Initialize outlen.

[openssl.git] / ssl / s3_srvr.c

diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index eaaadde3ad82e4781a1256989db9130186c40481..01a84e6f76d89da876128479ccd91657ea1cd5cb 100644 (file)
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -514,6 +514,9 @@ int ssl3_accept(SSL *s)
                                 * the client sends its ECDH pub key in
                                 * a certificate, the CertificateVerify
                                 * message is not sent.
+                                * Also for GOST ciphersuites when
+                                * the client uses its key from the certificate
+                                * for key exchange.
                                 */
                                s->state=SSL3_ST_SR_FINISHED_A;
                                s->init_num = 0;
@@ -1920,7 +1923,7 @@ int ssl3_get_client_key_exchange(SSL *s)
                        }
 
                /* TLS and [incidentally] DTLS{0xFEFF} */
-               if (s->version > SSL3_VERSION)
+               if (s->version > SSL3_VERSION && s->version != DTLS1_BAD_VER)
                        {
                        n2s(p,i);
                        if (n != i+2)
@@ -2065,7 +2068,7 @@ int ssl3_get_client_key_exchange(SSL *s)
                krb5_data               enc_pms;
                KSSL_CTX                *kssl_ctx = s->kssl_ctx;
                EVP_CIPHER_CTX          ciph_ctx;
-               EVP_CIPHER              *enc = NULL;
+               const EVP_CIPHER        *enc = NULL;
                unsigned char           iv[EVP_MAX_IV_LENGTH];
                unsigned char           pms[SSL_MAX_MASTER_KEY_LENGTH
                                               + EVP_MAX_BLOCK_LENGTH];
@@ -2080,7 +2083,7 @@ int ssl3_get_client_key_exchange(SSL *s)
                n2s(p,i);
                enc_ticket.length = i;
 
-               if (n < enc_ticket.length + 6)
+               if (n < (long)(enc_ticket.length + 6))
                        {
                        SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
                                SSL_R_DATA_LENGTH_TOO_LONG);
@@ -2093,7 +2096,7 @@ int ssl3_get_client_key_exchange(SSL *s)
                n2s(p,i);
                authenticator.length = i;
 
-               if (n < enc_ticket.length + authenticator.length + 6)
+               if (n < (long)(enc_ticket.length + authenticator.length + 6))
                        {
                        SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
                                SSL_R_DATA_LENGTH_TOO_LONG);
@@ -2388,6 +2391,8 @@ int ssl3_get_client_key_exchange(SSL *s)
                EC_POINT_free(clnt_ecpoint);
                EC_KEY_free(srvr_ecdh);
                BN_CTX_free(bn_ctx);
+               EC_KEY_free(s->s3->tmp.ecdh);
+               s->s3->tmp.ecdh = NULL; 
 
                /* Compute the master secret */
                s->session->master_key_length = s->method->ssl3_enc-> \
@@ -2494,33 +2499,70 @@ int ssl3_get_client_key_exchange(SSL *s)
                else
 #endif
                if (alg_k & SSL_kGOST) 
-               {
+                       {
+                       int ret = 0;
                        EVP_PKEY_CTX *pkey_ctx;
-                       unsigned char premaster_secret[32];
-                       size_t outlen;                  
+                       EVP_PKEY *client_pub_pkey = NULL;
+                       unsigned char premaster_secret[32], *start;
+                       size_t outlen=32, inlen;                        
 
-                       /* Get our certificate privatec key*/
+                       /* Get our certificate private key*/
                        pkey_ctx = EVP_PKEY_CTX_new(s->cert->key->privatekey,NULL);     
                        EVP_PKEY_decrypt_init(pkey_ctx);
+                       /* If client certificate is present and is of the same type, maybe
+                        * use it for key exchange.  Don't mind errors from
+                        * EVP_PKEY_derive_set_peer, because it is completely valid to use
+                        * a client certificate for authorization only. */
+                       client_pub_pkey = X509_get_pubkey(s->session->peer);
+                       if (client_pub_pkey)
+                               {
+                               if (EVP_PKEY_derive_set_peer(pkey_ctx, client_pub_pkey) <= 0)
+                                       ERR_clear_error();
+                               }
                        /* Decrypt session key */
-                       if ((*p!=( V_ASN1_SEQUENCE| V_ASN1_CONSTRUCTED)) || p[1]!=0x81 ) 
+                       if ((*p!=( V_ASN1_SEQUENCE| V_ASN1_CONSTRUCTED))) 
                                {
                                SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_DECRYPTION_FAILED);
-                               goto err;
-                               }       
-                       if (EVP_PKEY_decrypt(pkey_ctx,premaster_secret,&outlen,p+3,p[2]) <0) 
+                               goto gerr;
+                               }
+                       if (p[1] == 0x81)
+                               {
+                               start = p+3;
+                               inlen = p[2];
+                               }
+                       else if (p[1] < 0x80)
+                               {
+                               start = p+2;
+                               inlen = p[1];
+                               }
+                       else
+                               {
+                               SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_DECRYPTION_FAILED);
+                               goto gerr;
+                               }
+                       if (EVP_PKEY_decrypt(pkey_ctx,premaster_secret,&outlen,start,inlen) <=0) 
 
                                {
                                SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_DECRYPTION_FAILED);
-                               goto err;
+                               goto gerr;
                                }
                        /* Generate master secret */
-                       EVP_PKEY_CTX_free(pkey_ctx);
                        s->session->master_key_length=
                                s->method->ssl3_enc->generate_master_secret(s,
                                        s->session->master_key,premaster_secret,32);
-
-               }
+                       /* Check if pubkey from client certificate was used */
+                       if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 2, NULL) > 0)
+                               ret = 2;
+                       else
+                               ret = 1;
+               gerr:
+                       EVP_PKEY_free(client_pub_pkey);
+                       EVP_PKEY_CTX_free(pkey_ctx);
+                       if (ret)
+                               return ret;
+                       else
+                               goto err;
+                       }
                else
                {
                al=SSL_AD_HANDSHAKE_FAILURE;
@@ -2844,7 +2886,7 @@ int ssl3_get_client_certificate(SSL *s)
        else
                {
                i=ssl_verify_cert_chain(s,sk);
-               if (!i)
+               if (i <= 0)
                        {
                        al=ssl_verify_alarm_type(s->verify_result);
                        SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_NO_CERTIFICATE_RETURNED);