Deleted Added
sdiff udiff text old ( 63249 ) new ( 68654 )
full compact
s2_clnt.c (63249) s2_clnt.c (68654)
1/* ssl/s2_clnt.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 *
1/* ssl/s2_clnt.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 *
58 * $FreeBSD: head/crypto/openssl/ssl/s2_clnt.c 59194 2000-04-13 07:15:03Z kris $
58 * $FreeBSD: head/crypto/openssl/ssl/s2_clnt.c 68654 2000-11-13 02:20:29Z kris $
59 */
60
61#include "ssl_locl.h"
62#ifndef NO_SSL2
63#include <stdio.h>
64#include <openssl/rand.h>
65#include <openssl/buffer.h>
66#include <openssl/objects.h>
67#include <openssl/evp.h>
68
69static SSL_METHOD *ssl2_get_client_method(int ver);
70static int get_server_finished(SSL *s);
71static int get_server_verify(SSL *s);
72static int get_server_hello(SSL *s);
73static int client_hello(SSL *s);
74static int client_master_key(SSL *s);
75static int client_finished(SSL *s);
76static int client_certificate(SSL *s);
77static int ssl_rsa_public_encrypt(SESS_CERT *sc, int len, unsigned char *from,
78 unsigned char *to,int padding);
79#define BREAK break
80
81static SSL_METHOD *ssl2_get_client_method(int ver)
82 {
83 if (ver == SSL2_VERSION)
84 return(SSLv2_client_method());
85 else
86 return(NULL);
87 }
88
89SSL_METHOD *SSLv2_client_method(void)
90 {
91 static int init=1;
92 static SSL_METHOD SSLv2_client_data;
93
94 if (init)
95 {
96 memcpy((char *)&SSLv2_client_data,(char *)sslv2_base_method(),
97 sizeof(SSL_METHOD));
98 SSLv2_client_data.ssl_connect=ssl2_connect;
99 SSLv2_client_data.get_ssl_method=ssl2_get_client_method;
100 init=0;
101 }
102 return(&SSLv2_client_data);
103 }
104
105int ssl2_connect(SSL *s)
106 {
107 unsigned long l=time(NULL);
108 BUF_MEM *buf=NULL;
109 int ret= -1;
110 void (*cb)()=NULL;
111 int new_state,state;
112
113 RAND_add(&l,sizeof(l),0);
114 ERR_clear_error();
115 clear_sys_error();
116
117 if (s->info_callback != NULL)
118 cb=s->info_callback;
119 else if (s->ctx->info_callback != NULL)
120 cb=s->ctx->info_callback;
121
122 /* init things to blank */
123 if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
124 s->in_handshake++;
125
126 for (;;)
127 {
128 state=s->state;
129
130 switch (s->state)
131 {
132 case SSL_ST_BEFORE:
133 case SSL_ST_CONNECT:
134 case SSL_ST_BEFORE|SSL_ST_CONNECT:
135 case SSL_ST_OK|SSL_ST_CONNECT:
136
137 s->server=0;
138 if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
139
140 s->version=SSL2_VERSION;
141 s->type=SSL_ST_CONNECT;
142
143 buf=s->init_buf;
144 if ((buf == NULL) && ((buf=BUF_MEM_new()) == NULL))
145 {
146 ret= -1;
147 goto end;
148 }
149 if (!BUF_MEM_grow(buf,
150 SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER))
151 {
152 ret= -1;
153 goto end;
154 }
155 s->init_buf=buf;
156 s->init_num=0;
157 s->state=SSL2_ST_SEND_CLIENT_HELLO_A;
158 s->ctx->stats.sess_connect++;
159 s->handshake_func=ssl2_connect;
160 BREAK;
161
162 case SSL2_ST_SEND_CLIENT_HELLO_A:
163 case SSL2_ST_SEND_CLIENT_HELLO_B:
164 s->shutdown=0;
165 ret=client_hello(s);
166 if (ret <= 0) goto end;
167 s->init_num=0;
168 s->state=SSL2_ST_GET_SERVER_HELLO_A;
169 BREAK;
170
171 case SSL2_ST_GET_SERVER_HELLO_A:
172 case SSL2_ST_GET_SERVER_HELLO_B:
173 ret=get_server_hello(s);
174 if (ret <= 0) goto end;
175 s->init_num=0;
176 if (!s->hit) /* new session */
177 {
178 s->state=SSL2_ST_SEND_CLIENT_MASTER_KEY_A;
179 BREAK;
180 }
181 else
182 {
183 s->state=SSL2_ST_CLIENT_START_ENCRYPTION;
184 break;
185 }
186
187 case SSL2_ST_SEND_CLIENT_MASTER_KEY_A:
188 case SSL2_ST_SEND_CLIENT_MASTER_KEY_B:
189 ret=client_master_key(s);
190 if (ret <= 0) goto end;
191 s->init_num=0;
192 s->state=SSL2_ST_CLIENT_START_ENCRYPTION;
193 break;
194
195 case SSL2_ST_CLIENT_START_ENCRYPTION:
196 /* Ok, we now have all the stuff needed to
197 * start encrypting, so lets fire it up :-) */
198 if (!ssl2_enc_init(s,1))
199 {
200 ret= -1;
201 goto end;
202 }
203 s->s2->clear_text=0;
204 s->state=SSL2_ST_SEND_CLIENT_FINISHED_A;
205 break;
206
207 case SSL2_ST_SEND_CLIENT_FINISHED_A:
208 case SSL2_ST_SEND_CLIENT_FINISHED_B:
209 ret=client_finished(s);
210 if (ret <= 0) goto end;
211 s->init_num=0;
212 s->state=SSL2_ST_GET_SERVER_VERIFY_A;
213 break;
214
215 case SSL2_ST_GET_SERVER_VERIFY_A:
216 case SSL2_ST_GET_SERVER_VERIFY_B:
217 ret=get_server_verify(s);
218 if (ret <= 0) goto end;
219 s->init_num=0;
220 s->state=SSL2_ST_GET_SERVER_FINISHED_A;
221 break;
222
223 case SSL2_ST_GET_SERVER_FINISHED_A:
224 case SSL2_ST_GET_SERVER_FINISHED_B:
225 ret=get_server_finished(s);
226 if (ret <= 0) goto end;
227 break;
228
229 case SSL2_ST_SEND_CLIENT_CERTIFICATE_A:
230 case SSL2_ST_SEND_CLIENT_CERTIFICATE_B:
231 case SSL2_ST_SEND_CLIENT_CERTIFICATE_C:
232 case SSL2_ST_SEND_CLIENT_CERTIFICATE_D:
233 case SSL2_ST_X509_GET_CLIENT_CERTIFICATE:
234 ret=client_certificate(s);
235 if (ret <= 0) goto end;
236 s->init_num=0;
237 s->state=SSL2_ST_GET_SERVER_FINISHED_A;
238 break;
239
240 case SSL_ST_OK:
241 if (s->init_buf != NULL)
242 {
243 BUF_MEM_free(s->init_buf);
244 s->init_buf=NULL;
245 }
246 s->init_num=0;
247 /* ERR_clear_error();*/
248
249 /* If we want to cache session-ids in the client
250 * and we successfully add the session-id to the
251 * cache, and there is a callback, then pass it out.
252 * 26/11/96 - eay - only add if not a re-used session.
