diff options
Diffstat (limited to '')
| -rw-r--r-- | src/lib/libssl/s3_srvr.c | 336 |
1 files changed, 172 insertions, 164 deletions
diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c index 64903af151..e003d88357 100644 --- a/src/lib/libssl/s3_srvr.c +++ b/src/lib/libssl/s3_srvr.c | |||
| @@ -59,22 +59,16 @@ | |||
| 59 | #define REUSE_CIPHER_BUG | 59 | #define REUSE_CIPHER_BUG |
| 60 | 60 | ||
| 61 | #include <stdio.h> | 61 | #include <stdio.h> |
| 62 | #include "buffer.h" | 62 | #include <openssl/buffer.h> |
| 63 | #include "rand.h" | 63 | #include <openssl/rand.h> |
| 64 | #include "objects.h" | 64 | #include <openssl/objects.h> |
| 65 | #include "evp.h" | 65 | #include <openssl/md5.h> |
| 66 | #include "x509.h" | 66 | #include <openssl/sha.h> |
| 67 | #include <openssl/evp.h> | ||
| 68 | #include <openssl/x509.h> | ||
| 67 | #include "ssl_locl.h" | 69 | #include "ssl_locl.h" |
| 68 | 70 | ||
| 69 | #define BREAK break | 71 | static SSL_METHOD *ssl3_get_server_method(int ver); |
| 70 | /* SSLerr(SSL_F_SSL3_ACCEPT,ERR_R_MALLOC_FAILURE); | ||
| 71 | * SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,ERR_R_MALLOC_FAILURE); | ||
| 72 | * SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE); | ||
| 73 | * SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,ERR_R_MALLOC_FAILURE); | ||
| 74 | * SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,ERR_R_MALLOC_FAILURE); | ||
| 75 | */ | ||
| 76 | |||
| 77 | #ifndef NOPROTO | ||
| 78 | static int ssl3_get_client_hello(SSL *s); | 72 | static int ssl3_get_client_hello(SSL *s); |
| 79 | static int ssl3_send_server_hello(SSL *s); | 73 | static int ssl3_send_server_hello(SSL *s); |
| 80 | static int ssl3_send_server_key_exchange(SSL *s); | 74 | static int ssl3_send_server_key_exchange(SSL *s); |
| @@ -85,22 +79,7 @@ static int ssl3_get_client_key_exchange(SSL *s); | |||
| 85 | static int ssl3_get_client_certificate(SSL *s); | 79 | static int ssl3_get_client_certificate(SSL *s); |
| 86 | static int ssl3_send_hello_request(SSL *s); | 80 | static int ssl3_send_hello_request(SSL *s); |
| 87 | 81 | ||
| 88 | #else | 82 | static SSL_METHOD *ssl3_get_server_method(int ver) |
| 89 | |||
| 90 | static int ssl3_get_client_hello(); | ||
| 91 | static int ssl3_send_server_hello(); | ||
| 92 | static int ssl3_send_server_key_exchange(); | ||
| 93 | static int ssl3_send_certificate_request(); | ||
| 94 | static int ssl3_send_server_done(); | ||
| 95 | static int ssl3_get_cert_verify(); | ||
| 96 | static int ssl3_get_client_key_exchange(); | ||
| 97 | static int ssl3_get_client_certificate(); | ||
| 98 | static int ssl3_send_hello_request(); | ||
| 99 | |||
| 100 | #endif | ||
| 101 | |||
| 102 | static SSL_METHOD *ssl3_get_server_method(ver) | ||
| 103 | int ver; | ||
| 104 | { | 83 | { |
| 105 | if (ver == SSL3_VERSION) | 84 | if (ver == SSL3_VERSION) |
| 106 | return(SSLv3_server_method()); | 85 | return(SSLv3_server_method()); |
| @@ -108,35 +87,32 @@ int ver; | |||
| 108 | return(NULL); | 87 | return(NULL); |
| 109 | } | 88 | } |
| 110 | 89 | ||
| 111 | SSL_METHOD *SSLv3_server_method() | 90 | SSL_METHOD *SSLv3_server_method(void) |
| 112 | { | 91 | { |
| 113 | static int init=1; | 92 | static int init=1; |
| 114 | static SSL_METHOD SSLv3_server_data; | 93 | static SSL_METHOD SSLv3_server_data; |
| 115 | 94 | ||
| 116 | if (init) | 95 | if (init) |
| 117 | { | 96 | { |
| 118 | init=0; | ||
| 119 | memcpy((char *)&SSLv3_server_data,(char *)sslv3_base_method(), | 97 | memcpy((char *)&SSLv3_server_data,(char *)sslv3_base_method(), |
| 120 | sizeof(SSL_METHOD)); | 98 | sizeof(SSL_METHOD)); |
| 121 | SSLv3_server_data.ssl_accept=ssl3_accept; | 99 | SSLv3_server_data.ssl_accept=ssl3_accept; |
| 122 | SSLv3_server_data.get_ssl_method=ssl3_get_server_method; | 100 | SSLv3_server_data.get_ssl_method=ssl3_get_server_method; |
| 101 | init=0; | ||
| 123 | } | 102 | } |
| 124 | return(&SSLv3_server_data); | 103 | return(&SSLv3_server_data); |
