify_alarm_type(s->verify_result);
844 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_CERTIFICATE_VERIFY_FAILED); 976 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_CERTIFICATE_VERIFY_FAILED);
@@ -861,16 +993,16 @@ static int ssl3_get_server_certificate(SSL *s)
861 993
862 pkey=X509_get_pubkey(x); 994 pkey=X509_get_pubkey(x);
863 995
864 /* VRS: allow null cert if auth == KRB5 */ 996 /* VRS: allow null cert if auth == KRB5 */
865 need_cert = ((s->s3->tmp.new_cipher->algorithms 997 need_cert = ((s->s3->tmp.new_cipher->algorithms
866 & (SSL_MKEY_MASK|SSL_AUTH_MASK)) 998 & (SSL_MKEY_MASK|SSL_AUTH_MASK))
867 == (SSL_aKRB5|SSL_kKRB5))? 0: 1; 999 == (SSL_aKRB5|SSL_kKRB5))? 0: 1;
868 1000
869#ifdef KSSL_DEBUG 1001#ifdef KSSL_DEBUG
870 printf("pkey,x = %p, %p\n", pkey,x); 1002 printf("pkey,x = %p, %p\n", pkey,x);
871 printf("ssl_cert_type(x,pkey) = %d\n", ssl_cert_type(x,pkey)); 1003 printf("ssl_cert_type(x,pkey) = %d\n", ssl_cert_type(x,pkey));
872 printf("cipher, alg, nc = %s, %lx, %d\n", s->s3->tmp.new_cipher->name, 1004 printf("cipher, alg, nc = %s, %lx, %d\n", s->s3->tmp.new_cipher->name,
873 s->s3->tmp.new_cipher->algorithms, need_cert); 1005 s->s3->tmp.new_cipher->algorithms, need_cert);
874#endif /* KSSL_DEBUG */ 1006#endif /* KSSL_DEBUG */
875 1007
876 if (need_cert && ((pkey == NULL) || EVP_PKEY_missing_parameters(pkey))) 1008 if (need_cert && ((pkey == NULL) || EVP_PKEY_missing_parameters(pkey)))
@@ -892,31 +1024,31 @@ static int ssl3_get_server_certificate(SSL *s)
892 goto f_err; 1024 goto f_err;
893 } 1025 }
894 1026
895 if (need_cert) 1027 if (need_cert)
896 { 1028 {
897 sc->peer_cert_type=i; 1029 sc->peer_cert_type=i;
898 CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509); 1030 CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509);
899 /* Why would the following ever happen? 1031 /* Why would the following ever happen?
900 * We just created sc a couple of lines ago. */ 1032 * We just created sc a couple of lines ago. */
901 if (sc->peer_pkeys[i].x509 != NULL) 1033 if (sc->peer_pkeys[i].x509 != NULL)
902 X509_free(sc->peer_pkeys[i].x509); 1034 X509_free(sc->peer_pkeys[i].x509);
903 sc->peer_pkeys[i].x509=x; 1035 sc->peer_pkeys[i].x509=x;
904 sc->peer_key= &(sc->peer_pkeys[i]); 1036 sc->peer_key= &(sc->peer_pkeys[i]);
905 1037
906 if (s->session->peer != NULL) 1038 if (s->session->peer != NULL)
907 X509_free(s->session->peer); 1039 X509_free(s->session->peer);
908 CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509); 1040 CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509);
909 s->session->peer=x; 1041 s->session->peer=x;
910 } 1042 }
911 else 1043 else
912 { 1044 {
913 sc->peer_cert_type=i; 1045 sc->peer_cert_type=i;
914 sc->peer_key= NULL; 1046 sc->peer_key= NULL;
915 1047
916 if (s->session->peer != NULL) 1048 if (s->session->peer != NULL)
917 X509_free(s->session->peer); 1049 X509_free(s->session->peer);
918 s->session->peer=NULL; 1050 s->session->peer=NULL;
919 } 1051 }
920 s->session->verify_result = s->verify_result; 1052 s->session->verify_result = s->verify_result;
921 1053
922 x=NULL; 1054 x=NULL;
@@ -934,7 +1066,7 @@ err:
934 return(ret); 1066 return(ret);
935 } 1067 }
936 1068
937static int ssl3_get_key_exchange(SSL *s) 1069int ssl3_get_key_exchange(SSL *s)
938 { 1070 {
939#ifndef OPENSSL_NO_RSA 1071#ifndef OPENSSL_NO_RSA
940 unsigned char *q,md_buf[EVP_MAX_MD_SIZE*2]; 1072 unsigned char *q,md_buf[EVP_MAX_MD_SIZE*2];
@@ -950,10 +1082,17 @@ static int ssl3_get_key_exchange(SSL *s)
950#ifndef OPENSSL_NO_DH 1082#ifndef OPENSSL_NO_DH
951 DH *dh=NULL; 1083 DH *dh=NULL;
952#endif 1084#endif
1085#ifndef OPENSSL_NO_ECDH
1086 EC_KEY *ecdh = NULL;
1087 BN_CTX *bn_ctx = NULL;
1088 EC_POINT *srvr_ecpoint = NULL;
1089 int curve_nid = 0;
1090 int encoded_pt_len = 0;
1091#endif
953 1092
954 /* use same message size as in ssl3_get_certificate_request() 1093 /* use same message size as in ssl3_get_certificate_request()
955 * as ServerKeyExchange message may be skipped */ 1094 * as ServerKeyExchange message may be skipped */
956 n=ssl3_get_message(s, 1095 n=s->method->ssl_get_message(s,
957 SSL3_ST_CR_KEY_EXCH_A, 1096 SSL3_ST_CR_KEY_EXCH_A,
958 SSL3_ST_CR_KEY_EXCH_B, 1097 SSL3_ST_CR_KEY_EXCH_B,
959 -1, 1098 -1,
@@ -986,6 +1125,13 @@ static int ssl3_get_key_exchange(SSL *s)
986 s->session->sess_cert->peer_dh_tmp=NULL; 1125 s->session->sess_cert->peer_dh_tmp=NULL;
987 } 1126 }
988#endif 1127#endif
1128#ifndef OPENSSL_NO_ECDH
1129 if (s->session->sess_cert->peer_ecdh_tmp)
1130 {
1131 EC_KEY_free(s->session->sess_cert->peer_ecdh_tmp);
1132 s->session->sess_cert->peer_ecdh_tmp=NULL;
1133 }
1134#endif
989 } 1135 }
990 else 1136 else
991 { 1137 {
@@ -1127,6 +1273,114 @@ static int ssl3_get_key_exchange(SSL *s)
1127 goto f_err; 1273 goto f_err;
1128 } 1274 }
1129#endif /* !OPENSSL_NO_DH */ 1275#endif /* !OPENSSL_NO_DH */
1276
1277#ifndef OPENSSL_NO_ECDH
1278 else if (alg & SSL_kECDHE)
1279 {
1280 EC_GROUP *ngroup;
1281 const EC_GROUP *group;
1282
1283 if ((ecdh=EC_KEY_new()) == NULL)
1284 {
1285 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
1286 goto err;
1287 }
1288
1289 /* Extract elliptic curve parameters and the
1290 * server's ephemeral ECDH public key.
