OLD | NEW |
1 /* ssl/d1_clnt.c */ | 1 /* ssl/d1_clnt.c */ |
2 /* | 2 /* |
3 * DTLS implementation written by Nagendra Modadugu | 3 * DTLS implementation written by Nagendra Modadugu |
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. | 4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. |
5 */ | 5 */ |
6 /* ==================================================================== | 6 /* ==================================================================== |
7 * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. | 7 * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved. |
8 * | 8 * |
9 * Redistribution and use in source and binary forms, with or without | 9 * Redistribution and use in source and binary forms, with or without |
10 * modification, are permitted provided that the following conditions | 10 * modification, are permitted provided that the following conditions |
11 * are met: | 11 * are met: |
12 * | 12 * |
13 * 1. Redistributions of source code must retain the above copyright | 13 * 1. Redistributions of source code must retain the above copyright |
14 * notice, this list of conditions and the following disclaimer. | 14 * notice, this list of conditions and the following disclaimer. |
15 * | 15 * |
16 * 2. Redistributions in binary form must reproduce the above copyright | 16 * 2. Redistributions in binary form must reproduce the above copyright |
17 * notice, this list of conditions and the following disclaimer in | 17 * notice, this list of conditions and the following disclaimer in |
(...skipping 90 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
108 * SUCH DAMAGE. | 108 * SUCH DAMAGE. |
109 * | 109 * |
110 * The licence and distribution terms for any publically available version or | 110 * The licence and distribution terms for any publically available version or |
111 * derivative of this code cannot be changed. i.e. this code cannot simply be | 111 * derivative of this code cannot be changed. i.e. this code cannot simply be |
112 * copied and put under another distribution licence | 112 * copied and put under another distribution licence |
113 * [including the GNU Public Licence.] | 113 * [including the GNU Public Licence.] |
114 */ | 114 */ |
115 | 115 |
116 #include <stdio.h> | 116 #include <stdio.h> |
117 #include "ssl_locl.h" | 117 #include "ssl_locl.h" |
| 118 #ifndef OPENSSL_NO_KRB5 |
118 #include "kssl_lcl.h" | 119 #include "kssl_lcl.h" |
| 120 #endif |
119 #include <openssl/buffer.h> | 121 #include <openssl/buffer.h> |
120 #include <openssl/rand.h> | 122 #include <openssl/rand.h> |
121 #include <openssl/objects.h> | 123 #include <openssl/objects.h> |
122 #include <openssl/evp.h> | 124 #include <openssl/evp.h> |
123 #include <openssl/md5.h> | 125 #include <openssl/md5.h> |
| 126 #include <openssl/bn.h> |
124 #ifndef OPENSSL_NO_DH | 127 #ifndef OPENSSL_NO_DH |
125 #include <openssl/dh.h> | 128 #include <openssl/dh.h> |
126 #endif | 129 #endif |
127 | 130 |
128 static SSL_METHOD *dtls1_get_client_method(int ver); | 131 static const SSL_METHOD *dtls1_get_client_method(int ver); |
129 static int dtls1_get_hello_verify(SSL *s); | 132 static int dtls1_get_hello_verify(SSL *s); |
130 | 133 |
131 static SSL_METHOD *dtls1_get_client_method(int ver) | 134 static const SSL_METHOD *dtls1_get_client_method(int ver) |
132 { | 135 { |
133 if (ver == DTLS1_VERSION || ver == DTLS1_BAD_VER) | 136 if (ver == DTLS1_VERSION || ver == DTLS1_BAD_VER) |
134 return(DTLSv1_client_method()); | 137 return(DTLSv1_client_method()); |
135 else | 138 else |
136 return(NULL); | 139 return(NULL); |
137 } | 140 } |
138 | 141 |
139 IMPLEMENT_dtls1_meth_func(DTLSv1_client_method, | 142 IMPLEMENT_dtls1_meth_func(DTLSv1_client_method, |
140 ssl_undefined_function, | 143 ssl_undefined_function, |
141 dtls1_connect, | 144 dtls1_connect, |
142 dtls1_get_client_method) | 145 dtls1_get_client_method) |
143 | 146 |
144 int dtls1_connect(SSL *s) | 147 int dtls1_connect(SSL *s) |
145 { | 148 { |
146 BUF_MEM *buf=NULL; | 149 BUF_MEM *buf=NULL; |
147 » unsigned long Time=(unsigned long)time(NULL),l; | 150 » unsigned long Time=(unsigned long)time(NULL); |
148 void (*cb)(const SSL *ssl,int type,int val)=NULL; | 151 void (*cb)(const SSL *ssl,int type,int val)=NULL; |
149 int ret= -1; | 152 int ret= -1; |
150 int new_state,state,skip=0;; | 153 int new_state,state,skip=0;; |
151 | 154 |
152 RAND_add(&Time,sizeof(Time),0); | 155 RAND_add(&Time,sizeof(Time),0); |
153 ERR_clear_error(); | 156 ERR_clear_error(); |
154 clear_sys_error(); | 157 clear_sys_error(); |
155 | 158 |
156 if (s->info_callback != NULL) | 159 if (s->info_callback != NULL) |
157 cb=s->info_callback; | 160 cb=s->info_callback; |
(...skipping 131 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