| 125 | } | 104 | } |
| 126 | 105 | ||
| 127 | int ssl3_accept(s) | 106 | int ssl3_accept(SSL *s) |
| 128 | SSL *s; | ||
| 129 | { | 107 | { |
| 130 | BUF_MEM *buf; | 108 | BUF_MEM *buf; |
| 131 | unsigned long l,Time=time(NULL); | 109 | unsigned long l,Time=time(NULL); |
| 132 | void (*cb)()=NULL; | 110 | void (*cb)()=NULL; |
| 133 | long num1; | 111 | long num1; |
| 134 | int ret= -1; | 112 | int ret= -1; |
| 135 | CERT *ct; | ||
| 136 | BIO *under; | ||
| 137 | int new_state,state,skip=0; | 113 | int new_state,state,skip=0; |
| 138 | 114 | ||
| 139 | RAND_seed((unsigned char *)&Time,sizeof(Time)); | 115 | RAND_seed(&Time,sizeof(Time)); |
| 140 | ERR_clear_error(); | 116 | ERR_clear_error(); |
| 141 | clear_sys_error(); | 117 | clear_sys_error(); |
| 142 | 118 | ||
| @@ -149,17 +125,11 @@ SSL *s; | |||
| 149 | if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); | 125 | if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); |
| 150 | s->in_handshake++; | 126 | s->in_handshake++; |
| 151 | 127 | ||
| 152 | #ifdef undef | 128 | if (s->cert == NULL) |
| 153 | /* FIX THIS EAY EAY EAY */ | ||
| 154 | /* we don't actually need a cert, we just need a cert or a DH_tmp */ | ||
| 155 | if (((s->session == NULL) || (s->session->cert == NULL)) && | ||
| 156 | (s->cert == NULL)) | ||
| 157 | { | 129 | { |
| 158 | SSLerr(SSL_F_SSL3_ACCEPT,SSL_R_NO_CERTIFICATE_SET); | 130 | SSLerr(SSL_F_SSL3_ACCEPT,SSL_R_NO_CERTIFICATE_SET); |
| 159 | ret= -1; | 131 | return(-1); |
| 160 | goto end; | ||
| 161 | } | 132 | } |
| 162 | #endif | ||
| 163 | 133 | ||
| 164 | for (;;) | 134 | for (;;) |
| 165 | { | 135 | { |
| @@ -176,6 +146,7 @@ SSL *s; | |||
| 176 | case SSL_ST_BEFORE|SSL_ST_ACCEPT: | 146 | case SSL_ST_BEFORE|SSL_ST_ACCEPT: |
| 177 | case SSL_ST_OK|SSL_ST_ACCEPT: | 147 | case SSL_ST_OK|SSL_ST_ACCEPT: |
| 178 | 148 | ||
| 149 | s->server=1; | ||
| 179 | if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1); | 150 | if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1); |
| 180 | 151 | ||
| 181 | if ((s->version>>8) != 3) | 152 | if ((s->version>>8) != 3) |
| @@ -215,11 +186,11 @@ SSL *s; | |||
| 215 | { | 186 | { |
| 216 | s->state=SSL3_ST_SR_CLNT_HELLO_A; | 187 | s->state=SSL3_ST_SR_CLNT_HELLO_A; |
| 217 | ssl3_init_finished_mac(s); | 188 | ssl3_init_finished_mac(s); |
| 218 | s->ctx->sess_accept++; | 189 | s->ctx->stats.sess_accept++; |
| 219 | } | 190 | } |
| 220 | else | 191 | else |
| 221 | { | 192 | { |
| 222 | s->ctx->sess_accept_renegotiate++; | 193 | s->ctx->stats.sess_accept_renegotiate++; |
| 223 | s->state=SSL3_ST_SW_HELLO_REQ_A; | 194 | s->state=SSL3_ST_SW_HELLO_REQ_A; |
| 224 | } | 195 | } |
| 225 | break; | 196 | break; |
| @@ -238,15 +209,6 @@ SSL *s; | |||
| 238 | break; | 209 | break; |
| 239 | 210 | ||
| 240 | case SSL3_ST_SW_HELLO_REQ_C: | 211 | case SSL3_ST_SW_HELLO_REQ_C: |
| 241 | /* remove buffering on output */ | ||
| 242 | under=BIO_pop(s->wbio); | ||
| 243 | if (under != NULL) | ||
| 244 | s->wbio=under; | ||
| 245 | else | ||
| 246 | abort(); /* ok */ | ||
| 247 | BIO_free(s->bbio); | ||
| 248 | s->bbio=NULL; | ||
| 249 | |||
| 250 | s->state=SSL_ST_OK; | 212 | s->state=SSL_ST_OK; |
| 251 | ret=1; | 213 | ret=1; |
| 252 | goto end; | 214 | goto end; |
| @@ -292,20 +254,6 @@ SSL *s; | |||
| 292 | case SSL3_ST_SW_KEY_EXCH_A: | 254 | case SSL3_ST_SW_KEY_EXCH_A: |
| 293 | case SSL3_ST_SW_KEY_EXCH_B: | 255 | case SSL3_ST_SW_KEY_EXCH_B: |
| 294 | l=s->s3->tmp.new_cipher->algorithms; | 256 | l=s->s3->tmp.new_cipher->algorithms; |
| 295 | if (s->session->cert == NULL) | ||
| 296 | { | ||
| 297 | if (s->cert != NULL) | ||
| 298 | { | ||
| 299 | CRYPTO_add(&s->cert->references,1,CRYPTO_LOCK_SSL_CERT); | ||
| 300 | s->session->cert=s->cert; | ||
| 301 | } | ||
| 302 | else | ||
| 303 | { | ||
| 304 | CRYPTO_add(&s->ctx->default_cert->references,1,CRYPTO_LOCK_SSL_CERT); | ||
| 305 | s->session->cert=s->ctx->default_cert; | ||
| 306 | } | ||
