summaryrefslogtreecommitdiff
path: root/src/lib/libssl/s3_srvr.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libssl/s3_srvr.c')
-rw-r--r--src/lib/libssl/s3_srvr.c166
1 files changed, 92 insertions, 74 deletions
diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c
index f3edcc2efb..6d8ccd66b7 100644
--- a/src/lib/libssl/s3_srvr.c
+++ b/src/lib/libssl/s3_srvr.c
@@ -5,21 +5,21 @@
5 * This package is an SSL implementation written 5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com). 6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL. 7 * The implementation was written so as to conform with Netscapes SSL.
8 * 8 *
9 * This library is free for commercial and non-commercial use as long as 9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions 10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA, 11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms 13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 * 15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in 16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed. 17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution 18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used. 19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or 20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package. 21 * in documentation (online or textual) provided with the package.
22 * 22 *
23 * Redistribution and use in source and binary forms, with or without 23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions 24 * modification, are permitted provided that the following conditions
25 * are met: 25 * are met:
@@ -34,10 +34,10 @@
34 * Eric Young (eay@cryptsoft.com)" 34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library 35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-). 36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from 37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement: 38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 * 40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE. 51 * SUCH DAMAGE.
52 * 52 *
53 * The licence and distribution terms for any publically available version or 53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be 54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence 55 * copied and put under another distribution licence
@@ -63,7 +63,7 @@
63 * are met: 63 * are met:
64 * 64 *
65 * 1. Redistributions of source code must retain the above copyright 65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer. 66 * notice, this list of conditions and the following disclaimer.
67 * 67 *
68 * 2. Redistributions in binary form must reproduce the above copyright 68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in 69 * notice, this list of conditions and the following disclaimer in
@@ -111,7 +111,7 @@
111/* ==================================================================== 111/* ====================================================================
112 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. 112 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
113 * 113 *
114 * Portions of the attached software ("Contribution") are developed by 114 * Portions of the attached software ("Contribution") are developed by
115 * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. 115 * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
116 * 116 *
117 * The Contribution is licensed pursuant to the OpenSSL open source 117 * The Contribution is licensed pursuant to the OpenSSL open source
@@ -190,15 +190,17 @@ ssl_check_srp_ext_ClientHello(SSL *s, int *al)
190 if ((s->s3->tmp.new_cipher->algorithm_mkey & SSL_kSRP) && 190 if ((s->s3->tmp.new_cipher->algorithm_mkey & SSL_kSRP) &&
191 (s->srp_ctx.TLS_ext_srp_username_callback != NULL)) { 191 (s->srp_ctx.TLS_ext_srp_username_callback != NULL)) {
192 if (s->srp_ctx.login == NULL) { 192 if (s->srp_ctx.login == NULL) {
193 /* RFC 5054 says SHOULD reject, 193 /*
194 we do so if There is no srp login name */ 194 * RFC 5054 says SHOULD reject,
