-/* ssl/statem/statem_srvr.c -*- mode:C; c-file-style: "eay" -*- */
+/* ssl/statem/statem_srvr.c */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* the server certificate contains the server's public key for
* key exchange.
*/
- if ( (alg_k & SSL_kDHE)
- || (alg_k & SSL_kECDHE)
+ if (alg_k & (SSL_kDHE|SSL_kECDHE)
/*
* PSK: send ServerKeyExchange if PSK identity hint if
* provided
int tls_construct_server_key_exchange(SSL *s)
{
#ifndef OPENSSL_NO_DH
- DH *dh = NULL, *dhp;
+ EVP_PKEY *pkdh = NULL;
#endif
#ifndef OPENSSL_NO_EC
unsigned char *encodedPoint = NULL;
if (type & (SSL_kDHE | SSL_kDHEPSK)) {
CERT *cert = s->cert;
+ EVP_PKEY *pkdhp = NULL;
+ DH *dh;
+
if (s->cert->dh_tmp_auto) {
- dhp = ssl_get_auto_dh(s);
- if (dhp == NULL) {
+ DH *dhp = ssl_get_auto_dh(s);
+ pkdh = EVP_PKEY_new();
+ if (pkdh == NULL || dhp == NULL) {
+ DH_free(dhp);
al = SSL_AD_INTERNAL_ERROR;
SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
ERR_R_INTERNAL_ERROR);
goto f_err;
}
- } else
- dhp = cert->dh_tmp;
- if ((dhp == NULL) && (s->cert->dh_tmp_cb != NULL))
- dhp = s->cert->dh_tmp_cb(s, 0, 1024);
- if (dhp == NULL) {
+ EVP_PKEY_assign_DH(pkdh, dhp);
+ pkdhp = pkdh;
+ } else {
+ pkdhp = cert->dh_tmp;
+ }
+ if ((pkdhp == NULL) && (s->cert->dh_tmp_cb != NULL)) {
+ DH *dhp = s->cert->dh_tmp_cb(s, 0, 1024);
+ pkdh = ssl_dh_to_pkey(dhp);
+ if (pkdh == NULL) {
+ al = SSL_AD_INTERNAL_ERROR;
+ SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
+ ERR_R_INTERNAL_ERROR);
+ goto f_err;
+ }
+ pkdhp = pkdh;
+ }
+ if (pkdhp == NULL) {
al = SSL_AD_HANDSHAKE_FAILURE;
SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
SSL_R_MISSING_TMP_DH_KEY);
goto f_err;
}
if (!ssl_security(s, SSL_SECOP_TMP_DH,
- DH_security_bits(dhp), 0, dhp)) {
+ EVP_PKEY_security_bits(pkdhp), 0, pkdhp)) {
al = SSL_AD_HANDSHAKE_FAILURE;
SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
SSL_R_DH_KEY_TOO_SMALL);
goto f_err;
}
- if (s->s3->tmp.dh != NULL) {
+ if (s->s3->tmp.pkey != NULL) {
SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
ERR_R_INTERNAL_ERROR);
goto err;
}
- if (s->cert->dh_tmp_auto)
- dh = dhp;
- else if ((dh = DHparams_dup(dhp)) == NULL) {
- SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, ERR_R_DH_LIB);
+ s->s3->tmp.pkey = ssl_generate_pkey(pkdhp, NID_undef);
+
+ if (s->s3->tmp.pkey == NULL) {
+ SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, ERR_R_EVP_LIB);
goto err;
}
- s->s3->tmp.dh = dh;
- if ((dhp->pub_key == NULL ||
- dhp->priv_key == NULL ||
- (s->options & SSL_OP_SINGLE_DH_USE))) {
- if (!DH_generate_key(dh)) {
- SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, ERR_R_DH_LIB);
- goto err;
- }
- } else {
- dh->pub_key = BN_dup(dhp->pub_key);
- dh->priv_key = BN_dup(dhp->priv_key);
- if ((dh->pub_key == NULL) || (dh->priv_key == NULL)) {
- SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, ERR_R_DH_LIB);
- goto err;
- }
- }
+ dh = EVP_PKEY_get0_DH(s->s3->tmp.pkey);
+
+ EVP_PKEY_free(pkdh);
+ pkdh = NULL;
+
r[0] = dh->p;
r[1] = dh->g;
r[2] = dh->pub_key;
#endif
#ifndef OPENSSL_NO_EC
if (type & (SSL_kECDHE | SSL_kECDHEPSK)) {
- EC_KEY *ecdh = NULL;
int nid;
- if (s->s3->tmp.ecdh != NULL) {
+ if (s->s3->tmp.pkey != NULL) {
SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
ERR_R_INTERNAL_ERROR);
goto err;
SSL_R_UNSUPPORTED_ELLIPTIC_CURVE);
goto err;
}
- ecdh = EC_KEY_new_by_curve_name(nid);
- if (ecdh == NULL || !EC_KEY_generate_key(ecdh)) {
+ s->s3->tmp.pkey = ssl_generate_pkey(NULL, nid);
+ /* Generate a new key for this curve */
+ if (s->s3->tmp.pkey == NULL) {
al = SSL_AD_INTERNAL_ERROR;
- SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
- ERR_R_EC_LIB);
+ SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, ERR_R_EVP_LIB);
goto f_err;
}
- s->s3->tmp.ecdh = ecdh;
-
- /*
- * Encode the public key. First check the size of encoding and
- * allocate memory accordingly.
