1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096109710981099110011011102110311041105110611071108110911101111111211131114111511161117111811191120112111221123112411251126112711281129113011311132113311341135113611371138113911401141114211431144114511461147114811491150115111521153115411551156115711581159116011611162116311641165116611671168116911701171117211731174117511761177117811791180118111821183118411851186118711881189119011911192119311941195119611971198119912001201120212031204120512061207120812091210121112121213121412151216121712181219122012211222122312241225122612271228122912301231123212331234123512361237123812391240124112421243124412451246124712481249125012511252125312541255125612571258125912601261126212631264126512661267126812691270127112721273127412751276127712781279128012811282128312841285128612871288128912901291129212931294129512961297129812991300130113021303130413051306130713081309131013111312131313141315131613171318131913201321132213231324132513261327132813291330133113321333133413351336133713381339134013411342134313441345134613471348134913501351135213531354135513561357135813591360136113621363136413651366136713681369137013711372137313741375137613771378137913801381138213831384138513861387138813891390139113921393139413951396139713981399140014011402140314041405140614071408140914101411141214131414141514161417141814191420142114221423142414251426142714281429143014311432143314341435143614371438143914401441144214431444144514461447144814491450145114521453145414551456145714581459146014611462146314641465146614671468146914701471147214731474147514761477147814791480148114821483148414851486148714881489149014911492149314941495149614971498149915001501150215031504150515061507150815091510151115121513151415151516151715181519152015211522152315241525152615271528152915301531153215331534153515361537153815391540154115421543154415451546154715481549155015511552155315541555155615571558155915601561156215631564156515661567156815691570157115721573157415751576157715781579158015811582158315841585158615871588158915901591159215931594159515961597159815991600160116021603160416051606160716081609161016111612161316141615161616171618161916201621162216231624162516261627162816291630163116321633163416351636163716381639164016411642164316441645164616471648164916501651165216531654165516561657165816591660166116621663166416651666166716681669167016711672167316741675167616771678167916801681168216831684168516861687168816891690169116921693169416951696169716981699170017011702170317041705170617071708170917101711171217131714171517161717171817191720172117221723172417251726172717281729173017311732173317341735173617371738173917401741174217431744174517461747174817491750175117521753175417551756175717581759176017611762176317641765176617671768176917701771177217731774177517761777177817791780178117821783178417851786178717881789179017911792179317941795179617971798179918001801180218031804180518061807180818091810181118121813181418151816181718181819182018211822182318241825182618271828182918301831183218331834183518361837183818391840184118421843184418451846184718481849185018511852185318541855185618571858185918601861186218631864186518661867186818691870187118721873187418751876187718781879188018811882188318841885188618871888188918901891189218931894189518961897189818991900190119021903190419051906190719081909191019111912191319141915191619171918191919201921192219231924192519261927192819291930193119321933193419351936193719381939194019411942194319441945194619471948194919501951195219531954195519561957195819591960196119621963196419651966196719681969197019711972197319741975197619771978197919801981198219831984198519861987198819891990199119921993199419951996199719981999200020012002200320042005200620072008200920102011201220132014201520162017201820192020202120222023202420252026202720282029203020312032203320342035203620372038203920402041204220432044204520462047204820492050205120522053205420552056205720582059206020612062206320642065206620672068206920702071207220732074207520762077207820792080208120822083208420852086 |
- #define REUSE_CIPHER_BUG
- #define NETSCAPE_HANG_BUG
- #include <stdio.h>
- #include "ssl_locl.h"
- #include "kssl_lcl.h"
- #include <openssl/buffer.h>
- #include <openssl/rand.h>
- #include <openssl/objects.h>
- #include <openssl/evp.h>
- #include <openssl/x509.h>
- #ifndef OPENSSL_NO_KRB5
- #include <openssl/krb5_asn.h>
- #endif
- #include <openssl/md5.h>
- #include <openssl/fips.h>
- static SSL_METHOD *ssl3_get_server_method(int ver);
- static int ssl3_get_client_hello(SSL *s);
- static int ssl3_check_client_hello(SSL *s);
- static int ssl3_send_server_hello(SSL *s);
- static int ssl3_send_server_key_exchange(SSL *s);
- static int ssl3_send_certificate_request(SSL *s);
- static int ssl3_send_server_done(SSL *s);
- static int ssl3_get_client_key_exchange(SSL *s);
- static int ssl3_get_client_certificate(SSL *s);
- static int ssl3_get_cert_verify(SSL *s);
- static int ssl3_send_hello_request(SSL *s);
- static SSL_METHOD *ssl3_get_server_method(int ver)
- {
- if (ver == SSL3_VERSION)
- return(SSLv3_server_method());
- else
