OLD | NEW |
1 /* ssl/s3_clnt.c */ | 1 /* ssl/s3_clnt.c */ |
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
3 * All rights reserved. | 3 * All rights reserved. |
4 * | 4 * |
5 * This package is an SSL implementation written | 5 * This package is an SSL implementation written |
6 * by Eric Young (eay@cryptsoft.com). | 6 * by Eric Young (eay@cryptsoft.com). |
7 * The implementation was written so as to conform with Netscapes SSL. | 7 * The implementation was written so as to conform with Netscapes SSL. |
8 * | 8 * |
9 * This library is free for commercial and non-commercial use as long as | 9 * This library is free for commercial and non-commercial use as long as |
10 * the following conditions are aheared to. The following conditions | 10 * the following conditions are aheared to. The following conditions |
(...skipping 38 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
51 * SUCH DAMAGE. | 51 * SUCH DAMAGE. |
52 * | 52 * |
53 * The licence and distribution terms for any publically available version or | 53 * The licence and distribution terms for any publically available version or |
54 * derivative of this code cannot be changed. i.e. this code cannot simply be | 54 * derivative of this code cannot be changed. i.e. this code cannot simply be |
55 * copied and put under another distribution licence | 55 * copied and put under another distribution licence |
56 * [including the GNU Public Licence.] | 56 * [including the GNU Public Licence.] |
57 */ | 57 */ |
58 /* ==================================================================== | 58 /* ==================================================================== |
59 * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved. | 59 * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. |
60 * | 60 * |
61 * Redistribution and use in source and binary forms, with or without | 61 * Redistribution and use in source and binary forms, with or without |
62 * modification, are permitted provided that the following conditions | 62 * modification, are permitted provided that the following conditions |
63 * are met: | 63 * are met: |
64 * | 64 * |
65 * 1. Redistributions of source code must retain the above copyright | 65 * 1. Redistributions of source code must retain the above copyright |
66 * notice, this list of conditions and the following disclaimer. | 66 * notice, this list of conditions and the following disclaimer. |
67 * | 67 * |
68 * 2. Redistributions in binary form must reproduce the above copyright | 68 * 2. Redistributions in binary form must reproduce the above copyright |
69 * notice, this list of conditions and the following disclaimer in | 69 * notice, this list of conditions and the following disclaimer in |
(...skipping 44 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
114 * Portions of the attached software ("Contribution") are developed by | 114 * Portions of the attached software ("Contribution") are developed by |
115 * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. | 115 * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. |
116 * | 116 * |
117 * The Contribution is licensed pursuant to the OpenSSL open source | 117 * The Contribution is licensed pursuant to the OpenSSL open source |
118 * license provided above. | 118 * license provided above. |
119 * | 119 * |
120 * ECC cipher suite support in OpenSSL originally written by | 120 * ECC cipher suite support in OpenSSL originally written by |
121 * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories. | 121 * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories. |
122 * | 122 * |
123 */ | 123 */ |
| 124 /* ==================================================================== |
| 125 * Copyright 2005 Nokia. All rights reserved. |
| 126 * |
| 127 * The portions of the attached software ("Contribution") is developed by |
| 128 * Nokia Corporation and is licensed pursuant to the OpenSSL open source |
| 129 * license. |
| 130 * |
| 131 * The Contribution, originally written by Mika Kousa and Pasi Eronen of |
| 132 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites |
| 133 * support (see RFC 4279) to OpenSSL. |
| 134 * |
| 135 * No patent licenses or other rights except those expressly stated in |
| 136 * the OpenSSL open source license shall be deemed granted or received |
| 137 * expressly, by implication, estoppel, or otherwise. |
| 138 * |
| 139 * No assurances are provided by Nokia that the Contribution does not |
| 140 * infringe the patent or other intellectual property rights of any third |
| 141 * party or that the license provides you with all the necessary rights |
| 142 * to make use of the Contribution. |
| 143 * |
| 144 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN |
| 145 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA |
| 146 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY |
| 147 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR |
| 148 * OTHERWISE. |
| 149 */ |
124 | 150 |
125 #include <stdio.h> | 151 #include <stdio.h> |
126 #include "ssl_locl.h" | 152 #include "ssl_locl.h" |
127 #include "kssl_lcl.h" | 153 #include "kssl_lcl.h" |
128 #include <openssl/buffer.h> | 154 #include <openssl/buffer.h> |
129 #include <openssl/rand.h> | 155 #include <openssl/rand.h> |
130 #include <openssl/objects.h> | 156 #include <openssl/objects.h> |
131 #include <openssl/evp.h> | 157 #include <openssl/evp.h> |
132 #include <openssl/md5.h> | 158 #include <openssl/md5.h> |
133 #ifdef OPENSSL_FIPS | |
134 #include <openssl/fips.h> | |
135 #endif | |
136 | |
137 #ifndef OPENSSL_NO_DH | 159 #ifndef OPENSSL_NO_DH |
138 #include <openssl/dh.h> | 160 #include <openssl/dh.h> |
139 #endif | 161 #endif |
140 #include <openssl/bn.h> | 162 #include <openssl/bn.h> |
141 #ifndef OPENSSL_NO_ENGINE | 163 #ifndef OPENSSL_NO_ENGINE |
142 #include <openssl/engine.h> | 164 #include <openssl/engine.h> |
143 #endif | 165 #endif |
144 | 166 |
145 static SSL_METHOD *ssl3_get_client_method(int ver); | 167 static const SSL_METHOD *ssl3_get_client_method(int ver); |
146 static int ca_dn_cmp(const X509_NAME * const *a,const X509_NAME * const *b); | 168 static int ca_dn_cmp(const X509_NAME * const *a,const X509_NAME * const *b); |
147 | 169 |
148 #ifndef OPENSSL_NO_ECDH | 170 static const SSL_METHOD *ssl3_get_client_method(int ver) |
149 static int curve_id2nid(int curve_id); | |
150 int check_srvr_ecc_cert_and_alg(X509 *x, SSL_CIPHER *cs); | |
151 #endif | |
152 | |
153 static SSL_METHOD *ssl3_get_client_method(int ver) | |
154 { | 171 { |
155 if (ver == SSL3_VERSION) | 172 if (ver == SSL3_VERSION) |
156 return(SSLv3_client_method()); | 173 return(SSLv3_client_method()); |
157 else | 174 else |
158 return(NULL); | 175 return(NULL); |
159 } | 176 } |
160 | 177 |
161 IMPLEMENT_ssl3_meth_func(SSLv3_client_method, | 178 IMPLEMENT_ssl3_meth_func(SSLv3_client_method, |
162 ssl_undefined_function, | 179 ssl_undefined_function, |
163 ssl3_connect, | 180 ssl3_connect, |
164 ssl3_get_client_method) | 181 ssl3_get_client_method) |
165 | 182 |
166 int ssl3_connect(SSL *s) | 183 int ssl3_connect(SSL *s) |
167 { | 184 { |
168 BUF_MEM *buf=NULL; | 185 BUF_MEM *buf=NULL; |
169 » unsigned long Time=(unsigned long)time(NULL),l; | 186 » unsigned long Time=(unsigned long)time(NULL); |
170 void (*cb)(const SSL *ssl,int type,int val)=NULL; | 187 void (*cb)(const SSL *ssl,int type,int val)=NULL; |
171 int ret= -1; | 188 int ret= -1; |
172 int new_state,state,skip=0; | 189 int new_state,state,skip=0; |
173 | 190 |
174 RAND_add(&Time,sizeof(Time),0); | 191 RAND_add(&Time,sizeof(Time),0); |
175 ERR_clear_error(); | 192 ERR_clear_error(); |
176 clear_sys_error(); | 193 clear_sys_error(); |
177 | 194 |
178 if (s->info_callback != NULL) | 195 if (s->info_callback != NULL) |
179 cb=s->info_callback; | 196 cb=s->info_callback; |
180 else if (s->ctx->info_callback != NULL) | 197 else if (s->ctx->info_callback != NULL) |
181 cb=s->ctx->info_callback; | 198 cb=s->ctx->info_callback; |
182 | 199 |
183 s->in_handshake++; | 200 s->in_handshake++; |
184 if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); | 201 if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); |
| 202 #if 0 /* Send app data in separate packet, otherwise, some particular site |
| 203 * (only one site so far) closes the socket. |
| 204 * Note: there is a very small chance that two TCP packets |
| 205 * could be arriving at server combined into a single TCP packet, |
| 206 * then trigger that site to break. We haven't encounter that though. |
| 207 */ |
185 if (SSL_get_mode(s) & SSL_MODE_HANDSHAKE_CUTTHROUGH) | 208 if (SSL_get_mode(s) & SSL_MODE_HANDSHAKE_CUTTHROUGH) |
186 { | 209 { |
187 /* Send app data along with CCS/Finished */ | 210 /* Send app data along with CCS/Finished */ |
188 s->s3->flags |= SSL3_FLAGS_DELAY_CLIENT_FINISHED; | 211 s->s3->flags |= SSL3_FLAGS_DELAY_CLIENT_FINISHED; |
189 } | 212 } |
| 213 #endif |
190 | 214 |
191 for (;;) | 215 for (;;) |
192 { | 216 { |
193 state=s->state; | 217 state=s->state; |
194 | 218 |
195 switch(s->state) | 219 switch(s->state) |
196 { | 220 { |
197 case SSL_ST_RENEGOTIATE: | 221 case SSL_ST_RENEGOTIATE: |
198 s->new_session=1; | 222 s->new_session=1; |
199 s->state=SSL_ST_CONNECT; | 223 s->state=SSL_ST_CONNECT; |
(...skipping 59 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
259 /* turn on buffering for the next lot of output */ | 283 /* turn on buffering for the next lot of output */ |
260 if (s->bbio != s->wbio) | 284 if (s->bbio != s->wbio) |
261 s->wbio=BIO_push(s->bbio,s->wbio); | 285 s->wbio=BIO_push(s->bbio,s->wbio); |
262 | 286 |
263 break; | 287 break; |
264 | 288 |
265 case SSL3_ST_CR_SRVR_HELLO_A: | 289 case SSL3_ST_CR_SRVR_HELLO_A: |
266 case SSL3_ST_CR_SRVR_HELLO_B: | 290 case SSL3_ST_CR_SRVR_HELLO_B: |
267 ret=ssl3_get_server_hello(s); | 291 ret=ssl3_get_server_hello(s); |
268 if (ret <= 0) goto end; | 292 if (ret <= 0) goto end; |
| 293 |
269 if (s->hit) | 294 if (s->hit) |
270 s->state=SSL3_ST_CR_FINISHED_A; | 295 s->state=SSL3_ST_CR_FINISHED_A; |
271 else | 296 else |
272 s->state=SSL3_ST_CR_CERT_A; | 297 s->state=SSL3_ST_CR_CERT_A; |
273 s->init_num=0; | 298 s->init_num=0; |
274 break; | 299 break; |
275 | 300 |
276 case SSL3_ST_CR_CERT_A: | 301 case SSL3_ST_CR_CERT_A: |
277 case SSL3_ST_CR_CERT_B: | 302 case SSL3_ST_CR_CERT_B: |
278 #ifndef OPENSSL_NO_TLSEXT | 303 #ifndef OPENSSL_NO_TLSEXT |
279 ret=ssl3_check_finished(s); | 304 ret=ssl3_check_finished(s); |
280 if (ret <= 0) goto end; | 305 if (ret <= 0) goto end; |
281 if (ret == 2) | 306 if (ret == 2) |
282 { | 307 { |
283 s->hit = 1; | 308 s->hit = 1; |
284 if (s->tlsext_ticket_expected) | 309 if (s->tlsext_ticket_expected) |
285 s->state=SSL3_ST_CR_SESSION_TICKET_A; | 310 s->state=SSL3_ST_CR_SESSION_TICKET_A; |
286 else | 311 else |
287 s->state=SSL3_ST_CR_FINISHED_A; | 312 s->state=SSL3_ST_CR_FINISHED_A; |
288 s->init_num=0; | 313 s->init_num=0; |
289 break; | 314 break; |
290 } | 315 } |
291 #endif | 316 #endif |
292 /* Check if it is anon DH/ECDH */ | 317 /* Check if it is anon DH/ECDH */ |
293 » » » if (!(s->s3->tmp.new_cipher->algorithms & SSL_aNULL)) | 318 » » » /* or PSK */ |
| 319 » » » if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL)
&& |
| 320 » » » !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) |
294 { | 321 { |
295 ret=ssl3_get_server_certificate(s); | 322 ret=ssl3_get_server_certificate(s); |
296 if (ret <= 0) goto end; | 323 if (ret <= 0) goto end; |
297 #ifndef OPENSSL_NO_TLSEXT | 324 #ifndef OPENSSL_NO_TLSEXT |
298 if (s->tlsext_status_expected) | 325 if (s->tlsext_status_expected) |
299 s->state=SSL3_ST_CR_CERT_STATUS_A; | 326 s->state=SSL3_ST_CR_CERT_STATUS_A; |
300 else | 327 else |
301 s->state=SSL3_ST_CR_KEY_EXCH_A; | 328 s->state=SSL3_ST_CR_KEY_EXCH_A; |
302 } | 329 } |
303 else | 330 else |
(...skipping 54 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
358 ret=ssl3_send_client_certificate(s); | 385 ret=ssl3_send_client_certificate(s); |
359 if (ret <= 0) goto end; | 386 if (ret <= 0) goto end; |
360 s->state=SSL3_ST_CW_KEY_EXCH_A; | 387 s->state=SSL3_ST_CW_KEY_EXCH_A; |
361 s->init_num=0; | 388 s->init_num=0; |
362 break; | 389 break; |
363 | 390 |
364 case SSL3_ST_CW_KEY_EXCH_A: | 391 case SSL3_ST_CW_KEY_EXCH_A: |
365 case SSL3_ST_CW_KEY_EXCH_B: | 392 case SSL3_ST_CW_KEY_EXCH_B: |
366 ret=ssl3_send_client_key_exchange(s); | 393 ret=ssl3_send_client_key_exchange(s); |
367 if (ret <= 0) goto end; | 394 if (ret <= 0) goto end; |
368 l=s->s3->tmp.new_cipher->algorithms; | |
369 /* EAY EAY EAY need to check for DH fix cert | 395 /* EAY EAY EAY need to check for DH fix cert |
370 * sent back */ | 396 * sent back */ |
371 /* For TLS, cert_req is set to 2, so a cert chain | 397 /* For TLS, cert_req is set to 2, so a cert chain |