253 */
254
255 ssl_update_cache(s,SSL_SESS_CACHE_CLIENT);
256 if (s->hit) s->ctx->stats.sess_hit++;
257
258 ret=1;
259 /* s->server=0; */
260 s->ctx->stats.sess_connect_good++;
261
262 if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1);
263
264 goto end;
265 /* break; */
266 default:
267 SSLerr(SSL_F_SSL2_CONNECT,SSL_R_UNKNOWN_STATE);
268 return(-1);
269 /* break; */
270 }
271
272 if ((cb != NULL) && (s->state != state))
273 {
274 new_state=s->state;
275 s->state=state;
276 cb(s,SSL_CB_CONNECT_LOOP,1);
277 s->state=new_state;
278 }
279 }
280end:
281 s->in_handshake--;
282 if (cb != NULL)
283 cb(s,SSL_CB_CONNECT_EXIT,ret);
284 return(ret);
285 }
286
287static int get_server_hello(SSL *s)
288 {
289 unsigned char *buf;
290 unsigned char *p;
291 int i,j;
292 STACK_OF(SSL_CIPHER) *sk=NULL,*cl;
293
294 buf=(unsigned char *)s->init_buf->data;
295 p=buf;
296 if (s->state == SSL2_ST_GET_SERVER_HELLO_A)
297 {
298 i=ssl2_read(s,(char *)&(buf[s->init_num]),11-s->init_num);
299 if (i < (11-s->init_num))
300 return(ssl2_part_read(s,SSL_F_GET_SERVER_HELLO,i));
301
302 if (*(p++) != SSL2_MT_SERVER_HELLO)
303 {
304 if (p[-1] != SSL2_MT_ERROR)
305 {
306 ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
307 SSLerr(SSL_F_GET_SERVER_HELLO,
308 SSL_R_READ_WRONG_PACKET_TYPE);
309 }
310 else
311 SSLerr(SSL_F_GET_SERVER_HELLO,
312 SSL_R_PEER_ERROR);
313 return(-1);
314 }
315#ifdef __APPLE_CC__
316 /* The Rhapsody 5.5 (a.k.a. MacOS X) compiler bug
317 * workaround. <appro@fy.chalmers.se> */
318 s->hit=(i=*(p++))?1:0;
319#else
320 s->hit=(*(p++))?1:0;
321#endif
322 s->s2->tmp.cert_type= *(p++);
323 n2s(p,i);
324 if (i < s->version) s->version=i;
325 n2s(p,i); s->s2->tmp.cert_length=i;
326 n2s(p,i); s->s2->tmp.csl=i;
327 n2s(p,i); s->s2->tmp.conn_id_length=i;
328 s->state=SSL2_ST_GET_SERVER_HELLO_B;
329 s->init_num=0;
330 }
331
332 /* SSL2_ST_GET_SERVER_HELLO_B */
333 j=s->s2->tmp.cert_length+s->s2->tmp.csl+s->s2->tmp.conn_id_length
334 - s->init_num;
335 i=ssl2_read(s,(char *)&(buf[s->init_num]),j);
336 if (i != j) return(ssl2_part_read(s,SSL_F_GET_SERVER_HELLO,i));
337
338 /* things are looking good */
339
340 p=buf;
341 if (s->hit)
342 {
343 if (s->s2->tmp.cert_length != 0)
344 {
345 SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_REUSE_CERT_LENGTH_NOT_ZERO);
346 return(-1);
347 }
348 if (s->s2->tmp.cert_type != 0)
349 {
350 if (!(s->options &
351 SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG))
352 {
353 SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_REUSE_CERT_TYPE_NOT_ZERO);
354 return(-1);
355 }
356 }
357 if (s->s2->tmp.csl != 0)
358 {
359 SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_REUSE_CIPHER_LIST_NOT_ZERO);
360 return(-1);
361 }
362 }
363 else
364 {
365#ifdef undef
366 /* very bad */
367 memset(s->session->session_id,0,
368 SSL_MAX_SSL_SESSION_ID_LENGTH_IN_BYTES);
369 s->session->session_id_length=0;
370 */
371#endif
372
373 /* we need to do this in case we were trying to reuse a
374 * client session but others are already reusing it.
375 * If this was a new 'blank' session ID, the session-id
376 * length will still be 0 */
377 if (s->session->session_id_length > 0)
378 {
379 if (!ssl_get_new_session(s,0))
380 {
381 ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
382 return(-1);
383 }
384 }
385
386 if (ssl2_set_certificate(s,s->s2->tmp.cert_type,
387 s->s2->tmp.cert_length,p) <= 0)
388 {
389 ssl2_return_error(s,SSL2_PE_BAD_CERTIFICATE);
390 return(-1);
391 }
392 p+=s->s2->tmp.cert_length;
393
394 if (s->s2->tmp.csl == 0)
395 {
396 ssl2_return_error(s,SSL2_PE_NO_CIPHER);
397 SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_NO_CIPHER_LIST);
398 return(-1);
399 }
400
401 /* We have just received a list of ciphers back from the
402 * server. We need to get the ones that match, then select
403 * the one we want the most :-). */
404
405 /* load the ciphers */
406 sk=ssl_bytes_to_cipher_list(s,p,s->s2->tmp.csl,
407 &s->session->ciphers);
408 p+=s->s2->tmp.csl;
409 if (sk == NULL)
410 {
411 ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
412 SSLerr(SSL_F_GET_SERVER_HELLO,ERR_R_MALLOC_FAILURE);
413 return(-1);
414 }
415
416 sk_SSL_CIPHER_set_cmp_func(sk,ssl_cipher_ptr_id_cmp);
417
418 /* get the array of ciphers we will accept */
419 cl=ssl_get_ciphers_by_id(s);
420
421 /* In theory we could have ciphers sent back that we
422 * don't want to use but that does not matter since we
423 * will check against the list we originally sent and
424 * for performance reasons we should not bother to match
425 * the two lists up just to check. */
426 for (i=0; i<sk_SSL_CIPHER_num(cl); i++)
427 {
428 if (sk_SSL_CIPHER_find(sk,
429 sk_SSL_CIPHER_value(cl,i)) >= 0)
430 break;
431 }
432
433 if (i >= sk_SSL_CIPHER_num(cl))
434 {
435 ssl2_return_error(s,SSL2_PE_NO_CIPHER);
436 SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_NO_CIPHER_MATCH);
437 return(-1);
438 }
439 s->session->cipher=sk_SSL_CIPHER_value(cl,i);
440
441
442 if (s->session->peer != NULL) /* can't happen*/
443 {
444 ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
445 SSLerr(SSL_F_GET_SERVER_HELLO, SSL_R_INTERNAL_ERROR);
446 return(-1);
447 }
448
449 s->session->peer = s->session->sess_cert->peer_key->x509;
450 /* peer_key->x509 has been set by ssl2_set_certificate. */
451 CRYPTO_add(&s->session->peer->references, 1, CRYPTO_LOCK_X509);
452 }
453
454 if (s->session->peer != s->session->sess_cert->peer_key->x509)
455 /* can't happen */
456 {
457 ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
458 SSLerr(SSL_F_GET_SERVER_HELLO, SSL_R_INTERNAL_ERROR);
459 return(-1);
460 }
461
462 s->s2->conn_id_length=s->s2->tmp.conn_id_length;
463 memcpy(s->s2->conn_id,p,s->s2->tmp.conn_id_length);
464 return(1);
465 }
466
467static int client_hello(SSL *s)
468 {
469 unsigned char *buf;
470 unsigned char *p,*d;
471/* CIPHER **cipher;*/
472 int i,n,j;
473
474 buf=(unsigned char *)s->init_buf->data;
475 if (s->state == SSL2_ST_SEND_CLIENT_HELLO_A)
476 {
477 if ((s->session == NULL) ||
478 (s->session->ssl_version != s->version))
479 {
480 if (!ssl_get_new_session(s,0))
481 {
482 ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
483 return(-1);
484 }
485 }
486 /* else use the pre-loaded session */
487
488 p=buf; /* header */
489 d=p+9; /* data section */
490 *(p++)=SSL2_MT_CLIENT_HELLO; /* type */
491 s2n(SSL2_VERSION,p); /* version */
492 n=j=0;
493
494 n=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),d);
495 d+=n;
496
497 if (n == 0)
498 {
499 SSLerr(SSL_F_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE);
500 return(-1);
501 }
502
503 s2n(n,p); /* cipher spec num bytes */
504
505 if ((s->session->session_id_length > 0) &&
506 (s->session->session_id_length <=
507 SSL2_MAX_SSL_SESSION_ID_LENGTH))
508 {
509 i=s->session->session_id_length;