- return(NULL);
- }
- SSL_METHOD *SSLv3_server_method(void)
- {
- static int init=1;
- static SSL_METHOD SSLv3_server_data;
- if (init)
- {
- CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
- if (init)
- {
- memcpy((char *)&SSLv3_server_data,(char *)sslv3_base_method(),
- sizeof(SSL_METHOD));
- SSLv3_server_data.ssl_accept=ssl3_accept;
- SSLv3_server_data.get_ssl_method=ssl3_get_server_method;
- init=0;
- }
-
- CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
- }
- return(&SSLv3_server_data);
- }
- int ssl3_accept(SSL *s)
- {
- BUF_MEM *buf;
- unsigned long l,Time=time(NULL);
- void (*cb)(const SSL *ssl,int type,int val)=NULL;
- long num1;
- int ret= -1;
- int new_state,state,skip=0;
- RAND_add(&Time,sizeof(Time),0);
- ERR_clear_error();
- clear_sys_error();
- if (s->info_callback != NULL)
- cb=s->info_callback;
- else if (s->ctx->info_callback != NULL)
- cb=s->ctx->info_callback;
-
- s->in_handshake++;
- if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
- if (s->cert == NULL)
- {
- SSLerr(SSL_F_SSL3_ACCEPT,SSL_R_NO_CERTIFICATE_SET);
- return(-1);
- }
- for (;;)
- {
- state=s->state;
- switch (s->state)
- {
- case SSL_ST_RENEGOTIATE:
- s->new_session=1;
-
- case SSL_ST_BEFORE:
- case SSL_ST_ACCEPT:
- case SSL_ST_BEFORE|SSL_ST_ACCEPT:
- case SSL_ST_OK|SSL_ST_ACCEPT:
- s->server=1;
- if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
- if ((s->version>>8) != 3)
- {
- SSLerr(SSL_F_SSL3_ACCEPT, ERR_R_INTERNAL_ERROR);
- return -1;
- }
- s->type=SSL_ST_ACCEPT;
- if (s->init_buf == NULL)
- {
- if ((buf=BUF_MEM_new()) == NULL)
- {
- ret= -1;
- goto end;
- }
- if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH))
- {
- ret= -1;
- goto end;
- }
- s->init_buf=buf;
- }
- if (!ssl3_setup_buffers(s))
- {
- ret= -1;
- goto end;
- }
- s->init_num=0;
- if (s->state != SSL_ST_RENEGOTIATE)
- {
-
- if (!ssl_init_wbio_buffer(s,1)) { ret= -1; goto end; }
-
- ssl3_init_finished_mac(s);
- s->state=SSL3_ST_SR_CLNT_HELLO_A;
- s->ctx->stats.sess_accept++;
- }
- else
- {
-
- s->ctx->stats.sess_accept_renegotiate++;
- s->state=SSL3_ST_SW_HELLO_REQ_A;
- }
- break;
- case SSL3_ST_SW_HELLO_REQ_A:
- case SSL3_ST_SW_HELLO_REQ_B:
- s->shutdown=0;
- ret=ssl3_send_hello_request(s);
- if (ret <= 0) goto end;
- s->s3->tmp.next_state=SSL3_ST_SW_HELLO_REQ_C;
- s->state=SSL3_ST_SW_FLUSH;
- s->init_num=0;
- ssl3_init_finished_mac(s);
- break;
- case SSL3_ST_SW_HELLO_REQ_C:
- s->state=SSL_ST_OK;
- break;
- case SSL3_ST_SR_CLNT_HELLO_A:
- case SSL3_ST_SR_CLNT_HELLO_B:
- case SSL3_ST_SR_CLNT_HELLO_C:
- s->shutdown=0;
- ret=ssl3_get_client_hello(s);
- if (ret <= 0) goto end;
- s->new_session = 2;
- s->state=SSL3_ST_SW_SRVR_HELLO_A;
- s->init_num=0;
- break;
- case SSL3_ST_SW_SRVR_HELLO_A:
- case SSL3_ST_SW_SRVR_HELLO_B:
- ret=ssl3_send_server_hello(s);
- if (ret <= 0) goto end;
- if (s->hit)
- s->state=SSL3_ST_SW_CHANGE_A;
- else
- s->state=SSL3_ST_SW_CERT_A;
- s->init_num=0;
- break;
- case SSL3_ST_SW_CERT_A:
- case SSL3_ST_SW_CERT_B:
-
- if (!(s->s3->tmp.new_cipher->algorithms & SSL_aNULL))
- {
- ret=ssl3_send_server_certificate(s);
- if (ret <= 0) goto end;
- }
- else
- skip=1;
- s->state=SSL3_ST_SW_KEY_EXCH_A;
- s->init_num=0;
- break;
- case SSL3_ST_SW_KEY_EXCH_A:
- case SSL3_ST_SW_KEY_EXCH_B:
- l=s->s3->tmp.new_cipher->algorithms;
-
- if ((s->options & SSL_OP_EPHEMERAL_RSA)
- #ifndef OPENSSL_NO_KRB5
- && !(l & SSL_KRB5)
- #endif
- )
-
- s->s3->tmp.use_rsa_tmp=1;
- else
- s->s3->tmp.use_rsa_tmp=0;
-
- if (s->s3->tmp.use_rsa_tmp
- || (l & (SSL_DH|SSL_kFZA))
- || ((l & SSL_kRSA)
- && (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL
- || (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher)
- && EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)
- )
- )
- )
- )
- {
- ret=ssl3_send_server_key_exchange(s);
- if (ret <= 0) goto end;
- }
- else
- skip=1;
- s->state=SSL3_ST_SW_CERT_REQ_A;
- s->init_num=0;
- break;
- case SSL3_ST_SW_CERT_REQ_A:
- case SSL3_ST_SW_CERT_REQ_B:
- if (
- !(s->verify_mode & SSL_VERIFY_PEER) ||
-
- ((s->session->peer != NULL) &&
- (s->verify_mode & SSL_VERIFY_CLIENT_ONCE)) ||
-
- ((s->s3->tmp.new_cipher->algorithms & SSL_aNULL) &&
-
- !(s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) ||
-
- (s->s3->tmp.new_cipher->algorithms & SSL_aKRB5))
- {
-
- skip=1;
- s->s3->tmp.cert_request=0;
- s->state=SSL3_ST_SW_SRVR_DONE_A;
- }
- else
- {
- s->s3->tmp.cert_request=1;
- ret=ssl3_send_certificate_request(s);
- if (ret <= 0) goto end;
- #ifndef NETSCAPE_HANG_BUG
- s->state=SSL3_ST_SW_SRVR_DONE_A;
- #else
- s->state=SSL3_ST_SW_FLUSH;
- s->s3->tmp.next_state=SSL3_ST_SR_CERT_A;
- #endif
- s->init_num=0;
- }
- break;
- case SSL3_ST_SW_SRVR_DONE_A:
- case SSL3_ST_SW_SRVR_DONE_B:
- ret=ssl3_send_server_done(s);
- if (ret <= 0) goto end;
- s->s3->tmp.next_state=SSL3_ST_SR_CERT_A;
- s->state=SSL3_ST_SW_FLUSH;
- s->init_num=0;
- break;
-
- case SSL3_ST_SW_FLUSH:
-
- num1=BIO_ctrl(s->wbio,BIO_CTRL_INFO,0,NULL);
- if (num1 > 0)
- {
- s->rwstate=SSL_WRITING;
- num1=BIO_flush(s->wbio);
- if (num1 <= 0) { ret= -1; goto end; }
- s->rwstate=SSL_NOTHING;
- }
