# include <openssl/engine.h>
#endif
-static inline int cert_req_allowed(SSL *s);
+static ossl_inline int cert_req_allowed(SSL *s);
static int key_exchange_expected(SSL *s);
static int ssl_set_version(SSL *s);
static int ca_dn_cmp(const X509_NAME *const *a, const X509_NAME *const *b);
* 1: Yes
* 0: No
*/
-static inline int cert_req_allowed(SSL *s)
+static ossl_inline int cert_req_allowed(SSL *s)
{
/* TLS does not like anon-DH with client cert */
if ((s->version > SSL3_VERSION
break;
case TLS_ST_CR_CERT:
- if (s->tlsext_status_expected) {
- if (mt == SSL3_MT_CERTIFICATE_STATUS) {
- st->hand_state = TLS_ST_CR_CERT_STATUS;
- return 1;
- }
- return 0;
+ /*
+ * The CertificateStatus message is optional even if
+ * |tlsext_status_expected| is set
+ */
+ if (s->tlsext_status_expected && mt == SSL3_MT_CERTIFICATE_STATUS) {
+ st->hand_state = TLS_ST_CR_CERT_STATUS;
+ return 1;
}
/* Fall through */
#ifndef OPENSSL_NO_RSA
RSA *rsa = NULL;
#endif
-#ifndef OPENSSL_NO_DH
- DH *dh = NULL;
-#endif
#ifndef OPENSSL_NO_EC
EVP_PKEY_CTX *pctx = NULL;
#endif
save_param_start = *pkt;
-#ifndef OPENSSL_NO_DH
- DH_free(s->s3->peer_dh_tmp);
- s->s3->peer_dh_tmp = NULL;
-#endif
-#ifndef OPENSSL_NO_EC
+#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
EVP_PKEY_free(s->s3->peer_tmp);
s->s3->peer_tmp = NULL;
#endif
else if (alg_k & (SSL_kDHE | SSL_kDHEPSK)) {
PACKET prime, generator, pub_key;
+ DH *dh;
+
if (!PACKET_get_length_prefixed_2(pkt, &prime)
|| !PACKET_get_length_prefixed_2(pkt, &generator)
|| !PACKET_get_length_prefixed_2(pkt, &pub_key)) {
goto f_err;
}
- if ((dh = DH_new()) == NULL) {
- SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, ERR_R_DH_LIB);
+ s->s3->peer_tmp = EVP_PKEY_new();
+ dh = DH_new();
+
+ if (s->s3->peer_tmp == NULL || dh == NULL) {
+ SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
+ DH_free(dh);
+ goto err;
+ }
+
+ if (EVP_PKEY_assign_DH(s->s3->peer_tmp, dh) == 0) {
+ SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, ERR_R_EVP_LIB);
+ DH_free(dh);
goto err;
}
if (alg_a & (SSL_aRSA|SSL_aDSS))
pkey = X509_get_pubkey(s->session->peer);
/* else anonymous DH, so no certificate or pkey. */
-
- s->s3->peer_dh_tmp = dh;
- dh = NULL;
}
#endif /* !OPENSSL_NO_DH */
#ifndef OPENSSL_NO_RSA
RSA_free(rsa);
#endif
-#ifndef OPENSSL_NO_DH
- DH_free(dh);
-#endif
#ifndef OPENSSL_NO_EC
EVP_PKEY_CTX_free(pctx);
#endif
SSLerr(SSL_F_TLS_PROCESS_CERT_STATUS, SSL_R_LENGTH_MISMATCH);
goto f_err;
}
- OPENSSL_free(s->tlsext_ocsp_resp);
s->tlsext_ocsp_resp = OPENSSL_malloc(resplen);
if (s->tlsext_ocsp_resp == NULL) {
al = SSL_AD_INTERNAL_ERROR;
goto f_err;
}
s->tlsext_ocsp_resplen = resplen;
- if (s->ctx->tlsext_status_cb) {
- int ret;
- ret = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg);
- if (ret == 0) {
- al = SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE;
- SSLerr(SSL_F_TLS_PROCESS_CERT_STATUS, SSL_R_INVALID_STATUS_RESPONSE);
- goto f_err;
- }
- if (ret < 0) {
- al = SSL_AD_INTERNAL_ERROR;
- SSLerr(SSL_F_TLS_PROCESS_CERT_STATUS, ERR_R_MALLOC_FAILURE);
