X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=ssl%2Fs3_clnt.c;h=d3e6b4d1e58f96974a07f1045f8583504759af2f;hp=4f551d20e9984d3ee3db05d4aafcafcf9c291063;hb=458cddc1042eb91c5bb1e2bffd8fcfe5ee960d4d;hpb=eda1f21f1af8b6f77327e7b37573af9c1ba73726 diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 4f551d20e9..d3e6b4d1e5 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -1,5 +1,5 @@ /* ssl/s3_clnt.c */ -/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written @@ -57,23 +57,15 @@ */ #include -#include "buffer.h" -#include "rand.h" -#include "objects.h" -#include "evp.h" +#include +#include +#include +#include +#include +#include #include "ssl_locl.h" -#define BREAK break -/* SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,ERR_R_MALLOC_FAILURE); - * SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,ERR_R_MALLOC_FAILURE); - * SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,ERR_R_MALLOC_FAILURE); - * SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE); - * SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,ERR_R_MALLOC_FAILURE); - * SSLerr(SSL_F_SSL3_GET_SERVER_DONE,ERR_R_MALLOC_FAILURE); -SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_SSL3_SESSION_ID_TOO_SHORT); - */ - -#ifndef NOPROTO +static SSL_METHOD *ssl3_get_client_method(int ver); static int ssl3_client_hello(SSL *s); static int ssl3_get_server_hello(SSL *s); static int ssl3_get_certificate_request(SSL *s); @@ -85,30 +77,15 @@ static int ssl3_send_client_key_exchange(SSL *s); static int ssl3_get_key_exchange(SSL *s); static int ssl3_get_server_certificate(SSL *s); static int ssl3_check_cert_and_algorithm(SSL *s); -#else -static int ssl3_client_hello(); -static int ssl3_get_server_hello(); -static int ssl3_get_certificate_request(); -static int ca_dn_cmp(); -static int ssl3_get_server_done(); -static int ssl3_send_client_verify(); -static int ssl3_send_client_certificate(); -static int ssl3_send_client_key_exchange(); -static int ssl3_get_key_exchange(); -static int ssl3_get_server_certificate(); -static int ssl3_check_cert_and_algorithm(); -#endif - -static SSL_METHOD *ssl3_get_client_method(ver) -int ver; +static SSL_METHOD *ssl3_get_client_method(int ver) { - if (ver == 3) + if (ver == SSL3_VERSION) return(SSLv3_client_method()); else return(NULL); } -SSL_METHOD *SSLv3_client_method() +SSL_METHOD *SSLv3_client_method(void) { static int init=1; static SSL_METHOD SSLv3_client_data; @@ -124,20 +101,18 @@ SSL_METHOD *SSLv3_client_method() return(&SSLv3_client_data); } -int ssl3_connect(s) -SSL *s; +int ssl3_connect(SSL *s) { BUF_MEM *buf; unsigned long Time=time(NULL),l; long num1; void (*cb)()=NULL; int ret= -1; - BIO *bbio,*under; int new_state,state,skip=0;; - RAND_seed((unsigned char *)&Time,sizeof(Time)); + RAND_seed(&Time,sizeof(Time)); ERR_clear_error(); - errno=0; + clear_sys_error(); if (s->info_callback != NULL) cb=s->info_callback; @@ -156,15 +131,19 @@ SSL *s; case SSL_ST_RENEGOTIATE: s->new_session=1; s->state=SSL_ST_CONNECT; + s->ctx->stats.sess_connect_renegotiate++; /* break */ case SSL_ST_BEFORE: case SSL_ST_CONNECT: case SSL_ST_BEFORE|SSL_ST_CONNECT: case SSL_ST_OK|SSL_ST_CONNECT: + s->server=0; if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1); - s->version=3; + if ((s->version & 0xff00 ) != 0x0300) + abort(); + /* s->version=SSL3_VERSION; */ s->type=SSL_ST_CONNECT; if (s->init_buf == NULL) @@ -185,34 +164,14 @@ SSL *s; if (!ssl3_setup_buffers(s)) { ret= -1; goto end; } /* setup buffing BIO */ - if (s->bbio == NULL) - { - bbio=BIO_new(BIO_f_buffer()); - if (bbio == NULL) - { - SSLerr(SSL_F_SSL3_CONNECT,ERR_LIB_BUF); - ret= -1; - goto end; - } - s->bbio=bbio; - } - else - bbio=s->bbio; - - BIO_reset(bbio); - if (!BIO_set_write_buffer_size(bbio,16*1024)) - { - SSLerr(SSL_F_SSL3_CONNECT,ERR_LIB_BUF); - ret= -1; - goto end; - } + if (!ssl_init_wbio_buffer(s,0)) { ret= -1; goto end; } /* don't push the buffering BIO quite yet */ ssl3_init_finished_mac(s); s->state=SSL3_ST_CW_CLNT_HELLO_A; - s->ctx->sess_connect++; + s->ctx->stats.sess_connect++; s->init_num=0; break; @@ -226,7 +185,8 @@ SSL *s; s->init_num=0; /* turn on buffering for the next lot of output */ - s->wbio=BIO_push(s->bbio,s->wbio); + if (s->bbio != s->wbio) + s->wbio=BIO_push(s->bbio,s->wbio); break; @@ -294,6 +254,7 @@ SSL *s; case SSL3_ST_CW_CERT_A: case SSL3_ST_CW_CERT_B: case SSL3_ST_CW_CERT_C: + case SSL3_ST_CW_CERT_D: ret=ssl3_send_client_certificate(s); if (ret <= 0) goto end; s->state=SSL3_ST_CW_KEY_EXCH_A; @@ -307,7 +268,9 @@ SSL *s; l=s->s3->tmp.new_cipher->algorithms; /* EAY EAY EAY need to check for DH fix cert * sent back */ - if ((s->s3->tmp.cert_req) && 1) + /* For TLS, cert_req is set to 2, so a cert chain + * of nothing is sent, but no verify packet is sent */ + if (s->s3->tmp.cert_req == 1) { s->state=SSL3_ST_CW_CERT_VRFY_A; } @@ -338,13 +301,18 @@ SSL *s; s->init_num=0; s->session->cipher=s->s3->tmp.new_cipher; - if (!ssl3_setup_key_block(s)) + if (s->s3->tmp.new_compression == NULL) + s->session->compress_meth=0; + else + s->session->compress_meth= + s->s3->tmp.new_compression->id; + if (!s->method->ssl3_enc->setup_key_block(s)) { ret= -1; goto end; } - if (!ssl3_change_cipher_state(s, + if (!s->method->ssl3_enc->change_cipher_state(s, SSL3_CHANGE_CIPHER_CLIENT_WRITE)) { ret= -1; @@ -357,7 +325,8 @@ SSL *s; case SSL3_ST_CW_FINISHED_B: ret=ssl3_send_finished(s, SSL3_ST_CW_FINISHED_A,SSL3_ST_CW_FINISHED_B, - &(ssl3_client_finished_const[0])); + s->method->ssl3_enc->client_finished, + s->method->ssl3_enc->client_finished_len); if (ret <= 0) goto end; s->state=SSL3_ST_CW_FLUSH; @@ -384,8 +353,7 @@ SSL *s; case SSL3_ST_CR_FINISHED_B: ret=ssl3_get_finished(s,SSL3_ST_CR_FINISHED_A, - SSL3_ST_CR_FINISHED_B, - &(ssl3_server_finished_const[0])); + SSL3_ST_CR_FINISHED_B); if (ret <= 0) goto end; if (s->hit) @@ -413,37 +381,33 @@ SSL *s; /* clean a few things up */ ssl3_cleanup_key_block(s); - BUF_MEM_free(s->init_buf); - s->init_buf=NULL; - - if (!(s->s3->flags & SSL3_FLAGS_POP_BUFFER)) + if (s->init_buf != NULL) { - /* remove buffering */ - under=BIO_pop(s->wbio); - if (under != NULL) - s->wbio=under; - else - abort(); /* ok */ - - BIO_free(s->bbio); - s->bbio=NULL; + BUF_MEM_free(s->init_buf); + s->init_buf=NULL; } - /* else do it later */ + + /* If we are not 'joining' the last two packets, + * remove the buffering now */ + if (!(s->s3->flags & SSL3_FLAGS_POP_BUFFER)) + ssl_free_wbio_buffer(s); + /* else do it later in ssl3_write */ s->init_num=0; s->new_session=0; ssl_update_cache(s,SSL_SESS_CACHE_CLIENT); + if (s->hit) s->ctx->stats.sess_hit++; ret=1; /* s->server=0; */ s->handshake_func=ssl3_connect; - s->ctx->sess_connect_good++; + s->ctx->stats.sess_connect_good++; if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1); goto end; - break; + /* break; */ default: SSLerr(SSL_F_SSL3_CONNECT,SSL_R_UNKNOWN_STATE); @@ -455,7 +419,11 @@ SSL *s; /* did we do anything */ if (!s->s3->tmp.reuse_message && !skip) { - if (s->debug) BIO_flush(s->wbio); + if (s->debug) + { + if ((ret=BIO_flush(s->wbio)) <= 0) + goto end; + } if ((cb != NULL) && (s->state != state)) { @@ -475,19 +443,20 @@ end: } -static int ssl3_client_hello(s) -SSL *s; +static int ssl3_client_hello(SSL *s) { unsigned char *buf; unsigned char *p,*d; - int i; + int i,j; unsigned long Time,l; + SSL_COMP *comp; buf=(unsigned char *)s->init_buf->data; if (s->state == SSL3_ST_CW_CLNT_HELLO_A) { if ((s->session == NULL) || - (s->session->ssl_version != s->version)) + (s->session->ssl_version != s->version) || + (s->session->not_resumable)) { if (!ssl_get_new_session(s,0)) goto err; @@ -497,13 +466,14 @@ SSL *s; p=s->s3->client_random; Time=time(NULL); /* Time */ l2n(Time,p); - RAND_bytes(&(p[4]),SSL3_RANDOM_SIZE-sizeof(Time)); + RAND_bytes(p,SSL3_RANDOM_SIZE-sizeof(Time)); /* Do the message type and length last */ d=p= &(buf[4]); - *(p++)=SSL3_VERSION_MAJOR; - *(p++)=SSL3_VERSION_MINOR; + *(p++)=s->version>>8; + *(p++)=s->version&0xff; + s->client_version=s->version; /* Random stuff */ memcpy(p,s->s3->client_random,SSL3_RANDOM_SIZE); @@ -531,9 +501,18 @@ SSL *s; s2n(i,p); p+=i; - /* hardwire in the NULL compression algorithm. */ - *(p++)=1; - *(p++)=0; + /* COMPRESSION */ + if (s->ctx->comp_methods == NULL) + j=0; + else + j=sk_SSL_COMP_num(s->ctx->comp_methods); + *(p++)=1+j; + for (i=0; ictx->comp_methods,i); + *(p++)=comp->id; + } + *(p++)=0; /* Add the NULL method */ l=(p-d); d=buf; @@ -552,15 +531,15 @@ err: return(-1); } -static int ssl3_get_server_hello(s) -SSL *s; +static int ssl3_get_server_hello(SSL *s) { - STACK *sk; + STACK_OF(SSL_CIPHER) *sk; SSL_CIPHER *c; unsigned char *p,*d; int i,al,ok; unsigned int j; long n; + SSL_COMP *comp; n=ssl3_get_message(s, SSL3_ST_CR_SRVR_HELLO_A, @@ -572,10 +551,12 @@ SSL *s; if (!ok) return((int)n); d=p=(unsigned char *)s->init_buf->data; - if ((p[0] != SSL3_VERSION_MAJOR) && (p[1] != SSL3_VERSION_MINOR)) + if ((p[0] != (s->version>>8)) || (p[1] != (s->version&0xff))) { SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_WRONG_SSL_VERSION); - goto err; + s->version=(s->version&0xff00)|p[1]; + al=SSL_AD_PROTOCOL_VERSION; + goto f_err; } p+=2; @@ -592,53 +573,66 @@ SSL *s; /* SSLref returns 16 :-( */ if (j < SSL2_SSL_SESSION_ID_LENGTH) { - al=SSL3_AD_ILLEGAL_PARAMETER; + al=SSL_AD_ILLEGAL_PARAMETER; SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_SSL3_SESSION_ID_TOO_SHORT); goto f_err; } } - if (j == 0) + if (j != 0 && j == s->session->session_id_length + && memcmp(p,s->session->session_id,j) == 0) + { + if(s->sid_ctx_length != s->session->sid_ctx_length + || memcmp(s->session->sid_ctx,s->sid_ctx,s->sid_ctx_length)) { - s->hit=0; - memset(s->session->session_id,0,SSL_MAX_SSL_SESSION_ID_LENGTH); - s->session->session_id_length=0; + al=SSL_AD_ILLEGAL_PARAMETER; + SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT); + goto f_err; } - else if ((j == s->session->session_id_length) && - (memcmp(p,s->session->session_id,j) == 0)) - s->hit=1; - else + s->hit=1; + } + else /* a miss or crap from the other end */ { - memcpy(s->session->session_id,p,j); - s->session->session_id_length=j; + /* If we were trying for session-id reuse, make a new + * SSL_SESSION so we don't stuff up other people */ s->hit=0; + if (s->session->session_id_length > 0) + { + if (!ssl_get_new_session(s,0)) + { + al=SSL_AD_INTERNAL_ERROR; + goto f_err; + } + } + s->session->session_id_length=j; + memcpy(s->session->session_id,p,j); /* j could be 0 */ } p+=j; c=ssl_get_cipher_by_char(s,p); if (c == NULL) { /* unknown cipher */ - al=SSL3_AD_HANDSHAKE_FAILURE; + al=SSL_AD_ILLEGAL_PARAMETER; SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_UNKNOWN_CIPHER_RETURNED); goto f_err; } p+=ssl_put_cipher_by_char(s,NULL,NULL); sk=ssl_get_ciphers_by_id(s); - i=sk_find(sk,(char *)c); + i=sk_SSL_CIPHER_find(sk,c); if (i < 0) { /* we did not say we would use this cipher */ - al=SSL3_AD_ILLEGAL_PARAMETER; + al=SSL_AD_ILLEGAL_PARAMETER; SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_WRONG_CIPHER_RETURNED); goto f_err; } if (s->hit && (s->session->cipher != c)) { - if (!(s->ctx->options & + if (!(s->options & SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG)) { - al=SSL3_AD_ILLEGAL_PARAMETER; + al=SSL_AD_ILLEGAL_PARAMETER; SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED); goto f_err; } @@ -646,18 +640,28 @@ SSL *s; s->s3->tmp.new_cipher=c; /* lets get the compression algorithm */ + /* COMPRESSION */ j= *(p++); - if (j != 0) + if (j == 0) + comp=NULL; + else + comp=ssl3_comp_find(s->ctx->comp_methods,j); + + if ((j != 0) && (comp == NULL)) { - al=SSL3_AD_HANDSHAKE_FAILURE; + al=SSL_AD_ILLEGAL_PARAMETER; SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM); goto f_err; } + else + { + s->s3->tmp.new_compression=comp; + } if (p != (d+n)) { /* wrong packet length */ - al=SSL3_AD_ILLEGAL_PARAMETER; + al=SSL_AD_DECODE_ERROR; SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_BAD_PACKET_LENGTH); goto err; } @@ -669,15 +673,14 @@ err: return(-1); } -static int ssl3_get_server_certificate(s) -SSL *s; +static int