- s->state=s->s3->tmp.next_state;
- break;
- case SSL3_ST_SR_CERT_A:
- case SSL3_ST_SR_CERT_B:
-
- ret = ssl3_check_client_hello(s);
- if (ret <= 0)
- goto end;
- if (ret == 2)
- s->state = SSL3_ST_SR_CLNT_HELLO_C;
- else {
- if (s->s3->tmp.cert_request)
- {
- ret=ssl3_get_client_certificate(s);
- if (ret <= 0) goto end;
- }
- s->init_num=0;
- s->state=SSL3_ST_SR_KEY_EXCH_A;
- }
- break;
- case SSL3_ST_SR_KEY_EXCH_A:
- case SSL3_ST_SR_KEY_EXCH_B:
- ret=ssl3_get_client_key_exchange(s);
- if (ret <= 0) goto end;
- s->state=SSL3_ST_SR_CERT_VRFY_A;
- s->init_num=0;
-
-
- s->method->ssl3_enc->cert_verify_mac(s,
- &(s->s3->finish_dgst1),
- &(s->s3->tmp.cert_verify_md[0]));
- s->method->ssl3_enc->cert_verify_mac(s,
- &(s->s3->finish_dgst2),
- &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]));
- break;
- case SSL3_ST_SR_CERT_VRFY_A:
- case SSL3_ST_SR_CERT_VRFY_B:
-
- ret=ssl3_get_cert_verify(s);
- if (ret <= 0) goto end;
- s->state=SSL3_ST_SR_FINISHED_A;
- s->init_num=0;
- break;
- case SSL3_ST_SR_FINISHED_A:
- case SSL3_ST_SR_FINISHED_B:
- ret=ssl3_get_finished(s,SSL3_ST_SR_FINISHED_A,
- SSL3_ST_SR_FINISHED_B);
- if (ret <= 0) goto end;
- if (s->hit)
- s->state=SSL_ST_OK;
- else
- s->state=SSL3_ST_SW_CHANGE_A;
- s->init_num=0;
- break;
- case SSL3_ST_SW_CHANGE_A:
- case SSL3_ST_SW_CHANGE_B:
- s->session->cipher=s->s3->tmp.new_cipher;
- if (!s->method->ssl3_enc->setup_key_block(s))
- { ret= -1; goto end; }
- ret=ssl3_send_change_cipher_spec(s,
- SSL3_ST_SW_CHANGE_A,SSL3_ST_SW_CHANGE_B);
- if (ret <= 0) goto end;
- s->state=SSL3_ST_SW_FINISHED_A;
- s->init_num=0;
- if (!s->method->ssl3_enc->change_cipher_state(s,
- SSL3_CHANGE_CIPHER_SERVER_WRITE))
- {
- ret= -1;
- goto end;
- }
- break;
- case SSL3_ST_SW_FINISHED_A:
- case SSL3_ST_SW_FINISHED_B:
- ret=ssl3_send_finished(s,
- SSL3_ST_SW_FINISHED_A,SSL3_ST_SW_FINISHED_B,
- s->method->ssl3_enc->server_finished_label,
- s->method->ssl3_enc->server_finished_label_len);
- if (ret <= 0) goto end;
- s->state=SSL3_ST_SW_FLUSH;
- if (s->hit)
- s->s3->tmp.next_state=SSL3_ST_SR_FINISHED_A;
- else
- s->s3->tmp.next_state=SSL_ST_OK;
- s->init_num=0;
- break;
- case SSL_ST_OK:
-
- ssl3_cleanup_key_block(s);
- BUF_MEM_free(s->init_buf);
- s->init_buf=NULL;
-
- ssl_free_wbio_buffer(s);
- s->init_num=0;
- if (s->new_session == 2)
- {
-
-
- s->new_session=0;
-
- ssl_update_cache(s,SSL_SESS_CACHE_SERVER);
-
- s->ctx->stats.sess_accept_good++;
-
- s->handshake_func=ssl3_accept;
- if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1);
- }
-
- ret = 1;
- goto end;
-
- default:
- SSLerr(SSL_F_SSL3_ACCEPT,SSL_R_UNKNOWN_STATE);
- ret= -1;
- goto end;
-
- }
-
- if (!s->s3->tmp.reuse_message && !skip)
- {
- if (s->debug)
- {
- if ((ret=BIO_flush(s->wbio)) <= 0)
- goto end;
- }
- if ((cb != NULL) && (s->state != state))
- {
- new_state=s->state;
- s->state=state;
- cb(s,SSL_CB_ACCEPT_LOOP,1);
- s->state=new_state;
- }
- }
- skip=0;
- }
- end:
-
- s->in_handshake--;
- if (cb != NULL)
- cb(s,SSL_CB_ACCEPT_EXIT,ret);
- return(ret);
- }
- static int ssl3_send_hello_request(SSL *s)
- {
- unsigned char *p;
- if (s->state == SSL3_ST_SW_HELLO_REQ_A)
- {
- p=(unsigned char *)s->init_buf->data;
- *(p++)=SSL3_MT_HELLO_REQUEST;
- *(p++)=0;
- *(p++)=0;
- *(p++)=0;
- s->state=SSL3_ST_SW_HELLO_REQ_B;
-
- s->init_num=4;
- s->init_off=0;
- }
-
- return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
- }
- static int ssl3_check_client_hello(SSL *s)
- {
- int ok;
- long n;
-
- n=ssl3_get_message(s,
- SSL3_ST_SR_CERT_A,
- SSL3_ST_SR_CERT_B,
- -1,
- s->max_cert_list,
- &ok);
- if (!ok) return((int)n);
- s->s3->tmp.reuse_message = 1;
- if (s->s3->tmp.message_type == SSL3_MT_CLIENT_HELLO)
- {
-
- #ifndef OPENSSL_NO_DH
- if (s->s3->tmp.dh != NULL)
- {
- DH_free(s->s3->tmp.dh);
- s->s3->tmp.dh = NULL;
- }
- #endif
- return 2;
- }
- return 1;
- }
- static int ssl3_get_client_hello(SSL *s)
- {
- int i,j,ok,al,ret= -1;
- long n;
- unsigned long id;
- unsigned char *p,*d,*q;
- SSL_CIPHER *c;
- SSL_COMP *comp=NULL;
- STACK_OF(SSL_CIPHER) *ciphers=NULL;
-
- if (s->state == SSL3_ST_SR_CLNT_HELLO_A)
- {
- s->first_packet=1;
- s->state=SSL3_ST_SR_CLNT_HELLO_B;
- }
- n=ssl3_get_message(s,
- SSL3_ST_SR_CLNT_HELLO_B,
- SSL3_ST_SR_CLNT_HELLO_C,
- SSL3_MT_CLIENT_HELLO,
- SSL3_RT_MAX_PLAIN_LENGTH,
- &ok);
- if (!ok) return((int)n);
- d=p=(unsigned char *)s->init_msg;
-
- s->client_version=(((int)p[0])<<8)|(int)p[1];
- p+=2;
- if (s->client_version < s->version)
- {
- SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_WRONG_VERSION_NUMBER);
- if ((s->client_version>>8) == SSL3_VERSION_MAJOR)
- {
-
- s->version = s->client_version;
- }
- al = SSL_AD_PROTOCOL_VERSION;
- goto f_err;
- }
-
- memcpy(s->s3->client_random,p,SSL3_RANDOM_SIZE);
- p+=SSL3_RANDOM_SIZE;
-
- j= *(p++);
- s->hit=0;
-
- if (j == 0 || (s->new_session && (s->options & SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION)))
- {
- if (!ssl_get_new_session(s,1))
- goto err;
- }
- else
- {
- i=ssl_get_prev_session(s,p,j);
- if (i == 1)
- {
- s->hit=1;
- }
- else if (i == -1)
- goto err;
- else
- {
- if (!ssl_get_new_session(s,1))