1291 * Keep accumulating lengths of various components in
1292 * param_len and make sure it never exceeds n.
1293 */
1294
1295 /* XXX: For now we only support named (not generic) curves
1296 * and the ECParameters in this case is just three bytes.
1297 */
1298 param_len=3;
1299 if ((param_len > n) ||
1300 (*p != NAMED_CURVE_TYPE) ||
1301 ((curve_nid = curve_id2nid(*(p + 2))) == 0))
1302 {
1303 al=SSL_AD_INTERNAL_ERROR;
1304 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS);
1305 goto f_err;
1306 }
1307
1308 ngroup = EC_GROUP_new_by_curve_name(curve_nid);
1309 if (ngroup == NULL)
1310 {
1311 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_EC_LIB);
1312 goto err;
1313 }
1314 if (EC_KEY_set_group(ecdh, ngroup) == 0)
1315 {
1316 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_EC_LIB);
1317 goto err;
1318 }
1319 EC_GROUP_free(ngroup);
1320
1321 group = EC_KEY_get0_group(ecdh);
1322
1323 if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) &&
1324 (EC_GROUP_get_degree(group) > 163))
1325 {
1326 al=SSL_AD_EXPORT_RESTRICTION;
1327 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER);
1328 goto f_err;
1329 }
1330
1331 p+=3;
1332
1333 /* Next, get the encoded ECPoint */
1334 if (((srvr_ecpoint = EC_POINT_new(group)) == NULL) ||
1335 ((bn_ctx = BN_CTX_new()) == NULL))
1336 {
1337 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
1338 goto err;
1339 }
1340
1341 encoded_pt_len = *p; /* length of encoded point */
1342 p+=1;
1343 param_len += (1 + encoded_pt_len);
1344 if ((param_len > n) ||
1345 (EC_POINT_oct2point(group, srvr_ecpoint,
1346 p, encoded_pt_len, bn_ctx) == 0))
1347 {
1348 al=SSL_AD_DECODE_ERROR;
1349 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_ECPOINT);
1350 goto f_err;
1351 }
1352
1353 n-=param_len;
1354 p+=encoded_pt_len;
1355
1356 /* The ECC/TLS specification does not mention
1357 * the use of DSA to sign ECParameters in the server
1358 * key exchange message. We do support RSA and ECDSA.
1359 */
1360 if (0) ;
1361#ifndef OPENSSL_NO_RSA
1362 else if (alg & SSL_aRSA)
1363 pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
1364#endif
1365#ifndef OPENSSL_NO_ECDSA
1366 else if (alg & SSL_aECDSA)
1367 pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_ECC].x509);
1368#endif
1369 /* else anonymous ECDH, so no certificate or pkey. */
1370 EC_KEY_set_public_key(ecdh, srvr_ecpoint);
1371 s->session->sess_cert->peer_ecdh_tmp=ecdh;
1372 ecdh=NULL;
1373 BN_CTX_free(bn_ctx);
1374 EC_POINT_free(srvr_ecpoint);
1375 srvr_ecpoint = NULL;
1376 }
1377 else if (alg & SSL_kECDH)
1378 {
1379 al=SSL_AD_UNEXPECTED_MESSAGE;
1380 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE);
1381 goto f_err;
1382 }
1383#endif /* !OPENSSL_NO_ECDH */
1130 if (alg & SSL_aFZA) 1384 if (alg & SSL_aFZA)
1131 { 1385 {
1132 al=SSL_AD_HANDSHAKE_FAILURE; 1386 al=SSL_AD_HANDSHAKE_FAILURE;
@@ -1137,7 +1391,6 @@ static int ssl3_get_key_exchange(SSL *s)
1137 1391
1138 /* p points to the next byte, there are 'n' bytes left */ 1392 /* p points to the next byte, there are 'n' bytes left */
1139 1393
1140
1141 /* if it was signed, check the signature */ 1394 /* if it was signed, check the signature */
1142 if (pkey != NULL) 1395 if (pkey != NULL)
1143 { 1396 {
@@ -1162,14 +1415,11 @@ static int ssl3_get_key_exchange(SSL *s)
1162 q=md_buf; 1415 q=md_buf;
1163 for (num=2; num > 0; num--) 1416 for (num=2; num > 0; num--)
1164 { 1417 {
1165 EVP_MD_CTX_set_flags(&md_ctx,
1166 EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
1167 EVP_DigestInit_ex(&md_ctx,(num == 2) 1418 EVP_DigestInit_ex(&md_ctx,(num == 2)
1168 ?s->ctx->md5:s->ctx->sha1, NULL); 1419 ?s->ctx->md5:s->ctx->sha1, NULL);
1169 EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); 1420 EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
1170 EVP_DigestUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE); 1421 EVP_DigestUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
1171 EVP_DigestUpdate(&md_ctx,param,param_len); 1422 EVP_DigestUpdate(&md_ctx,param,param_len);
1172