372 * of nothing is sent, but no verify packet is sent */ | 398 * of nothing is sent, but no verify packet is sent */ |
373 /* XXX: For now, we do not support client | 399 /* XXX: For now, we do not support client |
374 * authentication in ECDH cipher suites with | 400 * authentication in ECDH cipher suites with |
375 * ECDH (rather than ECDSA) certificates. | 401 * ECDH (rather than ECDSA) certificates. |
376 * We need to skip the certificate verify | 402 * We need to skip the certificate verify |
377 * message when client's ECDH public key is sent | 403 * message when client's ECDH public key is sent |
378 * inside the client certificate. | 404 * inside the client certificate. |
379 */ | 405 */ |
380 if (s->s3->tmp.cert_req == 1) | 406 if (s->s3->tmp.cert_req == 1) |
381 { | 407 { |
382 s->state=SSL3_ST_CW_CERT_VRFY_A; | 408 s->state=SSL3_ST_CW_CERT_VRFY_A; |
383 } | 409 } |
384 else | 410 else |
385 { | 411 { |
386 s->state=SSL3_ST_CW_CHANGE_A; | 412 s->state=SSL3_ST_CW_CHANGE_A; |
387 s->s3->change_cipher_spec=0; | 413 s->s3->change_cipher_spec=0; |
388 } | 414 } |
| 415 if (s->s3->flags & TLS1_FLAGS_SKIP_CERT_VERIFY) |
| 416 { |
| 417 s->state=SSL3_ST_CW_CHANGE_A; |
| 418 s->s3->change_cipher_spec=0; |
| 419 } |
389 | 420 |
390 s->init_num=0; | 421 s->init_num=0; |
391 break; | 422 break; |
392 | 423 |
393 case SSL3_ST_CW_CERT_VRFY_A: | 424 case SSL3_ST_CW_CERT_VRFY_A: |
394 case SSL3_ST_CW_CERT_VRFY_B: | 425 case SSL3_ST_CW_CERT_VRFY_B: |
395 ret=ssl3_send_client_verify(s); | 426 ret=ssl3_send_client_verify(s); |
396 if (ret <= 0) goto end; | 427 if (ret <= 0) goto end; |
397 s->state=SSL3_ST_CW_CHANGE_A; | 428 s->state=SSL3_ST_CW_CHANGE_A; |
398 s->init_num=0; | 429 s->init_num=0; |
399 s->s3->change_cipher_spec=0; | 430 s->s3->change_cipher_spec=0; |
400 break; | 431 break; |
401 | 432 |
402 case SSL3_ST_CW_CHANGE_A: | 433 case SSL3_ST_CW_CHANGE_A: |
403 case SSL3_ST_CW_CHANGE_B: | 434 case SSL3_ST_CW_CHANGE_B: |
404 ret=ssl3_send_change_cipher_spec(s, | 435 ret=ssl3_send_change_cipher_spec(s, |
405 SSL3_ST_CW_CHANGE_A,SSL3_ST_CW_CHANGE_B); | 436 SSL3_ST_CW_CHANGE_A,SSL3_ST_CW_CHANGE_B); |
406 if (ret <= 0) goto end; | 437 if (ret <= 0) goto end; |
407 | 438 |
| 439 #if defined(OPENSSL_NO_TLSEXT) || defined(OPENSSL_NO_NEXTPROTONEG) |
| 440 s->state=SSL3_ST_CW_FINISHED_A; |
| 441 #else |
408 if (s->next_proto_negotiated) | 442 if (s->next_proto_negotiated) |
409 s->state=SSL3_ST_CW_NEXT_PROTO_A; | 443 s->state=SSL3_ST_CW_NEXT_PROTO_A; |
410 else | 444 else |
411 s->state=SSL3_ST_CW_FINISHED_A; | 445 s->state=SSL3_ST_CW_FINISHED_A; |
| 446 #endif |
| 447 |
412 s->init_num=0; | 448 s->init_num=0; |
413 | 449 |
414 s->session->cipher=s->s3->tmp.new_cipher; | 450 s->session->cipher=s->s3->tmp.new_cipher; |
415 #ifdef OPENSSL_NO_COMP | 451 #ifdef OPENSSL_NO_COMP |
416 s->session->compress_meth=0; | 452 s->session->compress_meth=0; |
417 #else | 453 #else |
418 if (s->s3->tmp.new_compression == NULL) | 454 if (s->s3->tmp.new_compression == NULL) |
419 s->session->compress_meth=0; | 455 s->session->compress_meth=0; |
420 else | 456 else |
421 s->session->compress_meth= | 457 s->session->compress_meth= |
422 s->s3->tmp.new_compression->id; | 458 s->s3->tmp.new_compression->id; |
423 #endif | 459 #endif |
424 if (!s->method->ssl3_enc->setup_key_block(s)) | 460 if (!s->method->ssl3_enc->setup_key_block(s)) |
425 { | 461 { |
426 ret= -1; | 462 ret= -1; |
427 goto end; | 463 goto end; |
428 } | 464 } |
429 | 465 |
430 if (!s->method->ssl3_enc->change_cipher_state(s, | 466 if (!s->method->ssl3_enc->change_cipher_state(s, |
431 SSL3_CHANGE_CIPHER_CLIENT_WRITE)) | 467 SSL3_CHANGE_CIPHER_CLIENT_WRITE)) |
432 { | 468 { |
433 ret= -1; | 469 ret= -1; |
434 goto end; | 470 goto end; |
435 } | 471 } |
436 | 472 |
437 break; | 473 break; |
438 | 474 |
| 475 #if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) |
439 case SSL3_ST_CW_NEXT_PROTO_A: | 476 case SSL3_ST_CW_NEXT_PROTO_A: |
440 case SSL3_ST_CW_NEXT_PROTO_B: | 477 case SSL3_ST_CW_NEXT_PROTO_B: |
441 ret=ssl3_send_next_proto(s); | 478 ret=ssl3_send_next_proto(s); |
442 if (ret <= 0) goto end; | 479 if (ret <= 0) goto end; |
443 s->state=SSL3_ST_CW_FINISHED_A; | 480 s->state=SSL3_ST_CW_FINISHED_A; |
444 break; | 481 break; |
| 482 #endif |
445 | 483 |
446 case SSL3_ST_CW_FINISHED_A: | 484 case SSL3_ST_CW_FINISHED_A: |
447 case SSL3_ST_CW_FINISHED_B: | 485 case SSL3_ST_CW_FINISHED_B: |
448 ret=ssl3_send_finished(s, | 486 ret=ssl3_send_finished(s, |
449 SSL3_ST_CW_FINISHED_A,SSL3_ST_CW_FINISHED_B, | 487 SSL3_ST_CW_FINISHED_A,SSL3_ST_CW_FINISHED_B, |
450 s->method->ssl3_enc->client_finished_label, | 488 s->method->ssl3_enc->client_finished_label, |
451 s->method->ssl3_enc->client_finished_label_len); | 489 s->method->ssl3_enc->client_finished_label_len); |
452 if (ret <= 0) goto end; | 490 if (ret <= 0) goto end; |
453 s->state=SSL3_ST_CW_FLUSH; | 491 s->state=SSL3_ST_CW_FLUSH; |
454 | 492 |
(...skipping 186 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
641 SSL_SESSION *sess = s->session; | 679 SSL_SESSION *sess = s->session; |
642 if ((sess == NULL) || | 680 if ((sess == NULL) || |
643 (sess->ssl_version != s->version) || | 681 (sess->ssl_version != s->version) || |
644 #ifdef OPENSSL_NO_TLSEXT | 682 #ifdef OPENSSL_NO_TLSEXT |
645 !sess->session_id_length || | 683 !sess->session_id_length || |
646 #else | 684 #else |
647 (!sess->session_id_length && !sess->tlsext_tick) || | 685 (!sess->session_id_length && !sess->tlsext_tick) || |
648 #endif | 686 #endif |
649 (sess->not_resumable)) | 687 (sess->not_resumable)) |
650 { | 688 { |
| 689 if (!s->session_creation_enabled) |
| 690 { |
| 691 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE
_FAILURE); |
| 692 SSLerr(SSL_F_SSL3_CLIENT_HELLO,SSL_R_SESSION_MAY
_NOT_BE_CREATED); |
| 693 goto err; |
| 694 } |
651 if (!ssl_get_new_session(s,0)) | 695 if (!ssl_get_new_session(s,0)) |
652 goto err; | 696 goto err; |
653 } | 697 } |
654 /* else use the pre-loaded session */ | 698 /* else use the pre-loaded session */ |
655 | 699 |
656 p=s->s3->client_random; | 700 p=s->s3->client_random; |
657 Time=(unsigned long)time(NULL); /* Time */ | 701 Time=(unsigned long)time(NULL); /* Time */ |
658 l2n(Time,p); | 702 l2n(Time,p); |
659 if (RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0) | 703 if (RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0) |
660 goto err; | 704 goto err; |
(...skipping 33 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
694 SSLerr(SSL_F_SSL3_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABL
E); | 738 SSLerr(SSL_F_SSL3_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABL
E); |
695 goto err; | 739 goto err; |
696 } | 740 } |
697 s2n(i,p); | 741 s2n(i,p); |
698 p+=i; | 742 p+=i; |
699 | 743 |
700 /* COMPRESSION */ | 744 /* COMPRESSION */ |
701 #ifdef OPENSSL_NO_COMP | 745 #ifdef OPENSSL_NO_COMP |
702 *(p++)=1; | 746 *(p++)=1; |
703 #else | 747 #else |
704 » » if (s->ctx->comp_methods == NULL) | 748 |
| 749 » » if ((s->options & SSL_OP_NO_COMPRESSION) |
| 750 » » » » » || !s->ctx->comp_methods) |
705 j=0; | 751 j=0; |
706 else | 752 else |
707 j=sk_SSL_COMP_num(s->ctx->comp_methods); | 753 j=sk_SSL_COMP_num(s->ctx->comp_methods); |
708 *(p++)=1+j; | 754 *(p++)=1+j; |
709 for (i=0; i<j; i++) | 755 for (i=0; i<j; i++) |
710 { | 756 { |
711 comp=sk_SSL_COMP_value(s->ctx->comp_methods,i); | 757 comp=sk_SSL_COMP_value(s->ctx->comp_methods,i); |
712 *(p++)=comp->id; | 758 *(p++)=comp->id; |
713 } | 759 } |
714 #endif | 760 #endif |
715 *(p++)=0; /* Add the NULL method */ | 761 *(p++)=0; /* Add the NULL method */ |
| 762 |
716 #ifndef OPENSSL_NO_TLSEXT | 763 #ifndef OPENSSL_NO_TLSEXT |
| 764 /* TLS extensions*/ |
| 765 if (ssl_prepare_clienthello_tlsext(s) <= 0) |
| 766 { |
| 767 SSLerr(SSL_F_SSL3_CLIENT_HELLO,SSL_R_CLIENTHELLO_TLSEXT)
; |
| 768 goto err; |
| 769 } |
717 if ((p = ssl_add_clienthello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_
LENGTH)) == NULL) | 770 if ((p = ssl_add_clienthello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_
LENGTH)) == NULL) |
718 { | 771 { |
719 SSLerr(SSL_F_SSL3_CLIENT_HELLO,ERR_R_INTERNAL_ERROR); | 772 SSLerr(SSL_F_SSL3_CLIENT_HELLO,ERR_R_INTERNAL_ERROR); |
720 goto err; | 773 goto err; |
721 } | 774 } |
722 #endif» » | 775 #endif |
| 776 » » |
723 l=(p-d); | 777 l=(p-d); |
724 d=buf; | 778 d=buf; |
725 *(d++)=SSL3_MT_CLIENT_HELLO; | 779 *(d++)=SSL3_MT_CLIENT_HELLO; |
726 l2n3(l,d); | 780 l2n3(l,d); |
727 | 781 |
728 s->state=SSL3_ST_CW_CLNT_HELLO_B; | 782 s->state=SSL3_ST_CW_CLNT_HELLO_B; |
729 /* number of bytes to write */ | 783 /* number of bytes to write */ |
730 s->init_num=p-buf; | 784 s->init_num=p-buf; |
731 s->init_off=0; | 785 s->init_off=0; |
732 } | 786 } |
733 | 787 |
734 /* SSL3_ST_CW_CLNT_HELLO_B */ | 788 /* SSL3_ST_CW_CLNT_HELLO_B */ |
735 return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); | 789 return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); |
736 err: | 790 err: |
737 return(-1); | 791 return(-1); |
738 } | 792 } |
739 | 793 |
740 int ssl3_get_server_hello(SSL *s) | 794 int ssl3_get_server_hello(SSL *s) |
741 { | 795 { |
742 STACK_OF(SSL_CIPHER) *sk; | 796 STACK_OF(SSL_CIPHER) *sk; |
743 » SSL_CIPHER *c; | 797 » const SSL_CIPHER *c; |
744 unsigned char *p,*d; | 798 unsigned char *p,*d; |
745 int i,al,ok; | 799 int i,al,ok; |
746 unsigned int j; | 800 unsigned int j; |
747 long n; | 801 long n; |
748 #ifndef OPENSSL_NO_COMP | 802 #ifndef OPENSSL_NO_COMP |
749 SSL_COMP *comp; | 803 SSL_COMP *comp; |
750 #endif | 804 #endif |
751 | 805 |
752 n=s->method->ssl_get_message(s, | 806 n=s->method->ssl_get_message(s, |
753 SSL3_ST_CR_SRVR_HELLO_A, | 807 SSL3_ST_CR_SRVR_HELLO_A, |
(...skipping 48 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
802 /* get the session-id */ | 856 /* get the session-id */ |
803 j= *(p++); | 857 j= *(p++); |
804 | 858 |
805 if ((j > sizeof s->session->session_id) || (j > SSL3_SESSION_ID_SIZE)) | 859 if ((j > sizeof s->session->session_id) || (j > SSL3_SESSION_ID_SIZE)) |
806 { | 860 { |
807 al=SSL_AD_ILLEGAL_PARAMETER; | 861 al=SSL_AD_ILLEGAL_PARAMETER; |
808 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_SSL3_SESSION_ID_TOO_LON
G); | 862 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_SSL3_SESSION_ID_TOO_LON
G); |
809 goto f_err; | 863 goto f_err; |
810 } | 864 } |
811 | 865 |
| 866 #ifndef OPENSSL_NO_TLSEXT |
| 867 /* check if we want to resume the session based on external pre-shared s
ecret */ |
| 868 if (s->version >= TLS1_VERSION && s->tls_session_secret_cb) |
| 869 { |
| 870 SSL_CIPHER *pref_cipher=NULL; |
| 871 s->session->master_key_length=sizeof(s->session->master_key); |
| 872 if (s->tls_session_secret_cb(s, s->session->master_key, |
| 873 &s->session->master_key_length, |
| 874 NULL, &pref_cipher, |
| 875 s->tls_session_secret_cb_arg)) |
| 876 { |
| 877 s->session->cipher = pref_cipher ? |
| 878 pref_cipher : ssl_get_cipher_by_char(s, p+j); |
| 879 } |
| 880 } |
| 881 #endif /* OPENSSL_NO_TLSEXT */ |
| 882 |
812 if (j != 0 && j == s->session->session_id_length | 883 if (j != 0 && j == s->session->session_id_length |
813 && memcmp(p,s->session->session_id,j) == 0) | 884 && memcmp(p,s->session->session_id,j) == 0) |
814 { | 885 { |
815 if(s->sid_ctx_length != s->session->sid_ctx_length | 886 if(s->sid_ctx_length != s->session->sid_ctx_length |
816 || memcmp(s->session->sid_ctx,s->sid_ctx,s->sid_ctx_length)) | 887 || memcmp(s->session->sid_ctx,s->sid_ctx,s->sid_ctx_length)) |
817 { | 888 { |
818 /* actually a client application bug */ | 889 /* actually a client application bug */ |
819 al=SSL_AD_ILLEGAL_PARAMETER; | 890 al=SSL_AD_ILLEGAL_PARAMETER; |
820 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_ATTEMPT_TO_REUSE_SESSIO
N_IN_DIFFERENT_CONTEXT); | 891 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_ATTEMPT_TO_REUSE_SESSIO
N_IN_DIFFERENT_CONTEXT); |
821 goto f_err; | 892 goto f_err; |
822 } | 893 } |
823 s->hit=1; | 894 s->hit=1; |
824 } | 895 } |
825 else /* a miss or crap from the other end */ | 896 else /* a miss or crap from the other end */ |
826 { | 897 { |
827 /* If we were trying for session-id reuse, make a new | 898 /* If we were trying for session-id reuse, make a new |
828 * SSL_SESSION so we don't stuff up other people */ | 899 * SSL_SESSION so we don't stuff up other people */ |
829 s->hit=0; | 900 s->hit=0; |
830 if (s->session->session_id_length > 0) | 901 if (s->session->session_id_length > 0) |
831 { | 902 { |
| 903 if (!s->session_creation_enabled) |
| 904 { |
| 905 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE
_FAILURE); |
| 906 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_SESSION
_MAY_NOT_BE_CREATED); |