- goto err;
- }
- }
- p+=j;
- n2s(p,i);
- if ((i == 0) && (j != 0))
- {
-
- al=SSL_AD_ILLEGAL_PARAMETER;
- SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_NO_CIPHERS_SPECIFIED);
- goto f_err;
- }
- if ((p+i) >= (d+n))
- {
-
- al=SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_LENGTH_MISMATCH);
- goto f_err;
- }
- if ((i > 0) && (ssl_bytes_to_cipher_list(s,p,i,&(ciphers))
- == NULL))
- {
- goto err;
- }
- p+=i;
-
- if ((s->hit) && (i > 0))
- {
- j=0;
- id=s->session->cipher->id;
- #ifdef CIPHER_DEBUG
- printf("client sent %d ciphers\n",sk_num(ciphers));
- #endif
- for (i=0; i<sk_SSL_CIPHER_num(ciphers); i++)
- {
- c=sk_SSL_CIPHER_value(ciphers,i);
- #ifdef CIPHER_DEBUG
- printf("client [%2d of %2d]:%s\n",
- i,sk_num(ciphers),SSL_CIPHER_get_name(c));
- #endif
- if (c->id == id)
- {
- j=1;
- break;
- }
- }
- if (j == 0)
- {
- if ((s->options & SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG) && (sk_SSL_CIPHER_num(ciphers) == 1))
- {
-
- s->session->cipher=sk_SSL_CIPHER_value(ciphers,
- 0);
- }
- else
- {
-
- al=SSL_AD_ILLEGAL_PARAMETER;
- SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_REQUIRED_CIPHER_MISSING);
- goto f_err;
- }
- }
- }
-
- i= *(p++);
- if ((p+i) > (d+n))
- {
-
- al=SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_LENGTH_MISMATCH);
- goto f_err;
- }
- q=p;
- for (j=0; j<i; j++)
- {
- if (p[j] == 0) break;
- }
- p+=i;
- if (j >= i)
- {
-
- al=SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_NO_COMPRESSION_SPECIFIED);
- goto f_err;
- }
-
- s->s3->tmp.new_compression=NULL;
- if (s->ctx->comp_methods != NULL)
- {
- int m,nn,o,v,done=0;
- nn=sk_SSL_COMP_num(s->ctx->comp_methods);
- for (m=0; m<nn; m++)
- {
- comp=sk_SSL_COMP_value(s->ctx->comp_methods,m);
- v=comp->id;
- for (o=0; o<i; o++)
- {
- if (v == q[o])
- {
- done=1;
- break;
- }
- }
- if (done) break;
- }
- if (done)
- s->s3->tmp.new_compression=comp;
- else
- comp=NULL;
- }
-
- #if 0
- if (s->version == SSL3_VERSION)
- {
- if (p < (d+n))
- {
-
- al=SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_LENGTH_MISMATCH);
- goto f_err;
- }
- }
- #endif
-
- if (!s->hit)
- {
- s->session->compress_meth=(comp == NULL)?0:comp->id;
- if (s->session->ciphers != NULL)
- sk_SSL_CIPHER_free(s->session->ciphers);
- s->session->ciphers=ciphers;
- if (ciphers == NULL)
- {
- al=SSL_AD_ILLEGAL_PARAMETER;
- SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_NO_CIPHERS_PASSED);
- goto f_err;
- }
- ciphers=NULL;
- c=ssl3_choose_cipher(s,s->session->ciphers,
- SSL_get_ciphers(s));
- if (c == NULL)
- {
- al=SSL_AD_HANDSHAKE_FAILURE;
- SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_NO_SHARED_CIPHER);
- goto f_err;
- }
- s->s3->tmp.new_cipher=c;
- }
- else
- {
-
- #ifdef REUSE_CIPHER_BUG
- STACK_OF(SSL_CIPHER) *sk;
- SSL_CIPHER *nc=NULL;
- SSL_CIPHER *ec=NULL;
- if (s->options & SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG)
- {
- sk=s->session->ciphers;
- for (i=0; i<sk_SSL_CIPHER_num(sk); i++)
- {
- c=sk_SSL_CIPHER_value(sk,i);
- if (c->algorithms & SSL_eNULL)
- nc=c;
- if (SSL_C_IS_EXPORT(c))
- ec=c;
- }
- if (nc != NULL)
- s->s3->tmp.new_cipher=nc;
- else if (ec != NULL)
- s->s3->tmp.new_cipher=ec;
- else
- s->s3->tmp.new_cipher=s->session->cipher;
- }
- else
- #endif
- s->s3->tmp.new_cipher=s->session->cipher;
- }
-
-
- ret=1;
- if (0)
- {
- f_err:
- ssl3_send_alert(s,SSL3_AL_FATAL,al);
- }
- err:
- if (ciphers != NULL) sk_SSL_CIPHER_free(ciphers);
- return(ret);
- }
- static int ssl3_send_server_hello(SSL *s)
- {
- unsigned char *buf;
- unsigned char *p,*d;
- int i,sl;
- unsigned long l,Time;
- if (s->state == SSL3_ST_SW_SRVR_HELLO_A)
- {
- buf=(unsigned char *)s->init_buf->data;
- p=s->s3->server_random;
- Time=time(NULL);
- l2n(Time,p);
- RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-sizeof(Time));
-
- d=p= &(buf[4]);
- *(p++)=s->version>>8;
- *(p++)=s->version&0xff;
-
- memcpy(p,s->s3->server_random,SSL3_RANDOM_SIZE);
- p+=SSL3_RANDOM_SIZE;
-
- if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_SERVER))
- s->session->session_id_length=0;
- sl=s->session->session_id_length;
- if (sl > sizeof s->session->session_id)
- {
- SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO, ERR_R_INTERNAL_ERROR);
- return -1;
- }
- *(p++)=sl;
- memcpy(p,s->session->session_id,sl);
- p+=sl;
-
- i=ssl3_put_cipher_by_char(s->s3->tmp.new_cipher,p);
- p+=i;
-
- if (s->s3->tmp.new_compression == NULL)
- *(p++)=0;
- else
- *(p++)=s->s3->tmp.new_compression->id;
-
- l=(p-d);
- d=buf;
- *(d++)=SSL3_MT_SERVER_HELLO;
- l2n3(l,d);
- s->state=SSL3_ST_CW_CLNT_HELLO_B;
-
- s->init_num=p-buf;
- s->init_off=0;
- }
-
- return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
- }
- static int ssl3_send_server_done(SSL *s)
- {
- unsigned char *p;
- if (s->state == SSL3_ST_SW_SRVR_DONE_A)
- {
- p=(unsigned char *)s->init_buf->data;
-
- *(p++)=SSL3_MT_SERVER_DONE;
- *(p++)=0;
- *(p++)=0;
- *(p++)=0;
- s->state=SSL3_ST_SW_SRVR_DONE_B;
-
- s->init_num=4;
- s->init_off=0;
- }
-
- return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
- }