1173 EVP_DigestFinal_ex(&md_ctx,q,(unsigned int *)&i); 1423 EVP_DigestFinal_ex(&md_ctx,q,(unsigned int *)&i);
1174 q+=i; 1424 q+=i;
1175 j+=i; 1425 j+=i;
@@ -1210,6 +1460,24 @@ static int ssl3_get_key_exchange(SSL *s)
1210 } 1460 }
1211 else 1461 else
1212#endif 1462#endif
1463#ifndef OPENSSL_NO_ECDSA
1464 if (pkey->type == EVP_PKEY_EC)
1465 {
1466 /* let's do ECDSA */
1467 EVP_VerifyInit_ex(&md_ctx,EVP_ecdsa(), NULL);
1468 EVP_VerifyUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
1469 EVP_VerifyUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
1470 EVP_VerifyUpdate(&md_ctx,param,param_len);
1471 if (!EVP_VerifyFinal(&md_ctx,p,(int)n,pkey))
1472 {
1473 /* bad signature */
1474 al=SSL_AD_DECRYPT_ERROR;
1475 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_SIGNATURE);
1476 goto f_err;
1477 }
1478 }
1479 else
1480#endif
1213 { 1481 {
1214 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR); 1482 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
1215 goto err; 1483 goto err;
@@ -1245,20 +1513,27 @@ err:
1245 if (dh != NULL) 1513 if (dh != NULL)
1246 DH_free(dh); 1514 DH_free(dh);
1247#endif 1515#endif
1516#ifndef OPENSSL_NO_ECDH
1517 BN_CTX_free(bn_ctx);
1518 EC_POINT_free(srvr_ecpoint);
1519 if (ecdh != NULL)
1520 EC_KEY_free(ecdh);
1521#endif
1248 EVP_MD_CTX_cleanup(&md_ctx); 1522 EVP_MD_CTX_cleanup(&md_ctx);
1249 return(-1); 1523 return(-1);
1250 } 1524 }
1251 1525
1252static int ssl3_get_certificate_request(SSL *s) 1526int ssl3_get_certificate_request(SSL *s)
1253 { 1527 {
1254 int ok,ret=0; 1528 int ok,ret=0;
1255 unsigned long n,nc,l; 1529 unsigned long n,nc,l;
1256 unsigned int llen,ctype_num,i; 1530 unsigned int llen,ctype_num,i;
1257 X509_NAME *xn=NULL; 1531 X509_NAME *xn=NULL;
1258 unsigned char *p,*d,*q; 1532 const unsigned char *p,*q;
1533 unsigned char *d;
1259 STACK_OF(X509_NAME) *ca_sk=NULL; 1534 STACK_OF(X509_NAME) *ca_sk=NULL;
1260 1535
1261 n=ssl3_get_message(s, 1536 n=s->method->ssl_get_message(s,
1262 SSL3_ST_CR_CERT_REQ_A, 1537 SSL3_ST_CR_CERT_REQ_A,
1263 SSL3_ST_CR_CERT_REQ_B, 1538 SSL3_ST_CR_CERT_REQ_B,
1264 -1, 1539 -1,
@@ -1294,7 +1569,7 @@ static int ssl3_get_certificate_request(SSL *s)
1294 } 1569 }
1295 } 1570 }
1296 1571
1297 d=p=(unsigned char *)s->init_msg; 1572 p=d=(unsigned char *)s->init_msg;
1298 1573
1299 if ((ca_sk=sk_X509_NAME_new(ca_dn_cmp)) == NULL) 1574 if ((ca_sk=sk_X509_NAME_new(ca_dn_cmp)) == NULL)
1300 { 1575 {
@@ -1395,13 +1670,150 @@ static int ca_dn_cmp(const X509_NAME * const *a, const X509_NAME * const *b)
1395 { 1670 {
1396 return(X509_NAME_cmp(*a,*b)); 1671 return(X509_NAME_cmp(*a,*b));
1397 } 1672 }
1673#ifndef OPENSSL_NO_TLSEXT
1674int ssl3_get_new_session_ticket(SSL *s)
1675 {
1676 int ok,al,ret=0, ticklen;
1677 long n;
1678 const unsigned char *p;
1679 unsigned char *d;
1398 1680
1399static int ssl3_get_server_done(SSL *s) 1681 n=s->method->ssl_get_message(s,
1682 SSL3_ST_CR_SESSION_TICKET_A,
1683 SSL3_ST_CR_SESSION_TICKET_B,
1684 -1,
1685 16384,
1686 &ok);
1687
1688 if (!ok)
1689 return((int)n);
1690
1691 if (s->s3->tmp.message_type == SSL3_MT_FINISHED)
1692 {
1693 s->s3->tmp.reuse_message=1;
1694 return(1);
1695 }
1696 if (s->s3->tmp.message_type != SSL3_MT_NEWSESSION_TICKET)
1697 {
1698 al=SSL_AD_UNEXPECTED_MESSAGE;
1699 SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,SSL_R_BAD_MESSAGE_TYPE);
1700 goto f_err;
1701 }
1702 if (n < 6)
1703 {
1704 /* need at least ticket_lifetime_hint + ticket length */
1705 al = SSL3_AL_FATAL,SSL_AD_DECODE_ERROR;
1706 SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,SSL_R_LENGTH_MISMATCH);
1707 goto f_err;
1708 }
1709 p=d=(unsigned char *)s->init_msg;
1710 n2l(p, s->session->tlsext_tick_lifetime_hint);
1711 n2s(p, ticklen);
1712 /* ticket_lifetime_hint + ticket_length + ticket */
1713 if (ticklen + 6 != n)
1714 {
1715 al = SSL3_AL_FATAL,SSL_AD_DECODE_ERROR;
1716 SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,SSL_R_LENGTH_MISMATCH);
1717 goto f_err;
1718 }
1719 if (s->session->tlsext_tick)
1720 {
1721 OPENSSL_free(s->session->tlsext_tick);
