Blame - ssl/s3_clnt.c - third_party/openssl

blob: 3d40ba41fac58179b27ba1a6ec8966b795c0279b [file] [log] [blame]

Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	1	/* ssl/s3_clnt.c */
Ralf S. Engelschall	58964a4	1998-12-21 10:56:39 +0000	[diff] [blame]	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	3	* All rights reserved.
				4	*
				5	* This package is an SSL implementation written
				6	* by Eric Young (eay@cryptsoft.com).
				7	* The implementation was written so as to conform with Netscapes SSL.
				8	*
				9	* This library is free for commercial and non-commercial use as long as
				10	* the following conditions are aheared to. The following conditions
				11	* apply to all code found in this distribution, be it the RC4, RSA,
				12	* lhash, DES, etc., code; not just the SSL code. The SSL documentation
				13	* included with this distribution is covered by the same copyright terms
				14	* except that the holder is Tim Hudson (tjh@cryptsoft.com).
				15	*
				16	* Copyright remains Eric Young's, and as such any Copyright notices in
				17	* the code are not to be removed.
				18	* If this package is used in a product, Eric Young should be given attribution
				19	* as the author of the parts of the library used.
				20	* This can be in the form of a textual message at program startup or
				21	* in documentation (online or textual) provided with the package.
				22	*
				23	* Redistribution and use in source and binary forms, with or without
				24	* modification, are permitted provided that the following conditions
				25	* are met:
				26	* 1. Redistributions of source code must retain the copyright
				27	* notice, this list of conditions and the following disclaimer.
				28	* 2. Redistributions in binary form must reproduce the above copyright
				29	* notice, this list of conditions and the following disclaimer in the
				30	* documentation and/or other materials provided with the distribution.
				31	* 3. All advertising materials mentioning features or use of this software
				32	* must display the following acknowledgement:
				33	* "This product includes cryptographic software written by
				34	* Eric Young (eay@cryptsoft.com)"
				35	* The word 'cryptographic' can be left out if the rouines from the library
				36	* being used are not cryptographic related :-).
				37	* 4. If you include any Windows specific code (or a derivative thereof) from
				38	* the apps directory (application code) you must include an acknowledgement:
				39	* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
				40	*
				41	* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
				42	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
				43	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
				44	* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
				45	* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
				46	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
				47	* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
				48	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
				49	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
				50	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
				51	* SUCH DAMAGE.
				52	*
				53	* The licence and distribution terms for any publically available version or
				54	* derivative of this code cannot be changed. i.e. this code cannot simply be
				55	* copied and put under another distribution licence
				56	* [including the GNU Public Licence.]
				57	*/
Bodo Möller	8c74b5e	2002-01-14 23:40:26 +0000	[diff] [blame]	58	/* ====================================================================
Bodo Möller	52b8dad	2007-02-17 06:45:38 +0000	[diff] [blame]	59	* Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
Bodo Möller	8c74b5e	2002-01-14 23:40:26 +0000	[diff] [blame]	60	*
				61	* Redistribution and use in source and binary forms, with or without
				62	* modification, are permitted provided that the following conditions
				63	* are met:
				64	*
				65	* 1. Redistributions of source code must retain the above copyright
				66	* notice, this list of conditions and the following disclaimer.
				67	*
				68	* 2. Redistributions in binary form must reproduce the above copyright
				69	* notice, this list of conditions and the following disclaimer in
				70	* the documentation and/or other materials provided with the
				71	* distribution.
				72	*
				73	* 3. All advertising materials mentioning features or use of this
				74	* software must display the following acknowledgment:
				75	* "This product includes software developed by the OpenSSL Project
				76	* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
				77	*
				78	* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
				79	* endorse or promote products derived from this software without
				80	* prior written permission. For written permission, please contact
				81	* openssl-core@openssl.org.
				82	*
				83	* 5. Products derived from this software may not be called "OpenSSL"
				84	* nor may "OpenSSL" appear in their names without prior written
				85	* permission of the OpenSSL Project.
				86	*
				87	* 6. Redistributions of any form whatsoever must retain the following
				88	* acknowledgment:
				89	* "This product includes software developed by the OpenSSL Project
				90	* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
				91	*
				92	* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
				93	* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
				94	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
				95	* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
				96	* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
				97	* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
				98	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
				99	* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
				100	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
				101	* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
				102	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
				103	* OF THE POSSIBILITY OF SUCH DAMAGE.
				104	* ====================================================================
				105	*
				106	* This product includes cryptographic software written by Eric Young
				107	* (eay@cryptsoft.com). This product includes software written by Tim
				108	* Hudson (tjh@cryptsoft.com).
				109	*
				110	*/
Bodo Möller	ea26226	2002-08-09 08:56:08 +0000	[diff] [blame]	111	/* ====================================================================
				112	* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
				113	*
				114	* Portions of the attached software ("Contribution") are developed by
				115	* SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
				116	*
				117	* The Contribution is licensed pursuant to the OpenSSL open source
				118	* license provided above.
				119	*
Bodo Möller	ea26226	2002-08-09 08:56:08 +0000	[diff] [blame]	120	* ECC cipher suite support in OpenSSL originally written by
				121	* Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
				122	*
				123	*/
Nils Larsch	ddac197	2006-03-10 23:06:27 +0000	[diff] [blame]	124	/* ====================================================================
				125	* Copyright 2005 Nokia. All rights reserved.
				126	*
				127	* The portions of the attached software ("Contribution") is developed by
				128	* Nokia Corporation and is licensed pursuant to the OpenSSL open source
				129	* license.
				130	*
				131	* The Contribution, originally written by Mika Kousa and Pasi Eronen of
				132	* Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
				133	* support (see RFC 4279) to OpenSSL.
				134	*
				135	* No patent licenses or other rights except those expressly stated in
				136	* the OpenSSL open source license shall be deemed granted or received
				137	* expressly, by implication, estoppel, or otherwise.
				138	*
				139	* No assurances are provided by Nokia that the Contribution does not
				140	* infringe the patent or other intellectual property rights of any third
				141	* party or that the license provides you with all the necessary rights
				142	* to make use of the Contribution.
				143	*
				144	* THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
				145	* ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
				146	* SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
				147	* OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
				148	* OTHERWISE.
				149	*/
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	150
				151	#include <stdio.h>
Lutz Jänicke	7b63c0f	2002-07-10 07:01:54 +0000	[diff] [blame]	152	#include "ssl_locl.h"
				153	#include "kssl_lcl.h"
Bodo Möller	ec57782	1999-04-23 22:13:45 +0000	[diff] [blame]	154	#include <openssl/buffer.h>
				155	#include <openssl/rand.h>
				156	#include <openssl/objects.h>
				157	#include <openssl/evp.h>
Ben Laurie	dbad169	2001-07-30 23:57:25 +0000	[diff] [blame]	158	#include <openssl/md5.h>
Nils Larsch	3eeaab4	2005-07-16 12:37:36 +0000	[diff] [blame]	159	#ifndef OPENSSL_NO_DH
Geoff Thorpe	60a938c	2004-04-19 18:09:28 +0000	[diff] [blame]	160	#include <openssl/dh.h>
Nils Larsch	3eeaab4	2005-07-16 12:37:36 +0000	[diff] [blame]	161	#endif
Geoff Thorpe	d095b68	2004-05-17 18:53:47 +0000	[diff] [blame]	162	#include <openssl/bn.h>
Dr. Stephen Henson	368888b	2008-06-01 22:33:24 +0000	[diff] [blame]	163	#ifndef OPENSSL_NO_ENGINE
				164	#include <openssl/engine.h>
				165	#endif
Richard Levitte	f9b3bff	2000-11-30 22:53:34 +0000	[diff] [blame]	166
Nils Larsch	4ebb342	2005-08-14 21:48:33 +0000	[diff] [blame]	167	static const SSL_METHOD *ssl3_get_client_method(int ver);
Geoff Thorpe	ccd86b6	2000-06-01 02:36:58 +0000	[diff] [blame]	168	static int ca_dn_cmp(const X509_NAME * const a,const X509_NAME const *b);
Bodo Möller	ea26226	2002-08-09 08:56:08 +0000	[diff] [blame]	169
Nils Larsch	4ebb342	2005-08-14 21:48:33 +0000	[diff] [blame]	170	static const SSL_METHOD *ssl3_get_client_method(int ver)
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	171	{
Ralf S. Engelschall	58964a4	1998-12-21 10:56:39 +0000	[diff] [blame]	172	if (ver == SSL3_VERSION)
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	173	return(SSLv3_client_method());
				174	else
				175	return(NULL);
				176	}
				177
Dr. Stephen Henson	f3b656b	2005-08-05 23:56:11 +0000	[diff] [blame]	178	IMPLEMENT_ssl3_meth_func(SSLv3_client_method,
				179	ssl_undefined_function,
				180	ssl3_connect,
				181	ssl3_get_client_method)
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	182
Ulf Möller	6b691a5	1999-04-19 21:31:43 +0000	[diff] [blame]	183	int ssl3_connect(SSL *s)
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	184	{
Richard Levitte	8d6ad9e	2002-12-21 23:49:21 +0000	[diff] [blame]	185	BUF_MEM *buf=NULL;
Bodo Möller	52b8dad	2007-02-17 06:45:38 +0000	[diff] [blame]	186	unsigned long Time=(unsigned long)time(NULL);
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	187	long num1;
Ben Laurie	45d87a1	2002-01-12 15:56:13 +0000	[diff] [blame]	188	void (cb)(const SSL ssl,int type,int val)=NULL;
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	189	int ret= -1;
Dr. Stephen Henson	477fd45	2009-02-14 21:49:38 +0000	[diff] [blame]	190	int new_state,state,skip=0;
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	191
Ulf Möller	eb95208	2000-01-13 20:59:17 +0000	[diff] [blame]	192	RAND_add(&Time,sizeof(Time),0);
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	193	ERR_clear_error();
Ralf S. Engelschall	58964a4	1998-12-21 10:56:39 +0000	[diff] [blame]	194	clear_sys_error();
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	195
				196	if (s->info_callback != NULL)
				197	cb=s->info_callback;
				198	else if (s->ctx->info_callback != NULL)
				199	cb=s->ctx->info_callback;
				200
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	201	s->in_handshake++;
Bodo Möller	979689a	2001-10-24 19:03:22 +0000	[diff] [blame]	202	if (!SSL_in_init(s) \|\| SSL_in_before(s)) SSL_clear(s);
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	203
				204	for (;;)
				205	{
				206	state=s->state;
				207
				208	switch(s->state)
				209	{
				210	case SSL_ST_RENEGOTIATE:
				211	s->new_session=1;
				212	s->state=SSL_ST_CONNECT;
Mark J. Cox	413c4f4	1999-02-16 09:22:21 +0000	[diff] [blame]	213	s->ctx->stats.sess_connect_renegotiate++;
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	214	/* break */
				215	case SSL_ST_BEFORE:
				216	case SSL_ST_CONNECT:
				217	case SSL_ST_BEFORE\|SSL_ST_CONNECT:
				218	case SSL_ST_OK\|SSL_ST_CONNECT:
				219
Mark J. Cox	413c4f4	1999-02-16 09:22:21 +0000	[diff] [blame]	220	s->server=0;
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	221	if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
				222
Ralf S. Engelschall	58964a4	1998-12-21 10:56:39 +0000	[diff] [blame]	223	if ((s->version & 0xff00 ) != 0x0300)
Bodo Möller	bbb8de0	2000-09-04 15:34:43 +0000	[diff] [blame]	224	{
Bodo Möller	5277d7c	2001-03-07 01:19:07 +0000	[diff] [blame]	225	SSLerr(SSL_F_SSL3_CONNECT, ERR_R_INTERNAL_ERROR);
Bodo Möller	bbb8de0	2000-09-04 15:34:43 +0000	[diff] [blame]	226	ret = -1;
				227	goto end;
				228	}
				229
Ralf S. Engelschall	58964a4	1998-12-21 10:56:39 +0000	[diff] [blame]	230	/* s->version=SSL3_VERSION; */
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	231	s->type=SSL_ST_CONNECT;
				232
				233	if (s->init_buf == NULL)
				234	{
				235	if ((buf=BUF_MEM_new()) == NULL)
				236	{
				237	ret= -1;
				238	goto end;
				239	}
				240	if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH))
				241	{
				242	ret= -1;
				243	goto end;
				244	}
				245	s->init_buf=buf;
Richard Levitte	8d6ad9e	2002-12-21 23:49:21 +0000	[diff] [blame]	246	buf=NULL;
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	247	}
				248
				249	if (!ssl3_setup_buffers(s)) { ret= -1; goto end; }
				250
				251	/* setup buffing BIO */
Ralf S. Engelschall	58964a4	1998-12-21 10:56:39 +0000	[diff] [blame]	252	if (!ssl_init_wbio_buffer(s,0)) { ret= -1; goto end; }
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	253
				254	/* don't push the buffering BIO quite yet */
				255
				256	ssl3_init_finished_mac(s);
				257
				258	s->state=SSL3_ST_CW_CLNT_HELLO_A;
Mark J. Cox	413c4f4	1999-02-16 09:22:21 +0000	[diff] [blame]	259	s->ctx->stats.sess_connect++;
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	260	s->init_num=0;
				261	break;
				262
				263	case SSL3_ST_CW_CLNT_HELLO_A:
				264	case SSL3_ST_CW_CLNT_HELLO_B:
				265
				266	s->shutdown=0;
				267	ret=ssl3_client_hello(s);
				268	if (ret <= 0) goto end;
				269	s->state=SSL3_ST_CR_SRVR_HELLO_A;
				270	s->init_num=0;
				271
				272	/* turn on buffering for the next lot of output */
Ralf S. Engelschall	58964a4	1998-12-21 10:56:39 +0000	[diff] [blame]	273	if (s->bbio != s->wbio)
				274	s->wbio=BIO_push(s->bbio,s->wbio);
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	275
				276	break;
				277
				278	case SSL3_ST_CR_SRVR_HELLO_A:
				279	case SSL3_ST_CR_SRVR_HELLO_B:
				280	ret=ssl3_get_server_hello(s);
				281	if (ret <= 0) goto end;
Bodo Möller	241520e	2006-01-11 06:10:40 +0000	[diff] [blame]	282
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	283	if (s->hit)
				284	s->state=SSL3_ST_CR_FINISHED_A;
				285	else
				286	s->state=SSL3_ST_CR_CERT_A;
				287	s->init_num=0;
				288	break;
				289
				290	case SSL3_ST_CR_CERT_A:
				291	case SSL3_ST_CR_CERT_B:
Dr. Stephen Henson	6434abb	2007-08-11 23:18:29 +0000	[diff] [blame]	292	#ifndef OPENSSL_NO_TLSEXT
				293	ret=ssl3_check_finished(s);
				294	if (ret <= 0) goto end;
				295	if (ret == 2)
				296	{
				297	s->hit = 1;
Dr. Stephen Henson	31f528b	2007-11-03 13:09:34 +0000	[diff] [blame]	298	if (s->tlsext_ticket_expected)
				299	s->state=SSL3_ST_CR_SESSION_TICKET_A;
				300	else
				301	s->state=SSL3_ST_CR_FINISHED_A;
Dr. Stephen Henson	6434abb	2007-08-11 23:18:29 +0000	[diff] [blame]	302	s->init_num=0;
				303	break;
				304	}
				305	#endif
Bodo Möller	ea26226	2002-08-09 08:56:08 +0000	[diff] [blame]	306	/* Check if it is anon DH/ECDH */
Nils Larsch	ddac197	2006-03-10 23:06:27 +0000	[diff] [blame]	307	/* or PSK */
Bodo Möller	52b8dad	2007-02-17 06:45:38 +0000	[diff] [blame]	308	if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) &&
				309	!(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK))
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	310	{
				311	ret=ssl3_get_server_certificate(s);
				312	if (ret <= 0) goto end;
Dr. Stephen Henson	67c8e7f	2007-09-26 21:56:59 +0000	[diff] [blame]	313	#ifndef OPENSSL_NO_TLSEXT
				314	if (s->tlsext_status_expected)
				315	s->state=SSL3_ST_CR_CERT_STATUS_A;
				316	else
				317	s->state=SSL3_ST_CR_KEY_EXCH_A;
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	318	}
				319	else
Dr. Stephen Henson	67c8e7f	2007-09-26 21:56:59 +0000	[diff] [blame]	320	{
				321	skip = 1;
				322	s->state=SSL3_ST_CR_KEY_EXCH_A;
				323	}
				324	#else
Andy Polyakov	3ce54f3	2007-10-14 14:09:13 +0000	[diff] [blame]	325	}
Dr. Stephen Henson	67c8e7f	2007-09-26 21:56:59 +0000	[diff] [blame]	326	else
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	327	skip=1;
Dr. Stephen Henson	67c8e7f	2007-09-26 21:56:59 +0000	[diff] [blame]	328
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	329	s->state=SSL3_ST_CR_KEY_EXCH_A;
Dr. Stephen Henson	67c8e7f	2007-09-26 21:56:59 +0000	[diff] [blame]	330	#endif
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	331	s->init_num=0;
				332	break;
				333
				334	case SSL3_ST_CR_KEY_EXCH_A:
				335	case SSL3_ST_CR_KEY_EXCH_B:
				336	ret=ssl3_get_key_exchange(s);
				337	if (ret <= 0) goto end;
				338	s->state=SSL3_ST_CR_CERT_REQ_A;
				339	s->init_num=0;
				340
				341	/* at this point we check that we have the
				342	* required stuff from the server */
				343	if (!ssl3_check_cert_and_algorithm(s))
				344	{
				345	ret= -1;
				346	goto end;
				347	}
				348	break;
				349
				350	case SSL3_ST_CR_CERT_REQ_A:
				351	case SSL3_ST_CR_CERT_REQ_B:
				352	ret=ssl3_get_certificate_request(s);
				353	if (ret <= 0) goto end;
				354	s->state=SSL3_ST_CR_SRVR_DONE_A;
				355	s->init_num=0;
				356	break;
				357
				358	case SSL3_ST_CR_SRVR_DONE_A:
				359	case SSL3_ST_CR_SRVR_DONE_B:
				360	ret=ssl3_get_server_done(s);
				361	if (ret <= 0) goto end;
				362	if (s->s3->tmp.cert_req)
				363	s->state=SSL3_ST_CW_CERT_A;
				364	else
				365	s->state=SSL3_ST_CW_KEY_EXCH_A;
				366	s->init_num=0;
				367
				368	break;
				369
				370	case SSL3_ST_CW_CERT_A:
				371	case SSL3_ST_CW_CERT_B:
				372	case SSL3_ST_CW_CERT_C:
Bodo Möller	95d2959	1999-06-12 01:03:40 +0000	[diff] [blame]	373	case SSL3_ST_CW_CERT_D:
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	374	ret=ssl3_send_client_certificate(s);
				375	if (ret <= 0) goto end;
				376	s->state=SSL3_ST_CW_KEY_EXCH_A;
				377	s->init_num=0;
				378	break;
				379
				380	case SSL3_ST_CW_KEY_EXCH_A:
				381	case SSL3_ST_CW_KEY_EXCH_B:
				382	ret=ssl3_send_client_key_exchange(s);
				383	if (ret <= 0) goto end;
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	384	/* EAY EAY EAY need to check for DH fix cert
				385	* sent back */
Ralf S. Engelschall	58964a4	1998-12-21 10:56:39 +0000	[diff] [blame]	386	/* For TLS, cert_req is set to 2, so a cert chain
				387	* of nothing is sent, but no verify packet is sent */
Bodo Möller	ea26226	2002-08-09 08:56:08 +0000	[diff] [blame]	388	/* XXX: For now, we do not support client
				389	* authentication in ECDH cipher suites with
				390	* ECDH (rather than ECDSA) certificates.
				391	* We need to skip the certificate verify
				392	* message when client's ECDH public key is sent
				393	* inside the client certificate.
