* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
#include <stdio.h>
+#include "ssl_locl.h"
+#include "kssl_lcl.h"
#include <openssl/buffer.h>
#include <openssl/rand.h>
#include <openssl/objects.h>
-#include <openssl/md5.h>
-#include <openssl/sha.h>
#include <openssl/evp.h>
-#include "ssl_locl.h"
-
-#ifndef OPENSSL_NO_KRB5
-#include "kssl.h"
-#endif
+#include <openssl/md5.h>
static SSL_METHOD *ssl3_get_client_method(int ver);
static int ssl3_client_hello(SSL *s);
BUF_MEM *buf;
unsigned long Time=time(NULL),l;
long num1;
- void (*cb)()=NULL;
+ void (*cb)(const SSL *ssl,int type,int val)=NULL;
int ret= -1;
int new_state,state,skip=0;;
else if (s->ctx->info_callback != NULL)
cb=s->ctx->info_callback;
- if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
s->in_handshake++;
+ if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
for (;;)
{
skip=0;
}
end:
+ s->in_handshake--;
if (cb != NULL)
cb(s,SSL_CB_CONNECT_EXIT,ret);
- s->in_handshake--;
return(ret);
}
&ok);
if (!ok) return((int)n);
- d=p=(unsigned char *)s->init_buf->data;
+ d=p=(unsigned char *)s->init_msg;
if ((p[0] != (s->version>>8)) || (p[1] != (s->version&0xff)))
{
SSL3_ST_CR_CERT_A,
SSL3_ST_CR_CERT_B,
-1,
-#if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN32)
- 1024*30, /* 30k max cert list :-) */
-#else
- 1024*100, /* 100k max cert list :-) */
-#endif
+ s->max_cert_list,
&ok);
if (!ok) return((int)n);
SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_BAD_MESSAGE_TYPE);
goto f_err;
}
- d=p=(unsigned char *)s->init_buf->data;
+ d=p=(unsigned char *)s->init_msg;
if ((sk=sk_X509_new_null()) == NULL)
{
}
i=ssl_verify_cert_chain(s,sk);
- if ((s->verify_mode != SSL_VERIFY_NONE) && (!i))
+ if ((s->verify_mode != SSL_VERIFY_NONE) && (!i)
+#ifndef OPENSSL_NO_KRB5
+ && (s->s3->tmp.new_cipher->algorithms & (SSL_MKEY_MASK|SSL_AUTH_MASK))
+ != (SSL_aKRB5|SSL_kKRB5)
+#endif /* OPENSSL_NO_KRB5 */
+ )
{
al=ssl_verify_alarm_type(s->verify_result);
SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_CERTIFICATE_VERIFY_FAILED);
* certificate, which we don't include in s3_srvr.c */
x=sk_X509_value(sk,0);
sk=NULL;
- /* VRS 19990621: possible memory leak; sk=null ==> !sk_pop_free() @end */
+ /* VRS 19990621: possible memory leak; sk=null ==> !sk_pop_free() @end*/
pkey=X509_get_pubkey(x);
/* VRS: allow null cert if auth == KRB5 */
- need_cert =
- ((s->s3->tmp.new_cipher->algorithms & (SSL_MKEY_MASK|SSL_AUTH_MASK))
+ need_cert = ((s->s3->tmp.new_cipher->algorithms
+ & (SSL_MKEY_MASK|SSL_AUTH_MASK))
== (SSL_aKRB5|SSL_kKRB5))? 0: 1;
#ifdef KSSL_DEBUG
s->s3->tmp.new_cipher->algorithms, need_cert);
#endif /* KSSL_DEBUG */
- if (need_cert && ((pkey == NULL) || EVP_PKEY_missing_parameters(pkey)))
+ if (need_cert && ((pkey == NULL) || EVP_PKEY_missing_parameters(pkey)))
{
x=NULL;
al=SSL3_AL_FATAL;
- SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS);
+ SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,
+ SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS);
goto f_err;
}
{
x=NULL;
al=SSL3_AL_FATAL;
- SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_UNKNOWN_CERTIFICATE_TYPE);
+ SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,
+ SSL_R_UNKNOWN_CERTIFICATE_TYPE);
goto f_err;
}
DH *dh=NULL;
#endif
+ /* use same message size as in ssl3_get_certificate_request()
+ * as ServerKeyExchange message may be skipped */
n=ssl3_get_message(s,
SSL3_ST_CR_KEY_EXCH_A,
SSL3_ST_CR_KEY_EXCH_B,
-1,
- 1024*8, /* ?? */
+ s->max_cert_list,
&ok);
if (!ok) return((int)n);
return(1);
}
- param=p=(unsigned char *)s->init_buf->data;
+ param=p=(unsigned char *)s->init_msg;
if (s->session->sess_cert != NULL)
{
param_len=0;
alg=s->s3->tmp.new_cipher->algorithms;
+ EVP_MD_CTX_init(&md_ctx);
#ifndef OPENSSL_NO_RSA
if (alg & SSL_kRSA)
q=md_buf;
for (num=2; num > 0; num--)
{
- EVP_DigestInit(&md_ctx,(num == 2)
- ?s->ctx->md5:s->ctx->sha1);
+ EVP_DigestInit_ex(&md_ctx,(num == 2)
+ ?s->ctx->md5:s->ctx->sha1, NULL);
EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
EVP_DigestUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
EVP_DigestUpdate(&md_ctx,param,param_len);