289 { | 292 { |
290 s->hit = 1; | 293 s->hit = 1; |
291 if (s->tlsext_ticket_expected) | 294 if (s->tlsext_ticket_expected) |
292 s->state=SSL3_ST_CR_SESSION_TICKET_A; | 295 s->state=SSL3_ST_CR_SESSION_TICKET_A; |
293 else | 296 else |
294 s->state=SSL3_ST_CR_FINISHED_A; | 297 s->state=SSL3_ST_CR_FINISHED_A; |
295 s->init_num=0; | 298 s->init_num=0; |
296 break; | 299 break; |
297 } | 300 } |
298 #endif | 301 #endif |
299 » » » /* Check if it is anon DH */ | 302 » » » /* Check if it is anon DH or PSK */ |
300 » » » if (!(s->s3->tmp.new_cipher->algorithms & SSL_aNULL)) | 303 » » » if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL)
&& |
| 304 » » » !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) |
301 { | 305 { |
302 ret=ssl3_get_server_certificate(s); | 306 ret=ssl3_get_server_certificate(s); |
303 if (ret <= 0) goto end; | 307 if (ret <= 0) goto end; |
304 #ifndef OPENSSL_NO_TLSEXT | 308 #ifndef OPENSSL_NO_TLSEXT |
305 if (s->tlsext_status_expected) | 309 if (s->tlsext_status_expected) |
306 s->state=SSL3_ST_CR_CERT_STATUS_A; | 310 s->state=SSL3_ST_CR_CERT_STATUS_A; |
307 else | 311 else |
308 s->state=SSL3_ST_CR_KEY_EXCH_A; | 312 s->state=SSL3_ST_CR_KEY_EXCH_A; |
309 } | 313 } |
310 else | 314 else |
(...skipping 56 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
367 if (ret <= 0) goto end; | 371 if (ret <= 0) goto end; |
368 s->state=SSL3_ST_CW_KEY_EXCH_A; | 372 s->state=SSL3_ST_CW_KEY_EXCH_A; |
369 s->init_num=0; | 373 s->init_num=0; |
370 break; | 374 break; |
371 | 375 |
372 case SSL3_ST_CW_KEY_EXCH_A: | 376 case SSL3_ST_CW_KEY_EXCH_A: |
373 case SSL3_ST_CW_KEY_EXCH_B: | 377 case SSL3_ST_CW_KEY_EXCH_B: |
374 dtls1_start_timer(s); | 378 dtls1_start_timer(s); |
375 ret=dtls1_send_client_key_exchange(s); | 379 ret=dtls1_send_client_key_exchange(s); |
376 if (ret <= 0) goto end; | 380 if (ret <= 0) goto end; |
377 l=s->s3->tmp.new_cipher->algorithms; | |
378 /* EAY EAY EAY need to check for DH fix cert | 381 /* EAY EAY EAY need to check for DH fix cert |
379 * sent back */ | 382 * sent back */ |
380 /* For TLS, cert_req is set to 2, so a cert chain | 383 /* For TLS, cert_req is set to 2, so a cert chain |
381 * of nothing is sent, but no verify packet is sent */ | 384 * of nothing is sent, but no verify packet is sent */ |
382 if (s->s3->tmp.cert_req == 1) | 385 if (s->s3->tmp.cert_req == 1) |
383 { | 386 { |
384 s->state=SSL3_ST_CW_CERT_VRFY_A; | 387 s->state=SSL3_ST_CW_CERT_VRFY_A; |
385 } | 388 } |
386 else | 389 else |
387 { | 390 { |
388 s->state=SSL3_ST_CW_CHANGE_A; | 391 s->state=SSL3_ST_CW_CHANGE_A; |
389 s->s3->change_cipher_spec=0; | 392 s->s3->change_cipher_spec=0; |
390 } | 393 } |
391 | 394 |
392 s->init_num=0; | 395 s->init_num=0; |
393 break; | 396 break; |
394 | 397 |
395 case SSL3_ST_CW_CERT_VRFY_A: | 398 case SSL3_ST_CW_CERT_VRFY_A: |
396 case SSL3_ST_CW_CERT_VRFY_B: | 399 case SSL3_ST_CW_CERT_VRFY_B: |
397 dtls1_start_timer(s); | 400 dtls1_start_timer(s); |
398 ret=dtls1_send_client_verify(s); | 401 ret=dtls1_send_client_verify(s); |
399 if (ret <= 0) goto end; | 402 if (ret <= 0) goto end; |
400 s->state=SSL3_ST_CW_CHANGE_A; | 403 s->state=SSL3_ST_CW_CHANGE_A; |
401 s->init_num=0; | 404 s->init_num=0; |
402 s->s3->change_cipher_spec=0; | 405 s->s3->change_cipher_spec=0; |
403 break; | 406 break; |
404 | 407 |
405 case SSL3_ST_CW_CHANGE_A: | 408 case SSL3_ST_CW_CHANGE_A: |
406 case SSL3_ST_CW_CHANGE_B: | 409 case SSL3_ST_CW_CHANGE_B: |
407 » » » dtls1_start_timer(s); | 410 » » » if (!s->hit) |
| 411 » » » » dtls1_start_timer(s); |
408 ret=dtls1_send_change_cipher_spec(s, | 412 ret=dtls1_send_change_cipher_spec(s, |
409 SSL3_ST_CW_CHANGE_A,SSL3_ST_CW_CHANGE_B); | 413 SSL3_ST_CW_CHANGE_A,SSL3_ST_CW_CHANGE_B); |
410 if (ret <= 0) goto end; | 414 if (ret <= 0) goto end; |
411 s->state=SSL3_ST_CW_FINISHED_A; | 415 s->state=SSL3_ST_CW_FINISHED_A; |
412 s->init_num=0; | 416 s->init_num=0; |
413 | 417 |
414 s->session->cipher=s->s3->tmp.new_cipher; | 418 s->session->cipher=s->s3->tmp.new_cipher; |
415 #ifdef OPENSSL_NO_COMP | 419 #ifdef OPENSSL_NO_COMP |
416 s->session->compress_meth=0; | 420 s->session->compress_meth=0; |
417 #else | 421 #else |
(...skipping 14 matching lines...) Expand all Loading... |
432 { | 436 { |
433 ret= -1; | 437 ret= -1; |
434 goto end; | 438 goto end; |
435 } | 439 } |
436 | 440 |
437 dtls1_reset_seq_numbers(s, SSL3_CC_WRITE); | 441 dtls1_reset_seq_numbers(s, SSL3_CC_WRITE); |
438 break; | 442 break; |
439 | 443 |
440 case SSL3_ST_CW_FINISHED_A: | 444 case SSL3_ST_CW_FINISHED_A: |
441 case SSL3_ST_CW_FINISHED_B: | 445 case SSL3_ST_CW_FINISHED_B: |
442 » » » dtls1_start_timer(s); | 446 » » » if (!s->hit) |
| 447 » » » » dtls1_start_timer(s); |
