629 if ((j != 0) && (j != SSL3_SESSION_ID_SIZE)) 630 { 631 /* SSLref returns 16 :-( */ 632 if (j < SSL2_SSL_SESSION_ID_LENGTH) 633 { 634 al=SSL_AD_ILLEGAL_PARAMETER; 635 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_SSL3_SESSION_ID_TOO_SHORT); 636 goto f_err; 637 } 638 } 639 if (j != 0 && j == s->session->session_id_length 640 && memcmp(p,s->session->session_id,j) == 0) 641 { 642 if(s->sid_ctx_length != s->session->sid_ctx_length 643 || memcmp(s->session->sid_ctx,s->sid_ctx,s->sid_ctx_length)) 644 { 645 al=SSL_AD_ILLEGAL_PARAMETER; 646 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT); 647 goto f_err; 648 } 649 s->hit=1; 650 } 651 else /* a miss or crap from the other end */ 652 { 653 /* If we were trying for session-id reuse, make a new 654 * SSL_SESSION so we don't stuff up other people */ 655 s->hit=0; 656 if (s->session->session_id_length > 0) 657 { 658 if (!ssl_get_new_session(s,0)) 659 { 660 al=SSL_AD_INTERNAL_ERROR; 661 goto f_err; 662 } 663 } 664 s->session->session_id_length=j; 665 memcpy(s->session->session_id,p,j); /* j could be 0 */ 666 } 667 p+=j; 668 c=ssl_get_cipher_by_char(s,p); 669 if (c == NULL) 670 { 671 /* unknown cipher */ 672 al=SSL_AD_ILLEGAL_PARAMETER; 673 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_UNKNOWN_CIPHER_RETURNED); 674 goto f_err; 675 } 676 p+=ssl_put_cipher_by_char(s,NULL,NULL); 677 678 sk=ssl_get_ciphers_by_id(s); 679 i=sk_SSL_CIPHER_find(sk,c); 680 if (i < 0) 681 { 682 /* we did not say we would use this cipher */ 683 al=SSL_AD_ILLEGAL_PARAMETER; 684 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_WRONG_CIPHER_RETURNED); 685 goto f_err; 686 } 687 688 if (s->hit && (s->session->cipher != c)) 689 { 690 if (!(s->options & 691 SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG)) 692 { 693 al=SSL_AD_ILLEGAL_PARAMETER; 694 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED); 695 goto f_err; 696 } 697 } 698 s->s3->tmp.new_cipher=c; 699 700 /* lets get the compression algorithm */ 701 /* COMPRESSION */ 702 j= *(p++); 703 if (j == 0) 704 comp=NULL; 705 else 706 comp=ssl3_comp_find(s->ctx->comp_methods,j); 707 708 if ((j != 0) && (comp == NULL)) 709 { 710 al=SSL_AD_ILLEGAL_PARAMETER; 711 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM); 712 goto f_err; 713 } 714 else 715 { 716 s->s3->tmp.new_compression=comp; 717 } 718 719 if (p != (d+n)) 720 { 721 /* wrong packet length */ 722 al=SSL_AD_DECODE_ERROR; 723 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_BAD_PACKET_LENGTH); 724 goto err; 725 } 726 727 return(1); 728f_err: 729 ssl3_send_alert(s,SSL3_AL_FATAL,al); 730err: 731 return(-1); 732 } 733 734static int ssl3_get_server_certificate(SSL *s) 735 { 736 int al,i,ok,ret= -1; 737 unsigned long n,nc,llen,l; 738 X509 *x=NULL; 739 unsigned char *p,*d,*q; 740 STACK_OF(X509) *sk=NULL; 741 SESS_CERT *sc; 742 EVP_PKEY *pkey=NULL; 743 744 n=ssl3_get_message(s, 745 SSL3_ST_CR_CERT_A, 746 SSL3_ST_CR_CERT_B, 747 -1, 748#if defined(MSDOS) && !defined(WIN32) 749 1024*30, /* 30k max cert list :-) */ 750#else 751 1024*100, /* 100k max cert list :-) */ 752#endif 753 &ok); 754 755 if (!ok) return((int)n); 756 757 if (s->s3->tmp.message_type == SSL3_MT_SERVER_KEY_EXCHANGE) 758 { 759 s->s3->tmp.reuse_message=1; 760 return(1); 761 } 762 763 if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE) 764 { 765 al=SSL_AD_UNEXPECTED_MESSAGE; 766 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_BAD_MESSAGE_TYPE); 767 goto f_err; 768 } 769 d=p=(unsigned char *)s->init_buf->data; 770 771 if ((sk=sk_X509_new_null()) == NULL) 772 { 773 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,ERR_R_MALLOC_FAILURE); 774 goto err; 775 } 776 777 n2l3(p,llen); 778 if (llen+3 != n) 779 { 780 al=SSL_AD_DECODE_ERROR; 781 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_LENGTH_MISMATCH); 782 goto f_err; 783 } 784 for (nc=0; nc<llen; ) 785 { 786 n2l3(p,l); 787 if ((l+nc+3) > llen) 788 { 789 al=SSL_AD_DECODE_ERROR; 790 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_CERT_LENGTH_MISMATCH); 791 goto f_err; 792 } 793 794 q=p; 795 x=d2i_X509(NULL,&q,l); 796 if (x == NULL) 797 { 798 al=SSL_AD_BAD_CERTIFICATE; 799 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,ERR_R_ASN1_LIB); 800 goto f_err; 801 } 802 if (q != (p+l)) 803 { 804 al=SSL_AD_DECODE_ERROR; 805 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_CERT_LENGTH_MISMATCH); 806 goto f_err; 807 } 808 if (!sk_X509_push(sk,x)) 809 { 810 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,ERR_R_MALLOC_FAILURE); 811 goto err; 812 } 813 x=NULL; 814 nc+=l+3; 815 p=q; 816 } 817 818 i=ssl_verify_cert_chain(s,sk); 819 if ((s->verify_mode != SSL_VERIFY_NONE) && (!i)) 820 { 821 al=ssl_verify_alarm_type(s->verify_result); 822 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_CERTIFICATE_VERIFY_FAILED); 823 goto f_err; 824 } 825 ERR_clear_error(); /* but we keep s->verify_result */ 826 827 sc=ssl_sess_cert_new(); 828 if (sc == NULL) goto err; 829 830 if (s->session->sess_cert) ssl_sess_cert_free(s->session->sess_cert); 831 s->session->sess_cert=sc; 832 833 sc->cert_chain=sk; 834 /* Inconsistency alert: cert_chain does include the peer's 835 * certificate, which we don't include in s3_srvr.c */ 836 x=sk_X509_value(sk,0); 837 sk=NULL; 838 839 pkey=X509_get_pubkey(x); 840 841 if ((pkey == NULL) || EVP_PKEY_missing_parameters(pkey)) 842 { 843 x=NULL; 844 al=SSL3_AL_FATAL; 845 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS); 846 goto f_err; 847 } 848 849 i=ssl_cert_type(x,pkey); 850 if (i < 0) 851 { 852 x=NULL; 853 al=SSL3_AL_FATAL; 854 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_UNKNOWN_CERTIFICATE_TYPE); 855 goto f_err; 856 } 857 858 sc->peer_cert_type=i; 859 CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509); 860 if (sc->peer_pkeys[i].x509 != NULL) /* Why would this ever happen? 861 * We just created sc a couple of 862 * lines ago. */ 863 X509_free(sc->peer_pkeys[i].x509); 864 sc->peer_pkeys[i].x509=x; 865 sc->peer_key= &(sc->peer_pkeys[i]); 866 867 if (s->session->peer != NULL) 868 X509_free(s->session->peer); 869 CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509); 870 s->session->peer=x; 871 s->session->verify_result = s->verify_result; 872 873 x=NULL; 874 ret=1; 875 876 if (0) 877 { 878f_err: 879 ssl3_send_alert(s,SSL3_AL_FATAL,al); 880 } 881err: 882 EVP_PKEY_free(pkey); 883 X509_free(x); 884 sk_X509_pop_free(sk,X509_free); 885 return(ret); 886 } 887 888static int ssl3_get_key_exchange(SSL *s) 889 { 890#ifndef NO_RSA 891 unsigned char *q,md_buf[EVP_MAX_MD_SIZE*2]; 892#endif 893 EVP_MD_CTX md_ctx; 894 unsigned char *param,*p; 895 int al,i,j,param_len,ok; 896 long n,alg; 897 EVP_PKEY *pkey=NULL; 898#ifndef NO_RSA 899 RSA *rsa=NULL; 900#endif 901#ifndef NO_DH 902 DH *dh=NULL; 903#endif 904 905 /* use same message size as in ssl3_get_certificate_request() 906 * as ServerKeyExchange message may be skipped */ 907 n=ssl3_get_message(s, 908 SSL3_ST_CR_KEY_EXCH_A, 909 SSL3_ST_CR_KEY_EXCH_B, 910 -1, 911#if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN32) 912 1024*30, /* 30k max cert list :-) */ 913#else 914 1024*100, /* 100k max cert list :-) */ 915#endif 916 &ok); 917 918 if (!ok) return((int)n); 919 920 if (s->s3->tmp.message_type != SSL3_MT_SERVER_KEY_EXCHANGE) 921 { 922 s->s3->tmp.reuse_message=1; 923 return(1); 924 } 925 926 param=p=(unsigned char *)s->init_buf->data; 927 928 if (s->session->sess_cert != NULL) 929 { 930#ifndef NO_RSA 931 if (s->session->sess_cert->peer_rsa_tmp != NULL) 932 { 933 RSA_free(s->session->sess_cert->peer_rsa_tmp); 934 s->session->sess_cert->peer_rsa_tmp=NULL; 935 } 936#endif 937#ifndef NO_DH 938 if (s->session->sess_cert->peer_dh_tmp) 939 { 940 DH_free(s->session->sess_cert->peer_dh_tmp); 941 s->session->sess_cert->peer_dh_tmp=NULL; 942 } 943#endif 944 } 945 else 946 { 947 s->session->sess_cert=ssl_sess_cert_new(); 948 } 949 950 param_len=0; 951 alg=s->s3->tmp.new_cipher->algorithms; 952 953#ifndef NO_RSA 954 if (alg & SSL_kRSA) 955 { 956 if ((rsa=RSA_new()) == NULL) 957 { 958 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE); 959 goto err; 960 } 961 n2s(p,i); 962 param_len=i+2; 963 if (param_len > n) 964 { 965 al=SSL_AD_DECODE_ERROR; 966 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_RSA_MODULUS_LENGTH); 967 goto f_err; 968 } 969 if (!