ssl3_get_server_certificate(SSL *s) { int al,i,ok,ret= -1; unsigned long n,nc,llen,l; X509 *x=NULL; unsigned char *p,*d,*q; - STACK *sk=NULL; - CERT *c; + STACK_OF(X509) *sk=NULL; + SESS_CERT *sc; EVP_PKEY *pkey=NULL; n=ssl3_get_message(s, @@ -701,13 +704,13 @@ SSL *s; if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE) { - al=SSL3_AD_UNEXPECTED_MESSAGE; + al=SSL_AD_UNEXPECTED_MESSAGE; SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_BAD_MESSAGE_TYPE); goto f_err; } d=p=(unsigned char *)s->init_buf->data; - if ((sk=sk_new_null()) == NULL) + if ((sk=sk_X509_new_null()) == NULL) { SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,ERR_R_MALLOC_FAILURE); goto err; @@ -716,7 +719,7 @@ SSL *s; n2l3(p,llen); if (llen+3 != n) { - al=SSL3_AD_ILLEGAL_PARAMETER; + al=SSL_AD_DECODE_ERROR; SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_LENGTH_MISMATCH); goto f_err; } @@ -725,7 +728,7 @@ SSL *s; n2l3(p,l); if ((l+nc+3) > llen) { - al=SSL3_AD_ILLEGAL_PARAMETER; + al=SSL_AD_DECODE_ERROR; SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_CERT_LENGTH_MISMATCH); goto f_err; } @@ -734,17 +737,17 @@ SSL *s; x=d2i_X509(NULL,&q,l); if (x == NULL) { - al=SSL3_AD_ILLEGAL_PARAMETER; + al=SSL_AD_BAD_CERTIFICATE; SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,ERR_R_ASN1_LIB); goto f_err; } if (q != (p+l)) { - al=SSL3_AD_ILLEGAL_PARAMETER; + al=SSL_AD_DECODE_ERROR; SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_CERT_LENGTH_MISMATCH); goto f_err; } - if (!sk_push(sk,(char *)x)) + if (!sk_X509_push(sk,x)) { SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,ERR_R_MALLOC_FAILURE); goto err; @@ -755,26 +758,26 @@ SSL *s; } i=ssl_verify_cert_chain(s,sk); - if ((s->verify_mode != SSL_VERIFY_NONE) && (!i)) + if ((s->verify_mode != SSL_VERIFY_NONE) && (!i)) { al=ssl_verify_alarm_type(s->verify_result); SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_CERTIFICATE_VERIFY_FAILED); goto f_err; } - c=ssl_cert_new(); - if (c == NULL) goto err; + sc=ssl_sess_cert_new(); + if (sc == NULL) goto err; - if (s->session->cert) ssl_cert_free(s->session->cert); - s->session->cert=c; + if (s->session->sess_cert) ssl_sess_cert_free(s->session->sess_cert); + s->session->sess_cert=sc; - c->cert_chain=sk; - x=(X509 *)sk_value(sk,0); + sc->cert_chain=sk; + x=sk_X509_value(sk,0); sk=NULL; pkey=X509_get_pubkey(x); - if (EVP_PKEY_missing_parameters(pkey)) + if ((pkey == NULL) || EVP_PKEY_missing_parameters(pkey)) { x=NULL; al=SSL3_AL_FATAL; @@ -791,16 +794,18 @@ SSL *s; goto f_err; } - c->cert_type=i; - x->references++; - if (c->pkeys[i].x509 != NULL) - X509_free(c->pkeys[i].x509); - c->pkeys[i].x509=x; - c->key= &(c->pkeys[i]); + sc->peer_cert_type=i; + CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509); + if (sc->peer_pkeys[i].x509 != NULL) /* Why would this ever happen? + * We just created sc a couple of + * lines ago. */ + X509_free(sc->peer_pkeys[i].x509); + sc->peer_pkeys[i].x509=x; + sc->peer_key= &(sc->peer_pkeys[i]); - if ((s->session != NULL) && (s->session->peer != NULL)) + if (s->session->peer != NULL) X509_free(s->session->peer); - x->references++; + CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509); s->session->peer=x; x=NULL; @@ -812,13 +817,13 @@ f_err: ssl3_send_alert(s,SSL3_AL_FATAL,al); } err: - if (x != NULL) X509_free(x); - if (sk != NULL) sk_pop_free(sk,X509_free); + EVP_PKEY_free(pkey); + X509_free(x); + sk_X509_pop_free(sk,X509_free); return(ret); } -static int ssl3_get_key_exchange(s) -SSL *s; +static int ssl3_get_key_exchange(SSL *s) { #ifndef NO_RSA unsigned char *q,md_buf[EVP_MAX_MD_SIZE*2]; @@ -828,8 +833,12 @@ SSL *s; int al,i,j,param_len,ok; long n,alg; EVP_PKEY *pkey=NULL; +#ifndef NO_RSA RSA *rsa=NULL; +#endif +#ifndef NO_DH DH *dh=NULL; +#endif n=ssl3_get_message(s, SSL3_ST_CR_KEY_EXCH_A, @@ -848,26 +857,26 @@ SSL *s; param=p=(unsigned char *)s->init_buf->data; - if (s->session->cert != NULL) + if (s->session->sess_cert != NULL) { #ifndef NO_RSA - if (s->session->cert->rsa_tmp != NULL) + if (s->session->sess_cert->peer_rsa_tmp != NULL) { - RSA_free(s->session->cert->rsa_tmp); - s->session->cert->rsa_tmp=NULL; + RSA_free(s->session->sess_cert->peer_rsa_tmp); + s->session->sess_cert->peer_rsa_tmp=NULL; } #endif #ifndef NO_DH - if (s->session->cert->dh_tmp) + if (s->session->sess_cert->peer_dh_tmp) { - DH_free(s->session->cert->dh_tmp); - s->session->cert->dh_tmp=NULL; + DH_free(s->session->sess_cert->peer_dh_tmp); + s->session->sess_cert->peer_dh_tmp=NULL; } #endif } else { - s->session->cert=ssl_cert_new(); + s->session->sess_cert=ssl_sess_cert_new(); } param_len=0; @@ -885,7 +894,7 @@ SSL *s; param_len=i+2; if (param_len > n) { - al=SSL3_AD_ILLEGAL_PARAMETER; + al=SSL_AD_DECODE_ERROR; SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_RSA_MODULUS_LENGTH); goto f_err; } @@ -900,7 +909,7 @@ SSL *s; param_len+=i+2; if (param_len > n) { - al=SSL3_AD_ILLEGAL_PARAMETER; + al=SSL_AD_DECODE_ERROR; SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_RSA_E_LENGTH); goto f_err; } @@ -912,16 +921,16 @@ SSL *s; p+=i; n-=param_len; -/* s->session->cert->rsa_tmp=rsa;*/ /* this should be because we are using an export cipher */ if (alg & SSL_aRSA) - pkey=X509_get_pubkey(s->session->cert->pkeys[SSL_PKEY_RSA_ENC].x509); + pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509); else { SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_INTERNAL_ERROR); goto err; } - s->session->cert->rsa_tmp=rsa; + s->session->sess_cert->peer_rsa_tmp=rsa; + rsa=NULL; } else #endif @@ -937,7 +946,7 @@ SSL *s; param_len=i+2; if (param_len > n) { - al=SSL3_AD_ILLEGAL_PARAMETER; + al=SSL_AD_DECODE_ERROR; SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_DH_P_LENGTH); goto f_err; } @@ -952,7 +961,7 @@ SSL *s; param_len+=i+2; if (param_len > n) { - al=SSL3_AD_ILLEGAL_PARAMETER; + al=SSL_AD_DECODE_ERROR; SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_DH_G_LENGTH); goto f_err; } @@ -967,7 +976,7 @@ SSL *s; param_len+=i+2; if (param_len > n) { - al=SSL3_AD_ILLEGAL_PARAMETER; + al=SSL_AD_DECODE_ERROR; SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_DH_PUB_KEY_LENGTH); goto f_err; } @@ -981,24 +990,32 @@ SSL *s; #ifndef NO_RSA if (alg & SSL_aRSA) - pkey=X509_get_pubkey(s->session->cert->pkeys[SSL_PKEY_RSA_ENC].x509); + pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509); else #endif #ifndef NO_DSA if (alg & SSL_aDSS) - pkey=X509_get_pubkey(s->session->cert->pkeys[SSL_PKEY_DSA_SIGN].x509); + pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_DSA_SIGN].x509); #endif /* else anonymous DH, so no certificate or pkey. */ - s->session->cert->dh_tmp=dh; + s->session->sess_cert->peer_dh_tmp=dh; + dh=NULL; } else if ((alg & SSL_kDHr) || (alg & SSL_kDHd)) { - al=SSL3_AD_HANDSHAKE_FAILURE; + al=SSL_AD_ILLEGAL_PARAMETER; SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER); goto f_err; } #endif + if (alg & SSL_aFZA) + { + al=SSL_AD_HANDSHAKE_FAILURE; + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER); + goto f_err; + } + /* p points to the next byte, there are 'n' bytes left */ @@ -1013,9 +1030,9 @@ SSL *s; if ((i != n) || (n > j) || (n <= 0)) { /* wrong packet length */ - al=SSL3_AD_ILLEGAL_PARAMETER; + al=SSL_AD_DECODE_ERROR; SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_WRONG_SIGNATURE_LENGTH); - goto err; + goto f_err; } #ifndef NO_RSA @@ -1027,7 +1044,8 @@ SSL *s; q=md_buf; for (num=2; num > 0; num--) { - EVP_DigestInit(&md_ctx,(num == 2)?EVP_md5():EVP_sha1()); + EVP_DigestInit(&md_ctx,(num == 2) + ?s->ctx->md5:s->ctx->sha1); EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); EVP_DigestUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE); EVP_DigestUpdate(&md_ctx,param,param_len); @@ -1039,14 +1057,14 @@ SSL *s; RSA_PKCS1_PADDING); if (i <= 0) { - al=SSL3_AD_ILLEGAL_PARAMETER; + al=SSL_AD_DECRYPT_ERROR; SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_RSA_DECRYPT); goto f_err; } if ((j != i) || (memcmp(p,md_buf,i) != 0)) { /* bad signature */ - al=SSL3_AD_ILLEGAL_PARAMETER; + al=SSL_AD_DECRYPT_ERROR; SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_SIGNATURE); goto f_err; } @@ -1064,7 +1082,7 @@ SSL *s; if (!EVP_VerifyFinal(&md_ctx,p,(int)n,pkey)) { /* bad signature */ - al=SSL3_AD_ILLEGAL_PARAMETER; + al=SSL_AD_DECRYPT_ERROR; SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_SIGNATURE); goto f_err; } @@ -1086,28 +1104,36 @@ SSL *s; } if (n != 0) { - al=SSL3_AD_ILLEGAL_PARAMETER; + al=SSL_AD_DECODE_ERROR; SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_EXTRA_DATA_IN_MESSAGE); goto f_err; } } - + EVP_PKEY_free(pkey); return(1); f_err: ssl3_send_alert(s,SSL3_AL_FATAL,al); err: + EVP_PKEY_free(pkey); +#ifndef NO_RSA + if (rsa != NULL) + RSA_free(rsa); +#endif +#ifndef NO_DH + if (dh != NULL) + DH_free(dh); +#endif return(-1); } -static int ssl3_get_certificate_request(s) -SSL *s; +static int ssl3_get_certificate_request(SSL *s) { int ok,ret=0; - unsigned long n,nc; - unsigned int llen,l,ctype_num,i; + unsigned long n,nc,l; + unsigned int llen,ctype_num,i; X509_NAME *xn=NULL; unsigned char *p,*d,*q; - STACK *ca_sk=NULL; + STACK_OF(X509_NAME) *ca_sk=NULL; n=ssl3_get_message(s, SSL3_ST_CR_CERT_REQ_A, @@ -1132,14 +1158,26 @@ SSL *s; if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE_REQUEST) { - ssl3_send_alert(s,SSL3_AL_FATAL,SSL3_AD_UNEXPECTED_MESSAGE); + ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE); SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_WRONG_MESSAGE_TYPE); goto err; } + /* TLS does not like anon-DH with client cert */ + if (s->version > SSL3_VERSION) + { + l=s->s3->tmp.new_cipher->algorithms; + if (l & SSL_aNULL) + { + ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE); + SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER); + goto err; + } + } + d=p=(unsigned char *)s->init_buf->data; - if ((ca_sk=sk_new(ca_dn_cmp)) == NULL) + if ((ca_sk=sk_X509_NAME_new(ca_dn_cmp)) == NULL) { SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,ERR_R_MALLOC_FAILURE); goto err; @@ -1155,9 +1193,18 @@ SSL *s; /* get the CA RDNs */ n2s(p,llen); +#if 0 +{ +FILE *out; +out=fopen("/tmp/vsign.der","w"); +fwrite(p,1,llen,out); +fclose(out); +} +#endif + if ((llen+ctype_num+2+1) != n) { - ssl3_send_alert(s,SSL3_AL_FATAL,SSL3_AD_ILLEGAL_PARAMETER); + ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR); SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_LENGTH_MISMATCH); goto err; } @@ -1167,9 +1214,9 @@ SSL *s; n2s(p,l); if ((l+nc+2) > llen) { - if ((s->ctx->options & SSL_OP_NETSCAPE_CA_DN_BUG)) + if ((s->options & SSL_OP_NETSCAPE_CA_DN_BUG)) goto cont; /* netscape bugs */ - ssl3_send_alert(s,SSL3_AL_FATAL,SSL3_AD_ILLEGAL_PARAMETER); + ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR); SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_CA_DN_TOO_LONG); goto err; } @@ -1179,11 +1226,11 @@ SSL *s; if ((xn=d2i_X509_NAME(NULL,&q,l)) == NULL) { /* If netscape tollerance is on, ignore errors */ - if (s->ctx->options & SSL_OP_NETSCAPE_CA_DN_BUG) + if (s->options & SSL_OP_NETSCAPE_CA_DN_BUG) goto cont; else { - ssl3_send_alert(s,SSL3_AL_FATAL,SSL3_AD_ILLEGAL_PARAMETER); + ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR); SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,ERR_R_ASN1_LIB); goto err; } @@ -1191,11 +1238,11 @@ SSL *s; if (q != (p+l)) { - ssl3_send_alert(s,SSL3_AL_FATAL,SSL3_AD_ILLEGAL_PARAMETER); + ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR); SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_CA_DN_LENGTH_MISMATCH); goto err; } - if (!sk_push(ca_sk,(char *)xn)) + if (!sk_X509_NAME_push(ca_sk,xn)) { SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,ERR_R_MALLOC_FAILURE); goto err; @@ -1215,24 +1262,22 @@ cont: s->s3->tmp.cert_req=1; s->s3->tmp.ctype_num=ctype_num; if (s->s3->tmp.ca_names != NULL) - sk_pop_free(s->s3->tmp.ca_names,X509_NAME_free); + sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free); s->s3->tmp.ca_names=ca_sk; ca_sk=NULL; ret=1; err: - if (ca_sk != NULL) sk_pop_free(ca_sk,X509_NAME_free); + if (ca_sk != NULL) sk_X509_NAME_pop_free(ca_sk,X509_NAME_free); return(ret); } -static int ca_dn_cmp(a,b) -X509_NAME **a,**b; +static int ca_dn_cmp(X509_NAME **a, X509_NAME **b) { return(X509_NAME_cmp(*a,*b)); } -static int ssl3_get_server_done(s) -SSL *s; +static int ssl3_get_server_done(SSL *s) { int ok,ret=0; long n; @@ -1248,20 +1293,22 @@ SSL *s; if (n > 0) { /* should contain no data */ - ssl3_send_alert(s,SSL3_AL_FATAL,SSL3_AD_ILLEGAL_PARAMETER); + ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR); SSLerr(SSL_F_SSL3_GET_SERVER_DONE,SSL_R_LENGTH_MISMATCH); } ret=1; return(ret); } -static int ssl3_send_client_key_exchange(s) -SSL *s; +static int ssl3_send_client_key_exchange(SSL *s) { unsigned char *p,*d; int n; unsigned long l; +#ifndef NO_RSA + unsigned char *q; EVP_PKEY *pkey=NULL; +#endif if (s->state == SSL3_ST_CW_KEY_EXCH_A) { @@ -1274,13 +1321,13 @@ SSL *s; if (l & SSL_kRSA) { RSA *rsa; - unsigned char tmp_buf[48]; + unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH]; - if (s->session->cert->rsa_tmp != NULL) - rsa=s->session->cert->rsa_tmp; + if (s->session->sess_cert->peer_rsa_tmp != NULL) + rsa=s->session->sess_cert->peer_rsa_tmp; else { - pkey=X509_get_pubkey(s->session->cert->pkeys[SSL_PKEY_RSA_ENC].x509); + pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509); if ((pkey == NULL) || (pkey->type != EVP_PKEY_RSA) || (pkey->pkey.rsa == NULL)) @@ -1289,27 +1336,43 @@ SSL *s; goto err; } rsa=pkey->pkey.rsa; + EVP_PKEY_free(pkey); } - tmp_buf[0]=SSL3_VERSION_MAJOR; - tmp_buf[1]=SSL3_VERSION_MINOR; + tmp_buf[0]=s->client_version>>8; + tmp_buf[1]=s->client_version&0xff; RAND_bytes(&(tmp_buf[2]),SSL_MAX_MASTER_KEY_LENGTH-2); s->session->master_key_length=SSL_MAX_MASTER_KEY_LENGTH; - n=RSA_public_encrypt(48,tmp_buf,p,rsa, - RSA_PKCS1_PADDING); + q=p; + /* Fix buf for TLS and beyond */ + if (s->version > SSL3_VERSION) + p+=2; + n=RSA_public_encrypt(SSL_MAX_MASTER_KEY_LENGTH, + tmp_buf,p,rsa,RSA_PKCS1_PADDING); +#ifdef PKCS1_CHECK + if (s->options & SSL_OP_PKCS1_CHECK_1) p[1]++; + if (s->options & SSL_OP_PKCS1_CHECK_2) tmp_buf[0]=0x70; +#endif if (n <= 0) { SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_ENCRYPT); goto err; } + /* Fix buf for TLS and beyond */ + if (s->version > SSL3_VERSION) + { + s2n(n,q); + n+=2; + } + s->session->master_key_length= - ssl3_generate_master_secret(s, + s->method->ssl3_enc->generate_master_secret(s, s->session->master_key, - tmp_buf,48); - memset(tmp_buf,0,48); + tmp_buf,SSL_MAX_MASTER_KEY_LENGTH); + memset(tmp_buf,0,SSL_MAX_MASTER_KEY_LENGTH); } else #endif @@ -1318,12 +1381,12 @@ SSL *s; { DH *dh_srvr,*dh_clnt; - if (s->session->cert->dh_tmp != NULL) - dh_srvr=s->session->cert->dh_tmp; + if (s->session->sess_cert->peer_dh_tmp != NULL) + dh_srvr=s->session->sess_cert->peer_dh_tmp; else { /* we get them from the cert */ - ssl3_send_alert(s,SSL3_AL_FATAL,SSL3_AD_HANDSHAKE_FAILURE); + ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE); SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNABLE_TO_FIND_DH_PARAMETERS); goto err; } @@ -1342,7 +1405,9 @@ SSL *s; /* use the 'p' output buffer for the DH key, but * make sure to clear it out afterwards */ + n=DH_compute_key(p,dh_srvr->pub_key,dh_clnt); + if (n <= 0) { SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB); @@ -1351,7 +1416,7 @@ SSL *s; /* generate master key from the result */ s->session->master_key_length= - ssl3_generate_master_secret(s, + s->method->ssl3_enc->generate_master_secret(s, s->session->master_key,p,n); /* clean up */ memset(p,0,n); @@ -1369,7 +1434,7 @@ SSL *s; else #endif { - ssl3_send_alert(s,SSL3_AL_FATAL,SSL3_AD_HANDSHAKE_FAILURE); + ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE); SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_INTERNAL_ERROR); goto err; } @@ -1389,14 +1454,18 @@ err: return(-1); } -static int ssl3_send_client_verify(s) -SSL *s; +static int ssl3_send_client_verify(SSL *s) { unsigned char *p,*d; unsigned char data[MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH]; EVP_PKEY *pkey; - int