2
0

s2_srvr.c 30 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096109710981099110011011102110311041105110611071108110911101111111211131114111511161117111811191120112111221123
  1. /* ssl/s2_srvr.c */
  2. /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  3. * All rights reserved.
  4. *
  5. * This package is an SSL implementation written
  6. * by Eric Young (eay@cryptsoft.com).
  7. * The implementation was written so as to conform with Netscapes SSL.
  8. *
  9. * This library is free for commercial and non-commercial use as long as
  10. * the following conditions are aheared to. The following conditions
  11. * apply to all code found in this distribution, be it the RC4, RSA,
  12. * lhash, DES, etc., code; not just the SSL code. The SSL documentation
  13. * included with this distribution is covered by the same copyright terms
  14. * except that the holder is Tim Hudson (tjh@cryptsoft.com).
  15. *
  16. * Copyright remains Eric Young's, and as such any Copyright notices in
  17. * the code are not to be removed.
  18. * If this package is used in a product, Eric Young should be given attribution
  19. * as the author of the parts of the library used.
  20. * This can be in the form of a textual message at program startup or
  21. * in documentation (online or textual) provided with the package.
  22. *
  23. * Redistribution and use in source and binary forms, with or without
  24. * modification, are permitted provided that the following conditions
  25. * are met:
  26. * 1. Redistributions of source code must retain the copyright
  27. * notice, this list of conditions and the following disclaimer.
  28. * 2. Redistributions in binary form must reproduce the above copyright
  29. * notice, this list of conditions and the following disclaimer in the
  30. * documentation and/or other materials provided with the distribution.
  31. * 3. All advertising materials mentioning features or use of this software
  32. * must display the following acknowledgement:
  33. * "This product includes cryptographic software written by
  34. * Eric Young (eay@cryptsoft.com)"
  35. * The word 'cryptographic' can be left out if the rouines from the library
  36. * being used are not cryptographic related :-).
  37. * 4. If you include any Windows specific code (or a derivative thereof) from
  38. * the apps directory (application code) you must include an acknowledgement:
  39. * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
  40. *
  41. * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  42. * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  43. * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  44. * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
  45. * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  46. * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  47. * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  48. * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  49. * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  50. * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  51. * SUCH DAMAGE.
  52. *
  53. * The licence and distribution terms for any publically available version or
  54. * derivative of this code cannot be changed. i.e. this code cannot simply be
  55. * copied and put under another distribution licence
  56. * [including the GNU Public Licence.]
  57. */
  58. /* ====================================================================
  59. * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
  60. *
  61. * Redistribution and use in source and binary forms, with or without
  62. * modification, are permitted provided that the following conditions
  63. * are met:
  64. *
  65. * 1. Redistributions of source code must retain the above copyright
  66. * notice, this list of conditions and the following disclaimer.
  67. *
  68. * 2. Redistributions in binary form must reproduce the above copyright
  69. * notice, this list of conditions and the following disclaimer in
  70. * the documentation and/or other materials provided with the
  71. * distribution.
  72. *
  73. * 3. All advertising materials mentioning features or use of this
  74. * software must display the following acknowledgment:
  75. * "This product includes software developed by the OpenSSL Project
  76. * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
  77. *
  78. * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
  79. * endorse or promote products derived from this software without
  80. * prior written permission. For written permission, please contact
  81. * openssl-core@openssl.org.
  82. *
  83. * 5. Products derived from this software may not be called "OpenSSL"
  84. * nor may "OpenSSL" appear in their names without prior written
  85. * permission of the OpenSSL Project.
  86. *
  87. * 6. Redistributions of any form whatsoever must retain the following
  88. * acknowledgment:
  89. * "This product includes software developed by the OpenSSL Project
  90. * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
  91. *
  92. * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
  93. * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  94. * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
  95. * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
  96. * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  97. * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
  98. * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
  99. * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  100. * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
  101. * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
  102. * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
  103. * OF THE POSSIBILITY OF SUCH DAMAGE.
  104. * ====================================================================
  105. *
  106. * This product includes cryptographic software written by Eric Young
  107. * (eay@cryptsoft.com). This product includes software written by Tim
  108. * Hudson (tjh@cryptsoft.com).