- */
- encodedlen = EC_KEY_key2buf(ecdh, POINT_CONVERSION_UNCOMPRESSED,
+ /* Encode the public key. */
+ encodedlen = EC_KEY_key2buf(EVP_PKEY_get0_EC_KEY(s->s3->tmp.pkey),
+ POINT_CONVERSION_UNCOMPRESSED,
&encodedPoint, NULL);
if (encodedlen == 0) {
f_err:
ssl3_send_alert(s, SSL3_AL_FATAL, al);
err:
+#ifndef OPENSSL_NO_DH
+ EVP_PKEY_free(pkdh);
+#endif
#ifndef OPENSSL_NO_EC
OPENSSL_free(encodedPoint);
#endif
RSA *rsa = NULL;
EVP_PKEY *pkey = NULL;
#endif
-#ifndef OPENSSL_NO_DH
- BIGNUM *pub = NULL;
- DH *dh_srvr, *dh_clnt = NULL;
-#endif
#ifndef OPENSSL_NO_EC
- EC_KEY *srvr_ecdh = NULL;
- EC_POINT *clnt_ecpoint = NULL;
+ EVP_PKEY *ckey = NULL;
#endif
PACKET enc_premaster;
unsigned char *data, *rsa_decrypt = NULL;
}
OPENSSL_free(s->s3->tmp.psk);
- s->s3->tmp.psk = BUF_memdup(psk, psklen);
+ s->s3->tmp.psk = OPENSSL_memdup(psk, psklen);
OPENSSL_cleanse(psk, psklen);
if (s->s3->tmp.psk == NULL) {
if (s->version == SSL3_VERSION || s->version == DTLS1_BAD_VER) {
enc_premaster = *pkt;
} else {
- PACKET orig = *pkt;
if (!PACKET_get_length_prefixed_2(pkt, &enc_premaster)
|| PACKET_remaining(pkt) != 0) {
- /* Try SSLv3 behaviour for TLS. */
- if (s->options & SSL_OP_TLS_D5_BUG) {
- enc_premaster = orig;
- } else {
- al = SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE,
- SSL_R_LENGTH_MISMATCH);
- goto f_err;
- }
+ al = SSL_AD_DECODE_ERROR;
+ SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE,
+ SSL_R_LENGTH_MISMATCH);
+ goto f_err;
}
}
} else
#endif
#ifndef OPENSSL_NO_DH
- if (alg_k & (SSL_kDHE | SSL_kDHr | SSL_kDHd | SSL_kDHEPSK)) {
- int idx = -1;
+ if (alg_k & (SSL_kDHE | SSL_kDHEPSK)) {
EVP_PKEY *skey = NULL;
- unsigned char shared[(OPENSSL_DH_MAX_MODULUS_BITS + 7) / 8];
+ DH *cdh;
if (!PACKET_get_net_2(pkt, &i)) {
if (alg_k & (SSL_kDHE | SSL_kDHEPSK)) {
SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG);
goto err;
}
- if (alg_k & SSL_kDHr)
- idx = SSL_PKEY_DH_RSA;
- else if (alg_k & SSL_kDHd)
- idx = SSL_PKEY_DH_DSA;
- if (idx >= 0) {
- skey = s->cert->pkeys[idx].privatekey;
- if ((skey == NULL) ||
- (skey->type != EVP_PKEY_DH) || (skey->pkey.dh == NULL)) {
- al = SSL_AD_HANDSHAKE_FAILURE;
- SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE,
- SSL_R_MISSING_RSA_CERTIFICATE);
- goto f_err;
- }
- dh_srvr = skey->pkey.dh;
- } else if (s->s3->tmp.dh == NULL) {
+ skey = s->s3->tmp.pkey;
+ if (skey == NULL) {
al = SSL_AD_HANDSHAKE_FAILURE;
SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE,
SSL_R_MISSING_TMP_DH_KEY);
goto f_err;
- } else
- dh_srvr = s->s3->tmp.dh;
+ }
if (PACKET_remaining(pkt) == 0L) {
- /* Get pubkey from cert */
- EVP_PKEY *clkey = X509_get_pubkey(s->session->peer);
- if (clkey) {