| 307 | } | ||
| 308 | ct=s->session->cert; | ||
| 309 | 257 | ||
| 310 | /* clear this, it may get reset by | 258 | /* clear this, it may get reset by |
| 311 | * send_server_key_exchange */ | 259 | * send_server_key_exchange */ |
| @@ -316,16 +264,16 @@ SSL *s; | |||
| 316 | 264 | ||
| 317 | /* only send if a DH key exchange, fortezza or | 265 | /* only send if a DH key exchange, fortezza or |
| 318 | * RSA but we have a sign only certificate */ | 266 | * RSA but we have a sign only certificate */ |
| 319 | if ( s->s3->tmp.use_rsa_tmp || | 267 | if (s->s3->tmp.use_rsa_tmp |
| 320 | (l & (SSL_DH|SSL_kFZA)) || | 268 | || (l & (SSL_DH|SSL_kFZA)) |
| 321 | ((l & SSL_kRSA) && | 269 | || ((l & SSL_kRSA) |
| 322 | ((ct->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL)|| | 270 | && (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL |
| 323 | ((l & SSL_EXPORT) && | 271 | || (SSL_IS_EXPORT(l) |
| 324 | (EVP_PKEY_size(ct->pkeys[SSL_PKEY_RSA_ENC].privatekey)*8 > 512) | 272 | && EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey)*8 > SSL_EXPORT_PKEYLENGTH(l) |
| 325 | ) | 273 | ) |
| 326 | ) | 274 | ) |
| 275 | ) | ||
| 327 | ) | 276 | ) |
| 328 | ) | ||
| 329 | { | 277 | { |
| 330 | ret=ssl3_send_server_key_exchange(s); | 278 | ret=ssl3_send_server_key_exchange(s); |
| 331 | if (ret <= 0) goto end; | 279 | if (ret <= 0) goto end; |
| @@ -478,20 +426,14 @@ SSL *s; | |||
| 478 | s->init_buf=NULL; | 426 | s->init_buf=NULL; |
| 479 | 427 | ||
| 480 | /* remove buffering on output */ | 428 | /* remove buffering on output */ |
| 481 | under=BIO_pop(s->wbio); | 429 | ssl_free_wbio_buffer(s); |
| 482 | if (under != NULL) | ||
| 483 | s->wbio=under; | ||
| 484 | else | ||
| 485 | abort(); /* ok */ | ||
| 486 | BIO_free(s->bbio); | ||
| 487 | s->bbio=NULL; | ||
| 488 | 430 | ||
| 489 | s->new_session=0; | 431 | s->new_session=0; |
| 490 | s->init_num=0; | 432 | s->init_num=0; |
| 491 | 433 | ||
| 492 | ssl_update_cache(s,SSL_SESS_CACHE_SERVER); | 434 | ssl_update_cache(s,SSL_SESS_CACHE_SERVER); |
| 493 | 435 | ||
| 494 | s->ctx->sess_accept_good++; | 436 | s->ctx->stats.sess_accept_good++; |
| 495 | /* s->server=1; */ | 437 | /* s->server=1; */ |
| 496 | s->handshake_func=ssl3_accept; | 438 | s->handshake_func=ssl3_accept; |
| 497 | ret=1; | 439 | ret=1; |
| @@ -536,8 +478,7 @@ end: | |||
| 536 | return(ret); | 478 | return(ret); |
| 537 | } | 479 | } |
| 538 | 480 | ||
| 539 | static int ssl3_send_hello_request(s) | 481 | static int ssl3_send_hello_request(SSL *s) |
| 540 | SSL *s; | ||
| 541 | { | 482 | { |
| 542 | unsigned char *p; | 483 | unsigned char *p; |
| 543 | 484 | ||
| @@ -559,15 +500,15 @@ SSL *s; | |||
| 559 | return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); | 500 | return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); |
| 560 | } | 501 | } |
| 561 | 502 | ||
| 562 | static int ssl3_get_client_hello(s) | 503 | static int ssl3_get_client_hello(SSL *s) |
| 563 | SSL *s; | ||
| 564 | { | 504 | { |
| 565 | int i,j,ok,al,ret= -1; | 505 | int i,j,ok,al,ret= -1; |
| 566 | long n; | 506 | long n; |
| 567 | unsigned long id; | 507 | unsigned long id; |
| 568 | unsigned char *p,*d; | 508 | unsigned char *p,*d,*q; |
| 569 | SSL_CIPHER *c; | 509 | SSL_CIPHER *c; |
| 570 | STACK *ciphers=NULL; | 510 | SSL_COMP *comp=NULL; |
| 511 | STACK_OF(SSL_CIPHER) *ciphers=NULL; | ||
| 571 | 512 | ||
| 572 | /* We do this so that we will respond with our native type. | 513 | /* We do this so that we will respond with our native type. |
| 573 | * If we are TLSv1 and we get SSLv3, we will respond with TLSv1, | 514 | * If we are TLSv1 and we get SSLv3, we will respond with TLSv1, |
| @@ -593,6 +534,7 @@ SSL *s; | |||
| 593 | /* The version number has already been checked in ssl3_get_message. | 534 | /* The version number has already been checked in ssl3_get_message. |
| 594 | * I a native TLSv1/SSLv3 method, the match must be correct except | 535 | * I a native TLSv1/SSLv3 method, the match must be correct except |