  109. *
  110. */
  111. #include "ssl_locl.h"
  112. #ifndef NO_SSL2
  113. #include <stdio.h>
  114. #include <openssl/bio.h>
  115. #include <openssl/rand.h>
  116. #include <openssl/objects.h>
  117. #include <openssl/evp.h>
  118. #include "cryptlib.h"
  119. static SSL_METHOD *ssl2_get_server_method(int ver);
  120. static int get_client_master_key(SSL *s);
  121. static int get_client_hello(SSL *s);
  122. static int server_hello(SSL *s);
  123. static int get_client_finished(SSL *s);
  124. static int server_verify(SSL *s);
  125. static int server_finish(SSL *s);
  126. static int request_certificate(SSL *s);
  127. static int ssl_rsa_private_decrypt(CERT *c, int len, unsigned char *from,
  128. unsigned char *to,int padding);
  129. #define BREAK break
  130. static SSL_METHOD *ssl2_get_server_method(int ver)
  131. {
  132. if (ver == SSL2_VERSION)
  133. return(SSLv2_server_method());
  134. else
  135. return(NULL);
  136. }
  137. SSL_METHOD *SSLv2_server_method(void)
  138. {
  139. static int init=1;
  140. static SSL_METHOD SSLv2_server_data;
  141. if (init)
  142. {
  143. CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
  144. if (init)
  145. {
  146. memcpy((char *)&SSLv2_server_data,(char *)sslv2_base_method(),
  147. sizeof(SSL_METHOD));
  148. SSLv2_server_data.ssl_accept=ssl2_accept;
  149. SSLv2_server_data.get_ssl_method=ssl2_get_server_method;
  150. init=0;
  151. }
  152. CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
  153. }
  154. return(&SSLv2_server_data);
  155. }
  156. int ssl2_accept(SSL *s)
  157. {
  158. unsigned long l=time(NULL);
  159. BUF_MEM *buf=NULL;
  160. int ret= -1;
  161. long num1;
  162. void (*cb)()=NULL;
  163. int new_state,state;
  164. RAND_add(&l,sizeof(l),0);
  165. ERR_clear_error();
  166. clear_sys_error();
  167. if (s->info_callback != NULL)
  168. cb=s->info_callback;
  169. else if (s->ctx->info_callback != NULL)
  170. cb=s->ctx->info_callback;
  171. /* init things to blank */
  172. s->in_handshake++;
  173. if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
  174. if (s->cert == NULL)
  175. {
  176. SSLerr(SSL_F_SSL2_ACCEPT,SSL_R_NO_CERTIFICATE_SET);
  177. return(-1);
  178. }
  179. clear_sys_error();
  180. for (;;)
  181. {
  182. state=s->state;
  183. switch (s->state)
  184. {
  185. case SSL_ST_BEFORE:
  186. case SSL_ST_ACCEPT:
  187. case SSL_ST_BEFORE|SSL_ST_ACCEPT:
  188. case SSL_ST_OK|SSL_ST_ACCEPT:
  189. s->server=1;
  190. if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
  191. s->version=SSL2_VERSION;
  192. s->type=SSL_ST_ACCEPT;
  193. buf=s->init_buf;
  194. if ((buf == NULL) && ((buf=BUF_MEM_new()) == NULL))
  195. { ret= -1; goto end; }
  196. if (!BUF_MEM_grow(buf,(int)
  197. SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER))
  198. { ret= -1; goto end; }
  199. s->init_buf=buf;
  200. s->init_num=0;
  201. s->ctx->stats.sess_accept++;
  202. s->handshake_func=ssl2_accept;
  203. s->state=SSL2_ST_GET_CLIENT_HELLO_A;
  204. BREAK;
  205. case SSL2_ST_GET_CLIENT_HELLO_A:
  206. case SSL2_ST_GET_CLIENT_HELLO_B:
  207. case SSL2_ST_GET_CLIENT_HELLO_C:
  208. s->shutdown=0;
  209. ret=get_client_hello(s);
  210. if (ret <= 0) goto end;
  211. s->init_num=0;
  212. s->state=SSL2_ST_SEND_SERVER_HELLO_A;
  213. BREAK;
  214. case SSL2_ST_SEND_SERVER_HELLO_A:
  215. case SSL2_ST_SEND_SERVER_HELLO_B:
  216. ret=server_hello(s);
  217. if (ret <= 0) goto end;
  218. s->init_num=0;
  219. if (!s->hit)
  220. {
  221. s->state=SSL2_ST_GET_CLIENT_MASTER_KEY_A;
  222. BREAK;
  223. }
  224. else
  225. {
  226. s->state=SSL2_ST_SERVER_START_ENCRYPTION;
  227. BREAK;
  228. }
  229. case SSL2_ST_GET_CLIENT_MASTER_KEY_A:
  230. case SSL2_ST_GET_CLIENT_MASTER_KEY_B:
  231. ret=get_client_master_key(s);
  232. if (ret <= 0) goto end;
  233. s->init_num=0;
  234. s->state=SSL2_ST_SERVER_START_ENCRYPTION;
  235. BREAK;
  236. case SSL2_ST_SERVER_START_ENCRYPTION:
  237. /* Ok we how have sent all the stuff needed to
  238. * start encrypting, the next packet back will
  239. * be encrypted. */
  240. if (!ssl2_enc_init(s,0))
  241. { ret= -1; goto end; }
  242. s->s2->clear_text=0;
  243. s->state=SSL2_ST_SEND_SERVER_VERIFY_A;
  244. BREAK;
  245. case SSL2_ST_SEND_SERVER_VERIFY_A:
  246. case SSL2_ST_SEND_SERVER_VERIFY_B:
  247. ret=server_verify(s);
  248. if (ret <= 0) goto end;
  249. s->init_num=0;
  250. if (s->hit)
  251. {
  252. /* If we are in here, we have been
  253. * buffering the output, so we need to