443 ret=dtls1_send_finished(s, | 448 ret=dtls1_send_finished(s, |
444 SSL3_ST_CW_FINISHED_A,SSL3_ST_CW_FINISHED_B, | 449 SSL3_ST_CW_FINISHED_A,SSL3_ST_CW_FINISHED_B, |
445 s->method->ssl3_enc->client_finished_label, | 450 s->method->ssl3_enc->client_finished_label, |
446 s->method->ssl3_enc->client_finished_label_len); | 451 s->method->ssl3_enc->client_finished_label_len); |
447 if (ret <= 0) goto end; | 452 if (ret <= 0) goto end; |
448 s->state=SSL3_ST_CW_FLUSH; | 453 s->state=SSL3_ST_CW_FLUSH; |
449 | 454 |
450 /* clear flags */ | 455 /* clear flags */ |
451 s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER; | 456 s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER; |
452 if (s->hit) | 457 if (s->hit) |
(...skipping 11 matching lines...) Expand all Loading... |
464 #ifndef OPENSSL_NO_TLSEXT | 469 #ifndef OPENSSL_NO_TLSEXT |
465 /* Allow NewSessionTicket if ticket expected */ | 470 /* Allow NewSessionTicket if ticket expected */ |
466 if (s->tlsext_ticket_expected) | 471 if (s->tlsext_ticket_expected) |
467 s->s3->tmp.next_state=SSL3_ST_CR_SESSION
_TICKET_A; | 472 s->s3->tmp.next_state=SSL3_ST_CR_SESSION
_TICKET_A; |
468 else | 473 else |
469 #endif | 474 #endif |
470 | 475 |
471 s->s3->tmp.next_state=SSL3_ST_CR_FINISHED_A; | 476 s->s3->tmp.next_state=SSL3_ST_CR_FINISHED_A; |
472 } | 477 } |
473 s->init_num=0; | 478 s->init_num=0; |
474 | |
475 break; | 479 break; |
476 | 480 |
477 #ifndef OPENSSL_NO_TLSEXT | 481 #ifndef OPENSSL_NO_TLSEXT |
478 case SSL3_ST_CR_SESSION_TICKET_A: | 482 case SSL3_ST_CR_SESSION_TICKET_A: |
479 case SSL3_ST_CR_SESSION_TICKET_B: | 483 case SSL3_ST_CR_SESSION_TICKET_B: |
480 ret=ssl3_get_new_session_ticket(s); | 484 ret=ssl3_get_new_session_ticket(s); |
481 if (ret <= 0) goto end; | 485 if (ret <= 0) goto end; |
482 s->state=SSL3_ST_CR_FINISHED_A; | 486 s->state=SSL3_ST_CR_FINISHED_A; |
483 s->init_num=0; | 487 s->init_num=0; |
484 break; | 488 break; |
(...skipping 119 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
604 SSL_SESSION *sess = s->session; | 608 SSL_SESSION *sess = s->session; |
605 if ((s->session == NULL) || | 609 if ((s->session == NULL) || |
606 (s->session->ssl_version != s->version) || | 610 (s->session->ssl_version != s->version) || |
607 #ifdef OPENSSL_NO_TLSEXT | 611 #ifdef OPENSSL_NO_TLSEXT |
608 !sess->session_id_length || | 612 !sess->session_id_length || |
609 #else | 613 #else |
610 (!sess->session_id_length && !sess->tlsext_tick) || | 614 (!sess->session_id_length && !sess->tlsext_tick) || |
611 #endif | 615 #endif |
612 (s->session->not_resumable)) | 616 (s->session->not_resumable)) |
613 { | 617 { |
| 618 if (!s->session_creation_enabled) |
| 619 { |
| 620 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE
_FAILURE); |
| 621 SSLerr(SSL_F_DTLS1_CLIENT_HELLO,SSL_R_SESSION_MA
Y_NOT_BE_CREATED); |
| 622 goto err; |
| 623 } |
614 if (!ssl_get_new_session(s,0)) | 624 if (!ssl_get_new_session(s,0)) |
615 goto err; | 625 goto err; |
616 } | 626 } |
617 /* else use the pre-loaded session */ | 627 /* else use the pre-loaded session */ |
618 | 628 |
619 p=s->s3->client_random; | 629 p=s->s3->client_random; |
| 630 |
620 /* if client_random is initialized, reuse it, we are | 631 /* if client_random is initialized, reuse it, we are |
621 * required to use same upon reply to HelloVerify */ | 632 * required to use same upon reply to HelloVerify */ |
622 for (i=0;p[i]=='\0' && i<sizeof(s->s3->client_random);i++) ; | 633 for (i=0;p[i]=='\0' && i<sizeof(s->s3->client_random);i++) ; |
623 if (i==sizeof(s->s3->client_random)) | 634 if (i==sizeof(s->s3->client_random)) |
624 { | 635 { |
625 Time=(unsigned long)time(NULL); /* Time */ | 636 Time=(unsigned long)time(NULL); /* Time */ |
626 l2n(Time,p); | 637 l2n(Time,p); |
627 » » » RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4); | 638 » » » RAND_pseudo_bytes(p,sizeof(s->s3->client_random)-4); |
628 } | 639 } |
629 | 640 |
630 /* Do the message type and length last */ | 641 /* Do the message type and length last */ |
631 d=p= &(buf[DTLS1_HM_HEADER_LENGTH]); | 642 d=p= &(buf[DTLS1_HM_HEADER_LENGTH]); |
632 | 643 |
633 *(p++)=s->version>>8; | 644 *(p++)=s->version>>8; |
634 *(p++)=s->version&0xff; | 645 *(p++)=s->version&0xff; |
635 s->client_version=s->version; | 646 s->client_version=s->version; |
636 | 647 |
637 /* Random stuff */ | 648 /* Random stuff */ |
(...skipping 126 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
764 | 775 |
765 f_err: | 776 f_err: |
766 ssl3_send_alert(s, SSL3_AL_FATAL, al); | 777 ssl3_send_alert(s, SSL3_AL_FATAL, al); |
767 return -1; | 778 return -1; |
768 } | 779 } |
769 | 780 |
770 int dtls1_send_client_key_exchange(SSL *s) | 781 int dtls1_send_client_key_exchange(SSL *s) |