				394	*/
Ralf S. Engelschall	58964a4	1998-12-21 10:56:39 +0000	[diff] [blame]	395	if (s->s3->tmp.cert_req == 1)
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	396	{
				397	s->state=SSL3_ST_CW_CERT_VRFY_A;
				398	}
				399	else
				400	{
				401	s->state=SSL3_ST_CW_CHANGE_A;
				402	s->s3->change_cipher_spec=0;
				403	}
Dr. Stephen Henson	f0288f0	2009-06-16 16:38:47 +0000	[diff] [blame]	404	if (s->s3->flags & TLS1_FLAGS_SKIP_CERT_VERIFY)
				405	{
				406	s->state=SSL3_ST_CW_CHANGE_A;
				407	s->s3->change_cipher_spec=0;
				408	}
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	409
				410	s->init_num=0;
				411	break;
				412
				413	case SSL3_ST_CW_CERT_VRFY_A:
				414	case SSL3_ST_CW_CERT_VRFY_B:
				415	ret=ssl3_send_client_verify(s);
				416	if (ret <= 0) goto end;
				417	s->state=SSL3_ST_CW_CHANGE_A;
				418	s->init_num=0;
				419	s->s3->change_cipher_spec=0;
				420	break;
				421
				422	case SSL3_ST_CW_CHANGE_A:
				423	case SSL3_ST_CW_CHANGE_B:
				424	ret=ssl3_send_change_cipher_spec(s,
				425	SSL3_ST_CW_CHANGE_A,SSL3_ST_CW_CHANGE_B);
				426	if (ret <= 0) goto end;
				427	s->state=SSL3_ST_CW_FINISHED_A;
				428	s->init_num=0;
				429
				430	s->session->cipher=s->s3->tmp.new_cipher;
Dr. Stephen Henson	09b6c2e	2005-09-30 23:35:33 +0000	[diff] [blame]	431	#ifdef OPENSSL_NO_COMP
				432	s->session->compress_meth=0;
				433	#else
Mark J. Cox	413c4f4	1999-02-16 09:22:21 +0000	[diff] [blame]	434	if (s->s3->tmp.new_compression == NULL)
				435	s->session->compress_meth=0;
				436	else
				437	s->session->compress_meth=
				438	s->s3->tmp.new_compression->id;
Dr. Stephen Henson	09b6c2e	2005-09-30 23:35:33 +0000	[diff] [blame]	439	#endif
Ralf S. Engelschall	58964a4	1998-12-21 10:56:39 +0000	[diff] [blame]	440	if (!s->method->ssl3_enc->setup_key_block(s))
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	441	{
				442	ret= -1;
				443	goto end;
				444	}
				445
Ralf S. Engelschall	58964a4	1998-12-21 10:56:39 +0000	[diff] [blame]	446	if (!s->method->ssl3_enc->change_cipher_state(s,
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	447	SSL3_CHANGE_CIPHER_CLIENT_WRITE))
				448	{
				449	ret= -1;
				450	goto end;
				451	}
				452
				453	break;
				454
				455	case SSL3_ST_CW_FINISHED_A:
				456	case SSL3_ST_CW_FINISHED_B:
				457	ret=ssl3_send_finished(s,
				458	SSL3_ST_CW_FINISHED_A,SSL3_ST_CW_FINISHED_B,
Bodo Möller	c44f754	2000-01-05 23:11:51 +0000	[diff] [blame]	459	s->method->ssl3_enc->client_finished_label,
				460	s->method->ssl3_enc->client_finished_label_len);
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	461	if (ret <= 0) goto end;
				462	s->state=SSL3_ST_CW_FLUSH;
				463
				464	/* clear flags */
				465	s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER;
				466	if (s->hit)
				467	{
				468	s->s3->tmp.next_state=SSL_ST_OK;
				469	if (s->s3->flags & SSL3_FLAGS_DELAY_CLIENT_FINISHED)
				470	{
				471	s->state=SSL_ST_OK;
				472	s->s3->flags\|=SSL3_FLAGS_POP_BUFFER;
				473	s->s3->delay_buf_pop_ret=0;
				474	}
				475	}
				476	else
				477	{
Dr. Stephen Henson	6434abb	2007-08-11 23:18:29 +0000	[diff] [blame]	478	#ifndef OPENSSL_NO_TLSEXT
				479	/* Allow NewSessionTicket if ticket expected */
				480	if (s->tlsext_ticket_expected)
				481	s->s3->tmp.next_state=SSL3_ST_CR_SESSION_TICKET_A;
				482	else
				483	#endif
				484
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	485	s->s3->tmp.next_state=SSL3_ST_CR_FINISHED_A;
				486	}
				487	s->init_num=0;
				488	break;
				489
Dr. Stephen Henson	6434abb	2007-08-11 23:18:29 +0000	[diff] [blame]	490	#ifndef OPENSSL_NO_TLSEXT
				491	case SSL3_ST_CR_SESSION_TICKET_A:
				492	case SSL3_ST_CR_SESSION_TICKET_B:
				493	ret=ssl3_get_new_session_ticket(s);
Dr. Stephen Henson	446124a	2007-08-31 00:28:01 +0000	[diff] [blame]	494	if (ret <= 0) goto end;
Dr. Stephen Henson	6434abb	2007-08-11 23:18:29 +0000	[diff] [blame]	495	s->state=SSL3_ST_CR_FINISHED_A;
				496	s->init_num=0;
				497	break;
Dr. Stephen Henson	67c8e7f	2007-09-26 21:56:59 +0000	[diff] [blame]	498
				499	case SSL3_ST_CR_CERT_STATUS_A:
				500	case SSL3_ST_CR_CERT_STATUS_B:
				501	ret=ssl3_get_cert_status(s);
				502	if (ret <= 0) goto end;
				503	s->state=SSL3_ST_CR_KEY_EXCH_A;
				504	s->init_num=0;
				505	break;
Dr. Stephen Henson	6434abb	2007-08-11 23:18:29 +0000	[diff] [blame]	506	#endif
				507
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	508	case SSL3_ST_CR_FINISHED_A:
				509	case SSL3_ST_CR_FINISHED_B:
				510
				511	ret=ssl3_get_finished(s,SSL3_ST_CR_FINISHED_A,
Ralf S. Engelschall	58964a4	1998-12-21 10:56:39 +0000	[diff] [blame]	512	SSL3_ST_CR_FINISHED_B);
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	513	if (ret <= 0) goto end;
				514
				515	if (s->hit)
				516	s->state=SSL3_ST_CW_CHANGE_A;
				517	else
				518	s->state=SSL_ST_OK;
				519	s->init_num=0;
				520	break;
				521
				522	case SSL3_ST_CW_FLUSH:
				523	/* number of bytes to be flushed */
				524	num1=BIO_ctrl(s->wbio,BIO_CTRL_INFO,0,NULL);
				525	if (num1 > 0)
				526	{
				527	s->rwstate=SSL_WRITING;
				528	num1=BIO_flush(s->wbio);
				529	if (num1 <= 0) { ret= -1; goto end; }
				530	s->rwstate=SSL_NOTHING;
				531	}
				532
				533	s->state=s->s3->tmp.next_state;
				534	break;
				535
				536	case SSL_ST_OK:
				537	/* clean a few things up */
				538	ssl3_cleanup_key_block(s);
				539
Mark J. Cox	413c4f4	1999-02-16 09:22:21 +0000	[diff] [blame]	540	if (s->init_buf != NULL)
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	541	{
Mark J. Cox	413c4f4	1999-02-16 09:22:21 +0000	[diff] [blame]	542	BUF_MEM_free(s->init_buf);
				543	s->init_buf=NULL;
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	544	}
Mark J. Cox	413c4f4	1999-02-16 09:22:21 +0000	[diff] [blame]	545
				546	/* If we are not 'joining' the last two packets,
				547	* remove the buffering now */
				548	if (!(s->s3->flags & SSL3_FLAGS_POP_BUFFER))
				549	ssl_free_wbio_buffer(s);
				550	/* else do it later in ssl3_write */
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	551
				552	s->init_num=0;
				553	s->new_session=0;
				554
				555	ssl_update_cache(s,SSL_SESS_CACHE_CLIENT);
Mark J. Cox	413c4f4	1999-02-16 09:22:21 +0000	[diff] [blame]	556	if (s->hit) s->ctx->stats.sess_hit++;
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	557
				558	ret=1;
				559	/* s->server=0; */
				560	s->handshake_func=ssl3_connect;
Mark J. Cox	413c4f4	1999-02-16 09:22:21 +0000	[diff] [blame]	561	s->ctx->stats.sess_connect_good++;
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	562
				563	if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1);
				564
				565	goto end;
Ralf S. Engelschall	dfeab06	1998-12-21 11:00:56 +0000	[diff] [blame]	566	/* break; */
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	567
				568	default:
				569	SSLerr(SSL_F_SSL3_CONNECT,SSL_R_UNKNOWN_STATE);
				570	ret= -1;
				571	goto end;
				572	/* break; */
				573	}
				574
				575	/* did we do anything */
				576	if (!s->s3->tmp.reuse_message && !skip)
				577	{
Ralf S. Engelschall	58964a4	1998-12-21 10:56:39 +0000	[diff] [blame]	578	if (s->debug)
				579	{
				580	if ((ret=BIO_flush(s->wbio)) <= 0)
				581	goto end;
				582	}
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	583
				584	if ((cb != NULL) && (s->state != state))
				585	{
				586	new_state=s->state;
				587	s->state=state;
				588	cb(s,SSL_CB_CONNECT_LOOP,1);
				589	s->state=new_state;
				590	}
				591	}
				592	skip=0;
				593	}
				594	end:
Bodo Möller	4d635a7	2001-10-25 08:17:53 +0000	[diff] [blame]	595	s->in_handshake--;
Richard Levitte	8d6ad9e	2002-12-21 23:49:21 +0000	[diff] [blame]	596	if (buf != NULL)
				597	BUF_MEM_free(buf);
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	598	if (cb != NULL)
				599	cb(s,SSL_CB_CONNECT_EXIT,ret);
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	600	return(ret);
				601	}
				602
				603
Ben Laurie	36d16f8	2005-04-26 16:02:40 +0000	[diff] [blame]	604	int ssl3_client_hello(SSL *s)
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	605	{
				606	unsigned char *buf;
				607	unsigned char p,d;
Dr. Stephen Henson	09b6c2e	2005-09-30 23:35:33 +0000	[diff] [blame]	608	int i;
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	609	unsigned long Time,l;
Dr. Stephen Henson	09b6c2e	2005-09-30 23:35:33 +0000	[diff] [blame]	610	#ifndef OPENSSL_NO_COMP
				611	int j;
Mark J. Cox	413c4f4	1999-02-16 09:22:21 +0000	[diff] [blame]	612	SSL_COMP *comp;
Dr. Stephen Henson	09b6c2e	2005-09-30 23:35:33 +0000	[diff] [blame]	613	#endif
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	614
				615	buf=(unsigned char *)s->init_buf->data;
				616	if (s->state == SSL3_ST_CW_CLNT_HELLO_A)
				617	{
Dr. Stephen Henson	213f08a	2009-10-28 19:52:18 +0000	[diff] [blame]	618	SSL_SESSION *sess = s->session;
				619	if ((sess == NULL) \|\|
				620	(sess->ssl_version != s->version) \|\|
				621	#ifdef OPENSSL_NO_TLSEXT
				622	!sess->session_id_length \|\|
				623	#else
				624	(!sess->session_id_length && !sess->tlsext_tick) \|\|
				625	#endif
				626	(sess->not_resumable))
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	627	{
				628	if (!ssl_get_new_session(s,0))
				629	goto err;
				630	}
				631	/* else use the pre-loaded session */
				632
				633	p=s->s3->client_random;
Dr. Stephen Henson	7bbcb2f	2005-12-05 17:21:22 +0000	[diff] [blame]	634	Time=(unsigned long)time(NULL); /* Time */
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	635	l2n(Time,p);
Nils Larsch	7c7667b	2005-04-29 20:10:06 +0000	[diff] [blame]	636	if (RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0)
				637	goto err;
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	638
				639	/* Do the message type and length last */
				640	d=p= &(buf[4]);
				641
Ralf S. Engelschall	58964a4	1998-12-21 10:56:39 +0000	[diff] [blame]	642	*(p++)=s->version>>8;
				643	*(p++)=s->version&0xff;
Mark J. Cox	413c4f4	1999-02-16 09:22:21 +0000	[diff] [blame]	644	s->client_version=s->version;
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	645
				646	/* Random stuff */
				647	memcpy(p,s->s3->client_random,SSL3_RANDOM_SIZE);
				648	p+=SSL3_RANDOM_SIZE;
				649
				650	/* Session ID */
				651	if (s->new_session)
				652	i=0;
				653	else
				654	i=s->session->session_id_length;
				655	*(p++)=i;
				656	if (i != 0)
				657	{
Geoff Thorpe	2754597	2003-10-29 20:24:15 +0000	[diff] [blame]	658	if (i > (int)sizeof(s->session->session_id))
Bodo Möller	5574e0e	2002-08-02 11:48:15 +0000	[diff] [blame]	659	{
				660	SSLerr(SSL_F_SSL3_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
				661	goto err;
				662	}
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	663	memcpy(p,s->session->session_id,i);
				664	p+=i;
				665	}
				666
				667	/* Ciphers supported */
Bodo Möller	c6c2e31	2005-05-11 18:25:49 +0000	[diff] [blame]	668	i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),&(p[2]),0);
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	669	if (i == 0)
				670	{
				671	SSLerr(SSL_F_SSL3_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE);
				672	goto err;
				673	}
				674	s2n(i,p);
				675	p+=i;
				676
Ralf S. Engelschall	dfeab06	1998-12-21 11:00:56 +0000	[diff] [blame]	677	/* COMPRESSION */
Dr. Stephen Henson	09b6c2e	2005-09-30 23:35:33 +0000	[diff] [blame]	678	#ifdef OPENSSL_NO_COMP
				679	*(p++)=1;
				680	#else
Dr. Stephen Henson	566dda0	2005-10-08 00:18:53 +0000	[diff] [blame]	681
				682	if ((s->options & SSL_OP_NO_COMPRESSION)
				683	\|\| !s->ctx->comp_methods)
Mark J. Cox	413c4f4	1999-02-16 09:22:21 +0000	[diff] [blame]	684	j=0;
				685	else
Ben Laurie	f73e07c	1999-04-12 17:23:57 +0000	[diff] [blame]	686	j=sk_SSL_COMP_num(s->ctx->comp_methods);
Mark J. Cox	413c4f4	1999-02-16 09:22:21 +0000	[diff] [blame]	687	*(p++)=1+j;
				688	for (i=0; i<j; i++)
				689	{
Ben Laurie	f73e07c	1999-04-12 17:23:57 +0000	[diff] [blame]	690	comp=sk_SSL_COMP_value(s->ctx->comp_methods,i);
Mark J. Cox	413c4f4	1999-02-16 09:22:21 +0000	[diff] [blame]	691	*(p++)=comp->id;
				692	}
Dr. Stephen Henson	09b6c2e	2005-09-30 23:35:33 +0000	[diff] [blame]	693	#endif
Mark J. Cox	413c4f4	1999-02-16 09:22:21 +0000	[diff] [blame]	694	(p++)=0; / Add the NULL method */
Bodo Möller	761772d	2007-09-21 06:54:24 +0000	[diff] [blame]	695
Bodo Möller	ed3883d	2006-01-02 23:14:37 +0000	[diff] [blame]	696	#ifndef OPENSSL_NO_TLSEXT
Bodo Möller	761772d	2007-09-21 06:54:24 +0000	[diff] [blame]	697	/* TLS extensions*/
Bodo Möller	36ca4ba	2006-03-11 23:46:37 +0000	[diff] [blame]	698	if (ssl_prepare_clienthello_tlsext(s) <= 0)
				699	{
				700	SSLerr(SSL_F_SSL3_CLIENT_HELLO,SSL_R_CLIENTHELLO_TLSEXT);
				701	goto err;
				702	}
Bodo Möller	f1fd454	2006-01-03 03:27:19 +0000	[diff] [blame]	703	if ((p = ssl_add_clienthello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL)
				704	{
Bodo Möller	ed3883d	2006-01-02 23:14:37 +0000	[diff] [blame]	705	SSLerr(SSL_F_SSL3_CLIENT_HELLO,ERR_R_INTERNAL_ERROR);
				706	goto err;
Bodo Möller	f1fd454	2006-01-03 03:27:19 +0000	[diff] [blame]	707	}
Bodo Möller	ed3883d	2006-01-02 23:14:37 +0000	[diff] [blame]	708	#endif
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	709
				710	l=(p-d);
				711	d=buf;
				712	*(d++)=SSL3_MT_CLIENT_HELLO;
				713	l2n3(l,d);
				714
				715	s->state=SSL3_ST_CW_CLNT_HELLO_B;
				716	/* number of bytes to write */
				717	s->init_num=p-buf;
				718	s->init_off=0;
				719	}
				720
				721	/* SSL3_ST_CW_CLNT_HELLO_B */
				722	return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
				723	err:
				724	return(-1);
				725	}
				726
Ben Laurie	36d16f8	2005-04-26 16:02:40 +0000	[diff] [blame]	727	int ssl3_get_server_hello(SSL *s)
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	728	{
Ben Laurie	f73e07c	1999-04-12 17:23:57 +0000	[diff] [blame]	729	STACK_OF(SSL_CIPHER) *sk;
Ben Laurie	babb379	2008-10-12 14:32:47 +0000	[diff] [blame]	730	const SSL_CIPHER *c;
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	731	unsigned char p,d;
				732	int i,al,ok;
				733	unsigned int j;
				734	long n;
Dr. Stephen Henson	09b6c2e	2005-09-30 23:35:33 +0000	[diff] [blame]	735	#ifndef OPENSSL_NO_COMP
Mark J. Cox	413c4f4	1999-02-16 09:22:21 +0000	[diff] [blame]	736	SSL_COMP *comp;
Dr. Stephen Henson	09b6c2e	2005-09-30 23:35:33 +0000	[diff] [blame]	737	#endif
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	738
Ben Laurie	36d16f8	2005-04-26 16:02:40 +0000	[diff] [blame]	739	n=s->method->ssl_get_message(s,
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	740	SSL3_ST_CR_SRVR_HELLO_A,
				741	SSL3_ST_CR_SRVR_HELLO_B,
Ben Laurie	36d16f8	2005-04-26 16:02:40 +0000	[diff] [blame]	742	-1,
Dr. Stephen Henson	6434abb	2007-08-11 23:18:29 +0000	[diff] [blame]	743	20000, /* ?? */
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	744	&ok);
				745
				746	if (!ok) return((int)n);
Ben Laurie	36d16f8	2005-04-26 16:02:40 +0000	[diff] [blame]	747
Dr. Stephen Henson	8711efb	2009-04-20 11:33:12 +0000	[diff] [blame]	748	if ( SSL_version(s) == DTLS1_VERSION \|\| SSL_version(s) == DTLS1_BAD_VER)
Ben Laurie	36d16f8	2005-04-26 16:02:40 +0000	[diff] [blame]	749	{
				750	if ( s->s3->tmp.message_type == DTLS1_MT_HELLO_VERIFY_REQUEST)
				751	{
				752	if ( s->d1->send_cookie == 0)
				753	{
				754	s->s3->tmp.reuse_message = 1;
				755	return 1;
				756	}
				757	else /* already sent a cookie */
				758	{
				759	al=SSL_AD_UNEXPECTED_MESSAGE;
Bodo Möller	aa4ce73	2005-04-26 18:53:22 +0000	[diff] [blame]	760	SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_BAD_MESSAGE_TYPE);
Ben Laurie	36d16f8	2005-04-26 16:02:40 +0000	[diff] [blame]	761	goto f_err;
				762	}
				763	}
				764	}
				765
				766	if ( s->s3->tmp.message_type != SSL3_MT_SERVER_HELLO)
				767	{
				768	al=SSL_AD_UNEXPECTED_MESSAGE;
Bodo Möller	aa4ce73	2005-04-26 18:53:22 +0000	[diff] [blame]	769	SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_BAD_MESSAGE_TYPE);
Ben Laurie	36d16f8	2005-04-26 16:02:40 +0000	[diff] [blame]	770	goto f_err;
				771	}
				772
Bodo Möller	48948d5	2001-10-15 19:49:25 +0000	[diff] [blame]	773	d=p=(unsigned char *)s->init_msg;
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	774
Ralf S. Engelschall	58964a4	1998-12-21 10:56:39 +0000	[diff] [blame]	775	if ((p[0] != (s->version>>8)) \|\| (p[1] != (s->version&0xff)))
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	776	{
				777	SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_WRONG_SSL_VERSION);
Ralf S. Engelschall	58964a4	1998-12-21 10:56:39 +0000	[diff] [blame]	778	s->version=(s->version&0xff00)\|p[1];
				779	al=SSL_AD_PROTOCOL_VERSION;
				780	goto f_err;
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	781	}
				782	p+=2;
				783
				784	/* load the server hello data */
				785	/* load the server random */
				786	memcpy(s->s3->server_random,p,SSL3_RANDOM_SIZE);
				787	p+=SSL3_RANDOM_SIZE;
				788
				789	/* get the session-id */
				790	j= *(p++);
				791
Bodo Möller	a4f53a1	2002-09-19 11:44:07 +0000	[diff] [blame]	792	if ((j > sizeof s->session->session_id) \|\| (j > SSL3_SESSION_ID_SIZE))
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	793	{
Bodo Möller	a4f53a1	2002-09-19 11:44:07 +0000	[diff] [blame]	794	al=SSL_AD_ILLEGAL_PARAMETER;
				795	SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_SSL3_SESSION_ID_TOO_LONG);
				796	goto f_err;
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	797	}
Ben Laurie	54a656e	2002-11-13 15:43:43 +0000	[diff] [blame]	798
Dr. Stephen Henson	12bf56c	2008-11-15 17:18:12 +0000	[diff] [blame]	799	#ifndef OPENSSL_NO_TLSEXT
				800	/* check if we want to resume the session based on external pre-shared secret */
				801	if (s->version >= TLS1_VERSION && s->tls_session_secret_cb)
				802	{
				803	SSL_CIPHER *pref_cipher=NULL;
				804	s->session->master_key_length=sizeof(s->session->master_key);
				805	if (s->tls_session_secret_cb(s, s->session->master_key,
				806	&s->session->master_key_length,
				807	NULL, &pref_cipher,
				808	s->tls_session_secret_cb_arg))
				809	{
				810	s->session->cipher = pref_cipher ?