  254. * flush it and remove buffering from
  255. * future traffic */
  256. s->state=SSL2_ST_SEND_SERVER_VERIFY_C;
  257. BREAK;
  258. }
  259. else
  260. {
  261. s->state=SSL2_ST_GET_CLIENT_FINISHED_A;
  262. break;
  263. }
  264. case SSL2_ST_SEND_SERVER_VERIFY_C:
  265. /* get the number of bytes to write */
  266. num1=BIO_ctrl(s->wbio,BIO_CTRL_INFO,0,NULL);
  267. if (num1 != 0)
  268. {
  269. s->rwstate=SSL_WRITING;
  270. num1=BIO_flush(s->wbio);
  271. if (num1 <= 0) { ret= -1; goto end; }
  272. s->rwstate=SSL_NOTHING;
  273. }
  274. /* flushed and now remove buffering */
  275. s->wbio=BIO_pop(s->wbio);
  276. s->state=SSL2_ST_GET_CLIENT_FINISHED_A;
  277. BREAK;
  278. case SSL2_ST_GET_CLIENT_FINISHED_A:
  279. case SSL2_ST_GET_CLIENT_FINISHED_B:
  280. ret=get_client_finished(s);
  281. if (ret <= 0)
  282. goto end;
  283. s->init_num=0;
  284. s->state=SSL2_ST_SEND_REQUEST_CERTIFICATE_A;
  285. BREAK;
  286. case SSL2_ST_SEND_REQUEST_CERTIFICATE_A:
  287. case SSL2_ST_SEND_REQUEST_CERTIFICATE_B:
  288. case SSL2_ST_SEND_REQUEST_CERTIFICATE_C:
  289. case SSL2_ST_SEND_REQUEST_CERTIFICATE_D:
  290. /* don't do a 'request certificate' if we
  291. * don't want to, or we already have one, and
  292. * we only want to do it once. */
  293. if (!(s->verify_mode & SSL_VERIFY_PEER) ||
  294. ((s->session->peer != NULL) &&
  295. (s->verify_mode & SSL_VERIFY_CLIENT_ONCE)))
  296. {
  297. s->state=SSL2_ST_SEND_SERVER_FINISHED_A;
  298. break;
  299. }
  300. else
  301. {
  302. ret=request_certificate(s);
  303. if (ret <= 0) goto end;
  304. s->init_num=0;
  305. s->state=SSL2_ST_SEND_SERVER_FINISHED_A;
  306. }
  307. BREAK;
  308. case SSL2_ST_SEND_SERVER_FINISHED_A:
  309. case SSL2_ST_SEND_SERVER_FINISHED_B:
  310. ret=server_finish(s);
  311. if (ret <= 0) goto end;
  312. s->init_num=0;
  313. s->state=SSL_ST_OK;
  314. break;
  315. case SSL_ST_OK:
  316. BUF_MEM_free(s->init_buf);
  317. ssl_free_wbio_buffer(s);
  318. s->init_buf=NULL;
  319. s->init_num=0;
  320. /* ERR_clear_error();*/
  321. ssl_update_cache(s,SSL_SESS_CACHE_SERVER);
  322. s->ctx->stats.sess_accept_good++;
  323. /* s->server=1; */
  324. ret=1;
  325. if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1);
  326. goto end;
  327. /* BREAK; */
  328. default:
  329. SSLerr(SSL_F_SSL2_ACCEPT,SSL_R_UNKNOWN_STATE);
  330. ret= -1;
  331. goto end;
  332. /* BREAK; */
  333. }
  334. if ((cb != NULL) && (s->state != state))
  335. {
  336. new_state=s->state;
  337. s->state=state;
  338. cb(s,SSL_CB_ACCEPT_LOOP,1);
  339. s->state=new_state;
  340. }
  341. }
  342. end:
  343. s->in_handshake--;
  344. if (cb != NULL)
  345. cb(s,SSL_CB_ACCEPT_EXIT,ret);
  346. return(ret);
  347. }
  348. static int get_client_master_key(SSL *s)
  349. {
  350. int is_export,i,n,keya,ek;
  351. unsigned long len;
  352. unsigned char *p;
  353. SSL_CIPHER *cp;
  354. const EVP_CIPHER *c;
  355. const EVP_MD *md;
  356. p=(unsigned char *)s->init_buf->data;
  357. if (s->state == SSL2_ST_GET_CLIENT_MASTER_KEY_A)
  358. {
  359. i=ssl2_read(s,(char *)&(p[s->init_num]),10-s->init_num);
  360. if (i < (10-s->init_num))
  361. return(ssl2_part_read(s,SSL_F_GET_CLIENT_MASTER_KEY,i));
  362. s->init_num = 10;
  363. if (*(p++) != SSL2_MT_CLIENT_MASTER_KEY)
  364. {
  365. if (p[-1] != SSL2_MT_ERROR)
  366. {
  367. ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
  368. SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_READ_WRONG_PACKET_TYPE);
  369. }
  370. else
  371. SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_PEER_ERROR);
  372. return(-1);
  373. }
  374. cp=ssl2_get_cipher_by_char(p);
  375. if (cp == NULL)
  376. {
  377. ssl2_return_error(s,SSL2_PE_NO_CIPHER);
  378. SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_NO_CIPHER_MATCH);
  379. return(-1);
  380. }
  381. s->session->cipher= cp;
  382. p+=3;
  383. n2s(p,i); s->s2->tmp.clear=i;
  384. n2s(p,i); s->s2->tmp.enc=i;
  385. n2s(p,i); s->session->key_arg_length=i;
  386. if(s->session->key_arg_length > SSL_MAX_KEY_ARG_LENGTH)
  387. {
  388. ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
  389. SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_KEY_ARG_TOO_LONG);
  390. return -1;
  391. }
  392. s->state=SSL2_ST_GET_CLIENT_MASTER_KEY_B;
  393. }
  394. /* SSL2_ST_GET_CLIENT_MASTER_KEY_B */
  395. p=(unsigned char *)s->init_buf->data;
  396. if (s->init_buf->length < SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)
  397. {