(rsa->n=BN_bin2bn(p,i,rsa->n))) 970 { 971 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB); 972 goto err; 973 } 974 p+=i; 975 976 n2s(p,i); 977 param_len+=i+2; 978 if (param_len > n) 979 { 980 al=SSL_AD_DECODE_ERROR; 981 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_RSA_E_LENGTH); 982 goto f_err; 983 } 984 if (!(rsa->e=BN_bin2bn(p,i,rsa->e))) 985 { 986 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB); 987 goto err; 988 } 989 p+=i; 990 n-=param_len; 991 992 /* this should be because we are using an export cipher */ 993 if (alg & SSL_aRSA) 994 pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509); 995 else 996 { 997 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_INTERNAL_ERROR); 998 goto err; 999 } 1000 s->session->sess_cert->peer_rsa_tmp=rsa; 1001 rsa=NULL; 1002 } 1003#else /* NO_RSA */ 1004 if (0) 1005 ; 1006#endif 1007#ifndef NO_DH 1008 else if (alg & SSL_kEDH) 1009 { 1010 if ((dh=DH_new()) == NULL) 1011 { 1012 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_DH_LIB); 1013 goto err; 1014 } 1015 n2s(p,i); 1016 param_len=i+2; 1017 if (param_len > n) 1018 { 1019 al=SSL_AD_DECODE_ERROR; 1020 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_DH_P_LENGTH); 1021 goto f_err; 1022 } 1023 if (!(dh->p=BN_bin2bn(p,i,NULL))) 1024 { 1025 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB); 1026 goto err; 1027 } 1028 p+=i; 1029 1030 n2s(p,i); 1031 param_len+=i+2; 1032 if (param_len > n) 1033 { 1034 al=SSL_AD_DECODE_ERROR; 1035 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_DH_G_LENGTH); 1036 goto f_err; 1037 } 1038 if (!(dh->g=BN_bin2bn(p,i,NULL))) 1039 { 1040 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB); 1041 goto err; 1042 } 1043 p+=i; 1044 1045 n2s(p,i); 1046 param_len+=i+2; 1047 if (param_len > n) 1048 { 1049 al=SSL_AD_DECODE_ERROR; 1050 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_DH_PUB_KEY_LENGTH); 1051 goto f_err; 1052 } 1053 if (!(dh->pub_key=BN_bin2bn(p,i,NULL))) 1054 { 1055 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB); 1056 goto err; 1057 } 1058 p+=i; 1059 n-=param_len; 1060 1061#ifndef NO_RSA 1062 if (alg & SSL_aRSA) 1063 pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509); 1064#else 1065 if (0) 1066 ; 1067#endif 1068#ifndef NO_DSA 1069 else if (alg & SSL_aDSS) 1070 pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_DSA_SIGN].x509); 1071#endif 1072 /* else anonymous DH, so no certificate or pkey. */ 1073 1074 s->session->sess_cert->peer_dh_tmp=dh; 1075 dh=NULL; 1076 } 1077 else if ((alg & SSL_kDHr) || (alg & SSL_kDHd)) 1078 { 1079 al=SSL_AD_ILLEGAL_PARAMETER; 1080 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER); 1081 goto f_err; 1082 } 1083#endif /* !NO_DH */ 1084 if (alg & SSL_aFZA) 1085 { 1086 al=SSL_AD_HANDSHAKE_FAILURE; 1087 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER); 1088 goto f_err; 1089 } 1090 1091 1092 /* p points to the next byte, there are 'n' bytes left */ 1093 1094 1095 /* if it was signed, check the signature */ 1096 if (pkey != NULL) 1097 { 1098 n2s(p,i); 1099 n-=2; 1100 j=EVP_PKEY_size(pkey); 1101 1102 if ((i != n) || (n > j) || (n <= 0)) 1103 { 1104 /* wrong packet length */ 1105 al=SSL_AD_DECODE_ERROR; 1106 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_WRONG_SIGNATURE_LENGTH); 1107 goto f_err; 1108 } 1109 1110#ifndef NO_RSA 1111 if (pkey->type == EVP_PKEY_RSA) 1112 { 1113 int num; 1114 1115 j=0; 1116 q=md_buf; 1117 for (num=2; num > 0; num--) 1118 { 1119 EVP_DigestInit(&md_ctx,(num == 2) 1120 ?s->ctx->md5:s->ctx->sha1); 1121 EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); 1122 EVP_DigestUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE); 1123 EVP_DigestUpdate(&md_ctx,param,param_len); 1124 EVP_DigestFinal(&md_ctx,q,(unsigned int *)&i); 1125 q+=i; 1126 j+=i; 1127 } 1128 i=RSA_verify(NID_md5_sha1, md_buf, j, p, n, 1129 pkey->pkey.rsa); 1130 if (i < 0) 1131 { 1132 al=SSL_AD_DECRYPT_ERROR; 1133 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_RSA_DECRYPT); 1134 goto f_err; 1135 } 1136 if (i == 0) 1137 { 1138 /* bad signature */ 1139 al=SSL_AD_DECRYPT_ERROR; 1140 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_SIGNATURE); 1141 goto f_err; 1142 } 1143 } 1144 else 1145#endif 1146#ifndef NO_DSA 1147 if (pkey->type == EVP_PKEY_DSA) 1148 { 1149 /* lets do DSS */ 1150 EVP_VerifyInit(&md_ctx,EVP_dss1()); 1151 EVP_VerifyUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); 1152 EVP_VerifyUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE); 1153 EVP_VerifyUpdate(&md_ctx,param,param_len); 1154 if (!EVP_VerifyFinal(&md_ctx,p,(int)n,pkey)) 1155 { 1156 /* bad signature */ 1157 al=SSL_AD_DECRYPT_ERROR; 1158 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_SIGNATURE); 1159 goto f_err; 1160 } 1161 } 1162 else 1163#endif 1164 { 1165 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_INTERNAL_ERROR); 1166 goto err; 1167 } 1168 } 1169 else 1170 { 1171 /* still data left over */ 1172 if (!(alg & SSL_aNULL)) 1173 { 1174 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_INTERNAL_ERROR); 1175 goto err; 1176 } 1177 if (n != 0) 1178 { 1179 al=SSL_AD_DECODE_ERROR; 1180 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_EXTRA_DATA_IN_MESSAGE); 1181 goto f_err; 1182 } 1183 } 1184 EVP_PKEY_free(pkey); 1185 return(1); 1186f_err: 1187 ssl3_send_alert(s,SSL3_AL_FATAL,al); 1188err: 1189 EVP_PKEY_free(pkey); 1190#ifndef NO_RSA 1191 if (rsa != NULL) 1192 RSA_free(rsa); 1193#endif 1194#ifndef NO_DH 1195 if (dh != NULL) 1196 DH_free(dh); 1197#endif 1198 return(-1); 1199 } 1200 1201static int ssl3_get_certificate_request(SSL *s) 1202 { 1203 int ok,ret=0; 1204 unsigned long n,nc,l; 1205 unsigned int llen,ctype_num,i; 1206 X509_NAME *xn=NULL; 1207 unsigned char *p,*d,*q; 1208 STACK_OF(X509_NAME) *ca_sk=NULL; 1209 1210 n=ssl3_get_message(s, 1211 SSL3_ST_CR_CERT_REQ_A, 1212 SSL3_ST_CR_CERT_REQ_B, 1213 -1, 1214#if defined(MSDOS) && !defined(WIN32) 1215 1024*30, /* 30k max cert list :-) */ 1216#else 1217 1024*100, /* 100k max cert list :-) */ 1218#endif 1219 &ok); 1220 1221 if (!ok) return((int)n); 1222 1223 s->s3->tmp.cert_req=0; 1224 1225 if (s->s3->tmp.message_type == SSL3_MT_SERVER_DONE) 1226 { 1227 s->s3->tmp.reuse_message=1; 