| 595 | * perhaps for the first message */ | 536 | * perhaps for the first message */ |
| 537 | /* s->client_version=(((int)p[0])<<8)|(int)p[1]; */ | ||
| 596 | p+=2; | 538 | p+=2; |
| 597 | 539 | ||
| 598 | /* load the client random */ | 540 | /* load the client random */ |
| @@ -615,7 +557,9 @@ SSL *s; | |||
| 615 | { /* previous session */ | 557 | { /* previous session */ |
| 616 | s->hit=1; | 558 | s->hit=1; |
| 617 | } | 559 | } |
| 618 | else | 560 | else if (i == -1) |
| 561 | goto err; | ||
| 562 | else /* i == 0 */ | ||
| 619 | { | 563 | { |
| 620 | if (!ssl_get_new_session(s,1)) | 564 | if (!ssl_get_new_session(s,1)) |
| 621 | goto err; | 565 | goto err; |
| @@ -651,9 +595,16 @@ SSL *s; | |||
| 651 | j=0; | 595 | j=0; |
| 652 | id=s->session->cipher->id; | 596 | id=s->session->cipher->id; |
| 653 | 597 | ||
| 654 | for (i=0; i<sk_num(ciphers); i++) | 598 | #ifdef CIPHER_DEBUG |
| 599 | printf("client sent %d ciphers\n",sk_num(ciphers)); | ||
| 600 | #endif | ||
| 601 | for (i=0; i<sk_SSL_CIPHER_num(ciphers); i++) | ||
| 655 | { | 602 | { |
| 656 | c=(SSL_CIPHER *)sk_value(ciphers,i); | 603 | c=sk_SSL_CIPHER_value(ciphers,i); |
| 604 | #ifdef CIPHER_DEBUG | ||
| 605 | printf("client [%2d of %2d]:%s\n", | ||
| 606 | i,sk_num(ciphers),SSL_CIPHER_get_name(c)); | ||
| 607 | #endif | ||
| 657 | if (c->id == id) | 608 | if (c->id == id) |
| 658 | { | 609 | { |
| 659 | j=1; | 610 | j=1; |
| @@ -662,11 +613,11 @@ SSL *s; | |||
| 662 | } | 613 | } |
| 663 | if (j == 0) | 614 | if (j == 0) |
| 664 | { | 615 | { |
| 665 | if ((s->options & SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG) && (sk_num(ciphers) == 1)) | 616 | if ((s->options & SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG) && (sk_SSL_CIPHER_num(ciphers) == 1)) |
| 666 | { | 617 | { |
| 667 | /* Very bad for multi-threading.... */ | 618 | /* Very bad for multi-threading.... */ |
| 668 | s->session->cipher= | 619 | s->session->cipher=sk_SSL_CIPHER_value(ciphers, |
| 669 | (SSL_CIPHER *)sk_value(ciphers,0); | 620 | 0); |
| 670 | } | 621 | } |
| 671 | else | 622 | else |
| 672 | { | 623 | { |
| @@ -681,8 +632,11 @@ SSL *s; | |||
| 681 | 632 | ||
| 682 | /* compression */ | 633 | /* compression */ |
| 683 | i= *(p++); | 634 | i= *(p++); |
| 635 | q=p; | ||
| 684 | for (j=0; j<i; j++) | 636 | for (j=0; j<i; j++) |
| 637 | { | ||
| 685 | if (p[j] == 0) break; | 638 | if (p[j] == 0) break; |
| 639 | } | ||
| 686 | 640 | ||
| 687 | p+=i; | 641 | p+=i; |
| 688 | if (j >= i) | 642 | if (j >= i) |
| @@ -693,6 +647,35 @@ SSL *s; | |||
| 693 | goto f_err; | 647 | goto f_err; |
| 694 | } | 648 | } |
| 695 | 649 | ||
| 650 | /* Worst case, we will use the NULL compression, but if we have other | ||
| 651 | * options, we will now look for them. We have i-1 compression | ||
| 652 | * algorithms from the client, starting at q. */ | ||
| 653 | s->s3->tmp.new_compression=NULL; | ||
| 654 | if (s->ctx->comp_methods != NULL) | ||
| 655 | { /* See if we have a match */ | ||
| 656 | int m,nn,o,v,done=0; | ||
| 657 | |||
| 658 | nn=sk_SSL_COMP_num(s->ctx->comp_methods); | ||
| 659 | for (m=0; m<nn; m++) | ||
| 660 | { | ||
| 661 | comp=sk_SSL_COMP_value(s->ctx->comp_methods,m); | ||
| 662 | v=comp->id; | ||
| 663 | for (o=0; o<i; o++) | ||
| 664 | { | ||
| 665 | if (v == q[o]) | ||
| 666 | { | ||
| 667 | done=1; | ||
| 668 | break; | ||
| 669 | } | ||
| 670 | } | ||
| 671 | if (done) break; | ||
| 672 | } | ||
| 673 | if (done) | ||
| 674 | s->s3->tmp.new_compression=comp; | ||
| 675 | else | ||
| 676 | comp=NULL; | ||
| 677 | } | ||
| 678 | |||
| 696 | /* TLS does not mind if there is extra stuff */ | 679 | /* TLS does not mind if there is extra stuff */ |
| 697 | if (s->version == SSL3_VERSION) | 680 | if (s->version == SSL3_VERSION) |
| 698 | { | 681 | { |
| @@ -706,15 +689,14 @@ SSL *s; | |||
| 706 | } | 689 | } |
| 707 | } | 690 | } |
| 708 | 691 | ||