  398. ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
  399. SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_INTERNAL_ERROR);
  400. return -1;
  401. }
  402. keya=s->session->key_arg_length;
  403. len = 10 + (unsigned long)s->s2->tmp.clear + (unsigned long)s->s2->tmp.enc + (unsigned long)keya;
  404. if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)
  405. {
  406. ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
  407. SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_MESSAGE_TOO_LONG);
  408. return -1;
  409. }
  410. n = (int)len - s->init_num;
  411. i = ssl2_read(s,(char *)&(p[s->init_num]),n);
  412. if (i != n) return(ssl2_part_read(s,SSL_F_GET_CLIENT_MASTER_KEY,i));
  413. p += 10;
  414. memcpy(s->session->key_arg,&(p[s->s2->tmp.clear+s->s2->tmp.enc]),
  415. (unsigned int)keya);
  416. if (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL)
  417. {
  418. ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
  419. SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_NO_PRIVATEKEY);
  420. return(-1);
  421. }
  422. i=ssl_rsa_private_decrypt(s->cert,s->s2->tmp.enc,
  423. &(p[s->s2->tmp.clear]),&(p[s->s2->tmp.clear]),
  424. (s->s2->ssl2_rollback)?RSA_SSLV23_PADDING:RSA_PKCS1_PADDING);
  425. is_export=SSL_C_IS_EXPORT(s->session->cipher);
  426. if (!ssl_cipher_get_evp(s->session,&c,&md,NULL))
  427. {
  428. ssl2_return_error(s,SSL2_PE_NO_CIPHER);
  429. SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS);
  430. return(0);
  431. }
  432. if (s->session->cipher->algorithm2 & SSL2_CF_8_BYTE_ENC)
  433. {
  434. is_export=1;
  435. ek=8;
  436. }
  437. else
  438. ek=5;
  439. /* bad decrypt */
  440. #if 1
  441. /* If a bad decrypt, continue with protocol but with a
  442. * random master secret (Bleichenbacher attack) */
  443. if ((i < 0) ||
  444. ((!is_export && (i != EVP_CIPHER_key_length(c)))
  445. || (is_export && ((i != ek) || (s->s2->tmp.clear+(unsigned int)i !=
  446. (unsigned int)EVP_CIPHER_key_length(c))))))
  447. {
  448. ERR_clear_error();
  449. if (is_export)
  450. i=ek;
  451. else
  452. i=EVP_CIPHER_key_length(c);
  453. RAND_pseudo_bytes(p,i);
  454. }
  455. #else
  456. if (i < 0)
  457. {
  458. error=1;
  459. SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_BAD_RSA_DECRYPT);
  460. }
  461. /* incorrect number of key bytes for non export cipher */
  462. else if ((!is_export && (i != EVP_CIPHER_key_length(c)))
  463. || (is_export && ((i != ek) || (s->s2->tmp.clear+i !=
  464. EVP_CIPHER_key_length(c)))))
  465. {
  466. error=1;
  467. SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_WRONG_NUMBER_OF_KEY_BITS);
  468. }
  469. if (error)
  470. {
  471. ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
  472. return(-1);
  473. }
  474. #endif
  475. if (is_export) i+=s->s2->tmp.clear;
  476. if (i > SSL_MAX_MASTER_KEY_LENGTH)
  477. {
  478. ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
  479. SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_INTERNAL_ERROR);
  480. return -1;
  481. }
  482. s->session->master_key_length=i;
  483. memcpy(s->session->master_key,p,(unsigned int)i);
  484. return(1);
  485. }
  486. static int get_client_hello(SSL *s)
  487. {
  488. int i,n;
  489. unsigned long len;
  490. unsigned char *p;
  491. STACK_OF(SSL_CIPHER) *cs; /* a stack of SSL_CIPHERS */
  492. STACK_OF(SSL_CIPHER) *cl; /* the ones we want to use */
  493. int z;
  494. /* This is a bit of a hack to check for the correct packet
  495. * type the first time round. */
  496. if (s->state == SSL2_ST_GET_CLIENT_HELLO_A)
  497. {
  498. s->first_packet=1;
  499. s->state=SSL2_ST_GET_CLIENT_HELLO_B;
  500. }
  501. p=(unsigned char *)s->init_buf->data;
  502. if (s->state == SSL2_ST_GET_CLIENT_HELLO_B)
  503. {
  504. i=ssl2_read(s,(char *)&(p[s->init_num]),9-s->init_num);
  505. if (i < (9-s->init_num))
  506. return(ssl2_part_read(s,SSL_F_GET_CLIENT_HELLO,i));
  507. s->init_num = 9;
  508. if (*(p++) != SSL2_MT_CLIENT_HELLO)
  509. {
  510. if (p[-1] != SSL2_MT_ERROR)
  511. {
  512. ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
  513. SSLerr(SSL_F_GET_CLIENT_HELLO,SSL_R_READ_WRONG_PACKET_TYPE);
  514. }
  515. else
  516. SSLerr(SSL_F_GET_CLIENT_HELLO,SSL_R_PEER_ERROR);
  517. return(-1);
  518. }
  519. n2s(p,i);
  520. if (i < s->version) s->version=i;
  521. n2s(p,i); s->s2->tmp.cipher_spec_length=i;
  522. n2s(p,i); s->s2->tmp.session_id_length=i;
  523. n2s(p,i); s->s2->challenge_length=i;
  524. if ( (i < SSL2_MIN_CHALLENGE_LENGTH) ||