| 907 goto err; |
| 908 } |
832 if (!ssl_get_new_session(s,0)) | 909 if (!ssl_get_new_session(s,0)) |
833 { | 910 { |
834 al=SSL_AD_INTERNAL_ERROR; | 911 al=SSL_AD_INTERNAL_ERROR; |
835 goto f_err; | 912 goto f_err; |
836 } | 913 } |
837 } | 914 } |
838 s->session->session_id_length=j; | 915 s->session->session_id_length=j; |
839 memcpy(s->session->session_id,p,j); /* j could be 0 */ | 916 memcpy(s->session->session_id,p,j); /* j could be 0 */ |
840 } | 917 } |
841 p+=j; | 918 p+=j; |
(...skipping 17 matching lines...) Expand all Loading... |
859 goto f_err; | 936 goto f_err; |
860 } | 937 } |
861 | 938 |
862 /* Depending on the session caching (internal/external), the cipher | 939 /* Depending on the session caching (internal/external), the cipher |
863 and/or cipher_id values may not be set. Make sure that | 940 and/or cipher_id values may not be set. Make sure that |
864 cipher_id is set and use it for comparison. */ | 941 cipher_id is set and use it for comparison. */ |
865 if (s->session->cipher) | 942 if (s->session->cipher) |
866 s->session->cipher_id = s->session->cipher->id; | 943 s->session->cipher_id = s->session->cipher->id; |
867 if (s->hit && (s->session->cipher_id != c->id)) | 944 if (s->hit && (s->session->cipher_id != c->id)) |
868 { | 945 { |
| 946 /* Workaround is now obsolete */ |
| 947 #if 0 |
869 if (!(s->options & | 948 if (!(s->options & |
870 SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG)) | 949 SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG)) |
| 950 #endif |
871 { | 951 { |
872 al=SSL_AD_ILLEGAL_PARAMETER; | 952 al=SSL_AD_ILLEGAL_PARAMETER; |
873 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_OLD_SESSION_CIP
HER_NOT_RETURNED); | 953 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_OLD_SESSION_CIP
HER_NOT_RETURNED); |
874 goto f_err; | 954 goto f_err; |
875 } | 955 } |
876 } | 956 } |
877 s->s3->tmp.new_cipher=c; | 957 s->s3->tmp.new_cipher=c; |
| 958 if (!ssl3_digest_cached_records(s)) |
| 959 goto f_err; |
878 | 960 |
879 /* lets get the compression algorithm */ | 961 /* lets get the compression algorithm */ |
880 /* COMPRESSION */ | 962 /* COMPRESSION */ |
881 #ifdef OPENSSL_NO_COMP | 963 #ifdef OPENSSL_NO_COMP |
882 if (*(p++) != 0) | 964 if (*(p++) != 0) |
883 { | 965 { |
884 al=SSL_AD_ILLEGAL_PARAMETER; | 966 al=SSL_AD_ILLEGAL_PARAMETER; |
885 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_COMPRESSION
_ALGORITHM); | 967 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_COMPRESSION
_ALGORITHM); |
886 goto f_err; | 968 goto f_err; |
887 } | 969 } |
| 970 /* If compression is disabled we'd better not try to resume a session |
| 971 * using compression. |
| 972 */ |
| 973 if (s->session->compress_meth != 0) |
| 974 { |
| 975 al=SSL_AD_INTERNAL_ERROR; |
| 976 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_INCONSISTENT_COMPRESSIO
N); |
| 977 goto f_err; |
| 978 } |
888 #else | 979 #else |
889 j= *(p++); | 980 j= *(p++); |
| 981 if (s->hit && j != s->session->compress_meth) |
| 982 { |
| 983 al=SSL_AD_ILLEGAL_PARAMETER; |
| 984 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_OLD_SESSION_COMPRESSION
_ALGORITHM_NOT_RETURNED); |
| 985 goto f_err; |
| 986 } |
890 if (j == 0) | 987 if (j == 0) |
891 comp=NULL; | 988 comp=NULL; |
| 989 else if (s->options & SSL_OP_NO_COMPRESSION) |
| 990 { |
| 991 al=SSL_AD_ILLEGAL_PARAMETER; |
| 992 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_COMPRESSION_DISABLED); |
| 993 goto f_err; |
| 994 } |
892 else | 995 else |
893 comp=ssl3_comp_find(s->ctx->comp_methods,j); | 996 comp=ssl3_comp_find(s->ctx->comp_methods,j); |
894 | 997 |
895 if ((j != 0) && (comp == NULL)) | 998 if ((j != 0) && (comp == NULL)) |
896 { | 999 { |
897 al=SSL_AD_ILLEGAL_PARAMETER; | 1000 al=SSL_AD_ILLEGAL_PARAMETER; |
898 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_COMPRESSION
_ALGORITHM); | 1001 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_COMPRESSION
_ALGORITHM); |
899 goto f_err; | 1002 goto f_err; |
900 } | 1003 } |
901 else | 1004 else |
902 { | 1005 { |
903 s->s3->tmp.new_compression=comp; | 1006 s->s3->tmp.new_compression=comp; |
904 } | 1007 } |
905 #endif | 1008 #endif |
| 1009 |
906 #ifndef OPENSSL_NO_TLSEXT | 1010 #ifndef OPENSSL_NO_TLSEXT |
907 /* TLS extensions*/ | 1011 /* TLS extensions*/ |
908 if (s->version >= SSL3_VERSION) | 1012 if (s->version >= SSL3_VERSION) |
909 { | 1013 { |
910 if (!ssl_parse_serverhello_tlsext(s,&p,d,n, &al)) | 1014 if (!ssl_parse_serverhello_tlsext(s,&p,d,n, &al)) |
911 { | 1015 { |
912 /* 'al' set by ssl_parse_serverhello_tlsext */ | 1016 /* 'al' set by ssl_parse_serverhello_tlsext */ |
913 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_PARSE_TLSEXT); | 1017 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_PARSE_TLSEXT); |
914 goto f_err; | 1018 goto f_err; |
915 } | 1019 } |
916 if (ssl_check_serverhello_tlsext(s) <= 0) | 1020 if (ssl_check_serverhello_tlsext(s) <= 0) |
917 { | 1021 { |
918 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_SERVERHELLO_TLS
EXT); | 1022 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_SERVERHELLO_TLS
EXT); |
919 goto err; | 1023 goto err; |
920 } | 1024 } |
921 } | 1025 } |
922 #endif | 1026 #endif |
923 | 1027 |
924 | |
925 if (p != (d+n)) | 1028 if (p != (d+n)) |
926 { | 1029 { |
927 /* wrong packet length */ | 1030 /* wrong packet length */ |
928 al=SSL_AD_DECODE_ERROR; | 1031 al=SSL_AD_DECODE_ERROR; |
929 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_BAD_PACKET_LENGTH); | 1032 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_BAD_PACKET_LENGTH); |
930 » » goto err; | 1033 » » goto f_err; |
931 } | 1034 } |
932 | 1035 |
933 return(1); | 1036 return(1); |
934 f_err: | 1037 f_err: |
935 ssl3_send_alert(s,SSL3_AL_FATAL,al); | 1038 ssl3_send_alert(s,SSL3_AL_FATAL,al); |
936 err: | 1039 err: |
937 return(-1); | 1040 return(-1); |
938 } | 1041 } |
939 | 1042 |
940 int ssl3_get_server_certificate(SSL *s) | 1043 int ssl3_get_server_certificate(SSL *s) |
(...skipping 11 matching lines...) Expand all Loading... |
952 n=s->method->ssl_get_message(s, | 1055 n=s->method->ssl_get_message(s, |
953 SSL3_ST_CR_CERT_A, | 1056 SSL3_ST_CR_CERT_A, |
954 SSL3_ST_CR_CERT_B, | 1057 SSL3_ST_CR_CERT_B, |
955 -1, | 1058 -1, |
956 s->max_cert_list, | 1059 s->max_cert_list, |
957 &ok); | 1060 &ok); |
958 | 1061 |
959 if (!ok) return((int)n); | 1062 if (!ok) return((int)n); |
960 | 1063 |
961 if ((s->s3->tmp.message_type == SSL3_MT_SERVER_KEY_EXCHANGE) || | 1064 if ((s->s3->tmp.message_type == SSL3_MT_SERVER_KEY_EXCHANGE) || |
962 » » ((s->s3->tmp.new_cipher->algorithms & SSL_aKRB5) && | 1065 » » ((s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5) && |
963 (s->s3->tmp.message_type == SSL3_MT_SERVER_DONE))) | 1066 (s->s3->tmp.message_type == SSL3_MT_SERVER_DONE))) |
964 { | 1067 { |
965 s->s3->tmp.reuse_message=1; | 1068 s->s3->tmp.reuse_message=1; |
966 return(1); | 1069 return(1); |
967 } | 1070 } |
968 | 1071 |
969 if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE) | 1072 if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE) |
970 { | 1073 { |
971 al=SSL_AD_UNEXPECTED_MESSAGE; | 1074 al=SSL_AD_UNEXPECTED_MESSAGE; |
972 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_BAD_MESSAGE_TYPE)
; | 1075 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_BAD_MESSAGE_TYPE)
; |
(...skipping 44 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1017 goto err; | 1120 goto err; |
1018 } | 1121 } |
1019 x=NULL; | 1122 x=NULL; |
1020 nc+=l+3; | 1123 nc+=l+3; |
1021 p=q; | 1124 p=q; |
1022 } | 1125 } |
1023 | 1126 |
1024 i=ssl_verify_cert_chain(s,sk); | 1127 i=ssl_verify_cert_chain(s,sk); |
1025 if ((s->verify_mode != SSL_VERIFY_NONE) && (i <= 0) | 1128 if ((s->verify_mode != SSL_VERIFY_NONE) && (i <= 0) |
1026 #ifndef OPENSSL_NO_KRB5 | 1129 #ifndef OPENSSL_NO_KRB5 |
1027 » && (s->s3->tmp.new_cipher->algorithms & (SSL_MKEY_MASK|SSL_AUTH_
MASK)) | 1130 » && !((s->s3->tmp.new_cipher->algorithm_mkey & SSL_kKRB5) && |
1028 » != (SSL_aKRB5|SSL_kKRB5) | 1131 » » (s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5)) |
1029 #endif /* OPENSSL_NO_KRB5 */ | 1132 #endif /* OPENSSL_NO_KRB5 */ |
1030 » ) | 1133 » » ) |
1031 { | 1134 { |
1032 al=ssl_verify_alarm_type(s->verify_result); | 1135 al=ssl_verify_alarm_type(s->verify_result); |
1033 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_CERTIFICATE_VERIF
Y_FAILED); | 1136 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_CERTIFICATE_VERIF
Y_FAILED); |
1034 goto f_err; | 1137 goto f_err; |
1035 } | 1138 } |
1036 ERR_clear_error(); /* but we keep s->verify_result */ | 1139 ERR_clear_error(); /* but we keep s->verify_result */ |
1037 | 1140 |
1038 sc=ssl_sess_cert_new(); | 1141 sc=ssl_sess_cert_new(); |
1039 if (sc == NULL) goto err; | 1142 if (sc == NULL) goto err; |
1040 | 1143 |
1041 if (s->session->sess_cert) ssl_sess_cert_free(s->session->sess_cert); | 1144 if (s->session->sess_cert) ssl_sess_cert_free(s->session->sess_cert); |
1042 s->session->sess_cert=sc; | 1145 s->session->sess_cert=sc; |
1043 | 1146 |
1044 sc->cert_chain=sk; | 1147 sc->cert_chain=sk; |
1045 /* Inconsistency alert: cert_chain does include the peer's | 1148 /* Inconsistency alert: cert_chain does include the peer's |
1046 * certificate, which we don't include in s3_srvr.c */ | 1149 * certificate, which we don't include in s3_srvr.c */ |
1047 x=sk_X509_value(sk,0); | 1150 x=sk_X509_value(sk,0); |
1048 sk=NULL; | 1151 sk=NULL; |
1049 /* VRS 19990621: possible memory leak; sk=null ==> !sk_pop_free() @end*/ | 1152 /* VRS 19990621: possible memory leak; sk=null ==> !sk_pop_free() @end*/ |
1050 | 1153 |
1051 pkey=X509_get_pubkey(x); | 1154 pkey=X509_get_pubkey(x); |
1052 | 1155 |
1053 /* VRS: allow null cert if auth == KRB5 */ | 1156 /* VRS: allow null cert if auth == KRB5 */ |
1054 » need_cert =» ((s->s3->tmp.new_cipher->algorithms | 1157 » need_cert = ((s->s3->tmp.new_cipher->algorithm_mkey & SSL_kKRB5) && |
1055 » & (SSL_MKEY_MASK|SSL_AUTH_MASK)) | 1158 » (s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5)) |
1056 » == (SSL_aKRB5|SSL_kKRB5))? 0: 1; | 1159 » ? 0 : 1; |
1057 | 1160 |
1058 #ifdef KSSL_DEBUG | 1161 #ifdef KSSL_DEBUG |
1059 » printf("pkey,x = %p, %p\n", (void *)pkey,(void *)x); | 1162 » printf("pkey,x = %p, %p\n", pkey,x); |
1060 printf("ssl_cert_type(x,pkey) = %d\n", ssl_cert_type(x,pkey)); | 1163 printf("ssl_cert_type(x,pkey) = %d\n", ssl_cert_type(x,pkey)); |
1061 » printf("cipher, alg, nc = %s, %lx, %d\n", s->s3->tmp.new_cipher->name, | 1164 » printf("cipher, alg, nc = %s, %lx, %lx, %d\n", s->s3->tmp.new_cipher->na
me, |
1062 » s->s3->tmp.new_cipher->algorithms, need_cert); | 1165 » » s->s3->tmp.new_cipher->algorithm_mkey, s->s3->tmp.new_cipher->al
gorithm_auth, need_cert); |
1063 #endif /* KSSL_DEBUG */ | 1166 #endif /* KSSL_DEBUG */ |
1064 | 1167 |
1065 if (need_cert && ((pkey == NULL) || EVP_PKEY_missing_parameters(pkey))) | 1168 if (need_cert && ((pkey == NULL) || EVP_PKEY_missing_parameters(pkey))) |
1066 { | 1169 { |
1067 x=NULL; | 1170 x=NULL; |
1068 al=SSL3_AL_FATAL; | 1171 al=SSL3_AL_FATAL; |
1069 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, | 1172 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, |
1070 SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS); | 1173 SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS); |
1071 goto f_err; | 1174 goto f_err; |
1072 } | 1175 } |
(...skipping 51 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1124 } | 1227 } |
1125 | 1228 |
1126 int ssl3_get_key_exchange(SSL *s) | 1229 int ssl3_get_key_exchange(SSL *s) |
1127 { | 1230 { |
1128 #ifndef OPENSSL_NO_RSA | 1231 #ifndef OPENSSL_NO_RSA |
1129 unsigned char *q,md_buf[EVP_MAX_MD_SIZE*2]; | 1232 unsigned char *q,md_buf[EVP_MAX_MD_SIZE*2]; |
1130 #endif | 1233 #endif |
1131 EVP_MD_CTX md_ctx; | 1234 EVP_MD_CTX md_ctx; |
1132 unsigned char *param,*p; | 1235 unsigned char *param,*p; |
1133 int al,i,j,param_len,ok; | 1236 int al,i,j,param_len,ok; |
1134 » long n,alg; | 1237 » long n,alg_k,alg_a; |
1135 EVP_PKEY *pkey=NULL; | 1238 EVP_PKEY *pkey=NULL; |
1136 #ifndef OPENSSL_NO_RSA | 1239 #ifndef OPENSSL_NO_RSA |
1137 RSA *rsa=NULL; | 1240 RSA *rsa=NULL; |
1138 #endif | 1241 #endif |
1139 #ifndef OPENSSL_NO_DH | 1242 #ifndef OPENSSL_NO_DH |
1140 DH *dh=NULL; | 1243 DH *dh=NULL; |
1141 #endif | 1244 #endif |
1142 #ifndef OPENSSL_NO_ECDH | 1245 #ifndef OPENSSL_NO_ECDH |
1143 EC_KEY *ecdh = NULL; | 1246 EC_KEY *ecdh = NULL; |
1144 BN_CTX *bn_ctx = NULL; | 1247 BN_CTX *bn_ctx = NULL; |
1145 EC_POINT *srvr_ecpoint = NULL; | 1248 EC_POINT *srvr_ecpoint = NULL; |
1146 int curve_nid = 0; | 1249 int curve_nid = 0; |
1147 int encoded_pt_len = 0; | 1250 int encoded_pt_len = 0; |