| 709 | /* do nothing with compression */ | ||
| 710 | |||
| 711 | /* Given s->session->ciphers and ssl_get_ciphers_by_id(s), we must | 692 | /* Given s->session->ciphers and ssl_get_ciphers_by_id(s), we must |
| 712 | * pick a cipher */ | 693 | * pick a cipher */ |
| 713 | 694 | ||
| 714 | if (!s->hit) | 695 | if (!s->hit) |
| 715 | { | 696 | { |
| 697 | s->session->compress_meth=(comp == NULL)?0:comp->id; | ||
| 716 | if (s->session->ciphers != NULL) | 698 | if (s->session->ciphers != NULL) |
| 717 | sk_free(s->session->ciphers); | 699 | sk_SSL_CIPHER_free(s->session->ciphers); |
| 718 | s->session->ciphers=ciphers; | 700 | s->session->ciphers=ciphers; |
| 719 | if (ciphers == NULL) | 701 | if (ciphers == NULL) |
| 720 | { | 702 | { |
| @@ -724,7 +706,7 @@ SSL *s; | |||
| 724 | } | 706 | } |
| 725 | ciphers=NULL; | 707 | ciphers=NULL; |
| 726 | c=ssl3_choose_cipher(s,s->session->ciphers, | 708 | c=ssl3_choose_cipher(s,s->session->ciphers, |
| 727 | ssl_get_ciphers_by_id(s)); | 709 | ssl_get_ciphers_by_id(s)); |
| 728 | 710 | ||
| 729 | if (c == NULL) | 711 | if (c == NULL) |
| 730 | { | 712 | { |
| @@ -738,19 +720,19 @@ SSL *s; | |||
| 738 | { | 720 | { |
| 739 | /* Session-id reuse */ | 721 | /* Session-id reuse */ |
| 740 | #ifdef REUSE_CIPHER_BUG | 722 | #ifdef REUSE_CIPHER_BUG |
| 741 | STACK *sk; | 723 | STACK_OF(SSL_CIPHER) *sk; |
| 742 | SSL_CIPHER *nc=NULL; | 724 | SSL_CIPHER *nc=NULL; |
| 743 | SSL_CIPHER *ec=NULL; | 725 | SSL_CIPHER *ec=NULL; |
| 744 | 726 | ||
| 745 | if (s->options & SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG) | 727 | if (s->options & SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG) |
| 746 | { | 728 | { |
| 747 | sk=s->session->ciphers; | 729 | sk=s->session->ciphers; |
| 748 | for (i=0; i<sk_num(sk); i++) | 730 | for (i=0; i<sk_SSL_CIPHER_num(sk); i++) |
| 749 | { | 731 | { |
| 750 | c=(SSL_CIPHER *)sk_value(sk,i); | 732 | c=sk_SSL_CIPHER_value(sk,i); |
| 751 | if (c->algorithms & SSL_eNULL) | 733 | if (c->algorithms & SSL_eNULL) |
| 752 | nc=c; | 734 | nc=c; |
| 753 | if (c->algorithms & SSL_EXP) | 735 | if (SSL_C_IS_EXPORT(c)) |
| 754 | ec=c; | 736 | ec=c; |
| 755 | } | 737 | } |
| 756 | if (nc != NULL) | 738 | if (nc != NULL) |
| @@ -783,12 +765,11 @@ f_err: | |||
| 783 | ssl3_send_alert(s,SSL3_AL_FATAL,al); | 765 | ssl3_send_alert(s,SSL3_AL_FATAL,al); |
| 784 | } | 766 | } |
| 785 | err: | 767 | err: |
| 786 | if (ciphers != NULL) sk_free(ciphers); | 768 | if (ciphers != NULL) sk_SSL_CIPHER_free(ciphers); |
| 787 | return(ret); | 769 | return(ret); |
| 788 | } | 770 | } |
| 789 | 771 | ||
| 790 | static int ssl3_send_server_hello(s) | 772 | static int ssl3_send_server_hello(SSL *s) |
| 791 | SSL *s; | ||
| 792 | { | 773 | { |
| 793 | unsigned char *buf; | 774 | unsigned char *buf; |
| 794 | unsigned char *p,*d; | 775 | unsigned char *p,*d; |
| @@ -833,7 +814,10 @@ SSL *s; | |||
| 833 | p+=i; | 814 | p+=i; |
| 834 | 815 | ||
| 835 | /* put the compression method */ | 816 | /* put the compression method */ |
| 836 | *(p++)=0; | 817 | if (s->s3->tmp.new_compression == NULL) |
| 818 | *(p++)=0; | ||
| 819 | else | ||
| 820 | *(p++)=s->s3->tmp.new_compression->id; | ||
| 837 | 821 | ||
| 838 | /* do the header */ | 822 | /* do the header */ |
| 839 | l=(p-d); | 823 | l=(p-d); |
| @@ -851,8 +835,7 @@ SSL *s; | |||
| 851 | return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); | 835 | return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); |
| 852 | } | 836 | } |
| 853 | 837 | ||
| 854 | static int ssl3_send_server_done(s) | 838 | static int ssl3_send_server_done(SSL *s) |
| 855 | SSL *s; | ||
| 856 | { | 839 | { |
| 857 | unsigned char *p; | 840 | unsigned char *p; |
| 858 | 841 | ||
| @@ -876,8 +859,7 @@ SSL *s; | |||
| 876 | return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); | 859 | return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); |
| 877 | } | 860 | } |
| 878 | 861 | ||