771 { | 782 { |
772 unsigned char *p,*d; | 783 unsigned char *p,*d; |
773 int n; | 784 int n; |
774 » unsigned long l; | 785 » unsigned long alg_k; |
775 #ifndef OPENSSL_NO_RSA | 786 #ifndef OPENSSL_NO_RSA |
776 unsigned char *q; | 787 unsigned char *q; |
777 EVP_PKEY *pkey=NULL; | 788 EVP_PKEY *pkey=NULL; |
778 #endif | 789 #endif |
779 #ifndef OPENSSL_NO_KRB5 | 790 #ifndef OPENSSL_NO_KRB5 |
780 KSSL_ERR kssl_err; | 791 KSSL_ERR kssl_err; |
781 #endif /* OPENSSL_NO_KRB5 */ | 792 #endif /* OPENSSL_NO_KRB5 */ |
| 793 #ifndef OPENSSL_NO_ECDH |
| 794 EC_KEY *clnt_ecdh = NULL; |
| 795 const EC_POINT *srvr_ecpoint = NULL; |
| 796 EVP_PKEY *srvr_pub_pkey = NULL; |
| 797 unsigned char *encodedPoint = NULL; |
| 798 int encoded_pt_len = 0; |
| 799 BN_CTX * bn_ctx = NULL; |
| 800 #endif |
782 | 801 |
783 if (s->state == SSL3_ST_CW_KEY_EXCH_A) | 802 if (s->state == SSL3_ST_CW_KEY_EXCH_A) |
784 { | 803 { |
785 d=(unsigned char *)s->init_buf->data; | 804 d=(unsigned char *)s->init_buf->data; |
786 p= &(d[DTLS1_HM_HEADER_LENGTH]); | 805 p= &(d[DTLS1_HM_HEADER_LENGTH]); |
787 | 806 » » |
788 » » l=s->s3->tmp.new_cipher->algorithms; | 807 » » alg_k=s->s3->tmp.new_cipher->algorithm_mkey; |
789 | 808 |
790 /* Fool emacs indentation */ | 809 /* Fool emacs indentation */ |
791 if (0) {} | 810 if (0) {} |
792 #ifndef OPENSSL_NO_RSA | 811 #ifndef OPENSSL_NO_RSA |
793 » » else if (l & SSL_kRSA) | 812 » » else if (alg_k & SSL_kRSA) |
794 { | 813 { |
795 RSA *rsa; | 814 RSA *rsa; |
796 unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH]; | 815 unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH]; |
797 | 816 |
798 if (s->session->sess_cert->peer_rsa_tmp != NULL) | 817 if (s->session->sess_cert->peer_rsa_tmp != NULL) |
799 rsa=s->session->sess_cert->peer_rsa_tmp; | 818 rsa=s->session->sess_cert->peer_rsa_tmp; |
800 else | 819 else |
801 { | 820 { |
802 pkey=X509_get_pubkey(s->session->sess_cert->peer
_pkeys[SSL_PKEY_RSA_ENC].x509); | 821 pkey=X509_get_pubkey(s->session->sess_cert->peer
_pkeys[SSL_PKEY_RSA_ENC].x509); |
803 if ((pkey == NULL) || | 822 if ((pkey == NULL) || |
(...skipping 38 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
842 } | 861 } |
843 | 862 |
844 s->session->master_key_length= | 863 s->session->master_key_length= |
845 s->method->ssl3_enc->generate_master_secret(s, | 864 s->method->ssl3_enc->generate_master_secret(s, |
846 s->session->master_key, | 865 s->session->master_key, |
847 tmp_buf,sizeof tmp_buf); | 866 tmp_buf,sizeof tmp_buf); |
848 OPENSSL_cleanse(tmp_buf,sizeof tmp_buf); | 867 OPENSSL_cleanse(tmp_buf,sizeof tmp_buf); |
849 } | 868 } |
850 #endif | 869 #endif |
851 #ifndef OPENSSL_NO_KRB5 | 870 #ifndef OPENSSL_NO_KRB5 |
852 » » else if (l & SSL_kKRB5) | 871 » » else if (alg_k & SSL_kKRB5) |
853 { | 872 { |
854 krb5_error_code krb5rc; | 873 krb5_error_code krb5rc; |
855 KSSL_CTX *kssl_ctx = s->kssl_ctx; | 874 KSSL_CTX *kssl_ctx = s->kssl_ctx; |
856 /* krb5_data krb5_ap_req; */ | 875 /* krb5_data krb5_ap_req; */ |
857 krb5_data *enc_ticket; | 876 krb5_data *enc_ticket; |
858 krb5_data authenticator, *authp = NULL; | 877 krb5_data authenticator, *authp = NULL; |
859 EVP_CIPHER_CTX ciph_ctx; | 878 EVP_CIPHER_CTX ciph_ctx; |
860 » » » EVP_CIPHER» *enc = NULL; | 879 » » » const EVP_CIPHER *enc = NULL; |
861 unsigned char iv[EVP_MAX_IV_LENGTH]; | 880 unsigned char iv[EVP_MAX_IV_LENGTH]; |
862 unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH]; | 881 unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH]; |
863 unsigned char epms[SSL_MAX_MASTER_KEY_LENGTH | 882 unsigned char epms[SSL_MAX_MASTER_KEY_LENGTH |
864 + EVP_MAX_IV_LENGTH]; | 883 + EVP_MAX_IV_LENGTH]; |
865 int padl, outl = sizeof(epms); | 884 int padl, outl = sizeof(epms); |
866 | 885 |
867 EVP_CIPHER_CTX_init(&ciph_ctx); | 886 EVP_CIPHER_CTX_init(&ciph_ctx); |
868 | 887 |
869 #ifdef KSSL_DEBUG | 888 #ifdef KSSL_DEBUG |
870 printf("ssl3_send_client_key_exchange(%lx & %lx)\n", | 889 printf("ssl3_send_client_key_exchange(%lx & %lx)\n", |
871 l, SSL_kKRB5); | 890 alg_k, SSL_kKRB5); |
872 #endif /* KSSL_DEBUG */ | 891 #endif /* KSSL_DEBUG */ |
873 | 892 |
874 authp = NULL; | 893 authp = NULL; |
875 #ifdef KRB5SENDAUTH | 894 #ifdef KRB5SENDAUTH |
876 if (KRB5SENDAUTH) authp = &authenticator; | 895 if (KRB5SENDAUTH) authp = &authenticator; |
877 #endif /* KRB5SENDAUTH */ | 896 #endif /* KRB5SENDAUTH */ |
878 | 897 |
879 krb5rc = kssl_cget_tkt(kssl_ctx, &enc_ticket, authp, | 898 krb5rc = kssl_cget_tkt(kssl_ctx, &enc_ticket, authp, |
880 &kssl_err); | 899 &kssl_err); |
881 enc = kssl_map_enc(kssl_ctx->enctype); | 900 enc = kssl_map_enc(kssl_ctx->enctype); |
(...skipping 69 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