1148 #endif | 1251 #endif |
1149 | 1252 |
1150 /* use same message size as in ssl3_get_certificate_request() | 1253 /* use same message size as in ssl3_get_certificate_request() |
1151 * as ServerKeyExchange message may be skipped */ | 1254 * as ServerKeyExchange message may be skipped */ |
1152 n=s->method->ssl_get_message(s, | 1255 n=s->method->ssl_get_message(s, |
1153 SSL3_ST_CR_KEY_EXCH_A, | 1256 SSL3_ST_CR_KEY_EXCH_A, |
1154 SSL3_ST_CR_KEY_EXCH_B, | 1257 SSL3_ST_CR_KEY_EXCH_B, |
1155 -1, | 1258 -1, |
1156 s->max_cert_list, | 1259 s->max_cert_list, |
1157 &ok); | 1260 &ok); |
1158 | |
1159 if (!ok) return((int)n); | 1261 if (!ok) return((int)n); |
1160 | 1262 |
1161 if (s->s3->tmp.message_type != SSL3_MT_SERVER_KEY_EXCHANGE) | 1263 if (s->s3->tmp.message_type != SSL3_MT_SERVER_KEY_EXCHANGE) |
1162 { | 1264 { |
| 1265 #ifndef OPENSSL_NO_PSK |
| 1266 /* In plain PSK ciphersuite, ServerKeyExchange can be |
| 1267 omitted if no identity hint is sent. Set |
| 1268 session->sess_cert anyway to avoid problems |
| 1269 later.*/ |
| 1270 if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK) |
| 1271 { |
| 1272 s->session->sess_cert=ssl_sess_cert_new(); |
| 1273 if (s->ctx->psk_identity_hint) |
| 1274 OPENSSL_free(s->ctx->psk_identity_hint); |
| 1275 s->ctx->psk_identity_hint = NULL; |
| 1276 } |
| 1277 #endif |
1163 s->s3->tmp.reuse_message=1; | 1278 s->s3->tmp.reuse_message=1; |
1164 return(1); | 1279 return(1); |
1165 } | 1280 } |
1166 | 1281 |
1167 param=p=(unsigned char *)s->init_msg; | 1282 param=p=(unsigned char *)s->init_msg; |
1168 | |
1169 if (s->session->sess_cert != NULL) | 1283 if (s->session->sess_cert != NULL) |
1170 { | 1284 { |
1171 #ifndef OPENSSL_NO_RSA | 1285 #ifndef OPENSSL_NO_RSA |
1172 if (s->session->sess_cert->peer_rsa_tmp != NULL) | 1286 if (s->session->sess_cert->peer_rsa_tmp != NULL) |
1173 { | 1287 { |
1174 RSA_free(s->session->sess_cert->peer_rsa_tmp); | 1288 RSA_free(s->session->sess_cert->peer_rsa_tmp); |
1175 s->session->sess_cert->peer_rsa_tmp=NULL; | 1289 s->session->sess_cert->peer_rsa_tmp=NULL; |
1176 } | 1290 } |
1177 #endif | 1291 #endif |
1178 #ifndef OPENSSL_NO_DH | 1292 #ifndef OPENSSL_NO_DH |
(...skipping 10 matching lines...) Expand all Loading... |
1189 s->session->sess_cert->peer_ecdh_tmp=NULL; | 1303 s->session->sess_cert->peer_ecdh_tmp=NULL; |
1190 } | 1304 } |
1191 #endif | 1305 #endif |
1192 } | 1306 } |
1193 else | 1307 else |
1194 { | 1308 { |
1195 s->session->sess_cert=ssl_sess_cert_new(); | 1309 s->session->sess_cert=ssl_sess_cert_new(); |
1196 } | 1310 } |
1197 | 1311 |
1198 param_len=0; | 1312 param_len=0; |
1199 » alg=s->s3->tmp.new_cipher->algorithms; | 1313 » alg_k=s->s3->tmp.new_cipher->algorithm_mkey; |
| 1314 » alg_a=s->s3->tmp.new_cipher->algorithm_auth; |
1200 EVP_MD_CTX_init(&md_ctx); | 1315 EVP_MD_CTX_init(&md_ctx); |
1201 | 1316 |
| 1317 #ifndef OPENSSL_NO_PSK |
| 1318 if (alg_k & SSL_kPSK) |
| 1319 { |
| 1320 char tmp_id_hint[PSK_MAX_IDENTITY_LEN+1]; |
| 1321 |
| 1322 al=SSL_AD_HANDSHAKE_FAILURE; |
| 1323 n2s(p,i); |
| 1324 param_len=i+2; |
| 1325 /* Store PSK identity hint for later use, hint is used |
| 1326 * in ssl3_send_client_key_exchange. Assume that the |
| 1327 * maximum length of a PSK identity hint can be as |
| 1328 * long as the maximum length of a PSK identity. */ |
| 1329 if (i > PSK_MAX_IDENTITY_LEN) |
| 1330 { |
| 1331 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, |
| 1332 SSL_R_DATA_LENGTH_TOO_LONG); |
| 1333 goto f_err; |
| 1334 } |
| 1335 if (param_len > n) |
| 1336 { |
| 1337 al=SSL_AD_DECODE_ERROR; |
| 1338 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, |
| 1339 SSL_R_BAD_PSK_IDENTITY_HINT_LENGTH); |
| 1340 goto f_err; |
| 1341 } |
| 1342 /* If received PSK identity hint contains NULL |
| 1343 * characters, the hint is truncated from the first |
| 1344 * NULL. p may not be ending with NULL, so create a |
| 1345 * NULL-terminated string. */ |
| 1346 memcpy(tmp_id_hint, p, i); |
| 1347 memset(tmp_id_hint+i, 0, PSK_MAX_IDENTITY_LEN+1-i); |
| 1348 if (s->ctx->psk_identity_hint != NULL) |
| 1349 OPENSSL_free(s->ctx->psk_identity_hint); |
| 1350 s->ctx->psk_identity_hint = BUF_strdup(tmp_id_hint); |
| 1351 if (s->ctx->psk_identity_hint == NULL) |
| 1352 { |
| 1353 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE
); |
| 1354 goto f_err; |
| 1355 } |
| 1356 |
| 1357 p+=i; |
| 1358 n-=param_len; |
| 1359 } |
| 1360 else |
| 1361 #endif /* !OPENSSL_NO_PSK */ |
1202 #ifndef OPENSSL_NO_RSA | 1362 #ifndef OPENSSL_NO_RSA |
1203 » if (alg & SSL_kRSA) | 1363 » if (alg_k & SSL_kRSA) |
1204 { | 1364 { |
1205 if ((rsa=RSA_new()) == NULL) | 1365 if ((rsa=RSA_new()) == NULL) |
1206 { | 1366 { |
1207 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE)
; | 1367 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE)
; |
1208 goto err; | 1368 goto err; |
1209 } | 1369 } |
1210 n2s(p,i); | 1370 n2s(p,i); |
1211 param_len=i+2; | 1371 param_len=i+2; |
1212 if (param_len > n) | 1372 if (param_len > n) |
1213 { | 1373 { |
(...skipping 18 matching lines...) Expand all Loading... |
1232 } | 1392 } |
1233 if (!(rsa->e=BN_bin2bn(p,i,rsa->e))) | 1393 if (!(rsa->e=BN_bin2bn(p,i,rsa->e))) |
1234 { | 1394 { |
1235 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB); | 1395 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB); |
1236 goto err; | 1396 goto err; |
1237 } | 1397 } |
1238 p+=i; | 1398 p+=i; |
1239 n-=param_len; | 1399 n-=param_len; |
1240 | 1400 |
1241 /* this should be because we are using an export cipher */ | 1401 /* this should be because we are using an export cipher */ |
1242 » » if (alg & SSL_aRSA) | 1402 » » if (alg_a & SSL_aRSA) |
1243 pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[S
SL_PKEY_RSA_ENC].x509); | 1403 pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[S
SL_PKEY_RSA_ENC].x509); |
1244 else | 1404 else |
1245 { | 1405 { |
1246 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR)
; | 1406 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR)
; |
1247 goto err; | 1407 goto err; |
1248 } | 1408 } |
1249 s->session->sess_cert->peer_rsa_tmp=rsa; | 1409 s->session->sess_cert->peer_rsa_tmp=rsa; |
1250 rsa=NULL; | 1410 rsa=NULL; |
1251 } | 1411 } |
1252 #else /* OPENSSL_NO_RSA */ | 1412 #else /* OPENSSL_NO_RSA */ |
1253 if (0) | 1413 if (0) |
1254 ; | 1414 ; |
1255 #endif | 1415 #endif |
1256 #ifndef OPENSSL_NO_DH | 1416 #ifndef OPENSSL_NO_DH |
1257 » else if (alg & SSL_kEDH) | 1417 » else if (alg_k & SSL_kEDH) |
1258 { | 1418 { |
1259 if ((dh=DH_new()) == NULL) | 1419 if ((dh=DH_new()) == NULL) |
1260 { | 1420 { |
1261 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_DH_LIB); | 1421 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_DH_LIB); |
1262 goto err; | 1422 goto err; |
1263 } | 1423 } |
1264 n2s(p,i); | 1424 n2s(p,i); |
1265 param_len=i+2; | 1425 param_len=i+2; |
1266 if (param_len > n) | 1426 if (param_len > n) |
1267 { | 1427 { |
(...skipping 33 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1301 } | 1461 } |
1302 if (!(dh->pub_key=BN_bin2bn(p,i,NULL))) | 1462 if (!(dh->pub_key=BN_bin2bn(p,i,NULL))) |
1303 { | 1463 { |
1304 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB); | 1464 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB); |
1305 goto err; | 1465 goto err; |
1306 } | 1466 } |
1307 p+=i; | 1467 p+=i; |
1308 n-=param_len; | 1468 n-=param_len; |
1309 | 1469 |
1310 #ifndef OPENSSL_NO_RSA | 1470 #ifndef OPENSSL_NO_RSA |
1311 » » if (alg & SSL_aRSA) | 1471 » » if (alg_a & SSL_aRSA) |
1312 pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[S
SL_PKEY_RSA_ENC].x509); | 1472 pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[S
SL_PKEY_RSA_ENC].x509); |
1313 #else | 1473 #else |
1314 if (0) | 1474 if (0) |
1315 ; | 1475 ; |
1316 #endif | 1476 #endif |
1317 #ifndef OPENSSL_NO_DSA | 1477 #ifndef OPENSSL_NO_DSA |
1318 » » else if (alg & SSL_aDSS) | 1478 » » else if (alg_a & SSL_aDSS) |
1319 pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[S
SL_PKEY_DSA_SIGN].x509); | 1479 pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[S
SL_PKEY_DSA_SIGN].x509); |
1320 #endif | 1480 #endif |
1321 /* else anonymous DH, so no certificate or pkey. */ | 1481 /* else anonymous DH, so no certificate or pkey. */ |
1322 | 1482 |
1323 s->session->sess_cert->peer_dh_tmp=dh; | 1483 s->session->sess_cert->peer_dh_tmp=dh; |
1324 dh=NULL; | 1484 dh=NULL; |
1325 } | 1485 } |
1326 » else if ((alg & SSL_kDHr) || (alg & SSL_kDHd)) | 1486 » else if ((alg_k & SSL_kDHr) || (alg_k & SSL_kDHd)) |
1327 { | 1487 { |
1328 al=SSL_AD_ILLEGAL_PARAMETER; | 1488 al=SSL_AD_ILLEGAL_PARAMETER; |
1329 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_TRIED_TO_USE_UNSUPPORTE
D_CIPHER); | 1489 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_TRIED_TO_USE_UNSUPPORTE
D_CIPHER); |
1330 goto f_err; | 1490 goto f_err; |
1331 } | 1491 } |
1332 #endif /* !OPENSSL_NO_DH */ | 1492 #endif /* !OPENSSL_NO_DH */ |
1333 | 1493 |
1334 #ifndef OPENSSL_NO_ECDH | 1494 #ifndef OPENSSL_NO_ECDH |
1335 » else if (alg & SSL_kECDHE) | 1495 » else if (alg_k & SSL_kEECDH) |
1336 { | 1496 { |
1337 EC_GROUP *ngroup; | 1497 EC_GROUP *ngroup; |
1338 const EC_GROUP *group; | 1498 const EC_GROUP *group; |
1339 | 1499 |
1340 if ((ecdh=EC_KEY_new()) == NULL) | 1500 if ((ecdh=EC_KEY_new()) == NULL) |
1341 { | 1501 { |
1342 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE)
; | 1502 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE)
; |
1343 goto err; | 1503 goto err; |
1344 } | 1504 } |
1345 | 1505 |
1346 /* Extract elliptic curve parameters and the | 1506 /* Extract elliptic curve parameters and the |
1347 * server's ephemeral ECDH public key. | 1507 * server's ephemeral ECDH public key. |
1348 * Keep accumulating lengths of various components in | 1508 * Keep accumulating lengths of various components in |
1349 * param_len and make sure it never exceeds n. | 1509 * param_len and make sure it never exceeds n. |
1350 */ | 1510 */ |
1351 | 1511 |
1352 /* XXX: For now we only support named (not generic) curves | 1512 /* XXX: For now we only support named (not generic) curves |
1353 * and the ECParameters in this case is just three bytes. | 1513 * and the ECParameters in this case is just three bytes. |
1354 */ | 1514 */ |
1355 param_len=3; | 1515 param_len=3; |
1356 if ((param_len > n) || | 1516 if ((param_len > n) || |
1357 (*p != NAMED_CURVE_TYPE) || | 1517 (*p != NAMED_CURVE_TYPE) || |
1358 » » ((curve_nid = curve_id2nid(*(p + 2))) == 0)) | 1518 » » ((curve_nid = tls1_ec_curve_id2nid(*(p + 2))) == 0)) |
1359 { | 1519 { |
1360 al=SSL_AD_INTERNAL_ERROR; | 1520 al=SSL_AD_INTERNAL_ERROR; |
1361 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_UNABLE_TO_FIND_
ECDH_PARAMETERS); | 1521 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_UNABLE_TO_FIND_
ECDH_PARAMETERS); |
1362 goto f_err; | 1522 goto f_err; |
1363 } | 1523 } |
1364 | 1524 |
1365 ngroup = EC_GROUP_new_by_curve_name(curve_nid); | 1525 ngroup = EC_GROUP_new_by_curve_name(curve_nid); |
1366 if (ngroup == NULL) | 1526 if (ngroup == NULL) |
1367 { | 1527 { |
1368 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_EC_LIB); | 1528 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_EC_LIB); |
(...skipping 40 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1409 | 1569 |
1410 n-=param_len; | 1570 n-=param_len; |
1411 p+=encoded_pt_len; | 1571 p+=encoded_pt_len; |
1412 | 1572 |
1413 /* The ECC/TLS specification does not mention | 1573 /* The ECC/TLS specification does not mention |
1414 * the use of DSA to sign ECParameters in the server | 1574 * the use of DSA to sign ECParameters in the server |
1415 * key exchange message. We do support RSA and ECDSA. | 1575 * key exchange message. We do support RSA and ECDSA. |
1416 */ | 1576 */ |
1417 if (0) ; | 1577 if (0) ; |
1418 #ifndef OPENSSL_NO_RSA | 1578 #ifndef OPENSSL_NO_RSA |
1419 » » else if (alg & SSL_aRSA) | 1579 » » else if (alg_a & SSL_aRSA) |
1420 pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[S
SL_PKEY_RSA_ENC].x509); | 1580 pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[S
SL_PKEY_RSA_ENC].x509); |
1421 #endif | 1581 #endif |
1422 #ifndef OPENSSL_NO_ECDSA | 1582 #ifndef OPENSSL_NO_ECDSA |
1423 » » else if (alg & SSL_aECDSA) | 1583 » » else if (alg_a & SSL_aECDSA) |
1424 pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[S
SL_PKEY_ECC].x509); | 1584 pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[S
SL_PKEY_ECC].x509); |
1425 #endif | 1585 #endif |
1426 /* else anonymous ECDH, so no certificate or pkey. */ | 1586 /* else anonymous ECDH, so no certificate or pkey. */ |
1427 EC_KEY_set_public_key(ecdh, srvr_ecpoint); | 1587 EC_KEY_set_public_key(ecdh, srvr_ecpoint); |