- if (EVP_PKEY_cmp_parameters(clkey, skey) == 1)
- dh_clnt = EVP_PKEY_get1_DH(clkey);
- }
- if (dh_clnt == NULL) {
- al = SSL_AD_HANDSHAKE_FAILURE;
- SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE,
- SSL_R_MISSING_TMP_DH_KEY);
- goto f_err;
- }
- EVP_PKEY_free(clkey);
- pub = dh_clnt->pub_key;
- } else {
- if (!PACKET_get_bytes(pkt, &data, i)) {
- /* We already checked we have enough data */
- al = SSL_AD_INTERNAL_ERROR;
- SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE,
- ERR_R_INTERNAL_ERROR);
- goto f_err;
- }
- pub = BN_bin2bn(data, i, NULL);
+ al = SSL_AD_HANDSHAKE_FAILURE;
+ SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE,
+ SSL_R_MISSING_TMP_DH_KEY);
+ goto f_err;
+ }
+ if (!PACKET_get_bytes(pkt, &data, i)) {
+ /* We already checked we have enough data */
+ al = SSL_AD_INTERNAL_ERROR;
+ SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE,
+ ERR_R_INTERNAL_ERROR);
+ goto f_err;
}
- if (pub == NULL) {
+ ckey = EVP_PKEY_new();
+ if (ckey == NULL || EVP_PKEY_copy_parameters(ckey, skey) == 0) {
SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, SSL_R_BN_LIB);
goto err;
}
-
- i = DH_compute_key(shared, pub, dh_srvr);
-
- if (i <= 0) {
- SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, ERR_R_DH_LIB);
- BN_clear_free(pub);
+ cdh = EVP_PKEY_get0_DH(ckey);
+ cdh->pub_key = BN_bin2bn(data, i, NULL);
+ if (cdh->pub_key == NULL) {
+ SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, SSL_R_BN_LIB);
goto err;
}
- DH_free(s->s3->tmp.dh);
- s->s3->tmp.dh = NULL;
- if (dh_clnt)
- DH_free(dh_clnt);
- else
- BN_clear_free(pub);
- pub = NULL;
- if (!ssl_generate_master_secret(s, shared, i, 0)) {
+ if (ssl_derive(s, skey, ckey) == 0) {
al = SSL_AD_INTERNAL_ERROR;
SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
goto f_err;
}
- if (dh_clnt) {
- s->statem.no_cert_verify = 1;
- return MSG_PROCESS_CONTINUE_PROCESSING;
- }
+
+ EVP_PKEY_free(ckey);
+ ckey = NULL;
+
} else
#endif
#ifndef OPENSSL_NO_EC
if (alg_k & (SSL_kECDHE | SSL_kECDHr | SSL_kECDHe | SSL_kECDHEPSK)) {
- int field_size = 0;
- const EC_KEY *tkey;
- const EC_GROUP *group;
- const BIGNUM *priv_key;
- unsigned char *shared;
-
- /* initialize structures for server's ECDH key pair */
- if ((srvr_ecdh = EC_KEY_new()) == NULL) {
- SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
- goto err;
- }
+ EVP_PKEY *skey = NULL;
/* Let's get server private key and group information */
if (alg_k & (SSL_kECDHr | SSL_kECDHe)) {
/* use the certificate */
- tkey = s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec;
+ skey = s->cert->pkeys[SSL_PKEY_ECC].privatekey;
} else {
/*
* use the ephermeral values we saved when generating the
* ServerKeyExchange msg.