195 * we do so if There is no srp login name
196 */
195 ret = SSL3_AL_FATAL; 197 ret = SSL3_AL_FATAL;
196 *al = SSL_AD_UNKNOWN_PSK_IDENTITY; 198 *al = SSL_AD_UNKNOWN_PSK_IDENTITY;
197 } else { 199 } else {
198 ret = SSL_srp_server_param_with_username(s, al); 200 ret = SSL_srp_server_param_with_username(s, al);
199 } 201 }
200 } 202 }
201 return ret; 203 return (ret);
202} 204}
203#endif 205#endif
204 206
@@ -228,7 +230,8 @@ ssl3_accept(SSL *s)
228 SSL_clear(s); 230 SSL_clear(s);
229 231
230 if (s->cert == NULL) { 232 if (s->cert == NULL) {
231 SSLerr(SSL_F_SSL3_ACCEPT, SSL_R_NO_CERTIFICATE_SET); 233 SSLerr(SSL_F_SSL3_ACCEPT,
234 SSL_R_NO_CERTIFICATE_SET);
232 return (-1); 235 return (-1);
233 } 236 }
234 237
@@ -250,8 +253,9 @@ ssl3_accept(SSL *s)
250 cb(s, SSL_CB_HANDSHAKE_START, 1); 253 cb(s, SSL_CB_HANDSHAKE_START, 1);
251 254
252 if ((s->version >> 8) != 3) { 255 if ((s->version >> 8) != 3) {
253 SSLerr(SSL_F_SSL3_ACCEPT, ERR_R_INTERNAL_ERROR); 256 SSLerr(SSL_F_SSL3_ACCEPT,
254 return -1; 257 ERR_R_INTERNAL_ERROR);
258 return (-1);
255 } 259 }
256 s->type = SSL_ST_ACCEPT; 260 s->type = SSL_ST_ACCEPT;
257 261
@@ -342,7 +346,7 @@ ssl3_accept(SSL *s)
342 { 346 {
343 int al; 347 int al;
344 if ((ret = 348 if ((ret =
345 ssl_check_srp_ext_ClientHello(s, &al)) 349 ssl_check_srp_ext_ClientHello(s, &al))
346 < 0) { 350 < 0) {
347 /* 351 /*
348 * Callback indicates further work to 352 * Callback indicates further work to
@@ -531,7 +535,7 @@ ssl3_accept(SSL *s)
531 s->state = SSL3_ST_SW_SRVR_DONE_A; 535 s->state = SSL3_ST_SW_SRVR_DONE_A;
532 if (s->s3->handshake_buffer) 536 if (s->s3->handshake_buffer)
533 if (!ssl3_digest_cached_records(s)) 537 if (!ssl3_digest_cached_records(s))
534 return -1; 538 return (-1);
535 } else { 539 } else {
536 s->s3->tmp.cert_request = 1; 540 s->s3->tmp.cert_request = 1;
537 ret = ssl3_send_certificate_request(s); 541 ret = ssl3_send_certificate_request(s);
@@ -635,11 +639,11 @@ ssl3_accept(SSL *s)
635 if (!s->s3->handshake_buffer) { 639 if (!s->s3->handshake_buffer) {
636 SSLerr(SSL_F_SSL3_ACCEPT, 640 SSLerr(SSL_F_SSL3_ACCEPT,
637 ERR_R_INTERNAL_ERROR); 641 ERR_R_INTERNAL_ERROR);
638 return -1; 642 return (-1);
639 } 643 }
640 s->s3->flags |= TLS1_FLAGS_KEEP_HANDSHAKE; 644 s->s3->flags |= TLS1_FLAGS_KEEP_HANDSHAKE;
641 if (!ssl3_digest_cached_records(s)) 645 if (!ssl3_digest_cached_records(s))
642 return -1; 646 return (-1);
643 } else { 647 } else {
644 int offset = 0; 648 int offset = 0;
645 int dgst_num; 649 int dgst_num;
@@ -647,7 +651,7 @@ ssl3_accept(SSL *s)
647 s->state = SSL3_ST_SR_CERT_VRFY_A; 651 s->state = SSL3_ST_SR_CERT_VRFY_A;
648 s->init_num = 0; 652 s->init_num = 0;
649 653
650 /* 654 /*
651 * We need to get hashes here so if there is 655 * We need to get hashes here so if there is
652 * a client cert, it can be verified 656 * a client cert, it can be verified
653 * FIXME - digest processing for 657 * FIXME - digest processing for
@@ -656,7 +660,7 @@ ssl3_accept(SSL *s)
656 */ 660 */
657 if (s->s3->handshake_buffer) 661 if (s->s3->handshake_buffer)
658 if (!ssl3_digest_cached_records(s)) 662 if (!ssl3_digest_cached_records(s))
659 return -1; 663 return (-1);
660 for (dgst_num = 0; dgst_num < SSL_MAX_DIGEST; 664 for (dgst_num = 0; dgst_num < SSL_MAX_DIGEST;
661 dgst_num++) 665 dgst_num++)
662 if (s->s3->handshake_dgst[dgst_num]) { 666 if (s->s3->handshake_dgst[dgst_num]) {
@@ -827,7 +831,8 @@ ssl3_accept(SSL *s)
827 /* break; */ 831 /* break; */
828 832
829 default: 833 default:
830 SSLerr(SSL_F_SSL3_ACCEPT, SSL_R_UNKNOWN_STATE); 834 SSLerr(SSL_F_SSL3_ACCEPT,
835 SSL_R_UNKNOWN_STATE);
831 ret = -1; 836 ret = -1;
832 goto end; 837 goto end;
833 /* break; */ 838 /* break; */
@@ -903,7 +908,7 @@ ssl3_check_client_hello(SSL *s)
903 if (s->s3->flags & SSL3_FLAGS_SGC_RESTART_DONE) { 908 if (s->s3->flags & SSL3_FLAGS_SGC_RESTART_DONE) {
904 SSLerr(SSL_F_SSL3_CHECK_CLIENT_HELLO, 909 SSLerr(SSL_F_SSL3_CHECK_CLIENT_HELLO,
905 SSL_R_MULTIPLE_SGC_RESTARTS); 910 SSL_R_MULTIPLE_SGC_RESTARTS);
906 return -1; 911 return (-1);
907 } 912 }
