if (!
(s->s3->tmp.
new_cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP))
-&& !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) {
+ && !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) {
ret = ssl3_get_server_certificate(s);
if (ret <= 0)
goto end;
al = SSL_AD_PROTOCOL_VERSION;
goto f_err;
}
- s->version = s->method->version;
+ s->session->ssl_version = s->version = s->method->version;
} else if ((p[0] != (s->version >> 8)) || (p[1] != (s->version & 0xff))) {
SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_WRONG_SSL_VERSION);
s->version = (s->version & 0xff00) | p[1];
const unsigned char *q, *p;
unsigned char *d;
STACK_OF(X509) *sk = NULL;
- SESS_CERT *sc;
EVP_PKEY *pkey = NULL;
n = s->method->ssl_get_message(s,
goto f_err;
}
- sc = ssl_sess_cert_new();
- if (sc == NULL)
- goto err;
-
- ssl_sess_cert_free(s->session->sess_cert);
- s->session->sess_cert = sc;
-
- sc->cert_chain = sk;
+ s->session->peer_chain = sk;
/*
* Inconsistency alert: cert_chain does include the peer's certificate,
* which we don't include in s3_srvr.c
SSL_R_WRONG_CERTIFICATE_TYPE);
goto f_err;
}
- sc->peer_cert_type = i;
- CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
- /*
- * Why would the following ever happen? We just created sc a couple
- * of lines ago.
- */
- X509_free(sc->peer_pkeys[i].x509);
- sc->peer_pkeys[i].x509 = x;
- sc->peer_key = &(sc->peer_pkeys[i]);
+ s->session->peer_type = i;
X509_free(s->session->peer);
CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
* problems later.
*/
if (alg_k & SSL_kPSK) {
- s->session->sess_cert = ssl_sess_cert_new();
OPENSSL_free(s->ctx->psk_identity_hint);
s->ctx->psk_identity_hint = NULL;
}
}
param = p = (unsigned char *)s->init_msg;
- if (s->session->sess_cert != NULL) {
+
#ifndef OPENSSL_NO_RSA
- RSA_free(s->session->sess_cert->peer_rsa_tmp);
- s->session->sess_cert->peer_rsa_tmp = NULL;
+ RSA_free(s->s3->peer_rsa_tmp);
+ s->s3->peer_rsa_tmp = NULL;
#endif
#ifndef OPENSSL_NO_DH
- DH_free(s->session->sess_cert->peer_dh_tmp);
- s->session->sess_cert->peer_dh_tmp = NULL;
+ DH_free(s->s3->peer_dh_tmp);
+ s->s3->peer_dh_tmp = NULL;
#endif
#ifndef OPENSSL_NO_EC
- EC_KEY_free(s->session->sess_cert->peer_ecdh_tmp);
- s->session->sess_cert->peer_ecdh_tmp = NULL;
+ EC_KEY_free(s->s3->peer_ecdh_tmp);
+ s->s3->peer_ecdh_tmp = NULL;
#endif
- } else {
- s->session->sess_cert = ssl_sess_cert_new();
- }
/* Total length of the parameters including the length prefix */
param_len = 0;
}
/* We must check if there is a certificate */
-# ifndef OPENSSL_NO_RSA
- if (alg_a & SSL_aRSA)
- pkey =
- X509_get_pubkey(s->session->
- sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
-# else
- if (0) ;
-# endif
-# ifndef OPENSSL_NO_DSA
- else if (alg_a & SSL_aDSS)
- pkey =
- X509_get_pubkey(s->session->
- sess_cert->peer_pkeys[SSL_PKEY_DSA_SIGN].