510 s2n(i,p); /* session id length */
511 memcpy(d,s->session->session_id,(unsigned int)i);
512 d+=i;
513 }
514 else
515 {
516 s2n(0,p);
517 }
518
519 s->s2->challenge_length=SSL2_CHALLENGE_LENGTH;
520 s2n(SSL2_CHALLENGE_LENGTH,p); /* challenge length */
521 /*challenge id data*/
522 RAND_pseudo_bytes(s->s2->challenge,SSL2_CHALLENGE_LENGTH);
523 memcpy(d,s->s2->challenge,SSL2_CHALLENGE_LENGTH);
524 d+=SSL2_CHALLENGE_LENGTH;
525
526 s->state=SSL2_ST_SEND_CLIENT_HELLO_B;
527 s->init_num=d-buf;
528 s->init_off=0;
529 }
530 /* SSL2_ST_SEND_CLIENT_HELLO_B */
531 return(ssl2_do_write(s));
532 }
533
534static int client_master_key(SSL *s)
535 {
536 unsigned char *buf;
537 unsigned char *p,*d;
538 int clear,enc,karg,i;
539 SSL_SESSION *sess;
540 const EVP_CIPHER *c;
541 const EVP_MD *md;
542
543 buf=(unsigned char *)s->init_buf->data;
544 if (s->state == SSL2_ST_SEND_CLIENT_MASTER_KEY_A)
545 {
546
547 if (!ssl_cipher_get_evp(s->session,&c,&md,NULL))
548 {
549 ssl2_return_error(s,SSL2_PE_NO_CIPHER);
550 SSLerr(SSL_F_CLIENT_MASTER_KEY,SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS);
551 return(-1);
552 }
553 sess=s->session;
554 p=buf;
555 d=p+10;
556 *(p++)=SSL2_MT_CLIENT_MASTER_KEY;/* type */
557
558 i=ssl_put_cipher_by_char(s,sess->cipher,p);
559 p+=i;
560
561 /* make key_arg data */
562 i=EVP_CIPHER_iv_length(c);
563 sess->key_arg_length=i;
564 if (i > 0) RAND_pseudo_bytes(sess->key_arg,i);
565
566 /* make a master key */
567 i=EVP_CIPHER_key_length(c);
568 sess->master_key_length=i;
569 if (i > 0)
570 {
571 if (RAND_bytes(sess->master_key,i) <= 0)
572 {
573 ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
574 return(-1);
575 }
576 }
577
578 if (sess->cipher->algorithm2 & SSL2_CF_8_BYTE_ENC)
579 enc=8;
580 else if (SSL_C_IS_EXPORT(sess->cipher))
581 enc=5;
582 else
583 enc=i;
584
585 if (i < enc)
586 {
587 ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
588 SSLerr(SSL_F_CLIENT_MASTER_KEY,SSL_R_CIPHER_TABLE_SRC_ERROR);
589 return(-1);
590 }
591 clear=i-enc;
592 s2n(clear,p);
593 memcpy(d,sess->master_key,(unsigned int)clear);
594 d+=clear;
595
596 enc=ssl_rsa_public_encrypt(sess->sess_cert,enc,
597 &(sess->master_key[clear]),d,
598 (s->s2->ssl2_rollback)?RSA_SSLV23_PADDING:RSA_PKCS1_PADDING);
599 if (enc <= 0)
600 {
601 ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
602 SSLerr(SSL_F_CLIENT_MASTER_KEY,SSL_R_PUBLIC_KEY_ENCRYPT_ERROR);
603 return(-1);
604 }
605#ifdef PKCS1_CHECK
606 if (s->options & SSL_OP_PKCS1_CHECK_1) d[1]++;
607 if (s->options & SSL_OP_PKCS1_CHECK_2)
608 sess->master_key[clear]++;
609#endif
610 s2n(enc,p);
611 d+=enc;
612 karg=sess->key_arg_length;
613 s2n(karg,p); /* key arg size */
614 memcpy(d,sess->key_arg,(unsigned int)karg);
615 d+=karg;
616
617 s->state=SSL2_ST_SEND_CLIENT_MASTER_KEY_B;
618 s->init_num=d-buf;
619 s->init_off=0;
620 }
621
622 /* SSL2_ST_SEND_CLIENT_MASTER_KEY_B */
623 return(ssl2_do_write(s));
624 }
625
626static int client_finished(SSL *s)
627 {
628 unsigned char *p;
629
630 if (s->state == SSL2_ST_SEND_CLIENT_FINISHED_A)
631 {
632 p=(unsigned char *)s->init_buf->data;
633 *(p++)=SSL2_MT_CLIENT_FINISHED;
634 memcpy(p,s->s2->conn_id,(unsigned int)s->s2->conn_id_length);
635
636 s->state=SSL2_ST_SEND_CLIENT_FINISHED_B;
637 s->init_num=s->s2->conn_id_length+1;
638 s->init_off=0;
639 }
640 return(ssl2_do_write(s));
641 }
642
643/* read the data and then respond */
644static int client_certificate(SSL *s)
645 {
646 unsigned char *buf;
647 unsigned char *p,*d;
648 int i;
649 unsigned int n;
650 int cert_ch_len=0;
651 unsigned char *cert_ch;
652
653 buf=(unsigned char *)s->init_buf->data;
654 cert_ch= &(buf[2]);
655
656 /* We have a cert associated with the SSL, so attach it to
657 * the session if it does not have one */
658
659 if (s->state == SSL2_ST_SEND_CLIENT_CERTIFICATE_A)
660 {
661 i=ssl2_read(s,(char *)&(buf[s->init_num]),
662 SSL2_MAX_CERT_CHALLENGE_LENGTH+1-s->init_num);
663 if (i<(SSL2_MIN_CERT_CHALLENGE_LENGTH+1-s->init_num))
664 return(ssl2_part_read(s,SSL_F_CLIENT_CERTIFICATE,i));
665
666 /* type=buf[0]; */
667 /* type eq x509 */
668 if (buf[1] != SSL2_AT_MD5_WITH_RSA_ENCRYPTION)
669 {
670 ssl2_return_error(s,SSL2_PE_UNSUPPORTED_CERTIFICATE_TYPE);
671 SSLerr(SSL_F_CLIENT_CERTIFICATE,SSL_R_BAD_AUTHENTICATION_TYPE);
672 return(-1);
673 }
674 cert_ch_len=i-1;
675
676 if ((s->cert == NULL) ||
677 (s->cert->key->x509 == NULL) ||
678 (s->cert->key->privatekey == NULL))
679 {
680 s->state=SSL2_ST_X509_GET_CLIENT_CERTIFICATE;
681 }
682 else
683 s->state=SSL2_ST_SEND_CLIENT_CERTIFICATE_C;
684 }
685
686 if (s->state == SSL2_ST_X509_GET_CLIENT_CERTIFICATE)
687 {
688 X509 *x509=NULL;
689 EVP_PKEY *pkey=NULL;
690
691 /* If we get an error we need to
692 * ssl->rwstate=SSL_X509_LOOKUP;
693 * return(error);
694 * We should then be retried when things are ok and we
695 * can get a cert or not */
696
697 i=0;
698 if (s->ctx->client_cert_cb != NULL)
699 {
700 i=s->ctx->client_cert_cb(s,&(x509),&(pkey));
701 }
702
703 if (i < 0)
704 {
705 s->rwstate=SSL_X509_LOOKUP;
706 return(-1);
707 }
708 s->rwstate=SSL_NOTHING;
709
710 if ((i == 1) && (pkey != NULL) && (x509 != NULL))
711 {
712 s->state=SSL2_ST_SEND_CLIENT_CERTIFICATE_C;
713 if ( !SSL_use_certificate(s,x509) ||
714 !SSL_use_PrivateKey(s,pkey))
715 {
716 i=0;
717 }
718 X509_free(x509);
719 EVP_PKEY_free(pkey);
720 }
721 else if (i == 1)
722 {
723 if (x509 != NULL) X509_free(x509);
724 if (pkey != NULL) EVP_PKEY_free(pkey);
725 SSLerr(SSL_F_CLIENT_CERTIFICATE,SSL_R_BAD_DATA_RETURNED_BY_CALLBACK);
726 i=0;
727 }
728
729 if (i == 0)
730 {
731 /* We have no client certificate to respond with
732 * so send the correct error message back */
733 s->state=SSL2_ST_SEND_CLIENT_CERTIFICATE_B;
734 p=buf;
735 *(p++)=SSL2_MT_ERROR;
736 s2n(SSL2_PE_NO_CERTIFICATE,p);
737 s->init_off=0;
738 s->init_num=3;
739 /* Write is done at the end */
740 }
741 }
742
743 if (s->state == SSL2_ST_SEND_CLIENT_CERTIFICATE_B)
744 {
745 return(ssl2_do_write(s));
746 }
747
748 if (s->state == SSL2_ST_SEND_CLIENT_CERTIFICATE_C)
749 {
750 EVP_MD_CTX ctx;
751
752 /* ok, now we calculate the checksum
753 * do it first so we can reuse buf :-) */
754 p=buf;
755 EVP_SignInit(&ctx,s->ctx->rsa_md5);
756 EVP_SignUpdate(&ctx,s->s2->key_material,
757 (unsigned int)s->s2->key_material_length);
758 EVP_SignUpdate(&ctx,cert_ch,(unsigned int)cert_ch_len);
759 n=i2d_X509(s->session->sess_cert->peer_key->x509,&p);
760 EVP_SignUpdate(&ctx,buf,(unsigned int)n);
761
762 p=buf;
763 d=p+6;
764 *(p++)=SSL2_MT_CLIENT_CERTIFICATE;
765 *(p++)=SSL2_CT_X509_CERTIFICATE;
766 n=i2d_X509(s->cert->key->x509,&d);
767 s2n(n,p);
768
769 if (!EVP_SignFinal(&ctx,d,&n,s->cert->key->privatekey))
770 {
771 /* this is not good. If things have failed it
772 * means there so something wrong with the key.