1228 return(1); 1229 } 1230 1231 if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE_REQUEST) 1232 { 1233 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE); 1234 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_WRONG_MESSAGE_TYPE); 1235 goto err; 1236 } 1237 1238 /* TLS does not like anon-DH with client cert */ 1239 if (s->version > SSL3_VERSION) 1240 { 1241 l=s->s3->tmp.new_cipher->algorithms; 1242 if (l & SSL_aNULL) 1243 { 1244 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE); 1245 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER); 1246 goto err; 1247 } 1248 } 1249 1250 d=p=(unsigned char *)s->init_buf->data; 1251 1252 if ((ca_sk=sk_X509_NAME_new(ca_dn_cmp)) == NULL) 1253 { 1254 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,ERR_R_MALLOC_FAILURE); 1255 goto err; 1256 } 1257 1258 /* get the certificate types */ 1259 ctype_num= *(p++); 1260 if (ctype_num > SSL3_CT_NUMBER) 1261 ctype_num=SSL3_CT_NUMBER; 1262 for (i=0; i<ctype_num; i++) 1263 s->s3->tmp.ctype[i]= p[i]; 1264 p+=ctype_num; 1265 1266 /* get the CA RDNs */ 1267 n2s(p,llen); 1268#if 0 1269{ 1270FILE *out; 1271out=fopen("/tmp/vsign.der","w"); 1272fwrite(p,1,llen,out); 1273fclose(out); 1274} 1275#endif 1276 1277 if ((llen+ctype_num+2+1) != n) 1278 { 1279 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR); 1280 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_LENGTH_MISMATCH); 1281 goto err; 1282 } 1283 1284 for (nc=0; nc<llen; ) 1285 { 1286 n2s(p,l); 1287 if ((l+nc+2) > llen) 1288 { 1289 if ((s->options & SSL_OP_NETSCAPE_CA_DN_BUG)) 1290 goto cont; /* netscape bugs */ 1291 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR); 1292 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_CA_DN_TOO_LONG); 1293 goto err; 1294 } 1295 1296 q=p; 1297 1298 if ((xn=d2i_X509_NAME(NULL,&q,l)) == NULL) 1299 { 1300 /* If netscape tolerance is on, ignore errors */ 1301 if (s->options & SSL_OP_NETSCAPE_CA_DN_BUG) 1302 goto cont; 1303 else 1304 { 1305 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR); 1306 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,ERR_R_ASN1_LIB); 1307 goto err; 1308 } 1309 } 1310 1311 if (q != (p+l)) 1312 { 1313 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR); 1314 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_CA_DN_LENGTH_MISMATCH); 1315 goto err; 1316 } 1317 if (!sk_X509_NAME_push(ca_sk,xn)) 1318 { 1319 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,ERR_R_MALLOC_FAILURE); 1320 goto err; 1321 } 1322 1323 p+=l; 1324 nc+=l+2; 1325 } 1326 1327 if (0) 1328 { 1329cont: 1330 ERR_clear_error(); 1331 } 1332 1333 /* we should setup a certificate to return.... */ 1334 s->s3->tmp.cert_req=1; 1335 s->s3->tmp.ctype_num=ctype_num; 1336 if (s->s3->tmp.ca_names != NULL) 1337 sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free); 1338 s->s3->tmp.ca_names=ca_sk; 1339 ca_sk=NULL; 1340 1341 ret=1; 1342err: 1343 if (ca_sk != NULL) sk_X509_NAME_pop_free(ca_sk,X509_NAME_free); 1344 return(ret); 1345 } 1346 1347static int ca_dn_cmp(const X509_NAME * const *a, const X509_NAME * const *b) 1348 { 1349 return(X509_NAME_cmp(*a,*b)); 1350 } 1351 1352static int ssl3_get_server_done(SSL *s) 1353 { 1354 int ok,ret=0; 1355 long n; 1356 1357 n=ssl3_get_message(s, 1358 SSL3_ST_CR_SRVR_DONE_A, 1359 SSL3_ST_CR_SRVR_DONE_B, 1360 SSL3_MT_SERVER_DONE, 1361 30, /* should be very small, like 0 :-) */ 1362 &ok); 1363 1364 if (!ok) return((int)n); 1365 if (n > 0) 1366 { 1367 /* should contain no data */ 1368 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR); 1369 SSLerr(SSL_F_SSL3_GET_SERVER_DONE,SSL_R_LENGTH_MISMATCH); 1370 return -1; 1371 } 1372 ret=1; 1373 return(ret); 1374 } 1375 1376static int ssl3_send_client_key_exchange(SSL *s) 1377 { 1378 unsigned char *p,*d; 1379 int n; 1380 unsigned long l; 1381#ifndef NO_RSA 1382 unsigned char *q; 1383 EVP_PKEY *pkey=NULL; 1384#endif 1385 1386 if (s->state == SSL3_ST_CW_KEY_EXCH_A) 1387 { 1388 d=(unsigned char *)s->init_buf->data; 1389 p= &(d[4]); 1390 1391 l=s->s3->tmp.new_cipher->algorithms; 1392 1393#ifndef NO_RSA 1394 if (l & SSL_kRSA) 1395 { 1396 RSA *rsa; 1397 unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH]; 1398 1399 if (s->session->sess_cert->peer_rsa_tmp != NULL) 1400 rsa=s->session->sess_cert->peer_rsa_tmp; 1401 else 1402 { 1403 pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509); 1404 if ((pkey == NULL) || 1405 (pkey->type != EVP_PKEY_RSA) || 1406 (pkey->pkey.rsa == NULL)) 1407 { 1408 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_INTERNAL_ERROR); 1409 goto err; 1410 } 1411 rsa=pkey->pkey.rsa; 1412 EVP_PKEY_free(pkey); 1413 } 1414 1415 tmp_buf[0]=s->client_version>>8; 1416 tmp_buf[1]=s->client_version&0xff; 1417 if (RAND_bytes(&(tmp_buf[2]),SSL_MAX_MASTER_KEY_LENGTH-2) <= 0) 1418 goto err; 1419 1420 s->session->master_key_length=SSL_MAX_MASTER_KEY_LENGTH; 1421 1422 q=p; 1423 /* Fix buf for TLS and beyond */ 1424 if (s->version > SSL3_VERSION) 1425 p+=2; 1426 n=RSA_public_encrypt(SSL_MAX_MASTER_KEY_LENGTH, 1427 tmp_buf,p,rsa,RSA_PKCS1_PADDING); 1428#ifdef PKCS1_CHECK 1429 if (s->options & SSL_OP_PKCS1_CHECK_1) p[1]++; 1430 if (s->options & SSL_OP_PKCS1_CHECK_2) tmp_buf[0]=0x70; 1431#endif 1432 if (n <= 0) 1433 { 1434 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_ENCRYPT); 1435 goto err; 1436 } 1437 1438 /* Fix buf for TLS and beyond */ 1439 if (s->version > SSL3_VERSION) 1440 { 1441 s2n(n,q); 1442 n+=2; 1443 } 1444 1445 s->session->master_key_length= 1446 s->method->ssl3_enc->generate_master_secret(s, 1447 s->session->master_key, 1448 tmp_buf,SSL_MAX_MASTER_KEY_LENGTH); 1449 memset(tmp_buf,0,SSL_MAX_MASTER_KEY_LENGTH); 1450 } 1451 else 1452#endif 1453#ifndef NO_DH 1454 if (l & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) 1455 { 1456 DH *dh_srvr,*dh_clnt; 1457 1458 if (s->session->sess_cert->peer_dh_tmp != NULL) 1459 dh_srvr=s->session->sess_cert->peer_dh_tmp; 1460 else 1461 { 1462 /* we get them from the cert */ 1463 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE); 1464 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNABLE_TO_FIND_DH_PARAMETERS); 1465 goto err; 1466 } 1467 1468 /* generate a new random key */ 1469 if ((dh_clnt=DHparams_dup(dh_srvr)) == NULL) 1470 { 1471 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB); 1472 goto err; 1473 } 1474 if (!DH_generate_key(dh_clnt)) 1475 { 1476 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB); 1477 goto err; 1478 } 1479 1480 /* use the 'p' output buffer for the DH key, but 1481 * make sure to clear it out afterwards */ 1482 1483 n=DH_compute_key(p,dh_srvr->pub_key,dh_clnt); 1484 1485 if (n <= 0) 1486 { 1487 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB); 1488 goto err; 1489 } 1490 1491 /* generate master key from the result */ 1492 s->session->master_key_length= 1493 s->method->ssl3_enc->generate_master_secret(s, 1494 s->session->master_key,p,n); 1495 /* clean up */ 1496 memset(p,0,n); 1497 1498 /* send off the data */ 1499 n=BN_num_bytes(dh_clnt->pub_key); 1500 s2n(n,p); 1501 BN_bn2bin(dh_clnt->pub_key,p); 1502 n+=2; 1503 1504 DH_free(dh_clnt); 1505 1506 /* perhaps clean things up a bit EAY EAY EAY EAY*/ 1507 } 1508 else 1509#endif 1510 { 1511 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE); 