1722 s->session->tlsext_ticklen = 0;
1723 }
1724 s->session->tlsext_tick = OPENSSL_malloc(ticklen);
1725 if (!s->session->tlsext_tick)
1726 {
1727 SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,ERR_R_MALLOC_FAILURE);
1728 goto err;
1729 }
1730 memcpy(s->session->tlsext_tick, p, ticklen);
1731 s->session->tlsext_ticklen = ticklen;
1732
1733 ret=1;
1734 return(ret);
1735f_err:
1736 ssl3_send_alert(s,SSL3_AL_FATAL,al);
1737err:
1738 return(-1);
1739 }
1740
1741int ssl3_get_cert_status(SSL *s)
1742 {
1743 int ok, al;
1744 unsigned long resplen;
1745 long n;
1746 const unsigned char *p;
1747
1748 n=s->method->ssl_get_message(s,
1749 SSL3_ST_CR_CERT_STATUS_A,
1750 SSL3_ST_CR_CERT_STATUS_B,
1751 SSL3_MT_CERTIFICATE_STATUS,
1752 16384,
1753 &ok);
1754
1755 if (!ok) return((int)n);
1756 if (n < 4)
1757 {
1758 /* need at least status type + length */
1759 al = SSL_AD_DECODE_ERROR;
1760 SSLerr(SSL_F_SSL3_GET_CERT_STATUS,SSL_R_LENGTH_MISMATCH);
1761 goto f_err;
1762 }
1763 p = (unsigned char *)s->init_msg;
1764 if (*p++ != TLSEXT_STATUSTYPE_ocsp)
1765 {
1766 al = SSL_AD_DECODE_ERROR;
1767 SSLerr(SSL_F_SSL3_GET_CERT_STATUS,SSL_R_UNSUPPORTED_STATUS_TYPE);
1768 goto f_err;
1769 }
1770 n2l3(p, resplen);
1771 if (resplen + 4 != n)
1772 {
1773 al = SSL_AD_DECODE_ERROR;
1774 SSLerr(SSL_F_SSL3_GET_CERT_STATUS,SSL_R_LENGTH_MISMATCH);
1775 goto f_err;
1776 }
1777 if (s->tlsext_ocsp_resp)
1778 OPENSSL_free(s->tlsext_ocsp_resp);
1779 s->tlsext_ocsp_resp = BUF_memdup(p, resplen);
1780 if (!s->tlsext_ocsp_resp)
1781 {
1782 al = SSL_AD_INTERNAL_ERROR;
1783 SSLerr(SSL_F_SSL3_GET_CERT_STATUS,ERR_R_MALLOC_FAILURE);
1784 goto f_err;
1785 }
1786 s->tlsext_ocsp_resplen = resplen;
1787 if (s->ctx->tlsext_status_cb)
1788 {
1789 int ret;
1790 ret = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg);
1791 if (ret == 0)
1792 {
1793 al = SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE;
1794 SSLerr(SSL_F_SSL3_GET_CERT_STATUS,SSL_R_INVALID_STATUS_RESPONSE);
1795 goto f_err;
1796 }
1797 if (ret < 0)
1798 {
1799 al = SSL_AD_INTERNAL_ERROR;
1800 SSLerr(SSL_F_SSL3_GET_CERT_STATUS,ERR_R_MALLOC_FAILURE);
1801 goto f_err;
1802 }
1803 }
1804 return 1;
1805f_err:
1806 ssl3_send_alert(s,SSL3_AL_FATAL,al);
1807 return(-1);
1808 }
1809#endif
1810
1811int ssl3_get_server_done(SSL *s)
1400 { 1812 {
1401 int ok,ret=0; 1813 int ok,ret=0;
1402 long n; 1814 long n;
1403 1815
1404 n=ssl3_get_message(s, 1816 n=s->method->ssl_get_message(s,
1405 SSL3_ST_CR_SRVR_DONE_A, 1817 SSL3_ST_CR_SRVR_DONE_A,
1406 SSL3_ST_CR_SRVR_DONE_B, 1818 SSL3_ST_CR_SRVR_DONE_B,
1407 SSL3_MT_SERVER_DONE, 1819 SSL3_MT_SERVER_DONE,
@@ -1420,7 +1832,8 @@ static int ssl3_get_server_done(SSL *s)
1420 return(ret); 1832 return(ret);
1421 } 1833 }
1422 1834
1423static int ssl3_send_client_key_exchange(SSL *s) 1835
1836int ssl3_send_client_key_exchange(SSL *s)
1424 { 1837 {
1425 unsigned char *p,*d; 1838 unsigned char *p,*d;
1426 int n; 1839 int n;
@@ -1430,8 +1843,16 @@ static int ssl3_send_client_key_exchange(SSL *s)
1430 EVP_PKEY *pkey=NULL; 1843 EVP_PKEY *pkey=NULL;
1431#endif 1844#endif
1432#ifndef OPENSSL_NO_KRB5 1845#ifndef OPENSSL_NO_KRB5
1433 KSSL_ERR kssl_err; 1846 KSSL_ERR kssl_err;
1434#endif /* OPENSSL_NO_KRB5 */ 1847#endif /* OPENSSL_NO_KRB5 */
1848#ifndef OPENSSL_NO_ECDH
1849 EC_KEY *clnt_ecdh = NULL;
1850 const EC_POINT *srvr_ecpoint = NULL;
1851 EVP_PKEY *srvr_pub_pkey = NULL;
1852 unsigned char *encodedPoint = NULL;
1853 int encoded_pt_len = 0;
1854 BN_CTX * bn_ctx = NULL;
1855#endif
1435 1856
1436 if (s->state == SSL3_ST_CW_KEY_EXCH_A) 1857 if (s->state == SSL3_ST_CW_KEY_EXCH_A)
1437 { 1858 {
@@ -1440,8 +1861,8 @@ static int ssl3_send_client_key_exchange(SSL *s)
1440 1861
1441 l=s->s3->tmp.new_cipher->algorithms; 1862 l=s->s3->tmp.new_cipher->algorithms;
1442 1863
1443 /* Fool emacs indentation */ 1864 /* Fool emacs indentation */
1444 if (0) {} 1865 if (0) {}
1445#ifndef OPENSSL_NO_RSA 1866#ifndef OPENSSL_NO_RSA
1446 else if (l & SSL_kRSA) 1867 else if (l & SSL_kRSA)
1447 { 1868 {