773 * We will continue with a 0 length signature
774 */
775 }
776 memset(&ctx,0,sizeof(ctx));
777 s2n(n,p);
778 d+=n;
779
780 s->state=SSL2_ST_SEND_CLIENT_CERTIFICATE_D;
781 s->init_num=d-buf;
782 s->init_off=0;
783 }
784 /* if (s->state == SSL2_ST_SEND_CLIENT_CERTIFICATE_D) */
785 return(ssl2_do_write(s));
786 }
787
788static int get_server_verify(SSL *s)
789 {
790 unsigned char *p;
791 int i;
792
793 p=(unsigned char *)s->init_buf->data;
794 if (s->state == SSL2_ST_GET_SERVER_VERIFY_A)
795 {
796 i=ssl2_read(s,(char *)&(p[s->init_num]),1-s->init_num);
797 if (i < (1-s->init_num))
798 return(ssl2_part_read(s,SSL_F_GET_SERVER_VERIFY,i));
799
800 s->state= SSL2_ST_GET_SERVER_VERIFY_B;
801 s->init_num=0;
802 if (*p != SSL2_MT_SERVER_VERIFY)
803 {
804 if (p[0] != SSL2_MT_ERROR)
805 {
806 ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
807 SSLerr(SSL_F_GET_SERVER_VERIFY,
808 SSL_R_READ_WRONG_PACKET_TYPE);
809 }
810 else
811 SSLerr(SSL_F_GET_SERVER_VERIFY,
812 SSL_R_PEER_ERROR);
813 return(-1);
814 }
815 }
816
817 p=(unsigned char *)s->init_buf->data;
818 i=ssl2_read(s,(char *)&(p[s->init_num]),
819 (unsigned int)s->s2->challenge_length-s->init_num);
820 if (i < ((int)s->s2->challenge_length-s->init_num))
821 return(ssl2_part_read(s,SSL_F_GET_SERVER_VERIFY,i));
822 if (memcmp(p,s->s2->challenge,(unsigned int)s->s2->challenge_length) != 0)
823 {
824 ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
825 SSLerr(SSL_F_GET_SERVER_VERIFY,SSL_R_CHALLENGE_IS_DIFFERENT);
826 return(-1);
827 }
828 return(1);
829 }
830
831static int get_server_finished(SSL *s)
832 {
833 unsigned char *buf;
834 unsigned char *p;
835 int i;
836
837 buf=(unsigned char *)s->init_buf->data;
838 p=buf;
839 if (s->state == SSL2_ST_GET_SERVER_FINISHED_A)
840 {
841 i=ssl2_read(s,(char *)&(buf[s->init_num]),1-s->init_num);
842 if (i < (1-s->init_num))
843 return(ssl2_part_read(s,SSL_F_GET_SERVER_FINISHED,i));
844 s->init_num=i;
845 if (*p == SSL2_MT_REQUEST_CERTIFICATE)
846 {
847 s->state=SSL2_ST_SEND_CLIENT_CERTIFICATE_A;
848 return(1);
849 }
850 else if (*p != SSL2_MT_SERVER_FINISHED)
851 {
852 if (p[0] != SSL2_MT_ERROR)
853 {
854 ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
855 SSLerr(SSL_F_GET_SERVER_FINISHED,SSL_R_READ_WRONG_PACKET_TYPE);
856 }
857 else
858 SSLerr(SSL_F_GET_SERVER_FINISHED,SSL_R_PEER_ERROR);
859 return(-1);
860 }
861 s->state=SSL_ST_OK;
862 s->init_num=0;
863 }
864
865 i=ssl2_read(s,(char *)&(buf[s->init_num]),
866 SSL2_SSL_SESSION_ID_LENGTH-s->init_num);
867 if (i < (SSL2_SSL_SESSION_ID_LENGTH-s->init_num))
868 return(ssl2_part_read(s,SSL_F_GET_SERVER_FINISHED,i));
869
870 if (!s->hit) /* new session */
871 {
872 /* new session-id */
873 /* Make sure we were not trying to re-use an old SSL_SESSION
874 * or bad things can happen */
875 /* ZZZZZZZZZZZZZ */
876 s->session->session_id_length=SSL2_SSL_SESSION_ID_LENGTH;
877 memcpy(s->session->session_id,p,SSL2_SSL_SESSION_ID_LENGTH);
878 }
879 else
880 {
881 if (!(s->options & SSL_OP_MICROSOFT_SESS_ID_BUG))
882 {
883 if (memcmp(buf,s->session->session_id,
884 (unsigned int)s->session->session_id_length) != 0)
885 {
886 ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
887 SSLerr(SSL_F_GET_SERVER_FINISHED,SSL_R_SSL_SESSION_ID_IS_DIFFERENT);
888 return(-1);
889 }
890 }
891 }
892 return(1);
893 }
894
895/* loads in the certificate from the server */
896int ssl2_set_certificate(SSL *s, int type, int len, unsigned char *data)
897 {
898 STACK_OF(X509) *sk=NULL;
899 EVP_PKEY *pkey=NULL;
900 SESS_CERT *sc=NULL;
901 int i;
902 X509 *x509=NULL;
903 int ret=0;
904
905 x509=d2i_X509(NULL,&data,(long)len);
906 if (x509 == NULL)
907 {
908 SSLerr(SSL_F_SSL2_SET_CERTIFICATE,ERR_R_X509_LIB);
909 goto err;
910 }
911
912 if ((sk=sk_X509_new_null()) == NULL || !sk_X509_push(sk,x509))
913 {
914 SSLerr(SSL_F_SSL2_SET_CERTIFICATE,ERR_R_MALLOC_FAILURE);
915 goto err;
916 }
917
918 i=ssl_verify_cert_chain(s,sk);
919
920 if ((s->verify_mode != SSL_VERIFY_NONE) && (!i))
921 {
922 SSLerr(SSL_F_SSL2_SET_CERTIFICATE,SSL_R_CERTIFICATE_VERIFY_FAILED);
923 goto err;
924 }
59 */
60
61#include "ssl_locl.h"
62#ifndef NO_SSL2
63#include <stdio.h>
64#include <openssl/rand.h>
65#include <openssl/buffer.h>
66#include <openssl/objects.h>
67#include <openssl/evp.h>
68
69static SSL_METHOD *ssl2_get_client_method(int ver);
70static int get_server_finished(SSL *s);
71static int get_server_verify(SSL *s);
72static int get_server_hello(SSL *s);
73static int client_hello(SSL *s);
74static int client_master_key(SSL *s);
75static int client_finished(SSL *s);
76static int client_certificate(SSL *s);
77static int ssl_rsa_public_encrypt(SESS_CERT *sc, int len, unsigned char *from,
78 unsigned char *to,int padding);
79#define BREAK break
80
81static SSL_METHOD *ssl2_get_client_method(int ver)
82 {
83 if (ver == SSL2_VERSION)
84 return(SSLv2_client_method());
85 else
86 return(NULL);
87 }
88
89SSL_METHOD *SSLv2_client_method(void)
90 {
91 static int init=1;
92 static SSL_METHOD SSLv2_client_data;
93
94 if (init)
95 {
96 memcpy((char *)&SSLv2_client_data,(char *)sslv2_base_method(),
97 sizeof(SSL_METHOD));
98 SSLv2_client_data.ssl_connect=ssl2_connect;
99 SSLv2_client_data.get_ssl_method=ssl2_get_client_method;
100 init=0;
101 }
102 return(&SSLv2_client_data);
103 }
104
105int ssl2_connect(SSL *s)
106 {
107 unsigned long l=time(NULL);
108 BUF_MEM *buf=NULL;
109 int ret= -1;
110 void (*cb)()=NULL;
111 int new_state,state;
112
113 RAND_add(&l,sizeof(l),0);
114 ERR_clear_error();
115 clear_sys_error();
116
117 if (s->info_callback != NULL)
118 cb=s->info_callback;
119 else if (s->ctx->info_callback != NULL)
120 cb=s->ctx->info_callback;
121
122 /* init things to blank */
123 if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
124 s->in_handshake++;
125
126 for (;;)
127 {
128 state=s->state;
129
130 switch (s->state)
131 {
132 case SSL_ST_BEFORE:
133 case SSL_ST_CONNECT:
134 case SSL_ST_BEFORE|SSL_ST_CONNECT:
135 case SSL_ST_OK|SSL_ST_CONNECT:
136
137 s->server=0;