  525. (i > SSL2_MAX_CHALLENGE_LENGTH))
  526. {
  527. ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
  528. SSLerr(SSL_F_GET_CLIENT_HELLO,SSL_R_INVALID_CHALLENGE_LENGTH);
  529. return(-1);
  530. }
  531. s->state=SSL2_ST_GET_CLIENT_HELLO_C;
  532. }
  533. /* SSL2_ST_GET_CLIENT_HELLO_C */
  534. p=(unsigned char *)s->init_buf->data;
  535. len = 9 + (unsigned long)s->s2->tmp.cipher_spec_length + (unsigned long)s->s2->challenge_length + (unsigned long)s->s2->tmp.session_id_length;
  536. if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)
  537. {
  538. ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
  539. SSLerr(SSL_F_GET_CLIENT_HELLO,SSL_R_MESSAGE_TOO_LONG);
  540. return -1;
  541. }
  542. n = (int)len - s->init_num;
  543. i = ssl2_read(s,(char *)&(p[s->init_num]),n);
  544. if (i != n) return(ssl2_part_read(s,SSL_F_GET_CLIENT_HELLO,i));
  545. p += 9;
  546. /* get session-id before cipher stuff so we can get out session
  547. * structure if it is cached */
  548. /* session-id */
  549. if ((s->s2->tmp.session_id_length != 0) &&
  550. (s->s2->tmp.session_id_length != SSL2_SSL_SESSION_ID_LENGTH))
  551. {
  552. ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
  553. SSLerr(SSL_F_GET_CLIENT_HELLO,SSL_R_BAD_SSL_SESSION_ID_LENGTH);
  554. return(-1);
  555. }
  556. if (s->s2->tmp.session_id_length == 0)
  557. {
  558. if (!ssl_get_new_session(s,1))
  559. {
  560. ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
  561. return(-1);
  562. }
  563. }
  564. else
  565. {
  566. i=ssl_get_prev_session(s,&(p[s->s2->tmp.cipher_spec_length]),
  567. s->s2->tmp.session_id_length);
  568. if (i == 1)
  569. { /* previous session */
  570. s->hit=1;
  571. }
  572. else if (i == -1)
  573. {
  574. ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
  575. return(-1);
  576. }
  577. else
  578. {
  579. if (s->cert == NULL)
  580. {
  581. ssl2_return_error(s,SSL2_PE_NO_CERTIFICATE);
  582. SSLerr(SSL_F_GET_CLIENT_HELLO,SSL_R_NO_CERTIFICATE_SET);
  583. return(-1);
  584. }
  585. if (!ssl_get_new_session(s,1))
  586. {
  587. ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
  588. return(-1);
  589. }
  590. }
  591. }
  592. if (!s->hit)
  593. {
  594. cs=ssl_bytes_to_cipher_list(s,p,s->s2->tmp.cipher_spec_length,
  595. &s->session->ciphers);
  596. if (cs == NULL) goto mem_err;
  597. cl=ssl_get_ciphers_by_id(s);
  598. for (z=0; z<sk_SSL_CIPHER_num(cs); z++)
  599. {
  600. if (sk_SSL_CIPHER_find(cl,sk_SSL_CIPHER_value(cs,z)) < 0)
  601. {
  602. sk_SSL_CIPHER_delete(cs,z);
  603. z--;
  604. }
  605. }
  606. /* s->session->ciphers should now have a list of
  607. * ciphers that are on both the client and server.
  608. * This list is ordered by the order the client sent
  609. * the ciphers.
  610. */
  611. }
  612. p+=s->s2->tmp.cipher_spec_length;
  613. /* done cipher selection */
  614. /* session id extracted already */
  615. p+=s->s2->tmp.session_id_length;
  616. /* challenge */
  617. if (s->s2->challenge_length > sizeof s->s2->challenge)
  618. {
  619. ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
  620. SSLerr(SSL_F_GET_CLIENT_HELLO, SSL_R_INTERNAL_ERROR);
  621. return -1;
  622. }
  623. memcpy(s->s2->challenge,p,(unsigned int)s->s2->challenge_length);
  624. return(1);
  625. mem_err:
  626. SSLerr(SSL_F_GET_CLIENT_HELLO,ERR_R_MALLOC_FAILURE);
  627. return(0);
  628. }
  629. static int server_hello(SSL *s)
  630. {
  631. unsigned char *p,*d;
  632. int n,hit;
  633. STACK_OF(SSL_CIPHER) *sk;
  634. p=(unsigned char *)s->init_buf->data;
  635. if (s->state == SSL2_ST_SEND_SERVER_HELLO_A)
  636. {
  637. d=p+11;
  638. *(p++)=SSL2_MT_SERVER_HELLO; /* type */
  639. hit=s->hit;
  640. *(p++)=(unsigned char)hit;
  641. #if 1
  642. if (!hit)
  643. {
  644. if (s->session->sess_cert != NULL)
  645. /* This can't really happen because get_client_hello
  646. * has called ssl_get_new_session, which does not set
  647. * sess_cert. */
  648. ssl_sess_cert_free(s->session->sess_cert);
  649. s->session->sess_cert = ssl_sess_cert_new();
  650. if (s->session->sess_cert == NULL)
  651. {
  652. SSLerr(SSL_F_SERVER_HELLO, ERR_R_MALLOC_FAILURE);
  653. return(-1);
  654. }
  655. }
  656. /* If 'hit' is set, then s->sess_cert may be non-NULL or NULL,
  657. * depending on whether it survived in the internal cache
  658. * or was retrieved from an external cache.
  659. * If it is NULL, we cannot put any useful data in it anyway,
  660. * so we don't touch it.
