-/* ssl/statem/statem_srvr.c -*- mode:C; c-file-style: "eay" -*- */
+/* ssl/statem/statem_srvr.c */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* the server certificate contains the server's public key for
* key exchange.
*/
- if ( (alg_k & SSL_kDHE)
- || (alg_k & SSL_kECDHE)
+ if (alg_k & (SSL_kDHE|SSL_kECDHE)
/*
* PSK: send ServerKeyExchange if PSK identity hint if
* provided
int tls_construct_server_key_exchange(SSL *s)
{
#ifndef OPENSSL_NO_DH
- DH *dh = NULL, *dhp;
+ EVP_PKEY *pkdh = NULL;
#endif
#ifndef OPENSSL_NO_EC
unsigned char *encodedPoint = NULL;
if (type & (SSL_kDHE | SSL_kDHEPSK)) {
CERT *cert = s->cert;
+ EVP_PKEY *pkdhp = NULL;
+ DH *dh;
+
if (s->cert->dh_tmp_auto) {
- dhp = ssl_get_auto_dh(s);
- if (dhp == NULL) {
+ DH *dhp = ssl_get_auto_dh(s);
+ pkdh = EVP_PKEY_new();
+ if (pkdh == NULL || dhp == NULL) {
+ DH_free(dhp);
al = SSL_AD_INTERNAL_ERROR;
SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
ERR_R_INTERNAL_ERROR);
goto f_err;
}
- } else
- dhp = cert->dh_tmp;
- if ((dhp == NULL) && (s->cert->dh_tmp_cb != NULL))
- dhp = s->cert->dh_tmp_cb(s, 0, 1024);
- if (dhp == NULL) {
+ EVP_PKEY_assign_DH(pkdh, dhp);
+ pkdhp = pkdh;
+ } else {
+ pkdhp = cert->dh_tmp;
+ }
+ if ((pkdhp == NULL) && (s->cert->dh_tmp_cb != NULL)) {
+ DH *dhp = s->cert->dh_tmp_cb(s, 0, 1024);
+ pkdh = ssl_dh_to_pkey(dhp);
+ if (pkdh == NULL) {
+ al = SSL_AD_INTERNAL_ERROR;
+ SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
+ ERR_R_INTERNAL_ERROR);
+ goto f_err;
+ }
+ pkdhp = pkdh;
+ }
+ if (pkdhp == NULL) {
al = SSL_AD_HANDSHAKE_FAILURE;
SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
SSL_R_MISSING_TMP_DH_KEY);
goto f_err;
}
if (!ssl_security(s, SSL_SECOP_TMP_DH,
- DH_security_bits(dhp), 0, dhp)) {
+ EVP_PKEY_security_bits(pkdhp), 0, pkdhp)) {
al = SSL_AD_HANDSHAKE_FAILURE;
SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
SSL_R_DH_KEY_TOO_SMALL);
goto f_err;
}
- if (s->s3->tmp.dh != NULL) {
+ if (s->s3->tmp.pkey != NULL) {
SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
ERR_R_INTERNAL_ERROR);
goto err;
}
- if (s->cert->dh_tmp_auto)
- dh = dhp;
- else if ((dh = DHparams_dup(dhp)) == NULL) {
- SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, ERR_R_DH_LIB);
+ s->s3->tmp.pkey = ssl_generate_pkey(pkdhp, NID_undef);
+
+ if (s->s3->tmp.pkey == NULL) {
+ SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, ERR_R_EVP_LIB);
goto err;
}
- s->s3->tmp.dh = dh;
- if ((dhp->pub_key == NULL ||
- dhp->priv_key == NULL ||
- (s->options & SSL_OP_SINGLE_DH_USE))) {
- if (!DH_generate_key(dh)) {
- SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, ERR_R_DH_LIB);
- goto err;
- }
- } else {
- dh->pub_key = BN_dup(dhp->pub_key);
- dh->priv_key = BN_dup(dhp->priv_key);
- if ((dh->pub_key == NULL) || (dh->priv_key == NULL)) {
- SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, ERR_R_DH_LIB);
- goto err;
- }
- }
+ dh = EVP_PKEY_get0_DH(s->s3->tmp.pkey);
+
+ EVP_PKEY_free(pkdh);
+ pkdh = NULL;
+
r[0] = dh->p;
r[1] = dh->g;
r[2] = dh->pub_key;
f_err:
ssl3_send_alert(s, SSL3_AL_FATAL, al);
err:
+#ifndef OPENSSL_NO_DH
+ EVP_PKEY_free(pkdh);
+#endif
#ifndef OPENSSL_NO_EC
OPENSSL_free(encodedPoint);
#endif
RSA *rsa = NULL;
EVP_PKEY *pkey = NULL;
#endif
-#ifndef OPENSSL_NO_DH
- BIGNUM *pub = NULL;
- DH *dh_srvr, *dh_clnt = NULL;
-#endif
#ifndef OPENSSL_NO_EC
EVP_PKEY *ckey = NULL;
- EVP_PKEY_CTX *pctx = NULL;
#endif
PACKET enc_premaster;
unsigned char *data, *rsa_decrypt = NULL;
}
OPENSSL_free(s->s3->tmp.psk);
- s->s3->tmp.psk = BUF_memdup(psk, psklen);
+ s->s3->tmp.psk = OPENSSL_memdup(psk, psklen);
OPENSSL_cleanse(psk, psklen);
if (s->s3->tmp.psk == NULL) {
if (s->version == SSL3_VERSION || s->version == DTLS1_BAD_VER) {
enc_premaster = *pkt;
} else {
- PACKET orig = *pkt;
if (!PACKET_get_length_prefixed_2(pkt, &enc_premaster)
|| PACKET_remaining(pkt) != 0) {
- /* Try SSLv3 behaviour for TLS. */
- if (s->options & SSL_OP_TLS_D5_BUG) {