1512 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_INTERNAL_ERROR); 1513 goto err; 1514 } 1515 1516 *(d++)=SSL3_MT_CLIENT_KEY_EXCHANGE; 1517 l2n3(n,d); 1518 1519 s->state=SSL3_ST_CW_KEY_EXCH_B; 1520 /* number of bytes to write */ 1521 s->init_num=n+4; 1522 s->init_off=0; 1523 } 1524 1525 /* SSL3_ST_CW_KEY_EXCH_B */ 1526 return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); 1527err: 1528 return(-1); 1529 } 1530 1531static int ssl3_send_client_verify(SSL *s) 1532 { 1533 unsigned char *p,*d; 1534 unsigned char data[MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH]; 1535 EVP_PKEY *pkey; 1536#ifndef NO_RSA 1537 unsigned u=0; 1538#endif 1539 unsigned long n; 1540#ifndef NO_DSA 1541 int j; 1542#endif 1543 1544 if (s->state == SSL3_ST_CW_CERT_VRFY_A) 1545 { 1546 d=(unsigned char *)s->init_buf->data; 1547 p= &(d[4]); 1548 pkey=s->cert->key->privatekey; 1549 1550 s->method->ssl3_enc->cert_verify_mac(s,&(s->s3->finish_dgst2), 1551 &(data[MD5_DIGEST_LENGTH])); 1552 1553#ifndef NO_RSA 1554 if (pkey->type == EVP_PKEY_RSA) 1555 { 1556 s->method->ssl3_enc->cert_verify_mac(s, 1557 &(s->s3->finish_dgst1),&(data[0])); 1558 if (RSA_sign(NID_md5_sha1, data, 1559 MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH, 1560 &(p[2]), &u, pkey->pkey.rsa) <= 0 ) 1561 { 1562 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,ERR_R_RSA_LIB); 1563 goto err; 1564 } 1565 s2n(u,p); 1566 n=u+2; 1567 } 1568 else 1569#endif 1570#ifndef NO_DSA 1571 if (pkey->type == EVP_PKEY_DSA) 1572 { 1573 if (!DSA_sign(pkey->save_type, 1574 &(data[MD5_DIGEST_LENGTH]), 1575 SHA_DIGEST_LENGTH,&(p[2]), 1576 (unsigned int *)&j,pkey->pkey.dsa)) 1577 { 1578 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,ERR_R_DSA_LIB); 1579 goto err; 1580 } 1581 s2n(j,p); 1582 n=j+2; 1583 } 1584 else 1585#endif 1586 { 1587 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,SSL_R_INTERNAL_ERROR); 1588 goto err; 1589 } 1590 *(d++)=SSL3_MT_CERTIFICATE_VERIFY; 1591 l2n3(n,d); 1592 1593 s->init_num=(int)n+4; 1594 s->init_off=0; 1595 } 1596 return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); 1597err: 1598 return(-1); 1599 } 1600 1601static int ssl3_send_client_certificate(SSL *s) 1602 { 1603 X509 *x509=NULL; 1604 EVP_PKEY *pkey=NULL; 1605 int i; 1606 unsigned long l; 1607 1608 if (s->state == SSL3_ST_CW_CERT_A) 1609 { 1610 if ((s->cert == NULL) || 1611 (s->cert->key->x509 == NULL) || 1612 (s->cert->key->privatekey == NULL)) 1613 s->state=SSL3_ST_CW_CERT_B; 1614 else 1615 s->state=SSL3_ST_CW_CERT_C; 1616 } 1617 1618 /* We need to get a client cert */ 1619 if (s->state == SSL3_ST_CW_CERT_B) 1620 { 1621 /* If we get an error, we need to 1622 * ssl->rwstate=SSL_X509_LOOKUP; return(-1); 1623 * We then get retied later */ 1624 i=0; 1625 if (s->ctx->client_cert_cb != NULL) 1626 i=s->ctx->client_cert_cb(s,&(x509),&(pkey)); 1627 if (i < 0) 1628 { 1629 s->rwstate=SSL_X509_LOOKUP; 1630 return(-1); 1631 } 1632 s->rwstate=SSL_NOTHING; 1633 if ((i == 1) && (pkey != NULL) && (x509 != NULL)) 1634 { 1635 s->state=SSL3_ST_CW_CERT_B; 1636 if ( !SSL_use_certificate(s,x509) || 1637 !SSL_use_PrivateKey(s,pkey)) 1638 i=0; 1639 } 1640 else if (i == 1) 1641 { 1642 i=0; 1643 SSLerr(SSL_F_SSL3_SEND_CLIENT_CERTIFICATE,SSL_R_BAD_DATA_RETURNED_BY_CALLBACK); 1644 } 1645 1646 if (x509 != NULL) X509_free(x509); 1647 if (pkey != NULL) EVP_PKEY_free(pkey); 1648 if (i == 0) 1649 { 1650 if (s->version == SSL3_VERSION) 1651 { 1652 s->s3->tmp.cert_req=0; 1653 ssl3_send_alert(s,SSL3_AL_WARNING,SSL_AD_NO_CERTIFICATE); 1654 return(1); 1655 } 1656 else 1657 { 1658 s->s3->tmp.cert_req=2; 1659 } 1660 } 1661 1662 /* Ok, we have a cert */ 1663 s->state=SSL3_ST_CW_CERT_C; 1664 } 1665 1666 if (s->state == SSL3_ST_CW_CERT_C) 1667 { 1668 s->state=SSL3_ST_CW_CERT_D; 1669 l=ssl3_output_cert_chain(s, 1670 (s->s3->tmp.cert_req == 2)?NULL:s->cert->key->x509); 1671 s->init_num=(int)l; 1672 s->init_off=0; 1673 } 1674 /* SSL3_ST_CW_CERT_D */ 1675 return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); 1676 } 1677 1678#define has_bits(i,m) (((i)&(m)) == (m)) 1679 1680static int ssl3_check_cert_and_algorithm(SSL *s) 1681 { 1682 int i,idx; 1683 long algs; 1684 EVP_PKEY *pkey=NULL; 1685 SESS_CERT *sc; 1686#ifndef NO_RSA 1687 RSA *rsa; 1688#endif 1689#ifndef NO_DH 1690 DH *dh; 1691#endif 1692 1693 sc=s->session->sess_cert; 1694 1695 if (sc == NULL) 1696 { 1697 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_INTERNAL_ERROR); 1698 goto err; 1699 } 1700 1701 algs=s->s3->tmp.new_cipher->algorithms; 1702 1703 /* we don't have a certificate */ 1704 if (algs & (SSL_aDH|SSL_aNULL)) 1705 return(1); 1706 1707#ifndef NO_RSA 1708 rsa=s->session->sess_cert->peer_rsa_tmp; 1709#endif 1710#ifndef NO_DH 1711 dh=s->session->sess_cert->peer_dh_tmp; 1712#endif 1713 1714 /* This is the passed certificate */ 1715 1716 idx=sc->peer_cert_type; 1717 pkey=X509_get_pubkey(sc->peer_pkeys[idx].x509); 1718 i=X509_certificate_type(sc->peer_pkeys[idx].x509,pkey); 1719 EVP_PKEY_free(pkey); 1720 1721 1722 /* Check that we have a certificate if we require one */ 1723 if ((algs & SSL_aRSA) && !has_bits(i,EVP_PK_RSA|EVP_PKT_SIGN)) 1724 { 1725 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_RSA_SIGNING_CERT); 1726 goto f_err; 1727 } 1728#ifndef NO_DSA 1729 else if ((algs & SSL_aDSS) && !has_bits(i,EVP_PK_DSA|EVP_PKT_SIGN)) 1730 { 1731 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DSA_SIGNING_CERT); 1732 goto f_err; 1733 } 1734#endif 1735#ifndef NO_RSA 1736 if ((algs & SSL_kRSA) && 1737 !(has_bits(i,EVP_PK_RSA|EVP_PKT_ENC) || (rsa != NULL))) 1738 { 1739 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_RSA_ENCRYPTING_CERT); 1740 goto f_err; 1741 } 1742#endif 1743#ifndef NO_DH 1744 if ((algs & SSL_kEDH) && 1745 !(has_bits(i,EVP_PK_DH|EVP_PKT_EXCH) || (dh != NULL))) 1746 { 1747 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_KEY); 1748 goto f_err; 1749 } 1750 else if ((algs & SSL_kDHr) && !has_bits(i,EVP_PK_DH|EVP_PKS_RSA)) 1751 { 1752 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_RSA_CERT); 1753 goto f_err; 1754 } 1755#ifndef NO_DSA 1756 else if ((algs & SSL_kDHd) && !has_bits(i,EVP_PK_DH|EVP_PKS_DSA)) 1757 { 1758 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_DSA_CERT); 1759 goto f_err; 1760 } 1761#endif 1762#endif 1763 1764 if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && !has_bits(i,EVP_PKT_EXP)) 1765 { 1766#ifndef NO_RSA 1767 if (algs & SSL_kRSA) 1768 { 1769 if (rsa == NULL 1770 || RSA_size(rsa) > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) 1771 { 1772 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_EXPORT_TMP_RSA_KEY); 1773 goto f_err; 1774 } 1775 } 1776 else 1777#endif 1778#ifndef NO_DH 1779 if (algs & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) 1780 { 1781 if (dh == NULL 1782 || DH_size(dh) > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) 1783 { 1784 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_EXPORT_TMP_DH_KEY); 1785 goto f_err; 1786 } 1787 } 1788 else 1789#endif 1790 { 1791 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE); 1792 goto f_err; 1793 } 1794 } 1795 return(1); 1796f_err: 1797 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE); 1798err: 1799 return(0); 1800 } 1801