908 /* 913 /*
909 * Throw away what we have done so far in the current handshake, 914 * Throw away what we have done so far in the current handshake,
@@ -923,9 +928,9 @@ ssl3_check_client_hello(SSL *s)
923 } 928 }
924#endif 929#endif
925 s->s3->flags |= SSL3_FLAGS_SGC_RESTART_DONE; 930 s->s3->flags |= SSL3_FLAGS_SGC_RESTART_DONE;
926 return 2; 931 return (2);
927 } 932 }
928 return 1; 933 return (1);
929} 934}
930 935
931int 936int
@@ -974,7 +979,8 @@ ssl3_get_client_hello(SSL *s)
974 979
975 if ((s->version == DTLS1_VERSION && s->client_version > s->version) || 980 if ((s->version == DTLS1_VERSION && s->client_version > s->version) ||
976 (s->version != DTLS1_VERSION && s->client_version < s->version)) { 981 (s->version != DTLS1_VERSION && s->client_version < s->version)) {
977 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_WRONG_VERSION_NUMBER); 982 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
983 SSL_R_WRONG_VERSION_NUMBER);
978 if ((s->client_version >> 8) == SSL3_VERSION_MAJOR && 984 if ((s->client_version >> 8) == SSL3_VERSION_MAJOR &&
979 !s->enc_write_ctx && !s->write_hash) { 985 !s->enc_write_ctx && !s->write_hash) {
980 /* 986 /*
@@ -999,7 +1005,7 @@ ssl3_get_client_hello(SSL *s)
999 cookie_length = *(p + SSL3_RANDOM_SIZE + session_length + 1); 1005 cookie_length = *(p + SSL3_RANDOM_SIZE + session_length + 1);
1000 1006
1001 if (cookie_length == 0) 1007 if (cookie_length == 0)
1002 return 1; 1008 return (1);
1003 } 1009 }
1004 1010
1005 /* load the client random */ 1011 /* load the client random */
@@ -1048,7 +1054,7 @@ ssl3_get_client_hello(SSL *s)
1048 /* cookie stuff */ 1054 /* cookie stuff */
1049 cookie_len = *(p++); 1055 cookie_len = *(p++);
1050 1056
1051 /* 1057 /*
1052 * The ClientHello may contain a cookie even if the 1058 * The ClientHello may contain a cookie even if the
1053 * HelloVerify message has not been sent--make sure that it 1059 * HelloVerify message has not been sent--make sure that it
1054 * does not cause an overflow. 1060 * does not cause an overflow.
@@ -1094,13 +1100,15 @@ ssl3_get_client_hello(SSL *s)
1094 if ((i == 0) && (j != 0)) { 1100 if ((i == 0) && (j != 0)) {
1095 /* we need a cipher if we are not resuming a session */ 1101 /* we need a cipher if we are not resuming a session */
1096 al = SSL_AD_ILLEGAL_PARAMETER; 1102 al = SSL_AD_ILLEGAL_PARAMETER;
1097 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_NO_CIPHERS_SPECIFIED); 1103 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
1104 SSL_R_NO_CIPHERS_SPECIFIED);
1098 goto f_err; 1105 goto f_err;
1099 } 1106 }
1100 if ((p + i) >= (d + n)) { 1107 if ((p + i) >= (d + n)) {
1101 /* not enough data */ 1108 /* not enough data */
1102 al = SSL_AD_DECODE_ERROR; 1109 al = SSL_AD_DECODE_ERROR;
1103 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH); 1110 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
1111 SSL_R_LENGTH_MISMATCH);
1104 goto f_err; 1112 goto f_err;
1105 } 1113 }
1106 if ((i > 0) && 1114 if ((i > 0) &&
@@ -1143,7 +1151,8 @@ ssl3_get_client_hello(SSL *s)
1143 if ((p + i) > (d + n)) { 1151 if ((p + i) > (d + n)) {
1144 /* not enough data */ 1152 /* not enough data */
1145 al = SSL_AD_DECODE_ERROR; 1153 al = SSL_AD_DECODE_ERROR;
1146 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH); 1154 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
1155 SSL_R_LENGTH_MISMATCH);
1147 goto f_err; 1156 goto f_err;
1148 } 1157 }
1149 q = p; 1158 q = p;
@@ -1172,7 +1181,8 @@ ssl3_get_client_hello(SSL *s)
1172 } 1181 }
1173 } 1182 }
1174 if (ssl_check_clienthello_tlsext_early(s) <= 0) { 1183 if (ssl_check_clienthello_tlsext_early(s) <= 0) {
1175 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_CLIENTHELLO_TLSEXT); 1184 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
1185 SSL_R_CLIENTHELLO_TLSEXT);
1176 goto err; 1186 goto err;
1177 } 1187 }
1178 1188
@@ -1377,7 +1387,7 @@ ssl3_get_client_hello(SSL *s)
1377 } 1387 }
1378 1388
1379 /* 1389 /*
1380 * We now have the following setup. 1390 * We now have the following setup.