- x509);
-# endif
+ if (alg_a & (SSL_aRSA|SSL_aDSS))
+ pkey = X509_get_pubkey(s->session->peer);
} else
#endif /* !OPENSSL_NO_SRP */
#ifndef OPENSSL_NO_RSA
/* this should be because we are using an export cipher */
if (alg_a & SSL_aRSA)
- pkey =
- X509_get_pubkey(s->session->
- sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
+ pkey = X509_get_pubkey(s->session->peer);
else {
SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
goto err;
}
- s->session->sess_cert->peer_rsa_tmp = rsa;
+
+ if (EVP_PKEY_bits(pkey) <= SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) {
+ al = SSL_AD_UNEXPECTED_MESSAGE;
+ SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_UNEXPECTED_MESSAGE);
+ goto f_err;
+ }
+
+ s->s3->peer_rsa_tmp = rsa;
rsa = NULL;
}
#else /* OPENSSL_NO_RSA */
SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_DH_KEY_TOO_SMALL);
goto f_err;
}
-# ifndef OPENSSL_NO_RSA
- if (alg_a & SSL_aRSA)
- pkey =
- X509_get_pubkey(s->session->
- sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
-# else
- if (0) ;
-# endif
-# ifndef OPENSSL_NO_DSA
- else if (alg_a & SSL_aDSS)
- pkey =
- X509_get_pubkey(s->session->
- sess_cert->peer_pkeys[SSL_PKEY_DSA_SIGN].
- x509);
-# endif
+ if (alg_a & (SSL_aRSA|SSL_aDSS))
+ pkey = X509_get_pubkey(s->session->peer);
/* else anonymous DH, so no certificate or pkey. */
- s->session->sess_cert->peer_dh_tmp = dh;
+ s->s3->peer_dh_tmp = dh;
dh = NULL;
}
#endif /* !OPENSSL_NO_DH */
if (0) ;
# ifndef OPENSSL_NO_RSA
else if (alg_a & SSL_aRSA)
- pkey =
- X509_get_pubkey(s->session->
- sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
+ pkey = X509_get_pubkey(s->session->peer);
# endif
# ifndef OPENSSL_NO_EC
else if (alg_a & SSL_aECDSA)
- pkey =
- X509_get_pubkey(s->session->
- sess_cert->peer_pkeys[SSL_PKEY_ECC].x509);
+ pkey = X509_get_pubkey(s->session->peer);
# endif
/* else anonymous ECDH, so no certificate or pkey. */
EC_KEY_set_public_key(ecdh, srvr_ecpoint);
- s->session->sess_cert->peer_ecdh_tmp = ecdh;
+ s->s3->peer_ecdh_tmp = ecdh;
ecdh = NULL;
BN_CTX_free(bn_ctx);
bn_ctx = NULL;
if (!pms)
goto memerr;
- if (s->session->sess_cert == NULL) {
+ if (s->session->peer == NULL) {
/*
* We should always have a server certificate with SSL_kRSA.
*/
goto err;
}
- if (s->session->sess_cert->peer_rsa_tmp != NULL)
- rsa = s->session->sess_cert->peer_rsa_tmp;
+ if (s->s3->peer_rsa_tmp != NULL)
+ rsa = s->s3->peer_rsa_tmp;
else {
- pkey =
- X509_get_pubkey(s->session->
- sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].
- x509);
+ pkey = X509_get_pubkey(s->session->peer);
if ((pkey == NULL) || (pkey->type != EVP_PKEY_RSA)
|| (pkey->pkey.rsa == NULL)) {
SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
#ifndef OPENSSL_NO_DH
else if (alg_k & (SSL_kDHE | SSL_kDHr | SSL_kDHd)) {
DH *dh_srvr, *dh_clnt;
- SESS_CERT *scert = s->session->sess_cert;
-
- if (scert == NULL) {
- ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
- SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
- SSL_R_UNEXPECTED_MESSAGE);
- goto err;
- }
-
- if (scert->peer_dh_tmp != NULL)
- dh_srvr = scert->peer_dh_tmp;
+ if (s->s3->peer_dh_tmp != NULL)
+ dh_srvr = s->s3->peer_dh_tmp;
else {
/* we get them from the cert */
- int idx = scert->peer_cert_type;
EVP_PKEY *spkey = NULL;
dh_srvr = NULL;
- if (idx >= 0)
- spkey = X509_get_pubkey(scert->peer_pkeys[idx].x509);