				811	pref_cipher : ssl_get_cipher_by_char(s, p+j);
				812	}
				813	}
				814	#endif /* OPENSSL_NO_TLSEXT */
				815
Ben Laurie	b4cadc6	1999-03-22 12:22:14 +0000	[diff] [blame]	816	if (j != 0 && j == s->session->session_id_length
				817	&& memcmp(p,s->session->session_id,j) == 0)
				818	{
				819	if(s->sid_ctx_length != s->session->sid_ctx_length
				820	\|\| memcmp(s->session->sid_ctx,s->sid_ctx,s->sid_ctx_length))
				821	{
Bodo Möller	a4f53a1	2002-09-19 11:44:07 +0000	[diff] [blame]	822	/* actually a client application bug */
Ben Laurie	b4cadc6	1999-03-22 12:22:14 +0000	[diff] [blame]	823	al=SSL_AD_ILLEGAL_PARAMETER;
				824	SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT);
				825	goto f_err;
				826	}
				827	s->hit=1;
				828	}
Ralf S. Engelschall	58964a4	1998-12-21 10:56:39 +0000	[diff] [blame]	829	else /* a miss or crap from the other end */
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	830	{
Ralf S. Engelschall	58964a4	1998-12-21 10:56:39 +0000	[diff] [blame]	831	/* If we were trying for session-id reuse, make a new
				832	* SSL_SESSION so we don't stuff up other people */
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	833	s->hit=0;
Ralf S. Engelschall	58964a4	1998-12-21 10:56:39 +0000	[diff] [blame]	834	if (s->session->session_id_length > 0)
				835	{
				836	if (!ssl_get_new_session(s,0))
				837	{
				838	al=SSL_AD_INTERNAL_ERROR;
				839	goto f_err;
				840	}
				841	}
				842	s->session->session_id_length=j;
				843	memcpy(s->session->session_id,p,j); /* j could be 0 */
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	844	}
				845	p+=j;
				846	c=ssl_get_cipher_by_char(s,p);
				847	if (c == NULL)
				848	{
				849	/* unknown cipher */
Ralf S. Engelschall	58964a4	1998-12-21 10:56:39 +0000	[diff] [blame]	850	al=SSL_AD_ILLEGAL_PARAMETER;
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	851	SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_UNKNOWN_CIPHER_RETURNED);
				852	goto f_err;
				853	}
				854	p+=ssl_put_cipher_by_char(s,NULL,NULL);
				855
				856	sk=ssl_get_ciphers_by_id(s);
Ben Laurie	f73e07c	1999-04-12 17:23:57 +0000	[diff] [blame]	857	i=sk_SSL_CIPHER_find(sk,c);
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	858	if (i < 0)
				859	{
				860	/* we did not say we would use this cipher */
Ralf S. Engelschall	58964a4	1998-12-21 10:56:39 +0000	[diff] [blame]	861	al=SSL_AD_ILLEGAL_PARAMETER;
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	862	SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_WRONG_CIPHER_RETURNED);
				863	goto f_err;
				864	}
				865
Lutz Jänicke	6a8afe2	2002-11-20 10:48:58 +0000	[diff] [blame]	866	/* Depending on the session caching (internal/external), the cipher
				867	and/or cipher_id values may not be set. Make sure that
				868	cipher_id is set and use it for comparison. */
				869	if (s->session->cipher)
				870	s->session->cipher_id = s->session->cipher->id;
Lutz Jänicke	c566205	2002-11-15 10:53:33 +0000	[diff] [blame]	871	if (s->hit && (s->session->cipher_id != c->id))
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	872	{
Ralf S. Engelschall	58964a4	1998-12-21 10:56:39 +0000	[diff] [blame]	873	if (!(s->options &
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	874	SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG))
				875	{
Ralf S. Engelschall	58964a4	1998-12-21 10:56:39 +0000	[diff] [blame]	876	al=SSL_AD_ILLEGAL_PARAMETER;
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	877	SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED);
				878	goto f_err;
				879	}
				880	}
				881	s->s3->tmp.new_cipher=c;
Ben Laurie	6ba71a7	2008-12-27 02:00:38 +0000	[diff] [blame]	882	if (!ssl3_digest_cached_records(s))
				883	goto f_err;
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	884
				885	/* lets get the compression algorithm */
Ralf S. Engelschall	dfeab06	1998-12-21 11:00:56 +0000	[diff] [blame]	886	/* COMPRESSION */
Dr. Stephen Henson	09b6c2e	2005-09-30 23:35:33 +0000	[diff] [blame]	887	#ifdef OPENSSL_NO_COMP
				888	if (*(p++) != 0)
				889	{
				890	al=SSL_AD_ILLEGAL_PARAMETER;
				891	SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
				892	goto f_err;
				893	}
				894	#else
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	895	j= *(p++);
Dr. Stephen Henson	566dda0	2005-10-08 00:18:53 +0000	[diff] [blame]	896	if ((j == 0) \|\| (s->options & SSL_OP_NO_COMPRESSION))
Mark J. Cox	413c4f4	1999-02-16 09:22:21 +0000	[diff] [blame]	897	comp=NULL;
				898	else
				899	comp=ssl3_comp_find(s->ctx->comp_methods,j);
				900
				901	if ((j != 0) && (comp == NULL))
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	902	{
Ralf S. Engelschall	58964a4	1998-12-21 10:56:39 +0000	[diff] [blame]	903	al=SSL_AD_ILLEGAL_PARAMETER;
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	904	SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
				905	goto f_err;
				906	}
Mark J. Cox	413c4f4	1999-02-16 09:22:21 +0000	[diff] [blame]	907	else
				908	{
				909	s->s3->tmp.new_compression=comp;
				910	}
Dr. Stephen Henson	09b6c2e	2005-09-30 23:35:33 +0000	[diff] [blame]	911	#endif
Bodo Möller	761772d	2007-09-21 06:54:24 +0000	[diff] [blame]	912
Bodo Möller	ed3883d	2006-01-02 23:14:37 +0000	[diff] [blame]	913	#ifndef OPENSSL_NO_TLSEXT
				914	/* TLS extensions*/
Dr. Stephen Henson	13f6d57	2009-12-08 13:14:03 +0000	[diff] [blame^]	915	if (s->version >= SSL3_VERSION)
Bodo Möller	f1fd454	2006-01-03 03:27:19 +0000	[diff] [blame]	916	{
				917	if (!ssl_parse_serverhello_tlsext(s,&p,d,n, &al))
				918	{
				919	/* 'al' set by ssl_parse_serverhello_tlsext */
Bodo Möller	36ca4ba	2006-03-11 23:46:37 +0000	[diff] [blame]	920	SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_PARSE_TLSEXT);
Bodo Möller	ed3883d	2006-01-02 23:14:37 +0000	[diff] [blame]	921	goto f_err;
Bodo Möller	f1fd454	2006-01-03 03:27:19 +0000	[diff] [blame]	922	}
Bodo Möller	36ca4ba	2006-03-11 23:46:37 +0000	[diff] [blame]	923	if (ssl_check_serverhello_tlsext(s) <= 0)
Bodo Möller	58ece83	2006-01-13 09:21:10 +0000	[diff] [blame]	924	{
Bodo Möller	a291745	2007-04-24 01:06:19 +0000	[diff] [blame]	925	SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_SERVERHELLO_TLSEXT);
Bodo Möller	58ece83	2006-01-13 09:21:10 +0000	[diff] [blame]	926	goto err;
				927	}
Bodo Möller	ed3883d	2006-01-02 23:14:37 +0000	[diff] [blame]	928	}
Bodo Möller	ed3883d	2006-01-02 23:14:37 +0000	[diff] [blame]	929	#endif
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	930
				931	if (p != (d+n))
				932	{
				933	/* wrong packet length */
Ralf S. Engelschall	58964a4	1998-12-21 10:56:39 +0000	[diff] [blame]	934	al=SSL_AD_DECODE_ERROR;
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	935	SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_BAD_PACKET_LENGTH);
				936	goto err;
				937	}
				938
				939	return(1);
				940	f_err:
				941	ssl3_send_alert(s,SSL3_AL_FATAL,al);
				942	err:
				943	return(-1);
				944	}
				945
Ben Laurie	36d16f8	2005-04-26 16:02:40 +0000	[diff] [blame]	946	int ssl3_get_server_certificate(SSL *s)
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	947	{
				948	int al,i,ok,ret= -1;
				949	unsigned long n,nc,llen,l;
				950	X509 *x=NULL;
Richard Levitte	875a644	2004-03-15 23:15:26 +0000	[diff] [blame]	951	const unsigned char q,p;
				952	unsigned char *d;
Ben Laurie	f73e07c	1999-04-12 17:23:57 +0000	[diff] [blame]	953	STACK_OF(X509) *sk=NULL;
Bodo Möller	b56bce4	1999-05-13 15:09:38 +0000	[diff] [blame]	954	SESS_CERT *sc;
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	955	EVP_PKEY *pkey=NULL;
Bodo Möller	5737654	2003-02-28 15:07:10 +0000	[diff] [blame]	956	int need_cert = 1; /* VRS: 0=> will allow null cert if auth == KRB5 */
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	957
Ben Laurie	36d16f8	2005-04-26 16:02:40 +0000	[diff] [blame]	958	n=s->method->ssl_get_message(s,
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	959	SSL3_ST_CR_CERT_A,
				960	SSL3_ST_CR_CERT_B,
				961	-1,
Lutz Jänicke	c0f5dd0	2001-09-11 13:08:51 +0000	[diff] [blame]	962	s->max_cert_list,
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	963	&ok);
				964
				965	if (!ok) return((int)n);
				966
				967	if (s->s3->tmp.message_type == SSL3_MT_SERVER_KEY_EXCHANGE)
				968	{
				969	s->s3->tmp.reuse_message=1;
				970	return(1);
				971	}
				972
				973	if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE)
				974	{
Ralf S. Engelschall	58964a4	1998-12-21 10:56:39 +0000	[diff] [blame]	975	al=SSL_AD_UNEXPECTED_MESSAGE;
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	976	SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_BAD_MESSAGE_TYPE);
				977	goto f_err;
				978	}
Richard Levitte	875a644	2004-03-15 23:15:26 +0000	[diff] [blame]	979	p=d=(unsigned char *)s->init_msg;
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	980
Ben Laurie	f73e07c	1999-04-12 17:23:57 +0000	[diff] [blame]	981	if ((sk=sk_X509_new_null()) == NULL)
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	982	{
				983	SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,ERR_R_MALLOC_FAILURE);
				984	goto err;
				985	}
				986
				987	n2l3(p,llen);
				988	if (llen+3 != n)
				989	{
Ralf S. Engelschall	58964a4	1998-12-21 10:56:39 +0000	[diff] [blame]	990	al=SSL_AD_DECODE_ERROR;
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	991	SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_LENGTH_MISMATCH);
				992	goto f_err;
				993	}
				994	for (nc=0; nc<llen; )
				995	{
				996	n2l3(p,l);
				997	if ((l+nc+3) > llen)
				998	{
Ralf S. Engelschall	58964a4	1998-12-21 10:56:39 +0000	[diff] [blame]	999	al=SSL_AD_DECODE_ERROR;
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	1000	SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_CERT_LENGTH_MISMATCH);
				1001	goto f_err;
				1002	}
				1003
				1004	q=p;
				1005	x=d2i_X509(NULL,&q,l);
				1006	if (x == NULL)
				1007	{
Ralf S. Engelschall	58964a4	1998-12-21 10:56:39 +0000	[diff] [blame]	1008	al=SSL_AD_BAD_CERTIFICATE;
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	1009	SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,ERR_R_ASN1_LIB);
				1010	goto f_err;
				1011	}
				1012	if (q != (p+l))
				1013	{
Ralf S. Engelschall	58964a4	1998-12-21 10:56:39 +0000	[diff] [blame]	1014	al=SSL_AD_DECODE_ERROR;
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	1015	SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_CERT_LENGTH_MISMATCH);
				1016	goto f_err;
				1017	}
Ben Laurie	f73e07c	1999-04-12 17:23:57 +0000	[diff] [blame]	1018	if (!sk_X509_push(sk,x))
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	1019	{
				1020	SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,ERR_R_MALLOC_FAILURE);
				1021	goto err;
				1022	}
				1023	x=NULL;
				1024	nc+=l+3;
				1025	p=q;
				1026	}
				1027
				1028	i=ssl_verify_cert_chain(s,sk);
Dr. Stephen Henson	bab5340	2009-01-07 23:44:27 +0000	[diff] [blame]	1029	if ((s->verify_mode != SSL_VERIFY_NONE) && (i <= 0)
Richard Levitte	82d5d46	2001-07-12 08:51:47 +0000	[diff] [blame]	1030	#ifndef OPENSSL_NO_KRB5
Bodo Möller	52b8dad	2007-02-17 06:45:38 +0000	[diff] [blame]	1031	&& !((s->s3->tmp.new_cipher->algorithm_mkey & SSL_kKRB5) &&
				1032	(s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5))
Richard Levitte	82d5d46	2001-07-12 08:51:47 +0000	[diff] [blame]	1033	#endif /* OPENSSL_NO_KRB5 */
Bodo Möller	52b8dad	2007-02-17 06:45:38 +0000	[diff] [blame]	1034	)
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	1035	{
				1036	al=ssl_verify_alarm_type(s->verify_result);
				1037	SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_CERTIFICATE_VERIFY_FAILED);
				1038	goto f_err;
				1039	}
Bodo Möller	1fab73a	2000-05-27 22:25:01 +0000	[diff] [blame]	1040	ERR_clear_error(); /* but we keep s->verify_result */
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	1041
Bodo Möller	b56bce4	1999-05-13 15:09:38 +0000	[diff] [blame]	1042	sc=ssl_sess_cert_new();
				1043	if (sc == NULL) goto err;
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	1044
Bodo Möller	b56bce4	1999-05-13 15:09:38 +0000	[diff] [blame]	1045	if (s->session->sess_cert) ssl_sess_cert_free(s->session->sess_cert);
				1046	s->session->sess_cert=sc;
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	1047
Bodo Möller	b56bce4	1999-05-13 15:09:38 +0000	[diff] [blame]	1048	sc->cert_chain=sk;
Bodo Möller	98e04f9	2000-03-27 18:07:45 +0000	[diff] [blame]	1049	/* Inconsistency alert: cert_chain does include the peer's
				1050	* certificate, which we don't include in s3_srvr.c */
Ben Laurie	f73e07c	1999-04-12 17:23:57 +0000	[diff] [blame]	1051	x=sk_X509_value(sk,0);
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	1052	sk=NULL;
Richard Levitte	2a1ef75	2001-07-09 21:46:58 +0000	[diff] [blame]	1053	/* VRS 19990621: possible memory leak; sk=null ==> !sk_pop_free() @end*/
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	1054
				1055	pkey=X509_get_pubkey(x);
				1056
Bodo Möller	5737654	2003-02-28 15:07:10 +0000	[diff] [blame]	1057	/* VRS: allow null cert if auth == KRB5 */
Bodo Möller	52b8dad	2007-02-17 06:45:38 +0000	[diff] [blame]	1058	need_cert = ((s->s3->tmp.new_cipher->algorithm_mkey & SSL_kKRB5) &&
				1059	(s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5))
				1060	? 0 : 1;
Richard Levitte	f9b3bff	2000-11-30 22:53:34 +0000	[diff] [blame]	1061
				1062	#ifdef KSSL_DEBUG
Geoff Thorpe	6343829	2008-11-12 03:58:08 +0000	[diff] [blame]	1063	printf("pkey,x = %p, %p\n", pkey,x);
Richard Levitte	f9b3bff	2000-11-30 22:53:34 +0000	[diff] [blame]	1064	printf("ssl_cert_type(x,pkey) = %d\n", ssl_cert_type(x,pkey));
Bodo Möller	52b8dad	2007-02-17 06:45:38 +0000	[diff] [blame]	1065	printf("cipher, alg, nc = %s, %lx, %lx, %d\n", s->s3->tmp.new_cipher->name,
				1066	s->s3->tmp.new_cipher->algorithm_mkey, s->s3->tmp.new_cipher->algorithm_auth, need_cert);
Richard Levitte	f9b3bff	2000-11-30 22:53:34 +0000	[diff] [blame]	1067	#endif /* KSSL_DEBUG */
				1068
Richard Levitte	2a1ef75	2001-07-09 21:46:58 +0000	[diff] [blame]	1069	if (need_cert && ((pkey == NULL) \|\| EVP_PKEY_missing_parameters(pkey)))
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	1070	{
				1071	x=NULL;
				1072	al=SSL3_AL_FATAL;
Richard Levitte	2a1ef75	2001-07-09 21:46:58 +0000	[diff] [blame]	1073	SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,
				1074	SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS);
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	1075	goto f_err;
				1076	}
				1077
				1078	i=ssl_cert_type(x,pkey);
Richard Levitte	f9b3bff	2000-11-30 22:53:34 +0000	[diff] [blame]	1079	if (need_cert && i < 0)
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	1080	{
				1081	x=NULL;
				1082	al=SSL3_AL_FATAL;
Richard Levitte	2a1ef75	2001-07-09 21:46:58 +0000	[diff] [blame]	1083	SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,
				1084	SSL_R_UNKNOWN_CERTIFICATE_TYPE);
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	1085	goto f_err;
				1086	}
				1087
Bodo Möller	5737654	2003-02-28 15:07:10 +0000	[diff] [blame]	1088	if (need_cert)
				1089	{
				1090	sc->peer_cert_type=i;
				1091	CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509);
				1092	/* Why would the following ever happen?