138 if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
139
140 s->version=SSL2_VERSION;
141 s->type=SSL_ST_CONNECT;
142
143 buf=s->init_buf;
144 if ((buf == NULL) && ((buf=BUF_MEM_new()) == NULL))
145 {
146 ret= -1;
147 goto end;
148 }
149 if (!BUF_MEM_grow(buf,
150 SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER))
151 {
152 ret= -1;
153 goto end;
154 }
155 s->init_buf=buf;
156 s->init_num=0;
157 s->state=SSL2_ST_SEND_CLIENT_HELLO_A;
158 s->ctx->stats.sess_connect++;
159 s->handshake_func=ssl2_connect;
160 BREAK;
161
162 case SSL2_ST_SEND_CLIENT_HELLO_A:
163 case SSL2_ST_SEND_CLIENT_HELLO_B:
164 s->shutdown=0;
165 ret=client_hello(s);
166 if (ret <= 0) goto end;
167 s->init_num=0;
168 s->state=SSL2_ST_GET_SERVER_HELLO_A;
169 BREAK;
170
171 case SSL2_ST_GET_SERVER_HELLO_A:
172 case SSL2_ST_GET_SERVER_HELLO_B:
173 ret=get_server_hello(s);
174 if (ret <= 0) goto end;
175 s->init_num=0;
176 if (!s->hit) /* new session */
177 {
178 s->state=SSL2_ST_SEND_CLIENT_MASTER_KEY_A;
179 BREAK;
180 }
181 else
182 {
183 s->state=SSL2_ST_CLIENT_START_ENCRYPTION;
184 break;
185 }
186
187 case SSL2_ST_SEND_CLIENT_MASTER_KEY_A:
188 case SSL2_ST_SEND_CLIENT_MASTER_KEY_B:
189 ret=client_master_key(s);
190 if (ret <= 0) goto end;
191 s->init_num=0;
192 s->state=SSL2_ST_CLIENT_START_ENCRYPTION;
193 break;
194
195 case SSL2_ST_CLIENT_START_ENCRYPTION:
196 /* Ok, we now have all the stuff needed to
197 * start encrypting, so lets fire it up :-) */
198 if (!ssl2_enc_init(s,1))
199 {
200 ret= -1;
201 goto end;
202 }
203 s->s2->clear_text=0;
204 s->state=SSL2_ST_SEND_CLIENT_FINISHED_A;
205 break;
206
207 case SSL2_ST_SEND_CLIENT_FINISHED_A:
208 case SSL2_ST_SEND_CLIENT_FINISHED_B:
209 ret=client_finished(s);
210 if (ret <= 0) goto end;
211 s->init_num=0;
212 s->state=SSL2_ST_GET_SERVER_VERIFY_A;
213 break;
214
215 case SSL2_ST_GET_SERVER_VERIFY_A:
216 case SSL2_ST_GET_SERVER_VERIFY_B:
217 ret=get_server_verify(s);
218 if (ret <= 0) goto end;
219 s->init_num=0;
220 s->state=SSL2_ST_GET_SERVER_FINISHED_A;
221 break;
222
223 case SSL2_ST_GET_SERVER_FINISHED_A:
224 case SSL2_ST_GET_SERVER_FINISHED_B:
225 ret=get_server_finished(s);
226 if (ret <= 0) goto end;
227 break;
228
229 case SSL2_ST_SEND_CLIENT_CERTIFICATE_A:
230 case SSL2_ST_SEND_CLIENT_CERTIFICATE_B:
231 case SSL2_ST_SEND_CLIENT_CERTIFICATE_C:
232 case SSL2_ST_SEND_CLIENT_CERTIFICATE_D:
233 case SSL2_ST_X509_GET_CLIENT_CERTIFICATE:
234 ret=client_certificate(s);
235 if (ret <= 0) goto end;
236 s->init_num=0;
237 s->state=SSL2_ST_GET_SERVER_FINISHED_A;
238 break;
239
240 case SSL_ST_OK:
241 if (s->init_buf != NULL)
242 {
243 BUF_MEM_free(s->init_buf);
244 s->init_buf=NULL;
245 }
246 s->init_num=0;
247 /* ERR_clear_error();*/
248
249 /* If we want to cache session-ids in the client
250 * and we successfully add the session-id to the
251 * cache, and there is a callback, then pass it out.
252 * 26/11/96 - eay - only add if not a re-used session.
253 */
254
255 ssl_update_cache(s,SSL_SESS_CACHE_CLIENT);
256 if (s->hit) s->ctx->stats.sess_hit++;
257
258 ret=1;
259 /* s->server=0; */
260 s->ctx->stats.sess_connect_good++;
261
262 if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1);
263
264 goto end;
265 /* break; */
266 default:
267 SSLerr(SSL_F_SSL2_CONNECT,SSL_R_UNKNOWN_STATE);
268 return(-1);
269 /* break; */
270 }
271
272 if ((cb != NULL) && (s->state != state))
273 {
274 new_state=s->state;
275 s->state=state;
276 cb(s,SSL_CB_CONNECT_LOOP,1);
277 s->state=new_state;
278 }
279 }
280end:
281 s->in_handshake--;
282 if (cb != NULL)
283 cb(s,SSL_CB_CONNECT_EXIT,ret);
284 return(ret);
285 }
286
287static int get_server_hello(SSL *s)
288 {
289 unsigned char *buf;
290 unsigned char *p;
291 int i,j;
292 STACK_OF(SSL_CIPHER) *sk=NULL,*cl;
293
294 buf=(unsigned char *)s->init_buf->data;
295 p=buf;
296 if (s->state == SSL2_ST_GET_SERVER_HELLO_A)
297 {
298 i=ssl2_read(s,(char *)&(buf[s->init_num]),11-s->init_num);
299 if (i < (11-s->init_num))
300 return(ssl2_part_read(s,SSL_F_GET_SERVER_HELLO,i));
301
302 if (*(p++) != SSL2_MT_SERVER_HELLO)
303 {
304 if (p[-1] != SSL2_MT_ERROR)
305 {
306 ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
307 SSLerr(SSL_F_GET_SERVER_HELLO,
308 SSL_R_READ_WRONG_PACKET_TYPE);
309 }
310 else
311 SSLerr(SSL_F_GET_SERVER_HELLO,
312 SSL_R_PEER_ERROR);
313 return(-1);
314 }
315#ifdef __APPLE_CC__
316 /* The Rhapsody 5.5 (a.k.a. MacOS X) compiler bug
317 * workaround. <appro@fy.chalmers.se> */
318 s->hit=(i=*(p++))?1:0;
319#else
320 s->hit=(*(p++))?1:0;
321#endif
322 s->s2->tmp.cert_type= *(p++);
323 n2s(p,i);
324 if (i < s->version) s->version=i;
325 n2s(p,i); s->s2->tmp.cert_length=i;
326 n2s(p,i); s->s2->tmp.csl=i;
327 n2s(p,i); s->s2->tmp.conn_id_length=i;
328 s->state=SSL2_ST_GET_SERVER_HELLO_B;
329 s->init_num=0;
330 }
331
332 /* SSL2_ST_GET_SERVER_HELLO_B */
333 j=s->s2->tmp.cert_length+s->s2->tmp.csl+s->s2->tmp.conn_id_length
334 - s->init_num;
335 i=ssl2_read(s,(char *)&(buf[s->init_num]),j);
336 if (i != j) return(ssl2_part_read(s,SSL_F_GET_SERVER_HELLO,i));
337
338 /* things are looking good */
339
340 p=buf;
341 if (s->hit)
342 {
343 if (s->s2->tmp.cert_length != 0)
344 {
345 SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_REUSE_CERT_LENGTH_NOT_ZERO);
346 return(-1);
347 }
348 if (s->s2->tmp.cert_type != 0)
349 {
350 if (!(s->options &
351 SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG))
352 {
353 SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_REUSE_CERT_TYPE_NOT_ZERO);
354 return(-1);
355 }
356 }
357 if (s->s2->tmp.csl != 0)
358 {
359 SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_REUSE_CIPHER_LIST_NOT_ZERO);
360 return(-1);
361 }
362 }
363 else
364 {
365#ifdef undef
366 /* very bad */
367 memset(s->session->session_id,0,
368 SSL_MAX_SSL_SESSION_ID_LENGTH_IN_BYTES);
369 s->session->session_id_length=0;
370 */
371#endif
372
373 /* we need to do this in case we were trying to reuse a
374 * client session but others are already reusing it.