+ spkey = X509_get_pubkey(s->session->peer);
if (spkey) {
dh_srvr = EVP_PKEY_get1_DH(spkey);
EVP_PKEY_free(spkey);
*/
n = DH_compute_key(pms, dh_srvr->pub_key, dh_clnt);
- if (scert->peer_dh_tmp == NULL)
+ if (s->s3->peer_dh_tmp == NULL)
DH_free(dh_srvr);
if (n <= 0) {
}
DH_free(dh_clnt);
-
- /* perhaps clean things up a bit EAY EAY EAY EAY */
}
#endif
EC_KEY *tkey;
int ecdh_clnt_cert = 0;
int field_size = 0;
-
- if (s->session->sess_cert == NULL) {
- ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
- SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
- SSL_R_UNEXPECTED_MESSAGE);
- goto err;
- }
-
/*
* Did we send out the client's ECDH share for use in premaster
* computation as part of client certificate? If so, set
*/
}
- if (s->session->sess_cert->peer_ecdh_tmp != NULL) {
- tkey = s->session->sess_cert->peer_ecdh_tmp;
+ if (s->s3->peer_ecdh_tmp != NULL) {
+ tkey = s->s3->peer_ecdh_tmp;
} else {
/* Get the Server Public Key from Cert */
- srvr_pub_pkey =
- X509_get_pubkey(s->session->
- sess_cert->peer_pkeys[SSL_PKEY_ECC].x509);
+ srvr_pub_pkey = X509_get_pubkey(s->session->peer);
if ((srvr_pub_pkey == NULL)
|| (srvr_pub_pkey->type != EVP_PKEY_EC)
|| (srvr_pub_pkey->pkey.ec == NULL)) {
X509 *peer_cert;
size_t msglen;
unsigned int md_len;
- int keytype;
unsigned char shared_ukm[32], tmp[256];
EVP_MD_CTX *ukm_hash;
EVP_PKEY *pub_key;
/*
* Get server sertificate PKEY and create ctx from it
*/
- peer_cert =
- s->session->
- sess_cert->peer_pkeys[(keytype = SSL_PKEY_GOST01)].x509;
- if (!peer_cert)
- peer_cert =
- s->session->
- sess_cert->peer_pkeys[(keytype = SSL_PKEY_GOST94)].x509;
+ peer_cert = s->session->peer;
if (!peer_cert) {
SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER);
alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
/* See if we can use client certificate for fixed DH */
if (alg_k & (SSL_kDHr | SSL_kDHd)) {
- SESS_CERT *scert = s->session->sess_cert;
- int i = scert->peer_cert_type;
+ int i = s->session->peer_type;
EVP_PKEY *clkey = NULL, *spkey = NULL;
clkey = s->cert->key->privatekey;
/* If client key not DH assume it can be used */
if (EVP_PKEY_id(clkey) != EVP_PKEY_DH)
return 1;
if (i >= 0)
- spkey = X509_get_pubkey(scert->peer_pkeys[i].x509);
+ spkey = X509_get_pubkey(s->session->peer);
if (spkey) {
/* Compare server and client parameters */
i = EVP_PKEY_cmp_parameters(clkey, spkey);
long alg_k, alg_a;
EVP_PKEY *pkey = NULL;
int pkey_bits;
- SESS_CERT *sc;
#ifndef OPENSSL_NO_RSA
RSA *rsa;
#endif
#ifndef OPENSSL_NO_DH
DH *dh;
#endif
+ int al = SSL_AD_HANDSHAKE_FAILURE;
alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
alg_a = s->s3->tmp.new_cipher->algorithm_auth;
/* we don't have a certificate */
if ((alg_a & SSL_aNULL) || (alg_k & SSL_kPSK))
return (1);
-
- sc = s->session->sess_cert;
- if (sc == NULL) {
- SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, ERR_R_INTERNAL_ERROR);
- goto err;
- }
#ifndef OPENSSL_NO_RSA
- rsa = s->session->sess_cert->peer_rsa_tmp;
+ rsa = s->s3->peer_rsa_tmp;
#endif
#ifndef OPENSSL_NO_DH
- dh = s->session->sess_cert->peer_dh_tmp;
+ dh = s->s3->peer_dh_tmp;
#endif
/* This is the passed certificate */
- idx = sc->peer_cert_type;
+ idx = s->session->peer_type;
#ifndef OPENSSL_NO_EC
if (idx == SSL_PKEY_ECC) {
- if (ssl_check_srvr_ecc_cert_and_alg(sc->peer_pkeys[idx].x509, s) == 0) {