@@ -1503,12 +1924,12 @@ static int ssl3_send_client_key_exchange(SSL *s)
1503#endif 1924#endif
1504#ifndef OPENSSL_NO_KRB5 1925#ifndef OPENSSL_NO_KRB5
1505 else if (l & SSL_kKRB5) 1926 else if (l & SSL_kKRB5)
1506 { 1927 {
1507 krb5_error_code krb5rc; 1928 krb5_error_code krb5rc;
1508 KSSL_CTX *kssl_ctx = s->kssl_ctx; 1929 KSSL_CTX *kssl_ctx = s->kssl_ctx;
1509 /* krb5_data krb5_ap_req; */ 1930 /* krb5_data krb5_ap_req; */
1510 krb5_data *enc_ticket; 1931 krb5_data *enc_ticket;
1511 krb5_data authenticator, *authp = NULL; 1932 krb5_data authenticator, *authp = NULL;
1512 EVP_CIPHER_CTX ciph_ctx; 1933 EVP_CIPHER_CTX ciph_ctx;
1513 EVP_CIPHER *enc = NULL; 1934 EVP_CIPHER *enc = NULL;
1514 unsigned char iv[EVP_MAX_IV_LENGTH]; 1935 unsigned char iv[EVP_MAX_IV_LENGTH];
@@ -1520,8 +1941,8 @@ static int ssl3_send_client_key_exchange(SSL *s)
1520 EVP_CIPHER_CTX_init(&ciph_ctx); 1941 EVP_CIPHER_CTX_init(&ciph_ctx);
1521 1942
1522#ifdef KSSL_DEBUG 1943#ifdef KSSL_DEBUG
1523 printf("ssl3_send_client_key_exchange(%lx & %lx)\n", 1944 printf("ssl3_send_client_key_exchange(%lx & %lx)\n",
1524 l, SSL_kKRB5); 1945 l, SSL_kKRB5);
1525#endif /* KSSL_DEBUG */ 1946#endif /* KSSL_DEBUG */
1526 1947
1527 authp = NULL; 1948 authp = NULL;
@@ -1529,37 +1950,37 @@ static int ssl3_send_client_key_exchange(SSL *s)
1529 if (KRB5SENDAUTH) authp = &authenticator; 1950 if (KRB5SENDAUTH) authp = &authenticator;
1530#endif /* KRB5SENDAUTH */ 1951#endif /* KRB5SENDAUTH */
1531 1952
1532 krb5rc = kssl_cget_tkt(kssl_ctx, &enc_ticket, authp, 1953 krb5rc = kssl_cget_tkt(kssl_ctx, &enc_ticket, authp,
1533 &kssl_err); 1954 &kssl_err);
1534 enc = kssl_map_enc(kssl_ctx->enctype); 1955 enc = kssl_map_enc(kssl_ctx->enctype);
1535 if (enc == NULL) 1956 if (enc == NULL)
1536 goto err; 1957 goto err;
1537#ifdef KSSL_DEBUG 1958#ifdef KSSL_DEBUG
1538 { 1959 {
1539 printf("kssl_cget_tkt rtn %d\n", krb5rc); 1960 printf("kssl_cget_tkt rtn %d\n", krb5rc);
1540 if (krb5rc && kssl_err.text) 1961 if (krb5rc && kssl_err.text)
1541 printf("kssl_cget_tkt kssl_err=%s\n", kssl_err.text); 1962 printf("kssl_cget_tkt kssl_err=%s\n", kssl_err.text);
1542 } 1963 }
1543#endif /* KSSL_DEBUG */ 1964#endif /* KSSL_DEBUG */
1544 1965
1545 if (krb5rc) 1966 if (krb5rc)
1546 { 1967 {
1547 ssl3_send_alert(s,SSL3_AL_FATAL, 1968 ssl3_send_alert(s,SSL3_AL_FATAL,
1548 SSL_AD_HANDSHAKE_FAILURE); 1969 SSL_AD_HANDSHAKE_FAILURE);
1549 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, 1970 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
1550 kssl_err.reason); 1971 kssl_err.reason);
1551 goto err; 1972 goto err;
1552 } 1973 }
1553 1974
1554 /* 20010406 VRS - Earlier versions used KRB5 AP_REQ 1975 /* 20010406 VRS - Earlier versions used KRB5 AP_REQ
1555 ** in place of RFC 2712 KerberosWrapper, as in: 1976 ** in place of RFC 2712 KerberosWrapper, as in:
1556 ** 1977 **
1557 ** Send ticket (copy to *p, set n = length) 1978 ** Send ticket (copy to *p, set n = length)
1558 ** n = krb5_ap_req.length; 1979 ** n = krb5_ap_req.length;
1559 ** memcpy(p, krb5_ap_req.data, krb5_ap_req.length); 1980 ** memcpy(p, krb5_ap_req.data, krb5_ap_req.length);
1560 ** if (krb5_ap_req.data) 1981 ** if (krb5_ap_req.data)
1561 ** kssl_krb5_free_data_contents(NULL,&krb5_ap_req); 1982 ** kssl_krb5_free_data_contents(NULL,&krb5_ap_req);
1562 ** 1983 **
1563 ** Now using real RFC 2712 KerberosWrapper 1984 ** Now using real RFC 2712 KerberosWrapper
1564 ** (Thanks to Simon Wilkinson <sxw@sxw.org.uk>) 1985 ** (Thanks to Simon Wilkinson <sxw@sxw.org.uk>)
1565 ** Note: 2712 "opaque" types are here replaced 1986 ** Note: 2712 "opaque" types are here replaced
@@ -1594,8 +2015,10 @@ static int ssl3_send_client_key_exchange(SSL *s)
1594 n+=2; 2015 n+=2;
1595 } 2016 }
1596 2017
1597 if (RAND_bytes(tmp_buf,sizeof tmp_buf) <= 0) 2018 tmp_buf[0]=s->client_version>>8;
1598 goto err; 2019 tmp_buf[1]=s->client_version&0xff;
2020 if (RAND_bytes(&(tmp_buf[2]),sizeof tmp_buf-2) <= 0)
2021 goto err;
1599 2022
1600 /* 20010420 VRS. Tried it this way; failed. 2023 /* 20010420 VRS. Tried it this way; failed.