				1093	* We just created sc a couple of lines ago. */
				1094	if (sc->peer_pkeys[i].x509 != NULL)
				1095	X509_free(sc->peer_pkeys[i].x509);
				1096	sc->peer_pkeys[i].x509=x;
				1097	sc->peer_key= &(sc->peer_pkeys[i]);
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	1098
Bodo Möller	5737654	2003-02-28 15:07:10 +0000	[diff] [blame]	1099	if (s->session->peer != NULL)
				1100	X509_free(s->session->peer);
				1101	CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509);
				1102	s->session->peer=x;
				1103	}
				1104	else
				1105	{
				1106	sc->peer_cert_type=i;
				1107	sc->peer_key= NULL;
Richard Levitte	f9b3bff	2000-11-30 22:53:34 +0000	[diff] [blame]	1108
Bodo Möller	5737654	2003-02-28 15:07:10 +0000	[diff] [blame]	1109	if (s->session->peer != NULL)
				1110	X509_free(s->session->peer);
				1111	s->session->peer=NULL;
				1112	}
Lutz Jänicke	0dd2254	2000-11-29 16:04:38 +0000	[diff] [blame]	1113	s->session->verify_result = s->verify_result;
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	1114
				1115	x=NULL;
				1116	ret=1;
				1117
				1118	if (0)
				1119	{
				1120	f_err:
				1121	ssl3_send_alert(s,SSL3_AL_FATAL,al);
				1122	}
				1123	err:
Dr. Stephen Henson	a8236c8	1999-02-15 21:05:21 +0000	[diff] [blame]	1124	EVP_PKEY_free(pkey);
				1125	X509_free(x);
Ben Laurie	f73e07c	1999-04-12 17:23:57 +0000	[diff] [blame]	1126	sk_X509_pop_free(sk,X509_free);
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	1127	return(ret);
				1128	}
				1129
Ben Laurie	36d16f8	2005-04-26 16:02:40 +0000	[diff] [blame]	1130	int ssl3_get_key_exchange(SSL *s)
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	1131	{
Richard Levitte	bc36ee6	2001-02-20 08:13:47 +0000	[diff] [blame]	1132	#ifndef OPENSSL_NO_RSA
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	1133	unsigned char q,md_buf[EVP_MAX_MD_SIZE2];
				1134	#endif
				1135	EVP_MD_CTX md_ctx;
				1136	unsigned char param,p;
				1137	int al,i,j,param_len,ok;
Bodo Möller	52b8dad	2007-02-17 06:45:38 +0000	[diff] [blame]	1138	long n,alg_k,alg_a;
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	1139	EVP_PKEY *pkey=NULL;
Richard Levitte	bc36ee6	2001-02-20 08:13:47 +0000	[diff] [blame]	1140	#ifndef OPENSSL_NO_RSA
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	1141	RSA *rsa=NULL;
Ulf Möller	79df9d6	1999-04-27 03:19:12 +0000	[diff] [blame]	1142	#endif
Richard Levitte	bc36ee6	2001-02-20 08:13:47 +0000	[diff] [blame]	1143	#ifndef OPENSSL_NO_DH
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	1144	DH *dh=NULL;
Ralf S. Engelschall	58964a4	1998-12-21 10:56:39 +0000	[diff] [blame]	1145	#endif
Bodo Möller	ea26226	2002-08-09 08:56:08 +0000	[diff] [blame]	1146	#ifndef OPENSSL_NO_ECDH
				1147	EC_KEY *ecdh = NULL;
				1148	BN_CTX *bn_ctx = NULL;
				1149	EC_POINT *srvr_ecpoint = NULL;
				1150	int curve_nid = 0;
				1151	int encoded_pt_len = 0;
				1152	#endif
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	1153
Bodo Möller	37a7cd1	2001-08-07 09:30:18 +0000	[diff] [blame]	1154	/* use same message size as in ssl3_get_certificate_request()
				1155	* as ServerKeyExchange message may be skipped */
Ben Laurie	36d16f8	2005-04-26 16:02:40 +0000	[diff] [blame]	1156	n=s->method->ssl_get_message(s,
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	1157	SSL3_ST_CR_KEY_EXCH_A,
				1158	SSL3_ST_CR_KEY_EXCH_B,
				1159	-1,
Lutz Jänicke	c0f5dd0	2001-09-11 13:08:51 +0000	[diff] [blame]	1160	s->max_cert_list,
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	1161	&ok);
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	1162	if (!ok) return((int)n);
				1163
				1164	if (s->s3->tmp.message_type != SSL3_MT_SERVER_KEY_EXCHANGE)
				1165	{
Nils Larsch	ddac197	2006-03-10 23:06:27 +0000	[diff] [blame]	1166	#ifndef OPENSSL_NO_PSK
				1167	/* In plain PSK ciphersuite, ServerKeyExchange can be
				1168	omitted if no identity hint is sent. Set
				1169	session->sess_cert anyway to avoid problems
				1170	later.*/
Bodo Möller	52b8dad	2007-02-17 06:45:38 +0000	[diff] [blame]	1171	if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)
Nils Larsch	ddac197	2006-03-10 23:06:27 +0000	[diff] [blame]	1172	{
				1173	s->session->sess_cert=ssl_sess_cert_new();
				1174	if (s->ctx->psk_identity_hint)
				1175	OPENSSL_free(s->ctx->psk_identity_hint);
				1176	s->ctx->psk_identity_hint = NULL;
				1177	}
				1178	#endif
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	1179	s->s3->tmp.reuse_message=1;
				1180	return(1);
				1181	}
				1182
Bodo Möller	48948d5	2001-10-15 19:49:25 +0000	[diff] [blame]	1183	param=p=(unsigned char *)s->init_msg;
Bodo Möller	9d5ccea	1999-05-09 21:22:45 +0000	[diff] [blame]	1184	if (s->session->sess_cert != NULL)
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	1185	{
Richard Levitte	bc36ee6	2001-02-20 08:13:47 +0000	[diff] [blame]	1186	#ifndef OPENSSL_NO_RSA
Bodo Möller	b56bce4	1999-05-13 15:09:38 +0000	[diff] [blame]	1187	if (s->session->sess_cert->peer_rsa_tmp != NULL)
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	1188	{
Bodo Möller	b56bce4	1999-05-13 15:09:38 +0000	[diff] [blame]	1189	RSA_free(s->session->sess_cert->peer_rsa_tmp);
				1190	s->session->sess_cert->peer_rsa_tmp=NULL;
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	1191	}
				1192	#endif
Richard Levitte	bc36ee6	2001-02-20 08:13:47 +0000	[diff] [blame]	1193	#ifndef OPENSSL_NO_DH
Bodo Möller	b56bce4	1999-05-13 15:09:38 +0000	[diff] [blame]	1194	if (s->session->sess_cert->peer_dh_tmp)
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	1195	{
Bodo Möller	b56bce4	1999-05-13 15:09:38 +0000	[diff] [blame]	1196	DH_free(s->session->sess_cert->peer_dh_tmp);
				1197	s->session->sess_cert->peer_dh_tmp=NULL;
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	1198	}
				1199	#endif
Bodo Möller	ea26226	2002-08-09 08:56:08 +0000	[diff] [blame]	1200	#ifndef OPENSSL_NO_ECDH
				1201	if (s->session->sess_cert->peer_ecdh_tmp)
				1202	{
				1203	EC_KEY_free(s->session->sess_cert->peer_ecdh_tmp);
				1204	s->session->sess_cert->peer_ecdh_tmp=NULL;
				1205	}
				1206	#endif
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	1207	}
				1208	else
				1209	{
Bodo Möller	b56bce4	1999-05-13 15:09:38 +0000	[diff] [blame]	1210	s->session->sess_cert=ssl_sess_cert_new();
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	1211	}
				1212
				1213	param_len=0;
Bodo Möller	52b8dad	2007-02-17 06:45:38 +0000	[diff] [blame]	1214	alg_k=s->s3->tmp.new_cipher->algorithm_mkey;
				1215	alg_a=s->s3->tmp.new_cipher->algorithm_auth;
Ben Laurie	dbad169	2001-07-30 23:57:25 +0000	[diff] [blame]	1216	EVP_MD_CTX_init(&md_ctx);
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	1217
Nils Larsch	ddac197	2006-03-10 23:06:27 +0000	[diff] [blame]	1218	#ifndef OPENSSL_NO_PSK
Bodo Möller	52b8dad	2007-02-17 06:45:38 +0000	[diff] [blame]	1219	if (alg_k & SSL_kPSK)
				1220	{
Nils Larsch	ddac197	2006-03-10 23:06:27 +0000	[diff] [blame]	1221	char tmp_id_hint[PSK_MAX_IDENTITY_LEN+1];
				1222
				1223	al=SSL_AD_HANDSHAKE_FAILURE;
				1224	n2s(p,i);
				1225	param_len=i+2;
				1226	/* Store PSK identity hint for later use, hint is used
				1227	* in ssl3_send_client_key_exchange. Assume that the
				1228	* maximum length of a PSK identity hint can be as
				1229	* long as the maximum length of a PSK identity. */
				1230	if (i > PSK_MAX_IDENTITY_LEN)
				1231	{
				1232	SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
				1233	SSL_R_DATA_LENGTH_TOO_LONG);
				1234	goto f_err;
				1235	}
				1236	if (param_len > n)
				1237	{
				1238	al=SSL_AD_DECODE_ERROR;
				1239	SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
				1240	SSL_R_BAD_PSK_IDENTITY_HINT_LENGTH);
				1241	goto f_err;
				1242	}
				1243	/* If received PSK identity hint contains NULL
				1244	* characters, the hint is truncated from the first
				1245	* NULL. p may not be ending with NULL, so create a
				1246	* NULL-terminated string. */
				1247	memcpy(tmp_id_hint, p, i);
				1248	memset(tmp_id_hint+i, 0, PSK_MAX_IDENTITY_LEN+1-i);
				1249	if (s->ctx->psk_identity_hint != NULL)
				1250	OPENSSL_free(s->ctx->psk_identity_hint);
				1251	s->ctx->psk_identity_hint = BUF_strdup(tmp_id_hint);
				1252	if (s->ctx->psk_identity_hint == NULL)
				1253	{
				1254	SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
				1255	goto f_err;
Bodo Möller	52b8dad	2007-02-17 06:45:38 +0000	[diff] [blame]	1256	}
Nils Larsch	ddac197	2006-03-10 23:06:27 +0000	[diff] [blame]	1257
				1258	p+=i;
				1259	n-=param_len;
				1260	}
				1261	else
				1262	#endif /* !OPENSSL_NO_PSK */
Richard Levitte	bc36ee6	2001-02-20 08:13:47 +0000	[diff] [blame]	1263	#ifndef OPENSSL_NO_RSA
Bodo Möller	52b8dad	2007-02-17 06:45:38 +0000	[diff] [blame]	1264	if (alg_k & SSL_kRSA)
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	1265	{
				1266	if ((rsa=RSA_new()) == NULL)
				1267	{
				1268	SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
				1269	goto err;
				1270	}
				1271	n2s(p,i);
				1272	param_len=i+2;
				1273	if (param_len > n)
				1274	{
Ralf S. Engelschall	58964a4	1998-12-21 10:56:39 +0000	[diff] [blame]	1275	al=SSL_AD_DECODE_ERROR;
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	1276	SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_RSA_MODULUS_LENGTH);
				1277	goto f_err;
				1278	}
				1279	if (!(rsa->n=BN_bin2bn(p,i,rsa->n)))
				1280	{
				1281	SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB);
				1282	goto err;
				1283	}
				1284	p+=i;
				1285
				1286	n2s(p,i);
				1287	param_len+=i+2;
				1288	if (param_len > n)
				1289	{
Ralf S. Engelschall	58964a4	1998-12-21 10:56:39 +0000	[diff] [blame]	1290	al=SSL_AD_DECODE_ERROR;
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	1291	SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_RSA_E_LENGTH);
				1292	goto f_err;
				1293	}
				1294	if (!(rsa->e=BN_bin2bn(p,i,rsa->e)))
				1295	{
				1296	SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB);
				1297	goto err;
				1298	}
				1299	p+=i;
				1300	n-=param_len;
				1301
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	1302	/* this should be because we are using an export cipher */
Bodo Möller	52b8dad	2007-02-17 06:45:38 +0000	[diff] [blame]	1303	if (alg_a & SSL_aRSA)
Bodo Möller	b56bce4	1999-05-13 15:09:38 +0000	[diff] [blame]	1304	pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	1305	else
				1306	{
Bodo Möller	5277d7c	2001-03-07 01:19:07 +0000	[diff] [blame]	1307	SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	1308	goto err;
				1309	}
Bodo Möller	b56bce4	1999-05-13 15:09:38 +0000	[diff] [blame]	1310	s->session->sess_cert->peer_rsa_tmp=rsa;
Bodo Möller	6b521df	1999-07-12 15:20:08 +0000	[diff] [blame]	1311	rsa=NULL;
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	1312	}
Richard Levitte	bc36ee6	2001-02-20 08:13:47 +0000	[diff] [blame]	1313	#else /* OPENSSL_NO_RSA */
Bodo Möller	3f2599d	2000-07-02 19:40:44 +0000	[diff] [blame]	1314	if (0)
				1315	;
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	1316	#endif
Richard Levitte	bc36ee6	2001-02-20 08:13:47 +0000	[diff] [blame]	1317	#ifndef OPENSSL_NO_DH
Bodo Möller	52b8dad	2007-02-17 06:45:38 +0000	[diff] [blame]	1318	else if (alg_k & SSL_kEDH)
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	1319	{
				1320	if ((dh=DH_new()) == NULL)
				1321	{
				1322	SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_DH_LIB);
				1323	goto err;
				1324	}
				1325	n2s(p,i);
				1326	param_len=i+2;
				1327	if (param_len > n)
				1328	{
Ralf S. Engelschall	58964a4	1998-12-21 10:56:39 +0000	[diff] [blame]	1329	al=SSL_AD_DECODE_ERROR;
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	1330	SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_DH_P_LENGTH);
				1331	goto f_err;
				1332	}
				1333	if (!(dh->p=BN_bin2bn(p,i,NULL)))
				1334	{
				1335	SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB);
				1336	goto err;
				1337	}
				1338	p+=i;
				1339
				1340	n2s(p,i);
				1341	param_len+=i+2;
				1342	if (param_len > n)
				1343	{
Ralf S. Engelschall	58964a4	1998-12-21 10:56:39 +0000	[diff] [blame]	1344	al=SSL_AD_DECODE_ERROR;
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	1345	SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_DH_G_LENGTH);
				1346	goto f_err;
				1347	}
				1348	if (!(dh->g=BN_bin2bn(p,i,NULL)))
				1349	{
				1350	SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB);
				1351	goto err;
				1352	}
				1353	p+=i;
				1354
				1355	n2s(p,i);
				1356	param_len+=i+2;
				1357	if (param_len > n)
				1358	{
Ralf S. Engelschall	58964a4	1998-12-21 10:56:39 +0000	[diff] [blame]	1359	al=SSL_AD_DECODE_ERROR;
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	1360	SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_DH_PUB_KEY_LENGTH);
				1361	goto f_err;
				1362	}
				1363	if (!(dh->pub_key=BN_bin2bn(p,i,NULL)))
				1364	{
				1365	SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB);
				1366	goto err;
				1367	}
				1368	p+=i;
				1369	n-=param_len;
				1370
Richard Levitte	bc36ee6	2001-02-20 08:13:47 +0000	[diff] [blame]	1371	#ifndef OPENSSL_NO_RSA
Bodo Möller	52b8dad	2007-02-17 06:45:38 +0000	[diff] [blame]	1372	if (alg_a & SSL_aRSA)
Bodo Möller	b56bce4	1999-05-13 15:09:38 +0000	[diff] [blame]	1373	pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
Bodo Möller	3f2599d	2000-07-02 19:40:44 +0000	[diff] [blame]	1374	#else
				1375	if (0)
				1376	;
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	1377	#endif
Richard Levitte	bc36ee6	2001-02-20 08:13:47 +0000	[diff] [blame]	1378	#ifndef OPENSSL_NO_DSA
Bodo Möller	52b8dad	2007-02-17 06:45:38 +0000	[diff] [blame]	1379	else if (alg_a & SSL_aDSS)
Bodo Möller	b56bce4	1999-05-13 15:09:38 +0000	[diff] [blame]	1380	pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_DSA_SIGN].x509);
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	1381	#endif
				1382	/* else anonymous DH, so no certificate or pkey. */
				1383
Bodo Möller	b56bce4	1999-05-13 15:09:38 +0000	[diff] [blame]	1384	s->session->sess_cert->peer_dh_tmp=dh;
Mark J. Cox	413c4f4	1999-02-16 09:22:21 +0000	[diff] [blame]	1385	dh=NULL;
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	1386	}
Bodo Möller	52b8dad	2007-02-17 06:45:38 +0000	[diff] [blame]	1387	else if ((alg_k & SSL_kDHr) \|\| (alg_k & SSL_kDHd))
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	1388	{
Ralf S. Engelschall	58964a4	1998-12-21 10:56:39 +0000	[diff] [blame]	1389	al=SSL_AD_ILLEGAL_PARAMETER;
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	1390	SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER);
				1391	goto f_err;
				1392	}
Richard Levitte	bc36ee6	2001-02-20 08:13:47 +0000	[diff] [blame]	1393	#endif /* !OPENSSL_NO_DH */
Bodo Möller	ea26226	2002-08-09 08:56:08 +0000	[diff] [blame]	1394
				1395	#ifndef OPENSSL_NO_ECDH
Bodo Möller	52b8dad	2007-02-17 06:45:38 +0000	[diff] [blame]	1396	else if (alg_k & SSL_kEECDH)
Bodo Möller	ea26226	2002-08-09 08:56:08 +0000	[diff] [blame]	1397	{
Nils Larsch	9dd8405	2005-05-16 10:11:04 +0000	[diff] [blame]	1398	EC_GROUP *ngroup;
				1399	const EC_GROUP *group;
				1400
Bodo Möller	ea26226	2002-08-09 08:56:08 +0000	[diff] [blame]	1401	if ((ecdh=EC_KEY_new()) == NULL)
				1402	{
				1403	SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
				1404	goto err;
				1405	}
				1406
				1407	/* Extract elliptic curve parameters and the
				1408	* server's ephemeral ECDH public key.
				1409	* Keep accumulating lengths of various components in
				1410	* param_len and make sure it never exceeds n.
				1411	*/
				1412
				1413	/* XXX: For now we only support named (not generic) curves
Bodo Möller	d56349a	2005-12-13 07:33:35 +0000	[diff] [blame]	1414	* and the ECParameters in this case is just three bytes.
Bodo Möller	ea26226	2002-08-09 08:56:08 +0000	[diff] [blame]	1415	*/
Bodo Möller	d56349a	2005-12-13 07:33:35 +0000	[diff] [blame]	1416	param_len=3;
Bodo Möller	ea26226	2002-08-09 08:56:08 +0000	[diff] [blame]	1417	if ((param_len > n) \|\|
				1418	(*p != NAMED_CURVE_TYPE) \|\|
Bodo Möller	3327372	2006-03-30 02:44:56 +0000	[diff] [blame]	1419	((curve_nid = tls1_ec_curve_id2nid(*(p + 2))) == 0))
Bodo Möller	ea26226	2002-08-09 08:56:08 +0000	[diff] [blame]	1420	{
				1421	al=SSL_AD_INTERNAL_ERROR;
				1422	SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS);
				1423	goto f_err;
				1424	}
				1425
Nils Larsch	9dd8405	2005-05-16 10:11:04 +0000	[diff] [blame]	1426	ngroup = EC_GROUP_new_by_curve_name(curve_nid);
				1427	if (ngroup == NULL)
Bodo Möller	ea26226	2002-08-09 08:56:08 +0000	[diff] [blame]	1428	{
				1429	SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_EC_LIB);
				1430	goto err;
				1431	}
Nils Larsch	9dd8405	2005-05-16 10:11:04 +0000	[diff] [blame]	1432	if (EC_KEY_set_group(ecdh, ngroup) == 0)
				1433	{
				1434	SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_EC_LIB);
				1435	goto err;
				1436	}
				1437	EC_GROUP_free(ngroup);
				1438
				1439	group = EC_KEY_get0_group(ecdh);
Bodo Möller	ea26226	2002-08-09 08:56:08 +0000	[diff] [blame]	1440
				1441	if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) &&
Nils Larsch	9dd8405	2005-05-16 10:11:04 +0000	[diff] [blame]	1442	(EC_GROUP_get_degree(group) > 163))
Bodo Möller	ea26226	2002-08-09 08:56:08 +0000	[diff] [blame]	1443	{
				1444	al=SSL_AD_EXPORT_RESTRICTION;
				1445	SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER);
				1446	goto f_err;
				1447	}
				1448
Bodo Möller	d56349a	2005-12-13 07:33:35 +0000	[diff] [blame]	1449	p+=3;
Bodo Möller	ea26226	2002-08-09 08:56:08 +0000	[diff] [blame]	1450
				1451	/* Next, get the encoded ECPoint */
Nils Larsch	9dd8405	2005-05-16 10:11:04 +0000	[diff] [blame]	1452	if (((srvr_ecpoint = EC_POINT_new(group)) == NULL) \|\|
Bodo Möller	ea26226	2002-08-09 08:56:08 +0000	[diff] [blame]	1453	((bn_ctx = BN_CTX_new()) == NULL))
				1454	{
				1455	SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
				1456	goto err;
				1457	}
				1458
				1459	encoded_pt_len = p; / length of encoded point */
				1460	p+=1;
				1461	param_len += (1 + encoded_pt_len);
				1462	if ((param_len > n) \|\|
Nils Larsch	9dd8405	2005-05-16 10:11:04 +0000	[diff] [blame]	1463	(EC_POINT_oct2point(group, srvr_ecpoint,
Bodo Möller	ea26226	2002-08-09 08:56:08 +0000	[diff] [blame]	1464	p, encoded_pt_len, bn_ctx) == 0))
				1465	{
				1466	al=SSL_AD_DECODE_ERROR;
				1467	SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_ECPOINT);
				1468	goto f_err;
				1469	}
				1470
				1471	n-=param_len;
				1472	p+=encoded_pt_len;
				1473
				1474	/* The ECC/TLS specification does not mention
				1475	* the use of DSA to sign ECParameters in the server
				1476	* key exchange message. We do support RSA and ECDSA.