| 639 if ((j != 0) && (j != SSL3_SESSION_ID_SIZE)) 640 { 641 /* SSLref returns 16 :-( */ 642 if (j < SSL2_SSL_SESSION_ID_LENGTH) 643 { 644 al=SSL_AD_ILLEGAL_PARAMETER; 645 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_SSL3_SESSION_ID_TOO_SHORT); 646 goto f_err; 647 } 648 } 649 if (j != 0 && j == s->session->session_id_length 650 && memcmp(p,s->session->session_id,j) == 0) 651 { 652 if(s->sid_ctx_length != s->session->sid_ctx_length 653 || memcmp(s->session->sid_ctx,s->sid_ctx,s->sid_ctx_length)) 654 { 655 al=SSL_AD_ILLEGAL_PARAMETER; 656 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT); 657 goto f_err; 658 } 659 s->hit=1; 660 } 661 else /* a miss or crap from the other end */ 662 { 663 /* If we were trying for session-id reuse, make a new 664 * SSL_SESSION so we don't stuff up other people */ 665 s->hit=0; 666 if (s->session->session_id_length > 0) 667 { 668 if (!ssl_get_new_session(s,0)) 669 { 670 al=SSL_AD_INTERNAL_ERROR; 671 goto f_err; 672 } 673 } 674 s->session->session_id_length=j; 675 memcpy(s->session->session_id,p,j); /* j could be 0 */ 676 } 677 p+=j; 678 c=ssl_get_cipher_by_char(s,p); 679 if (c == NULL) 680 { 681 /* unknown cipher */ 682 al=SSL_AD_ILLEGAL_PARAMETER; 683 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_UNKNOWN_CIPHER_RETURNED); 684 goto f_err; 685 } 686 p+=ssl_put_cipher_by_char(s,NULL,NULL); 687 688 sk=ssl_get_ciphers_by_id(s); 689 i=sk_SSL_CIPHER_find(sk,c); 690 if (i < 0) 691 { 692 /* we did not say we would use this cipher */ 693 al=SSL_AD_ILLEGAL_PARAMETER; 694 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_WRONG_CIPHER_RETURNED); 695 goto f_err; 696 } 697 698 if (s->hit && (s->session->cipher != c)) 699 { 700 if (!(s->options & 701 SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG)) 702 { 703 al=SSL_AD_ILLEGAL_PARAMETER; 704 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED); 705 goto f_err; 706 } 707 } 708 s->s3->tmp.new_cipher=c; 709 710 /* lets get the compression algorithm */ 711 /* COMPRESSION */ 712 j= *(p++); 713 if (j == 0) 714 comp=NULL; 715 else 716 comp=ssl3_comp_find(s->ctx->comp_methods,j); 717 718 if ((j != 0) && (comp == NULL)) 719 { 720 al=SSL_AD_ILLEGAL_PARAMETER; 721 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM); 722 goto f_err; 723 } 724 else 725 { 726 s->s3->tmp.new_compression=comp; 727 } 728 729 if (p != (d+n)) 730 { 731 /* wrong packet length */ 732 al=SSL_AD_DECODE_ERROR; 733 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_BAD_PACKET_LENGTH); 734 goto err; 735 } 736 737 return(1); 738f_err: 739 ssl3_send_alert(s,SSL3_AL_FATAL,al); 740err: 741 return(-1); 742 } 743 744static int ssl3_get_server_certificate(SSL *s) 745 { 746 int al,i,ok,ret= -1; 747 unsigned long n,nc,llen,l; 748 X509 *x=NULL; 749 unsigned char *p,*d,*q; 750 STACK_OF(X509) *sk=NULL; 751 SESS_CERT *sc; 752 EVP_PKEY *pkey=NULL; 753 754 n=ssl3_get_message(s, 755 SSL3_ST_CR_CERT_A, 756 SSL3_ST_CR_CERT_B, 757 -1, 758#if defined(MSDOS) && !defined(WIN32) 759 1024*30, /* 30k max cert list :-) */ 760#else 761 1024*100, /* 100k max cert list :-) */ 762#endif 763 &ok); 764 765 if (!ok) return((int)n); 766 767 if (s->s3->tmp.message_type == SSL3_MT_SERVER_KEY_EXCHANGE) 768 { 769 s->s3->tmp.reuse_message=1; 770 return(1); 771 } 772 773 if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE) 774 { 775 al=SSL_AD_UNEXPECTED_MESSAGE; 776 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_BAD_MESSAGE_TYPE); 777 goto f_err; 778 } 779 d=p=(unsigned char *)s->init_buf->data; 780 781 if ((sk=sk_X509_new_null()) == NULL) 782 { 783 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,ERR_R_MALLOC_FAILURE); 784 goto err; 785 } 786 787 n2l3(p,llen); 788 if (llen+3 != n) 789 { 790 al=SSL_AD_DECODE_ERROR; 791 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_LENGTH_MISMATCH); 792 goto f_err; 793 } 794 for (nc=0; nc<llen; ) 795 { 796 n2l3(p,l); 797 if ((l+nc+3) > llen) 798 { 799 al=SSL_AD_DECODE_ERROR; 800 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_CERT_LENGTH_MISMATCH); 801 goto f_err; 802 } 803 804 q=p; 805 x=d2i_X509(NULL,&q,l); 806 if (x == NULL) 807 { 808 al=SSL_AD_BAD_CERTIFICATE; 809 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,ERR_R_ASN1_LIB); 810 goto f_err; 811 } 812 if (q != (p+l)) 813 { 814 al=SSL_AD_DECODE_ERROR; 815 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_CERT_LENGTH_MISMATCH); 816 goto f_err; 817 } 818 if (!sk_X509_push(sk,x)) 819 { 820 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,ERR_R_MALLOC_FAILURE); 821 goto err; 822 } 823 x=NULL; 824 nc+=l+3; 825 p=q; 826 } 827 828 i=ssl_verify_cert_chain(s,sk); 829 if ((s->verify_mode != SSL_VERIFY_NONE) && (!i)) 830 { 831 al=ssl_verify_alarm_type(s->verify_result); 832 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_CERTIFICATE_VERIFY_FAILED); 833 goto f_err; 834 } 835 ERR_clear_error(); /* but we keep s->verify_result */ 836 837 sc=ssl_sess_cert_new(); 838 if (sc == NULL) goto err; 839 840 if (s->session->sess_cert) ssl_sess_cert_free(s->session->sess_cert); 841 s->session->sess_cert=sc; 842 843 sc->cert_chain=sk; 844 /* Inconsistency alert: cert_chain does include the peer's 845 * certificate, which we don't include in s3_srvr.c */ 846 x=sk_X509_value(sk,0); 847 sk=NULL; 848 849 pkey=X509_get_pubkey(x); 850 851 if ((pkey == NULL) || EVP_PKEY_missing_parameters(pkey)) 852 { 853 x=NULL; 854 al=SSL3_AL_FATAL; 855 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS); 856 goto f_err; 857 } 858 859 i=ssl_cert_type(x,pkey); 860 if (i < 0) 861 { 862 x=NULL; 863 al=SSL3_AL_FATAL; 864 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_UNKNOWN_CERTIFICATE_TYPE); 865 goto f_err; 866 } 867 868 sc->peer_cert_type=i; 869 CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509); 870 if (sc->peer_pkeys[i].x509 != NULL) /* Why would this ever happen? 871 * We just created sc a couple of 872 * lines ago. */ 873 X509_free(sc->peer_pkeys[i].x509); 874 sc->peer_pkeys[i].x509=x; 875 sc->peer_key= &(sc->peer_pkeys[i]); 876 877 if (s->session->peer != NULL) 878 X509_free(s->session->peer); 879 CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509); 880 s->session->peer=x; 881 s->session->verify_result = s->verify_result; 882 883 x=NULL; 884 ret=1; 885 886 if (0) 887 { 888f_err: 889 ssl3_send_alert(s,SSL3_AL_FATAL,al); 890 } 891err: 892 EVP_PKEY_free(pkey); 893 X509_free(x); 894 sk_X509_pop_free(sk,X509_free); 895 return(ret); 896 } 897 898static int ssl3_get_key_exchange(SSL *s) 899 { 900#ifndef NO_RSA 901 unsigned char *q,md_buf[EVP_MAX_MD_SIZE*2]; 902#endif 903 EVP_MD_CTX md_ctx; 904 unsigned char *param,*p; 905 int al,i,j,param_len,ok; 906 long n,alg; 907 EVP_PKEY *pkey=NULL; 908#ifndef NO_RSA 909 RSA *rsa=NULL; 910#endif 911#ifndef NO_DH 912 DH *dh=NULL; 913#endif 914 915 /* use same message size as in ssl3_get_certificate_request() 916 * as ServerKeyExchange message may be skipped */ 917 n=ssl3_get_message(s, 918 SSL3_ST_CR_KEY_EXCH_A, 919 SSL3_ST_CR_KEY_EXCH_B, 920 -1, 921#if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN32) 922 1024*30, /* 30k max cert list :-) */ 923#else 924 1024*100, /* 100k max cert list :-) */ 925#endif 926 &ok); 927 928 if (!ok) return((int)n); 929 930 if (s->s3->tmp.message_type != SSL3_MT_SERVER_KEY_EXCHANGE) 931 { 932 s->s3->tmp.reuse_message=1; 933 return(1); 934 } 935 936 param=p=(unsigned char *)s->init_buf->data; 937 938 if (s->session->sess_cert != NULL) 939 { 940#ifndef NO_RSA 941 if (s->session->sess_cert->peer_rsa_tmp != NULL) 942 { 943 RSA_free(s->session->sess_cert->peer_rsa_tmp); 944 s->session->sess_cert->peer_rsa_tmp=NULL; 945 } 946#endif 947#ifndef NO_DH 948 if (s->session->sess_cert->peer_dh_tmp) 949 { 950 DH_free(s->session->sess_cert->peer_dh_tmp); 951 s->session->sess_cert->peer_dh_tmp=NULL; 952 } 953#endif 954 } 955 else 956 { 957 s->session->sess_cert=ssl_sess_cert_new(); 958 } 959 960 param_len=0; 961 alg=s->s3->tmp.new_cipher->algorithms; 962 963#ifndef NO_RSA 964 if (alg & SSL_kRSA) 965 { 966 if ((rsa=RSA_new()) == NULL) 967 { 968 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE); 969 goto err; 970 } 971 n2s(p,i); 972 param_len=i+2; 973 if (param_len > n) 974 { 975 al=SSL_AD_DECODE_ERROR; 976 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_RSA_MODULUS_LENGTH); 977 goto f_err; 978 } 979 if (!