+ if (ssl_check_srvr_ecc_cert_and_alg(s->session->peer, s) == 0) {
/* check failed */
SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_BAD_ECC_CERT);
goto f_err;
goto f_err;
}
#endif
- pkey = X509_get_pubkey(sc->peer_pkeys[idx].x509);
+ pkey = X509_get_pubkey(s->session->peer);
pkey_bits = EVP_PKEY_bits(pkey);
- i = X509_certificate_type(sc->peer_pkeys[idx].x509, pkey);
+ i = X509_certificate_type(s->session->peer, pkey);
EVP_PKEY_free(pkey);
/* Check that we have a certificate if we require one */
}
#endif
#ifndef OPENSSL_NO_RSA
- if ((alg_k & SSL_kRSA) &&
- !(has_bits(i, EVP_PK_RSA | EVP_PKT_ENC) || (rsa != NULL))) {
- SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
- SSL_R_MISSING_RSA_ENCRYPTING_CERT);
- goto f_err;
+ if (alg_k & SSL_kRSA) {
+ if (!SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) &&
+ !has_bits(i, EVP_PK_RSA | EVP_PKT_ENC)) {
+ SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
+ SSL_R_MISSING_RSA_ENCRYPTING_CERT);
+ goto f_err;
+ } else if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher)) {
+ if (pkey_bits <= SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) {
+ if (!has_bits(i, EVP_PK_RSA | EVP_PKT_ENC)) {
+ SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
+ SSL_R_MISSING_RSA_ENCRYPTING_CERT);
+ goto f_err;
+ }
+ if (rsa != NULL) {
+ /* server key exchange is not allowed. */
+ al = SSL_AD_INTERNAL_ERROR;
+ SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, ERR_R_INTERNAL_ERROR);
+ goto f_err;
+ }
+ }
+ }
}
#endif
#ifndef OPENSSL_NO_DH
- if ((alg_k & SSL_kDHE) &&
- !(has_bits(i, EVP_PK_DH | EVP_PKT_EXCH) || (dh != NULL))) {
- SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_MISSING_DH_KEY);
+ if ((alg_k & SSL_kDHE) && (dh == NULL)) {
+ al = SSL_AD_INTERNAL_ERROR;
+ SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, ERR_R_INTERNAL_ERROR);
goto f_err;
} else if ((alg_k & SSL_kDHr) && !SSL_USE_SIGALGS(s) &&
!has_bits(i, EVP_PK_DH | EVP_PKS_RSA)) {
pkey_bits > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) {
#ifndef OPENSSL_NO_RSA
if (alg_k & SSL_kRSA) {
- if (rsa == NULL
- || RSA_size(rsa) * 8 >
+ if (rsa == NULL) {
+ SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
+ SSL_R_MISSING_EXPORT_TMP_RSA_KEY);
+ goto f_err;
+ } else if (RSA_bits(rsa) >
SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) {
+ /* We have a temporary RSA key but it's too large. */
+ al = SSL_AD_EXPORT_RESTRICTION;
SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
SSL_R_MISSING_EXPORT_TMP_RSA_KEY);
goto f_err;
} else
#endif
#ifndef OPENSSL_NO_DH
- if (alg_k & (SSL_kDHE | SSL_kDHr | SSL_kDHd)) {
- if (dh == NULL
- || DH_size(dh) * 8 >
+ if (alg_k & SSL_kDHE) {
+ if (DH_bits(dh) >
SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) {
+ /* We have a temporary DH key but it's too large. */
+ al = SSL_AD_EXPORT_RESTRICTION;
SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
SSL_R_MISSING_EXPORT_TMP_DH_KEY);
goto f_err;
}
+ } else if (alg_k & (SSL_kDHr | SSL_kDHd)) {
+ /* The cert should have had an export DH key. */
+ al = SSL_AD_EXPORT_RESTRICTION;
+ SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
+ SSL_R_MISSING_EXPORT_TMP_DH_KEY);
+ goto f_err;
} else
#endif
{
}
return (1);
f_err:
- ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
- err:
+ ssl3_send_alert(s, SSL3_AL_FATAL, al);
return (0);
}