				1477	*/
				1478	if (0) ;
				1479	#ifndef OPENSSL_NO_RSA
Bodo Möller	52b8dad	2007-02-17 06:45:38 +0000	[diff] [blame]	1480	else if (alg_a & SSL_aRSA)
Bodo Möller	ea26226	2002-08-09 08:56:08 +0000	[diff] [blame]	1481	pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
				1482	#endif
				1483	#ifndef OPENSSL_NO_ECDSA
Bodo Möller	52b8dad	2007-02-17 06:45:38 +0000	[diff] [blame]	1484	else if (alg_a & SSL_aECDSA)
Bodo Möller	ea26226	2002-08-09 08:56:08 +0000	[diff] [blame]	1485	pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_ECC].x509);
				1486	#endif
				1487	/* else anonymous ECDH, so no certificate or pkey. */
Nils Larsch	9dd8405	2005-05-16 10:11:04 +0000	[diff] [blame]	1488	EC_KEY_set_public_key(ecdh, srvr_ecpoint);
Bodo Möller	ea26226	2002-08-09 08:56:08 +0000	[diff] [blame]	1489	s->session->sess_cert->peer_ecdh_tmp=ecdh;
				1490	ecdh=NULL;
				1491	BN_CTX_free(bn_ctx);
Nils Larsch	9dd8405	2005-05-16 10:11:04 +0000	[diff] [blame]	1492	EC_POINT_free(srvr_ecpoint);
Bodo Möller	ea26226	2002-08-09 08:56:08 +0000	[diff] [blame]	1493	srvr_ecpoint = NULL;
				1494	}
Bodo Möller	52b8dad	2007-02-17 06:45:38 +0000	[diff] [blame]	1495	else if (alg_k)
Bodo Möller	ea26226	2002-08-09 08:56:08 +0000	[diff] [blame]	1496	{
				1497	al=SSL_AD_UNEXPECTED_MESSAGE;
				1498	SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE);
				1499	goto f_err;
				1500	}
				1501	#endif /* !OPENSSL_NO_ECDH */
Ralf S. Engelschall	dfeab06	1998-12-21 11:00:56 +0000	[diff] [blame]	1502
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	1503
				1504	/* p points to the next byte, there are 'n' bytes left */
				1505
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	1506	/* if it was signed, check the signature */
				1507	if (pkey != NULL)
				1508	{
				1509	n2s(p,i);
				1510	n-=2;
				1511	j=EVP_PKEY_size(pkey);
				1512
				1513	if ((i != n) \|\| (n > j) \|\| (n <= 0))
				1514	{
				1515	/* wrong packet length */
Ralf S. Engelschall	58964a4	1998-12-21 10:56:39 +0000	[diff] [blame]	1516	al=SSL_AD_DECODE_ERROR;
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	1517	SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_WRONG_SIGNATURE_LENGTH);
Ralf S. Engelschall	dfeab06	1998-12-21 11:00:56 +0000	[diff] [blame]	1518	goto f_err;
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	1519	}
				1520
Richard Levitte	bc36ee6	2001-02-20 08:13:47 +0000	[diff] [blame]	1521	#ifndef OPENSSL_NO_RSA
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	1522	if (pkey->type == EVP_PKEY_RSA)
				1523	{
				1524	int num;
				1525
				1526	j=0;
				1527	q=md_buf;
				1528	for (num=2; num > 0; num--)
				1529	{
Dr. Stephen Henson	20d2186	2001-10-16 01:24:29 +0000	[diff] [blame]	1530	EVP_DigestInit_ex(&md_ctx,(num == 2)
				1531	?s->ctx->md5:s->ctx->sha1, NULL);
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	1532	EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
				1533	EVP_DigestUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
				1534	EVP_DigestUpdate(&md_ctx,param,param_len);
Dr. Stephen Henson	20d2186	2001-10-16 01:24:29 +0000	[diff] [blame]	1535	EVP_DigestFinal_ex(&md_ctx,q,(unsigned int *)&i);
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	1536	q+=i;
				1537	j+=i;
				1538	}
Dr. Stephen Henson	1c80019	1999-09-18 22:37:44 +0000	[diff] [blame]	1539	i=RSA_verify(NID_md5_sha1, md_buf, j, p, n,
				1540	pkey->pkey.rsa);
				1541	if (i < 0)
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	1542	{
Ralf S. Engelschall	58964a4	1998-12-21 10:56:39 +0000	[diff] [blame]	1543	al=SSL_AD_DECRYPT_ERROR;
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	1544	SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_RSA_DECRYPT);
				1545	goto f_err;
				1546	}
Dr. Stephen Henson	1c80019	1999-09-18 22:37:44 +0000	[diff] [blame]	1547	if (i == 0)
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	1548	{
				1549	/* bad signature */
Ralf S. Engelschall	58964a4	1998-12-21 10:56:39 +0000	[diff] [blame]	1550	al=SSL_AD_DECRYPT_ERROR;
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	1551	SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_SIGNATURE);
				1552	goto f_err;
				1553	}
				1554	}
				1555	else
				1556	#endif
Richard Levitte	bc36ee6	2001-02-20 08:13:47 +0000	[diff] [blame]	1557	#ifndef OPENSSL_NO_DSA
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	1558	if (pkey->type == EVP_PKEY_DSA)
				1559	{
				1560	/* lets do DSS */
Dr. Stephen Henson	20d2186	2001-10-16 01:24:29 +0000	[diff] [blame]	1561	EVP_VerifyInit_ex(&md_ctx,EVP_dss1(), NULL);
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	1562	EVP_VerifyUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
				1563	EVP_VerifyUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
				1564	EVP_VerifyUpdate(&md_ctx,param,param_len);
Dr. Stephen Henson	bab5340	2009-01-07 23:44:27 +0000	[diff] [blame]	1565	if (EVP_VerifyFinal(&md_ctx,p,(int)n,pkey) <= 0)
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	1566	{
				1567	/* bad signature */
Ralf S. Engelschall	58964a4	1998-12-21 10:56:39 +0000	[diff] [blame]	1568	al=SSL_AD_DECRYPT_ERROR;
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	1569	SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_SIGNATURE);
				1570	goto f_err;
				1571	}
				1572	}
				1573	else
				1574	#endif
Bodo Möller	ea26226	2002-08-09 08:56:08 +0000	[diff] [blame]	1575	#ifndef OPENSSL_NO_ECDSA
Bodo Möller	5488bb6	2002-08-12 08:47:41 +0000	[diff] [blame]	1576	if (pkey->type == EVP_PKEY_EC)
Bodo Möller	ea26226	2002-08-09 08:56:08 +0000	[diff] [blame]	1577	{
				1578	/* let's do ECDSA */
				1579	EVP_VerifyInit_ex(&md_ctx,EVP_ecdsa(), NULL);
				1580	EVP_VerifyUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
				1581	EVP_VerifyUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
				1582	EVP_VerifyUpdate(&md_ctx,param,param_len);
Dr. Stephen Henson	bab5340	2009-01-07 23:44:27 +0000	[diff] [blame]	1583	if (EVP_VerifyFinal(&md_ctx,p,(int)n,pkey) <= 0)
Bodo Möller	ea26226	2002-08-09 08:56:08 +0000	[diff] [blame]	1584	{
				1585	/* bad signature */
				1586	al=SSL_AD_DECRYPT_ERROR;
				1587	SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_SIGNATURE);
				1588	goto f_err;
				1589	}
				1590	}
				1591	else
				1592	#endif
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	1593	{
Bodo Möller	5277d7c	2001-03-07 01:19:07 +0000	[diff] [blame]	1594	SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	1595	goto err;
				1596	}
				1597	}
				1598	else
				1599	{
Bodo Möller	52b8dad	2007-02-17 06:45:38 +0000	[diff] [blame]	1600	if (!(alg_a & SSL_aNULL) && !(alg_k & SSL_kPSK))
Nils Larsch	ddac197	2006-03-10 23:06:27 +0000	[diff] [blame]	1601	/* aNULL or kPSK do not need public keys */
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	1602	{
Bodo Möller	5277d7c	2001-03-07 01:19:07 +0000	[diff] [blame]	1603	SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	1604	goto err;
				1605	}
Nils Larsch	ddac197	2006-03-10 23:06:27 +0000	[diff] [blame]	1606	/* still data left over */
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	1607	if (n != 0)
				1608	{
Ralf S. Engelschall	58964a4	1998-12-21 10:56:39 +0000	[diff] [blame]	1609	al=SSL_AD_DECODE_ERROR;
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	1610	SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_EXTRA_DATA_IN_MESSAGE);
				1611	goto f_err;
				1612	}
				1613	}
Dr. Stephen Henson	a8236c8	1999-02-15 21:05:21 +0000	[diff] [blame]	1614	EVP_PKEY_free(pkey);
Ben Laurie	dbad169	2001-07-30 23:57:25 +0000	[diff] [blame]	1615	EVP_MD_CTX_cleanup(&md_ctx);
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	1616	return(1);
				1617	f_err:
				1618	ssl3_send_alert(s,SSL3_AL_FATAL,al);
				1619	err:
Dr. Stephen Henson	a8236c8	1999-02-15 21:05:21 +0000	[diff] [blame]	1620	EVP_PKEY_free(pkey);
Richard Levitte	bc36ee6	2001-02-20 08:13:47 +0000	[diff] [blame]	1621	#ifndef OPENSSL_NO_RSA
Bodo Möller	6b521df	1999-07-12 15:20:08 +0000	[diff] [blame]	1622	if (rsa != NULL)
				1623	RSA_free(rsa);
				1624	#endif
Richard Levitte	bc36ee6	2001-02-20 08:13:47 +0000	[diff] [blame]	1625	#ifndef OPENSSL_NO_DH
Bodo Möller	6b521df	1999-07-12 15:20:08 +0000	[diff] [blame]	1626	if (dh != NULL)
				1627	DH_free(dh);
				1628	#endif
Bodo Möller	ea26226	2002-08-09 08:56:08 +0000	[diff] [blame]	1629	#ifndef OPENSSL_NO_ECDH
				1630	BN_CTX_free(bn_ctx);
				1631	EC_POINT_free(srvr_ecpoint);
				1632	if (ecdh != NULL)
				1633	EC_KEY_free(ecdh);
				1634	#endif
Ben Laurie	dbad169	2001-07-30 23:57:25 +0000	[diff] [blame]	1635	EVP_MD_CTX_cleanup(&md_ctx);
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	1636	return(-1);
				1637	}
				1638
Ben Laurie	36d16f8	2005-04-26 16:02:40 +0000	[diff] [blame]	1639	int ssl3_get_certificate_request(SSL *s)
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	1640	{
				1641	int ok,ret=0;
Ralf S. Engelschall	58964a4	1998-12-21 10:56:39 +0000	[diff] [blame]	1642	unsigned long n,nc,l;
				1643	unsigned int llen,ctype_num,i;
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	1644	X509_NAME *xn=NULL;
Richard Levitte	875a644	2004-03-15 23:15:26 +0000	[diff] [blame]	1645	const unsigned char p,q;
				1646	unsigned char *d;
Ben Laurie	f73e07c	1999-04-12 17:23:57 +0000	[diff] [blame]	1647	STACK_OF(X509_NAME) *ca_sk=NULL;
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	1648
Ben Laurie	36d16f8	2005-04-26 16:02:40 +0000	[diff] [blame]	1649	n=s->method->ssl_get_message(s,
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	1650	SSL3_ST_CR_CERT_REQ_A,
				1651	SSL3_ST_CR_CERT_REQ_B,
				1652	-1,
Lutz Jänicke	c0f5dd0	2001-09-11 13:08:51 +0000	[diff] [blame]	1653	s->max_cert_list,
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	1654	&ok);
				1655
				1656	if (!ok) return((int)n);
				1657
				1658	s->s3->tmp.cert_req=0;
				1659
				1660	if (s->s3->tmp.message_type == SSL3_MT_SERVER_DONE)
				1661	{
				1662	s->s3->tmp.reuse_message=1;
				1663	return(1);
				1664	}
				1665
				1666	if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE_REQUEST)
				1667	{
Ralf S. Engelschall	58964a4	1998-12-21 10:56:39 +0000	[diff] [blame]	1668	ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE);
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	1669	SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_WRONG_MESSAGE_TYPE);
				1670	goto err;
				1671	}
				1672
Ralf S. Engelschall	58964a4	1998-12-21 10:56:39 +0000	[diff] [blame]	1673	/* TLS does not like anon-DH with client cert */
				1674	if (s->version > SSL3_VERSION)
				1675	{
Bodo Möller	52b8dad	2007-02-17 06:45:38 +0000	[diff] [blame]	1676	if (s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL)
Ralf S. Engelschall	58964a4	1998-12-21 10:56:39 +0000	[diff] [blame]	1677	{
				1678	ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE);
				1679	SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER);
				1680	goto err;
				1681	}
				1682	}
				1683
Richard Levitte	875a644	2004-03-15 23:15:26 +0000	[diff] [blame]	1684	p=d=(unsigned char *)s->init_msg;
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	1685
Ben Laurie	f73e07c	1999-04-12 17:23:57 +0000	[diff] [blame]	1686	if ((ca_sk=sk_X509_NAME_new(ca_dn_cmp)) == NULL)
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	1687	{
				1688	SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,ERR_R_MALLOC_FAILURE);
				1689	goto err;
				1690	}
				1691
				1692	/* get the certificate types */
				1693	ctype_num= *(p++);
				1694	if (ctype_num > SSL3_CT_NUMBER)
				1695	ctype_num=SSL3_CT_NUMBER;
				1696	for (i=0; i<ctype_num; i++)
				1697	s->s3->tmp.ctype[i]= p[i];
				1698	p+=ctype_num;
				1699
				1700	/* get the CA RDNs */
				1701	n2s(p,llen);
Ralf S. Engelschall	dfeab06	1998-12-21 11:00:56 +0000	[diff] [blame]	1702	#if 0
				1703	{
				1704	FILE *out;
				1705	out=fopen("/tmp/vsign.der","w");
				1706	fwrite(p,1,llen,out);
				1707	fclose(out);
				1708	}
				1709	#endif
				1710
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	1711	if ((llen+ctype_num+2+1) != n)
				1712	{
Ralf S. Engelschall	58964a4	1998-12-21 10:56:39 +0000	[diff] [blame]	1713	ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR);
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	1714	SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_LENGTH_MISMATCH);
				1715	goto err;
				1716	}
				1717
				1718	for (nc=0; nc<llen; )
				1719	{
				1720	n2s(p,l);
				1721	if ((l+nc+2) > llen)
				1722	{
Ralf S. Engelschall	58964a4	1998-12-21 10:56:39 +0000	[diff] [blame]	1723	if ((s->options & SSL_OP_NETSCAPE_CA_DN_BUG))
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	1724	goto cont; /* netscape bugs */
Ralf S. Engelschall	58964a4	1998-12-21 10:56:39 +0000	[diff] [blame]	1725	ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR);
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	1726	SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_CA_DN_TOO_LONG);
				1727	goto err;
				1728	}
				1729
				1730	q=p;
				1731
				1732	if ((xn=d2i_X509_NAME(NULL,&q,l)) == NULL)
				1733	{
Ulf Möller	657e60f	2000-02-03 23:23:24 +0000	[diff] [blame]	1734	/* If netscape tolerance is on, ignore errors */
Ralf S. Engelschall	58964a4	1998-12-21 10:56:39 +0000	[diff] [blame]	1735	if (s->options & SSL_OP_NETSCAPE_CA_DN_BUG)
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	1736	goto cont;
				1737	else
				1738	{
Ralf S. Engelschall	58964a4	1998-12-21 10:56:39 +0000	[diff] [blame]	1739	ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR);
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	1740	SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,ERR_R_ASN1_LIB);
				1741	goto err;
				1742	}
				1743	}
				1744
				1745	if (q != (p+l))
				1746	{
Ralf S. Engelschall	58964a4	1998-12-21 10:56:39 +0000	[diff] [blame]	1747	ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR);
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	1748	SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_CA_DN_LENGTH_MISMATCH);
				1749	goto err;
				1750	}
Ben Laurie	f73e07c	1999-04-12 17:23:57 +0000	[diff] [blame]	1751	if (!sk_X509_NAME_push(ca_sk,xn))
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	1752	{
				1753	SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,ERR_R_MALLOC_FAILURE);
				1754	goto err;
				1755	}
				1756
				1757	p+=l;
				1758	nc+=l+2;
				1759	}
				1760
				1761	if (0)
				1762	{
				1763	cont:
				1764	ERR_clear_error();
				1765	}
				1766
Ulf Möller	657e60f	2000-02-03 23:23:24 +0000	[diff] [blame]	1767	/* we should setup a certificate to return.... */
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	1768	s->s3->tmp.cert_req=1;
				1769	s->s3->tmp.ctype_num=ctype_num;
				1770	if (s->s3->tmp.ca_names != NULL)
Ben Laurie	f73e07c	1999-04-12 17:23:57 +0000	[diff] [blame]	1771	sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	1772	s->s3->tmp.ca_names=ca_sk;
				1773	ca_sk=NULL;
				1774
				1775	ret=1;
				1776	err:
Ben Laurie	f73e07c	1999-04-12 17:23:57 +0000	[diff] [blame]	1777	if (ca_sk != NULL) sk_X509_NAME_pop_free(ca_sk,X509_NAME_free);
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	1778	return(ret);
				1779	}
				1780
Geoff Thorpe	ccd86b6	2000-06-01 02:36:58 +0000	[diff] [blame]	1781	static int ca_dn_cmp(const X509_NAME * const a, const X509_NAME const *b)
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	1782	{
				1783	return(X509_NAME_cmp(a,b));
				1784	}
Dr. Stephen Henson	6434abb	2007-08-11 23:18:29 +0000	[diff] [blame]	1785	#ifndef OPENSSL_NO_TLSEXT
				1786	int ssl3_get_new_session_ticket(SSL *s)
				1787	{
				1788	int ok,al,ret=0, ticklen;
				1789	long n;
				1790	const unsigned char *p;
				1791	unsigned char *d;
				1792
				1793	n=s->method->ssl_get_message(s,
				1794	SSL3_ST_CR_SESSION_TICKET_A,
				1795	SSL3_ST_CR_SESSION_TICKET_B,
				1796	-1,
				1797	16384,
				1798	&ok);
				1799
				1800	if (!ok)
				1801	return((int)n);
				1802
				1803	if (s->s3->tmp.message_type == SSL3_MT_FINISHED)
				1804	{
				1805	s->s3->tmp.reuse_message=1;
				1806	return(1);
				1807	}
				1808	if (s->s3->tmp.message_type != SSL3_MT_NEWSESSION_TICKET)
				1809	{
				1810	al=SSL_AD_UNEXPECTED_MESSAGE;
				1811	SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,SSL_R_BAD_MESSAGE_TYPE);
				1812	goto f_err;
				1813	}
				1814	if (n < 6)
				1815	{
				1816	/* need at least ticket_lifetime_hint + ticket length */
				1817	al = SSL3_AL_FATAL,SSL_AD_DECODE_ERROR;
				1818	SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,SSL_R_LENGTH_MISMATCH);
				1819	goto f_err;
				1820	}
Dr. Stephen Henson	8025e25	2009-12-08 11:37:40 +0000	[diff] [blame]	1821
Dr. Stephen Henson	6434abb	2007-08-11 23:18:29 +0000	[diff] [blame]	1822	p=d=(unsigned char *)s->init_msg;
				1823	n2l(p, s->session->tlsext_tick_lifetime_hint);
				1824	n2s(p, ticklen);
				1825	/* ticket_lifetime_hint + ticket_length + ticket */
				1826	if (ticklen + 6 != n)
				1827	{
				1828	al = SSL3_AL_FATAL,SSL_AD_DECODE_ERROR;
Bodo Möller	761772d	2007-09-21 06:54:24 +0000	[diff] [blame]	1829	SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,SSL_R_LENGTH_MISMATCH);
Dr. Stephen Henson	6434abb	2007-08-11 23:18:29 +0000	[diff] [blame]	1830	goto f_err;
				1831	}
				1832	if (s->session->tlsext_tick)
				1833	{
				1834	OPENSSL_free(s->session->tlsext_tick);
				1835	s->session->tlsext_ticklen = 0;
				1836	}
				1837	s->session->tlsext_tick = OPENSSL_malloc(ticklen);
				1838	if (!s->session->tlsext_tick)
				1839	{
Bodo Möller	761772d	2007-09-21 06:54:24 +0000	[diff] [blame]	1840	SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,ERR_R_MALLOC_FAILURE);
Dr. Stephen Henson	6434abb	2007-08-11 23:18:29 +0000	[diff] [blame]	1841	goto err;
				1842	}
				1843	memcpy(s->session->tlsext_tick, p, ticklen);
				1844	s->session->tlsext_ticklen = ticklen;
Dr. Stephen Henson	4b4ba6a	2009-10-30 14:06:03 +0000	[diff] [blame]	1845	/* There are two ways to detect a resumed ticket sesion.
				1846	* One is to set an appropriate session ID and then the server
				1847	* must return a match in ServerHello. This allows the normal
				1848	* client session ID matching to work and we know much
				1849	* earlier that the ticket has been accepted.
				1850	*
				1851	* The other way is to set zero length session ID when the
				1852	* ticket is presented and rely on the handshake to determine
				1853	* session resumption.
				1854	*
				1855	* We choose the former approach because this fits in with
				1856	* assumptions elsewhere in OpenSSL. The session ID is set
				1857	* to the SHA256 (or SHA1 is SHA256 is disabled) hash of the
				1858	* ticket.