1381 * client_random 1391 * client_random
1382 * cipher_list - our prefered list of ciphers 1392 * cipher_list - our prefered list of ciphers
1383 * ciphers - the clients prefered list of ciphers 1393 * ciphers - the clients prefered list of ciphers
@@ -1422,7 +1432,7 @@ ssl3_send_server_hello(SSL *s)
1422#ifdef OPENSSL_NO_TLSEXT 1432#ifdef OPENSSL_NO_TLSEXT
1423 p = s->s3->server_random; 1433 p = s->s3->server_random;
1424 if (ssl_fill_hello_random(s, 1, p, SSL3_RANDOM_SIZE) <= 0) 1434 if (ssl_fill_hello_random(s, 1, p, SSL3_RANDOM_SIZE) <= 0)
1425 return -1; 1435 return (-1);
1426#endif 1436#endif
1427 /* Do the message type and length last */ 1437 /* Do the message type and length last */
1428 d = p= &(buf[4]); 1438 d = p= &(buf[4]);
@@ -1460,7 +1470,7 @@ ssl3_send_server_hello(SSL *s)
1460 if (sl > (int)sizeof(s->session->session_id)) { 1470 if (sl > (int)sizeof(s->session->session_id)) {
1461 SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO, 1471 SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO,
1462 ERR_R_INTERNAL_ERROR); 1472 ERR_R_INTERNAL_ERROR);
1463 return -1; 1473 return (-1);
1464 } 1474 }
1465 *(p++) = sl; 1475 *(p++) = sl;
1466 memcpy(p, s->session->session_id, sl); 1476 memcpy(p, s->session->session_id, sl);
@@ -1483,13 +1493,13 @@ ssl3_send_server_hello(SSL *s)
1483 if (ssl_prepare_serverhello_tlsext(s) <= 0) { 1493 if (ssl_prepare_serverhello_tlsext(s) <= 0) {
1484 SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO, 1494 SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO,
1485 SSL_R_SERVERHELLO_TLSEXT); 1495 SSL_R_SERVERHELLO_TLSEXT);
1486 return -1; 1496 return (-1);
1487 } 1497 }
1488 if ((p = ssl_add_serverhello_tlsext(s, p, 1498 if ((p = ssl_add_serverhello_tlsext(s, p,
1489 buf + SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) { 1499 buf + SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) {
1490 SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO, 1500 SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO,
1491 ERR_R_INTERNAL_ERROR); 1501 ERR_R_INTERNAL_ERROR);
1492 return -1; 1502 return (-1);
1493 } 1503 }
1494#endif 1504#endif
1495 /* do the header */ 1505 /* do the header */
@@ -1714,9 +1724,9 @@ ssl3_send_server_key_exchange(SSL *s)
1714 goto err; 1724 goto err;
1715 } 1725 }
1716 1726
1717 /* 1727 /*
1718 * XXX: For now, we only support ephemeral ECDH 1728 * XXX: For now, we only support ephemeral ECDH
1719 * keys over named (not generic) curves. For 1729 * keys over named (not generic) curves. For
1720 * supported named curves, curve_id is non-zero. 1730 * supported named curves, curve_id is non-zero.
1721 */ 1731 */
1722 if ((curve_id = tls1_ec_nid2curve_id( 1732 if ((curve_id = tls1_ec_nid2curve_id(
@@ -1726,7 +1736,7 @@ ssl3_send_server_key_exchange(SSL *s)
1726 goto err; 1736 goto err;
1727 } 1737 }
1728 1738
1729 /* 1739 /*
1730 * Encode the public key. 1740 * Encode the public key.