- static int ssl3_send_server_key_exchange(SSL *s)
- {
- #ifndef OPENSSL_NO_RSA
- unsigned char *q;
- int j,num;
- RSA *rsa;
- unsigned char md_buf[MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH];
- unsigned int u;
- #endif
- #ifndef OPENSSL_NO_DH
- DH *dh=NULL,*dhp;
- #endif
- EVP_PKEY *pkey;
- unsigned char *p,*d;
- int al,i;
- unsigned long type;
- int n;
- CERT *cert;
- BIGNUM *r[4];
- int nr[4],kn;
- BUF_MEM *buf;
- EVP_MD_CTX md_ctx;
- EVP_MD_CTX_init(&md_ctx);
- if (s->state == SSL3_ST_SW_KEY_EXCH_A)
- {
- type=s->s3->tmp.new_cipher->algorithms & SSL_MKEY_MASK;
- cert=s->cert;
- buf=s->init_buf;
- r[0]=r[1]=r[2]=r[3]=NULL;
- n=0;
- #ifndef OPENSSL_NO_RSA
- if (type & SSL_kRSA)
- {
- rsa=cert->rsa_tmp;
- if ((rsa == NULL) && (s->cert->rsa_tmp_cb != NULL))
- {
- rsa=s->cert->rsa_tmp_cb(s,
- SSL_C_IS_EXPORT(s->s3->tmp.new_cipher),
- SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher));
- if(rsa == NULL)
- {
- al=SSL_AD_HANDSHAKE_FAILURE;
- SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_ERROR_GENERATING_TMP_RSA_KEY);
- goto f_err;
- }
- RSA_up_ref(rsa);
- cert->rsa_tmp=rsa;
- }
- if (rsa == NULL)
- {
- al=SSL_AD_HANDSHAKE_FAILURE;
- SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_MISSING_TMP_RSA_KEY);
- goto f_err;
- }
- r[0]=rsa->n;
- r[1]=rsa->e;
- s->s3->tmp.use_rsa_tmp=1;
- }
- else
- #endif
- #ifndef OPENSSL_NO_DH
- if (type & SSL_kEDH)
- {
- dhp=cert->dh_tmp;
- if ((dhp == NULL) && (s->cert->dh_tmp_cb != NULL))
- dhp=s->cert->dh_tmp_cb(s,
- SSL_C_IS_EXPORT(s->s3->tmp.new_cipher),
- SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher));
- if (dhp == NULL)
- {
- al=SSL_AD_HANDSHAKE_FAILURE;
- SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_MISSING_TMP_DH_KEY);
- goto f_err;
- }
- if (s->s3->tmp.dh != NULL)
- {
- DH_free(dh);
- SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
- goto err;
- }
- if ((dh=DHparams_dup(dhp)) == NULL)
- {
- SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_DH_LIB);
- goto err;
- }
- s->s3->tmp.dh=dh;
- if ((dhp->pub_key == NULL ||
- dhp->priv_key == NULL ||
- (s->options & SSL_OP_SINGLE_DH_USE)))
- {
- if(!DH_generate_key(dh))
- {
- SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
- ERR_R_DH_LIB);
- goto err;
- }
- }
- else
- {
- dh->pub_key=BN_dup(dhp->pub_key);
- dh->priv_key=BN_dup(dhp->priv_key);
- if ((dh->pub_key == NULL) ||
- (dh->priv_key == NULL))
- {
- SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_DH_LIB);
- goto err;
- }
- }
- r[0]=dh->p;
- r[1]=dh->g;
- r[2]=dh->pub_key;
- }
- else
- #endif
- {
- al=SSL_AD_HANDSHAKE_FAILURE;
- SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE);
- goto f_err;
- }
- for (i=0; r[i] != NULL; i++)
- {
- nr[i]=BN_num_bytes(r[i]);
- n+=2+nr[i];
- }
- if (!(s->s3->tmp.new_cipher->algorithms & SSL_aNULL))
- {
- if ((pkey=ssl_get_sign_pkey(s,s->s3->tmp.new_cipher))
- == NULL)
- {
- al=SSL_AD_DECODE_ERROR;
- goto f_err;
- }
- kn=EVP_PKEY_size(pkey);
- }
- else
- {
- pkey=NULL;
- kn=0;
- }
- if (!BUF_MEM_grow_clean(buf,n+4+kn))
- {
- SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_BUF);
- goto err;
- }
- d=(unsigned char *)s->init_buf->data;
- p= &(d[4]);
- for (i=0; r[i] != NULL; i++)
- {
- s2n(nr[i],p);
- BN_bn2bin(r[i],p);
- p+=nr[i];
- }
-
- if (pkey != NULL)
- {
-
- #ifndef OPENSSL_NO_RSA
- if (pkey->type == EVP_PKEY_RSA)
- {
- q=md_buf;
- j=0;
- for (num=2; num > 0; num--)
- {
- EVP_DigestInit_ex(&md_ctx,(num == 2)
- ?s->ctx->md5:s->ctx->sha1, NULL);
- EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
- EVP_DigestUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
- EVP_DigestUpdate(&md_ctx,&(d[4]),n);
- #ifdef OPENSSL_FIPS
- if(s->version == TLS1_VERSION && num == 2)
- FIPS_allow_md5(1);
- #endif
- EVP_DigestFinal_ex(&md_ctx,q,
- (unsigned int *)&i);
- #ifdef OPENSSL_FIPS
- if(s->version == TLS1_VERSION && num == 2)
- FIPS_allow_md5(0);
- #endif
- q+=i;
- j+=i;
- }
- if (RSA_sign(NID_md5_sha1, md_buf, j,
- &(p[2]), &u, pkey->pkey.rsa) <= 0)
- {
- SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_RSA);
- goto err;
- }
- s2n(u,p);
- n+=u+2;
- }
- else
- #endif
- #if !defined(OPENSSL_NO_DSA)
- if (pkey->type == EVP_PKEY_DSA)
- {
-
- EVP_SignInit_ex(&md_ctx,EVP_dss1(), NULL);
- EVP_SignUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
- EVP_SignUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
- EVP_SignUpdate(&md_ctx,&(d[4]),n);
- if (!EVP_SignFinal(&md_ctx,&(p[2]),
- (unsigned int *)&i,pkey))
- {
- SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_DSA);
- goto err;
- }
- s2n(i,p);
- n+=i+2;
- }
- else
- #endif
- {
-
- al=SSL_AD_HANDSHAKE_FAILURE;
- SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_UNKNOWN_PKEY_TYPE);
- goto f_err;
- }
- }
- *(d++)=SSL3_MT_SERVER_KEY_EXCHANGE;
- l2n3(n,d);
-
- s->init_num=n+4;
- s->init_off=0;
- }
- s->state = SSL3_ST_SW_KEY_EXCH_B;
- EVP_MD_CTX_cleanup(&md_ctx);
- return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
- f_err:
- ssl3_send_alert(s,SSL3_AL_FATAL,al);
- err:
- EVP_MD_CTX_cleanup(&md_ctx);
- return(-1);
- }
- static int ssl3_send_certificate_request(SSL *s)