				1859	*/
				1860	EVP_Digest(p, ticklen,
				1861	s->session->session_id, &s->session->session_id_length,
				1862	#ifndef OPENSSL_NO_SHA256
				1863	EVP_sha256(), NULL);
				1864	#else
				1865	EVP_sha1(), NULL);
				1866	#endif
Dr. Stephen Henson	6434abb	2007-08-11 23:18:29 +0000	[diff] [blame]	1867	ret=1;
				1868	return(ret);
				1869	f_err:
				1870	ssl3_send_alert(s,SSL3_AL_FATAL,al);
				1871	err:
				1872	return(-1);
				1873	}
Dr. Stephen Henson	67c8e7f	2007-09-26 21:56:59 +0000	[diff] [blame]	1874
				1875	int ssl3_get_cert_status(SSL *s)
				1876	{
				1877	int ok, al;
Andy Polyakov	aff686d	2008-01-05 21:35:34 +0000	[diff] [blame]	1878	unsigned long resplen,n;
Dr. Stephen Henson	67c8e7f	2007-09-26 21:56:59 +0000	[diff] [blame]	1879	const unsigned char *p;
				1880
				1881	n=s->method->ssl_get_message(s,
				1882	SSL3_ST_CR_CERT_STATUS_A,
				1883	SSL3_ST_CR_CERT_STATUS_B,
				1884	SSL3_MT_CERTIFICATE_STATUS,
				1885	16384,
				1886	&ok);
				1887
				1888	if (!ok) return((int)n);
				1889	if (n < 4)
				1890	{
				1891	/* need at least status type + length */
				1892	al = SSL_AD_DECODE_ERROR;
				1893	SSLerr(SSL_F_SSL3_GET_CERT_STATUS,SSL_R_LENGTH_MISMATCH);
				1894	goto f_err;
				1895	}
				1896	p = (unsigned char *)s->init_msg;
				1897	if (*p++ != TLSEXT_STATUSTYPE_ocsp)
				1898	{
				1899	al = SSL_AD_DECODE_ERROR;
				1900	SSLerr(SSL_F_SSL3_GET_CERT_STATUS,SSL_R_UNSUPPORTED_STATUS_TYPE);
				1901	goto f_err;
				1902	}
				1903	n2l3(p, resplen);
				1904	if (resplen + 4 != n)
				1905	{
				1906	al = SSL_AD_DECODE_ERROR;
				1907	SSLerr(SSL_F_SSL3_GET_CERT_STATUS,SSL_R_LENGTH_MISMATCH);
				1908	goto f_err;
				1909	}
				1910	if (s->tlsext_ocsp_resp)
				1911	OPENSSL_free(s->tlsext_ocsp_resp);
				1912	s->tlsext_ocsp_resp = BUF_memdup(p, resplen);
				1913	if (!s->tlsext_ocsp_resp)
				1914	{
				1915	al = SSL_AD_INTERNAL_ERROR;
				1916	SSLerr(SSL_F_SSL3_GET_CERT_STATUS,ERR_R_MALLOC_FAILURE);
				1917	goto f_err;
				1918	}
				1919	s->tlsext_ocsp_resplen = resplen;
				1920	if (s->ctx->tlsext_status_cb)
				1921	{
				1922	int ret;
				1923	ret = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg);
				1924	if (ret == 0)
				1925	{
				1926	al = SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE;
				1927	SSLerr(SSL_F_SSL3_GET_CERT_STATUS,SSL_R_INVALID_STATUS_RESPONSE);
				1928	goto f_err;
				1929	}
				1930	if (ret < 0)
				1931	{
				1932	al = SSL_AD_INTERNAL_ERROR;
				1933	SSLerr(SSL_F_SSL3_GET_CERT_STATUS,ERR_R_MALLOC_FAILURE);
				1934	goto f_err;
				1935	}
				1936	}
				1937	return 1;
				1938	f_err:
				1939	ssl3_send_alert(s,SSL3_AL_FATAL,al);
				1940	return(-1);
				1941	}
Dr. Stephen Henson	6434abb	2007-08-11 23:18:29 +0000	[diff] [blame]	1942	#endif
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	1943
Ben Laurie	36d16f8	2005-04-26 16:02:40 +0000	[diff] [blame]	1944	int ssl3_get_server_done(SSL *s)
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	1945	{
				1946	int ok,ret=0;
				1947	long n;
				1948
Ben Laurie	36d16f8	2005-04-26 16:02:40 +0000	[diff] [blame]	1949	n=s->method->ssl_get_message(s,
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	1950	SSL3_ST_CR_SRVR_DONE_A,
				1951	SSL3_ST_CR_SRVR_DONE_B,
				1952	SSL3_MT_SERVER_DONE,
				1953	30, /* should be very small, like 0 :-) */
				1954	&ok);
				1955
				1956	if (!ok) return((int)n);
				1957	if (n > 0)
				1958	{
				1959	/* should contain no data */
Ralf S. Engelschall	58964a4	1998-12-21 10:56:39 +0000	[diff] [blame]	1960	ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR);
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	1961	SSLerr(SSL_F_SSL3_GET_SERVER_DONE,SSL_R_LENGTH_MISMATCH);
Bodo Möller	c59ba5b	2002-01-14 12:37:59 +0000	[diff] [blame]	1962	return -1;
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	1963	}
				1964	ret=1;
				1965	return(ret);
				1966	}
				1967
Bodo Möller	176f31d	2003-02-28 15:37:10 +0000	[diff] [blame]	1968
Ben Laurie	36d16f8	2005-04-26 16:02:40 +0000	[diff] [blame]	1969	int ssl3_send_client_key_exchange(SSL *s)
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	1970	{
Ulf Möller	79df9d6	1999-04-27 03:19:12 +0000	[diff] [blame]	1971	unsigned char p,d;
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	1972	int n;
Bodo Möller	52b8dad	2007-02-17 06:45:38 +0000	[diff] [blame]	1973	unsigned long alg_k;
Richard Levitte	bc36ee6	2001-02-20 08:13:47 +0000	[diff] [blame]	1974	#ifndef OPENSSL_NO_RSA
Ulf Möller	79df9d6	1999-04-27 03:19:12 +0000	[diff] [blame]	1975	unsigned char *q;
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	1976	EVP_PKEY *pkey=NULL;
Ulf Möller	79df9d6	1999-04-27 03:19:12 +0000	[diff] [blame]	1977	#endif
Richard Levitte	bc36ee6	2001-02-20 08:13:47 +0000	[diff] [blame]	1978	#ifndef OPENSSL_NO_KRB5
Bodo Möller	5737654	2003-02-28 15:07:10 +0000	[diff] [blame]	1979	KSSL_ERR kssl_err;
Richard Levitte	bc36ee6	2001-02-20 08:13:47 +0000	[diff] [blame]	1980	#endif /* OPENSSL_NO_KRB5 */
Bodo Möller	ea26226	2002-08-09 08:56:08 +0000	[diff] [blame]	1981	#ifndef OPENSSL_NO_ECDH
				1982	EC_KEY *clnt_ecdh = NULL;
Nils Larsch	9dd8405	2005-05-16 10:11:04 +0000	[diff] [blame]	1983	const EC_POINT *srvr_ecpoint = NULL;
Bodo Möller	ea26226	2002-08-09 08:56:08 +0000	[diff] [blame]	1984	EVP_PKEY *srvr_pub_pkey = NULL;
				1985	unsigned char *encodedPoint = NULL;
				1986	int encoded_pt_len = 0;
				1987	BN_CTX * bn_ctx = NULL;
				1988	#endif
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	1989
				1990	if (s->state == SSL3_ST_CW_KEY_EXCH_A)
				1991	{
				1992	d=(unsigned char *)s->init_buf->data;
				1993	p= &(d[4]);
				1994
Bodo Möller	52b8dad	2007-02-17 06:45:38 +0000	[diff] [blame]	1995	alg_k=s->s3->tmp.new_cipher->algorithm_mkey;
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	1996
Bodo Möller	5737654	2003-02-28 15:07:10 +0000	[diff] [blame]	1997	/* Fool emacs indentation */
				1998	if (0) {}
Richard Levitte	bc36ee6	2001-02-20 08:13:47 +0000	[diff] [blame]	1999	#ifndef OPENSSL_NO_RSA
Bodo Möller	52b8dad	2007-02-17 06:45:38 +0000	[diff] [blame]	2000	else if (alg_k & SSL_kRSA)
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	2001	{
				2002	RSA *rsa;
Ralf S. Engelschall	dfeab06	1998-12-21 11:00:56 +0000	[diff] [blame]	2003	unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	2004
Bodo Möller	b56bce4	1999-05-13 15:09:38 +0000	[diff] [blame]	2005	if (s->session->sess_cert->peer_rsa_tmp != NULL)
				2006	rsa=s->session->sess_cert->peer_rsa_tmp;
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	2007	else
				2008	{
Bodo Möller	b56bce4	1999-05-13 15:09:38 +0000	[diff] [blame]	2009	pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	2010	if ((pkey == NULL) \|\|
				2011	(pkey->type != EVP_PKEY_RSA) \|\|
				2012	(pkey->pkey.rsa == NULL))
				2013	{
Bodo Möller	5277d7c	2001-03-07 01:19:07 +0000	[diff] [blame]	2014	SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	2015	goto err;
				2016	}
				2017	rsa=pkey->pkey.rsa;
Bodo Möller	5059658	1999-07-12 17:15:42 +0000	[diff] [blame]	2018	EVP_PKEY_free(pkey);
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	2019	}
				2020
Mark J. Cox	413c4f4	1999-02-16 09:22:21 +0000	[diff] [blame]	2021	tmp_buf[0]=s->client_version>>8;
				2022	tmp_buf[1]=s->client_version&0xff;
Ben Laurie	54a656e	2002-11-13 15:43:43 +0000	[diff] [blame]	2023	if (RAND_bytes(&(tmp_buf[2]),sizeof tmp_buf-2) <= 0)
Ulf Möller	e7f97e2	2000-01-21 01:15:56 +0000	[diff] [blame]	2024	goto err;
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	2025
Ben Laurie	54a656e	2002-11-13 15:43:43 +0000	[diff] [blame]	2026	s->session->master_key_length=sizeof tmp_buf;
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	2027
Ralf S. Engelschall	58964a4	1998-12-21 10:56:39 +0000	[diff] [blame]	2028	q=p;
				2029	/* Fix buf for TLS and beyond */
				2030	if (s->version > SSL3_VERSION)
				2031	p+=2;
Ben Laurie	54a656e	2002-11-13 15:43:43 +0000	[diff] [blame]	2032	n=RSA_public_encrypt(sizeof tmp_buf,
Ralf S. Engelschall	58964a4	1998-12-21 10:56:39 +0000	[diff] [blame]	2033	tmp_buf,p,rsa,RSA_PKCS1_PADDING);
Ralf S. Engelschall	dfeab06	1998-12-21 11:00:56 +0000	[diff] [blame]	2034	#ifdef PKCS1_CHECK
				2035	if (s->options & SSL_OP_PKCS1_CHECK_1) p[1]++;
				2036	if (s->options & SSL_OP_PKCS1_CHECK_2) tmp_buf[0]=0x70;
				2037	#endif
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	2038	if (n <= 0)
				2039	{
				2040	SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_ENCRYPT);
				2041	goto err;
				2042	}
				2043
Ralf S. Engelschall	58964a4	1998-12-21 10:56:39 +0000	[diff] [blame]	2044	/* Fix buf for TLS and beyond */
				2045	if (s->version > SSL3_VERSION)
				2046	{
				2047	s2n(n,q);
				2048	n+=2;
				2049	}
				2050
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	2051	s->session->master_key_length=
Ralf S. Engelschall	58964a4	1998-12-21 10:56:39 +0000	[diff] [blame]	2052	s->method->ssl3_enc->generate_master_secret(s,
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	2053	s->session->master_key,
Ben Laurie	54a656e	2002-11-13 15:43:43 +0000	[diff] [blame]	2054	tmp_buf,sizeof tmp_buf);
Richard Levitte	4579924	2002-11-28 08:04:36 +0000	[diff] [blame]	2055	OPENSSL_cleanse(tmp_buf,sizeof tmp_buf);
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	2056	}
Richard Levitte	f9b3bff	2000-11-30 22:53:34 +0000	[diff] [blame]	2057	#endif
Richard Levitte	bc36ee6	2001-02-20 08:13:47 +0000	[diff] [blame]	2058	#ifndef OPENSSL_NO_KRB5
Bodo Möller	52b8dad	2007-02-17 06:45:38 +0000	[diff] [blame]	2059	else if (alg_k & SSL_kKRB5)
Bodo Möller	5737654	2003-02-28 15:07:10 +0000	[diff] [blame]	2060	{
				2061	krb5_error_code krb5rc;
				2062	KSSL_CTX *kssl_ctx = s->kssl_ctx;
				2063	/* krb5_data krb5_ap_req; */
				2064	krb5_data *enc_ticket;
				2065	krb5_data authenticator, *authp = NULL;
Richard Levitte	2a1ef75	2001-07-09 21:46:58 +0000	[diff] [blame]	2066	EVP_CIPHER_CTX ciph_ctx;
Dr. Stephen Henson	ef236ec	2009-04-23 16:32:42 +0000	[diff] [blame]	2067	const EVP_CIPHER *enc = NULL;
Richard Levitte	2a1ef75	2001-07-09 21:46:58 +0000	[diff] [blame]	2068	unsigned char iv[EVP_MAX_IV_LENGTH];
				2069	unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
				2070	unsigned char epms[SSL_MAX_MASTER_KEY_LENGTH
				2071	+ EVP_MAX_IV_LENGTH];
				2072	int padl, outl = sizeof(epms);
Richard Levitte	f9b3bff	2000-11-30 22:53:34 +0000	[diff] [blame]	2073
Dr. Stephen Henson	de941e2	2002-03-14 18:22:23 +0000	[diff] [blame]	2074	EVP_CIPHER_CTX_init(&ciph_ctx);
				2075
Richard Levitte	f9b3bff	2000-11-30 22:53:34 +0000	[diff] [blame]	2076	#ifdef KSSL_DEBUG
Bodo Möller	5737654	2003-02-28 15:07:10 +0000	[diff] [blame]	2077	printf("ssl3_send_client_key_exchange(%lx & %lx)\n",
Bodo Möller	7e69565	2007-02-19 14:53:18 +0000	[diff] [blame]	2078	alg_k, SSL_kKRB5);
Richard Levitte	f9b3bff	2000-11-30 22:53:34 +0000	[diff] [blame]	2079	#endif /* KSSL_DEBUG */
				2080
Richard Levitte	2a1ef75	2001-07-09 21:46:58 +0000	[diff] [blame]	2081	authp = NULL;
				2082	#ifdef KRB5SENDAUTH
				2083	if (KRB5SENDAUTH) authp = &authenticator;
				2084	#endif /* KRB5SENDAUTH */
				2085
Bodo Möller	5737654	2003-02-28 15:07:10 +0000	[diff] [blame]	2086	krb5rc = kssl_cget_tkt(kssl_ctx, &enc_ticket, authp,
Richard Levitte	2a1ef75	2001-07-09 21:46:58 +0000	[diff] [blame]	2087	&kssl_err);
				2088	enc = kssl_map_enc(kssl_ctx->enctype);
Bodo Möller	5737654	2003-02-28 15:07:10 +0000	[diff] [blame]	2089	if (enc == NULL)
				2090	goto err;
Richard Levitte	f9b3bff	2000-11-30 22:53:34 +0000	[diff] [blame]	2091	#ifdef KSSL_DEBUG
Bodo Möller	5737654	2003-02-28 15:07:10 +0000	[diff] [blame]	2092	{
				2093	printf("kssl_cget_tkt rtn %d\n", krb5rc);
				2094	if (krb5rc && kssl_err.text)
Richard Levitte	2a1ef75	2001-07-09 21:46:58 +0000	[diff] [blame]	2095	printf("kssl_cget_tkt kssl_err=%s\n", kssl_err.text);
Bodo Möller	5737654	2003-02-28 15:07:10 +0000	[diff] [blame]	2096	}
Richard Levitte	f9b3bff	2000-11-30 22:53:34 +0000	[diff] [blame]	2097	#endif /* KSSL_DEBUG */
				2098
Bodo Möller	5737654	2003-02-28 15:07:10 +0000	[diff] [blame]	2099	if (krb5rc)
				2100	{
				2101	ssl3_send_alert(s,SSL3_AL_FATAL,
Richard Levitte	2a1ef75	2001-07-09 21:46:58 +0000	[diff] [blame]	2102	SSL_AD_HANDSHAKE_FAILURE);
Bodo Möller	5737654	2003-02-28 15:07:10 +0000	[diff] [blame]	2103	SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
Richard Levitte	2a1ef75	2001-07-09 21:46:58 +0000	[diff] [blame]	2104	kssl_err.reason);
Bodo Möller	5737654	2003-02-28 15:07:10 +0000	[diff] [blame]	2105	goto err;
				2106	}
Richard Levitte	f9b3bff	2000-11-30 22:53:34 +0000	[diff] [blame]	2107
Richard Levitte	2a1ef75	2001-07-09 21:46:58 +0000	[diff] [blame]	2108	/* 20010406 VRS - Earlier versions used KRB5 AP_REQ
				2109	** in place of RFC 2712 KerberosWrapper, as in:
				2110	**
Bodo Möller	5737654	2003-02-28 15:07:10 +0000	[diff] [blame]	2111	** Send ticket (copy to *p, set n = length)
				2112	** n = krb5_ap_req.length;
				2113	** memcpy(p, krb5_ap_req.data, krb5_ap_req.length);
				2114	** if (krb5_ap_req.data)
				2115	** kssl_krb5_free_data_contents(NULL,&krb5_ap_req);
				2116	**
Richard Levitte	2a1ef75	2001-07-09 21:46:58 +0000	[diff] [blame]	2117	** Now using real RFC 2712 KerberosWrapper
				2118	** (Thanks to Simon Wilkinson <sxw@sxw.org.uk>)
				2119	** Note: 2712 "opaque" types are here replaced
				2120	** with a 2-byte length followed by the value.
				2121	** Example:
				2122	** KerberosWrapper= xx xx asn1ticket 0 0 xx xx encpms
				2123	** Where "xx xx" = length bytes. Shown here with
				2124	** optional authenticator omitted.
				2125	*/
Richard Levitte	f9b3bff	2000-11-30 22:53:34 +0000	[diff] [blame]	2126
Richard Levitte	2a1ef75	2001-07-09 21:46:58 +0000	[diff] [blame]	2127	/* KerberosWrapper.Ticket */
				2128	s2n(enc_ticket->length,p);
				2129	memcpy(p, enc_ticket->data, enc_ticket->length);
				2130	p+= enc_ticket->length;
				2131	n = enc_ticket->length + 2;
				2132
				2133	/* KerberosWrapper.Authenticator */
				2134	if (authp && authp->length)
				2135	{
				2136	s2n(authp->length,p);
				2137	memcpy(p, authp->data, authp->length);
				2138	p+= authp->length;
				2139	n+= authp->length + 2;
				2140
				2141	free(authp->data);
				2142	authp->data = NULL;
				2143	authp->length = 0;
				2144	}
				2145	else
				2146	{
				2147	s2n(0,p);/* null authenticator length */
				2148	n+=2;
				2149	}
				2150
Richard Levitte	cbb92df	2006-09-28 12:22:58 +0000	[diff] [blame]	2151	tmp_buf[0]=s->client_version>>8;
				2152	tmp_buf[1]=s->client_version&0xff;
				2153	if (RAND_bytes(&(tmp_buf[2]),sizeof tmp_buf-2) <= 0)
				2154	goto err;
Richard Levitte	2a1ef75	2001-07-09 21:46:58 +0000	[diff] [blame]	2155
				2156	/* 20010420 VRS. Tried it this way; failed.
Dr. Stephen Henson	581f1c8	2001-10-17 00:37:12 +0000	[diff] [blame]	2157	** EVP_EncryptInit_ex(&ciph_ctx,enc, NULL,NULL);
Richard Levitte	2a1ef75	2001-07-09 21:46:58 +0000	[diff] [blame]	2158	** EVP_CIPHER_CTX_set_key_length(&ciph_ctx,
				2159	** kssl_ctx->length);
Dr. Stephen Henson	581f1c8	2001-10-17 00:37:12 +0000	[diff] [blame]	2160	** EVP_EncryptInit_ex(&ciph_ctx,NULL, key,iv);
Richard Levitte	2a1ef75	2001-07-09 21:46:58 +0000	[diff] [blame]	2161	*/
				2162
Ben Laurie	54a656e	2002-11-13 15:43:43 +0000	[diff] [blame]	2163	memset(iv, 0, sizeof iv); /* per RFC 1510 */
Richard Levitte	7beb408	2001-10-17 16:03:42 +0000	[diff] [blame]	2164	EVP_EncryptInit_ex(&ciph_ctx,enc, NULL,
				2165	kssl_ctx->key,iv);
Richard Levitte	2a1ef75	2001-07-09 21:46:58 +0000	[diff] [blame]	2166	EVP_EncryptUpdate(&ciph_ctx,epms,&outl,tmp_buf,
Ben Laurie	54a656e	2002-11-13 15:43:43 +0000	[diff] [blame]	2167	sizeof tmp_buf);
Dr. Stephen Henson	581f1c8	2001-10-17 00:37:12 +0000	[diff] [blame]	2168	EVP_EncryptFinal_ex(&ciph_ctx,&(epms[outl]),&padl);
Richard Levitte	2a1ef75	2001-07-09 21:46:58 +0000	[diff] [blame]	2169	outl += padl;
Dr. Stephen Henson	ef236ec	2009-04-23 16:32:42 +0000	[diff] [blame]	2170	if (outl > (int)sizeof epms)
Bodo Möller	5574e0e	2002-08-02 11:48:15 +0000	[diff] [blame]	2171	{
				2172	SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
				2173	goto err;
				2174	}
Richard Levitte	2a1ef75	2001-07-09 21:46:58 +0000	[diff] [blame]	2175	EVP_CIPHER_CTX_cleanup(&ciph_ctx);
				2176
				2177	/* KerberosWrapper.EncryptedPreMasterSecret */
				2178	s2n(outl,p);
				2179	memcpy(p, epms, outl);
				2180	p+=outl;
				2181	n+=outl + 2;
				2182
Bodo Möller	5737654	2003-02-28 15:07:10 +0000	[diff] [blame]	2183	s->session->master_key_length=
Bodo Möller	52b8dad	2007-02-17 06:45:38 +0000	[diff] [blame]	2184	s->method->ssl3_enc->generate_master_secret(s,
Richard Levitte	2a1ef75	2001-07-09 21:46:58 +0000	[diff] [blame]	2185	s->session->master_key,
Ben Laurie	54a656e	2002-11-13 15:43:43 +0000	[diff] [blame]	2186	tmp_buf, sizeof tmp_buf);
Richard Levitte	2a1ef75	2001-07-09 21:46:58 +0000	[diff] [blame]	2187
Richard Levitte	4579924	2002-11-28 08:04:36 +0000	[diff] [blame]	2188	OPENSSL_cleanse(tmp_buf, sizeof tmp_buf);
				2189	OPENSSL_cleanse(epms, outl);
Bodo Möller	5737654	2003-02-28 15:07:10 +0000	[diff] [blame]	2190	}
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	2191	#endif
Richard Levitte	bc36ee6	2001-02-20 08:13:47 +0000	[diff] [blame]	2192	#ifndef OPENSSL_NO_DH
Bodo Möller	52b8dad	2007-02-17 06:45:38 +0000	[diff] [blame]	2193	else if (alg_k & (SSL_kEDH\|SSL_kDHr\|SSL_kDHd))
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	2194	{
				2195	DH dh_srvr,dh_clnt;
				2196
Bodo Möller	e194fe8	2008-05-28 22:17:34 +0000	[diff] [blame]	2197	if (s->session->sess_cert == NULL)
				2198	{
				2199	ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE);
				2200	SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE);
				2201	goto err;
				2202	}
				2203
Bodo Möller	b56bce4	1999-05-13 15:09:38 +0000	[diff] [blame]	2204	if (s->session->sess_cert->peer_dh_tmp != NULL)
				2205	dh_srvr=s->session->sess_cert->peer_dh_tmp;
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	2206	else
				2207	{
				2208	/* we get them from the cert */
Ralf S. Engelschall	58964a4	1998-12-21 10:56:39 +0000	[diff] [blame]	2209	ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE);
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	2210	SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNABLE_TO_FIND_DH_PARAMETERS);
				2211	goto err;
				2212	}
				2213
				2214	/* generate a new random key */
				2215	if ((dh_clnt=DHparams_dup(dh_srvr)) == NULL)
				2216	{
				2217	SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB);
				2218	goto err;
				2219	}
				2220	if (!DH_generate_key(dh_clnt))
				2221	{
				2222	SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB);
				2223	goto err;
				2224	}
				2225
				2226	/* use the 'p' output buffer for the DH key, but
				2227	* make sure to clear it out afterwards */
Ralf S. Engelschall	58964a4	1998-12-21 10:56:39 +0000	[diff] [blame]	2228
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	2229	n=DH_compute_key(p,dh_srvr->pub_key,dh_clnt);
Ralf S. Engelschall	58964a4	1998-12-21 10:56:39 +0000	[diff] [blame]	2230
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	2231	if (n <= 0)
				2232	{
				2233	SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB);
				2234	goto err;
				2235	}
				2236
				2237	/* generate master key from the result */
				2238	s->session->master_key_length=
Ralf S. Engelschall	58964a4	1998-12-21 10:56:39 +0000	[diff] [blame]	2239	s->method->ssl3_enc->generate_master_secret(s,
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	2240	s->session->master_key,p,n);
				2241	/* clean up */
				2242	memset(p,0,n);
				2243
				2244	/* send off the data */
				2245	n=BN_num_bytes(dh_clnt->pub_key);
				2246	s2n(n,p);
				2247	BN_bn2bin(dh_clnt->pub_key,p);
				2248	n+=2;
				2249
				2250	DH_free(dh_clnt);
				2251
				2252	/* perhaps clean things up a bit EAY EAY EAY EAY*/
				2253	}
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	2254	#endif
Bodo Möller	ea26226	2002-08-09 08:56:08 +0000	[diff] [blame]	2255
				2256	#ifndef OPENSSL_NO_ECDH
Bodo Möller	52b8dad	2007-02-17 06:45:38 +0000	[diff] [blame]	2257	else if (alg_k & (SSL_kEECDH\|SSL_kECDHr\|SSL_kECDHe))
Bodo Möller	ea26226	2002-08-09 08:56:08 +0000	[diff] [blame]	2258	{
Nils Larsch	9dd8405	2005-05-16 10:11:04 +0000	[diff] [blame]	2259	const EC_GROUP *srvr_group = NULL;
				2260	EC_KEY *tkey;
Bodo Möller	ea26226	2002-08-09 08:56:08 +0000	[diff] [blame]	2261	int ecdh_clnt_cert = 0;
Bodo Möller	968766c	2003-07-22 12:34:21 +0000	[diff] [blame]	2262	int field_size = 0;
Bodo Möller	ea26226	2002-08-09 08:56:08 +0000	[diff] [blame]	2263
				2264	/* Did we send out the client's
				2265	* ECDH share for use in premaster
				2266	* computation as part of client certificate?
				2267	* If so, set ecdh_clnt_cert to 1.
				2268	*/
Bodo Möller	52b8dad	2007-02-17 06:45:38 +0000	[diff] [blame]	2269	if ((alg_k & (SSL_kECDHr\|SSL_kECDHe)) && (s->cert != NULL))
Bodo Möller	ea26226	2002-08-09 08:56:08 +0000	[diff] [blame]	2270	{
				2271	/* XXX: For now, we do not support client
				2272	* authentication using ECDH certificates.
				2273	* To add such support, one needs to add
				2274	* code that checks for appropriate
				2275	* conditions and sets ecdh_clnt_cert to 1.
				2276	* For example, the cert have an ECC
				2277	* key on the same curve as the server's
				2278	* and the key should be authorized for
				2279	* key agreement.
				2280	*
				2281	* One also needs to add code in ssl3_connect
				2282	* to skip sending the certificate verify
				2283	* message.