(rsa->n=BN_bin2bn(p,i,rsa->n))) 980 { 981 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB); 982 goto err; 983 } 984 p+=i; 985 986 n2s(p,i); 987 param_len+=i+2; 988 if (param_len > n) 989 { 990 al=SSL_AD_DECODE_ERROR; 991 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_RSA_E_LENGTH); 992 goto f_err; 993 } 994 if (!(rsa->e=BN_bin2bn(p,i,rsa->e))) 995 { 996 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB); 997 goto err; 998 } 999 p+=i; 1000 n-=param_len; 1001 1002 /* this should be because we are using an export cipher */ 1003 if (alg & SSL_aRSA) 1004 pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509); 1005 else 1006 { 1007 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_INTERNAL_ERROR); 1008 goto err; 1009 } 1010 s->session->sess_cert->peer_rsa_tmp=rsa; 1011 rsa=NULL; 1012 } 1013#else /* NO_RSA */ 1014 if (0) 1015 ; 1016#endif 1017#ifndef NO_DH 1018 else if (alg & SSL_kEDH) 1019 { 1020 if ((dh=DH_new()) == NULL) 1021 { 1022 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_DH_LIB); 1023 goto err; 1024 } 1025 n2s(p,i); 1026 param_len=i+2; 1027 if (param_len > n) 1028 { 1029 al=SSL_AD_DECODE_ERROR; 1030 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_DH_P_LENGTH); 1031 goto f_err; 1032 } 1033 if (!(dh->p=BN_bin2bn(p,i,NULL))) 1034 { 1035 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB); 1036 goto err; 1037 } 1038 p+=i; 1039 1040 n2s(p,i); 1041 param_len+=i+2; 1042 if (param_len > n) 1043 { 1044 al=SSL_AD_DECODE_ERROR; 1045 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_DH_G_LENGTH); 1046 goto f_err; 1047 } 1048 if (!(dh->g=BN_bin2bn(p,i,NULL))) 1049 { 1050 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB); 1051 goto err; 1052 } 1053 p+=i; 1054 1055 n2s(p,i); 1056 param_len+=i+2; 1057 if (param_len > n) 1058 { 1059 al=SSL_AD_DECODE_ERROR; 1060 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_DH_PUB_KEY_LENGTH); 1061 goto f_err; 1062 } 1063 if (!(dh->pub_key=BN_bin2bn(p,i,NULL))) 1064 { 1065 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB); 1066 goto err; 1067 } 1068 p+=i; 1069 n-=param_len; 1070 1071#ifndef NO_RSA 1072 if (alg & SSL_aRSA) 1073 pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509); 1074#else 1075 if (0) 1076 ; 1077#endif 1078#ifndef NO_DSA 1079 else if (alg & SSL_aDSS) 1080 pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_DSA_SIGN].x509); 1081#endif 1082 /* else anonymous DH, so no certificate or pkey. */ 1083 1084 s->session->sess_cert->peer_dh_tmp=dh; 1085 dh=NULL; 1086 } 1087 else if ((alg & SSL_kDHr) || (alg & SSL_kDHd)) 1088 { 1089 al=SSL_AD_ILLEGAL_PARAMETER; 1090 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER); 1091 goto f_err; 1092 } 1093#endif /* !NO_DH */ 1094 if (alg & SSL_aFZA) 1095 { 1096 al=SSL_AD_HANDSHAKE_FAILURE; 1097 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER); 1098 goto f_err; 1099 } 1100 1101 1102 /* p points to the next byte, there are 'n' bytes left */ 1103 1104 1105 /* if it was signed, check the signature */ 1106 if (pkey != NULL) 1107 { 1108 n2s(p,i); 1109 n-=2; 1110 j=EVP_PKEY_size(pkey); 1111 1112 if ((i != n) || (n > j) || (n <= 0)) 1113 { 1114 /* wrong packet length */ 1115 al=SSL_AD_DECODE_ERROR; 1116 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_WRONG_SIGNATURE_LENGTH); 1117 goto f_err; 1118 } 1119 1120#ifndef NO_RSA 1121 if (pkey->type == EVP_PKEY_RSA) 1122 { 1123 int num; 1124 1125 j=0; 1126 q=md_buf; 1127 for (num=2; num > 0; num--) 1128 { 1129 EVP_DigestInit(&md_ctx,(num == 2) 1130 ?s->ctx->md5:s->ctx->sha1); 1131 EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); 1132 EVP_DigestUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE); 1133 EVP_DigestUpdate(&md_ctx,param,param_len); 1134 EVP_DigestFinal(&md_ctx,q,(unsigned int *)&i); 1135 q+=i; 1136 j+=i; 1137 } 1138 i=RSA_verify(NID_md5_sha1, md_buf, j, p, n, 1139 pkey->pkey.rsa); 1140 if (i < 0) 1141 { 1142 al=SSL_AD_DECRYPT_ERROR; 1143 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_RSA_DECRYPT); 1144 goto f_err; 1145 } 1146 if (i == 0) 1147 { 1148 /* bad signature */ 1149 al=SSL_AD_DECRYPT_ERROR; 1150 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_SIGNATURE); 1151 goto f_err; 1152 } 1153 } 1154 else 1155#endif 1156#ifndef NO_DSA 1157 if (pkey->type == EVP_PKEY_DSA) 1158 { 1159 /* lets do DSS */ 1160 EVP_VerifyInit(&md_ctx,EVP_dss1()); 1161 EVP_VerifyUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); 1162 EVP_VerifyUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE); 1163 EVP_VerifyUpdate(&md_ctx,param,param_len); 1164 if (!EVP_VerifyFinal(&md_ctx,p,(int)n,pkey)) 1165 { 1166 /* bad signature */ 1167 al=SSL_AD_DECRYPT_ERROR; 1168 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_SIGNATURE); 1169 goto f_err; 1170 } 1171 } 1172 else 1173#endif 1174 { 1175 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_INTERNAL_ERROR); 1176 goto err; 1177 } 1178 } 1179 else 1180 { 1181 /* still data left over */ 1182 if (!(alg & SSL_aNULL)) 1183 { 1184 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_INTERNAL_ERROR); 1185 goto err; 1186 } 1187 if (n != 0) 1188 { 1189 al=SSL_AD_DECODE_ERROR; 1190 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_EXTRA_DATA_IN_MESSAGE); 1191 goto f_err; 1192 } 1193 } 1194 EVP_PKEY_free(pkey); 1195 return(1); 1196f_err: 1197 ssl3_send_alert(s,SSL3_AL_FATAL,al); 1198err: 1199 EVP_PKEY_free(pkey); 1200#ifndef NO_RSA 1201 if (rsa != NULL) 1202 RSA_free(rsa); 1203#endif 1204#ifndef NO_DH 1205 if (dh != NULL) 1206 DH_free(dh); 1207#endif 1208 return(-1); 1209 } 1210 1211static int ssl3_get_certificate_request(SSL *s) 1212 { 1213 int ok,ret=0; 1214 unsigned long n,nc,l; 1215 unsigned int llen,ctype_num,i; 1216 X509_NAME *xn=NULL; 1217 unsigned char *p,*d,*q; 1218 STACK_OF(X509_NAME) *ca_sk=NULL; 1219 1220 n=ssl3_get_message(s, 1221 SSL3_ST_CR_CERT_REQ_A, 1222 SSL3_ST_CR_CERT_REQ_B, 1223 -1, 1224#if defined(MSDOS) && !defined(WIN32) 1225 1024*30, /* 30k max cert list :-) */ 1226#else 1227 1024*100, /* 100k max cert list :-) */ 1228#endif 1229 &ok); 1230 1231 if (!ok) return((int)n); 1232 1233 s->s3->tmp.cert_req=0; 1234 1235 if (s->s3->tmp.message_type == SSL3_MT_SERVER_DONE) 1236 { 1237 