1601 ** EVP_EncryptInit_ex(&ciph_ctx,enc, NULL,NULL); 2024 ** EVP_EncryptInit_ex(&ciph_ctx,enc, NULL,NULL);
@@ -1624,20 +2047,27 @@ static int ssl3_send_client_key_exchange(SSL *s)
1624 p+=outl; 2047 p+=outl;
1625 n+=outl + 2; 2048 n+=outl + 2;
1626 2049
1627 s->session->master_key_length= 2050 s->session->master_key_length=
1628 s->method->ssl3_enc->generate_master_secret(s, 2051 s->method->ssl3_enc->generate_master_secret(s,
1629 s->session->master_key, 2052 s->session->master_key,
1630 tmp_buf, sizeof tmp_buf); 2053 tmp_buf, sizeof tmp_buf);
1631 2054
1632 OPENSSL_cleanse(tmp_buf, sizeof tmp_buf); 2055 OPENSSL_cleanse(tmp_buf, sizeof tmp_buf);
1633 OPENSSL_cleanse(epms, outl); 2056 OPENSSL_cleanse(epms, outl);
1634 } 2057 }
1635#endif 2058#endif
1636#ifndef OPENSSL_NO_DH 2059#ifndef OPENSSL_NO_DH
1637 else if (l & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) 2060 else if (l & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
1638 { 2061 {
1639 DH *dh_srvr,*dh_clnt; 2062 DH *dh_srvr,*dh_clnt;
1640 2063
2064 if (s->session->sess_cert == NULL)
2065 {
2066 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE);
2067 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE);
2068 goto err;
2069 }
2070
1641 if (s->session->sess_cert->peer_dh_tmp != NULL) 2071 if (s->session->sess_cert->peer_dh_tmp != NULL)
1642 dh_srvr=s->session->sess_cert->peer_dh_tmp; 2072 dh_srvr=s->session->sess_cert->peer_dh_tmp;
1643 else 2073 else
@@ -1689,10 +2119,198 @@ static int ssl3_send_client_key_exchange(SSL *s)
1689 /* perhaps clean things up a bit EAY EAY EAY EAY*/ 2119 /* perhaps clean things up a bit EAY EAY EAY EAY*/
1690 } 2120 }
1691#endif 2121#endif
2122
2123#ifndef OPENSSL_NO_ECDH
2124 else if ((l & SSL_kECDH) || (l & SSL_kECDHE))
2125 {
2126 const EC_GROUP *srvr_group = NULL;
2127 EC_KEY *tkey;
2128 int ecdh_clnt_cert = 0;
2129 int field_size = 0;
2130
2131 /* Did we send out the client's
2132 * ECDH share for use in premaster
2133 * computation as part of client certificate?
2134 * If so, set ecdh_clnt_cert to 1.
2135 */
2136 if ((l & SSL_kECDH) && (s->cert != NULL))
2137 {
2138 /* XXX: For now, we do not support client
2139 * authentication using ECDH certificates.
2140 * To add such support, one needs to add
2141 * code that checks for appropriate
2142 * conditions and sets ecdh_clnt_cert to 1.
2143 * For example, the cert have an ECC
2144 * key on the same curve as the server's
2145 * and the key should be authorized for
2146 * key agreement.
2147 *
2148 * One also needs to add code in ssl3_connect
2149 * to skip sending the certificate verify
2150 * message.
2151 *
2152 * if ((s->cert->key->privatekey != NULL) &&
2153 * (s->cert->key->privatekey->type ==
2154 * EVP_PKEY_EC) && ...)
2155 * ecdh_clnt_cert = 1;
2156 */
2157 }
2158
2159 if (s->session->sess_cert->peer_ecdh_tmp != NULL)
2160 {
2161 tkey = s->session->sess_cert->peer_ecdh_tmp;
2162 }
2163 else
2164 {
2165 /* Get the Server Public Key from Cert */
2166 srvr_pub_pkey = X509_get_pubkey(s->session-> \
2167 sess_cert->peer_pkeys[SSL_PKEY_ECC].x509);
2168 if ((srvr_pub_pkey == NULL) ||
2169 (srvr_pub_pkey->type != EVP_PKEY_EC) ||
2170 (srvr_pub_pkey->pkey.ec == NULL))
2171 {
2172 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2173 ERR_R_INTERNAL_ERROR);
2174 goto err;
2175 }
2176
2177 tkey = srvr_pub_pkey->pkey.ec;
2178 }
2179
2180 srvr_group = EC_KEY_get0_group(tkey);
2181 srvr_ecpoint = EC_KEY_get0_public_key(tkey);
2182
2183 if ((srvr_group == NULL) || (srvr_ecpoint == NULL))
2184 {
2185 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2186 ERR_R_INTERNAL_ERROR);
2187 goto err;
2188 }
2189
2190 if ((clnt_ecdh=EC_KEY_new()) == NULL)
2191 {
2192 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
2193 goto err;
2194 }
2195
2196 if (!EC_KEY_set_group(clnt_ecdh, srvr_group))
2197 {
2198 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_EC_LIB);
2199 goto err;
2200 }
2201 if (ecdh_clnt_cert)
2202 {
2203 /* Reuse key info from our certificate
2204 * We only need our private key to perform
2205 * the ECDH computation.
2206 */
2207 const BIGNUM *priv_key;
2208 tkey = s->cert->key->privatekey->pkey.ec;
2209 priv_key = EC_KEY_get0_private_key(tkey);
2210 if (priv_key == NULL)
2211 {
2212 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
2213 goto err;
2214 }
2215 if (!EC_KEY_set_private_key(clnt_ecdh, priv_key))
2216 {
2217 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_EC_LIB);
2218 goto err;
2219 }
2220 }
2221 else
2222 {
2223 /* Generate a new ECDH key pair */
2224 if (!(EC_KEY_generate_key(clnt_ecdh)))
2225 {
2226 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_ECDH_LIB);
2227 goto err;
2228 }
2229 }
2230
2231 /* use the 'p' output buffer for the ECDH key, but
2232 * make sure to clear it out afterwards
2233 */
2234
2235 field_size = EC_GROUP_get_degree(srvr_group);
2236 if (field_size <= 0)
2237 {
2238 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2239 ERR_R_ECDH_LIB);
2240 goto err;
2241 }
2242 n=ECDH_compute_key(p, (field_size+7)/8, srvr_ecpoint, clnt_ecdh, NULL);
2243 if (n <= 0)
2244 {
2245 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2246 ERR_R_ECDH_LIB);
2247 goto err;
2248 }
2249
2250 /* generate master key from the result */
2251 s->session->master_key_length = s->method->ssl3_enc \
2252 -> generate_master_secret(s,
2253 s->session->master_key,
2254 p, n);
2255
2256 memset(p, 0, n); /* clean up */
2257
2258 if (ecdh_clnt_cert)
2259 {
2260 /* Send empty client key exch message */
2261 n = 0;
2262 }
2263 else
2264 {
2265 /* First check the size of encoding and
2266 * allocate memory accordingly.