				2284	*
				2285	* if ((s->cert->key->privatekey != NULL) &&
				2286	* (s->cert->key->privatekey->type ==
Bodo Möller	0c7141a	2002-08-12 08:51:30 +0000	[diff] [blame]	2287	* EVP_PKEY_EC) && ...)
Bodo Möller	ea26226	2002-08-09 08:56:08 +0000	[diff] [blame]	2288	* ecdh_clnt_cert = 1;
				2289	*/
				2290	}
				2291
				2292	if (s->session->sess_cert->peer_ecdh_tmp != NULL)
				2293	{
Nils Larsch	9dd8405	2005-05-16 10:11:04 +0000	[diff] [blame]	2294	tkey = s->session->sess_cert->peer_ecdh_tmp;
Bodo Möller	ea26226	2002-08-09 08:56:08 +0000	[diff] [blame]	2295	}
				2296	else
				2297	{
				2298	/* Get the Server Public Key from Cert */
				2299	srvr_pub_pkey = X509_get_pubkey(s->session-> \
				2300	sess_cert->peer_pkeys[SSL_PKEY_ECC].x509);
				2301	if ((srvr_pub_pkey == NULL) \|\|
Bodo Möller	5488bb6	2002-08-12 08:47:41 +0000	[diff] [blame]	2302	(srvr_pub_pkey->type != EVP_PKEY_EC) \|\|
Nils Larsch	9dd8405	2005-05-16 10:11:04 +0000	[diff] [blame]	2303	(srvr_pub_pkey->pkey.ec == NULL))
Bodo Möller	ea26226	2002-08-09 08:56:08 +0000	[diff] [blame]	2304	{
				2305	SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
				2306	ERR_R_INTERNAL_ERROR);
				2307	goto err;
				2308	}
				2309
Nils Larsch	9dd8405	2005-05-16 10:11:04 +0000	[diff] [blame]	2310	tkey = srvr_pub_pkey->pkey.ec;
Bodo Möller	ea26226	2002-08-09 08:56:08 +0000	[diff] [blame]	2311	}
				2312
Nils Larsch	9dd8405	2005-05-16 10:11:04 +0000	[diff] [blame]	2313	srvr_group = EC_KEY_get0_group(tkey);
				2314	srvr_ecpoint = EC_KEY_get0_public_key(tkey);
				2315
Bodo Möller	ea26226	2002-08-09 08:56:08 +0000	[diff] [blame]	2316	if ((srvr_group == NULL) \|\| (srvr_ecpoint == NULL))
				2317	{
				2318	SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
				2319	ERR_R_INTERNAL_ERROR);
				2320	goto err;
				2321	}
				2322
				2323	if ((clnt_ecdh=EC_KEY_new()) == NULL)
				2324	{
				2325	SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
				2326	goto err;
				2327	}
				2328
Nils Larsch	9dd8405	2005-05-16 10:11:04 +0000	[diff] [blame]	2329	if (!EC_KEY_set_group(clnt_ecdh, srvr_group))
				2330	{
				2331	SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_EC_LIB);
				2332	goto err;
				2333	}
Bodo Möller	ea26226	2002-08-09 08:56:08 +0000	[diff] [blame]	2334	if (ecdh_clnt_cert)
				2335	{
Bodo Möller	5737654	2003-02-28 15:07:10 +0000	[diff] [blame]	2336	/* Reuse key info from our certificate
Bodo Möller	ea26226	2002-08-09 08:56:08 +0000	[diff] [blame]	2337	* We only need our private key to perform
				2338	* the ECDH computation.
				2339	*/
Nils Larsch	9dd8405	2005-05-16 10:11:04 +0000	[diff] [blame]	2340	const BIGNUM *priv_key;
				2341	tkey = s->cert->key->privatekey->pkey.ec;
				2342	priv_key = EC_KEY_get0_private_key(tkey);
				2343	if (priv_key == NULL)
				2344	{
				2345	SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
				2346	goto err;
				2347	}
				2348	if (!EC_KEY_set_private_key(clnt_ecdh, priv_key))
				2349	{
				2350	SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_EC_LIB);
				2351	goto err;
				2352	}
Bodo Möller	ea26226	2002-08-09 08:56:08 +0000	[diff] [blame]	2353	}
				2354	else
				2355	{
				2356	/* Generate a new ECDH key pair */
				2357	if (!(EC_KEY_generate_key(clnt_ecdh)))
				2358	{
				2359	SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_ECDH_LIB);
				2360	goto err;
				2361	}
				2362	}
				2363
Bodo Möller	5737654	2003-02-28 15:07:10 +0000	[diff] [blame]	2364	/* use the 'p' output buffer for the ECDH key, but
				2365	* make sure to clear it out afterwards
Bodo Möller	ea26226	2002-08-09 08:56:08 +0000	[diff] [blame]	2366	*/
				2367
Nils Larsch	9dd8405	2005-05-16 10:11:04 +0000	[diff] [blame]	2368	field_size = EC_GROUP_get_degree(srvr_group);
Bodo Möller	968766c	2003-07-22 12:34:21 +0000	[diff] [blame]	2369	if (field_size <= 0)
				2370	{
				2371	SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
				2372	ERR_R_ECDH_LIB);
				2373	goto err;
				2374	}
Bodo Möller	d56349a	2005-12-13 07:33:35 +0000	[diff] [blame]	2375	n=ECDH_compute_key(p, (field_size+7)/8, srvr_ecpoint, clnt_ecdh, NULL);
Bodo Möller	ea26226	2002-08-09 08:56:08 +0000	[diff] [blame]	2376	if (n <= 0)
Bodo Möller	5737654	2003-02-28 15:07:10 +0000	[diff] [blame]	2377	{
				2378	SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
Bodo Möller	ea26226	2002-08-09 08:56:08 +0000	[diff] [blame]	2379	ERR_R_ECDH_LIB);
Bodo Möller	5737654	2003-02-28 15:07:10 +0000	[diff] [blame]	2380	goto err;
Bodo Möller	ea26226	2002-08-09 08:56:08 +0000	[diff] [blame]	2381	}
				2382
Bodo Möller	5737654	2003-02-28 15:07:10 +0000	[diff] [blame]	2383	/* generate master key from the result */
				2384	s->session->master_key_length = s->method->ssl3_enc \
Bodo Möller	ea26226	2002-08-09 08:56:08 +0000	[diff] [blame]	2385	-> generate_master_secret(s,
				2386	s->session->master_key,
				2387	p, n);
				2388
Bodo Möller	5737654	2003-02-28 15:07:10 +0000	[diff] [blame]	2389	memset(p, 0, n); /* clean up */
Bodo Möller	ea26226	2002-08-09 08:56:08 +0000	[diff] [blame]	2390
				2391	if (ecdh_clnt_cert)
				2392	{
				2393	/* Send empty client key exch message */
				2394	n = 0;
				2395	}
				2396	else
				2397	{
				2398	/* First check the size of encoding and
				2399	* allocate memory accordingly.
				2400	*/
				2401	encoded_pt_len =
Nils Larsch	9dd8405	2005-05-16 10:11:04 +0000	[diff] [blame]	2402	EC_POINT_point2oct(srvr_group,
				2403	EC_KEY_get0_public_key(clnt_ecdh),
Bodo Möller	ea26226	2002-08-09 08:56:08 +0000	[diff] [blame]	2404	POINT_CONVERSION_UNCOMPRESSED,
				2405	NULL, 0, NULL);
				2406
				2407	encodedPoint = (unsigned char *)
				2408	OPENSSL_malloc(encoded_pt_len *
				2409	sizeof(unsigned char));
				2410	bn_ctx = BN_CTX_new();
				2411	if ((encodedPoint == NULL) \|\|
				2412	(bn_ctx == NULL))
				2413	{
				2414	SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
				2415	goto err;
				2416	}
				2417
				2418	/* Encode the public key */
Nils Larsch	9dd8405	2005-05-16 10:11:04 +0000	[diff] [blame]	2419	n = EC_POINT_point2oct(srvr_group,
				2420	EC_KEY_get0_public_key(clnt_ecdh),
Bodo Möller	ea26226	2002-08-09 08:56:08 +0000	[diff] [blame]	2421	POINT_CONVERSION_UNCOMPRESSED,
				2422	encodedPoint, encoded_pt_len, bn_ctx);
				2423
				2424	p = n; / length of encoded point */
Bodo Möller	5737654	2003-02-28 15:07:10 +0000	[diff] [blame]	2425	/* Encoded point will be copied here */
Bodo Möller	ea26226	2002-08-09 08:56:08 +0000	[diff] [blame]	2426	p += 1;
				2427	/* copy the point */
				2428	memcpy((unsigned char *)p, encodedPoint, n);
				2429	/* increment n to account for length field */
				2430	n += 1;
				2431	}
				2432
				2433	/* Free allocated memory */
				2434	BN_CTX_free(bn_ctx);
				2435	if (encodedPoint != NULL) OPENSSL_free(encodedPoint);
				2436	if (clnt_ecdh != NULL)
Bodo Möller	ea26226	2002-08-09 08:56:08 +0000	[diff] [blame]	2437	EC_KEY_free(clnt_ecdh);
Bodo Möller	ea26226	2002-08-09 08:56:08 +0000	[diff] [blame]	2438	EVP_PKEY_free(srvr_pub_pkey);
				2439	}
				2440	#endif /* !OPENSSL_NO_ECDH */
Dr. Stephen Henson	0e1dba9	2007-10-26 12:06:36 +0000	[diff] [blame]	2441	else if (alg_k & SSL_kGOST)
				2442	{
				2443	/* GOST key exchange message creation */
				2444	EVP_PKEY_CTX *pkey_ctx;
				2445	X509 *peer_cert;
				2446	size_t msglen;
				2447	unsigned int md_len;
				2448	int keytype;
Dr. Stephen Henson	f0288f0	2009-06-16 16:38:47 +0000	[diff] [blame]	2449	unsigned char premaster_secret[32],shared_ukm[32], tmp[256];
Dr. Stephen Henson	0e1dba9	2007-10-26 12:06:36 +0000	[diff] [blame]	2450	EVP_MD_CTX *ukm_hash;
				2451	EVP_PKEY *pub_key;
				2452
				2453	/* Get server sertificate PKEY and create ctx from it */
				2454	peer_cert=s->session->sess_cert->peer_pkeys[(keytype=SSL_PKEY_GOST01)].x509;
				2455	if (!peer_cert)
				2456	peer_cert=s->session->sess_cert->peer_pkeys[(keytype=SSL_PKEY_GOST94)].x509;
				2457	if (!peer_cert) {
				2458	SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER);
				2459	goto err;
				2460	}
				2461
				2462	pkey_ctx=EVP_PKEY_CTX_new(pub_key=X509_get_pubkey(peer_cert),NULL);
				2463	/* If we have send a certificate, and certificate key
				2464
				2465	* parameters match those of server certificate, use
				2466	* certificate key for key exchange
				2467	*/
				2468
				2469	/* Otherwise, generate ephemeral key pair */
				2470
				2471	EVP_PKEY_encrypt_init(pkey_ctx);
				2472	/* Generate session key */
				2473	RAND_bytes(premaster_secret,32);
				2474	/* If we have client certificate, use its secret as peer key */
Dr. Stephen Henson	f0288f0	2009-06-16 16:38:47 +0000	[diff] [blame]	2475	if (s->s3->tmp.cert_req && s->cert->key->privatekey) {
				2476	if (EVP_PKEY_derive_set_peer(pkey_ctx,s->cert->key->privatekey) <=0) {
Dr. Stephen Henson	0e1dba9	2007-10-26 12:06:36 +0000	[diff] [blame]	2477	/* If there was an error - just ignore it. Ephemeral key
				2478	* would be used
				2479	*/
				2480	ERR_clear_error();
Dr. Stephen Henson	f0288f0	2009-06-16 16:38:47 +0000	[diff] [blame]	2481	}
Dr. Stephen Henson	0e1dba9	2007-10-26 12:06:36 +0000	[diff] [blame]	2482	}
				2483	/* Compute shared IV and store it in algorithm-specific
				2484	* context data */
				2485	ukm_hash = EVP_MD_CTX_create();
				2486	EVP_DigestInit(ukm_hash,EVP_get_digestbynid(NID_id_GostR3411_94));
				2487	EVP_DigestUpdate(ukm_hash,s->s3->client_random,SSL3_RANDOM_SIZE);
				2488	EVP_DigestUpdate(ukm_hash,s->s3->server_random,SSL3_RANDOM_SIZE);
				2489	EVP_DigestFinal_ex(ukm_hash, shared_ukm, &md_len);
				2490	EVP_MD_CTX_destroy(ukm_hash);
				2491	if (EVP_PKEY_CTX_ctrl(pkey_ctx,-1,EVP_PKEY_OP_ENCRYPT,EVP_PKEY_CTRL_SET_IV,
				2492	8,shared_ukm)<0) {
				2493	SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
				2494	SSL_R_LIBRARY_BUG);
				2495	goto err;
				2496	}
				2497	/* Make GOST keytransport blob message */
				2498	/Encapsulate it into sequence /
				2499	*(p++)=V_ASN1_SEQUENCE \| V_ASN1_CONSTRUCTED;
Dr. Stephen Henson	f0288f0	2009-06-16 16:38:47 +0000	[diff] [blame]	2500	msglen=255;
				2501	if (EVP_PKEY_encrypt(pkey_ctx,tmp,&msglen,premaster_secret,32)<0) {
Dr. Stephen Henson	0e1dba9	2007-10-26 12:06:36 +0000	[diff] [blame]	2502	SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
				2503	SSL_R_LIBRARY_BUG);
				2504	goto err;
Dr. Stephen Henson	f0288f0	2009-06-16 16:38:47 +0000	[diff] [blame]	2505	}
				2506	if (msglen >= 0x80)
				2507	{
				2508	*(p++)=0x81;
				2509	*(p++)= msglen & 0xff;
				2510	n=msglen+3;
				2511	}
				2512	else
				2513	{
				2514	*(p++)= msglen & 0xff;
				2515	n=msglen+2;
				2516	}
				2517	memcpy(p, tmp, msglen);
				2518	/* Check if pubkey from client certificate was used */
				2519	if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 2, NULL) > 0)
				2520	{
				2521	/* Set flag "skip certificate verify" */
				2522	s->s3->flags \|= TLS1_FLAGS_SKIP_CERT_VERIFY;
				2523	}
Dr. Stephen Henson	0e1dba9	2007-10-26 12:06:36 +0000	[diff] [blame]	2524	EVP_PKEY_CTX_free(pkey_ctx);
				2525	s->session->master_key_length=
				2526	s->method->ssl3_enc->generate_master_secret(s,
				2527	s->session->master_key,premaster_secret,32);
				2528	EVP_PKEY_free(pub_key);
				2529
				2530	}
Nils Larsch	ddac197	2006-03-10 23:06:27 +0000	[diff] [blame]	2531	#ifndef OPENSSL_NO_PSK
Bodo Möller	52b8dad	2007-02-17 06:45:38 +0000	[diff] [blame]	2532	else if (alg_k & SSL_kPSK)
Nils Larsch	ddac197	2006-03-10 23:06:27 +0000	[diff] [blame]	2533	{
				2534	char identity[PSK_MAX_IDENTITY_LEN];
				2535	unsigned char *t = NULL;
				2536	unsigned char psk_or_pre_ms[PSK_MAX_PSK_LEN*2+4];
				2537	unsigned int pre_ms_len = 0, psk_len = 0;
				2538	int psk_err = 1;
				2539
				2540	n = 0;
				2541	if (s->psk_client_callback == NULL)
				2542	{
				2543	SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
				2544	SSL_R_PSK_NO_CLIENT_CB);
				2545	goto err;
				2546	}
				2547
				2548	psk_len = s->psk_client_callback(s, s->ctx->psk_identity_hint,
				2549	identity, PSK_MAX_IDENTITY_LEN,
				2550	psk_or_pre_ms, sizeof(psk_or_pre_ms));
				2551	if (psk_len > PSK_MAX_PSK_LEN)
				2552	{
				2553	SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
				2554	ERR_R_INTERNAL_ERROR);
				2555	goto psk_err;
				2556	}
				2557	else if (psk_len == 0)
				2558	{
				2559	SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
				2560	SSL_R_PSK_IDENTITY_NOT_FOUND);
				2561	goto psk_err;
				2562	}
				2563
				2564	/* create PSK pre_master_secret */
				2565	pre_ms_len = 2+psk_len+2+psk_len;
				2566	t = psk_or_pre_ms;
				2567	memmove(psk_or_pre_ms+psk_len+4, psk_or_pre_ms, psk_len);
				2568	s2n(psk_len, t);
				2569	memset(t, 0, psk_len);
				2570	t+=psk_len;
				2571	s2n(psk_len, t);
				2572
				2573	if (s->session->psk_identity_hint != NULL)
				2574	OPENSSL_free(s->session->psk_identity_hint);
				2575	s->session->psk_identity_hint = BUF_strdup(s->ctx->psk_identity_hint);
				2576	if (s->ctx->psk_identity_hint != NULL &&
				2577	s->session->psk_identity_hint == NULL)
				2578	{
				2579	SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
				2580	ERR_R_MALLOC_FAILURE);
				2581	goto psk_err;
				2582	}
				2583
				2584	if (s->session->psk_identity != NULL)
				2585	OPENSSL_free(s->session->psk_identity);
				2586	s->session->psk_identity = BUF_strdup(identity);
				2587	if (s->session->psk_identity == NULL)
				2588	{
				2589	SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
				2590	ERR_R_MALLOC_FAILURE);
				2591	goto psk_err;
				2592	}
				2593
				2594	s->session->master_key_length =
				2595	s->method->ssl3_enc->generate_master_secret(s,
				2596	s->session->master_key,
				2597	psk_or_pre_ms, pre_ms_len);
				2598	n = strlen(identity);
				2599	s2n(n, p);
				2600	memcpy(p, identity, n);
				2601	n+=2;
				2602	psk_err = 0;
				2603	psk_err:
				2604	OPENSSL_cleanse(identity, PSK_MAX_IDENTITY_LEN);
Bodo Möller	52b8dad	2007-02-17 06:45:38 +0000	[diff] [blame]	2605	OPENSSL_cleanse(psk_or_pre_ms, sizeof(psk_or_pre_ms));
Nils Larsch	ddac197	2006-03-10 23:06:27 +0000	[diff] [blame]	2606	if (psk_err != 0)
				2607	{
				2608	ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
				2609	goto err;
				2610	}
				2611	}
				2612	#endif
Richard Levitte	f9b3bff	2000-11-30 22:53:34 +0000	[diff] [blame]	2613	else
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	2614	{
Bodo Möller	ea26226	2002-08-09 08:56:08 +0000	[diff] [blame]	2615	ssl3_send_alert(s, SSL3_AL_FATAL,
				2616	SSL_AD_HANDSHAKE_FAILURE);
				2617	SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
				2618	ERR_R_INTERNAL_ERROR);
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	2619	goto err;
				2620	}
				2621
				2622	*(d++)=SSL3_MT_CLIENT_KEY_EXCHANGE;
				2623	l2n3(n,d);
				2624
				2625	s->state=SSL3_ST_CW_KEY_EXCH_B;
				2626	/* number of bytes to write */
				2627	s->init_num=n+4;
				2628	s->init_off=0;
				2629	}
				2630
				2631	/* SSL3_ST_CW_KEY_EXCH_B */
				2632	return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
				2633	err:
Bodo Möller	ea26226	2002-08-09 08:56:08 +0000	[diff] [blame]	2634	#ifndef OPENSSL_NO_ECDH
				2635	BN_CTX_free(bn_ctx);
				2636	if (encodedPoint != NULL) OPENSSL_free(encodedPoint);
				2637	if (clnt_ecdh != NULL)
Bodo Möller	ea26226	2002-08-09 08:56:08 +0000	[diff] [blame]	2638	EC_KEY_free(clnt_ecdh);
Bodo Möller	5737654	2003-02-28 15:07:10 +0000	[diff] [blame]	2639	EVP_PKEY_free(srvr_pub_pkey);
Bodo Möller	ea26226	2002-08-09 08:56:08 +0000	[diff] [blame]	2640	#endif
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	2641	return(-1);
				2642	}
				2643
Ben Laurie	36d16f8	2005-04-26 16:02:40 +0000	[diff] [blame]	2644	int ssl3_send_client_verify(SSL *s)
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	2645	{
				2646	unsigned char p,d;
				2647	unsigned char data[MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH];
				2648	EVP_PKEY *pkey;
Dr. Stephen Henson	0e1dba9	2007-10-26 12:06:36 +0000	[diff] [blame]	2649	EVP_PKEY_CTX *pctx=NULL;
Richard Levitte	bc36ee6	2001-02-20 08:13:47 +0000	[diff] [blame]	2650	#ifndef OPENSSL_NO_RSA
Ben Laurie	ca7fea9	1999-09-24 19:10:57 +0000	[diff] [blame]	2651	unsigned u=0;
Ulf Möller	79df9d6	1999-04-27 03:19:12 +0000	[diff] [blame]	2652	#endif
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	2653	unsigned long n;
Nils Larsch	3eeaab4	2005-07-16 12:37:36 +0000	[diff] [blame]	2654	#if !defined(OPENSSL_NO_DSA) \|\| !defined(OPENSSL_NO_ECDSA)
Ralf S. Engelschall	58964a4	1998-12-21 10:56:39 +0000	[diff] [blame]	2655	int j;
				2656	#endif
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	2657
				2658	if (s->state == SSL3_ST_CW_CERT_VRFY_A)
				2659	{
				2660	d=(unsigned char *)s->init_buf->data;
				2661	p= &(d[4]);
				2662	pkey=s->cert->key->privatekey;
Dr. Stephen Henson	0e1dba9	2007-10-26 12:06:36 +0000	[diff] [blame]	2663	/* Create context from key and test if sha1 is allowed as digest */
				2664	pctx = EVP_PKEY_CTX_new(pkey,NULL);
				2665	EVP_PKEY_sign_init(pctx);
				2666	if (EVP_PKEY_CTX_set_signature_md(pctx, EVP_sha1())>0)
				2667	{
				2668	s->method->ssl3_enc->cert_verify_mac(s,
				2669	NID_sha1,
				2670	&(data[MD5_DIGEST_LENGTH]));
				2671	}
				2672	else
				2673	{
				2674	ERR_clear_error();
				2675	}