951 ** EVP_EncryptInit_ex(&ciph_ctx,NULL, key,iv); | 970 ** EVP_EncryptInit_ex(&ciph_ctx,NULL, key,iv); |
952 */ | 971 */ |
953 | 972 |
954 memset(iv, 0, sizeof iv); /* per RFC 1510 */ | 973 memset(iv, 0, sizeof iv); /* per RFC 1510 */ |
955 EVP_EncryptInit_ex(&ciph_ctx,enc, NULL, | 974 EVP_EncryptInit_ex(&ciph_ctx,enc, NULL, |
956 kssl_ctx->key,iv); | 975 kssl_ctx->key,iv); |
957 EVP_EncryptUpdate(&ciph_ctx,epms,&outl,tmp_buf, | 976 EVP_EncryptUpdate(&ciph_ctx,epms,&outl,tmp_buf, |
958 sizeof tmp_buf); | 977 sizeof tmp_buf); |
959 EVP_EncryptFinal_ex(&ciph_ctx,&(epms[outl]),&padl); | 978 EVP_EncryptFinal_ex(&ciph_ctx,&(epms[outl]),&padl); |
960 outl += padl; | 979 outl += padl; |
961 » » » if (outl > sizeof epms) | 980 » » » if (outl > (int)sizeof epms) |
962 { | 981 { |
963 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, ERR
_R_INTERNAL_ERROR); | 982 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, ERR
_R_INTERNAL_ERROR); |
964 goto err; | 983 goto err; |
965 } | 984 } |
966 EVP_CIPHER_CTX_cleanup(&ciph_ctx); | 985 EVP_CIPHER_CTX_cleanup(&ciph_ctx); |
967 | 986 |
968 /* KerberosWrapper.EncryptedPreMasterSecret */ | 987 /* KerberosWrapper.EncryptedPreMasterSecret */ |
969 s2n(outl,p); | 988 s2n(outl,p); |
970 memcpy(p, epms, outl); | 989 memcpy(p, epms, outl); |
971 p+=outl; | 990 p+=outl; |
972 n+=outl + 2; | 991 n+=outl + 2; |
973 | 992 |
974 s->session->master_key_length= | 993 s->session->master_key_length= |
975 s->method->ssl3_enc->generate_master_secret(s, | 994 s->method->ssl3_enc->generate_master_secret(s, |
976 s->session->master_key, | 995 s->session->master_key, |
977 tmp_buf, sizeof tmp_buf); | 996 tmp_buf, sizeof tmp_buf); |
978 | 997 |
979 OPENSSL_cleanse(tmp_buf, sizeof tmp_buf); | 998 OPENSSL_cleanse(tmp_buf, sizeof tmp_buf); |
980 OPENSSL_cleanse(epms, outl); | 999 OPENSSL_cleanse(epms, outl); |
981 } | 1000 } |
982 #endif | 1001 #endif |
983 #ifndef OPENSSL_NO_DH | 1002 #ifndef OPENSSL_NO_DH |
984 » » else if (l & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) | 1003 » » else if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) |
985 { | 1004 { |
986 DH *dh_srvr,*dh_clnt; | 1005 DH *dh_srvr,*dh_clnt; |
987 | 1006 |
988 if (s->session->sess_cert->peer_dh_tmp != NULL) | 1007 if (s->session->sess_cert->peer_dh_tmp != NULL) |
989 dh_srvr=s->session->sess_cert->peer_dh_tmp; | 1008 dh_srvr=s->session->sess_cert->peer_dh_tmp; |
990 else | 1009 else |
991 { | 1010 { |
992 /* we get them from the cert */ | 1011 /* we get them from the cert */ |
993 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE
_FAILURE); | 1012 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE
_FAILURE); |
994 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,SSL_
R_UNABLE_TO_FIND_DH_PARAMETERS); | 1013 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,SSL_
R_UNABLE_TO_FIND_DH_PARAMETERS); |
(...skipping 34 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1029 n=BN_num_bytes(dh_clnt->pub_key); | 1048 n=BN_num_bytes(dh_clnt->pub_key); |
1030 s2n(n,p); | 1049 s2n(n,p); |
1031 BN_bn2bin(dh_clnt->pub_key,p); | 1050 BN_bn2bin(dh_clnt->pub_key,p); |
1032 n+=2; | 1051 n+=2; |
1033 | 1052 |
1034 DH_free(dh_clnt); | 1053 DH_free(dh_clnt); |
1035 | 1054 |
1036 /* perhaps clean things up a bit EAY EAY EAY EAY*/ | 1055 /* perhaps clean things up a bit EAY EAY EAY EAY*/ |
1037 } | 1056 } |
1038 #endif | 1057 #endif |
| 1058 #ifndef OPENSSL_NO_ECDH |
| 1059 else if (alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) |
| 1060 { |
| 1061 const EC_GROUP *srvr_group = NULL; |
| 1062 EC_KEY *tkey; |
| 1063 int ecdh_clnt_cert = 0; |
| 1064 int field_size = 0; |
| 1065 |
| 1066 /* Did we send out the client's |
| 1067 * ECDH share for use in premaster |
| 1068 * computation as part of client certificate? |
| 1069 * If so, set ecdh_clnt_cert to 1. |
| 1070 */ |
| 1071 if ((alg_k & (SSL_kECDHr|SSL_kECDHe)) && (s->cert != NUL
L)) |
| 1072 { |
| 1073 /* XXX: For now, we do not support client |
| 1074 * authentication using ECDH certificates. |
| 1075 * To add such support, one needs to add |
| 1076 * code that checks for appropriate |
| 1077 * conditions and sets ecdh_clnt_cert to 1. |
| 1078 * For example, the cert have an ECC |
| 1079 * key on the same curve as the server's |
| 1080 * and the key should be authorized for |
| 1081 * key agreement. |
| 1082 * |
| 1083 * One also needs to add code in ssl3_connect |
| 1084 * to skip sending the certificate verify |
| 1085 * message. |
| 1086 * |
| 1087 * if ((s->cert->key->privatekey != NULL) && |
| 1088 * (s->cert->key->privatekey->type == |
| 1089 * EVP_PKEY_EC) && ...) |
| 1090 * ecdh_clnt_cert = 1; |
| 1091 */ |
| 1092 } |
| 1093 |
| 1094 if (s->session->sess_cert->peer_ecdh_tmp != NULL) |