1731 * First check the size of encoding and 1741 * First check the size of encoding and
1732 * allocate memory accordingly. 1742 * allocate memory accordingly.
@@ -1760,12 +1770,12 @@ ssl3_send_server_key_exchange(SSL *s)
1760 BN_CTX_free(bn_ctx); 1770 BN_CTX_free(bn_ctx);
1761 bn_ctx = NULL; 1771 bn_ctx = NULL;
1762 1772
1763 /* 1773 /*
1764 * XXX: For now, we only support named (not 1774 * XXX: For now, we only support named (not
1765 * generic) curves in ECDH ephemeral key exchanges. 1775 * generic) curves in ECDH ephemeral key exchanges.
1766 * In this situation, we need four additional bytes 1776 * In this situation, we need four additional bytes
1767 * to encode the entire ServerECDHParams 1777 * to encode the entire ServerECDHParams
1768 * structure. 1778 * structure.
1769 */ 1779 */
1770 n = 4 + encodedlen; 1780 n = 4 + encodedlen;
1771 1781
@@ -1790,7 +1800,8 @@ ssl3_send_server_key_exchange(SSL *s)
1790 if (type & SSL_kSRP) { 1800 if (type & SSL_kSRP) {
1791 if ((s->srp_ctx.N == NULL) || (s->srp_ctx.g == NULL) || 1801 if ((s->srp_ctx.N == NULL) || (s->srp_ctx.g == NULL) ||
1792 (s->srp_ctx.s == NULL) || (s->srp_ctx.B == NULL)) { 1802 (s->srp_ctx.s == NULL) || (s->srp_ctx.B == NULL)) {
1793 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, SSL_R_MISSING_SRP_PARAM); 1803 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
1804 SSL_R_MISSING_SRP_PARAM);
1794 goto err; 1805 goto err;
1795 } 1806 }
1796 r[0] = s->srp_ctx.N; 1807 r[0] = s->srp_ctx.N;
@@ -1801,7 +1812,8 @@ ssl3_send_server_key_exchange(SSL *s)
1801#endif 1812#endif
1802 { 1813 {
1803 al = SSL_AD_HANDSHAKE_FAILURE; 1814 al = SSL_AD_HANDSHAKE_FAILURE;
1804 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE); 1815 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
1816 SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE);
1805 goto f_err; 1817 goto f_err;
1806 } 1818 }
1807 for (i = 0; i < 4 && r[i] != NULL; i++) { 1819 for (i = 0; i < 4 && r[i] != NULL; i++) {
@@ -1922,7 +1934,7 @@ ssl3_send_server_key_exchange(SSL *s)
1922 n += u + 2; 1934 n += u + 2;
1923 } else 1935 } else
1924 if (md) { 1936 if (md) {
1925 /* 1937 /*
1926 * For TLS1.2 and later send signature 1938 * For TLS1.2 and later send signature
1927 * algorithm 1939 * algorithm
1928 */ 1940 */
@@ -2384,7 +2396,8 @@ ssl3_get_client_key_exchange(SSL *s)
2384 } 2396 }
2385 2397
2386 if ((krb5rc = kssl_validate_times(authtime, &ttimes)) != 0) { 2398 if ((krb5rc = kssl_validate_times(authtime, &ttimes)) != 0) {
2387 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, krb5rc); 2399 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2400 krb5rc);
2388 goto err; 2401 goto err;
2389 } 2402 }
2390 2403
@@ -2436,7 +2449,7 @@ ssl3_get_client_key_exchange(SSL *s)
2436 * instead of the protocol version. 2449 * instead of the protocol version.
2437 * 2450 *
2438 * If SSL_OP_TLS_ROLLBACK_BUG is set, tolerate such 2451 * If SSL_OP_TLS_ROLLBACK_BUG is set, tolerate such
2439 * clients. 2452 * clients.
2440 * (Perhaps we should have a separate BUG value for 2453 * (Perhaps we should have a separate BUG value for
2441 * the Kerberos cipher) 2454 * the Kerberos cipher)
2442 */ 2455 */
@@ -2463,7 +2476,7 @@ ssl3_get_client_key_exchange(SSL *s)
2463 } 2476 }
2464 2477
2465 2478
2466 /* 2479 /*
2467 * Was doing kssl_ctx_free() here, but it caused problems for 2480 * Was doing kssl_ctx_free() here, but it caused problems for
2468 * apache. 2481 * apache.