375 * If this was a new 'blank' session ID, the session-id
376 * length will still be 0 */
377 if (s->session->session_id_length > 0)
378 {
379 if (!ssl_get_new_session(s,0))
380 {
381 ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
382 return(-1);
383 }
384 }
385
386 if (ssl2_set_certificate(s,s->s2->tmp.cert_type,
387 s->s2->tmp.cert_length,p) <= 0)
388 {
389 ssl2_return_error(s,SSL2_PE_BAD_CERTIFICATE);
390 return(-1);
391 }
392 p+=s->s2->tmp.cert_length;
393
394 if (s->s2->tmp.csl == 0)
395 {
396 ssl2_return_error(s,SSL2_PE_NO_CIPHER);
397 SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_NO_CIPHER_LIST);
398 return(-1);
399 }
400
401 /* We have just received a list of ciphers back from the
402 * server. We need to get the ones that match, then select
403 * the one we want the most :-). */
404
405 /* load the ciphers */
406 sk=ssl_bytes_to_cipher_list(s,p,s->s2->tmp.csl,
407 &s->session->ciphers);
408 p+=s->s2->tmp.csl;
409 if (sk == NULL)
410 {
411 ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
412 SSLerr(SSL_F_GET_SERVER_HELLO,ERR_R_MALLOC_FAILURE);
413 return(-1);
414 }
415
416 sk_SSL_CIPHER_set_cmp_func(sk,ssl_cipher_ptr_id_cmp);
417
418 /* get the array of ciphers we will accept */
419 cl=ssl_get_ciphers_by_id(s);
420
421 /* In theory we could have ciphers sent back that we
422 * don't want to use but that does not matter since we
423 * will check against the list we originally sent and
424 * for performance reasons we should not bother to match
425 * the two lists up just to check. */
426 for (i=0; i<sk_SSL_CIPHER_num(cl); i++)
427 {
428 if (sk_SSL_CIPHER_find(sk,
429 sk_SSL_CIPHER_value(cl,i)) >= 0)
430 break;
431 }
432
433 if (i >= sk_SSL_CIPHER_num(cl))
434 {
435 ssl2_return_error(s,SSL2_PE_NO_CIPHER);
436 SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_NO_CIPHER_MATCH);
437 return(-1);
438 }
439 s->session->cipher=sk_SSL_CIPHER_value(cl,i);
440
441
442 if (s->session->peer != NULL) /* can't happen*/
443 {
444 ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
445 SSLerr(SSL_F_GET_SERVER_HELLO, SSL_R_INTERNAL_ERROR);
446 return(-1);
447 }
448
449 s->session->peer = s->session->sess_cert->peer_key->x509;
450 /* peer_key->x509 has been set by ssl2_set_certificate. */
451 CRYPTO_add(&s->session->peer->references, 1, CRYPTO_LOCK_X509);
452 }
453
454 if (s->session->peer != s->session->sess_cert->peer_key->x509)
455 /* can't happen */
456 {
457 ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
458 SSLerr(SSL_F_GET_SERVER_HELLO, SSL_R_INTERNAL_ERROR);
459 return(-1);
460 }
461
462 s->s2->conn_id_length=s->s2->tmp.conn_id_length;
463 memcpy(s->s2->conn_id,p,s->s2->tmp.conn_id_length);
464 return(1);
465 }
466
467static int client_hello(SSL *s)
468 {
469 unsigned char *buf;
470 unsigned char *p,*d;
471/* CIPHER **cipher;*/
472 int i,n,j;
473
474 buf=(unsigned char *)s->init_buf->data;
475 if (s->state == SSL2_ST_SEND_CLIENT_HELLO_A)
476 {
477 if ((s->session == NULL) ||
478 (s->session->ssl_version != s->version))
479 {
480 if (!ssl_get_new_session(s,0))
481 {
482 ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
483 return(-1);
484 }
485 }
486 /* else use the pre-loaded session */
487
488 p=buf; /* header */
489 d=p+9; /* data section */
490 *(p++)=SSL2_MT_CLIENT_HELLO; /* type */
491 s2n(SSL2_VERSION,p); /* version */
492 n=j=0;
493
494 n=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),d);
495 d+=n;
496
497 if (n == 0)
498 {
499 SSLerr(SSL_F_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE);
500 return(-1);
501 }
502
503 s2n(n,p); /* cipher spec num bytes */
504
505 if ((s->session->session_id_length > 0) &&
506 (s->session->session_id_length <=
507 SSL2_MAX_SSL_SESSION_ID_LENGTH))
508 {
509 i=s->session->session_id_length;
510 s2n(i,p); /* session id length */
511 memcpy(d,s->session->session_id,(unsigned int)i);
512 d+=i;
513 }
514 else
515 {
516 s2n(0,p);
517 }
518
519 s->s2->challenge_length=SSL2_CHALLENGE_LENGTH;
520 s2n(SSL2_CHALLENGE_LENGTH,p); /* challenge length */
521 /*challenge id data*/
522 RAND_pseudo_bytes(s->s2->challenge,SSL2_CHALLENGE_LENGTH);
523 memcpy(d,s->s2->challenge,SSL2_CHALLENGE_LENGTH);
524 d+=SSL2_CHALLENGE_LENGTH;
525
526 s->state=SSL2_ST_SEND_CLIENT_HELLO_B;
527 s->init_num=d-buf;
528 s->init_off=0;
529 }
530 /* SSL2_ST_SEND_CLIENT_HELLO_B */
531 return(ssl2_do_write(s));
532 }
533
534static int client_master_key(SSL *s)
535 {
536 unsigned char *buf;
537 unsigned char *p,*d;
538 int clear,enc,karg,i;
539 SSL_SESSION *sess;
540 const EVP_CIPHER *c;
541 const EVP_MD *md;
542
543 buf=(unsigned char *)s->init_buf->data;
544 if (s->state == SSL2_ST_SEND_CLIENT_MASTER_KEY_A)
545 {
546
547 if (!ssl_cipher_get_evp(s->session,&c,&md,NULL))
548 {
549 ssl2_return_error(s,SSL2_PE_NO_CIPHER);
550 SSLerr(SSL_F_CLIENT_MASTER_KEY,SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS);
551 return(-1);
552 }
553 sess=s->session;
554 p=buf;
555 d=p+10;
556 *(p++)=SSL2_MT_CLIENT_MASTER_KEY;/* type */
557
558 i=ssl_put_cipher_by_char(s,sess->cipher,p);
559 p+=i;
560
561 /* make key_arg data */
562 i=EVP_CIPHER_iv_length(c);
563 sess->key_arg_length=i;
564 if (i > 0) RAND_pseudo_bytes(sess->key_arg,i);
565
566 /* make a master key */
567 i=EVP_CIPHER_key_length(c);
568 sess->master_key_length=i;
569 if (i > 0)
570 {
571 if (RAND_bytes(sess->master_key,i) <= 0)
572 {
573 ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
574 return(-1);
575 }
576 }
577
578 if (sess->cipher->algorithm2 & SSL2_CF_8_BYTE_ENC)
579 enc=8;
580 else if (SSL_C_IS_EXPORT(sess->cipher))
581 enc=5;
582 else
583 enc=i;
584
585 if (i < enc)
586 {
587 ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
588 SSLerr(SSL_F_CLIENT_MASTER_KEY,SSL_R_CIPHER_TABLE_SRC_ERROR);
589 return(-1);
590 }
591 clear=i-enc;
592 s2n(clear,p);
593 memcpy(d,sess->master_key,(unsigned int)clear);
594 d+=clear;
595
596 enc=ssl_rsa_public_encrypt(sess->sess_cert,enc,
597 &(sess->master_key[clear]),d,
598 (s->s2->ssl2_rollback)?RSA_SSLV23_PADDING:RSA_PKCS1_PADDING);