| 1095 { |
| 1096 tkey = s->session->sess_cert->peer_ecdh_tmp; |
| 1097 } |
| 1098 else |
| 1099 { |
| 1100 /* Get the Server Public Key from Cert */ |
| 1101 srvr_pub_pkey = X509_get_pubkey(s->session-> \ |
| 1102 sess_cert->peer_pkeys[SSL_PKEY_ECC].x509); |
| 1103 if ((srvr_pub_pkey == NULL) || |
| 1104 (srvr_pub_pkey->type != EVP_PKEY_EC) || |
| 1105 (srvr_pub_pkey->pkey.ec == NULL)) |
| 1106 { |
| 1107 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHA
NGE, |
| 1108 ERR_R_INTERNAL_ERROR); |
| 1109 goto err; |
| 1110 } |
| 1111 |
| 1112 tkey = srvr_pub_pkey->pkey.ec; |
| 1113 } |
| 1114 |
| 1115 srvr_group = EC_KEY_get0_group(tkey); |
| 1116 srvr_ecpoint = EC_KEY_get0_public_key(tkey); |
| 1117 |
| 1118 if ((srvr_group == NULL) || (srvr_ecpoint == NULL)) |
| 1119 { |
| 1120 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, |
| 1121 ERR_R_INTERNAL_ERROR); |
| 1122 goto err; |
| 1123 } |
| 1124 |
| 1125 if ((clnt_ecdh=EC_KEY_new()) == NULL) |
| 1126 { |
| 1127 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_
R_MALLOC_FAILURE); |
| 1128 goto err; |
| 1129 } |
| 1130 |
| 1131 if (!EC_KEY_set_group(clnt_ecdh, srvr_group)) |
| 1132 { |
| 1133 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_
R_EC_LIB); |
| 1134 goto err; |
| 1135 } |
| 1136 if (ecdh_clnt_cert) |
| 1137 { |
| 1138 /* Reuse key info from our certificate |
| 1139 * We only need our private key to perform |
| 1140 * the ECDH computation. |
| 1141 */ |
| 1142 const BIGNUM *priv_key; |
| 1143 tkey = s->cert->key->privatekey->pkey.ec; |
| 1144 priv_key = EC_KEY_get0_private_key(tkey); |
| 1145 if (priv_key == NULL) |
| 1146 { |
| 1147 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHA
NGE,ERR_R_MALLOC_FAILURE); |
| 1148 goto err; |
| 1149 } |
| 1150 if (!EC_KEY_set_private_key(clnt_ecdh, priv_key)
) |
| 1151 { |
| 1152 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHA
NGE,ERR_R_EC_LIB); |
| 1153 goto err; |
| 1154 } |
| 1155 } |
| 1156 else |
| 1157 { |
| 1158 /* Generate a new ECDH key pair */ |
| 1159 if (!(EC_KEY_generate_key(clnt_ecdh))) |
| 1160 { |
| 1161 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHA
NGE, ERR_R_ECDH_LIB); |
| 1162 goto err; |
| 1163 } |
| 1164 } |
| 1165 |
| 1166 /* use the 'p' output buffer for the ECDH key, but |
| 1167 * make sure to clear it out afterwards |
| 1168 */ |
| 1169 |
| 1170 field_size = EC_GROUP_get_degree(srvr_group); |
| 1171 if (field_size <= 0) |
| 1172 { |
| 1173 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, |
| 1174 ERR_R_ECDH_LIB); |
| 1175 goto err; |
| 1176 } |
| 1177 n=ECDH_compute_key(p, (field_size+7)/8, srvr_ecpoint, cl
nt_ecdh, NULL); |
| 1178 if (n <= 0) |
| 1179 { |
| 1180 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, |
| 1181 ERR_R_ECDH_LIB); |
| 1182 goto err; |
| 1183 } |
| 1184 |
| 1185 /* generate master key from the result */ |
| 1186 s->session->master_key_length = s->method->ssl3_enc \ |
| 1187 -> generate_master_secret(s, |
| 1188 s->session->master_key, |
| 1189 p, n); |
| 1190 |
| 1191 memset(p, 0, n); /* clean up */ |
| 1192 |
| 1193 if (ecdh_clnt_cert) |
| 1194 { |
| 1195 /* Send empty client key exch message */ |
| 1196 n = 0; |
| 1197 } |
| 1198 else |
| 1199 { |
| 1200 /* First check the size of encoding and |
| 1201 * allocate memory accordingly. |
| 1202 */ |
| 1203 encoded_pt_len = |
| 1204 EC_POINT_point2oct(srvr_group, |
| 1205 EC_KEY_get0_public_key(clnt_ecdh), |
| 1206 POINT_CONVERSION_UNCOMPRESSED, |
| 1207 NULL, 0, NULL); |
| 1208 |
| 1209 encodedPoint = (unsigned char *) |
| 1210 OPENSSL_malloc(encoded_pt_len * |
| 1211 sizeof(unsigned char)); |
| 1212 bn_ctx = BN_CTX_new(); |
| 1213 if ((encodedPoint == NULL) || |
| 1214 (bn_ctx == NULL)) |
| 1215 { |
| 1216 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHA
NGE,ERR_R_MALLOC_FAILURE); |
| 1217 goto err; |
| 1218 } |
| 1219 |
| 1220 /* Encode the public key */ |
| 1221 n = EC_POINT_point2oct(srvr_group, |
| 1222 EC_KEY_get0_public_key(clnt_ecdh), |
| 1223 POINT_CONVERSION_UNCOMPRESSED, |
| 1224 encodedPoint, encoded_pt_len, bn_ctx); |
| 1225 |
| 1226 *p = n; /* length of encoded point */ |
| 1227 /* Encoded point will be copied here */ |
| 1228 p += 1; |
| 1229 /* copy the point */ |
| 1230 memcpy((unsigned char *)p, encodedPoint, n); |
| 1231 /* increment n to account for length field */ |
| 1232 n += 1; |
| 1233 } |
| 1234 |
| 1235 /* Free allocated memory */ |
| 1236 BN_CTX_free(bn_ctx); |
| 1237 if (encodedPoint != NULL) OPENSSL_free(encodedPoint); |
| 1238 if (clnt_ecdh != NULL) |
| 1239 EC_KEY_free(clnt_ecdh); |
| 1240 EVP_PKEY_free(srvr_pub_pkey); |
| 1241 } |
| 1242 #endif /* !OPENSSL_NO_ECDH */ |
| 1243 |
| 1244 #ifndef OPENSSL_NO_PSK |
| 1245 else if (alg_k & SSL_kPSK) |