1428 s->session->sess_cert->peer_ecdh_tmp=ecdh; | 1588 s->session->sess_cert->peer_ecdh_tmp=ecdh; |
1429 ecdh=NULL; | 1589 ecdh=NULL; |
1430 BN_CTX_free(bn_ctx); | 1590 BN_CTX_free(bn_ctx); |
| 1591 bn_ctx = NULL; |
1431 EC_POINT_free(srvr_ecpoint); | 1592 EC_POINT_free(srvr_ecpoint); |
1432 srvr_ecpoint = NULL; | 1593 srvr_ecpoint = NULL; |
1433 } | 1594 } |
1434 » else if (alg & SSL_kECDH) | 1595 » else if (alg_k) |
1435 { | 1596 { |
1436 al=SSL_AD_UNEXPECTED_MESSAGE; | 1597 al=SSL_AD_UNEXPECTED_MESSAGE; |
1437 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE); | 1598 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE); |
1438 goto f_err; | 1599 goto f_err; |
1439 } | 1600 } |
1440 #endif /* !OPENSSL_NO_ECDH */ | 1601 #endif /* !OPENSSL_NO_ECDH */ |
1441 if (alg & SSL_aFZA) | |
1442 { | |
1443 al=SSL_AD_HANDSHAKE_FAILURE; | |
1444 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_TRIED_TO_USE_UNSUPPORTE
D_CIPHER); | |
1445 goto f_err; | |
1446 } | |
1447 | 1602 |
1448 | 1603 |
1449 /* p points to the next byte, there are 'n' bytes left */ | 1604 /* p points to the next byte, there are 'n' bytes left */ |
1450 | 1605 |
1451 /* if it was signed, check the signature */ | 1606 /* if it was signed, check the signature */ |
1452 if (pkey != NULL) | 1607 if (pkey != NULL) |
1453 { | 1608 { |
1454 n2s(p,i); | 1609 n2s(p,i); |
1455 n-=2; | 1610 n-=2; |
1456 j=EVP_PKEY_size(pkey); | 1611 j=EVP_PKEY_size(pkey); |
1457 | 1612 |
1458 if ((i != n) || (n > j) || (n <= 0)) | 1613 if ((i != n) || (n > j) || (n <= 0)) |
1459 { | 1614 { |
1460 /* wrong packet length */ | 1615 /* wrong packet length */ |
1461 al=SSL_AD_DECODE_ERROR; | 1616 al=SSL_AD_DECODE_ERROR; |
1462 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_WRONG_SIGNATURE
_LENGTH); | 1617 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_WRONG_SIGNATURE
_LENGTH); |
1463 goto f_err; | 1618 goto f_err; |
1464 } | 1619 } |
1465 | 1620 |
1466 #ifndef OPENSSL_NO_RSA | 1621 #ifndef OPENSSL_NO_RSA |
1467 if (pkey->type == EVP_PKEY_RSA) | 1622 if (pkey->type == EVP_PKEY_RSA) |
1468 { | 1623 { |
1469 int num; | 1624 int num; |
1470 | 1625 |
1471 j=0; | 1626 j=0; |
1472 q=md_buf; | 1627 q=md_buf; |
1473 for (num=2; num > 0; num--) | 1628 for (num=2; num > 0; num--) |
1474 { | 1629 { |
1475 EVP_MD_CTX_set_flags(&md_ctx, | |
1476 EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); | |
1477 EVP_DigestInit_ex(&md_ctx,(num == 2) | 1630 EVP_DigestInit_ex(&md_ctx,(num == 2) |
1478 ?s->ctx->md5:s->ctx->sha1, NULL); | 1631 ?s->ctx->md5:s->ctx->sha1, NULL); |
1479 EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[
0]),SSL3_RANDOM_SIZE); | 1632 EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[
0]),SSL3_RANDOM_SIZE); |
1480 EVP_DigestUpdate(&md_ctx,&(s->s3->server_random[
0]),SSL3_RANDOM_SIZE); | 1633 EVP_DigestUpdate(&md_ctx,&(s->s3->server_random[
0]),SSL3_RANDOM_SIZE); |
1481 EVP_DigestUpdate(&md_ctx,param,param_len); | 1634 EVP_DigestUpdate(&md_ctx,param,param_len); |
1482 EVP_DigestFinal_ex(&md_ctx,q,(unsigned int *)&i)
; | 1635 EVP_DigestFinal_ex(&md_ctx,q,(unsigned int *)&i)
; |
1483 q+=i; | 1636 q+=i; |
1484 j+=i; | 1637 j+=i; |
1485 } | 1638 } |
1486 i=RSA_verify(NID_md5_sha1, md_buf, j, p, n, | 1639 i=RSA_verify(NID_md5_sha1, md_buf, j, p, n, |
(...skipping 50 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1537 } | 1690 } |
1538 else | 1691 else |
1539 #endif | 1692 #endif |
1540 { | 1693 { |
1541 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR)
; | 1694 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR)
; |
1542 goto err; | 1695 goto err; |
1543 } | 1696 } |
1544 } | 1697 } |
1545 else | 1698 else |
1546 { | 1699 { |
1547 » » /* still data left over */ | 1700 » » if (!(alg_a & SSL_aNULL) && !(alg_k & SSL_kPSK)) |
1548 » » if (!(alg & SSL_aNULL)) | 1701 » » » /* aNULL or kPSK do not need public keys */ |
1549 { | 1702 { |
1550 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR)
; | 1703 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR)
; |
1551 goto err; | 1704 goto err; |
1552 } | 1705 } |
| 1706 /* still data left over */ |
1553 if (n != 0) | 1707 if (n != 0) |
1554 { | 1708 { |
1555 al=SSL_AD_DECODE_ERROR; | 1709 al=SSL_AD_DECODE_ERROR; |
1556 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_EXTRA_DATA_IN_M
ESSAGE); | 1710 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_EXTRA_DATA_IN_M
ESSAGE); |
1557 goto f_err; | 1711 goto f_err; |
1558 } | 1712 } |
1559 } | 1713 } |
1560 EVP_PKEY_free(pkey); | 1714 EVP_PKEY_free(pkey); |
1561 EVP_MD_CTX_cleanup(&md_ctx); | 1715 EVP_MD_CTX_cleanup(&md_ctx); |
1562 return(1); | 1716 return(1); |
(...skipping 49 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1612 if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE_REQUEST) | 1766 if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE_REQUEST) |
1613 { | 1767 { |
1614 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE); | 1768 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE); |
1615 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_WRONG_MESSAGE_TY
PE); | 1769 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_WRONG_MESSAGE_TY
PE); |
1616 goto err; | 1770 goto err; |
1617 } | 1771 } |
1618 | 1772 |
1619 /* TLS does not like anon-DH with client cert */ | 1773 /* TLS does not like anon-DH with client cert */ |
1620 if (s->version > SSL3_VERSION) | 1774 if (s->version > SSL3_VERSION) |
1621 { | 1775 { |
1622 » » l=s->s3->tmp.new_cipher->algorithms; | 1776 » » if (s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) |
1623 » » if (l & SSL_aNULL) | |
1624 { | 1777 { |
1625 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAG
E); | 1778 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAG
E); |
1626 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_TLS_CLIE
NT_CERT_REQ_WITH_ANON_CIPHER); | 1779 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_TLS_CLIE
NT_CERT_REQ_WITH_ANON_CIPHER); |
1627 goto err; | 1780 goto err; |
1628 } | 1781 } |
1629 } | 1782 } |
1630 | 1783 |
1631 p=d=(unsigned char *)s->init_msg; | 1784 p=d=(unsigned char *)s->init_msg; |
1632 | 1785 |
1633 if ((ca_sk=sk_X509_NAME_new(ca_dn_cmp)) == NULL) | 1786 if ((ca_sk=sk_X509_NAME_new(ca_dn_cmp)) == NULL) |
(...skipping 120 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1754 } | 1907 } |
1755 if (s->s3->tmp.message_type != SSL3_MT_NEWSESSION_TICKET) | 1908 if (s->s3->tmp.message_type != SSL3_MT_NEWSESSION_TICKET) |
1756 { | 1909 { |
1757 al=SSL_AD_UNEXPECTED_MESSAGE; | 1910 al=SSL_AD_UNEXPECTED_MESSAGE; |
1758 SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,SSL_R_BAD_MESSAGE_TYPE)
; | 1911 SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,SSL_R_BAD_MESSAGE_TYPE)
; |
1759 goto f_err; | 1912 goto f_err; |
1760 } | 1913 } |
1761 if (n < 6) | 1914 if (n < 6) |
1762 { | 1915 { |
1763 /* need at least ticket_lifetime_hint + ticket length */ | 1916 /* need at least ticket_lifetime_hint + ticket length */ |
1764 » » al = SSL3_AL_FATAL,SSL_AD_DECODE_ERROR; | 1917 » » al = SSL_AD_DECODE_ERROR; |
1765 SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,SSL_R_LENGTH_MISMATCH); | 1918 SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,SSL_R_LENGTH_MISMATCH); |
1766 goto f_err; | 1919 goto f_err; |
1767 } | 1920 } |
1768 | 1921 |
1769 p=d=(unsigned char *)s->init_msg; | 1922 p=d=(unsigned char *)s->init_msg; |
1770 n2l(p, s->session->tlsext_tick_lifetime_hint); | 1923 n2l(p, s->session->tlsext_tick_lifetime_hint); |
1771 n2s(p, ticklen); | 1924 n2s(p, ticklen); |
1772 /* ticket_lifetime_hint + ticket_length + ticket */ | 1925 /* ticket_lifetime_hint + ticket_length + ticket */ |
1773 if (ticklen + 6 != n) | 1926 if (ticklen + 6 != n) |
1774 { | 1927 { |
1775 » » al = SSL3_AL_FATAL,SSL_AD_DECODE_ERROR; | 1928 » » al = SSL_AD_DECODE_ERROR; |
1776 SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,SSL_R_LENGTH_MISMATCH); | 1929 SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,SSL_R_LENGTH_MISMATCH); |
1777 goto f_err; | 1930 goto f_err; |
1778 } | 1931 } |
1779 if (s->session->tlsext_tick) | 1932 if (s->session->tlsext_tick) |
1780 { | 1933 { |
1781 OPENSSL_free(s->session->tlsext_tick); | 1934 OPENSSL_free(s->session->tlsext_tick); |
1782 s->session->tlsext_ticklen = 0; | 1935 s->session->tlsext_ticklen = 0; |
1783 } | 1936 } |
1784 s->session->tlsext_tick = OPENSSL_malloc(ticklen); | 1937 s->session->tlsext_tick = OPENSSL_malloc(ticklen); |
1785 if (!s->session->tlsext_tick) | 1938 if (!s->session->tlsext_tick) |
(...skipping 29 matching lines...) Expand all Loading... |
1815 return(ret); | 1968 return(ret); |
1816 f_err: | 1969 f_err: |
1817 ssl3_send_alert(s,SSL3_AL_FATAL,al); | 1970 ssl3_send_alert(s,SSL3_AL_FATAL,al); |
1818 err: | 1971 err: |
1819 return(-1); | 1972 return(-1); |
1820 } | 1973 } |
1821 | 1974 |
1822 int ssl3_get_cert_status(SSL *s) | 1975 int ssl3_get_cert_status(SSL *s) |
1823 { | 1976 { |
1824 int ok, al; | 1977 int ok, al; |
1825 » unsigned long resplen; | 1978 » unsigned long resplen,n; |
1826 » long n; | |
1827 const unsigned char *p; | 1979 const unsigned char *p; |
1828 | 1980 |
1829 n=s->method->ssl_get_message(s, | 1981 n=s->method->ssl_get_message(s, |
1830 SSL3_ST_CR_CERT_STATUS_A, | 1982 SSL3_ST_CR_CERT_STATUS_A, |
1831 SSL3_ST_CR_CERT_STATUS_B, | 1983 SSL3_ST_CR_CERT_STATUS_B, |
1832 SSL3_MT_CERTIFICATE_STATUS, | 1984 SSL3_MT_CERTIFICATE_STATUS, |
1833 16384, | 1985 16384, |
1834 &ok); | 1986 &ok); |
1835 | 1987 |
1836 if (!ok) return((int)n); | 1988 if (!ok) return((int)n); |
1837 if (n < 4) | 1989 if (n < 4) |
1838 { | 1990 { |
1839 /* need at least status type + length */ | 1991 /* need at least status type + length */ |
1840 al = SSL_AD_DECODE_ERROR; | 1992 al = SSL_AD_DECODE_ERROR; |
1841 SSLerr(SSL_F_SSL3_GET_CERT_STATUS,SSL_R_LENGTH_MISMATCH); | 1993 SSLerr(SSL_F_SSL3_GET_CERT_STATUS,SSL_R_LENGTH_MISMATCH); |
1842 goto f_err; | 1994 goto f_err; |
1843 } | 1995 } |
1844 p = (unsigned char *)s->init_msg; | 1996 p = (unsigned char *)s->init_msg; |
1845 if (*p++ != TLSEXT_STATUSTYPE_ocsp) | 1997 if (*p++ != TLSEXT_STATUSTYPE_ocsp) |
1846 { | 1998 { |
1847 al = SSL_AD_DECODE_ERROR; | 1999 al = SSL_AD_DECODE_ERROR; |
1848 SSLerr(SSL_F_SSL3_GET_CERT_STATUS,SSL_R_UNSUPPORTED_STATUS_TYPE)
; | 2000 SSLerr(SSL_F_SSL3_GET_CERT_STATUS,SSL_R_UNSUPPORTED_STATUS_TYPE)
; |
1849 goto f_err; | 2001 goto f_err; |
1850 } | 2002 } |
1851 n2l3(p, resplen); | 2003 n2l3(p, resplen); |
1852 » if (resplen + 4 != (unsigned long)n) | 2004 » if (resplen + 4 != n) |
1853 { | 2005 { |
1854 al = SSL_AD_DECODE_ERROR; | 2006 al = SSL_AD_DECODE_ERROR; |
1855 SSLerr(SSL_F_SSL3_GET_CERT_STATUS,SSL_R_LENGTH_MISMATCH); | 2007 SSLerr(SSL_F_SSL3_GET_CERT_STATUS,SSL_R_LENGTH_MISMATCH); |
1856 goto f_err; | 2008 goto f_err; |
1857 } | 2009 } |
1858 if (s->tlsext_ocsp_resp) | 2010 if (s->tlsext_ocsp_resp) |
1859 OPENSSL_free(s->tlsext_ocsp_resp); | 2011 OPENSSL_free(s->tlsext_ocsp_resp); |
1860 s->tlsext_ocsp_resp = BUF_memdup(p, resplen); | 2012 s->tlsext_ocsp_resp = BUF_memdup(p, resplen); |
1861 if (!s->tlsext_ocsp_resp) | 2013 if (!s->tlsext_ocsp_resp) |
1862 { | 2014 { |
(...skipping 48 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1911 } | 2063 } |
1912 ret=1; | 2064 ret=1; |
1913 return(ret); | 2065 return(ret); |
1914 } | 2066 } |
1915 | 2067 |
1916 | 2068 |
1917 int ssl3_send_client_key_exchange(SSL *s) | 2069 int ssl3_send_client_key_exchange(SSL *s) |
1918 { | 2070 { |
1919 unsigned char *p,*d; | 2071 unsigned char *p,*d; |
1920 int n; | 2072 int n; |
1921 » unsigned long l; | 2073 » unsigned long alg_k; |
1922 #ifndef OPENSSL_NO_RSA | 2074 #ifndef OPENSSL_NO_RSA |
1923 unsigned char *q; | 2075 unsigned char *q; |
1924 EVP_PKEY *pkey=NULL; | 2076 EVP_PKEY *pkey=NULL; |
1925 #endif | 2077 #endif |
1926 #ifndef OPENSSL_NO_KRB5 | 2078 #ifndef OPENSSL_NO_KRB5 |
1927 KSSL_ERR kssl_err; | 2079 KSSL_ERR kssl_err; |
1928 #endif /* OPENSSL_NO_KRB5 */ | 2080 #endif /* OPENSSL_NO_KRB5 */ |
1929 #ifndef OPENSSL_NO_ECDH | 2081 #ifndef OPENSSL_NO_ECDH |
1930 EC_KEY *clnt_ecdh = NULL; | 2082 EC_KEY *clnt_ecdh = NULL; |
1931 const EC_POINT *srvr_ecpoint = NULL; | 2083 const EC_POINT *srvr_ecpoint = NULL; |
1932 EVP_PKEY *srvr_pub_pkey = NULL; | 2084 EVP_PKEY *srvr_pub_pkey = NULL; |
1933 unsigned char *encodedPoint = NULL; | 2085 unsigned char *encodedPoint = NULL; |
1934 int encoded_pt_len = 0; | 2086 int encoded_pt_len = 0; |
1935 BN_CTX * bn_ctx = NULL; | 2087 BN_CTX * bn_ctx = NULL; |
1936 #endif | 2088 #endif |
1937 | 2089 |
1938 if (s->state == SSL3_ST_CW_KEY_EXCH_A) | 2090 if (s->state == SSL3_ST_CW_KEY_EXCH_A) |
1939 { | 2091 { |
1940 d=(unsigned char *)s->init_buf->data; | 2092 d=(unsigned char *)s->init_buf->data; |
1941 p= &(d[4]); | 2093 p= &(d[4]); |