- {
- unsigned char *p,*d;
- int i,j,nl,off,n;
- STACK_OF(X509_NAME) *sk=NULL;
- X509_NAME *name;
- BUF_MEM *buf;
- if (s->state == SSL3_ST_SW_CERT_REQ_A)
- {
- buf=s->init_buf;
- d=p=(unsigned char *)&(buf->data[4]);
-
- p++;
- n=ssl3_get_req_cert_type(s,p);
- d[0]=n;
- p+=n;
- n++;
- off=n;
- p+=2;
- n+=2;
- sk=SSL_get_client_CA_list(s);
- nl=0;
- if (sk != NULL)
- {
- for (i=0; i<sk_X509_NAME_num(sk); i++)
- {
- name=sk_X509_NAME_value(sk,i);
- j=i2d_X509_NAME(name,NULL);
- if (!BUF_MEM_grow_clean(buf,4+n+j+2))
- {
- SSLerr(SSL_F_SSL3_SEND_CERTIFICATE_REQUEST,ERR_R_BUF_LIB);
- goto err;
- }
- p=(unsigned char *)&(buf->data[4+n]);
- if (!(s->options & SSL_OP_NETSCAPE_CA_DN_BUG))
- {
- s2n(j,p);
- i2d_X509_NAME(name,&p);
- n+=2+j;
- nl+=2+j;
- }
- else
- {
- d=p;
- i2d_X509_NAME(name,&p);
- j-=2; s2n(j,d); j+=2;
- n+=j;
- nl+=j;
- }
- }
- }
-
- p=(unsigned char *)&(buf->data[4+off]);
- s2n(nl,p);
- d=(unsigned char *)buf->data;
- *(d++)=SSL3_MT_CERTIFICATE_REQUEST;
- l2n3(n,d);
-
- s->init_num=n+4;
- s->init_off=0;
- #ifdef NETSCAPE_HANG_BUG
- p=(unsigned char *)s->init_buf->data + s->init_num;
-
- *(p++)=SSL3_MT_SERVER_DONE;
- *(p++)=0;
- *(p++)=0;
- *(p++)=0;
- s->init_num += 4;
- #endif
- s->state = SSL3_ST_SW_CERT_REQ_B;
- }
-
- return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
- err:
- return(-1);
- }
- static int ssl3_get_client_key_exchange(SSL *s)
- {
- int i,al,ok;
- long n;
- unsigned long l;
- unsigned char *p;
- #ifndef OPENSSL_NO_RSA
- RSA *rsa=NULL;
- EVP_PKEY *pkey=NULL;
- #endif
- #ifndef OPENSSL_NO_DH
- BIGNUM *pub=NULL;
- DH *dh_srvr;
- #endif
- #ifndef OPENSSL_NO_KRB5
- KSSL_ERR kssl_err;
- #endif
- n=ssl3_get_message(s,
- SSL3_ST_SR_KEY_EXCH_A,
- SSL3_ST_SR_KEY_EXCH_B,
- SSL3_MT_CLIENT_KEY_EXCHANGE,
- 2048,
- &ok);
- if (!ok) return((int)n);
- p=(unsigned char *)s->init_msg;
- l=s->s3->tmp.new_cipher->algorithms;
- #ifndef OPENSSL_NO_RSA
- if (l & SSL_kRSA)
- {
-
- if (s->s3->tmp.use_rsa_tmp)
- {
- if ((s->cert != NULL) && (s->cert->rsa_tmp != NULL))
- rsa=s->cert->rsa_tmp;
-
- if (rsa == NULL)
- {
- al=SSL_AD_HANDSHAKE_FAILURE;
- SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_MISSING_TMP_RSA_PKEY);
- goto f_err;
- }
- }
- else
- {
- pkey=s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey;
- if ( (pkey == NULL) ||
- (pkey->type != EVP_PKEY_RSA) ||
- (pkey->pkey.rsa == NULL))
- {
- al=SSL_AD_HANDSHAKE_FAILURE;
- SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_MISSING_RSA_CERTIFICATE);
- goto f_err;
- }
- rsa=pkey->pkey.rsa;
- }
-
- if (s->version > SSL3_VERSION)
- {
- n2s(p,i);
- if (n != i+2)
- {
- if (!(s->options & SSL_OP_TLS_D5_BUG))
- {
- SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG);
- goto err;
- }
- else
- p-=2;
- }
- else
- n=i;
- }
- i=RSA_private_decrypt((int)n,p,p,rsa,RSA_PKCS1_PADDING);
- al = -1;
-
- if (i != SSL_MAX_MASTER_KEY_LENGTH)
- {
- al=SSL_AD_DECODE_ERROR;
-
- }
- if ((al == -1) && !((p[0] == (s->client_version>>8)) && (p[1] == (s->client_version & 0xff))))
- {
-
- if (!((s->options & SSL_OP_TLS_ROLLBACK_BUG) &&
- (p[0] == (s->version>>8)) && (p[1] == (s->version & 0xff))))
- {
- al=SSL_AD_DECODE_ERROR;
-
-
- }
- }
- if (al != -1)
- {
-
- ERR_clear_error();
- i = SSL_MAX_MASTER_KEY_LENGTH;
- p[0] = s->client_version >> 8;
- p[1] = s->client_version & 0xff;
- RAND_pseudo_bytes(p+2, i-2);
- }
-
- s->session->master_key_length=
- s->method->ssl3_enc->generate_master_secret(s,
- s->session->master_key,
- p,i);
- OPENSSL_cleanse(p,i);
- }
- else
- #endif
- #ifndef OPENSSL_NO_DH
- if (l & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
- {
- n2s(p,i);
- if (n != i+2)
- {
- if (!(s->options & SSL_OP_SSLEAY_080_CLIENT_DH_BUG))
- {
- SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG);
- goto err;
- }
- else
- {
- p-=2;
- i=(int)n;
- }
- }
- if (n == 0L)
- {
- al=SSL_AD_HANDSHAKE_FAILURE;
- SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_UNABLE_TO_DECODE_DH_CERTS);
- goto f_err;
- }
- else
- {
- if (s->s3->tmp.dh == NULL)
- {
- al=SSL_AD_HANDSHAKE_FAILURE;
- SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_MISSING_TMP_DH_KEY);
- goto f_err;
- }
- else
- dh_srvr=s->s3->tmp.dh;
- }
- pub=BN_bin2bn(p,i,NULL);
- if (pub == NULL)
- {
- SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BN_LIB);
- goto err;
- }
- i=DH_compute_key(p,pub,dh_srvr);
- if (i <= 0)
- {
- SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB);
- goto err;
- }
- DH_free(s->s3->tmp.dh);
- s->s3->tmp.dh=NULL;
- BN_clear_free(pub);
- pub=NULL;
- s->session->master_key_length=
- s->method->ssl3_enc->generate_master_secret(s,
- s->session->master_key,p,i);
- OPENSSL_cleanse(p,i);
- }
- else
- #endif
- #ifndef OPENSSL_NO_KRB5
- if (l & SSL_kKRB5)
- {
- krb5_error_code krb5rc;
- krb5_data enc_ticket;
- krb5_data authenticator;
- krb5_data enc_pms;
- KSSL_CTX *kssl_ctx = s->kssl_ctx;
- EVP_CIPHER_CTX ciph_ctx;
- EVP_CIPHER *enc = NULL;
- unsigned char iv[EVP_MAX_IV_LENGTH];
- unsigned char pms[SSL_MAX_MASTER_KEY_LENGTH
- + EVP_MAX_BLOCK_LENGTH];
- int padl, outl;
- krb5_timestamp authtime = 0;