2469 * kssl_ctx = kssl_ctx_free(kssl_ctx); 2482 * kssl_ctx = kssl_ctx_free(kssl_ctx);
@@ -2528,13 +2541,13 @@ ssl3_get_client_key_exchange(SSL *s)
2528 if (((clnt_pub_pkey = X509_get_pubkey( 2541 if (((clnt_pub_pkey = X509_get_pubkey(
2529 s->session->peer)) == NULL) || 2542 s->session->peer)) == NULL) ||
2530 (clnt_pub_pkey->type != EVP_PKEY_EC)) { 2543 (clnt_pub_pkey->type != EVP_PKEY_EC)) {
2531 /* 2544 /*
2532 * XXX: For now, we do not support client 2545 * XXX: For now, we do not support client
2533 * authentication using ECDH certificates 2546 * authentication using ECDH certificates
2534 * so this branch (n == 0L) of the code is 2547 * so this branch (n == 0L) of the code is
2535 * never executed. When that support is 2548 * never executed. When that support is
2536 * added, we ought to ensure the key 2549 * added, we ought to ensure the key
2537 * received in the certificate is 2550 * received in the certificate is
2538 * authorized for key agreement. 2551 * authorized for key agreement.
2539 * ECDH_compute_key implicitly checks that 2552 * ECDH_compute_key implicitly checks that
2540 * the two ECDH shares are for the same 2553 * the two ECDH shares are for the same
@@ -2582,7 +2595,7 @@ ssl3_get_client_key_exchange(SSL *s)
2582 /* 2595 /*
2583 * p is pointing to somewhere in the buffer 2596 * p is pointing to somewhere in the buffer
2584 * currently, so set it to the start. 2597 * currently, so set it to the start.
2585 */ 2598 */
2586 p = (unsigned char *)s->init_buf->data; 2599 p = (unsigned char *)s->init_buf->data;
2587 } 2600 }
2588 2601
@@ -2808,7 +2821,7 @@ ssl3_get_client_key_exchange(SSL *s)
2808 EVP_PKEY_free(client_pub_pkey); 2821 EVP_PKEY_free(client_pub_pkey);
2809 EVP_PKEY_CTX_free(pkey_ctx); 2822 EVP_PKEY_CTX_free(pkey_ctx);
2810 if (ret) 2823 if (ret)
2811 return ret; 2824 return (ret);
2812 else 2825 else
2813 goto err; 2826 goto err;
2814 } else { 2827 } else {
@@ -2897,7 +2910,7 @@ ssl3_get_cert_verify(SSL *s)
2897 p = (unsigned char *)s->init_msg; 2910 p = (unsigned char *)s->init_msg;
2898 /* 2911 /*
2899 * Check for broken implementations of GOST ciphersuites. 2912 * Check for broken implementations of GOST ciphersuites.
2900 * 2913 *
2901 * If key is GOST and n is exactly 64, it is a bare 2914 * If key is GOST and n is exactly 64, it is a bare
2902 * signature without length field. 2915 * signature without length field.