- enc_premaster = orig;
- } else {
- al = SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE,
- SSL_R_LENGTH_MISMATCH);
- goto f_err;
- }
+ al = SSL_AD_DECODE_ERROR;
+ SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE,
+ SSL_R_LENGTH_MISMATCH);
+ goto f_err;
}
}
} else
#endif
#ifndef OPENSSL_NO_DH
- if (alg_k & (SSL_kDHE | SSL_kDHr | SSL_kDHd | SSL_kDHEPSK)) {
- int idx = -1;
+ if (alg_k & (SSL_kDHE | SSL_kDHEPSK)) {
EVP_PKEY *skey = NULL;
- unsigned char shared[(OPENSSL_DH_MAX_MODULUS_BITS + 7) / 8];
+ DH *cdh;
if (!PACKET_get_net_2(pkt, &i)) {
if (alg_k & (SSL_kDHE | SSL_kDHEPSK)) {
SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG);
goto err;
}
- if (alg_k & SSL_kDHr)
- idx = SSL_PKEY_DH_RSA;
- else if (alg_k & SSL_kDHd)
- idx = SSL_PKEY_DH_DSA;
- if (idx >= 0) {
- skey = s->cert->pkeys[idx].privatekey;
- if ((skey == NULL) ||
- (skey->type != EVP_PKEY_DH) || (skey->pkey.dh == NULL)) {
- al = SSL_AD_HANDSHAKE_FAILURE;
- SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE,
- SSL_R_MISSING_RSA_CERTIFICATE);
- goto f_err;
- }
- dh_srvr = skey->pkey.dh;
- } else if (s->s3->tmp.dh == NULL) {
+ skey = s->s3->tmp.pkey;
+ if (skey == NULL) {
al = SSL_AD_HANDSHAKE_FAILURE;
SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE,
SSL_R_MISSING_TMP_DH_KEY);
goto f_err;
- } else
- dh_srvr = s->s3->tmp.dh;
+ }
if (PACKET_remaining(pkt) == 0L) {
- /* Get pubkey from cert */
- EVP_PKEY *clkey = X509_get_pubkey(s->session->peer);
- if (clkey) {
- if (EVP_PKEY_cmp_parameters(clkey, skey) == 1)
- dh_clnt = EVP_PKEY_get1_DH(clkey);
- }
- if (dh_clnt == NULL) {
- al = SSL_AD_HANDSHAKE_FAILURE;
- SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE,
- SSL_R_MISSING_TMP_DH_KEY);
- goto f_err;
- }
- EVP_PKEY_free(clkey);
- pub = dh_clnt->pub_key;
- } else {
- if (!PACKET_get_bytes(pkt, &data, i)) {
- /* We already checked we have enough data */
- al = SSL_AD_INTERNAL_ERROR;
- SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE,
- ERR_R_INTERNAL_ERROR);
- goto f_err;
- }
- pub = BN_bin2bn(data, i, NULL);
+ al = SSL_AD_HANDSHAKE_FAILURE;
+ SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE,
+ SSL_R_MISSING_TMP_DH_KEY);
+ goto f_err;
+ }
+ if (!PACKET_get_bytes(pkt, &data, i)) {
+ /* We already checked we have enough data */
+ al = SSL_AD_INTERNAL_ERROR;
+ SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE,
+ ERR_R_INTERNAL_ERROR);
+ goto f_err;
}
- if (pub == NULL) {
+ ckey = EVP_PKEY_new();
+ if (ckey == NULL || EVP_PKEY_copy_parameters(ckey, skey) == 0) {
SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, SSL_R_BN_LIB);
goto err;
}
-
- i = DH_compute_key(shared, pub, dh_srvr);
-
- if (i <= 0) {
- SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, ERR_R_DH_LIB);
- BN_clear_free(pub);
+ cdh = EVP_PKEY_get0_DH(ckey);
+ cdh->pub_key = BN_bin2bn(data, i, NULL);
+ if (cdh->pub_key == NULL) {
+ SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, SSL_R_BN_LIB);
goto err;
}
- DH_free(s->s3->tmp.dh);
- s->s3->tmp.dh = NULL;
- if (dh_clnt)
- DH_free(dh_clnt);
- else
- BN_clear_free(pub);
- pub = NULL;
- if (!ssl_generate_master_secret(s, shared, i, 0)) {
+ if (ssl_derive(s, skey, ckey) == 0) {
al = SSL_AD_INTERNAL_ERROR;
SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
goto f_err;
}
- if (dh_clnt) {
- s->statem.no_cert_verify = 1;
- return MSG_PROCESS_CONTINUE_PROCESSING;
- }
+
+ EVP_PKEY_free(ckey);
+ ckey = NULL;
+
} else
#endif
goto f_err;
}
OPENSSL_free(s->session->srp_username);
- s->session->srp_username = BUF_strdup(s->srp_ctx.login);
+ s->session->srp_username = OPENSSL_strdup(s->srp_ctx.login);
if (s->session->srp_username == NULL) {
SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
goto err;
#endif
#ifndef OPENSSL_NO_EC
EVP_PKEY_free(ckey);
- EVP_PKEY_CTX_free(pctx);
- OPENSSL_free(rsa_decrypt);
#endif
+ OPENSSL_free(rsa_decrypt);
#ifndef OPENSSL_NO_PSK
OPENSSL_clear_free(s->s3->tmp.psk, s->s3->tmp.psklen);
s->s3->tmp.psk = NULL;