s->s3->tmp.reuse_message=1; 1238 return(1); 1239 } 1240 1241 if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE_REQUEST) 1242 { 1243 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE); 1244 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_WRONG_MESSAGE_TYPE); 1245 goto err; 1246 } 1247 1248 /* TLS does not like anon-DH with client cert */ 1249 if (s->version > SSL3_VERSION) 1250 { 1251 l=s->s3->tmp.new_cipher->algorithms; 1252 if (l & SSL_aNULL) 1253 { 1254 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE); 1255 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER); 1256 goto err; 1257 } 1258 } 1259 1260 d=p=(unsigned char *)s->init_buf->data; 1261 1262 if ((ca_sk=sk_X509_NAME_new(ca_dn_cmp)) == NULL) 1263 { 1264 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,ERR_R_MALLOC_FAILURE); 1265 goto err; 1266 } 1267 1268 /* get the certificate types */ 1269 ctype_num= *(p++); 1270 if (ctype_num > SSL3_CT_NUMBER) 1271 ctype_num=SSL3_CT_NUMBER; 1272 for (i=0; i<ctype_num; i++) 1273 s->s3->tmp.ctype[i]= p[i]; 1274 p+=ctype_num; 1275 1276 /* get the CA RDNs */ 1277 n2s(p,llen); 1278#if 0 1279{ 1280FILE *out; 1281out=fopen("/tmp/vsign.der","w"); 1282fwrite(p,1,llen,out); 1283fclose(out); 1284} 1285#endif 1286 1287 if ((llen+ctype_num+2+1) != n) 1288 { 1289 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR); 1290 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_LENGTH_MISMATCH); 1291 goto err; 1292 } 1293 1294 for (nc=0; nc<llen; ) 1295 { 1296 n2s(p,l); 1297 if ((l+nc+2) > llen) 1298 { 1299 if ((s->options & SSL_OP_NETSCAPE_CA_DN_BUG)) 1300 goto cont; /* netscape bugs */ 1301 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR); 1302 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_CA_DN_TOO_LONG); 1303 goto err; 1304 } 1305 1306 q=p; 1307 1308 if ((xn=d2i_X509_NAME(NULL,&q,l)) == NULL) 1309 { 1310 /* If netscape tolerance is on, ignore errors */ 1311 if (s->options & SSL_OP_NETSCAPE_CA_DN_BUG) 1312 goto cont; 1313 else 1314 { 1315 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR); 1316 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,ERR_R_ASN1_LIB); 1317 goto err; 1318 } 1319 } 1320 1321 if (q != (p+l)) 1322 { 1323 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR); 1324 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_CA_DN_LENGTH_MISMATCH); 1325 goto err; 1326 } 1327 if (!sk_X509_NAME_push(ca_sk,xn)) 1328 { 1329 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,ERR_R_MALLOC_FAILURE); 1330 goto err; 1331 } 1332 1333 p+=l; 1334 nc+=l+2; 1335 } 1336 1337 if (0) 1338 { 1339cont: 1340 ERR_clear_error(); 1341 } 1342 1343 /* we should setup a certificate to return.... */ 1344 s->s3->tmp.cert_req=1; 1345 s->s3->tmp.ctype_num=ctype_num; 1346 if (s->s3->tmp.ca_names != NULL) 1347 sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free); 1348 s->s3->tmp.ca_names=ca_sk; 1349 ca_sk=NULL; 1350 1351 ret=1; 1352err: 1353 if (ca_sk != NULL) sk_X509_NAME_pop_free(ca_sk,X509_NAME_free); 1354 return(ret); 1355 } 1356 1357static int ca_dn_cmp(const X509_NAME * const *a, const X509_NAME * const *b) 1358 { 1359 return(X509_NAME_cmp(*a,*b)); 1360 } 1361 1362static int ssl3_get_server_done(SSL *s) 1363 { 1364 int ok,ret=0; 1365 long n; 1366 1367 n=ssl3_get_message(s, 1368 SSL3_ST_CR_SRVR_DONE_A, 1369 SSL3_ST_CR_SRVR_DONE_B, 1370 SSL3_MT_SERVER_DONE, 1371 30, /* should be very small, like 0 :-) */ 1372 &ok); 1373 1374 if (!ok) return((int)n); 1375 if (n > 0) 1376 { 1377 /* should contain no data */ 1378 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR); 1379 SSLerr(SSL_F_SSL3_GET_SERVER_DONE,SSL_R_LENGTH_MISMATCH); 1380 return -1; 1381 } 1382 ret=1; 1383 return(ret); 1384 } 1385 1386static int ssl3_send_client_key_exchange(SSL *s) 1387 { 1388 unsigned char *p,*d; 1389 int n; 1390 unsigned long l; 1391#ifndef NO_RSA 1392 unsigned char *q; 1393 EVP_PKEY *pkey=NULL; 1394#endif 1395 1396 if (s->state == SSL3_ST_CW_KEY_EXCH_A) 1397 { 1398 d=(unsigned char *)s->init_buf->data; 1399 p= &(d[4]); 1400 1401 l=s->s3->tmp.new_cipher->algorithms; 1402 1403#ifndef NO_RSA 1404 if (l & SSL_kRSA) 1405 { 1406 RSA *rsa; 1407 unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH]; 1408 1409 if (s->session->sess_cert->peer_rsa_tmp != NULL) 1410 rsa=s->session->sess_cert->peer_rsa_tmp; 1411 else 1412 { 1413 pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509); 1414 if ((pkey == NULL) || 1415 (pkey->type != EVP_PKEY_RSA) || 1416 (pkey->pkey.rsa == NULL)) 1417 { 1418 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_INTERNAL_ERROR); 1419 goto err; 1420 } 1421 rsa=pkey->pkey.rsa; 1422 EVP_PKEY_free(pkey); 1423 } 1424 1425 tmp_buf[0]=s->client_version>>8; 1426 tmp_buf[1]=s->client_version&0xff; 1427 if (RAND_bytes(&(tmp_buf[2]),SSL_MAX_MASTER_KEY_LENGTH-2) <= 0) 1428 goto err; 1429 1430 s->session->master_key_length=SSL_MAX_MASTER_KEY_LENGTH; 1431 1432 q=p; 1433 /* Fix buf for TLS and beyond */ 1434 if (s->version > SSL3_VERSION) 1435 p+=2; 1436 n=RSA_public_encrypt(SSL_MAX_MASTER_KEY_LENGTH, 1437 tmp_buf,p,rsa,RSA_PKCS1_PADDING); 1438#ifdef PKCS1_CHECK 1439 if (s->options & SSL_OP_PKCS1_CHECK_1) p[1]++; 1440 if (s->options & SSL_OP_PKCS1_CHECK_2) tmp_buf[0]=0x70; 1441#endif 1442 if (n <= 0) 1443 { 1444 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_ENCRYPT); 1445 goto err; 1446 } 1447 1448 /* Fix buf for TLS and beyond */ 1449 if (s->version > SSL3_VERSION) 1450 { 1451 s2n(n,q); 1452 n+=2; 1453 } 1454 1455 s->session->master_key_length= 1456 s->method->ssl3_enc->generate_master_secret(s, 1457 s->session->master_key, 1458 tmp_buf,SSL_MAX_MASTER_KEY_LENGTH); 1459 memset(tmp_buf,0,SSL_MAX_MASTER_KEY_LENGTH); 1460 } 1461 else 1462#endif 1463#ifndef NO_DH 1464 if (l & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) 1465 { 1466 DH *dh_srvr,*dh_clnt; 1467 1468 if (s->session->sess_cert->peer_dh_tmp != NULL) 1469 dh_srvr=s->session->sess_cert->peer_dh_tmp; 1470 else 1471 { 1472 /* we get them from the cert */ 1473 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE); 1474 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNABLE_TO_FIND_DH_PARAMETERS); 1475 goto err; 1476 } 1477 1478 /* generate a new random key */ 1479 if ((dh_clnt=DHparams_dup(dh_srvr)) == NULL) 1480 { 1481 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB); 1482 goto err; 1483 } 1484 if (!DH_generate_key(dh_clnt)) 1485 { 1486 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB); 1487 goto err; 1488 } 1489 1490 /* use the 'p' output buffer for the DH key, but 1491 * make sure to clear it out afterwards */ 1492 1493 n=DH_compute_key(p,dh_srvr->pub_key,dh_clnt); 1494 1495 if (n <= 0) 1496 { 1497 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB); 1498 goto err; 1499 } 1500 1501 /* generate master key from the result */ 1502 s->session->master_key_length= 1503 s->method->ssl3_enc->generate_master_secret(s, 1504 s->session->master_key,p,n); 1505 /* clean up */ 1506 memset(p,0,n); 1507 1508 /* send off the data */ 1509 n=BN_num_bytes(dh_clnt->pub_key); 1510 s2n(n,p); 1511 BN_bn2bin(dh_clnt->pub_key,p); 1512 n+=2; 1513 1514 DH_free(dh_clnt); 1515 1516 /* perhaps clean things up a bit EAY EAY EAY EAY*/ 1517 } 1518 else 1519#endif 1520 { 1521 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE); 