perform sanity checks on server certificate type as soon as it is received instead...

[openssl.git] / ssl / ssl_lib.c

diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index dc9a8665bc45a4fd20080f2e670eba72033eb930..4289a745c9e45eca5037bdbb5cf270462773668e 100644 (file)
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -263,7 +263,7 @@ int SSL_CTX_set_ssl_version(SSL_CTX *ctx,const SSL_METHOD *meth)
 
        sk=ssl_create_cipher_list(ctx->method,&(ctx->cipher_list),
                &(ctx->cipher_list_by_id),
-               meth->version == SSL2_VERSION ? "SSLv2" : SSL_DEFAULT_CIPHER_LIST);
+               meth->version == SSL2_VERSION ? "SSLv2" : SSL_DEFAULT_CIPHER_LIST, ctx->cert);
        if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0))
                {
                SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION,SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);
@@ -525,6 +525,11 @@ int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm)
        return X509_VERIFY_PARAM_set1(ssl->param, vpm);
        }
 
+void SSL_certs_clear(SSL *s)
+       {
+       ssl_cert_clear_certs(s->cert);
+       }
+
 void SSL_free(SSL *s)
        {
        int i;
@@ -1123,6 +1128,10 @@ long SSL_ctrl(SSL *s,int cmd,long larg,void *parg)
                if (s->s3)
                        return s->s3->send_connection_binding;
                else return 0;
+       case SSL_CTRL_CERT_FLAGS:
+               return(s->cert->cert_flags|=larg);
+       case SSL_CTRL_CLEAR_CERT_FLAGS:
+               return(s->cert->cert_flags &=~larg);
        default:
                return(s->method->ssl_ctrl(s,cmd,larg,parg));
                }
@@ -1220,6 +1229,10 @@ long SSL_CTX_ctrl(SSL_CTX *ctx,int cmd,long larg,void *parg)
                        return 0;
                ctx->max_send_fragment = larg;
                return 1;
+       case SSL_CTRL_CERT_FLAGS:
+               return(ctx->cert->cert_flags|=larg);
+       case SSL_CTRL_CLEAR_CERT_FLAGS:
+               return(ctx->cert->cert_flags &=~larg);
        default:
                return(ctx->method->ssl_ctx_ctrl(ctx,cmd,larg,parg));
                }
@@ -1320,7 +1333,7 @@ int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str)
        STACK_OF(SSL_CIPHER) *sk;
        
        sk=ssl_create_cipher_list(ctx->method,&ctx->cipher_list,
-               &ctx->cipher_list_by_id,str);
+               &ctx->cipher_list_by_id,str, ctx->cert);
        /* ssl_create_cipher_list may return an empty stack if it
         * was unable to find a cipher matching the given rule string
         * (for example if the rule string specifies a cipher which
@@ -1344,7 +1357,7 @@ int SSL_set_cipher_list(SSL *s,const char *str)
        STACK_OF(SSL_CIPHER) *sk;
        
        sk=ssl_create_cipher_list(s->ctx->method,&s->cipher_list,
-               &s->cipher_list_by_id,str);
+               &s->cipher_list_by_id,str, s->cert);
        /* see comment in SSL_CTX_set_cipher_list */
        if (sk == NULL)
                return 0;
@@ -1397,10 +1410,10 @@ int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p,
        {
        int i,j=0;
        SSL_CIPHER *c;
+       CERT *ct = s->cert;
        unsigned char *q;
-#ifndef OPENSSL_NO_KRB5
-       int nokrb5 = !kssl_tgt_is_available(s->kssl_ctx);
-#endif /* OPENSSL_NO_KRB5 */
+       /* Set disabled masks for this session */
+       ssl_set_client_disabled(s);
 
        if (sk == NULL) return(0);
        q=p;
@@ -1408,21 +1421,11 @@ int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p,
        for (i=0; i<sk_SSL_CIPHER_num(sk); i++)
                {
                c=sk_SSL_CIPHER_value(sk,i);
-               /* Skip TLS v1.2 only ciphersuites if lower than v1.2 */
-               if ((c->algorithm_ssl & SSL_TLSV1_2) && 
-                       (TLS1_get_client_version(s) < TLS1_2_VERSION))
+               /* Skip disabled ciphers */
+               if (c->algorithm_ssl & ct->mask_ssl ||
+                       c->algorithm_mkey & ct->mask_k ||
+                       c->algorithm_auth & ct->mask_a)
                        continue;
-#ifndef OPENSSL_NO_KRB5
-               if (((c->algorithm_mkey & SSL_kKRB5) || (c->algorithm_auth & SSL_aKRB5)) &&
-                   nokrb5)
-                   continue;
-#endif /* OPENSSL_NO_KRB5 */
-#ifndef OPENSSL_NO_PSK
-               /* with PSK there must be client callback set */
-               if (((c->algorithm_mkey & SSL_kPSK) || (c->algorithm_auth & SSL_aPSK)) &&
-                   s->psk_client_callback == NULL)
-                       continue;
-#endif /* OPENSSL_NO_PSK */
                j = put_cb ? put_cb(c,p) : ssl_put_cipher_by_char(s,c,p);
                p+=j;
                }
@@ -1784,7 +1787,7 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
 
