X-Git-Url: https://git.openssl.org/?a=blobdiff_plain;f=ssl%2Fs3_srvr.c;h=6c1751a9054505f75c08ae1825e263ac7118c3c6;hb=ce92bb54d1865fec51e8be173e8d12405a251a99;hp=ffa031f61e0ca712ab1ff8ce79fc95207614a080;hpb=ef236ec3b26300c0a18872c432122a74f9d5459e;p=openssl.git

diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index ffa031f61e..6c1751a905 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -472,7 +472,7 @@ int ssl3_accept(SSL *s)
 		
 		case SSL3_ST_SW_FLUSH:
 			/* number of bytes to be flushed */
-			num1=BIO_ctrl(s->wbio,BIO_CTRL_INFO,0,NULL);
+			num1=BIO_ctrl(s->wbio,BIO_CTRL_WPENDING,0,NULL);
 			if (num1 > 0)
 				{
 				s->rwstate=SSL_WRITING;
@@ -514,6 +514,9 @@ int ssl3_accept(SSL *s)
 				 * the client sends its ECDH pub key in
 				 * a certificate, the CertificateVerify
 				 * message is not sent.
+				 * Also for GOST ciphersuites when
+				 * the client uses its key from the certificate
+				 * for key exchange.
 				 */
 				s->state=SSL3_ST_SR_FINISHED_A;
 				s->init_num = 0;
@@ -2388,6 +2391,8 @@ int ssl3_get_client_key_exchange(SSL *s)
 		EC_POINT_free(clnt_ecpoint);
 		EC_KEY_free(srvr_ecdh);
 		BN_CTX_free(bn_ctx);
+		EC_KEY_free(s->s3->tmp.ecdh);
+		s->s3->tmp.ecdh = NULL; 
 
 		/* Compute the master secret */
 		s->session->master_key_length = s->method->ssl3_enc-> \
@@ -2494,33 +2499,70 @@ int ssl3_get_client_key_exchange(SSL *s)
 		else
 #endif
 		if (alg_k & SSL_kGOST) 
-		{
+			{
+			int ret = 0;
 			EVP_PKEY_CTX *pkey_ctx;
-			unsigned char premaster_secret[32];
-			size_t outlen;			
+			EVP_PKEY *client_pub_pkey = NULL;
+			unsigned char premaster_secret[32], *start;
+			size_t outlen=32, inlen;			
 
-			/* Get our certificate privatec key*/
+			/* Get our certificate private key*/
 			pkey_ctx = EVP_PKEY_CTX_new(s->cert->key->privatekey,NULL);	
 			EVP_PKEY_decrypt_init(pkey_ctx);
+			/* If client certificate is present and is of the same type, maybe
+			 * use it for key exchange.  Don't mind errors from
+			 * EVP_PKEY_derive_set_peer, because it is completely valid to use
+			 * a client certificate for authorization only. */
+			client_pub_pkey = X509_get_pubkey(s->session->peer);
+			if (client_pub_pkey)
+				{
+				if (EVP_PKEY_derive_set_peer(pkey_ctx, client_pub_pkey) <= 0)
+					ERR_clear_error();
+				}
 			/* Decrypt session key */
-			if ((*p!=( V_ASN1_SEQUENCE| V_ASN1_CONSTRUCTED)) || p[1]!=0x81 ) 
+			if ((*p!=( V_ASN1_SEQUENCE| V_ASN1_CONSTRUCTED))) 
 				{
 				SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_DECRYPTION_FAILED);
-				goto err;
-				}	
-			if (EVP_PKEY_decrypt(pkey_ctx,premaster_secret,&outlen,p+3,p[2]) <0) 
+				goto gerr;
+				}
+			if (p[1] == 0x81)
+				{
+				start = p+3;
+				inlen = p[2];
+				}
+			else if (p[1] < 0x80)
+				{
+				start = p+2;
+				inlen = p[1];
+				}
+			else
+				{
+				SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_DECRYPTION_FAILED);
+				goto gerr;
+				}
+			if (EVP_PKEY_decrypt(pkey_ctx,premaster_secret,&outlen,start,inlen) <=0) 
 
 				{
 				SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_DECRYPTION_FAILED);
-				goto err;
+				goto gerr;
 				}
 			/* Generate master secret */
-			EVP_PKEY_CTX_free(pkey_ctx);
 			s->session->master_key_length=
 				s->method->ssl3_enc->generate_master_secret(s,
 					s->session->master_key,premaster_secret,32);
-
-		}
+			/* Check if pubkey from client certificate was used */
+			if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 2, NULL) > 0)
+				ret = 2;
+			else
+				ret = 1;
+		gerr:
+			EVP_PKEY_free(client_pub_pkey);
+			EVP_PKEY_CTX_free(pkey_ctx);
+			if (ret)
+				return ret;
+			else
+				goto err;
+			}
 		else
 		{
 		al=SSL_AD_HANDSHAKE_FAILURE;