  661. */
  662. #else /* That's what used to be done when cert_st and sess_cert_st were
  663. * the same. */
  664. if (!hit)
  665. { /* else add cert to session */
  666. CRYPTO_add(&s->cert->references,1,CRYPTO_LOCK_SSL_CERT);
  667. if (s->session->sess_cert != NULL)
  668. ssl_cert_free(s->session->sess_cert);
  669. s->session->sess_cert=s->cert;
  670. }
  671. else /* We have a session id-cache hit, if the
  672. * session-id has no certificate listed against
  673. * the 'cert' structure, grab the 'old' one
  674. * listed against the SSL connection */
  675. {
  676. if (s->session->sess_cert == NULL)
  677. {
  678. CRYPTO_add(&s->cert->references,1,
  679. CRYPTO_LOCK_SSL_CERT);
  680. s->session->sess_cert=s->cert;
  681. }
  682. }
  683. #endif
  684. if (s->cert == NULL)
  685. {
  686. ssl2_return_error(s,SSL2_PE_NO_CERTIFICATE);
  687. SSLerr(SSL_F_SERVER_HELLO,SSL_R_NO_CERTIFICATE_SPECIFIED);
  688. return(-1);
  689. }
  690. if (hit)
  691. {
  692. *(p++)=0; /* no certificate type */
  693. s2n(s->version,p); /* version */
  694. s2n(0,p); /* cert len */
  695. s2n(0,p); /* ciphers len */
  696. }
  697. else
  698. {
  699. /* EAY EAY */
  700. /* put certificate type */
  701. *(p++)=SSL2_CT_X509_CERTIFICATE;
  702. s2n(s->version,p); /* version */
  703. n=i2d_X509(s->cert->pkeys[SSL_PKEY_RSA_ENC].x509,NULL);
  704. s2n(n,p); /* certificate length */
  705. i2d_X509(s->cert->pkeys[SSL_PKEY_RSA_ENC].x509,&d);
  706. n=0;
  707. /* lets send out the ciphers we like in the
  708. * prefered order */
  709. sk= s->session->ciphers;
  710. n=ssl_cipher_list_to_bytes(s,s->session->ciphers,d);
  711. d+=n;
  712. s2n(n,p); /* add cipher length */
  713. }
  714. /* make and send conn_id */
  715. s2n(SSL2_CONNECTION_ID_LENGTH,p); /* add conn_id length */
  716. s->s2->conn_id_length=SSL2_CONNECTION_ID_LENGTH;
  717. RAND_pseudo_bytes(s->s2->conn_id,(int)s->s2->conn_id_length);
  718. memcpy(d,s->s2->conn_id,SSL2_CONNECTION_ID_LENGTH);
  719. d+=SSL2_CONNECTION_ID_LENGTH;
  720. s->state=SSL2_ST_SEND_SERVER_HELLO_B;
  721. s->init_num=d-(unsigned char *)s->init_buf->data;
  722. s->init_off=0;
  723. }
  724. /* SSL2_ST_SEND_SERVER_HELLO_B */
  725. /* If we are using TCP/IP, the performance is bad if we do 2
  726. * writes without a read between them. This occurs when
  727. * Session-id reuse is used, so I will put in a buffering module
  728. */
  729. if (s->hit)
  730. {
  731. if (!ssl_init_wbio_buffer(s,1)) return(-1);
  732. }
  733. return(ssl2_do_write(s));
  734. }
  735. static int get_client_finished(SSL *s)
  736. {
  737. unsigned char *p;
  738. int i, n;
  739. unsigned long len;
  740. p=(unsigned char *)s->init_buf->data;
  741. if (s->state == SSL2_ST_GET_CLIENT_FINISHED_A)
  742. {
  743. i=ssl2_read(s,(char *)&(p[s->init_num]),1-s->init_num);
  744. if (i < 1-s->init_num)
  745. return(ssl2_part_read(s,SSL_F_GET_CLIENT_FINISHED,i));
  746. s->init_num += i;
  747. if (*p != SSL2_MT_CLIENT_FINISHED)
  748. {
  749. if (*p != SSL2_MT_ERROR)
  750. {
  751. ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
  752. SSLerr(SSL_F_GET_CLIENT_FINISHED,SSL_R_READ_WRONG_PACKET_TYPE);
  753. }
  754. else
  755. SSLerr(SSL_F_GET_CLIENT_FINISHED,SSL_R_PEER_ERROR);
  756. return(-1);
  757. }
  758. s->state=SSL2_ST_GET_CLIENT_FINISHED_B;
  759. }
  760. /* SSL2_ST_GET_CLIENT_FINISHED_B */
  761. if (s->s2->conn_id_length > sizeof s->s2->conn_id)
  762. {
  763. ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
  764. SSLerr(SSL_F_GET_CLIENT_FINISHED, SSL_R_INTERNAL_ERROR);
  765. return -1;
  766. }
  767. len = 1 + (unsigned long)s->s2->conn_id_length;
  768. n = (int)len - s->init_num;
  769. i = ssl2_read(s,(char *)&(p[s->init_num]),n);
  770. if (i < n)
  771. {
  772. return(ssl2_part_read(s,SSL_F_GET_CLIENT_FINISHED,i));
  773. }
  774. p += 1;
  775. if (memcmp(p,s->s2->conn_id,(unsigned int)s->s2->conn_id_length) != 0)
  776. {