| 1246 { |
| 1247 char identity[PSK_MAX_IDENTITY_LEN]; |
| 1248 unsigned char *t = NULL; |
| 1249 unsigned char psk_or_pre_ms[PSK_MAX_PSK_LEN*2+4]; |
| 1250 unsigned int pre_ms_len = 0, psk_len = 0; |
| 1251 int psk_err = 1; |
| 1252 |
| 1253 n = 0; |
| 1254 if (s->psk_client_callback == NULL) |
| 1255 { |
| 1256 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, |
| 1257 SSL_R_PSK_NO_CLIENT_CB); |
| 1258 goto err; |
| 1259 } |
| 1260 |
| 1261 psk_len = s->psk_client_callback(s, s->ctx->psk_identity
_hint, |
| 1262 identity, PSK_MAX_IDENTITY_LEN, |
| 1263 psk_or_pre_ms, sizeof(psk_or_pre_ms)); |
| 1264 if (psk_len > PSK_MAX_PSK_LEN) |
| 1265 { |
| 1266 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, |
| 1267 ERR_R_INTERNAL_ERROR); |
| 1268 goto psk_err; |
| 1269 } |
| 1270 else if (psk_len == 0) |
| 1271 { |
| 1272 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, |
| 1273 SSL_R_PSK_IDENTITY_NOT_FOUND); |
| 1274 goto psk_err; |
| 1275 } |
| 1276 |
| 1277 /* create PSK pre_master_secret */ |
| 1278 pre_ms_len = 2+psk_len+2+psk_len; |
| 1279 t = psk_or_pre_ms; |
| 1280 memmove(psk_or_pre_ms+psk_len+4, psk_or_pre_ms, psk_len)
; |
| 1281 s2n(psk_len, t); |
| 1282 memset(t, 0, psk_len); |
| 1283 t+=psk_len; |
| 1284 s2n(psk_len, t); |
| 1285 |
| 1286 if (s->session->psk_identity_hint != NULL) |
| 1287 OPENSSL_free(s->session->psk_identity_hint); |
| 1288 s->session->psk_identity_hint = BUF_strdup(s->ctx->psk_i
dentity_hint); |
| 1289 if (s->ctx->psk_identity_hint != NULL && |
| 1290 s->session->psk_identity_hint == NULL) |
| 1291 { |
| 1292 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, |
| 1293 ERR_R_MALLOC_FAILURE); |
| 1294 goto psk_err; |
| 1295 } |
| 1296 |
| 1297 if (s->session->psk_identity != NULL) |
| 1298 OPENSSL_free(s->session->psk_identity); |
| 1299 s->session->psk_identity = BUF_strdup(identity); |
| 1300 if (s->session->psk_identity == NULL) |
| 1301 { |
| 1302 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, |
| 1303 ERR_R_MALLOC_FAILURE); |
| 1304 goto psk_err; |
| 1305 } |
| 1306 |
| 1307 s->session->master_key_length = |
| 1308 s->method->ssl3_enc->generate_master_secret(s, |
| 1309 s->session->master_key, |
| 1310 psk_or_pre_ms, pre_ms_len); |
| 1311 n = strlen(identity); |
| 1312 s2n(n, p); |
| 1313 memcpy(p, identity, n); |
| 1314 n+=2; |
| 1315 psk_err = 0; |
| 1316 psk_err: |
| 1317 OPENSSL_cleanse(identity, PSK_MAX_IDENTITY_LEN); |
| 1318 OPENSSL_cleanse(psk_or_pre_ms, sizeof(psk_or_pre_ms)); |
| 1319 if (psk_err != 0) |
| 1320 { |
| 1321 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHA
KE_FAILURE); |
| 1322 goto err; |
| 1323 } |
| 1324 } |
| 1325 #endif |
1039 else | 1326 else |
1040 { | 1327 { |
1041 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE
); | 1328 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE
); |
1042 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_R_INTERN
AL_ERROR); | 1329 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_R_INTERN
AL_ERROR); |
1043 goto err; | 1330 goto err; |
1044 } | 1331 } |
1045 | 1332 |
1046 d = dtls1_set_message_header(s, d, | 1333 d = dtls1_set_message_header(s, d, |
1047 SSL3_MT_CLIENT_KEY_EXCHANGE, n, 0, n); | 1334 SSL3_MT_CLIENT_KEY_EXCHANGE, n, 0, n); |
1048 /* | 1335 /* |
1049 *(d++)=SSL3_MT_CLIENT_KEY_EXCHANGE; | 1336 *(d++)=SSL3_MT_CLIENT_KEY_EXCHANGE; |
1050 l2n3(n,d); | 1337 l2n3(n,d); |
1051 l2n(s->d1->handshake_write_seq,d); | 1338 l2n(s->d1->handshake_write_seq,d); |
1052 s->d1->handshake_write_seq++; | 1339 s->d1->handshake_write_seq++; |
1053 */ | 1340 */ |
1054 | 1341 |
1055 s->state=SSL3_ST_CW_KEY_EXCH_B; | 1342 s->state=SSL3_ST_CW_KEY_EXCH_B; |
1056 /* number of bytes to write */ | 1343 /* number of bytes to write */ |
1057 s->init_num=n+DTLS1_HM_HEADER_LENGTH; | 1344 s->init_num=n+DTLS1_HM_HEADER_LENGTH; |
1058 s->init_off=0; | 1345 s->init_off=0; |
1059 | 1346 |
1060 /* buffer the message to handle re-xmits */ | 1347 /* buffer the message to handle re-xmits */ |
1061 dtls1_buffer_message(s, 0); | 1348 dtls1_buffer_message(s, 0); |
1062 } | 1349 } |
1063 | 1350 |
1064 /* SSL3_ST_CW_KEY_EXCH_B */ | 1351 /* SSL3_ST_CW_KEY_EXCH_B */ |
1065 return(dtls1_do_write(s,SSL3_RT_HANDSHAKE)); | 1352 return(dtls1_do_write(s,SSL3_RT_HANDSHAKE)); |
1066 err: | 1353 err: |
| 1354 #ifndef OPENSSL_NO_ECDH |
| 1355 BN_CTX_free(bn_ctx); |
| 1356 if (encodedPoint != NULL) OPENSSL_free(encodedPoint); |
| 1357 if (clnt_ecdh != NULL) |
| 1358 EC_KEY_free(clnt_ecdh); |
| 1359 EVP_PKEY_free(srvr_pub_pkey); |
| 1360 #endif |
1067 return(-1); | 1361 return(-1); |
1068 } | 1362 } |
1069 | 1363 |
1070 int dtls1_send_client_verify(SSL *s) | 1364 int dtls1_send_client_verify(SSL *s) |
1071 { | 1365 { |