599 if (enc <= 0)
600 {
601 ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
602 SSLerr(SSL_F_CLIENT_MASTER_KEY,SSL_R_PUBLIC_KEY_ENCRYPT_ERROR);
603 return(-1);
604 }
605#ifdef PKCS1_CHECK
606 if (s->options & SSL_OP_PKCS1_CHECK_1) d[1]++;
607 if (s->options & SSL_OP_PKCS1_CHECK_2)
608 sess->master_key[clear]++;
609#endif
610 s2n(enc,p);
611 d+=enc;
612 karg=sess->key_arg_length;
613 s2n(karg,p); /* key arg size */
614 memcpy(d,sess->key_arg,(unsigned int)karg);
615 d+=karg;
616
617 s->state=SSL2_ST_SEND_CLIENT_MASTER_KEY_B;
618 s->init_num=d-buf;
619 s->init_off=0;
620 }
621
622 /* SSL2_ST_SEND_CLIENT_MASTER_KEY_B */
623 return(ssl2_do_write(s));
624 }
625
626static int client_finished(SSL *s)
627 {
628 unsigned char *p;
629
630 if (s->state == SSL2_ST_SEND_CLIENT_FINISHED_A)
631 {
632 p=(unsigned char *)s->init_buf->data;
633 *(p++)=SSL2_MT_CLIENT_FINISHED;
634 memcpy(p,s->s2->conn_id,(unsigned int)s->s2->conn_id_length);
635
636 s->state=SSL2_ST_SEND_CLIENT_FINISHED_B;
637 s->init_num=s->s2->conn_id_length+1;
638 s->init_off=0;
639 }
640 return(ssl2_do_write(s));
641 }
642
643/* read the data and then respond */
644static int client_certificate(SSL *s)
645 {
646 unsigned char *buf;
647 unsigned char *p,*d;
648 int i;
649 unsigned int n;
650 int cert_ch_len=0;
651 unsigned char *cert_ch;
652
653 buf=(unsigned char *)s->init_buf->data;
654 cert_ch= &(buf[2]);
655
656 /* We have a cert associated with the SSL, so attach it to
657 * the session if it does not have one */
658
659 if (s->state == SSL2_ST_SEND_CLIENT_CERTIFICATE_A)
660 {
661 i=ssl2_read(s,(char *)&(buf[s->init_num]),
662 SSL2_MAX_CERT_CHALLENGE_LENGTH+1-s->init_num);
663 if (i<(SSL2_MIN_CERT_CHALLENGE_LENGTH+1-s->init_num))
664 return(ssl2_part_read(s,SSL_F_CLIENT_CERTIFICATE,i));
665
666 /* type=buf[0]; */
667 /* type eq x509 */
668 if (buf[1] != SSL2_AT_MD5_WITH_RSA_ENCRYPTION)
669 {
670 ssl2_return_error(s,SSL2_PE_UNSUPPORTED_CERTIFICATE_TYPE);
671 SSLerr(SSL_F_CLIENT_CERTIFICATE,SSL_R_BAD_AUTHENTICATION_TYPE);
672 return(-1);
673 }
674 cert_ch_len=i-1;
675
676 if ((s->cert == NULL) ||
677 (s->cert->key->x509 == NULL) ||
678 (s->cert->key->privatekey == NULL))
679 {
680 s->state=SSL2_ST_X509_GET_CLIENT_CERTIFICATE;
681 }
682 else
683 s->state=SSL2_ST_SEND_CLIENT_CERTIFICATE_C;
684 }
685
686 if (s->state == SSL2_ST_X509_GET_CLIENT_CERTIFICATE)
687 {
688 X509 *x509=NULL;
689 EVP_PKEY *pkey=NULL;
690
691 /* If we get an error we need to
692 * ssl->rwstate=SSL_X509_LOOKUP;
693 * return(error);
694 * We should then be retried when things are ok and we
695 * can get a cert or not */
696
697 i=0;
698 if (s->ctx->client_cert_cb != NULL)
699 {
700 i=s->ctx->client_cert_cb(s,&(x509),&(pkey));
701 }
702
703 if (i < 0)
704 {
705 s->rwstate=SSL_X509_LOOKUP;
706 return(-1);
707 }
708 s->rwstate=SSL_NOTHING;
709
710 if ((i == 1) && (pkey != NULL) && (x509 != NULL))
711 {
712 s->state=SSL2_ST_SEND_CLIENT_CERTIFICATE_C;
713 if ( !SSL_use_certificate(s,x509) ||
714 !SSL_use_PrivateKey(s,pkey))
715 {
716 i=0;
717 }
718 X509_free(x509);
719 EVP_PKEY_free(pkey);
720 }
721 else if (i == 1)
722 {
723 if (x509 != NULL) X509_free(x509);
724 if (pkey != NULL) EVP_PKEY_free(pkey);
725 SSLerr(SSL_F_CLIENT_CERTIFICATE,SSL_R_BAD_DATA_RETURNED_BY_CALLBACK);
726 i=0;
727 }
728
729 if (i == 0)
730 {
731 /* We have no client certificate to respond with
732 * so send the correct error message back */
733 s->state=SSL2_ST_SEND_CLIENT_CERTIFICATE_B;
734 p=buf;
735 *(p++)=SSL2_MT_ERROR;
736 s2n(SSL2_PE_NO_CERTIFICATE,p);
737 s->init_off=0;
738 s->init_num=3;
739 /* Write is done at the end */
740 }
741 }
742
743 if (s->state == SSL2_ST_SEND_CLIENT_CERTIFICATE_B)
744 {
745 return(ssl2_do_write(s));
746 }
747
748 if (s->state == SSL2_ST_SEND_CLIENT_CERTIFICATE_C)
749 {
750 EVP_MD_CTX ctx;
751
752 /* ok, now we calculate the checksum
753 * do it first so we can reuse buf :-) */
754 p=buf;
755 EVP_SignInit(&ctx,s->ctx->rsa_md5);
756 EVP_SignUpdate(&ctx,s->s2->key_material,
757 (unsigned int)s->s2->key_material_length);
758 EVP_SignUpdate(&ctx,cert_ch,(unsigned int)cert_ch_len);
759 n=i2d_X509(s->session->sess_cert->peer_key->x509,&p);
760 EVP_SignUpdate(&ctx,buf,(unsigned int)n);
761
762 p=buf;
763 d=p+6;
764 *(p++)=SSL2_MT_CLIENT_CERTIFICATE;
765 *(p++)=SSL2_CT_X509_CERTIFICATE;
766 n=i2d_X509(s->cert->key->x509,&d);
767 s2n(n,p);
768
769 if (!EVP_SignFinal(&ctx,d,&n,s->cert->key->privatekey))
770 {
771 /* this is not good. If things have failed it
772 * means there so something wrong with the key.
773 * We will continue with a 0 length signature
774 */
775 }
776 memset(&ctx,0,sizeof(ctx));
777 s2n(n,p);
778 d+=n;
779
780 s->state=SSL2_ST_SEND_CLIENT_CERTIFICATE_D;
781 s->init_num=d-buf;
782 s->init_off=0;
783 }
784 /* if (s->state == SSL2_ST_SEND_CLIENT_CERTIFICATE_D) */
785 return(ssl2_do_write(s));
786 }
787
788static int get_server_verify(SSL *s)
789 {
790 unsigned char *p;
791 int i;
792
793 p=(unsigned char *)s->init_buf->data;
794 if (s->state == SSL2_ST_GET_SERVER_VERIFY_A)
795 {
796 i=ssl2_read(s,(char *)&(p[s->init_num]),1-s->init_num);
797 if (i < (1-s->init_num))
798 return(ssl2_part_read(s,SSL_F_GET_SERVER_VERIFY,i));
799
800 s->state= SSL2_ST_GET_SERVER_VERIFY_B;
801 s->init_num=0;
802 if (*p != SSL2_MT_SERVER_VERIFY)
803 {
804 if (p[0] != SSL2_MT_ERROR)
805 {
806 ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
807 SSLerr(SSL_F_GET_SERVER_VERIFY,
808 SSL_R_READ_WRONG_PACKET_TYPE);
809 }
810 else
811 SSLerr(SSL_F_GET_SERVER_VERIFY,
812 SSL_R_PEER_ERROR);
813 return(-1);
814 }
815 }
816
817 p=(unsigned char *)s->init_buf->data;
818 i=ssl2_read(s,(char *)&(p[s->init_num]),
819 (unsigned int)s->s2->challenge_length-s->init_num);
820 if (i < ((int)s->s2->challenge_length-s->init_num))
821 return(ssl2_part_read(s,SSL_F_GET_SERVER_VERIFY,i));
822 if (memcmp(p,s->s2->challenge,(unsigned int)s->s2->challenge_length) != 0)
823 {
824 ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
825 SSLerr(SSL_F_GET_SERVER_VERIFY,SSL_R_CHALLENGE_IS_DIFFERENT);