| 879 | static int ssl3_send_server_key_exchange(s) | 862 | static int ssl3_send_server_key_exchange(SSL *s) |
| 880 | SSL *s; | ||
| 881 | { | 863 | { |
| 882 | #ifndef NO_RSA | 864 | #ifndef NO_RSA |
| 883 | unsigned char *q; | 865 | unsigned char *q; |
| @@ -902,7 +884,7 @@ SSL *s; | |||
| 902 | if (s->state == SSL3_ST_SW_KEY_EXCH_A) | 884 | if (s->state == SSL3_ST_SW_KEY_EXCH_A) |
| 903 | { | 885 | { |
| 904 | type=s->s3->tmp.new_cipher->algorithms & SSL_MKEY_MASK; | 886 | type=s->s3->tmp.new_cipher->algorithms & SSL_MKEY_MASK; |
| 905 | cert=s->session->cert; | 887 | cert=s->cert; |
| 906 | 888 | ||
| 907 | buf=s->init_buf; | 889 | buf=s->init_buf; |
| 908 | 890 | ||
| @@ -912,11 +894,11 @@ SSL *s; | |||
| 912 | if (type & SSL_kRSA) | 894 | if (type & SSL_kRSA) |
| 913 | { | 895 | { |
| 914 | rsa=cert->rsa_tmp; | 896 | rsa=cert->rsa_tmp; |
| 915 | if ((rsa == NULL) && (s->ctx->default_cert->rsa_tmp_cb != NULL)) | 897 | if ((rsa == NULL) && (s->cert->rsa_tmp_cb != NULL)) |
| 916 | { | 898 | { |
| 917 | rsa=s->ctx->default_cert->rsa_tmp_cb(s, | 899 | rsa=s->cert->rsa_tmp_cb(s, |
| 918 | (s->s3->tmp.new_cipher->algorithms| | 900 | SSL_C_IS_EXPORT(s->s3->tmp.new_cipher), |
| 919 | SSL_NOT_EXP)?0:1); | 901 | SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)); |
| 920 | CRYPTO_add(&rsa->references,1,CRYPTO_LOCK_RSA); | 902 | CRYPTO_add(&rsa->references,1,CRYPTO_LOCK_RSA); |
| 921 | cert->rsa_tmp=rsa; | 903 | cert->rsa_tmp=rsa; |
| 922 | } | 904 | } |
| @@ -936,10 +918,10 @@ SSL *s; | |||
| 936 | if (type & SSL_kEDH) | 918 | if (type & SSL_kEDH) |
| 937 | { | 919 | { |
| 938 | dhp=cert->dh_tmp; | 920 | dhp=cert->dh_tmp; |
| 939 | if ((dhp == NULL) && (cert->dh_tmp_cb != NULL)) | 921 | if ((dhp == NULL) && (s->cert->dh_tmp_cb != NULL)) |
| 940 | dhp=cert->dh_tmp_cb(s, | 922 | dhp=s->cert->dh_tmp_cb(s, |
| 941 | (s->s3->tmp.new_cipher->algorithms| | 923 | !SSL_C_IS_EXPORT(s->s3->tmp.new_cipher), |
| 942 | SSL_NOT_EXP)?0:1); | 924 | SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)); |
| 943 | if (dhp == NULL) | 925 | if (dhp == NULL) |
| 944 | { | 926 | { |
| 945 | al=SSL_AD_HANDSHAKE_FAILURE; | 927 | al=SSL_AD_HANDSHAKE_FAILURE; |
| @@ -953,13 +935,16 @@ SSL *s; | |||
| 953 | } | 935 | } |
| 954 | 936 | ||
| 955 | s->s3->tmp.dh=dh; | 937 | s->s3->tmp.dh=dh; |
| 956 | if (((dhp->pub_key == NULL) || | 938 | if ((dhp->pub_key == NULL || |
| 957 | (dhp->priv_key == NULL) || | 939 | dhp->priv_key == NULL || |
| 958 | (s->options & SSL_OP_SINGLE_DH_USE)) && | 940 | (s->options & SSL_OP_SINGLE_DH_USE))) |
| 959 | (!DH_generate_key(dh))) | ||
| 960 | { | 941 | { |
| 961 | SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_DH_LIB); | 942 | if(!DH_generate_key(dh)) |
| 962 | goto err; | 943 | { |
| 944 | SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, | ||
| 945 | ERR_R_DH_LIB); | ||
| 946 | goto err; | ||
| 947 | } | ||
| 963 | } | 948 | } |
| 964 | else | 949 | else |
| 965 | { | 950 | { |
| @@ -1098,12 +1083,11 @@ err: | |||
| 1098 | return(-1); | 1083 | return(-1); |
| 1099 | } | 1084 | } |
| 1100 | 1085 | ||
| 1101 | static int ssl3_send_certificate_request(s) | 1086 | static int ssl3_send_certificate_request(SSL *s) |
| 1102 | SSL *s; | ||
| 1103 | { | 1087 | { |
| 1104 | unsigned char *p,*d; | 1088 | unsigned char *p,*d; |
| 1105 | int i,j,nl,off,n; | 1089 | int i,j,nl,off,n; |
| 1106 | STACK *sk=NULL; | 1090 | STACK_OF(X509_NAME) *sk=NULL; |
| 1107 | X509_NAME *name; | 1091 | X509_NAME *name; |
| 1108 | BUF_MEM *buf; | 1092 | BUF_MEM *buf; |
| 1109 | 1093 | ||
| @@ -1128,9 +1112,9 @@ SSL *s; | |||
| 1128 | nl=0; | 1112 | nl=0; |
| 1129 | if (sk != NULL) | 1113 | if (sk != NULL) |
| 1130 | { | 1114 | { |
| 1131 | for (i=0; i<sk_num(sk); i++) | 1115 | for (i=0; i<sk_X509_NAME_num(sk); i++) |
| 1132 | { | 1116 | { |
| 1133 | name=(X509_NAME *)sk_value(sk,i); | 1117 | name=sk_X509_NAME_value(sk,i); |
| 1134 | j=i2d_X509_NAME(name,NULL); | 1118 | j=i2d_X509_NAME(name,NULL); |