        ssl_create_cipher_list(ret->method,
                &ret->cipher_list,&ret->cipher_list_by_id,
-               meth->version == SSL2_VERSION ? "SSLv2" : SSL_DEFAULT_CIPHER_LIST);
+               meth->version == SSL2_VERSION ? "SSLv2" : SSL_DEFAULT_CIPHER_LIST, ret->cert);
        if (ret->cipher_list == NULL
            || sk_SSL_CIPHER_num(ret->cipher_list) <= 0)
                {
@@ -2035,6 +2038,16 @@ void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth)
        X509_VERIFY_PARAM_set_depth(ctx->param, depth);
        }
 
+void SSL_CTX_set_cert_cb(SSL_CTX *c, int (*cb)(SSL *ssl, void *arg), void *arg)
+       {
+       ssl_cert_set_cert_cb(c->cert, cb, arg);
+       }
+
+void SSL_set_cert_cb(SSL *s, int (*cb)(SSL *ssl, void *arg), void *arg)
+       {
+       ssl_cert_set_cert_cb(s->cert, cb, arg);
+       }
+
 void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
        {
        CERT_PKEY *cpk;
@@ -2073,21 +2086,21 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
        have_ecdh_tmp=(c->ecdh_tmp || c->ecdh_tmp_cb || c->ecdh_tmp_auto);
 #endif
        cpk= &(c->pkeys[SSL_PKEY_RSA_ENC]);
-       rsa_enc= (cpk->x509 != NULL && cpk->privatekey != NULL);
+       rsa_enc= cpk->valid_flags & CERT_PKEY_VALID;
        rsa_enc_export=(rsa_enc && EVP_PKEY_size(cpk->privatekey)*8 <= kl);
        cpk= &(c->pkeys[SSL_PKEY_RSA_SIGN]);
-       rsa_sign=(cpk->x509 != NULL && cpk->privatekey != NULL);
+       rsa_sign= cpk->valid_flags & CERT_PKEY_SIGN;
        cpk= &(c->pkeys[SSL_PKEY_DSA_SIGN]);
-       dsa_sign=(cpk->x509 != NULL && cpk->privatekey != NULL);
+       dsa_sign= cpk->valid_flags & CERT_PKEY_SIGN;
        cpk= &(c->pkeys[SSL_PKEY_DH_RSA]);
-       dh_rsa=  (cpk->x509 != NULL && cpk->privatekey != NULL);
+       dh_rsa=  cpk->valid_flags & CERT_PKEY_VALID;
        dh_rsa_export=(dh_rsa && EVP_PKEY_size(cpk->privatekey)*8 <= kl);
        cpk= &(c->pkeys[SSL_PKEY_DH_DSA]);
 /* FIX THIS EAY EAY EAY */
-       dh_dsa=  (cpk->x509 != NULL && cpk->privatekey != NULL);
+       dh_dsa=  cpk->valid_flags & CERT_PKEY_VALID;
        dh_dsa_export=(dh_dsa && EVP_PKEY_size(cpk->privatekey)*8 <= kl);
        cpk= &(c->pkeys[SSL_PKEY_ECC]);
-       have_ecc_cert= (cpk->x509 != NULL && cpk->privatekey != NULL);
+       have_ecc_cert= cpk->valid_flags & CERT_PKEY_VALID;
        mask_k=0;
        mask_a=0;
        emask_k=0;
@@ -2169,13 +2182,16 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
         */
        if (have_ecc_cert)
                {
+               cpk = &c->pkeys[SSL_PKEY_ECC];
+               x = cpk->x509;
                /* This call populates extension flags (ex_flags) */
-               x = (c->pkeys[SSL_PKEY_ECC]).x509;
                X509_check_purpose(x, -1, 0);
                ecdh_ok = (x->ex_flags & EXFLAG_KUSAGE) ?
                    (x->ex_kusage & X509v3_KU_KEY_AGREEMENT) : 1;
                ecdsa_ok = (x->ex_flags & EXFLAG_KUSAGE) ?
                    (x->ex_kusage & X509v3_KU_DIGITAL_SIGNATURE) : 1;
+               if (!(cpk->valid_flags & CERT_PKEY_SIGN))
+                       ecdsa_ok = 0;
                ecc_pkey = X509_get_pubkey(x);
                ecc_pkey_size = (ecc_pkey != NULL) ?
                    EVP_PKEY_bits(ecc_pkey) : 0;
@@ -2320,56 +2336,15 @@ int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s)
 