i=0,j; +#ifndef NO_RSA + int i=0; +#endif unsigned long n; +#ifndef NO_DSA + int j; +#endif if (s->state == SSL3_ST_CW_CERT_VRFY_A) { @@ -1404,14 +1473,14 @@ SSL *s; p= &(d[4]); pkey=s->cert->key->privatekey; - ssl3_final_finish_mac(s,&(s->s3->finish_dgst2), - NULL,&(data[MD5_DIGEST_LENGTH])); + s->method->ssl3_enc->cert_verify_mac(s,&(s->s3->finish_dgst2), + &(data[MD5_DIGEST_LENGTH])); #ifndef NO_RSA if (pkey->type == EVP_PKEY_RSA) { - ssl3_final_finish_mac(s,&(s->s3->finish_dgst1), - NULL,&(data[0])); + s->method->ssl3_enc->cert_verify_mac(s, + &(s->s3->finish_dgst1),&(data[0])); i=RSA_private_encrypt( MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH, data,&(p[2]),pkey->pkey.rsa, @@ -1457,8 +1526,7 @@ err: return(-1); } -static int ssl3_send_client_certificate(s) -SSL *s; +static int ssl3_send_client_certificate(SSL *s) { X509 *x509=NULL; EVP_PKEY *pkey=NULL; @@ -1507,9 +1575,16 @@ SSL *s; if (pkey != NULL) EVP_PKEY_free(pkey); if (i == 0) { - s->s3->tmp.cert_req=0; - ssl3_send_alert(s,SSL3_AL_WARNING,SSL3_AD_NO_CERTIFICATE); - return(1); + if (s->version == SSL3_VERSION) + { + s->s3->tmp.cert_req=0; + ssl3_send_alert(s,SSL3_AL_WARNING,SSL_AD_NO_CERTIFICATE); + return(1); + } + else + { + s->s3->tmp.cert_req=2; + } } /* Ok, we have a cert */ @@ -1519,7 +1594,8 @@ SSL *s; if (s->state == SSL3_ST_CW_CERT_C) { s->state=SSL3_ST_CW_CERT_D; - l=ssl3_output_cert_chain(s,s->cert->key->x509); + l=ssl3_output_cert_chain(s, + (s->s3->tmp.cert_req == 2)?NULL:s->cert->key->x509); s->init_num=(int)l; s->init_off=0; } @@ -1529,19 +1605,22 @@ SSL *s; #define has_bits(i,m) (((i)&(m)) == (m)) -static int ssl3_check_cert_and_algorithm(s) -SSL *s; +static int ssl3_check_cert_and_algorithm(SSL *s) { int i,idx; long algs; EVP_PKEY *pkey=NULL; - CERT *c; + SESS_CERT *sc; +#ifndef NO_RSA RSA *rsa; +#endif +#ifndef NO_DH DH *dh; +#endif - c=s->session->cert; + sc=s->session->sess_cert; - if (c == NULL) + if (sc == NULL) { SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_INTERNAL_ERROR); goto err; @@ -1553,14 +1632,19 @@ SSL *s; if (algs & (SSL_aDH|SSL_aNULL)) return(1); - rsa=s->session->cert->rsa_tmp; - dh=s->session->cert->dh_tmp; +#ifndef NO_RSA + rsa=s->session->sess_cert->peer_rsa_tmp; +#endif +#ifndef NO_DH + dh=s->session->sess_cert->peer_dh_tmp; +#endif /* This is the passed certificate */ - idx=c->cert_type; - pkey=X509_get_pubkey(c->pkeys[idx].x509); - i=X509_certificate_type(c->pkeys[idx].x509,pkey); + idx=sc->peer_cert_type; + pkey=X509_get_pubkey(sc->peer_pkeys[idx].x509); + i=X509_certificate_type(sc->peer_pkeys[idx].x509,pkey); + EVP_PKEY_free(pkey); /* Check that we have a certificate if we require one */ @@ -1576,15 +1660,16 @@ SSL *s; goto f_err; } #endif - +#ifndef NO_RSA if ((algs & SSL_kRSA) && !(has_bits(i,EVP_PK_RSA|EVP_PKT_ENC) || (rsa != NULL))) { SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_RSA_ENCRYPTING_CERT); goto f_err; } +#endif #ifndef NO_DH - else if ((algs & SSL_kEDH) && + if ((algs & SSL_kEDH) && !(has_bits(i,EVP_PK_DH|EVP_PKT_EXCH) || (dh != NULL))) { SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_KEY); @@ -1604,12 +1689,13 @@ SSL *s; #endif #endif - if ((algs & SSL_EXP) && !has_bits(i,EVP_PKT_EXP)) + if (SSL_IS_EXPORT(algs) && !has_bits(i,EVP_PKT_EXP)) { #ifndef NO_RSA if (algs & SSL_kRSA) { - if ((rsa == NULL) || (RSA_size(rsa) > 512)) + if (rsa == NULL + || RSA_size(rsa) > SSL_EXPORT_PKEYLENGTH(algs)) { SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_EXPORT_TMP_RSA_KEY); goto f_err; @@ -1619,8 +1705,9 @@ SSL *s; #endif #ifndef NO_DH if (algs & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) - { - if ((dh == NULL) || (DH_size(dh) > 512)) + { + if (dh == NULL + || DH_size(dh) > SSL_EXPORT_PKEYLENGTH(algs)) { SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_EXPORT_TMP_DH_KEY); goto f_err; @@ -1635,7 +1722,7 @@ SSL *s; } return(1); f_err: - ssl3_send_alert(s,SSL3_AL_FATAL,SSL3_AD_HANDSHAKE_FAILURE); + ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE); err: return(0); }