1522 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_INTERNAL_ERROR); 1523 goto err; 1524 } 1525 1526 *(d++)=SSL3_MT_CLIENT_KEY_EXCHANGE; 1527 l2n3(n,d); 1528 1529 s->state=SSL3_ST_CW_KEY_EXCH_B; 1530 /* number of bytes to write */ 1531 s->init_num=n+4; 1532 s->init_off=0; 1533 } 1534 1535 /* SSL3_ST_CW_KEY_EXCH_B */ 1536 return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); 1537err: 1538 return(-1); 1539 } 1540 1541static int ssl3_send_client_verify(SSL *s) 1542 { 1543 unsigned char *p,*d; 1544 unsigned char data[MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH]; 1545 EVP_PKEY *pkey; 1546#ifndef NO_RSA 1547 unsigned u=0; 1548#endif 1549 unsigned long n; 1550#ifndef NO_DSA 1551 int j; 1552#endif 1553 1554 if (s->state == SSL3_ST_CW_CERT_VRFY_A) 1555 { 1556 d=(unsigned char *)s->init_buf->data; 1557 p= &(d[4]); 1558 pkey=s->cert->key->privatekey; 1559 1560 s->method->ssl3_enc->cert_verify_mac(s,&(s->s3->finish_dgst2), 1561 &(data[MD5_DIGEST_LENGTH])); 1562 1563#ifndef NO_RSA 1564 if (pkey->type == EVP_PKEY_RSA) 1565 { 1566 s->method->ssl3_enc->cert_verify_mac(s, 1567 &(s->s3->finish_dgst1),&(data[0])); 1568 if (RSA_sign(NID_md5_sha1, data, 1569 MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH, 1570 &(p[2]), &u, pkey->pkey.rsa) <= 0 ) 1571 { 1572 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,ERR_R_RSA_LIB); 1573 goto err; 1574 } 1575 s2n(u,p); 1576 n=u+2; 1577 } 1578 else 1579#endif 1580#ifndef NO_DSA 1581 if (pkey->type == EVP_PKEY_DSA) 1582 { 1583 if (!DSA_sign(pkey->save_type, 1584 &(data[MD5_DIGEST_LENGTH]), 1585 SHA_DIGEST_LENGTH,&(p[2]), 1586 (unsigned int *)&j,pkey->pkey.dsa)) 1587 { 1588 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,ERR_R_DSA_LIB); 1589 goto err; 1590 } 1591 s2n(j,p); 1592 n=j+2; 1593 } 1594 else 1595#endif 1596 { 1597 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,SSL_R_INTERNAL_ERROR); 1598 goto err; 1599 } 1600 *(d++)=SSL3_MT_CERTIFICATE_VERIFY; 1601 l2n3(n,d); 1602 1603 s->init_num=(int)n+4; 1604 s->init_off=0; 1605 } 1606 return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); 1607err: 1608 return(-1); 1609 } 1610 1611static int ssl3_send_client_certificate(SSL *s) 1612 { 1613 X509 *x509=NULL; 1614 EVP_PKEY *pkey=NULL; 1615 int i; 1616 unsigned long l; 1617 1618 if (s->state == SSL3_ST_CW_CERT_A) 1619 { 1620 if ((s->cert == NULL) || 1621 (s->cert->key->x509 == NULL) || 1622 (s->cert->key->privatekey == NULL)) 1623 s->state=SSL3_ST_CW_CERT_B; 1624 else 1625 s->state=SSL3_ST_CW_CERT_C; 1626 } 1627 1628 /* We need to get a client cert */ 1629 if (s->state == SSL3_ST_CW_CERT_B) 1630 { 1631 /* If we get an error, we need to 1632 * ssl->rwstate=SSL_X509_LOOKUP; return(-1); 1633 * We then get retied later */ 1634 i=0; 1635 if (s->ctx->client_cert_cb != NULL) 1636 i=s->ctx->client_cert_cb(s,&(x509),&(pkey)); 1637 if (i < 0) 1638 { 1639 s->rwstate=SSL_X509_LOOKUP; 1640 return(-1); 1641 } 1642 s->rwstate=SSL_NOTHING; 1643 if ((i == 1) && (pkey != NULL) && (x509 != NULL)) 1644 { 1645 s->state=SSL3_ST_CW_CERT_B; 1646 if ( !SSL_use_certificate(s,x509) || 1647 !SSL_use_PrivateKey(s,pkey)) 1648 i=0; 1649 } 1650 else if (i == 1) 1651 { 1652 i=0; 1653 SSLerr(SSL_F_SSL3_SEND_CLIENT_CERTIFICATE,SSL_R_BAD_DATA_RETURNED_BY_CALLBACK); 1654 } 1655 1656 if (x509 != NULL) X509_free(x509); 1657 if (pkey != NULL) EVP_PKEY_free(pkey); 1658 if (i == 0) 1659 { 1660 if (s->version == SSL3_VERSION) 1661 { 1662 s->s3->tmp.cert_req=0; 1663 ssl3_send_alert(s,SSL3_AL_WARNING,SSL_AD_NO_CERTIFICATE); 1664 return(1); 1665 } 1666 else 1667 { 1668 s->s3->tmp.cert_req=2; 1669 } 1670 } 1671 1672 /* Ok, we have a cert */ 1673 s->state=SSL3_ST_CW_CERT_C; 1674 } 1675 1676 if (s->state == SSL3_ST_CW_CERT_C) 1677 { 1678 s->state=SSL3_ST_CW_CERT_D; 1679 l=ssl3_output_cert_chain(s, 1680 (s->s3->tmp.cert_req == 2)?NULL:s->cert->key->x509); 1681 s->init_num=(int)l; 1682 s->init_off=0; 1683 } 1684 /* SSL3_ST_CW_CERT_D */ 1685 return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); 1686 } 1687 1688#define has_bits(i,m) (((i)&(m)) == (m)) 1689 1690static int ssl3_check_cert_and_algorithm(SSL *s) 1691 { 1692 int i,idx; 1693 long algs; 1694 EVP_PKEY *pkey=NULL; 1695 SESS_CERT *sc; 1696#ifndef NO_RSA 1697 RSA *rsa; 1698#endif 1699#ifndef NO_DH 1700 DH *dh; 1701#endif 1702 1703 sc=s->session->sess_cert; 1704 1705 if (sc == NULL) 1706 { 1707 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_INTERNAL_ERROR); 1708 goto err; 1709 } 1710 1711 algs=s->s3->tmp.new_cipher->algorithms; 1712 1713 /* we don't have a certificate */ 1714 if (algs & (SSL_aDH|SSL_aNULL)) 1715 return(1); 1716 1717#ifndef NO_RSA 1718 rsa=s->session->sess_cert->peer_rsa_tmp; 1719#endif 1720#ifndef NO_DH 1721 dh=s->session->sess_cert->peer_dh_tmp; 1722#endif 1723 1724 /* This is the passed certificate */ 1725 1726 idx=sc->peer_cert_type; 1727 pkey=X509_get_pubkey(sc->peer_pkeys[idx].x509); 1728 i=X509_certificate_type(sc->peer_pkeys[idx].x509,pkey); 1729 EVP_PKEY_free(pkey); 1730 1731 1732 /* Check that we have a certificate if we require one */ 1733 if ((algs & SSL_aRSA) && !has_bits(i,EVP_PK_RSA|EVP_PKT_SIGN)) 1734 { 1735 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_RSA_SIGNING_CERT); 1736 goto f_err; 1737 } 1738#ifndef NO_DSA 1739 else if ((algs & SSL_aDSS) && !has_bits(i,EVP_PK_DSA|EVP_PKT_SIGN)) 1740 { 1741 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DSA_SIGNING_CERT); 1742 goto f_err; 1743 } 1744#endif 1745#ifndef NO_RSA 1746 if ((algs & SSL_kRSA) && 1747 !(has_bits(i,EVP_PK_RSA|EVP_PKT_ENC) || (rsa != NULL))) 1748 { 1749 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_RSA_ENCRYPTING_CERT); 1750 goto f_err; 1751 } 1752#endif 1753#ifndef NO_DH 1754 if ((algs & SSL_kEDH) && 1755 !(has_bits(i,EVP_PK_DH|EVP_PKT_EXCH) || (dh != NULL))) 1756 { 1757 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_KEY); 1758 goto f_err; 1759 } 1760 else if ((algs & SSL_kDHr) && !has_bits(i,EVP_PK_DH|EVP_PKS_RSA)) 1761 { 1762 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_RSA_CERT); 1763 goto f_err; 1764 } 1765#ifndef NO_DSA 1766 else if ((algs & SSL_kDHd) && !has_bits(i,EVP_PK_DH|EVP_PKS_DSA)) 1767 { 1768 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_DSA_CERT); 1769 goto f_err; 1770 } 1771#endif 1772#endif 1773 1774 if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && !has_bits(i,EVP_PKT_EXP)) 1775 { 1776#ifndef NO_RSA 1777 if (algs & SSL_kRSA) 1778 { 1779 if (rsa == NULL 1780 || RSA_size(rsa) > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) 1781 { 1782 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_EXPORT_TMP_RSA_KEY); 1783 goto f_err; 1784 } 1785 } 1786 else 1787#endif 1788#ifndef NO_DH 1789 if (algs & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) 1790 { 1791 if (dh == NULL 1792 || DH_size(dh) > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) 1793 { 1794 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_EXPORT_TMP_DH_KEY); 1795 goto f_err; 1796 } 1797 } 1798 else 1799#endif 1800 { 1801 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE); 1802 goto f_err; 1803 } 1804 } 1805 return(1); 1806f_err: 1807 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE); 1808err: 1809 return(0); 1810 } 1811
|