| 1135 | if (!BUF_MEM_grow(buf,4+n+j+2)) | 1119 | if (!BUF_MEM_grow(buf,4+n+j+2)) |
| 1136 | { | 1120 | { |
| @@ -1176,15 +1160,16 @@ err: | |||
| 1176 | return(-1); | 1160 | return(-1); |
| 1177 | } | 1161 | } |
| 1178 | 1162 | ||
| 1179 | static int ssl3_get_client_key_exchange(s) | 1163 | static int ssl3_get_client_key_exchange(SSL *s) |
| 1180 | SSL *s; | ||
| 1181 | { | 1164 | { |
| 1182 | int i,al,ok; | 1165 | int i,al,ok; |
| 1183 | long n; | 1166 | long n; |
| 1184 | unsigned long l; | 1167 | unsigned long l; |
| 1185 | unsigned char *p; | 1168 | unsigned char *p; |
| 1169 | #ifndef NO_RSA | ||
| 1186 | RSA *rsa=NULL; | 1170 | RSA *rsa=NULL; |
| 1187 | EVP_PKEY *pkey=NULL; | 1171 | EVP_PKEY *pkey=NULL; |
| 1172 | #endif | ||
| 1188 | #ifndef NO_DH | 1173 | #ifndef NO_DH |
| 1189 | BIGNUM *pub=NULL; | 1174 | BIGNUM *pub=NULL; |
| 1190 | DH *dh_srvr; | 1175 | DH *dh_srvr; |
| @@ -1208,12 +1193,8 @@ SSL *s; | |||
| 1208 | /* FIX THIS UP EAY EAY EAY EAY */ | 1193 | /* FIX THIS UP EAY EAY EAY EAY */ |
| 1209 | if (s->s3->tmp.use_rsa_tmp) | 1194 | if (s->s3->tmp.use_rsa_tmp) |
| 1210 | { | 1195 | { |
| 1211 | if ((s->session->cert != NULL) && | 1196 | if ((s->cert != NULL) && (s->cert->rsa_tmp != NULL)) |
| 1212 | (s->session->cert->rsa_tmp != NULL)) | 1197 | rsa=s->cert->rsa_tmp; |
| 1213 | rsa=s->session->cert->rsa_tmp; | ||
| 1214 | else if ((s->ctx->default_cert != NULL) && | ||
| 1215 | (s->ctx->default_cert->rsa_tmp != NULL)) | ||
| 1216 | rsa=s->ctx->default_cert->rsa_tmp; | ||
| 1217 | /* Don't do a callback because rsa_tmp should | 1198 | /* Don't do a callback because rsa_tmp should |
| 1218 | * be sent already */ | 1199 | * be sent already */ |
| 1219 | if (rsa == NULL) | 1200 | if (rsa == NULL) |
| @@ -1259,15 +1240,28 @@ SSL *s; | |||
| 1259 | i=RSA_private_decrypt((int)n,p,p,rsa,RSA_PKCS1_PADDING); | 1240 | i=RSA_private_decrypt((int)n,p,p,rsa,RSA_PKCS1_PADDING); |
| 1260 | 1241 | ||
| 1261 | #if 1 | 1242 | #if 1 |
| 1262 | /* If a bad decrypt, use a dud master key */ | 1243 | /* If a bad decrypt, use a random master key */ |
| 1263 | if ((i != SSL_MAX_MASTER_KEY_LENGTH) || | 1244 | if ((i != SSL_MAX_MASTER_KEY_LENGTH) || |
| 1264 | ((p[0] != (s->version>>8)) || | 1245 | ((p[0] != (s->client_version>>8)) || |
| 1265 | (p[1] != (s->version & 0xff)))) | 1246 | (p[1] != (s->client_version & 0xff)))) |
| 1266 | { | 1247 | { |
| 1267 | p[0]=(s->version>>8); | 1248 | int bad=1; |
| 1268 | p[1]=(s->version & 0xff); | 1249 | |
| 1269 | RAND_bytes(&(p[2]),SSL_MAX_MASTER_KEY_LENGTH-2); | 1250 | if ((i == SSL_MAX_MASTER_KEY_LENGTH) && |
| 1270 | i=SSL_MAX_MASTER_KEY_LENGTH; | 1251 | (p[0] == (s->version>>8)) && |
| 1252 | (p[1] == 0)) | ||
| 1253 | { | ||
| 1254 | if (s->options & SSL_OP_TLS_ROLLBACK_BUG) | ||
| 1255 | bad=0; | ||
| 1256 | } | ||
| 1257 | if (bad) | ||
| 1258 | { | ||
| 1259 | p[0]=(s->version>>8); | ||
| 1260 | p[1]=(s->version & 0xff); | ||
| 1261 | RAND_bytes(&(p[2]),SSL_MAX_MASTER_KEY_LENGTH-2); | ||
| 1262 | i=SSL_MAX_MASTER_KEY_LENGTH; | ||
| 1263 | } | ||
| 1264 | /* else, an SSLeay bug, ssl only server, tls client */ | ||
| 1271 | } | 1265 | } |
| 1272 | #else | 1266 | #else |
| 1273 | if (i != SSL_MAX_MASTER_KEY_LENGTH) | 1267 | if (i != SSL_MAX_MASTER_KEY_LENGTH) |
| @@ -1370,8 +1364,7 @@ err: | |||
| 1370 | return(-1); | 1364 | return(-1); |
| 1371 | } | 1365 | } |
| 1372 | 1366 | ||
| 1373 | static int ssl3_get_cert_verify(s) | 1367 | static int ssl3_get_cert_verify(SSL *s) |
| 1374 | SSL *s; | ||
| 1375 | { | 1368 | { |
| 1376 | EVP_PKEY *pkey=NULL; | 1369 | EVP_PKEY *pkey=NULL; |
| 1377 | unsigned char *p; | 1370 | unsigned char *p; |
| @@ -1505,17 +1498,17 @@ f_err: | |||
| 1505 | ssl3_send_alert(s,SSL3_AL_FATAL,al); | 1498 | ssl3_send_alert(s,SSL3_AL_FATAL,al); |
| 1506 | } | 1499 | } |
| 1507 | end: | 1500 | end: |
| 1501 | EVP_PKEY_free(pkey); | ||
| 1508 | return(ret); | 1502 | return(ret); |
| 1509 | } | 1503 | } |
| 1510 | 1504 | ||