 #endif
 
-/* THIS NEEDS CLEANING UP */
 static int ssl_get_server_cert_index(SSL *s)
        {
-       unsigned long alg_k, alg_a;
-
-       alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
-       alg_a = s->s3->tmp.new_cipher->algorithm_auth;
-
-       if (alg_k & (SSL_kECDHr|SSL_kECDHe))
-               {
-               /* we don't need to look at SSL_kEECDH
-                * since no certificate is needed for
-                * anon ECDH and for authenticated
-                * EECDH, the check for the auth
-                * algorithm will set i correctly
-                * NOTE: For ECDH-RSA, we need an ECC
-                * not an RSA cert but for EECDH-RSA
-                * we need an RSA cert. Placing the
-                * checks for SSL_kECDH before RSA
-                * checks ensures the correct cert is chosen.
-                */
-               return SSL_PKEY_ECC;
-               }
-       else if (alg_a & SSL_aECDSA)
-               return SSL_PKEY_ECC;
-       else if (alg_k & SSL_kDHr)
-               return SSL_PKEY_DH_RSA;
-       else if (alg_k & SSL_kDHd)
-               return SSL_PKEY_DH_DSA;
-       else if (alg_a & SSL_aDSS)
-               return SSL_PKEY_DSA_SIGN;
-       else if (alg_a & SSL_aRSA)
-               {
-               if (s->cert->pkeys[SSL_PKEY_RSA_ENC].x509 == NULL)
-                       return SSL_PKEY_RSA_SIGN;
-               else
-                       return SSL_PKEY_RSA_ENC;
-               }
-       else if (alg_a & SSL_aKRB5)
-               /* VRS something else here? */
-               return -1;
-       else if (alg_a & SSL_aGOST94) 
-               return SSL_PKEY_GOST94;
-       else if (alg_a & SSL_aGOST01)
-               return SSL_PKEY_GOST01;
-       else /* if (alg_a & SSL_aNULL) */
-               {
+       int idx;
+       idx = ssl_cipher_get_cert_index(s->s3->tmp.new_cipher);
+       if (idx == SSL_PKEY_RSA_ENC && !s->cert->pkeys[SSL_PKEY_RSA_ENC].x509)
+               idx = SSL_PKEY_RSA_SIGN;
+       if (idx == -1)
                SSLerr(SSL_F_SSL_GET_SERVER_CERT_INDEX,ERR_R_INTERNAL_ERROR);
-               return -1;
-               }
+       return idx;
        }
 
 CERT_PKEY *ssl_get_server_send_pkey(SSL *s)
@@ -2380,6 +2355,14 @@ CERT_PKEY *ssl_get_server_send_pkey(SSL *s)
        c = s->cert;
        ssl_set_cert_masks(c, s->s3->tmp.new_cipher);
 
+#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
+       /* Broken protocol test: return last used certificate: which may
+        * mismatch the one expected.
+        */
+       if (c->cert_flags & SSL_CERT_FLAG_BROKEN_PROTCOL)
+               return c->key;
+#endif
+
        i = ssl_get_server_cert_index(s);
 
        /* This may or may not be an error. */
@@ -2399,6 +2382,15 @@ EVP_PKEY *ssl_get_sign_pkey(SSL *s,const SSL_CIPHER *cipher, const EVP_MD **pmd)
        alg_a = cipher->algorithm_auth;
        c=s->cert;
 
+#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
+       /* Broken protocol test: use last key: which may
+        * mismatch the one expected.
+        */
+       if (c->cert_flags & SSL_CERT_FLAG_BROKEN_PROTCOL)
+               idx = c->key - c->pkeys;
+       else
+#endif
+
        if ((alg_a & SSL_aDSS) &&
                (c->pkeys[SSL_PKEY_DSA_SIGN].privatekey != NULL))
                idx = SSL_PKEY_DSA_SIGN;
@@ -3315,6 +3307,11 @@ int SSL_cache_hit(SSL *s)
        return s->hit;
        }
 
+int SSL_is_server(SSL *s)
+       {
+       return s->server;
+       }
+
 #if defined(_WINDLL) && defined(OPENSSL_SYS_WIN16)
 #include "../crypto/bio/bss_file.c"
 #endif