1072 unsigned char *p,*d; | 1366 unsigned char *p,*d; |
1073 unsigned char data[MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH]; | 1367 unsigned char data[MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH]; |
1074 EVP_PKEY *pkey; | 1368 EVP_PKEY *pkey; |
1075 #ifndef OPENSSL_NO_RSA | 1369 #ifndef OPENSSL_NO_RSA |
1076 unsigned u=0; | 1370 unsigned u=0; |
1077 #endif | 1371 #endif |
1078 unsigned long n; | 1372 unsigned long n; |
1079 #ifndef OPENSSL_NO_DSA | 1373 #if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECDSA) |
1080 int j; | 1374 int j; |
1081 #endif | 1375 #endif |
1082 | 1376 |
1083 if (s->state == SSL3_ST_CW_CERT_VRFY_A) | 1377 if (s->state == SSL3_ST_CW_CERT_VRFY_A) |
1084 { | 1378 { |
1085 d=(unsigned char *)s->init_buf->data; | 1379 d=(unsigned char *)s->init_buf->data; |
1086 p= &(d[DTLS1_HM_HEADER_LENGTH]); | 1380 p= &(d[DTLS1_HM_HEADER_LENGTH]); |
1087 pkey=s->cert->key->privatekey; | 1381 pkey=s->cert->key->privatekey; |
1088 | 1382 |
1089 » » s->method->ssl3_enc->cert_verify_mac(s,&(s->s3->finish_dgst2), | 1383 » » s->method->ssl3_enc->cert_verify_mac(s, |
| 1384 » » NID_sha1, |
1090 &(data[MD5_DIGEST_LENGTH])); | 1385 &(data[MD5_DIGEST_LENGTH])); |
1091 | 1386 |
1092 #ifndef OPENSSL_NO_RSA | 1387 #ifndef OPENSSL_NO_RSA |
1093 if (pkey->type == EVP_PKEY_RSA) | 1388 if (pkey->type == EVP_PKEY_RSA) |
1094 { | 1389 { |
1095 s->method->ssl3_enc->cert_verify_mac(s, | 1390 s->method->ssl3_enc->cert_verify_mac(s, |
1096 » » » » &(s->s3->finish_dgst1),&(data[0])); | 1391 » » » » NID_md5, |
| 1392 » » » » &(data[0])); |
1097 if (RSA_sign(NID_md5_sha1, data, | 1393 if (RSA_sign(NID_md5_sha1, data, |
1098 MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH, | 1394 MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH, |
1099 &(p[2]), &u, pkey->pkey.rsa) <= 0 ) | 1395 &(p[2]), &u, pkey->pkey.rsa) <= 0 ) |
1100 { | 1396 { |
1101 SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY,ERR_R_RSA_
LIB); | 1397 SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY,ERR_R_RSA_
LIB); |
1102 goto err; | 1398 goto err; |
1103 } | 1399 } |
1104 s2n(u,p); | 1400 s2n(u,p); |
1105 n=u+2; | 1401 n=u+2; |
1106 } | 1402 } |
1107 else | 1403 else |
1108 #endif | 1404 #endif |
1109 #ifndef OPENSSL_NO_DSA | 1405 #ifndef OPENSSL_NO_DSA |
1110 if (pkey->type == EVP_PKEY_DSA) | 1406 if (pkey->type == EVP_PKEY_DSA) |
1111 { | 1407 { |
1112 if (!DSA_sign(pkey->save_type, | 1408 if (!DSA_sign(pkey->save_type, |
1113 &(data[MD5_DIGEST_LENGTH]), | 1409 &(data[MD5_DIGEST_LENGTH]), |
1114 SHA_DIGEST_LENGTH,&(p[2]), | 1410 SHA_DIGEST_LENGTH,&(p[2]), |
1115 (unsigned int *)&j,pkey->pkey.dsa)) | 1411 (unsigned int *)&j,pkey->pkey.dsa)) |
1116 { | 1412 { |
1117 SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY,ERR_R_DSA_
LIB); | 1413 SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY,ERR_R_DSA_
LIB); |
1118 goto err; | 1414 goto err; |
1119 } | 1415 } |
1120 s2n(j,p); | 1416 s2n(j,p); |
1121 n=j+2; | 1417 n=j+2; |
1122 } | 1418 } |
1123 else | 1419 else |
1124 #endif | 1420 #endif |
| 1421 #ifndef OPENSSL_NO_ECDSA |
| 1422 if (pkey->type == EVP_PKEY_EC) |
| 1423 { |
| 1424 if (!ECDSA_sign(pkey->save_type, |
| 1425 &(data[MD5_DIGEST_LENGTH]), |
| 1426 SHA_DIGEST_LENGTH,&(p[2]), |
| 1427 (unsigned int *)&j,pkey->pkey.ec)) |
| 1428 { |
| 1429 SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY, |
| 1430 ERR_R_ECDSA_LIB); |
| 1431 goto err; |
| 1432 } |
| 1433 s2n(j,p); |
| 1434 n=j+2; |
| 1435 } |
| 1436 else |
| 1437 #endif |
1125 { | 1438 { |
1126 SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY,ERR_R_INTERNAL_ERR
OR); | 1439 SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY,ERR_R_INTERNAL_ERR
OR); |
1127 goto err; | 1440 goto err; |
1128 } | 1441 } |
1129 | 1442 |
1130 d = dtls1_set_message_header(s, d, | 1443 d = dtls1_set_message_header(s, d, |
1131 SSL3_MT_CERTIFICATE_VERIFY, n, 0, n) ; | 1444 SSL3_MT_CERTIFICATE_VERIFY, n, 0, n) ; |
1132 | 1445 |
1133 s->init_num=(int)n+DTLS1_HM_HEADER_LENGTH; | 1446 s->init_num=(int)n+DTLS1_HM_HEADER_LENGTH; |
1134 s->init_off=0; | 1447 s->init_off=0; |
(...skipping 85 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1220 /* set header called by dtls1_output_cert_chain() */ | 1533 /* set header called by dtls1_output_cert_chain() */ |
1221 | 1534 |
1222 /* buffer the message to handle re-xmits */ | 1535 /* buffer the message to handle re-xmits */ |
1223 dtls1_buffer_message(s, 0); | 1536 dtls1_buffer_message(s, 0); |
1224 } | 1537 } |
1225 /* SSL3_ST_CW_CERT_D */ | 1538 /* SSL3_ST_CW_CERT_D */ |
1226 return(dtls1_do_write(s,SSL3_RT_HANDSHAKE)); | 1539 return(dtls1_do_write(s,SSL3_RT_HANDSHAKE)); |
1227 } | 1540 } |
1228 | 1541 |
1229 | 1542 |
OLD | NEW |