Richard Levitte	bc36ee6	2001-02-20 08:13:47 +0000	[diff] [blame]	2676	#ifndef OPENSSL_NO_RSA
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	2677	if (pkey->type == EVP_PKEY_RSA)
				2678	{
Ralf S. Engelschall	58964a4	1998-12-21 10:56:39 +0000	[diff] [blame]	2679	s->method->ssl3_enc->cert_verify_mac(s,
Dr. Stephen Henson	8102566	2007-08-31 12:42:53 +0000	[diff] [blame]	2680	NID_md5,
				2681	&(data[0]));
Dr. Stephen Henson	1c80019	1999-09-18 22:37:44 +0000	[diff] [blame]	2682	if (RSA_sign(NID_md5_sha1, data,
				2683	MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH,
Ben Laurie	ca7fea9	1999-09-24 19:10:57 +0000	[diff] [blame]	2684	&(p[2]), &u, pkey->pkey.rsa) <= 0 )
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	2685	{
				2686	SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,ERR_R_RSA_LIB);
				2687	goto err;
				2688	}
Ben Laurie	ca7fea9	1999-09-24 19:10:57 +0000	[diff] [blame]	2689	s2n(u,p);
				2690	n=u+2;
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	2691	}
				2692	else
				2693	#endif
Richard Levitte	bc36ee6	2001-02-20 08:13:47 +0000	[diff] [blame]	2694	#ifndef OPENSSL_NO_DSA
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	2695	if (pkey->type == EVP_PKEY_DSA)
				2696	{
				2697	if (!DSA_sign(pkey->save_type,
				2698	&(data[MD5_DIGEST_LENGTH]),
				2699	SHA_DIGEST_LENGTH,&(p[2]),
				2700	(unsigned int *)&j,pkey->pkey.dsa))
				2701	{
				2702	SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,ERR_R_DSA_LIB);
				2703	goto err;
				2704	}
				2705	s2n(j,p);
				2706	n=j+2;
				2707	}
				2708	else
				2709	#endif
Bodo Möller	ea26226	2002-08-09 08:56:08 +0000	[diff] [blame]	2710	#ifndef OPENSSL_NO_ECDSA
Bodo Möller	5488bb6	2002-08-12 08:47:41 +0000	[diff] [blame]	2711	if (pkey->type == EVP_PKEY_EC)
Bodo Möller	ea26226	2002-08-09 08:56:08 +0000	[diff] [blame]	2712	{
				2713	if (!ECDSA_sign(pkey->save_type,
				2714	&(data[MD5_DIGEST_LENGTH]),
				2715	SHA_DIGEST_LENGTH,&(p[2]),
Nils Larsch	9dd8405	2005-05-16 10:11:04 +0000	[diff] [blame]	2716	(unsigned int *)&j,pkey->pkey.ec))
Bodo Möller	ea26226	2002-08-09 08:56:08 +0000	[diff] [blame]	2717	{
				2718	SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,
				2719	ERR_R_ECDSA_LIB);
				2720	goto err;
				2721	}
				2722	s2n(j,p);
				2723	n=j+2;
				2724	}
				2725	else
				2726	#endif
Dr. Stephen Henson	0e1dba9	2007-10-26 12:06:36 +0000	[diff] [blame]	2727	if (pkey->type == NID_id_GostR3410_94 \|\| pkey->type == NID_id_GostR3410_2001)
				2728	{
				2729	unsigned char signbuf[64];
				2730	int i;
Dr. Stephen Henson	9400d9a	2007-12-14 16:53:50 +0000	[diff] [blame]	2731	size_t sigsize=64;
Dr. Stephen Henson	0e1dba9	2007-10-26 12:06:36 +0000	[diff] [blame]	2732	s->method->ssl3_enc->cert_verify_mac(s,
				2733	NID_id_GostR3411_94,
				2734	data);
Dr. Stephen Henson	a25f33d	2009-09-13 11:29:29 +0000	[diff] [blame]	2735	if (EVP_PKEY_sign(pctx, signbuf, &sigsize, data, 32) <= 0) {
Dr. Stephen Henson	0e1dba9	2007-10-26 12:06:36 +0000	[diff] [blame]	2736	SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,
				2737	ERR_R_INTERNAL_ERROR);
				2738	goto err;
				2739	}
				2740	for (i=63,j=0; i>=0; j++, i--) {
				2741	p[2+j]=signbuf[i];
				2742	}
				2743	s2n(j,p);
				2744	n=j+2;
				2745	}
				2746	else
				2747	{
Bodo Möller	5277d7c	2001-03-07 01:19:07 +0000	[diff] [blame]	2748	SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,ERR_R_INTERNAL_ERROR);
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	2749	goto err;
Dr. Stephen Henson	0e1dba9	2007-10-26 12:06:36 +0000	[diff] [blame]	2750	}
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	2751	*(d++)=SSL3_MT_CERTIFICATE_VERIFY;
				2752	l2n3(n,d);
				2753
Richard Levitte	ba9f80c	2003-09-27 19:32:06 +0000	[diff] [blame]	2754	s->state=SSL3_ST_CW_CERT_VRFY_B;
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	2755	s->init_num=(int)n+4;
				2756	s->init_off=0;
				2757	}
Dr. Stephen Henson	0e1dba9	2007-10-26 12:06:36 +0000	[diff] [blame]	2758	EVP_PKEY_CTX_free(pctx);
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	2759	return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
				2760	err:
Dr. Stephen Henson	0e1dba9	2007-10-26 12:06:36 +0000	[diff] [blame]	2761	EVP_PKEY_CTX_free(pctx);
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	2762	return(-1);
				2763	}
				2764
Ben Laurie	36d16f8	2005-04-26 16:02:40 +0000	[diff] [blame]	2765	int ssl3_send_client_certificate(SSL *s)
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	2766	{
				2767	X509 *x509=NULL;
				2768	EVP_PKEY *pkey=NULL;
				2769	int i;
				2770	unsigned long l;
				2771
				2772	if (s->state == SSL3_ST_CW_CERT_A)
				2773	{
				2774	if ((s->cert == NULL) \|\|
				2775	(s->cert->key->x509 == NULL) \|\|
				2776	(s->cert->key->privatekey == NULL))
				2777	s->state=SSL3_ST_CW_CERT_B;
				2778	else
				2779	s->state=SSL3_ST_CW_CERT_C;
				2780	}
				2781
				2782	/* We need to get a client cert */
				2783	if (s->state == SSL3_ST_CW_CERT_B)
				2784	{
				2785	/* If we get an error, we need to
				2786	* ssl->rwstate=SSL_X509_LOOKUP; return(-1);
				2787	* We then get retied later */
				2788	i=0;
Dr. Stephen Henson	368888b	2008-06-01 22:33:24 +0000	[diff] [blame]	2789	i = ssl_do_client_cert_cb(s, &x509, &pkey);
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	2790	if (i < 0)
				2791	{
				2792	s->rwstate=SSL_X509_LOOKUP;
				2793	return(-1);
				2794	}
				2795	s->rwstate=SSL_NOTHING;
				2796	if ((i == 1) && (pkey != NULL) && (x509 != NULL))
				2797	{
				2798	s->state=SSL3_ST_CW_CERT_B;
				2799	if ( !SSL_use_certificate(s,x509) \|\|
				2800	!SSL_use_PrivateKey(s,pkey))
				2801	i=0;
				2802	}
				2803	else if (i == 1)
				2804	{
				2805	i=0;
				2806	SSLerr(SSL_F_SSL3_SEND_CLIENT_CERTIFICATE,SSL_R_BAD_DATA_RETURNED_BY_CALLBACK);
				2807	}
				2808
				2809	if (x509 != NULL) X509_free(x509);
				2810	if (pkey != NULL) EVP_PKEY_free(pkey);
				2811	if (i == 0)
				2812	{
Ralf S. Engelschall	58964a4	1998-12-21 10:56:39 +0000	[diff] [blame]	2813	if (s->version == SSL3_VERSION)
				2814	{
				2815	s->s3->tmp.cert_req=0;
				2816	ssl3_send_alert(s,SSL3_AL_WARNING,SSL_AD_NO_CERTIFICATE);
				2817	return(1);
				2818	}
				2819	else
				2820	{
				2821	s->s3->tmp.cert_req=2;
				2822	}
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	2823	}
				2824
				2825	/* Ok, we have a cert */
				2826	s->state=SSL3_ST_CW_CERT_C;
				2827	}
				2828
				2829	if (s->state == SSL3_ST_CW_CERT_C)
				2830	{
				2831	s->state=SSL3_ST_CW_CERT_D;
Ralf S. Engelschall	58964a4	1998-12-21 10:56:39 +0000	[diff] [blame]	2832	l=ssl3_output_cert_chain(s,
				2833	(s->s3->tmp.cert_req == 2)?NULL:s->cert->key->x509);
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	2834	s->init_num=(int)l;
				2835	s->init_off=0;
				2836	}
				2837	/* SSL3_ST_CW_CERT_D */
				2838	return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
				2839	}
				2840
				2841	#define has_bits(i,m) (((i)&(m)) == (m))
				2842
Ben Laurie	36d16f8	2005-04-26 16:02:40 +0000	[diff] [blame]	2843	int ssl3_check_cert_and_algorithm(SSL *s)
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	2844	{
				2845	int i,idx;
Bodo Möller	52b8dad	2007-02-17 06:45:38 +0000	[diff] [blame]	2846	long alg_k,alg_a;
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	2847	EVP_PKEY *pkey=NULL;
Bodo Möller	b56bce4	1999-05-13 15:09:38 +0000	[diff] [blame]	2848	SESS_CERT *sc;
Richard Levitte	bc36ee6	2001-02-20 08:13:47 +0000	[diff] [blame]	2849	#ifndef OPENSSL_NO_RSA
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	2850	RSA *rsa;
Ulf Möller	79df9d6	1999-04-27 03:19:12 +0000	[diff] [blame]	2851	#endif
Richard Levitte	bc36ee6	2001-02-20 08:13:47 +0000	[diff] [blame]	2852	#ifndef OPENSSL_NO_DH
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	2853	DH *dh;
Ulf Möller	79df9d6	1999-04-27 03:19:12 +0000	[diff] [blame]	2854	#endif
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	2855
Bodo Möller	b56bce4	1999-05-13 15:09:38 +0000	[diff] [blame]	2856	sc=s->session->sess_cert;
Bodo Möller	b56bce4	1999-05-13 15:09:38 +0000	[diff] [blame]	2857	if (sc == NULL)
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	2858	{
Bodo Möller	5277d7c	2001-03-07 01:19:07 +0000	[diff] [blame]	2859	SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,ERR_R_INTERNAL_ERROR);
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	2860	goto err;
				2861	}
				2862
Bodo Möller	52b8dad	2007-02-17 06:45:38 +0000	[diff] [blame]	2863	alg_k=s->s3->tmp.new_cipher->algorithm_mkey;
				2864	alg_a=s->s3->tmp.new_cipher->algorithm_auth;
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	2865
				2866	/* we don't have a certificate */
Bodo Möller	52b8dad	2007-02-17 06:45:38 +0000	[diff] [blame]	2867	if ((alg_a & (SSL_aDH\|SSL_aNULL\|SSL_aKRB5)) \|\| (alg_k & SSL_kPSK))
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	2868	return(1);
				2869
Richard Levitte	bc36ee6	2001-02-20 08:13:47 +0000	[diff] [blame]	2870	#ifndef OPENSSL_NO_RSA
Bodo Möller	b56bce4	1999-05-13 15:09:38 +0000	[diff] [blame]	2871	rsa=s->session->sess_cert->peer_rsa_tmp;
Ulf Möller	79df9d6	1999-04-27 03:19:12 +0000	[diff] [blame]	2872	#endif
Richard Levitte	bc36ee6	2001-02-20 08:13:47 +0000	[diff] [blame]	2873	#ifndef OPENSSL_NO_DH
Bodo Möller	b56bce4	1999-05-13 15:09:38 +0000	[diff] [blame]	2874	dh=s->session->sess_cert->peer_dh_tmp;
Ulf Möller	79df9d6	1999-04-27 03:19:12 +0000	[diff] [blame]	2875	#endif
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	2876
				2877	/* This is the passed certificate */
				2878
Bodo Möller	b56bce4	1999-05-13 15:09:38 +0000	[diff] [blame]	2879	idx=sc->peer_cert_type;
Bodo Möller	ea26226	2002-08-09 08:56:08 +0000	[diff] [blame]	2880	#ifndef OPENSSL_NO_ECDH
				2881	if (idx == SSL_PKEY_ECC)
				2882	{
Bodo Möller	ed3ecd8	2006-06-15 19:58:22 +0000	[diff] [blame]	2883	if (ssl_check_srvr_ecc_cert_and_alg(sc->peer_pkeys[idx].x509,
Bodo Möller	ea26226	2002-08-09 08:56:08 +0000	[diff] [blame]	2884	s->s3->tmp.new_cipher) == 0)
				2885	{ /* check failed */
				2886	SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_BAD_ECC_CERT);
Bodo Möller	52b8dad	2007-02-17 06:45:38 +0000	[diff] [blame]	2887	goto f_err;
Bodo Möller	ea26226	2002-08-09 08:56:08 +0000	[diff] [blame]	2888	}
				2889	else
				2890	{
				2891	return 1;
				2892	}
				2893	}
				2894	#endif
Bodo Möller	b56bce4	1999-05-13 15:09:38 +0000	[diff] [blame]	2895	pkey=X509_get_pubkey(sc->peer_pkeys[idx].x509);
				2896	i=X509_certificate_type(sc->peer_pkeys[idx].x509,pkey);
Dr. Stephen Henson	a8236c8	1999-02-15 21:05:21 +0000	[diff] [blame]	2897	EVP_PKEY_free(pkey);
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	2898
				2899
				2900	/* Check that we have a certificate if we require one */
Bodo Möller	52b8dad	2007-02-17 06:45:38 +0000	[diff] [blame]	2901	if ((alg_a & SSL_aRSA) && !has_bits(i,EVP_PK_RSA\|EVP_PKT_SIGN))
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	2902	{
				2903	SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_RSA_SIGNING_CERT);
				2904	goto f_err;
				2905	}
Richard Levitte	bc36ee6	2001-02-20 08:13:47 +0000	[diff] [blame]	2906	#ifndef OPENSSL_NO_DSA
Bodo Möller	52b8dad	2007-02-17 06:45:38 +0000	[diff] [blame]	2907	else if ((alg_a & SSL_aDSS) && !has_bits(i,EVP_PK_DSA\|EVP_PKT_SIGN))
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	2908	{
				2909	SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DSA_SIGNING_CERT);
				2910	goto f_err;
				2911	}
				2912	#endif
Richard Levitte	bc36ee6	2001-02-20 08:13:47 +0000	[diff] [blame]	2913	#ifndef OPENSSL_NO_RSA
Bodo Möller	52b8dad	2007-02-17 06:45:38 +0000	[diff] [blame]	2914	if ((alg_k & SSL_kRSA) &&
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	2915	!(has_bits(i,EVP_PK_RSA\|EVP_PKT_ENC) \|\| (rsa != NULL)))
				2916	{
				2917	SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_RSA_ENCRYPTING_CERT);
				2918	goto f_err;
				2919	}
Ulf Möller	79df9d6	1999-04-27 03:19:12 +0000	[diff] [blame]	2920	#endif
Richard Levitte	bc36ee6	2001-02-20 08:13:47 +0000	[diff] [blame]	2921	#ifndef OPENSSL_NO_DH
Bodo Möller	52b8dad	2007-02-17 06:45:38 +0000	[diff] [blame]	2922	if ((alg_k & SSL_kEDH) &&
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	2923	!(has_bits(i,EVP_PK_DH\|EVP_PKT_EXCH) \|\| (dh != NULL)))
				2924	{
				2925	SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_KEY);
				2926	goto f_err;
				2927	}
Bodo Möller	52b8dad	2007-02-17 06:45:38 +0000	[diff] [blame]	2928	else if ((alg_k & SSL_kDHr) && !has_bits(i,EVP_PK_DH\|EVP_PKS_RSA))
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	2929	{
				2930	SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_RSA_CERT);
				2931	goto f_err;
				2932	}
Richard Levitte	bc36ee6	2001-02-20 08:13:47 +0000	[diff] [blame]	2933	#ifndef OPENSSL_NO_DSA
Bodo Möller	52b8dad	2007-02-17 06:45:38 +0000	[diff] [blame]	2934	else if ((alg_k & SSL_kDHd) && !has_bits(i,EVP_PK_DH\|EVP_PKS_DSA))
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	2935	{
				2936	SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_DSA_CERT);
				2937	goto f_err;
				2938	}
				2939	#endif
				2940	#endif
				2941
Dr. Stephen Henson	018e57c	2000-01-22 03:17:06 +0000	[diff] [blame]	2942	if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && !has_bits(i,EVP_PKT_EXP))
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	2943	{
Richard Levitte	bc36ee6	2001-02-20 08:13:47 +0000	[diff] [blame]	2944	#ifndef OPENSSL_NO_RSA
Bodo Möller	52b8dad	2007-02-17 06:45:38 +0000	[diff] [blame]	2945	if (alg_k & SSL_kRSA)
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	2946	{
Ben Laurie	06ab81f	1999-02-21 20:03:24 +0000	[diff] [blame]	2947	if (rsa == NULL
Richard Levitte	70ef9c5	2003-11-28 23:03:14 +0000	[diff] [blame]	2948	\|\| RSA_size(rsa)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher))
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	2949	{
				2950	SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_EXPORT_TMP_RSA_KEY);
				2951	goto f_err;
				2952	}
				2953	}
				2954	else
				2955	#endif
Richard Levitte	bc36ee6	2001-02-20 08:13:47 +0000	[diff] [blame]	2956	#ifndef OPENSSL_NO_DH
Bodo Möller	52b8dad	2007-02-17 06:45:38 +0000	[diff] [blame]	2957	if (alg_k & (SSL_kEDH\|SSL_kDHr\|SSL_kDHd))
Ben Laurie	06ab81f	1999-02-21 20:03:24 +0000	[diff] [blame]	2958	{
				2959	if (dh == NULL
Richard Levitte	70ef9c5	2003-11-28 23:03:14 +0000	[diff] [blame]	2960	\|\| DH_size(dh)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher))
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	2961	{
				2962	SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_EXPORT_TMP_DH_KEY);
				2963	goto f_err;
				2964	}
				2965	}
				2966	else
				2967	#endif
				2968	{
				2969	SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE);
				2970	goto f_err;
				2971	}
				2972	}
				2973	return(1);
				2974	f_err:
Ralf S. Engelschall	58964a4	1998-12-21 10:56:39 +0000	[diff] [blame]	2975	ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE);
Ralf S. Engelschall	d02b48c	1998-12-21 10:52:47 +0000	[diff] [blame]	2976	err:
				2977	return(0);
				2978	}
Dr. Stephen Henson	6434abb	2007-08-11 23:18:29 +0000	[diff] [blame]	2979
				2980	/* Check to see if handshake is full or resumed. Usually this is just a
				2981	* case of checking to see if a cache hit has occurred. In the case of
				2982	* session tickets we have to check the next message to be sure.
				2983	*/
				2984
				2985	#ifndef OPENSSL_NO_TLSEXT
Dr. Stephen Henson	8025e25	2009-12-08 11:37:40 +0000	[diff] [blame]	2986	int ssl3_check_finished(SSL *s)
Dr. Stephen Henson	6434abb	2007-08-11 23:18:29 +0000	[diff] [blame]	2987	{
				2988	int ok;
				2989	long n;
Dr. Stephen Henson	12bf56c	2008-11-15 17:18:12 +0000	[diff] [blame]	2990	/* If we have no ticket it cannot be a resumed session. */
				2991	if (!s->session->tlsext_tick)
Dr. Stephen Henson	6434abb	2007-08-11 23:18:29 +0000	[diff] [blame]	2992	return 1;
				2993	/* this function is called when we really expect a Certificate
				2994	* message, so permit appropriate message length */
				2995	n=s->method->ssl_get_message(s,
				2996	SSL3_ST_CR_CERT_A,
				2997	SSL3_ST_CR_CERT_B,
				2998	-1,
				2999	s->max_cert_list,
				3000	&ok);
				3001	if (!ok) return((int)n);
				3002	s->s3->tmp.reuse_message = 1;
				3003	if ((s->s3->tmp.message_type == SSL3_MT_FINISHED)
				3004	\|\| (s->s3->tmp.message_type == SSL3_MT_NEWSESSION_TICKET))
				3005	return 2;
				3006
				3007	return 1;
				3008	}
				3009	#endif
Dr. Stephen Henson	368888b	2008-06-01 22:33:24 +0000	[diff] [blame]	3010
				3011	int ssl_do_client_cert_cb(SSL s, X509 px509, EVP_PKEY *ppkey)
				3012	{
				3013	int i = 0;
				3014	#ifndef OPENSSL_NO_ENGINE
				3015	if (s->ctx->client_cert_engine)
				3016	{
				3017	i = ENGINE_load_ssl_client_cert(s->ctx->client_cert_engine, s,
				3018	SSL_get_client_CA_list(s),
Dr. Stephen Henson	3fc59c8	2008-06-01 22:45:08 +0000	[diff] [blame]	3019	px509, ppkey, NULL, NULL, NULL);
Dr. Stephen Henson	368888b	2008-06-01 22:33:24 +0000	[diff] [blame]	3020	if (i != 0)
				3021	return i;
				3022	}
				3023	#endif
				3024	if (s->ctx->client_cert_cb)
				3025	i = s->ctx->client_cert_cb(s,px509,ppkey);
				3026	return i;
				3027	}