2903 */ 2916 */
@@ -2946,7 +2959,8 @@ ssl3_get_cert_verify(SSL *s)
2946 } 2959 }
2947 j = EVP_PKEY_size(pkey); 2960 j = EVP_PKEY_size(pkey);
2948 if ((i > j) || (n > j) || (n <= 0)) { 2961 if ((i > j) || (n > j) || (n <= 0)) {
2949 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, SSL_R_WRONG_SIGNATURE_SIZE); 2962 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
2963 SSL_R_WRONG_SIGNATURE_SIZE);
2950 al = SSL_AD_DECODE_ERROR; 2964 al = SSL_AD_DECODE_ERROR;
2951 goto f_err; 2965 goto f_err;
2952 } 2966 }
@@ -2967,14 +2981,16 @@ ssl3_get_cert_verify(SSL *s)
2967#endif 2981#endif
2968 if (!EVP_VerifyInit_ex(&mctx, md, NULL) || 2982 if (!EVP_VerifyInit_ex(&mctx, md, NULL) ||
2969 !EVP_VerifyUpdate(&mctx, hdata, hdatalen)) { 2983 !EVP_VerifyUpdate(&mctx, hdata, hdatalen)) {
2970 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, ERR_R_EVP_LIB); 2984 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
2985 ERR_R_EVP_LIB);
2971 al = SSL_AD_INTERNAL_ERROR; 2986 al = SSL_AD_INTERNAL_ERROR;
2972 goto f_err; 2987 goto f_err;
2973 } 2988 }
2974 2989
2975 if (EVP_VerifyFinal(&mctx, p , i, pkey) <= 0) { 2990 if (EVP_VerifyFinal(&mctx, p , i, pkey) <= 0) {
2976 al = SSL_AD_DECRYPT_ERROR; 2991 al = SSL_AD_DECRYPT_ERROR;
2977 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, SSL_R_BAD_SIGNATURE); 2992 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
2993 SSL_R_BAD_SIGNATURE);
2978 goto f_err; 2994 goto f_err;
2979 } 2995 }
2980 } else 2996 } else
@@ -3043,7 +3059,8 @@ ssl3_get_cert_verify(SSL *s)
3043 goto f_err; 3059 goto f_err;
3044 } 3060 }
3045 } else { 3061 } else {
3046 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, ERR_R_INTERNAL_ERROR); 3062 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
3063 ERR_R_INTERNAL_ERROR);
3047 al = SSL_AD_UNSUPPORTED_CERTIFICATE; 3064 al = SSL_AD_UNSUPPORTED_CERTIFICATE;
3048 goto f_err; 3065 goto f_err;
3049 } 3066 }
@@ -3277,10 +3294,10 @@ ssl3_send_newsession_ticket(SSL *s)
3277 * too long 3294 * too long
3278 */ 3295 */
3279 if (slen_full > 0xFF00) 3296 if (slen_full > 0xFF00)
3280 return -1; 3297 return (-1);
3281 senc = malloc(slen_full); 3298 senc = malloc(slen_full);
3282 if (!senc) 3299 if (!senc)
3283 return -1; 3300 return (-1);
3284 p = senc; 3301 p = senc;
3285 i2d_SSL_SESSION(s->session, &p); 3302 i2d_SSL_SESSION(s->session, &p);
3286 3303
@@ -3292,7 +3309,7 @@ ssl3_send_newsession_ticket(SSL *s)
3292 sess = d2i_SSL_SESSION(NULL, &const_p, slen_full); 3309 sess = d2i_SSL_SESSION(NULL, &const_p, slen_full);
3293 if (sess == NULL) { 3310 if (sess == NULL) {
3294 free(senc); 3311 free(senc);
3295 return -1; 3312 return (-1);
3296 } 3313 }
3297 3314
3298 /* ID is irrelevant for the ticket */ 3315 /* ID is irrelevant for the ticket */
@@ -3302,13 +3319,13 @@ ssl3_send_newsession_ticket(SSL *s)
3302 if (slen > slen_full) { 3319 if (slen > slen_full) {
3303 /* shouldn't ever happen */ 3320 /* shouldn't ever happen */
3304 free(senc); 3321 free(senc);
3305 return -1; 3322 return (-1);
3306 } 3323 }
3307 p = senc; 3324 p = senc;
3308 i2d_SSL_SESSION(sess, &p); 3325 i2d_SSL_SESSION(sess, &p);
3309 SSL_SESSION_free(sess); 3326 SSL_SESSION_free(sess);
3310 3327
3311 /* 3328 /*
3312 * Grow buffer if need be: the length calculation is as 3329 * Grow buffer if need be: the length calculation is as
3313 * follows 1 (size of message name) + 3 (message length 3330 * follows 1 (size of message name) + 3 (message length
3314 * bytes) + 4 (ticket lifetime hint) + 2 (ticket length) + 3331 * bytes) + 4 (ticket lifetime hint) + 2 (ticket length) +