- goto f_err;
- }
- }
return MSG_PROCESS_CONTINUE_READING;
f_err:
ssl3_send_alert(s, SSL3_AL_FATAL, al);
return MSG_PROCESS_ERROR;
}
+ /*
+ * Call the ocsp status callback if needed. The |tlsext_ocsp_resp| and
+ * |tlsext_ocsp_resplen| values will be set if we actually received a status
+ * message, or NULL and -1 otherwise
+ */
+ if (s->tlsext_status_expected && s->ctx->tlsext_status_cb != NULL) {
+ int ret;
+ ret = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg);
+ if (ret == 0) {
+ ssl3_send_alert(s, SSL3_AL_FATAL,
+ SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE);
+ SSLerr(SSL_F_TLS_PROCESS_SERVER_DONE,
+ SSL_R_INVALID_STATUS_RESPONSE);
+ return MSG_PROCESS_ERROR;
+ }
+ if (ret < 0) {
+ ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
+ SSLerr(SSL_F_TLS_PROCESS_SERVER_DONE, ERR_R_MALLOC_FAILURE);
+ return MSG_PROCESS_ERROR;
+ }
+ }
+
#ifndef OPENSSL_NO_SCTP
/* Only applies to renegotiation */
if (SSL_IS_DTLS(s) && BIO_dgram_is_sctp(SSL_get_wbio(s))
unsigned char *q;
EVP_PKEY *pkey = NULL;
#endif
-#ifndef OPENSSL_NO_EC
+#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
EVP_PKEY *ckey = NULL, *skey = NULL;
+#endif
+#ifndef OPENSSL_NO_EC
unsigned char *encodedPoint = NULL;
int encoded_pt_len = 0;
#endif
}
#endif
#ifndef OPENSSL_NO_DH
- else if (alg_k & (SSL_kDHE | SSL_kDHr | SSL_kDHd | SSL_kDHEPSK)) {
- DH *dh_srvr, *dh_clnt;
- if (s->s3->peer_dh_tmp != NULL)
- dh_srvr = s->s3->peer_dh_tmp;
- else {
- /* we get them from the cert */
- EVP_PKEY *spkey = NULL;
- dh_srvr = NULL;
- spkey = X509_get_pubkey(s->session->peer);
- if (spkey) {
- dh_srvr = EVP_PKEY_get1_DH(spkey);
- EVP_PKEY_free(spkey);
- }
- if (dh_srvr == NULL) {
- SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE,
- ERR_R_INTERNAL_ERROR);
- goto err;
- }
- }
- if (s->s3->flags & TLS1_FLAGS_SKIP_CERT_VERIFY) {
- /* Use client certificate key */
- EVP_PKEY *clkey = s->cert->key->privatekey;
- dh_clnt = NULL;
- if (clkey)
- dh_clnt = EVP_PKEY_get1_DH(clkey);
- if (dh_clnt == NULL) {
- SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE,
- ERR_R_INTERNAL_ERROR);
- goto err;
- }
- } else {
- /* generate a new random key */
- if ((dh_clnt = DHparams_dup(dh_srvr)) == NULL) {
- SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, ERR_R_DH_LIB);
- goto err;
- }
- if (!DH_generate_key(dh_clnt)) {
- SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, ERR_R_DH_LIB);
- DH_free(dh_clnt);
- goto err;
- }
+ else if (alg_k & (SSL_kDHE | SSL_kDHEPSK)) {
+ DH *dh_clnt = NULL;
+ skey = s->s3->peer_tmp;
+ if (skey == NULL) {
+ SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE,
+ ERR_R_INTERNAL_ERROR);
+ goto err;
}
+ ckey = ssl_generate_pkey(skey, NID_undef);
+ dh_clnt = EVP_PKEY_get0_DH(ckey);
- pmslen = DH_size(dh_clnt);
- pms = OPENSSL_malloc(pmslen);
- if (pms == NULL)
- goto memerr;
-
- /*
- * use the 'p' output buffer for the DH key, but make sure to
- * clear it out afterwards
- */
-