1942 | 2094 |
1943 » » l=s->s3->tmp.new_cipher->algorithms; | 2095 » » alg_k=s->s3->tmp.new_cipher->algorithm_mkey; |
1944 | 2096 |
1945 /* Fool emacs indentation */ | 2097 /* Fool emacs indentation */ |
1946 if (0) {} | 2098 if (0) {} |
1947 #ifndef OPENSSL_NO_RSA | 2099 #ifndef OPENSSL_NO_RSA |
1948 » » else if (l & SSL_kRSA) | 2100 » » else if (alg_k & SSL_kRSA) |
1949 { | 2101 { |
1950 RSA *rsa; | 2102 RSA *rsa; |
1951 unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH]; | 2103 unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH]; |
1952 | 2104 |
1953 if (s->session->sess_cert->peer_rsa_tmp != NULL) | 2105 if (s->session->sess_cert->peer_rsa_tmp != NULL) |
1954 rsa=s->session->sess_cert->peer_rsa_tmp; | 2106 rsa=s->session->sess_cert->peer_rsa_tmp; |
1955 else | 2107 else |
1956 { | 2108 { |
1957 pkey=X509_get_pubkey(s->session->sess_cert->peer
_pkeys[SSL_PKEY_RSA_ENC].x509); | 2109 pkey=X509_get_pubkey(s->session->sess_cert->peer
_pkeys[SSL_PKEY_RSA_ENC].x509); |
1958 if ((pkey == NULL) || | 2110 if ((pkey == NULL) || |
(...skipping 38 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1997 } | 2149 } |
1998 | 2150 |
1999 s->session->master_key_length= | 2151 s->session->master_key_length= |
2000 s->method->ssl3_enc->generate_master_secret(s, | 2152 s->method->ssl3_enc->generate_master_secret(s, |
2001 s->session->master_key, | 2153 s->session->master_key, |
2002 tmp_buf,sizeof tmp_buf); | 2154 tmp_buf,sizeof tmp_buf); |
2003 OPENSSL_cleanse(tmp_buf,sizeof tmp_buf); | 2155 OPENSSL_cleanse(tmp_buf,sizeof tmp_buf); |
2004 } | 2156 } |
2005 #endif | 2157 #endif |
2006 #ifndef OPENSSL_NO_KRB5 | 2158 #ifndef OPENSSL_NO_KRB5 |
2007 » » else if (l & SSL_kKRB5) | 2159 » » else if (alg_k & SSL_kKRB5) |
2008 { | 2160 { |
2009 krb5_error_code krb5rc; | 2161 krb5_error_code krb5rc; |
2010 KSSL_CTX *kssl_ctx = s->kssl_ctx; | 2162 KSSL_CTX *kssl_ctx = s->kssl_ctx; |
2011 /* krb5_data krb5_ap_req; */ | 2163 /* krb5_data krb5_ap_req; */ |
2012 krb5_data *enc_ticket; | 2164 krb5_data *enc_ticket; |
2013 krb5_data authenticator, *authp = NULL; | 2165 krb5_data authenticator, *authp = NULL; |
2014 EVP_CIPHER_CTX ciph_ctx; | 2166 EVP_CIPHER_CTX ciph_ctx; |
2015 » » » EVP_CIPHER» *enc = NULL; | 2167 » » » const EVP_CIPHER *enc = NULL; |
2016 unsigned char iv[EVP_MAX_IV_LENGTH]; | 2168 unsigned char iv[EVP_MAX_IV_LENGTH]; |
2017 unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH]; | 2169 unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH]; |
2018 unsigned char epms[SSL_MAX_MASTER_KEY_LENGTH | 2170 unsigned char epms[SSL_MAX_MASTER_KEY_LENGTH |
2019 + EVP_MAX_IV_LENGTH]; | 2171 + EVP_MAX_IV_LENGTH]; |
2020 int padl, outl = sizeof(epms); | 2172 int padl, outl = sizeof(epms); |
2021 | 2173 |
2022 EVP_CIPHER_CTX_init(&ciph_ctx); | 2174 EVP_CIPHER_CTX_init(&ciph_ctx); |
2023 | 2175 |
2024 #ifdef KSSL_DEBUG | 2176 #ifdef KSSL_DEBUG |
2025 printf("ssl3_send_client_key_exchange(%lx & %lx)\n", | 2177 printf("ssl3_send_client_key_exchange(%lx & %lx)\n", |
2026 » » » l, SSL_kKRB5); | 2178 » » » » alg_k, SSL_kKRB5); |
2027 #endif /* KSSL_DEBUG */ | 2179 #endif /* KSSL_DEBUG */ |
2028 | 2180 |
2029 authp = NULL; | 2181 authp = NULL; |
2030 #ifdef KRB5SENDAUTH | 2182 #ifdef KRB5SENDAUTH |
2031 if (KRB5SENDAUTH) authp = &authenticator; | 2183 if (KRB5SENDAUTH) authp = &authenticator; |
2032 #endif /* KRB5SENDAUTH */ | 2184 #endif /* KRB5SENDAUTH */ |
2033 | 2185 |
2034 krb5rc = kssl_cget_tkt(kssl_ctx, &enc_ticket, authp, | 2186 krb5rc = kssl_cget_tkt(kssl_ctx, &enc_ticket, authp, |
2035 &kssl_err); | 2187 &kssl_err); |
2036 enc = kssl_map_enc(kssl_ctx->enctype); | 2188 enc = kssl_map_enc(kssl_ctx->enctype); |
(...skipping 71 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
2108 ** EVP_EncryptInit_ex(&ciph_ctx,NULL, key,iv); | 2260 ** EVP_EncryptInit_ex(&ciph_ctx,NULL, key,iv); |
2109 */ | 2261 */ |
2110 | 2262 |
2111 memset(iv, 0, sizeof iv); /* per RFC 1510 */ | 2263 memset(iv, 0, sizeof iv); /* per RFC 1510 */ |
2112 EVP_EncryptInit_ex(&ciph_ctx,enc, NULL, | 2264 EVP_EncryptInit_ex(&ciph_ctx,enc, NULL, |
2113 kssl_ctx->key,iv); | 2265 kssl_ctx->key,iv); |
2114 EVP_EncryptUpdate(&ciph_ctx,epms,&outl,tmp_buf, | 2266 EVP_EncryptUpdate(&ciph_ctx,epms,&outl,tmp_buf, |
2115 sizeof tmp_buf); | 2267 sizeof tmp_buf); |
2116 EVP_EncryptFinal_ex(&ciph_ctx,&(epms[outl]),&padl); | 2268 EVP_EncryptFinal_ex(&ciph_ctx,&(epms[outl]),&padl); |
2117 outl += padl; | 2269 outl += padl; |
2118 » » » if (outl > sizeof epms) | 2270 » » » if (outl > (int)sizeof epms) |
2119 { | 2271 { |
2120 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_
R_INTERNAL_ERROR); | 2272 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_
R_INTERNAL_ERROR); |
2121 goto err; | 2273 goto err; |
2122 } | 2274 } |
2123 EVP_CIPHER_CTX_cleanup(&ciph_ctx); | 2275 EVP_CIPHER_CTX_cleanup(&ciph_ctx); |
2124 | 2276 |
2125 /* KerberosWrapper.EncryptedPreMasterSecret */ | 2277 /* KerberosWrapper.EncryptedPreMasterSecret */ |
2126 s2n(outl,p); | 2278 s2n(outl,p); |
2127 memcpy(p, epms, outl); | 2279 memcpy(p, epms, outl); |
2128 p+=outl; | 2280 p+=outl; |
2129 n+=outl + 2; | 2281 n+=outl + 2; |
2130 | 2282 |
2131 s->session->master_key_length= | 2283 s->session->master_key_length= |
2132 » » » s->method->ssl3_enc->generate_master_secret(s, | 2284 » » » » s->method->ssl3_enc->generate_master_secret(s, |
2133 s->session->master_key, | 2285 s->session->master_key, |
2134 tmp_buf, sizeof tmp_buf); | 2286 tmp_buf, sizeof tmp_buf); |
2135 | 2287 |
2136 OPENSSL_cleanse(tmp_buf, sizeof tmp_buf); | 2288 OPENSSL_cleanse(tmp_buf, sizeof tmp_buf); |
2137 OPENSSL_cleanse(epms, outl); | 2289 OPENSSL_cleanse(epms, outl); |
2138 } | 2290 } |
2139 #endif | 2291 #endif |
2140 #ifndef OPENSSL_NO_DH | 2292 #ifndef OPENSSL_NO_DH |
2141 » » else if (l & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) | 2293 » » else if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) |
2142 { | 2294 { |
2143 DH *dh_srvr,*dh_clnt; | 2295 DH *dh_srvr,*dh_clnt; |
2144 | 2296 |
2145 if (s->session->sess_cert == NULL) | 2297 if (s->session->sess_cert == NULL) |
2146 { | 2298 { |
2147 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTE
D_MESSAGE); | 2299 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTE
D_MESSAGE); |
2148 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R
_UNEXPECTED_MESSAGE); | 2300 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R
_UNEXPECTED_MESSAGE); |
2149 goto err; | 2301 goto err; |
2150 » » » } | 2302 » » » » } |
2151 | 2303 |
2152 if (s->session->sess_cert->peer_dh_tmp != NULL) | 2304 if (s->session->sess_cert->peer_dh_tmp != NULL) |
2153 dh_srvr=s->session->sess_cert->peer_dh_tmp; | 2305 dh_srvr=s->session->sess_cert->peer_dh_tmp; |
2154 else | 2306 else |
2155 { | 2307 { |
2156 /* we get them from the cert */ | 2308 /* we get them from the cert */ |
2157 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE
_FAILURE); | 2309 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE
_FAILURE); |
2158 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R
_UNABLE_TO_FIND_DH_PARAMETERS); | 2310 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R
_UNABLE_TO_FIND_DH_PARAMETERS); |
2159 goto err; | 2311 goto err; |
2160 } | 2312 } |
2161 | 2313 |
2162 /* generate a new random key */ | 2314 /* generate a new random key */ |
2163 if ((dh_clnt=DHparams_dup(dh_srvr)) == NULL) | 2315 if ((dh_clnt=DHparams_dup(dh_srvr)) == NULL) |
2164 { | 2316 { |
2165 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R
_DH_LIB); | 2317 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R
_DH_LIB); |
2166 goto err; | 2318 goto err; |
2167 } | 2319 } |
2168 if (!DH_generate_key(dh_clnt)) | 2320 if (!DH_generate_key(dh_clnt)) |
2169 { | 2321 { |
2170 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R
_DH_LIB); | 2322 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R
_DH_LIB); |
| 2323 DH_free(dh_clnt); |
2171 goto err; | 2324 goto err; |
2172 } | 2325 } |
2173 | 2326 |
2174 /* use the 'p' output buffer for the DH key, but | 2327 /* use the 'p' output buffer for the DH key, but |
2175 * make sure to clear it out afterwards */ | 2328 * make sure to clear it out afterwards */ |
2176 | 2329 |
2177 n=DH_compute_key(p,dh_srvr->pub_key,dh_clnt); | 2330 n=DH_compute_key(p,dh_srvr->pub_key,dh_clnt); |
2178 | 2331 |
2179 if (n <= 0) | 2332 if (n <= 0) |
2180 { | 2333 { |
2181 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R
_DH_LIB); | 2334 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R
_DH_LIB); |
| 2335 DH_free(dh_clnt); |
2182 goto err; | 2336 goto err; |
2183 } | 2337 } |
2184 | 2338 |
2185 /* generate master key from the result */ | 2339 /* generate master key from the result */ |
2186 s->session->master_key_length= | 2340 s->session->master_key_length= |
2187 s->method->ssl3_enc->generate_master_secret(s, | 2341 s->method->ssl3_enc->generate_master_secret(s, |
2188 s->session->master_key,p,n); | 2342 s->session->master_key,p,n); |
2189 /* clean up */ | 2343 /* clean up */ |
2190 memset(p,0,n); | 2344 memset(p,0,n); |
2191 | 2345 |
2192 /* send off the data */ | 2346 /* send off the data */ |
2193 n=BN_num_bytes(dh_clnt->pub_key); | 2347 n=BN_num_bytes(dh_clnt->pub_key); |
2194 s2n(n,p); | 2348 s2n(n,p); |
2195 BN_bn2bin(dh_clnt->pub_key,p); | 2349 BN_bn2bin(dh_clnt->pub_key,p); |
2196 n+=2; | 2350 n+=2; |
2197 | 2351 |
2198 DH_free(dh_clnt); | 2352 DH_free(dh_clnt); |
2199 | 2353 |
2200 /* perhaps clean things up a bit EAY EAY EAY EAY*/ | 2354 /* perhaps clean things up a bit EAY EAY EAY EAY*/ |
2201 } | 2355 } |
2202 #endif | 2356 #endif |
2203 | 2357 |
2204 #ifndef OPENSSL_NO_ECDH | 2358 #ifndef OPENSSL_NO_ECDH |
2205 » » else if ((l & SSL_kECDH) || (l & SSL_kECDHE)) | 2359 » » else if (alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) |
2206 { | 2360 { |
2207 const EC_GROUP *srvr_group = NULL; | 2361 const EC_GROUP *srvr_group = NULL; |
2208 EC_KEY *tkey; | 2362 EC_KEY *tkey; |
2209 int ecdh_clnt_cert = 0; | 2363 int ecdh_clnt_cert = 0; |
2210 int field_size = 0; | 2364 int field_size = 0; |
2211 | 2365 |
2212 /* Did we send out the client's | 2366 /* Did we send out the client's |
2213 * ECDH share for use in premaster | 2367 * ECDH share for use in premaster |
2214 * computation as part of client certificate? | 2368 * computation as part of client certificate? |
2215 * If so, set ecdh_clnt_cert to 1. | 2369 * If so, set ecdh_clnt_cert to 1. |
2216 */ | 2370 */ |
2217 » » » if ((l & SSL_kECDH) && (s->cert != NULL)) | 2371 » » » if ((alg_k & (SSL_kECDHr|SSL_kECDHe)) && (s->cert != NUL
L)) |
2218 { | 2372 { |
2219 /* XXX: For now, we do not support client | 2373 /* XXX: For now, we do not support client |
2220 * authentication using ECDH certificates. | 2374 * authentication using ECDH certificates. |
2221 * To add such support, one needs to add | 2375 * To add such support, one needs to add |
2222 * code that checks for appropriate | 2376 * code that checks for appropriate |
2223 * conditions and sets ecdh_clnt_cert to 1. | 2377 * conditions and sets ecdh_clnt_cert to 1. |
2224 * For example, the cert have an ECC | 2378 * For example, the cert have an ECC |
2225 * key on the same curve as the server's | 2379 * key on the same curve as the server's |
2226 * and the key should be authorized for | 2380 * and the key should be authorized for |
2227 * key agreement. | 2381 * key agreement. |
(...skipping 151 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
2379 } | 2533 } |
2380 | 2534 |
2381 /* Free allocated memory */ | 2535 /* Free allocated memory */ |
2382 BN_CTX_free(bn_ctx); | 2536 BN_CTX_free(bn_ctx); |
2383 if (encodedPoint != NULL) OPENSSL_free(encodedPoint); | 2537 if (encodedPoint != NULL) OPENSSL_free(encodedPoint); |
2384 if (clnt_ecdh != NULL) | 2538 if (clnt_ecdh != NULL) |
2385 EC_KEY_free(clnt_ecdh); | 2539 EC_KEY_free(clnt_ecdh); |
2386 EVP_PKEY_free(srvr_pub_pkey); | 2540 EVP_PKEY_free(srvr_pub_pkey); |
2387 } | 2541 } |
2388 #endif /* !OPENSSL_NO_ECDH */ | 2542 #endif /* !OPENSSL_NO_ECDH */ |
| 2543 else if (alg_k & SSL_kGOST) |
| 2544 { |
| 2545 /* GOST key exchange message creation */ |
| 2546 EVP_PKEY_CTX *pkey_ctx; |
| 2547 X509 *peer_cert; |
| 2548 size_t msglen; |
| 2549 unsigned int md_len; |
| 2550 int keytype; |
| 2551 unsigned char premaster_secret[32],shared_ukm[32], tmp[2
56]; |
| 2552 EVP_MD_CTX *ukm_hash; |
| 2553 EVP_PKEY *pub_key; |
| 2554 |
| 2555 /* Get server sertificate PKEY and create ctx from it */ |
| 2556 peer_cert=s->session->sess_cert->peer_pkeys[(keytype=SSL
_PKEY_GOST01)].x509; |
| 2557 if (!peer_cert) |
| 2558 peer_cert=s->session->sess_cert->peer_pkeys[(key
type=SSL_PKEY_GOST94)].x509; |
| 2559 if (!peer_cert) { |