2267 */
2268 encoded_pt_len =
2269 EC_POINT_point2oct(srvr_group,
2270 EC_KEY_get0_public_key(clnt_ecdh),
2271 POINT_CONVERSION_UNCOMPRESSED,
2272 NULL, 0, NULL);
2273
2274 encodedPoint = (unsigned char *)
2275 OPENSSL_malloc(encoded_pt_len *
2276 sizeof(unsigned char));
2277 bn_ctx = BN_CTX_new();
2278 if ((encodedPoint == NULL) ||
2279 (bn_ctx == NULL))
2280 {
2281 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
2282 goto err;
2283 }
2284
2285 /* Encode the public key */
2286 n = EC_POINT_point2oct(srvr_group,
2287 EC_KEY_get0_public_key(clnt_ecdh),
2288 POINT_CONVERSION_UNCOMPRESSED,
2289 encodedPoint, encoded_pt_len, bn_ctx);
2290
2291 *p = n; /* length of encoded point */
2292 /* Encoded point will be copied here */
2293 p += 1;
2294 /* copy the point */
2295 memcpy((unsigned char *)p, encodedPoint, n);
2296 /* increment n to account for length field */
2297 n += 1;
2298 }
2299
2300 /* Free allocated memory */
2301 BN_CTX_free(bn_ctx);
2302 if (encodedPoint != NULL) OPENSSL_free(encodedPoint);
2303 if (clnt_ecdh != NULL)
2304 EC_KEY_free(clnt_ecdh);
2305 EVP_PKEY_free(srvr_pub_pkey);
2306 }
2307#endif /* !OPENSSL_NO_ECDH */
1692 else 2308 else
1693 { 2309 {
1694 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE); 2310 ssl3_send_alert(s, SSL3_AL_FATAL,
1695 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR); 2311 SSL_AD_HANDSHAKE_FAILURE);
2312 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2313 ERR_R_INTERNAL_ERROR);
1696 goto err; 2314 goto err;
1697 } 2315 }
1698 2316
@@ -1708,10 +2326,17 @@ static int ssl3_send_client_key_exchange(SSL *s)
1708 /* SSL3_ST_CW_KEY_EXCH_B */ 2326 /* SSL3_ST_CW_KEY_EXCH_B */
1709 return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); 2327 return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
1710err: 2328err:
2329#ifndef OPENSSL_NO_ECDH
2330 BN_CTX_free(bn_ctx);
2331 if (encodedPoint != NULL) OPENSSL_free(encodedPoint);
2332 if (clnt_ecdh != NULL)
2333 EC_KEY_free(clnt_ecdh);
2334 EVP_PKEY_free(srvr_pub_pkey);
2335#endif
1711 return(-1); 2336 return(-1);
1712 } 2337 }
1713 2338
1714static int ssl3_send_client_verify(SSL *s) 2339int ssl3_send_client_verify(SSL *s)
1715 { 2340 {
1716 unsigned char *p,*d; 2341 unsigned char *p,*d;
1717 unsigned char data[MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH]; 2342 unsigned char data[MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH];
@@ -1720,7 +2345,7 @@ static int ssl3_send_client_verify(SSL *s)
1720 unsigned u=0; 2345 unsigned u=0;
1721#endif 2346#endif
1722 unsigned long n; 2347 unsigned long n;
1723#ifndef OPENSSL_NO_DSA 2348#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECDSA)
1724 int j; 2349 int j;
1725#endif 2350#endif
1726 2351
@@ -1766,6 +2391,23 @@ static int ssl3_send_client_verify(SSL *s)
1766 } 2391 }
1767 else 2392 else
1768#endif 2393#endif
2394#ifndef OPENSSL_NO_ECDSA
2395 if (pkey->type == EVP_PKEY_EC)
2396 {
2397 if (!ECDSA_sign(pkey->save_type,
2398 &(data[MD5_DIGEST_LENGTH]),
2399 SHA_DIGEST_LENGTH,&(p[2]),
2400 (unsigned int *)&j,pkey->pkey.ec))
2401 {
2402 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,
2403 ERR_R_ECDSA_LIB);
2404 goto err;
2405 }
2406 s2n(j,p);
2407 n=j+2;
2408 }
2409 else
2410#endif
1769 { 2411 {
1770 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,ERR_R_INTERNAL_ERROR); 2412 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,ERR_R_INTERNAL_ERROR);
1771 goto err; 2413 goto err;
@@ -1782,7 +2424,7 @@ err:
1782 return(-1); 2424 return(-1);
1783 } 2425 }
1784 2426
1785static int ssl3_send_client_certificate(SSL *s) 2427int ssl3_send_client_certificate(SSL *s)
1786 { 2428 {
1787 X509 *x509=NULL; 2429 X509 *x509=NULL;
1788 EVP_PKEY *pkey=NULL; 2430 EVP_PKEY *pkey=NULL;
@@ -1861,7 +2503,7 @@ static int ssl3_send_client_certificate(SSL *s)
1861 2503
1862#define has_bits(i,m) (((i)&(m)) == (m)) 2504#define has_bits(i,m) (((i)&(m)) == (m))
1863 2505
1864static int ssl3_check_cert_and_algorithm(SSL *s) 2506int ssl3_check_cert_and_algorithm(SSL *s)
1865 { 2507 {
1866 int i,idx; 2508 int i,idx;
1867 long algs; 2509 long algs;
@@ -1876,18 +2518,18 @@ static int ssl3_check_cert_and_algorithm(SSL *s)
1876 2518
1877 sc=s->session->sess_cert; 2519 sc=s->session->sess_cert;
1878 2520
1879 if (sc == NULL)
1880 {