- n = DH_compute_key(pms, dh_srvr->pub_key, dh_clnt);
- if (s->s3->peer_dh_tmp == NULL)
- DH_free(dh_srvr);
-
- if (n <= 0) {
- SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, ERR_R_DH_LIB);
- DH_free(dh_clnt);
+ if (dh_clnt == NULL || ssl_derive(s, ckey, skey) == 0) {
+ SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE,
+ ERR_R_INTERNAL_ERROR);
goto err;
}
- pmslen = n;
- if (s->s3->flags & TLS1_FLAGS_SKIP_CERT_VERIFY)
- n = 0;
- else {
- /* send off the data */
- n = BN_num_bytes(dh_clnt->pub_key);
- s2n(n, p);
- BN_bn2bin(dh_clnt->pub_key, p);
- n += 2;
- }
- DH_free(dh_clnt);
+ /* send off the data */
+ n = BN_num_bytes(dh_clnt->pub_key);
+ s2n(n, p);
+ BN_bn2bin(dh_clnt->pub_key, p);
+ n += 2;
+ EVP_PKEY_free(ckey);
+ ckey = NULL;
}
#endif
s->s3->tmp.pms = NULL;
#ifndef OPENSSL_NO_EC
OPENSSL_free(encodedPoint);
+#endif
+#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
EVP_PKEY_free(ckey);
#endif
#ifndef OPENSSL_NO_PSK
*/
static int ssl3_check_client_certificate(SSL *s)
{
- unsigned long alg_k;
if (!s->cert || !s->cert->key->x509 || !s->cert->key->privatekey)
return 0;
/* If no suitable signature algorithm can't use certificate */
if (s->cert->cert_flags & SSL_CERT_FLAGS_CHECK_TLS_STRICT &&
!tls1_check_chain(s, NULL, NULL, NULL, -2))
return 0;
- alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
- /* See if we can use client certificate for fixed DH */
- if (alg_k & (SSL_kDHr | SSL_kDHd)) {
- int i = s->session->peer_type;
- EVP_PKEY *clkey = NULL, *spkey = NULL;
- clkey = s->cert->key->privatekey;
- /* If client key not DH assume it can be used */
- if (EVP_PKEY_id(clkey) != EVP_PKEY_DH)
- return 1;
- if (i >= 0)
- spkey = X509_get_pubkey(s->session->peer);
- if (spkey) {
- /* Compare server and client parameters */
- i = EVP_PKEY_cmp_parameters(clkey, spkey);
- EVP_PKEY_free(spkey);
- if (i != 1)
- return 0;
- }
- s->s3->flags |= TLS1_FLAGS_SKIP_CERT_VERIFY;
- }
return 1;
}
#endif
long alg_k, alg_a;
EVP_PKEY *pkey = NULL;
-#ifndef OPENSSL_NO_DH
- DH *dh;
-#endif
int al = SSL_AD_HANDSHAKE_FAILURE;
alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
/* we don't have a certificate */
if ((alg_a & SSL_aNULL) || (alg_k & SSL_kPSK))
return (1);
-#ifndef OPENSSL_NO_DH
- dh = s->s3->peer_dh_tmp;
-#endif
/* This is the passed certificate */
}
#endif
#ifndef OPENSSL_NO_DH
- if ((alg_k & SSL_kDHE) && (dh == NULL)) {
+ if ((alg_k & SSL_kDHE) && (s->s3->peer_tmp == NULL)) {
al = SSL_AD_INTERNAL_ERROR;
SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, ERR_R_INTERNAL_ERROR);
goto f_err;
- } else if ((alg_k & SSL_kDHr) && !SSL_USE_SIGALGS(s) &&
- !has_bits(i, EVP_PK_DH | EVP_PKS_RSA)) {
- SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
- SSL_R_MISSING_DH_RSA_CERT);
- goto f_err;
- }
-# ifndef OPENSSL_NO_DSA
- else if ((alg_k & SSL_kDHd) && !SSL_USE_SIGALGS(s) &&
- !has_bits(i, EVP_PK_DH | EVP_PKS_DSA)) {
- SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
- SSL_R_MISSING_DH_DSA_CERT);
- goto f_err;
}
-# endif
#endif
return (1);