  777. ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
  778. SSLerr(SSL_F_GET_CLIENT_FINISHED,SSL_R_CONNECTION_ID_IS_DIFFERENT);
  779. return(-1);
  780. }
  781. return(1);
  782. }
  783. static int server_verify(SSL *s)
  784. {
  785. unsigned char *p;
  786. if (s->state == SSL2_ST_SEND_SERVER_VERIFY_A)
  787. {
  788. p=(unsigned char *)s->init_buf->data;
  789. *(p++)=SSL2_MT_SERVER_VERIFY;
  790. if (s->s2->challenge_length > sizeof s->s2->challenge)
  791. {
  792. SSLerr(SSL_F_SERVER_VERIFY, SSL_R_INTERNAL_ERROR);
  793. return -1;
  794. }
  795. memcpy(p,s->s2->challenge,(unsigned int)s->s2->challenge_length);
  796. /* p+=s->s2->challenge_length; */
  797. s->state=SSL2_ST_SEND_SERVER_VERIFY_B;
  798. s->init_num=s->s2->challenge_length+1;
  799. s->init_off=0;
  800. }
  801. return(ssl2_do_write(s));
  802. }
  803. static int server_finish(SSL *s)
  804. {
  805. unsigned char *p;
  806. if (s->state == SSL2_ST_SEND_SERVER_FINISHED_A)
  807. {
  808. p=(unsigned char *)s->init_buf->data;
  809. *(p++)=SSL2_MT_SERVER_FINISHED;
  810. if (s->session->session_id_length > sizeof s->session->session_id)
  811. {
  812. SSLerr(SSL_F_SERVER_FINISH, SSL_R_INTERNAL_ERROR);
  813. return -1;
  814. }
  815. memcpy(p,s->session->session_id, (unsigned int)s->session->session_id_length);
  816. /* p+=s->session->session_id_length; */
  817. s->state=SSL2_ST_SEND_SERVER_FINISHED_B;
  818. s->init_num=s->session->session_id_length+1;
  819. s->init_off=0;
  820. }
  821. /* SSL2_ST_SEND_SERVER_FINISHED_B */
  822. return(ssl2_do_write(s));
  823. }
  824. /* send the request and check the response */
  825. static int request_certificate(SSL *s)
  826. {
  827. unsigned char *p,*p2,*buf2;
  828. unsigned char *ccd;
  829. int i,j,ctype,ret= -1;
  830. unsigned long len;
  831. X509 *x509=NULL;
  832. STACK_OF(X509) *sk=NULL;
  833. ccd=s->s2->tmp.ccl;
  834. if (s->state == SSL2_ST_SEND_REQUEST_CERTIFICATE_A)
  835. {
  836. p=(unsigned char *)s->init_buf->data;
  837. *(p++)=SSL2_MT_REQUEST_CERTIFICATE;
  838. *(p++)=SSL2_AT_MD5_WITH_RSA_ENCRYPTION;
  839. RAND_pseudo_bytes(ccd,SSL2_MIN_CERT_CHALLENGE_LENGTH);
  840. memcpy(p,ccd,SSL2_MIN_CERT_CHALLENGE_LENGTH);
  841. s->state=SSL2_ST_SEND_REQUEST_CERTIFICATE_B;
  842. s->init_num=SSL2_MIN_CERT_CHALLENGE_LENGTH+2;
  843. s->init_off=0;
  844. }
  845. if (s->state == SSL2_ST_SEND_REQUEST_CERTIFICATE_B)
  846. {
  847. i=ssl2_do_write(s);
  848. if (i <= 0)
  849. {
  850. ret=i;
  851. goto end;
  852. }
  853. s->init_num=0;
  854. s->state=SSL2_ST_SEND_REQUEST_CERTIFICATE_C;
  855. }
  856. if (s->state == SSL2_ST_SEND_REQUEST_CERTIFICATE_C)
  857. {
  858. p=(unsigned char *)s->init_buf->data;
  859. i=ssl2_read(s,(char *)&(p[s->init_num]),6-s->init_num); /* try to read 6 octets ... */
  860. if (i < 3-s->init_num) /* ... but don't call ssl2_part_read now if we got at least 3
  861. * (probably NO-CERTIFICATE-ERROR) */
  862. {
  863. ret=ssl2_part_read(s,SSL_F_REQUEST_CERTIFICATE,i);
  864. goto end;
  865. }
  866. s->init_num += i;
  867. if ((s->init_num >= 3) && (p[0] == SSL2_MT_ERROR))
  868. {
  869. n2s(p,i);
  870. if (i != SSL2_PE_NO_CERTIFICATE)
  871. {
  872. /* not the error message we expected -- let ssl2_part_read handle it */
  873. s->init_num -= 3;
  874. ret = ssl2_part_read(s,SSL_F_REQUEST_CERTIFICATE, 3);
  875. goto end;
  876. }
  877. /* this is the one place where we can recover from an SSL 2.0 error */
  878. if (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)
  879. {
  880. ssl2_return_error(s,SSL2_PE_BAD_CERTIFICATE);
  881. SSLerr(SSL_F_REQUEST_CERTIFICATE,SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE);
  882. goto end;
  883. }
  884. ret=1;
  885. goto end;
  886. }
  887. if ((*(p++) != SSL2_MT_CLIENT_CERTIFICATE) || (s->init_num < 6))
  888. {
  889. ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
  890. SSLerr(SSL_F_REQUEST_CERTIFICATE,SSL_R_SHORT_READ);
  891. goto end;
  892. }