| 2560 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHAN
GE,SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER); |
| 2561 goto err; |
| 2562 } |
| 2563 |
| 2564 pkey_ctx=EVP_PKEY_CTX_new(pub_key=X509_get_pubkey(peer_c
ert),NULL); |
| 2565 /* If we have send a certificate, and certificate key |
| 2566 |
| 2567 * parameters match those of server certificate, use |
| 2568 * certificate key for key exchange |
| 2569 */ |
| 2570 |
| 2571 /* Otherwise, generate ephemeral key pair */ |
| 2572 |
| 2573 EVP_PKEY_encrypt_init(pkey_ctx); |
| 2574 /* Generate session key */ |
| 2575 RAND_bytes(premaster_secret,32); |
| 2576 /* If we have client certificate, use its secret as peer
key */ |
| 2577 if (s->s3->tmp.cert_req && s->cert->key->privatekey) { |
| 2578 if (EVP_PKEY_derive_set_peer(pkey_ctx,s->cert->k
ey->privatekey) <=0) { |
| 2579 /* If there was an error - just ignore i
t. Ephemeral key |
| 2580 * would be used |
| 2581 */ |
| 2582 ERR_clear_error(); |
| 2583 } |
| 2584 } |
| 2585 /* Compute shared IV and store it in algorithm-specific |
| 2586 * context data */ |
| 2587 ukm_hash = EVP_MD_CTX_create(); |
| 2588 EVP_DigestInit(ukm_hash,EVP_get_digestbynid(NID_id_GostR
3411_94)); |
| 2589 EVP_DigestUpdate(ukm_hash,s->s3->client_random,SSL3_RAND
OM_SIZE); |
| 2590 EVP_DigestUpdate(ukm_hash,s->s3->server_random,SSL3_RAND
OM_SIZE); |
| 2591 EVP_DigestFinal_ex(ukm_hash, shared_ukm, &md_len); |
| 2592 EVP_MD_CTX_destroy(ukm_hash); |
| 2593 if (EVP_PKEY_CTX_ctrl(pkey_ctx,-1,EVP_PKEY_OP_ENCRYPT,EV
P_PKEY_CTRL_SET_IV, |
| 2594 8,shared_ukm)<0) { |
| 2595 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHAN
GE, |
| 2596 SSL_R_LIBRARY_BUG); |
| 2597 goto err; |
| 2598 } |
| 2599 /* Make GOST keytransport blob message */ |
| 2600 /*Encapsulate it into sequence */ |
| 2601 *(p++)=V_ASN1_SEQUENCE | V_ASN1_CONSTRUCTED; |
| 2602 msglen=255; |
| 2603 if (EVP_PKEY_encrypt(pkey_ctx,tmp,&msglen,premaster_secr
et,32)<0) { |
| 2604 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, |
| 2605 SSL_R_LIBRARY_BUG); |
| 2606 goto err; |
| 2607 } |
| 2608 if (msglen >= 0x80) |
| 2609 { |
| 2610 *(p++)=0x81; |
| 2611 *(p++)= msglen & 0xff; |
| 2612 n=msglen+3; |
| 2613 } |
| 2614 else |
| 2615 { |
| 2616 *(p++)= msglen & 0xff; |
| 2617 n=msglen+2; |
| 2618 } |
| 2619 memcpy(p, tmp, msglen); |
| 2620 /* Check if pubkey from client certificate was used */ |
| 2621 if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, -1, EVP_PKEY_CTRL_PE
ER_KEY, 2, NULL) > 0) |
| 2622 { |
| 2623 /* Set flag "skip certificate verify" */ |
| 2624 s->s3->flags |= TLS1_FLAGS_SKIP_CERT_VERIFY; |
| 2625 } |
| 2626 EVP_PKEY_CTX_free(pkey_ctx); |
| 2627 s->session->master_key_length= |
| 2628 s->method->ssl3_enc->generate_master_secret(s, |
| 2629 s->session->master_key,premaster_secret,
32); |
| 2630 EVP_PKEY_free(pub_key); |
| 2631 |
| 2632 } |
| 2633 #ifndef OPENSSL_NO_PSK |
| 2634 else if (alg_k & SSL_kPSK) |
| 2635 { |
| 2636 char identity[PSK_MAX_IDENTITY_LEN]; |
| 2637 unsigned char *t = NULL; |
| 2638 unsigned char psk_or_pre_ms[PSK_MAX_PSK_LEN*2+4]; |
| 2639 unsigned int pre_ms_len = 0, psk_len = 0; |
| 2640 int psk_err = 1; |
| 2641 |
| 2642 n = 0; |
| 2643 if (s->psk_client_callback == NULL) |
| 2644 { |
| 2645 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, |
| 2646 SSL_R_PSK_NO_CLIENT_CB); |
| 2647 goto err; |
| 2648 } |
| 2649 |
| 2650 psk_len = s->psk_client_callback(s, s->ctx->psk_identity
_hint, |
| 2651 identity, PSK_MAX_IDENTITY_LEN, |
| 2652 psk_or_pre_ms, sizeof(psk_or_pre_ms)); |
| 2653 if (psk_len > PSK_MAX_PSK_LEN) |
| 2654 { |
| 2655 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, |
| 2656 ERR_R_INTERNAL_ERROR); |
| 2657 goto psk_err; |
| 2658 } |
| 2659 else if (psk_len == 0) |
| 2660 { |
| 2661 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, |
| 2662 SSL_R_PSK_IDENTITY_NOT_FOUND); |
| 2663 goto psk_err; |
| 2664 } |
| 2665 |
| 2666 /* create PSK pre_master_secret */ |
| 2667 pre_ms_len = 2+psk_len+2+psk_len; |
| 2668 t = psk_or_pre_ms; |
| 2669 memmove(psk_or_pre_ms+psk_len+4, psk_or_pre_ms, psk_len)
; |
| 2670 s2n(psk_len, t); |
| 2671 memset(t, 0, psk_len); |
| 2672 t+=psk_len; |
| 2673 s2n(psk_len, t); |
| 2674 |
| 2675 if (s->session->psk_identity_hint != NULL) |
| 2676 OPENSSL_free(s->session->psk_identity_hint); |
| 2677 s->session->psk_identity_hint = BUF_strdup(s->ctx->psk_i
dentity_hint); |
| 2678 if (s->ctx->psk_identity_hint != NULL && |
| 2679 s->session->psk_identity_hint == NULL) |
| 2680 { |
| 2681 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, |
| 2682 ERR_R_MALLOC_FAILURE); |
| 2683 goto psk_err; |
| 2684 } |
| 2685 |
| 2686 if (s->session->psk_identity != NULL) |
| 2687 OPENSSL_free(s->session->psk_identity); |
| 2688 s->session->psk_identity = BUF_strdup(identity); |
| 2689 if (s->session->psk_identity == NULL) |
| 2690 { |
| 2691 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, |
| 2692 ERR_R_MALLOC_FAILURE); |
| 2693 goto psk_err; |
| 2694 } |
| 2695 |
| 2696 s->session->master_key_length = |
| 2697 s->method->ssl3_enc->generate_master_secret(s, |
| 2698 s->session->master_key, |
| 2699 psk_or_pre_ms, pre_ms_len); |
| 2700 n = strlen(identity); |
| 2701 s2n(n, p); |
| 2702 memcpy(p, identity, n); |
| 2703 n+=2; |
| 2704 psk_err = 0; |
| 2705 psk_err: |
| 2706 OPENSSL_cleanse(identity, PSK_MAX_IDENTITY_LEN); |
| 2707 OPENSSL_cleanse(psk_or_pre_ms, sizeof(psk_or_pre_ms)); |
| 2708 if (psk_err != 0) |
| 2709 { |
| 2710 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHA
KE_FAILURE); |
| 2711 goto err; |
| 2712 } |
| 2713 } |
| 2714 #endif |
2389 else | 2715 else |
2390 { | 2716 { |
2391 ssl3_send_alert(s, SSL3_AL_FATAL, | 2717 ssl3_send_alert(s, SSL3_AL_FATAL, |
2392 SSL_AD_HANDSHAKE_FAILURE); | 2718 SSL_AD_HANDSHAKE_FAILURE); |
2393 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, | 2719 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, |
2394 ERR_R_INTERNAL_ERROR); | 2720 ERR_R_INTERNAL_ERROR); |
2395 goto err; | 2721 goto err; |
2396 } | 2722 } |
2397 | 2723 |
2398 *(d++)=SSL3_MT_CLIENT_KEY_EXCHANGE; | 2724 *(d++)=SSL3_MT_CLIENT_KEY_EXCHANGE; |
(...skipping 16 matching lines...) Expand all Loading... |
2415 EVP_PKEY_free(srvr_pub_pkey); | 2741 EVP_PKEY_free(srvr_pub_pkey); |
2416 #endif | 2742 #endif |
2417 return(-1); | 2743 return(-1); |
2418 } | 2744 } |
2419 | 2745 |
2420 int ssl3_send_client_verify(SSL *s) | 2746 int ssl3_send_client_verify(SSL *s) |
2421 { | 2747 { |
2422 unsigned char *p,*d; | 2748 unsigned char *p,*d; |
2423 unsigned char data[MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH]; | 2749 unsigned char data[MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH]; |
2424 EVP_PKEY *pkey; | 2750 EVP_PKEY *pkey; |
| 2751 EVP_PKEY_CTX *pctx=NULL; |
2425 #ifndef OPENSSL_NO_RSA | 2752 #ifndef OPENSSL_NO_RSA |
2426 unsigned u=0; | 2753 unsigned u=0; |
2427 #endif | 2754 #endif |
2428 unsigned long n; | 2755 unsigned long n; |
2429 #if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECDSA) | |
2430 int j; | 2756 int j; |
2431 #endif | |
2432 | 2757 |
2433 if (s->state == SSL3_ST_CW_CERT_VRFY_A) | 2758 if (s->state == SSL3_ST_CW_CERT_VRFY_A) |
2434 { | 2759 { |
2435 d=(unsigned char *)s->init_buf->data; | 2760 d=(unsigned char *)s->init_buf->data; |
2436 p= &(d[4]); | 2761 p= &(d[4]); |
2437 pkey=s->cert->key->privatekey; | 2762 pkey=s->cert->key->privatekey; |
2438 | 2763 /* Create context from key and test if sha1 is allowed as digest */ |
2439 » » s->method->ssl3_enc->cert_verify_mac(s,&(s->s3->finish_dgst2), | 2764 » » pctx = EVP_PKEY_CTX_new(pkey,NULL); |
2440 » » » &(data[MD5_DIGEST_LENGTH])); | 2765 » » EVP_PKEY_sign_init(pctx); |
2441 | 2766 » » if (EVP_PKEY_CTX_set_signature_md(pctx, EVP_sha1())>0) |
| 2767 » » » { |
| 2768 » » » s->method->ssl3_enc->cert_verify_mac(s, |
| 2769 » » » » » » NID_sha1, |
| 2770 » » » » » » &(data[MD5_DIGEST_LENGTH])); |
| 2771 » » » } |
| 2772 » » else |
| 2773 » » » { |
| 2774 » » » ERR_clear_error(); |
| 2775 » » » } |
2442 #ifndef OPENSSL_NO_RSA | 2776 #ifndef OPENSSL_NO_RSA |
2443 if (pkey->type == EVP_PKEY_RSA) | 2777 if (pkey->type == EVP_PKEY_RSA) |
2444 { | 2778 { |
2445 s->method->ssl3_enc->cert_verify_mac(s, | 2779 s->method->ssl3_enc->cert_verify_mac(s, |
2446 » » » » &(s->s3->finish_dgst1),&(data[0])); | 2780 » » » » NID_md5, |
| 2781 » » » » &(data[0])); |
2447 if (RSA_sign(NID_md5_sha1, data, | 2782 if (RSA_sign(NID_md5_sha1, data, |
2448 MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH, | 2783 MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH, |
2449 &(p[2]), &u, pkey->pkey.rsa) <= 0 ) | 2784 &(p[2]), &u, pkey->pkey.rsa) <= 0 ) |
2450 { | 2785 { |
2451 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,ERR_R_RSA_L
IB); | 2786 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,ERR_R_RSA_L
IB); |
2452 goto err; | 2787 goto err; |
2453 } | 2788 } |
2454 s2n(u,p); | 2789 s2n(u,p); |
2455 n=u+2; | 2790 n=u+2; |
2456 } | 2791 } |
(...skipping 25 matching lines...) Expand all Loading... |
2482 { | 2817 { |
2483 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, | 2818 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, |
2484 ERR_R_ECDSA_LIB); | 2819 ERR_R_ECDSA_LIB); |
2485 goto err; | 2820 goto err; |
2486 } | 2821 } |
2487 s2n(j,p); | 2822 s2n(j,p); |
2488 n=j+2; | 2823 n=j+2; |
2489 } | 2824 } |
2490 else | 2825 else |
2491 #endif | 2826 #endif |
2492 » » » { | 2827 » » if (pkey->type == NID_id_GostR3410_94 || pkey->type == NID_id_Go
stR3410_2001) |
| 2828 » » { |
| 2829 » » unsigned char signbuf[64]; |
| 2830 » » int i; |
| 2831 » » size_t sigsize=64; |
| 2832 » » s->method->ssl3_enc->cert_verify_mac(s, |
| 2833 » » » NID_id_GostR3411_94, |
| 2834 » » » data); |
| 2835 » » if (EVP_PKEY_sign(pctx, signbuf, &sigsize, data, 32) <= 0) { |
| 2836 » » » SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, |
| 2837 » » » ERR_R_INTERNAL_ERROR); |
| 2838 » » » goto err; |
| 2839 » » } |
| 2840 » » for (i=63,j=0; i>=0; j++, i--) { |
| 2841 » » » p[2+j]=signbuf[i]; |
| 2842 » » }» |
| 2843 » » s2n(j,p); |
| 2844 » » n=j+2; |
| 2845 » » } |
| 2846 » » else |
| 2847 » » { |
2493 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,ERR_R_INTERNAL_ERRO
R); | 2848 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,ERR_R_INTERNAL_ERRO
R); |
2494 goto err; | 2849 goto err; |
2495 » » » } | 2850 » » } |
2496 *(d++)=SSL3_MT_CERTIFICATE_VERIFY; | 2851 *(d++)=SSL3_MT_CERTIFICATE_VERIFY; |
2497 l2n3(n,d); | 2852 l2n3(n,d); |
2498 | 2853 |
2499 s->state=SSL3_ST_CW_CERT_VRFY_B; | 2854 s->state=SSL3_ST_CW_CERT_VRFY_B; |
2500 s->init_num=(int)n+4; | 2855 s->init_num=(int)n+4; |
2501 s->init_off=0; | 2856 s->init_off=0; |
2502 } | 2857 } |
| 2858 EVP_PKEY_CTX_free(pctx); |
2503 return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); | 2859 return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); |
2504 err: | 2860 err: |
| 2861 EVP_PKEY_CTX_free(pctx); |
2505 return(-1); | 2862 return(-1); |
2506 } | 2863 } |
2507 | 2864 |
2508 int ssl3_send_client_certificate(SSL *s) | 2865 int ssl3_send_client_certificate(SSL *s) |
2509 { | 2866 { |
2510 X509 *x509=NULL; | 2867 X509 *x509=NULL; |
2511 EVP_PKEY *pkey=NULL; | 2868 EVP_PKEY *pkey=NULL; |
2512 int i; | 2869 int i; |
2513 unsigned long l; | 2870 unsigned long l; |
2514 | 2871 |
(...skipping 64 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
2579 } | 2936 } |
2580 /* SSL3_ST_CW_CERT_D */ | 2937 /* SSL3_ST_CW_CERT_D */ |
2581 return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); | 2938 return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); |
2582 } | 2939 } |
2583 | 2940 |
2584 #define has_bits(i,m) (((i)&(m)) == (m)) | 2941 #define has_bits(i,m) (((i)&(m)) == (m)) |
2585 | 2942 |
2586 int ssl3_check_cert_and_algorithm(SSL *s) | 2943 int ssl3_check_cert_and_algorithm(SSL *s) |
2587 { | 2944 { |
2588 int i,idx; | 2945 int i,idx; |
2589 » long algs; | 2946 » long alg_k,alg_a; |
2590 EVP_PKEY *pkey=NULL; | 2947 EVP_PKEY *pkey=NULL; |
2591 SESS_CERT *sc; | 2948 SESS_CERT *sc; |
2592 #ifndef OPENSSL_NO_RSA | 2949 #ifndef OPENSSL_NO_RSA |
2593 RSA *rsa; | 2950 RSA *rsa; |
2594 #endif | 2951 #endif |
2595 #ifndef OPENSSL_NO_DH | 2952 #ifndef OPENSSL_NO_DH |
2596 DH *dh; | 2953 DH *dh; |
2597 #endif | 2954 #endif |
2598 | 2955 |
2599 » sc=s->session->sess_cert; | 2956 » alg_k=s->s3->tmp.new_cipher->algorithm_mkey; |
2600 | 2957 » alg_a=s->s3->tmp.new_cipher->algorithm_auth; |
2601 » algs=s->s3->tmp.new_cipher->algorithms; | |
2602 | 2958 |
2603 /* we don't have a certificate */ | 2959 /* we don't have a certificate */ |
2604 » if (algs & (SSL_aDH|SSL_aNULL|SSL_aKRB5)) | 2960 » if ((alg_a & (SSL_aDH|SSL_aNULL|SSL_aKRB5)) || (alg_k & SSL_kPSK)) |