| 1511 | static int ssl3_get_client_certificate(s) | 1505 | static int ssl3_get_client_certificate(SSL *s) |
| 1512 | SSL *s; | ||
| 1513 | { | 1506 | { |
| 1514 | int i,ok,al,ret= -1; | 1507 | int i,ok,al,ret= -1; |
| 1515 | X509 *x=NULL; | 1508 | X509 *x=NULL; |
| 1516 | unsigned long l,nc,llen,n; | 1509 | unsigned long l,nc,llen,n; |
| 1517 | unsigned char *p,*d,*q; | 1510 | unsigned char *p,*d,*q; |
| 1518 | STACK *sk=NULL; | 1511 | STACK_OF(X509) *sk=NULL; |
| 1519 | 1512 | ||
| 1520 | n=ssl3_get_message(s, | 1513 | n=ssl3_get_message(s, |
| 1521 | SSL3_ST_SR_CERT_A, | 1514 | SSL3_ST_SR_CERT_A, |
| @@ -1558,7 +1551,7 @@ SSL *s; | |||
| 1558 | } | 1551 | } |
| 1559 | d=p=(unsigned char *)s->init_buf->data; | 1552 | d=p=(unsigned char *)s->init_buf->data; |
| 1560 | 1553 | ||
| 1561 | if ((sk=sk_new_null()) == NULL) | 1554 | if ((sk=sk_X509_new_null()) == NULL) |
| 1562 | { | 1555 | { |
| 1563 | SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,ERR_R_MALLOC_FAILURE); | 1556 | SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,ERR_R_MALLOC_FAILURE); |
| 1564 | goto err; | 1557 | goto err; |
| @@ -1594,7 +1587,7 @@ SSL *s; | |||
| 1594 | SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_CERT_LENGTH_MISMATCH); | 1587 | SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_CERT_LENGTH_MISMATCH); |
| 1595 | goto f_err; | 1588 | goto f_err; |
| 1596 | } | 1589 | } |
| 1597 | if (!sk_push(sk,(char *)x)) | 1590 | if (!sk_X509_push(sk,x)) |
| 1598 | { | 1591 | { |
| 1599 | SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,ERR_R_MALLOC_FAILURE); | 1592 | SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,ERR_R_MALLOC_FAILURE); |
| 1600 | goto err; | 1593 | goto err; |
| @@ -1603,7 +1596,7 @@ SSL *s; | |||
| 1603 | nc+=l+3; | 1596 | nc+=l+3; |
| 1604 | } | 1597 | } |
| 1605 | 1598 | ||
| 1606 | if (sk_num(sk) <= 0) | 1599 | if (sk_X509_num(sk) <= 0) |
| 1607 | { | 1600 | { |
| 1608 | /* TLS does not mind 0 certs returned */ | 1601 | /* TLS does not mind 0 certs returned */ |
| 1609 | if (s->version == SSL3_VERSION) | 1602 | if (s->version == SSL3_VERSION) |
| @@ -1632,10 +1625,26 @@ SSL *s; | |||
| 1632 | } | 1625 | } |
| 1633 | } | 1626 | } |
| 1634 | 1627 | ||
| 1635 | /* This should not be needed */ | 1628 | if (s->session->peer != NULL) /* This should not be needed */ |
| 1636 | if (s->session->peer != NULL) | ||
| 1637 | X509_free(s->session->peer); | 1629 | X509_free(s->session->peer); |
| 1638 | s->session->peer=(X509 *)sk_shift(sk); | 1630 | s->session->peer=sk_X509_shift(sk); |
| 1631 | |||
| 1632 | /* With the current implementation, sess_cert will always be NULL | ||
| 1633 | * when we arrive here. */ | ||
| 1634 | if (s->session->sess_cert == NULL) | ||
| 1635 | { | ||
| 1636 | s->session->sess_cert = ssl_sess_cert_new(); | ||
| 1637 | if (s->session->sess_cert == NULL) | ||
| 1638 | { | ||
| 1639 | SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE, ERR_R_MALLOC_FAILURE); | ||
| 1640 | goto err; | ||
| 1641 | } | ||
| 1642 | } | ||
| 1643 | if (s->session->sess_cert->cert_chain != NULL) | ||
| 1644 | sk_X509_pop_free(s->session->sess_cert->cert_chain, X509_free); | ||
| 1645 | s->session->sess_cert->cert_chain=sk; | ||
| 1646 | |||
| 1647 | sk=NULL; | ||
| 1639 | 1648 | ||
| 1640 | ret=1; | 1649 | ret=1; |
| 1641 | if (0) | 1650 | if (0) |
| @@ -1645,12 +1654,11 @@ f_err: | |||
| 1645 | } | 1654 | } |
| 1646 | err: | 1655 | err: |
| 1647 | if (x != NULL) X509_free(x); | 1656 | if (x != NULL) X509_free(x); |
| 1648 | if (sk != NULL) sk_pop_free(sk,X509_free); | 1657 | if (sk != NULL) sk_X509_pop_free(sk,X509_free); |
| 1649 | return(ret); | 1658 | return(ret); |
| 1650 | } | 1659 | } |
| 1651 | 1660 | ||
| 1652 | int ssl3_send_server_certificate(s) | 1661 | int ssl3_send_server_certificate(SSL *s) |
| 1653 | SSL *s; | ||
| 1654 | { | 1662 | { |
| 1655 | unsigned long l; | 1663 | unsigned long l; |
| 1656 | X509 *x; | 1664 | X509 *x; |