int i, al = SSL_AD_INTERNAL_ERROR;
unsigned int j, complen = 0;
unsigned long id;
- SSL_CIPHER *c;
+ const SSL_CIPHER *c;
#ifndef OPENSSL_NO_COMP
SSL_COMP *comp = NULL;
#endif
STACK_OF(SSL_CIPHER) *ciphers = NULL;
- int protverr = 1;
+ int protverr;
/* |cookie| will only be initialized for DTLS. */
PACKET session_id, cipher_suites, compression, extensions, cookie;
int is_v2_record;
}
}
- /* Do SSL/TLS version negotiation if applicable */
+ /*
+ * Do SSL/TLS version negotiation if applicable. For DTLS we just check
+ * versions are potentially compatible. Version negotiation comes later.
+ */
if (!SSL_IS_DTLS(s)) {
- if (s->version != TLS_ANY_VERSION) {
- if (s->client_version >= s->version) {
- protverr = 0;
- }
- } else if (s->client_version >= SSL3_VERSION) {
- switch(s->client_version) {
- default:
- case TLS1_2_VERSION:
- if(!(s->options & SSL_OP_NO_TLSv1_2)) {
- s->version = TLS1_2_VERSION;
- s->method = TLSv1_2_server_method();
- protverr = 0;
- break;
- }
- /* Deliberately fall through */
- case TLS1_1_VERSION:
- if(!(s->options & SSL_OP_NO_TLSv1_1)) {
- s->version = TLS1_1_VERSION;
- s->method = TLSv1_1_server_method();
- protverr = 0;
- break;
- }
- /* Deliberately fall through */
- case TLS1_VERSION:
- if(!(s->options & SSL_OP_NO_TLSv1)) {
- s->version = TLS1_VERSION;
- s->method = TLSv1_server_method();
- protverr = 0;
- break;
- }
- /* Deliberately fall through */
- case SSL3_VERSION:
-#ifndef OPENSSL_NO_SSL3
- if(!(s->options & SSL_OP_NO_SSLv3)) {
- s->version = SSL3_VERSION;
- s->method = SSLv3_server_method();
- protverr = 0;
- break;
- }
-#else
- break;
-#endif
- }
- }
- } else if (s->client_version <= s->version
- || s->method->version == DTLS_ANY_VERSION) {
- /*
- * For DTLS we just check versions are potentially compatible. Version
- * negotiation comes later.
- */
+ protverr = ssl_choose_server_version(s);
+ } else if (s->method->version != DTLS_ANY_VERSION &&
+ DTLS_VERSION_LT(s->client_version, s->version)) {
+ protverr = SSL_R_VERSION_TOO_LOW;
+ } else {
protverr = 0;
}
if (protverr) {
- SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO, SSL_R_UNKNOWN_PROTOCOL);
+ SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO, protverr);
if ((!s->enc_write_ctx && !s->write_hash)) {
/*
* similar to ssl3_get_record, send alert using remote version
s->d1->cookie_verified = 1;
}
if (s->method->version == DTLS_ANY_VERSION) {
- /* Select version to use */
- if (s->client_version <= DTLS1_2_VERSION &&
- !(s->options & SSL_OP_NO_DTLSv1_2)) {
- s->version = DTLS1_2_VERSION;
- s->method = DTLSv1_2_server_method();
- } else if (tls1_suiteb(s)) {
- SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO,
- SSL_R_ONLY_DTLS_1_2_ALLOWED_IN_SUITEB_MODE);
- s->version = s->client_version;
- al = SSL_AD_PROTOCOL_VERSION;
- goto f_err;
- } else if (s->client_version <= DTLS1_VERSION &&
- !(s->options & SSL_OP_NO_DTLSv1)) {
- s->version = DTLS1_VERSION;
- s->method = DTLSv1_server_method();
- } else {
- SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO,
- SSL_R_WRONG_VERSION_NUMBER);
+ protverr = ssl_choose_server_version(s);
+ if (protverr != 0) {
+ SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO, protverr);
s->version = s->client_version;
al = SSL_AD_PROTOCOL_VERSION;
goto f_err;
}
if (!s->hit && s->version >= TLS1_VERSION && s->tls_session_secret_cb) {
- SSL_CIPHER *pref_cipher = NULL;
+ const SSL_CIPHER *pref_cipher = NULL;
s->session->master_key_length = sizeof(s->session->master_key);
if (s->tls_session_secret_cb(s, s->session->master_key,
WORK_STATE tls_post_process_client_hello(SSL *s, WORK_STATE wst)
{
int al = SSL_AD_HANDSHAKE_FAILURE;
- SSL_CIPHER *cipher;
+ const SSL_CIPHER *cipher;
if (wst == WORK_MORE_A) {
if (!s->hit) {
* EVP_PKEY_derive_set_peer, because it is completely valid to use a
* client certificate for authorization only.
*/
- client_pub_pkey = X509_get_pubkey(s->session->peer);
+ client_pub_pkey = X509_get0_pubkey(s->session->peer);
if (client_pub_pkey) {
if (EVP_PKEY_derive_set_peer(pkey_ctx, client_pub_pkey) <= 0)
ERR_clear_error();
(pkey_ctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 2, NULL) > 0)
s->statem.no_cert_verify = 1;
- EVP_PKEY_free(client_pub_pkey);
EVP_PKEY_CTX_free(pkey_ctx);
return MSG_PROCESS_CONTINUE_PROCESSING;
gerr:
- EVP_PKEY_free(client_pub_pkey);
EVP_PKEY_CTX_free(pkey_ctx);
goto f_err;
} else
}
peer = s->session->peer;
- pkey = X509_get_pubkey(peer);
+ pkey = X509_get0_pubkey(peer);
type = X509_certificate_type(peer, pkey);
if (!(type & EVP_PKT_SIGN)) {
BIO_free(s->s3->handshake_buffer);
s->s3->handshake_buffer = NULL;
EVP_MD_CTX_free(mctx);
- EVP_PKEY_free(pkey);
return ret;
}
al = SSL_AD_HANDSHAKE_FAILURE;
goto f_err;
}
- pkey = X509_get_pubkey(sk_X509_value(sk, 0));
+ pkey = X509_get0_pubkey(sk_X509_value(sk, 0));
if (pkey == NULL) {
al = SSL3_AD_HANDSHAKE_FAILURE;
SSLerr(SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE,
SSL_R_UNKNOWN_CERTIFICATE_TYPE);
goto f_err;
}
- EVP_PKEY_free(pkey);
}
X509_free(s->session->peer);
* version. Fail if the current version is an unexpected
* downgrade.
*/
- if (!SSL_ctrl(s, SSL_CTRL_CHECK_PROTO_VERSION, 0, NULL)) {
+ if (!ssl_check_version_downgrade(s)) {
SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,
SSL_R_INAPPROPRIATE_FALLBACK);
*al = SSL_AD_INAPPROPRIATE_FALLBACK;