  893. if (s->init_num != 6)
  894. {
  895. SSLerr(SSL_F_REQUEST_CERTIFICATE, SSL_R_INTERNAL_ERROR);
  896. goto end;
  897. }
  898. /* ok we have a response */
  899. /* certificate type, there is only one right now. */
  900. ctype= *(p++);
  901. if (ctype != SSL2_AT_MD5_WITH_RSA_ENCRYPTION)
  902. {
  903. ssl2_return_error(s,SSL2_PE_UNSUPPORTED_CERTIFICATE_TYPE);
  904. SSLerr(SSL_F_REQUEST_CERTIFICATE,SSL_R_BAD_RESPONSE_ARGUMENT);
  905. goto end;
  906. }
  907. n2s(p,i); s->s2->tmp.clen=i;
  908. n2s(p,i); s->s2->tmp.rlen=i;
  909. s->state=SSL2_ST_SEND_REQUEST_CERTIFICATE_D;
  910. }
  911. /* SSL2_ST_SEND_REQUEST_CERTIFICATE_D */
  912. p=(unsigned char *)s->init_buf->data;
  913. len = 6 + (unsigned long)s->s2->tmp.clen + (unsigned long)s->s2->tmp.rlen;
  914. if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)
  915. {
  916. SSLerr(SSL_F_REQUEST_CERTIFICATE,SSL_R_MESSAGE_TOO_LONG);
  917. goto end;
  918. }
  919. j = (int)len - s->init_num;
  920. i = ssl2_read(s,(char *)&(p[s->init_num]),j);
  921. if (i < j)
  922. {
  923. ret=ssl2_part_read(s,SSL_F_REQUEST_CERTIFICATE,i);
  924. goto end;
  925. }
  926. p += 6;
  927. x509=(X509 *)d2i_X509(NULL,&p,(long)s->s2->tmp.clen);
  928. if (x509 == NULL)
  929. {
  930. SSLerr(SSL_F_REQUEST_CERTIFICATE,ERR_R_X509_LIB);
  931. goto msg_end;
  932. }
  933. if (((sk=sk_X509_new_null()) == NULL) || (!sk_X509_push(sk,x509)))
  934. {
  935. SSLerr(SSL_F_REQUEST_CERTIFICATE,ERR_R_MALLOC_FAILURE);
  936. goto msg_end;
  937. }
  938. i=ssl_verify_cert_chain(s,sk);
  939. if (i) /* we like the packet, now check the chksum */
  940. {
  941. EVP_MD_CTX ctx;
  942. EVP_PKEY *pkey=NULL;
  943. EVP_VerifyInit(&ctx,s->ctx->rsa_md5);
  944. EVP_VerifyUpdate(&ctx,s->s2->key_material,
  945. (unsigned int)s->s2->key_material_length);
  946. EVP_VerifyUpdate(&ctx,ccd,SSL2_MIN_CERT_CHALLENGE_LENGTH);
  947. i=i2d_X509(s->cert->pkeys[SSL_PKEY_RSA_ENC].x509,NULL);
  948. buf2=OPENSSL_malloc((unsigned int)i);
  949. if (buf2 == NULL)
  950. {
  951. SSLerr(SSL_F_REQUEST_CERTIFICATE,ERR_R_MALLOC_FAILURE);
  952. goto msg_end;
  953. }
  954. p2=buf2;
  955. i=i2d_X509(s->cert->pkeys[SSL_PKEY_RSA_ENC].x509,&p2);
  956. EVP_VerifyUpdate(&ctx,buf2,(unsigned int)i);
  957. OPENSSL_free(buf2);
  958. pkey=X509_get_pubkey(x509);
  959. if (pkey == NULL) goto end;
  960. i=EVP_VerifyFinal(&ctx,p,s->s2->tmp.rlen,pkey);
  961. EVP_PKEY_free(pkey);
  962. memset(&ctx,0,sizeof(ctx));
  963. if (i)
  964. {
  965. if (s->session->peer != NULL)
  966. X509_free(s->session->peer);
  967. s->session->peer=x509;
  968. CRYPTO_add(&x509->references,1,CRYPTO_LOCK_X509);
  969. s->session->verify_result = s->verify_result;
  970. ret=1;
  971. goto end;
  972. }
  973. else
  974. {
  975. SSLerr(SSL_F_REQUEST_CERTIFICATE,SSL_R_BAD_CHECKSUM);
  976. goto msg_end;
  977. }
  978. }
  979. else
  980. {
  981. msg_end:
  982. ssl2_return_error(s,SSL2_PE_BAD_CERTIFICATE);
  983. }
  984. end:
  985. sk_X509_free(sk);
  986. X509_free(x509);
  987. return(ret);
  988. }
  989. static int ssl_rsa_private_decrypt(CERT *c, int len, unsigned char *from,
  990. unsigned char *to, int padding)
  991. {
  992. RSA *rsa;
  993. int i;
  994. if ((c == NULL) || (c->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL))
  995. {
  996. SSLerr(SSL_F_SSL_RSA_PRIVATE_DECRYPT,SSL_R_NO_PRIVATEKEY);
  997. return(-1);
  998. }
  999. if (c->pkeys[SSL_PKEY_RSA_ENC].privatekey->type != EVP_PKEY_RSA)
  1000. {
  1001. SSLerr(SSL_F_SSL_RSA_PRIVATE_DECRYPT,SSL_R_PUBLIC_KEY_IS_NOT_RSA);
  1002. return(-1);
  1003. }
  1004. rsa=c->pkeys[SSL_PKEY_RSA_ENC].privatekey->pkey.rsa;
  1005. /* we have the public key */
  1006. i=RSA_private_decrypt(len,from,to,rsa,padding);
  1007. if (i < 0)
  1008. SSLerr(SSL_F_SSL_RSA_PRIVATE_DECRYPT,ERR_R_RSA_LIB);
  1009. return(i);
  1010. }
  1011. #else /* !NO_SSL2 */
  1012. # if PEDANTIC
  1013. static void *dummy=&dummy;
  1014. # endif
  1015. #endif