*/
- tkey = s->s3->tmp.ecdh;
- }
-
- group = EC_KEY_get0_group(tkey);
- priv_key = EC_KEY_get0_private_key(tkey);
-
- if (!EC_KEY_set_group(srvr_ecdh, group) ||
- !EC_KEY_set_private_key(srvr_ecdh, priv_key)) {
- SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, ERR_R_EC_LIB);
- goto err;
- }
-
- /* Let's get client's public key */
- if ((clnt_ecpoint = EC_POINT_new(group)) == NULL) {
- SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
- goto err;
+ skey = s->s3->tmp.pkey;
}
if (PACKET_remaining(pkt) == 0L) {
- /* Client Publickey was in Client Certificate */
-
- if (alg_k & (SSL_kECDHE | SSL_kECDHEPSK)) {
- al = SSL_AD_HANDSHAKE_FAILURE;
- SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE,
- SSL_R_MISSING_TMP_ECDH_KEY);
- goto f_err;
- }
- if (((clnt_pub_pkey = X509_get_pubkey(s->session->peer))
- == NULL) || (clnt_pub_pkey->type != EVP_PKEY_EC)) {
- /*
- * XXX: For now, we do not support client authentication
- * using ECDH certificates so this branch (n == 0L) of the
- * code is never executed. When that support is added, we
- * ought to ensure the key received in the certificate is
- * authorized for key agreement. ECDH_compute_key implicitly
- * checks that the two ECDH shares are for the same group.
- */
- al = SSL_AD_HANDSHAKE_FAILURE;
- SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE,
- SSL_R_UNABLE_TO_DECODE_ECDH_CERTS);
- goto f_err;
- }
-
- if (EC_POINT_copy(clnt_ecpoint,
- EC_KEY_get0_public_key(clnt_pub_pkey->
- pkey.ec)) == 0) {
- SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, ERR_R_EC_LIB);
- goto err;
- }
- s->statem.no_cert_verify = 1;
+ /* We don't support ECDH client auth */
+ al = SSL_AD_HANDSHAKE_FAILURE;
+ SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE,
+ SSL_R_MISSING_TMP_ECDH_KEY);
+ goto f_err;
} else {
/*
* Get client's public key from encoded point in the
SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, ERR_R_EC_LIB);
goto err;
}
- if (EC_POINT_oct2point(group, clnt_ecpoint, data, i, NULL) == 0) {
+ ckey = EVP_PKEY_new();
+ if (ckey == NULL || EVP_PKEY_copy_parameters(ckey, skey) <= 0) {
+ SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, ERR_R_EVP_LIB);
+ goto err;
+ }
+ if (EC_KEY_oct2key(EVP_PKEY_get0_EC_KEY(ckey), data, i,
+ NULL) == 0) {
SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, ERR_R_EC_LIB);
goto err;
}
}
- /* Compute the shared pre-master secret */
- field_size = EC_GROUP_get_degree(group);
- if (field_size <= 0) {
- SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, ERR_R_ECDH_LIB);
- goto err;
- }
- shared = OPENSSL_malloc((field_size + 7) / 8);
- if (shared == NULL) {
- SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
- goto err;
- }
- i = ECDH_compute_key(shared, (field_size + 7) / 8, clnt_ecpoint,
- srvr_ecdh, NULL);
- if (i <= 0) {
- SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, ERR_R_ECDH_LIB);
- OPENSSL_free(shared);
- goto err;
- }
-
- EC_POINT_free(clnt_ecpoint);
- EC_KEY_free(srvr_ecdh);
- EC_KEY_free(s->s3->tmp.ecdh);
- s->s3->tmp.ecdh = NULL;
-
- if (!ssl_generate_master_secret(s, shared, i, 1)) {
+ if (ssl_derive(s, skey, ckey) == 0) {
al = SSL_AD_INTERNAL_ERROR;
SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
goto f_err;
}
+
+ EVP_PKEY_free(ckey);
+ ckey = NULL;
+
return MSG_PROCESS_CONTINUE_PROCESSING;
} else
#endif
goto f_err;
}
OPENSSL_free(s->session->srp_username);
- s->session->srp_username = BUF_strdup(s->srp_ctx.login);
+ s->session->srp_username = OPENSSL_strdup(s->srp_ctx.login);
if (s->session->srp_username == NULL) {
SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
goto err;
err:
#endif
#ifndef OPENSSL_NO_EC
- EC_POINT_free(clnt_ecpoint);
- EC_KEY_free(srvr_ecdh);
- OPENSSL_free(rsa_decrypt);
+ EVP_PKEY_free(ckey);
#endif
+ OPENSSL_free(rsa_decrypt);
#ifndef OPENSSL_NO_PSK
OPENSSL_clear_free(s->s3->tmp.psk, s->s3->tmp.psklen);
s->s3->tmp.psk = NULL;
projects / openssl.git / blobdiff