2605 return(1); | 2961 return(1); |
2606 | 2962 |
| 2963 sc=s->session->sess_cert; |
2607 if (sc == NULL) | 2964 if (sc == NULL) |
2608 { | 2965 { |
2609 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,ERR_R_INTERNAL_ERROR)
; | 2966 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,ERR_R_INTERNAL_ERROR)
; |
2610 goto err; | 2967 goto err; |
2611 } | 2968 } |
2612 | 2969 |
2613 #ifndef OPENSSL_NO_RSA | 2970 #ifndef OPENSSL_NO_RSA |
2614 rsa=s->session->sess_cert->peer_rsa_tmp; | 2971 rsa=s->session->sess_cert->peer_rsa_tmp; |
2615 #endif | 2972 #endif |
2616 #ifndef OPENSSL_NO_DH | 2973 #ifndef OPENSSL_NO_DH |
2617 dh=s->session->sess_cert->peer_dh_tmp; | 2974 dh=s->session->sess_cert->peer_dh_tmp; |
2618 #endif | 2975 #endif |
2619 | 2976 |
2620 /* This is the passed certificate */ | 2977 /* This is the passed certificate */ |
2621 | 2978 |
2622 idx=sc->peer_cert_type; | 2979 idx=sc->peer_cert_type; |
2623 #ifndef OPENSSL_NO_ECDH | 2980 #ifndef OPENSSL_NO_ECDH |
2624 if (idx == SSL_PKEY_ECC) | 2981 if (idx == SSL_PKEY_ECC) |
2625 { | 2982 { |
2626 » » if (check_srvr_ecc_cert_and_alg(sc->peer_pkeys[idx].x509, | 2983 » » if (ssl_check_srvr_ecc_cert_and_alg(sc->peer_pkeys[idx].x509, |
2627 s->s3->tmp.new_cipher) == 0) | 2984 s->s3->tmp.new_cipher) == 0) |
2628 { /* check failed */ | 2985 { /* check failed */ |
2629 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_BAD_ECC
_CERT); | 2986 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_BAD_ECC
_CERT); |
2630 » » » goto f_err;» » » | 2987 » » » goto f_err; |
2631 } | 2988 } |
2632 else | 2989 else |
2633 { | 2990 { |
2634 return 1; | 2991 return 1; |
2635 } | 2992 } |
2636 } | 2993 } |
2637 #endif | 2994 #endif |
2638 pkey=X509_get_pubkey(sc->peer_pkeys[idx].x509); | 2995 pkey=X509_get_pubkey(sc->peer_pkeys[idx].x509); |
2639 i=X509_certificate_type(sc->peer_pkeys[idx].x509,pkey); | 2996 i=X509_certificate_type(sc->peer_pkeys[idx].x509,pkey); |
2640 EVP_PKEY_free(pkey); | 2997 EVP_PKEY_free(pkey); |
2641 | 2998 |
2642 | 2999 |
2643 /* Check that we have a certificate if we require one */ | 3000 /* Check that we have a certificate if we require one */ |
2644 » if ((algs & SSL_aRSA) && !has_bits(i,EVP_PK_RSA|EVP_PKT_SIGN)) | 3001 » if ((alg_a & SSL_aRSA) && !has_bits(i,EVP_PK_RSA|EVP_PKT_SIGN)) |
2645 { | 3002 { |
2646 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_RSA_SIG
NING_CERT); | 3003 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_RSA_SIG
NING_CERT); |
2647 goto f_err; | 3004 goto f_err; |
2648 } | 3005 } |
2649 #ifndef OPENSSL_NO_DSA | 3006 #ifndef OPENSSL_NO_DSA |
2650 » else if ((algs & SSL_aDSS) && !has_bits(i,EVP_PK_DSA|EVP_PKT_SIGN)) | 3007 » else if ((alg_a & SSL_aDSS) && !has_bits(i,EVP_PK_DSA|EVP_PKT_SIGN)) |
2651 { | 3008 { |
2652 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DSA_SIG
NING_CERT); | 3009 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DSA_SIG
NING_CERT); |
2653 goto f_err; | 3010 goto f_err; |
2654 } | 3011 } |
2655 #endif | 3012 #endif |
2656 #ifndef OPENSSL_NO_RSA | 3013 #ifndef OPENSSL_NO_RSA |
2657 » if ((algs & SSL_kRSA) && | 3014 » if ((alg_k & SSL_kRSA) && |
2658 !(has_bits(i,EVP_PK_RSA|EVP_PKT_ENC) || (rsa != NULL))) | 3015 !(has_bits(i,EVP_PK_RSA|EVP_PKT_ENC) || (rsa != NULL))) |
2659 { | 3016 { |
2660 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_RSA_ENC
RYPTING_CERT); | 3017 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_RSA_ENC
RYPTING_CERT); |
2661 goto f_err; | 3018 goto f_err; |
2662 } | 3019 } |
2663 #endif | 3020 #endif |
2664 #ifndef OPENSSL_NO_DH | 3021 #ifndef OPENSSL_NO_DH |
2665 » if ((algs & SSL_kEDH) && | 3022 » if ((alg_k & SSL_kEDH) && |
2666 !(has_bits(i,EVP_PK_DH|EVP_PKT_EXCH) || (dh != NULL))) | 3023 !(has_bits(i,EVP_PK_DH|EVP_PKT_EXCH) || (dh != NULL))) |
2667 { | 3024 { |
2668 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_KEY)
; | 3025 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_KEY)
; |
2669 goto f_err; | 3026 goto f_err; |
2670 } | 3027 } |
2671 » else if ((algs & SSL_kDHr) && !has_bits(i,EVP_PK_DH|EVP_PKS_RSA)) | 3028 » else if ((alg_k & SSL_kDHr) && !has_bits(i,EVP_PK_DH|EVP_PKS_RSA)) |
2672 { | 3029 { |
2673 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_RSA_
CERT); | 3030 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_RSA_
CERT); |
2674 goto f_err; | 3031 goto f_err; |
2675 } | 3032 } |
2676 #ifndef OPENSSL_NO_DSA | 3033 #ifndef OPENSSL_NO_DSA |
2677 » else if ((algs & SSL_kDHd) && !has_bits(i,EVP_PK_DH|EVP_PKS_DSA)) | 3034 » else if ((alg_k & SSL_kDHd) && !has_bits(i,EVP_PK_DH|EVP_PKS_DSA)) |
2678 { | 3035 { |
2679 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_DSA_
CERT); | 3036 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_DSA_
CERT); |
2680 goto f_err; | 3037 goto f_err; |
2681 } | 3038 } |
2682 #endif | 3039 #endif |
2683 #endif | 3040 #endif |
2684 | 3041 |
2685 if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && !has_bits(i,EVP_PKT_EXP)) | 3042 if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && !has_bits(i,EVP_PKT_EXP)) |
2686 { | 3043 { |
2687 #ifndef OPENSSL_NO_RSA | 3044 #ifndef OPENSSL_NO_RSA |
2688 » » if (algs & SSL_kRSA) | 3045 » » if (alg_k & SSL_kRSA) |
2689 { | 3046 { |
2690 if (rsa == NULL | 3047 if (rsa == NULL |
2691 || RSA_size(rsa)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->
tmp.new_cipher)) | 3048 || RSA_size(rsa)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->
tmp.new_cipher)) |
2692 { | 3049 { |
2693 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R
_MISSING_EXPORT_TMP_RSA_KEY); | 3050 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R
_MISSING_EXPORT_TMP_RSA_KEY); |
2694 goto f_err; | 3051 goto f_err; |
2695 } | 3052 } |
2696 } | 3053 } |
2697 else | 3054 else |
2698 #endif | 3055 #endif |
2699 #ifndef OPENSSL_NO_DH | 3056 #ifndef OPENSSL_NO_DH |
2700 » » » if (algs & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) | 3057 » » » if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) |
2701 { | 3058 { |
2702 if (dh == NULL | 3059 if (dh == NULL |
2703 || DH_size(dh)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3
->tmp.new_cipher)) | 3060 || DH_size(dh)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3
->tmp.new_cipher)) |
2704 { | 3061 { |
2705 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R
_MISSING_EXPORT_TMP_DH_KEY); | 3062 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R
_MISSING_EXPORT_TMP_DH_KEY); |
2706 goto f_err; | 3063 goto f_err; |
2707 } | 3064 } |
2708 } | 3065 } |
2709 else | 3066 else |
2710 #endif | 3067 #endif |
2711 { | 3068 { |
2712 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_UNKNOWN
_KEY_EXCHANGE_TYPE); | 3069 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_UNKNOWN
_KEY_EXCHANGE_TYPE); |
2713 goto f_err; | 3070 goto f_err; |
2714 } | 3071 } |
2715 } | 3072 } |
2716 return(1); | 3073 return(1); |
2717 f_err: | 3074 f_err: |
2718 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE); | 3075 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE); |
2719 err: | 3076 err: |
2720 return(0); | 3077 return(0); |
2721 } | 3078 } |
2722 | 3079 |
| 3080 /* Check to see if handshake is full or resumed. Usually this is just a |
| 3081 * case of checking to see if a cache hit has occurred. In the case of |
| 3082 * session tickets we have to check the next message to be sure. |
| 3083 */ |
2723 | 3084 |
2724 #ifndef OPENSSL_NO_ECDH | 3085 #ifndef OPENSSL_NO_TLSEXT |
2725 /* This is the complement of nid2curve_id in s3_srvr.c. */ | 3086 # ifndef OPENSSL_NO_NEXTPROTONEG |
2726 static int curve_id2nid(int curve_id) | |
2727 { | |
2728 » /* ECC curves from draft-ietf-tls-ecc-01.txt (Mar 15, 2001) | |
2729 » * (no changes in draft-ietf-tls-ecc-03.txt [June 2003]) */ | |
2730 » static int nid_list[26] = | |
2731 » { | |
2732 » » 0, | |
2733 » » NID_sect163k1, /* sect163k1 (1) */ | |
2734 » » NID_sect163r1, /* sect163r1 (2) */ | |
2735 » » NID_sect163r2, /* sect163r2 (3) */ | |
2736 » » NID_sect193r1, /* sect193r1 (4) */ | |
2737 » » NID_sect193r2, /* sect193r2 (5) */ | |
2738 » » NID_sect233k1, /* sect233k1 (6) */ | |
2739 » » NID_sect233r1, /* sect233r1 (7) */ | |
2740 » » NID_sect239k1, /* sect239k1 (8) */ | |
2741 » » NID_sect283k1, /* sect283k1 (9) */ | |
2742 » » NID_sect283r1, /* sect283r1 (10) */ | |
2743 » » NID_sect409k1, /* sect409k1 (11) */ | |
2744 » » NID_sect409r1, /* sect409r1 (12) */ | |
2745 » » NID_sect571k1, /* sect571k1 (13) */ | |
2746 » » NID_sect571r1, /* sect571r1 (14) */ | |
2747 » » NID_secp160k1, /* secp160k1 (15) */ | |
2748 » » NID_secp160r1, /* secp160r1 (16) */ | |
2749 » » NID_secp160r2, /* secp160r2 (17) */ | |
2750 » » NID_secp192k1, /* secp192k1 (18) */ | |
2751 » » NID_X9_62_prime192v1, /* secp192r1 (19) */ | |
2752 » » NID_secp224k1, /* secp224k1 (20) */ | |
2753 » » NID_secp224r1, /* secp224r1 (21) */ | |
2754 » » NID_secp256k1, /* secp256k1 (22) */ | |
2755 » » NID_X9_62_prime256v1, /* secp256r1 (23) */ | |
2756 » » NID_secp384r1, /* secp384r1 (24) */ | |
2757 » » NID_secp521r1 /* secp521r1 (25) */» | |
2758 » }; | |
2759 » | |
2760 » if ((curve_id < 1) || (curve_id > 25)) return 0; | |
2761 | |
2762 » return nid_list[curve_id]; | |
2763 } | |
2764 #endif | |
2765 | |
2766 int ssl3_send_next_proto(SSL *s) | 3087 int ssl3_send_next_proto(SSL *s) |
2767 { | 3088 { |
2768 unsigned int len, padding_len; | 3089 unsigned int len, padding_len; |
2769 unsigned char *d; | 3090 unsigned char *d; |
2770 | 3091 |
2771 if (s->state == SSL3_ST_CW_NEXT_PROTO_A) | 3092 if (s->state == SSL3_ST_CW_NEXT_PROTO_A) |
2772 { | 3093 { |
2773 len = s->next_proto_negotiated_len; | 3094 len = s->next_proto_negotiated_len; |
2774 padding_len = 32 - ((len + 2) % 32); | 3095 padding_len = 32 - ((len + 2) % 32); |
2775 d = (unsigned char *)s->init_buf->data; | 3096 d = (unsigned char *)s->init_buf->data; |
2776 d[4] = len; | 3097 d[4] = len; |
2777 memcpy(d + 5, s->next_proto_negotiated, len); | 3098 memcpy(d + 5, s->next_proto_negotiated, len); |
2778 d[5 + len] = padding_len; | 3099 d[5 + len] = padding_len; |
2779 memset(d + 6 + len, 0, padding_len); | 3100 memset(d + 6 + len, 0, padding_len); |
2780 *(d++)=SSL3_MT_NEXT_PROTO; | 3101 *(d++)=SSL3_MT_NEXT_PROTO; |
2781 l2n3(2 + len + padding_len, d); | 3102 l2n3(2 + len + padding_len, d); |
2782 s->state = SSL3_ST_CW_NEXT_PROTO_B; | 3103 s->state = SSL3_ST_CW_NEXT_PROTO_B; |
2783 s->init_num = 4 + 2 + len + padding_len; | 3104 s->init_num = 4 + 2 + len + padding_len; |
2784 s->init_off = 0; | 3105 s->init_off = 0; |
2785 } | 3106 } |
2786 | 3107 |
2787 return ssl3_do_write(s, SSL3_RT_HANDSHAKE); | 3108 return ssl3_do_write(s, SSL3_RT_HANDSHAKE); |
2788 } | 3109 » } |
| 3110 # endif |
2789 | 3111 |
2790 /* Check to see if handshake is full or resumed. Usually this is just a | |
2791 * case of checking to see if a cache hit has occurred. In the case of | |
2792 * session tickets we have to check the next message to be sure. | |
2793 */ | |
2794 | |
2795 #ifndef OPENSSL_NO_TLSEXT | |
2796 int ssl3_check_finished(SSL *s) | 3112 int ssl3_check_finished(SSL *s) |
2797 { | 3113 { |
2798 int ok; | 3114 int ok; |
2799 long n; | 3115 long n; |
2800 » /* If we have no ticket or session ID is non-zero length (a match of | 3116 » /* If we have no ticket it cannot be a resumed session. */ |
2801 » * a non-zero session length would never reach here) it cannot be a | 3117 » if (!s->session->tlsext_tick) |
2802 » * resumed session. | |
2803 » */ | |
2804 » if (!s->session->tlsext_tick || s->session->session_id_length) | |
2805 return 1; | 3118 return 1; |
2806 /* this function is called when we really expect a Certificate | 3119 /* this function is called when we really expect a Certificate |
2807 * message, so permit appropriate message length */ | 3120 * message, so permit appropriate message length */ |
2808 n=s->method->ssl_get_message(s, | 3121 n=s->method->ssl_get_message(s, |
2809 SSL3_ST_CR_CERT_A, | 3122 SSL3_ST_CR_CERT_A, |
2810 SSL3_ST_CR_CERT_B, | 3123 SSL3_ST_CR_CERT_B, |
2811 -1, | 3124 -1, |
2812 s->max_cert_list, | 3125 s->max_cert_list, |
2813 &ok); | 3126 &ok); |
2814 if (!ok) return((int)n); | 3127 if (!ok) return((int)n); |
(...skipping 16 matching lines...) Expand all Loading... |
2831 SSL_get_client_CA_list(s), | 3144 SSL_get_client_CA_list(s), |
2832 px509, ppkey, NULL, NULL, NULL); | 3145 px509, ppkey, NULL, NULL, NULL); |
2833 if (i != 0) | 3146 if (i != 0) |
2834 return i; | 3147 return i; |
2835 } | 3148 } |
2836 #endif | 3149 #endif |
2837 if (s->ctx->client_cert_cb) | 3150 if (s->ctx->client_cert_cb) |
2838 i = s->ctx->client_cert_cb(s,px509,ppkey); | 3151 i = s->ctx->client_cert_cb(s,px509,ppkey); |
2839 return i; | 3152 return i; |
2840 } | 3153 } |
OLD | NEW |