1881 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,ERR_R_INTERNAL_ERROR);
1882 goto err;
1883 }
1884
1885 algs=s->s3->tmp.new_cipher->algorithms; 2521 algs=s->s3->tmp.new_cipher->algorithms;
1886 2522
1887 /* we don't have a certificate */ 2523 /* we don't have a certificate */
1888 if (algs & (SSL_aDH|SSL_aNULL|SSL_aKRB5)) 2524 if (algs & (SSL_aDH|SSL_aNULL|SSL_aKRB5))
1889 return(1); 2525 return(1);
1890 2526
2527 if (sc == NULL)
2528 {
2529 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,ERR_R_INTERNAL_ERROR);
2530 goto err;
2531 }
2532
1891#ifndef OPENSSL_NO_RSA 2533#ifndef OPENSSL_NO_RSA
1892 rsa=s->session->sess_cert->peer_rsa_tmp; 2534 rsa=s->session->sess_cert->peer_rsa_tmp;
1893#endif 2535#endif
@@ -1898,6 +2540,21 @@ static int ssl3_check_cert_and_algorithm(SSL *s)
1898 /* This is the passed certificate */ 2540 /* This is the passed certificate */
1899 2541
1900 idx=sc->peer_cert_type; 2542 idx=sc->peer_cert_type;
2543#ifndef OPENSSL_NO_ECDH
2544 if (idx == SSL_PKEY_ECC)
2545 {
2546 if (check_srvr_ecc_cert_and_alg(sc->peer_pkeys[idx].x509,
2547 s->s3->tmp.new_cipher) == 0)
2548 { /* check failed */
2549 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_BAD_ECC_CERT);
2550 goto f_err;
2551 }
2552 else
2553 {
2554 return 1;
2555 }
2556 }
2557#endif
1901 pkey=X509_get_pubkey(sc->peer_pkeys[idx].x509); 2558 pkey=X509_get_pubkey(sc->peer_pkeys[idx].x509);
1902 i=X509_certificate_type(sc->peer_pkeys[idx].x509,pkey); 2559 i=X509_certificate_type(sc->peer_pkeys[idx].x509,pkey);
1903 EVP_PKEY_free(pkey); 2560 EVP_PKEY_free(pkey);
@@ -1983,3 +2640,79 @@ err:
1983 return(0); 2640 return(0);
1984 } 2641 }
1985 2642
2643
2644#ifndef OPENSSL_NO_ECDH
2645/* This is the complement of nid2curve_id in s3_srvr.c. */
2646static int curve_id2nid(int curve_id)
2647{
2648 /* ECC curves from draft-ietf-tls-ecc-01.txt (Mar 15, 2001)
2649 * (no changes in draft-ietf-tls-ecc-03.txt [June 2003]) */
2650 static int nid_list[26] =
2651 {
2652 0,
2653 NID_sect163k1, /* sect163k1 (1) */
2654 NID_sect163r1, /* sect163r1 (2) */
2655 NID_sect163r2, /* sect163r2 (3) */
2656 NID_sect193r1, /* sect193r1 (4) */
2657 NID_sect193r2, /* sect193r2 (5) */
2658 NID_sect233k1, /* sect233k1 (6) */
2659 NID_sect233r1, /* sect233r1 (7) */
2660 NID_sect239k1, /* sect239k1 (8) */
2661 NID_sect283k1, /* sect283k1 (9) */
2662 NID_sect283r1, /* sect283r1 (10) */
2663 NID_sect409k1, /* sect409k1 (11) */
2664 NID_sect409r1, /* sect409r1 (12) */
2665 NID_sect571k1, /* sect571k1 (13) */
2666 NID_sect571r1, /* sect571r1 (14) */
2667 NID_secp160k1, /* secp160k1 (15) */
2668 NID_secp160r1, /* secp160r1 (16) */
2669 NID_secp160r2, /* secp160r2 (17) */
2670 NID_secp192k1, /* secp192k1 (18) */
2671 NID_X9_62_prime192v1, /* secp192r1 (19) */
2672 NID_secp224k1, /* secp224k1 (20) */
2673 NID_secp224r1, /* secp224r1 (21) */
2674 NID_secp256k1, /* secp256k1 (22) */
2675 NID_X9_62_prime256v1, /* secp256r1 (23) */
2676 NID_secp384r1, /* secp384r1 (24) */
2677 NID_secp521r1 /* secp521r1 (25) */
2678 };
2679
2680 if ((curve_id < 1) || (curve_id > 25)) return 0;
2681
2682 return nid_list[curve_id];
2683}
2684#endif
2685
2686/* Check to see if handshake is full or resumed. Usually this is just a
2687 * case of checking to see if a cache hit has occurred. In the case of
2688 * session tickets we have to check the next message to be sure.
2689 */
2690
2691#ifndef OPENSSL_NO_TLSEXT
2692static int ssl3_check_finished(SSL *s)
2693 {
2694 int ok;
2695 long n;
2696 /* If we have no ticket or session ID is non-zero length (a match of
2697 * a non-zero session length would never reach here) it cannot be a
2698 * resumed session.
2699 */
2700 if (!s->session->tlsext_tick || s->session->session_id_length)
2701 return 1;
2702 /* this function is called when we really expect a Certificate
2703 * message, so permit appropriate message length */
2704 n=s->method->ssl_get_message(s,
2705 SSL3_ST_CR_CERT_A,
2706 SSL3_ST_CR_CERT_B,
2707 -1,
2708 s->max_cert_list,
2709 &ok);
2710 if (!ok) return((int)n);
2711 s->s3->tmp.reuse_message = 1;
2712 if ((s->s3->tmp.message_type == SSL3_MT_FINISHED)
2713 || (s->s3->tmp.message_type == SSL3_MT_NEWSESSION_TICKET))
2714 return 2;
2715
2716 return 1;
2717 }
2718#endif
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-26 22:35:56 +0000