- krb5_ticket_times ttimes;
- EVP_CIPHER_CTX_init(&ciph_ctx);
- if (!kssl_ctx) kssl_ctx = kssl_ctx_new();
- n2s(p,i);
- enc_ticket.length = i;
- if (n < enc_ticket.length + 6)
- {
- SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
- SSL_R_DATA_LENGTH_TOO_LONG);
- goto err;
- }
- enc_ticket.data = (char *)p;
- p+=enc_ticket.length;
- n2s(p,i);
- authenticator.length = i;
- if (n < enc_ticket.length + authenticator.length + 6)
- {
- SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
- SSL_R_DATA_LENGTH_TOO_LONG);
- goto err;
- }
- authenticator.data = (char *)p;
- p+=authenticator.length;
- n2s(p,i);
- enc_pms.length = i;
- enc_pms.data = (char *)p;
- p+=enc_pms.length;
-
- if(enc_pms.length > sizeof pms)
- {
- SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
- SSL_R_DATA_LENGTH_TOO_LONG);
- goto err;
- }
- if (n != enc_ticket.length + authenticator.length +
- enc_pms.length + 6)
- {
- SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
- SSL_R_DATA_LENGTH_TOO_LONG);
- goto err;
- }
- if ((krb5rc = kssl_sget_tkt(kssl_ctx, &enc_ticket, &ttimes,
- &kssl_err)) != 0)
- {
- #ifdef KSSL_DEBUG
- printf("kssl_sget_tkt rtn %d [%d]\n",
- krb5rc, kssl_err.reason);
- if (kssl_err.text)
- printf("kssl_err text= %s\n", kssl_err.text);
- #endif
- SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
- kssl_err.reason);
- goto err;
- }
-
- if ((krb5rc = kssl_check_authent(kssl_ctx, &authenticator,
- &authtime, &kssl_err)) != 0)
- {
- #ifdef KSSL_DEBUG
- printf("kssl_check_authent rtn %d [%d]\n",
- krb5rc, kssl_err.reason);
- if (kssl_err.text)
- printf("kssl_err text= %s\n", kssl_err.text);
- #endif
- SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
- kssl_err.reason);
- goto err;
- }
- if ((krb5rc = kssl_validate_times(authtime, &ttimes)) != 0)
- {
- SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, krb5rc);
- goto err;
- }
- #ifdef KSSL_DEBUG
- kssl_ctx_show(kssl_ctx);
- #endif
- enc = kssl_map_enc(kssl_ctx->enctype);
- if (enc == NULL)
- goto err;
- memset(iv, 0, sizeof iv);
- if (!EVP_DecryptInit_ex(&ciph_ctx,enc,NULL,kssl_ctx->key,iv))
- {
- SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
- SSL_R_DECRYPTION_FAILED);
- goto err;
- }
- if (!EVP_DecryptUpdate(&ciph_ctx, pms,&outl,
- (unsigned char *)enc_pms.data, enc_pms.length))
- {
- SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
- SSL_R_DECRYPTION_FAILED);
- goto err;
- }
- if (outl > SSL_MAX_MASTER_KEY_LENGTH)
- {
- SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
- SSL_R_DATA_LENGTH_TOO_LONG);
- goto err;
- }
- if (!EVP_DecryptFinal_ex(&ciph_ctx,&(pms[outl]),&padl))
- {
- SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
- SSL_R_DECRYPTION_FAILED);
- goto err;
- }
- outl += padl;
- if (outl > SSL_MAX_MASTER_KEY_LENGTH)
- {
- SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
- SSL_R_DATA_LENGTH_TOO_LONG);
- goto err;
- }
- EVP_CIPHER_CTX_cleanup(&ciph_ctx);
- s->session->master_key_length=
- s->method->ssl3_enc->generate_master_secret(s,
- s->session->master_key, pms, outl);
- if (kssl_ctx->client_princ)
- {
- int len = strlen(kssl_ctx->client_princ);
- if ( len < SSL_MAX_KRB5_PRINCIPAL_LENGTH )
- {
- s->session->krb5_client_princ_len = len;
- memcpy(s->session->krb5_client_princ,kssl_ctx->client_princ,len);
- }
- }
-
- }
- else
- #endif
- {
- al=SSL_AD_HANDSHAKE_FAILURE;
- SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
- SSL_R_UNKNOWN_CIPHER_TYPE);
- goto f_err;
- }
- return(1);
- f_err:
- ssl3_send_alert(s,SSL3_AL_FATAL,al);
- #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_RSA)
- err:
- #endif
- return(-1);
- }
- static int ssl3_get_cert_verify(SSL *s)
- {
- EVP_PKEY *pkey=NULL;
- unsigned char *p;
- int al,ok,ret=0;
- long n;
- int type=0,i,j;
- X509 *peer;
- n=ssl3_get_message(s,
- SSL3_ST_SR_CERT_VRFY_A,
- SSL3_ST_SR_CERT_VRFY_B,
- -1,
- 514,
- &ok);
- if (!ok) return((int)n);
- if (s->session->peer != NULL)
- {
- peer=s->session->peer;
- pkey=X509_get_pubkey(peer);
- type=X509_certificate_type(peer,pkey);
- }
- else
- {
- peer=NULL;
- pkey=NULL;
- }
- if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE_VERIFY)
- {
- s->s3->tmp.reuse_message=1;
- if ((peer != NULL) && (type | EVP_PKT_SIGN))
- {
- al=SSL_AD_UNEXPECTED_MESSAGE;
- SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_MISSING_VERIFY_MESSAGE);
- goto f_err;
- }
- ret=1;
- goto end;
- }
- if (peer == NULL)
- {
- SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_NO_CLIENT_CERT_RECEIVED);
- al=SSL_AD_UNEXPECTED_MESSAGE;
- goto f_err;
- }
- if (!(type & EVP_PKT_SIGN))
- {
- SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE);
- al=SSL_AD_ILLEGAL_PARAMETER;
- goto f_err;
- }
- if (s->s3->change_cipher_spec)
- {
- SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_CCS_RECEIVED_EARLY);
- al=SSL_AD_UNEXPECTED_MESSAGE;
- goto f_err;
- }
-
- p=(unsigned char *)s->init_msg;
- n2s(p,i);
- n-=2;
- if (i > n)
- {
- SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_LENGTH_MISMATCH);
- al=SSL_AD_DECODE_ERROR;
- goto f_err;
- }
- j=EVP_PKEY_size(pkey);
- if ((i > j) || (n > j) || (n <= 0))