@@ -3319,7 +3336,7 @@ ssl3_send_newsession_ticket(SSL *s)
3319 if (!BUF_MEM_grow(s->init_buf, 3336 if (!BUF_MEM_grow(s->init_buf,
3320 26 + EVP_MAX_IV_LENGTH + EVP_MAX_BLOCK_LENGTH + 3337 26 + EVP_MAX_IV_LENGTH + EVP_MAX_BLOCK_LENGTH +
3321 EVP_MAX_MD_SIZE + slen)) 3338 EVP_MAX_MD_SIZE + slen))
3322 return -1; 3339 return (-1);
3323 3340
3324 p = (unsigned char *)s->init_buf->data; 3341 p = (unsigned char *)s->init_buf->data;
3325 /* do the header */ 3342 /* do the header */
@@ -3337,7 +3354,7 @@ ssl3_send_newsession_ticket(SSL *s)
3337 if (tctx->tlsext_ticket_key_cb(s, key_name, iv, &ctx, 3354 if (tctx->tlsext_ticket_key_cb(s, key_name, iv, &ctx,
3338 &hctx, 1) < 0) { 3355 &hctx, 1) < 0) {
3339 free(senc); 3356 free(senc);
3340 return -1; 3357 return (-1);
3341 } 3358 }
3342 } else { 3359 } else {
3343 RAND_pseudo_bytes(iv, 16); 3360 RAND_pseudo_bytes(iv, 16);
@@ -3409,7 +3426,7 @@ ssl3_send_cert_status(SSL *s)
3409 * + (ocsp response) 3426 * + (ocsp response)
3410 */ 3427 */
3411 if (!BUF_MEM_grow(s->init_buf, 8 + s->tlsext_ocsp_resplen)) 3428 if (!BUF_MEM_grow(s->init_buf, 8 + s->tlsext_ocsp_resplen))
3412 return -1; 3429 return (-1);
3413 3430
3414 p = (unsigned char *)s->init_buf->data; 3431 p = (unsigned char *)s->init_buf->data;
3415 3432
@@ -3453,7 +3470,7 @@ ssl3_get_next_proto(SSL *s)
3453 if (!s->s3->next_proto_neg_seen) { 3470 if (!s->s3->next_proto_neg_seen) {
3454 SSLerr(SSL_F_SSL3_GET_NEXT_PROTO, 3471 SSLerr(SSL_F_SSL3_GET_NEXT_PROTO,
3455 SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION); 3472 SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION);
3456 return -1; 3473 return (-1);
3457 } 3474 }
3458 3475
3459 n = s->method->ssl_get_message(s, SSL3_ST_SR_NEXT_PROTO_A, 3476 n = s->method->ssl_get_message(s, SSL3_ST_SR_NEXT_PROTO_A,
@@ -3470,11 +3487,11 @@ ssl3_get_next_proto(SSL *s)
3470 if (!s->s3->change_cipher_spec) { 3487 if (!s->s3->change_cipher_spec) {
3471 SSLerr(SSL_F_SSL3_GET_NEXT_PROTO, 3488 SSLerr(SSL_F_SSL3_GET_NEXT_PROTO,
3472 SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS); 3489 SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS);
3473 return -1; 3490 return (-1);
3474 } 3491 }
3475 3492
3476 if (n < 2) 3493 if (n < 2)
3477 return 0; 3494 return (0);
3478 /* The body must be > 1 bytes long */ 3495 /* The body must be > 1 bytes long */
3479 3496
3480 p = (unsigned char *)s->init_msg; 3497 p = (unsigned char *)s->init_msg;
@@ -3488,20 +3505,21 @@ ssl3_get_next_proto(SSL *s)
3488 */ 3505 */
3489 proto_len = p[0]; 3506 proto_len = p[0];
3490 if (proto_len + 2 > s->init_num) 3507 if (proto_len + 2 > s->init_num)
3491 return 0; 3508 return (0);
3492 padding_len = p[proto_len + 1]; 3509 padding_len = p[proto_len + 1];
3493 if (proto_len + padding_len + 2 != s->init_num) 3510 if (proto_len + padding_len + 2 != s->init_num)
3494 return 0; 3511 return (0);
3495 3512
3496 s->next_proto_negotiated = malloc(proto_len); 3513 s->next_proto_negotiated = malloc(proto_len);
3497 if (!s->next_proto_negotiated) { 3514 if (!s->next_proto_negotiated) {
3498 SSLerr(SSL_F_SSL3_GET_NEXT_PROTO, ERR_R_MALLOC_FAILURE); 3515 SSLerr(SSL_F_SSL3_GET_NEXT_PROTO,
3499 return 0; 3516 ERR_R_MALLOC_FAILURE);
3517 return (0);
3500 } 3518 }
3501 memcpy(s->next_proto_negotiated, p + 1, proto_len); 3519 memcpy(s->next_proto_negotiated, p + 1, proto_len);
3502 s->next_proto_negotiated_len = proto_len; 3520 s->next_proto_negotiated_len = proto_len;
3503 3521
3504 return 1; 3522 return (1);
3505} 3523}
3506# endif 3524# endif
3507#endif 3525#endif
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-10-25 06:19:49 +0000