826 return(-1);
827 }
828 return(1);
829 }
830
831static int get_server_finished(SSL *s)
832 {
833 unsigned char *buf;
834 unsigned char *p;
835 int i;
836
837 buf=(unsigned char *)s->init_buf->data;
838 p=buf;
839 if (s->state == SSL2_ST_GET_SERVER_FINISHED_A)
840 {
841 i=ssl2_read(s,(char *)&(buf[s->init_num]),1-s->init_num);
842 if (i < (1-s->init_num))
843 return(ssl2_part_read(s,SSL_F_GET_SERVER_FINISHED,i));
844 s->init_num=i;
845 if (*p == SSL2_MT_REQUEST_CERTIFICATE)
846 {
847 s->state=SSL2_ST_SEND_CLIENT_CERTIFICATE_A;
848 return(1);
849 }
850 else if (*p != SSL2_MT_SERVER_FINISHED)
851 {
852 if (p[0] != SSL2_MT_ERROR)
853 {
854 ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
855 SSLerr(SSL_F_GET_SERVER_FINISHED,SSL_R_READ_WRONG_PACKET_TYPE);
856 }
857 else
858 SSLerr(SSL_F_GET_SERVER_FINISHED,SSL_R_PEER_ERROR);
859 return(-1);
860 }
861 s->state=SSL_ST_OK;
862 s->init_num=0;
863 }
864
865 i=ssl2_read(s,(char *)&(buf[s->init_num]),
866 SSL2_SSL_SESSION_ID_LENGTH-s->init_num);
867 if (i < (SSL2_SSL_SESSION_ID_LENGTH-s->init_num))
868 return(ssl2_part_read(s,SSL_F_GET_SERVER_FINISHED,i));
869
870 if (!s->hit) /* new session */
871 {
872 /* new session-id */
873 /* Make sure we were not trying to re-use an old SSL_SESSION
874 * or bad things can happen */
875 /* ZZZZZZZZZZZZZ */
876 s->session->session_id_length=SSL2_SSL_SESSION_ID_LENGTH;
877 memcpy(s->session->session_id,p,SSL2_SSL_SESSION_ID_LENGTH);
878 }
879 else
880 {
881 if (!(s->options & SSL_OP_MICROSOFT_SESS_ID_BUG))
882 {
883 if (memcmp(buf,s->session->session_id,
884 (unsigned int)s->session->session_id_length) != 0)
885 {
886 ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
887 SSLerr(SSL_F_GET_SERVER_FINISHED,SSL_R_SSL_SESSION_ID_IS_DIFFERENT);
888 return(-1);
889 }
890 }
891 }
892 return(1);
893 }
894
895/* loads in the certificate from the server */
896int ssl2_set_certificate(SSL *s, int type, int len, unsigned char *data)
897 {
898 STACK_OF(X509) *sk=NULL;
899 EVP_PKEY *pkey=NULL;
900 SESS_CERT *sc=NULL;
901 int i;
902 X509 *x509=NULL;
903 int ret=0;
904
905 x509=d2i_X509(NULL,&data,(long)len);
906 if (x509 == NULL)
907 {
908 SSLerr(SSL_F_SSL2_SET_CERTIFICATE,ERR_R_X509_LIB);
909 goto err;
910 }
911
912 if ((sk=sk_X509_new_null()) == NULL || !sk_X509_push(sk,x509))
913 {
914 SSLerr(SSL_F_SSL2_SET_CERTIFICATE,ERR_R_MALLOC_FAILURE);
915 goto err;
916 }
917
918 i=ssl_verify_cert_chain(s,sk);
919
920 if ((s->verify_mode != SSL_VERIFY_NONE) && (!i))
921 {
922 SSLerr(SSL_F_SSL2_SET_CERTIFICATE,SSL_R_CERTIFICATE_VERIFY_FAILED);
923 goto err;
924 }
925 ERR_clear_error(); /* but we keep s->verify_result */
925
926 /* server's cert for this session */
927 sc=ssl_sess_cert_new();
928 if (sc == NULL)
929 {
930 ret= -1;
931 goto err;
932 }
933 if (s->session->sess_cert) ssl_sess_cert_free(s->session->sess_cert);
934 s->session->sess_cert=sc;
935
936 sc->peer_pkeys[SSL_PKEY_RSA_ENC].x509=x509;
937 sc->peer_key= &(sc->peer_pkeys[SSL_PKEY_RSA_ENC]);
938
939 pkey=X509_get_pubkey(x509);
940 x509=NULL;
941 if (pkey == NULL)
942 {
943 SSLerr(SSL_F_SSL2_SET_CERTIFICATE,SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY);
944 goto err;
945 }
946 if (pkey->type != EVP_PKEY_RSA)
947 {
948 SSLerr(SSL_F_SSL2_SET_CERTIFICATE,SSL_R_PUBLIC_KEY_NOT_RSA);
949 goto err;
950 }
951
952 if (!ssl_set_peer_cert_type(sc,SSL2_CT_X509_CERTIFICATE))
953 goto err;
954 ret=1;
955err:
956 sk_X509_free(sk);
957 X509_free(x509);
958 EVP_PKEY_free(pkey);
959 return(ret);
960 }
961
962static int ssl_rsa_public_encrypt(SESS_CERT *sc, int len, unsigned char *from,
963 unsigned char *to, int padding)
964 {
965 EVP_PKEY *pkey=NULL;
966 int i= -1;
967
968 if ((sc == NULL) || (sc->peer_key->x509 == NULL) ||
969 ((pkey=X509_get_pubkey(sc->peer_key->x509)) == NULL))
970 {
971 SSLerr(SSL_F_SSL_RSA_PUBLIC_ENCRYPT,SSL_R_NO_PUBLICKEY);
972 return(-1);
973 }
974 if (pkey->type != EVP_PKEY_RSA)
975 {
976 SSLerr(SSL_F_SSL_RSA_PUBLIC_ENCRYPT,SSL_R_PUBLIC_KEY_IS_NOT_RSA);
977 goto end;
978 }
979
980 /* we have the public key */
981 i=RSA_public_encrypt(len,from,to,pkey->pkey.rsa,padding);
982 if (i < 0)
983 SSLerr(SSL_F_SSL_RSA_PUBLIC_ENCRYPT,ERR_R_RSA_LIB);
984end:
985 EVP_PKEY_free(pkey);
986 return(i);
987 }
988#else /* !NO_SSL2 */
989
990# if PEDANTIC
991static void *dummy=&dummy;
992# endif
993
994#endif
926
927 /* server's cert for this session */
928 sc=ssl_sess_cert_new();
929 if (sc == NULL)
930 {
931 ret= -1;
932 goto err;
933 }
934 if (s->session->sess_cert) ssl_sess_cert_free(s->session->sess_cert);
935 s->session->sess_cert=sc;
936
937 sc->peer_pkeys[SSL_PKEY_RSA_ENC].x509=x509;
938 sc->peer_key= &(sc->peer_pkeys[SSL_PKEY_RSA_ENC]);
939
940 pkey=X509_get_pubkey(x509);
941 x509=NULL;
942 if (pkey == NULL)
943 {
944 SSLerr(SSL_F_SSL2_SET_CERTIFICATE,SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY);
945 goto err;
946 }
947 if (pkey->type != EVP_PKEY_RSA)
948 {
949 SSLerr(SSL_F_SSL2_SET_CERTIFICATE,SSL_R_PUBLIC_KEY_NOT_RSA);
950 goto err;
951 }
952
953 if (!ssl_set_peer_cert_type(sc,SSL2_CT_X509_CERTIFICATE))
954 goto err;
955 ret=1;
956err:
957 sk_X509_free(sk);
958 X509_free(x509);
959 EVP_PKEY_free(pkey);
960 return(ret);
961 }
962
963static int ssl_rsa_public_encrypt(SESS_CERT *sc, int len, unsigned char *from,
964 unsigned char *to, int padding)
965 {
966 EVP_PKEY *pkey=NULL;
967 int i= -1;
968
969 if ((sc == NULL) || (sc->peer_key->x509 == NULL) ||
970 ((pkey=X509_get_pubkey(sc->peer_key->x509)) == NULL))
971 {
972 SSLerr(SSL_F_SSL_RSA_PUBLIC_ENCRYPT,SSL_R_NO_PUBLICKEY);
973 return(-1);
974 }
975 if (pkey->type != EVP_PKEY_RSA)
976 {
977 SSLerr(SSL_F_SSL_RSA_PUBLIC_ENCRYPT,SSL_R_PUBLIC_KEY_IS_NOT_RSA);
978 goto end;
979 }
980
981 /* we have the public key */
982 i=RSA_public_encrypt(len,from,to,pkey->pkey.rsa,padding);
983 if (i < 0)
984 SSLerr(SSL_F_SSL_RSA_PUBLIC_ENCRYPT,ERR_R_RSA_LIB);
985end:
986 EVP_PKEY_free(pkey);
987 return(i);
988 }
989#else /* !NO_SSL2 */
990
991# if PEDANTIC
992static void *dummy=&dummy;
993# endif
994
995#endif