- {
- SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_WRONG_SIGNATURE_SIZE);
- al=SSL_AD_DECODE_ERROR;
- goto f_err;
- }
- #ifndef OPENSSL_NO_RSA
- if (pkey->type == EVP_PKEY_RSA)
- {
- i=RSA_verify(NID_md5_sha1, s->s3->tmp.cert_verify_md,
- MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH, p, i,
- pkey->pkey.rsa);
- if (i < 0)
- {
- al=SSL_AD_DECRYPT_ERROR;
- SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_BAD_RSA_DECRYPT);
- goto f_err;
- }
- if (i == 0)
- {
- al=SSL_AD_DECRYPT_ERROR;
- SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_BAD_RSA_SIGNATURE);
- goto f_err;
- }
- }
- else
- #endif
- #ifndef OPENSSL_NO_DSA
- if (pkey->type == EVP_PKEY_DSA)
- {
- j=DSA_verify(pkey->save_type,
- &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]),
- SHA_DIGEST_LENGTH,p,i,pkey->pkey.dsa);
- if (j <= 0)
- {
-
- al=SSL_AD_DECRYPT_ERROR;
- SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_BAD_DSA_SIGNATURE);
- goto f_err;
- }
- }
- else
- #endif
- {
- SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,ERR_R_INTERNAL_ERROR);
- al=SSL_AD_UNSUPPORTED_CERTIFICATE;
- goto f_err;
- }
- ret=1;
- if (0)
- {
- f_err:
- ssl3_send_alert(s,SSL3_AL_FATAL,al);
- }
- end:
- EVP_PKEY_free(pkey);
- return(ret);
- }
- static int ssl3_get_client_certificate(SSL *s)
- {
- int i,ok,al,ret= -1;
- X509 *x=NULL;
- unsigned long l,nc,llen,n;
- unsigned char *p,*d,*q;
- STACK_OF(X509) *sk=NULL;
- n=ssl3_get_message(s,
- SSL3_ST_SR_CERT_A,
- SSL3_ST_SR_CERT_B,
- -1,
- s->max_cert_list,
- &ok);
- if (!ok) return((int)n);
- if (s->s3->tmp.message_type == SSL3_MT_CLIENT_KEY_EXCHANGE)
- {
- if ( (s->verify_mode & SSL_VERIFY_PEER) &&
- (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT))
- {
- SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE);
- al=SSL_AD_HANDSHAKE_FAILURE;
- goto f_err;
- }
-
- if ((s->version > SSL3_VERSION) && s->s3->tmp.cert_request)
- {
- SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST);
- al=SSL_AD_UNEXPECTED_MESSAGE;
- goto f_err;
- }
- s->s3->tmp.reuse_message=1;
- return(1);
- }
- if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE)
- {
- al=SSL_AD_UNEXPECTED_MESSAGE;
- SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_WRONG_MESSAGE_TYPE);
- goto f_err;
- }
- d=p=(unsigned char *)s->init_msg;
- if ((sk=sk_X509_new_null()) == NULL)
- {
- SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,ERR_R_MALLOC_FAILURE);
- goto err;
- }
- n2l3(p,llen);
- if (llen+3 != n)
- {
- al=SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_LENGTH_MISMATCH);
- goto f_err;
- }
- for (nc=0; nc<llen; )
- {
- n2l3(p,l);
- if ((l+nc+3) > llen)
- {
- al=SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_CERT_LENGTH_MISMATCH);
- goto f_err;
- }
- q=p;
- x=d2i_X509(NULL,&p,l);
- if (x == NULL)
- {
- SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,ERR_R_ASN1_LIB);
- goto err;
- }
- if (p != (q+l))
- {
- al=SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_CERT_LENGTH_MISMATCH);
- goto f_err;
- }
- if (!sk_X509_push(sk,x))
- {
- SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,ERR_R_MALLOC_FAILURE);
- goto err;
- }
- x=NULL;
- nc+=l+3;
- }
- if (sk_X509_num(sk) <= 0)
- {
-
- if (s->version == SSL3_VERSION)
- {
- al=SSL_AD_HANDSHAKE_FAILURE;
- SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_NO_CERTIFICATES_RETURNED);
- goto f_err;
- }
-
- else if ((s->verify_mode & SSL_VERIFY_PEER) &&
- (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT))
- {
- SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE);
- al=SSL_AD_HANDSHAKE_FAILURE;
- goto f_err;
- }
- }
- else
- {
- i=ssl_verify_cert_chain(s,sk);
- if (!i)
- {
- al=ssl_verify_alarm_type(s->verify_result);
- SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_NO_CERTIFICATE_RETURNED);
- goto f_err;
- }
- }
- if (s->session->peer != NULL)
- X509_free(s->session->peer);
- s->session->peer=sk_X509_shift(sk);
- s->session->verify_result = s->verify_result;
-
- if (s->session->sess_cert == NULL)
- {
- s->session->sess_cert = ssl_sess_cert_new();
- if (s->session->sess_cert == NULL)
- {
- SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE, ERR_R_MALLOC_FAILURE);
- goto err;
- }
- }
- if (s->session->sess_cert->cert_chain != NULL)
- sk_X509_pop_free(s->session->sess_cert->cert_chain, X509_free);
- s->session->sess_cert->cert_chain=sk;
-
- sk=NULL;
- ret=1;
- if (0)
- {
- f_err:
- ssl3_send_alert(s,SSL3_AL_FATAL,al);
- }
- err:
- if (x != NULL) X509_free(x);
- if (sk != NULL) sk_X509_pop_free(sk,X509_free);
- return(ret);
- }
- int ssl3_send_server_certificate(SSL *s)
- {
- unsigned long l;
- X509 *x;
- if (s->state == SSL3_ST_SW_CERT_A)
- {
- x=ssl_get_server_send_cert(s);
- if (x == NULL &&
-
- (s->s3->tmp.new_cipher->algorithms
- & (SSL_MKEY_MASK|SSL_AUTH_MASK))
- != (SSL_aKRB5|SSL_kKRB5))
- {
- SSLerr(SSL_F_SSL3_SEND_SERVER_CERTIFICATE,ERR_R_INTERNAL_ERROR);
- return(0);
- }
- l=ssl3_output_cert_chain(s,x);
- s->state=SSL3_ST_SW_CERT_B;
- s->init_num=(int)l;
- s->init_off=0;
- }
-
- return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
- }
|