- EVP_DigestFinal(&md_ctx,q,(unsigned int *)&i);
+ EVP_DigestFinal_ex(&md_ctx,q,(unsigned int *)&i);
q+=i;
j+=i;
}
if (pkey->type == EVP_PKEY_DSA)
{
/* lets do DSS */
- EVP_VerifyInit(&md_ctx,EVP_dss1());
+ EVP_VerifyInit_ex(&md_ctx,EVP_dss1(), NULL);
EVP_VerifyUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
EVP_VerifyUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
EVP_VerifyUpdate(&md_ctx,param,param_len);
}
}
EVP_PKEY_free(pkey);
+ EVP_MD_CTX_cleanup(&md_ctx);
return(1);
f_err:
ssl3_send_alert(s,SSL3_AL_FATAL,al);
if (dh != NULL)
DH_free(dh);
#endif
+ EVP_MD_CTX_cleanup(&md_ctx);
return(-1);
}
SSL3_ST_CR_CERT_REQ_A,
SSL3_ST_CR_CERT_REQ_B,
-1,
-#if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN32)
- 1024*30, /* 30k max cert list :-) */
-#else
- 1024*100, /* 100k max cert list :-) */
-#endif
+ s->max_cert_list,
&ok);
if (!ok) return((int)n);
}
}
- d=p=(unsigned char *)s->init_buf->data;
+ d=p=(unsigned char *)s->init_msg;
if ((ca_sk=sk_X509_NAME_new(ca_dn_cmp)) == NULL)
{
/* should contain no data */
ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR);
SSLerr(SSL_F_SSL3_GET_SERVER_DONE,SSL_R_LENGTH_MISMATCH);
+ return -1;
}
ret=1;
return(ret);
{
krb5_error_code krb5rc;
KSSL_CTX *kssl_ctx = s->kssl_ctx;
- krb5_data krb5_ap_req;
+ /* krb5_data krb5_ap_req; */
+ krb5_data *enc_ticket;
+ krb5_data authenticator, *authp = NULL;
+ EVP_CIPHER_CTX ciph_ctx;
+ EVP_CIPHER *enc = NULL;
+ unsigned char iv[EVP_MAX_IV_LENGTH];
+ unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
+ unsigned char epms[SSL_MAX_MASTER_KEY_LENGTH
+ + EVP_MAX_IV_LENGTH];
+ int padl, outl = sizeof(epms);
+
+ EVP_CIPHER_CTX_init(&ciph_ctx);
#ifdef KSSL_DEBUG
printf("ssl3_send_client_key_exchange(%lx & %lx)\n",
l, SSL_kKRB5);
#endif /* KSSL_DEBUG */
- /*
- ** Tried to send random tmp_buf[] as PMS in Kerberos ticket
- ** by passing krb5_mk_req_extended(ctx,authctx,opts, tmp_buf, ...)
- ** but: I can't retrieve the PMS on the other side! There is
- ** some indication in the krb5 source that this is only used
- ** to generate a checksum. OTOH, the Tung book shows data
- ** ("GET widget01.txt") being passed in krb5_mk_req_extended()
- ** by way of krb5_sendauth(). I don't get it.
- ** Until Kerberos goes 3DES, the big PMS secret would only be
- ** encrypted in 1-DES anyway. So losing the PMS shouldn't be
- ** a big deal.
- */
- krb5rc = kssl_cget_tkt(kssl_ctx, &krb5_ap_req,
- &kssl_err);
+ authp = NULL;
+#ifdef KRB5SENDAUTH
+ if (KRB5SENDAUTH) authp = &authenticator;
+#endif /* KRB5SENDAUTH */
+
+ krb5rc = kssl_cget_tkt(kssl_ctx, &enc_ticket, authp,
+ &kssl_err);
+ enc = kssl_map_enc(kssl_ctx->enctype);
+ if (enc == NULL)
+ goto err;
#ifdef KSSL_DEBUG
{
printf("kssl_cget_tkt rtn %d\n", krb5rc);
- kssl_ctx_show(kssl_ctx);
if (krb5rc && kssl_err.text)
- printf("kssl_cget_tkt kssl_err=%s\n", kssl_err.text);
+ printf("kssl_cget_tkt kssl_err=%s\n", kssl_err.text);
}
#endif /* KSSL_DEBUG */
if (krb5rc)
{
- ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE);
- SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, kssl_err.reason);
+ ssl3_send_alert(s,SSL3_AL_FATAL,
+ SSL_AD_HANDSHAKE_FAILURE);
+ SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
+ kssl_err.reason);
goto err;
}
- /* Send ticket (copy to *p, set n = length)
- */
- n = krb5_ap_req.length;
- memcpy(p, krb5_ap_req.data, krb5_ap_req.length);
- if (krb5_ap_req.data)
- kssl_krb5_free_data_contents(NULL,&krb5_ap_req);
-
- /* 19991013 VRS - 3DES is kind of bogus here,
- ** at least until Kerberos supports 3DES. The only
- ** real secret is the 8-byte Kerberos session key;
- ** the other key material ((s->) client_random, server_random)
- ** could be sniffed. Mixing in these nonces should help
- ** protect against replay attacks, however.
+ /* 20010406 VRS - Earlier versions used KRB5 AP_REQ
+ ** in place of RFC 2712 KerberosWrapper, as in:
+ **
+ ** Send ticket (copy to *p, set n = length)
+ ** n = krb5_ap_req.length;
+ ** memcpy(p, krb5_ap_req.data, krb5_ap_req.length);
+ ** if (krb5_ap_req.data)
+ ** kssl_krb5_free_data_contents(NULL,&krb5_ap_req);
**
- ** Alternate code for Kerberos Purists:
- **
- ** memcpy(s->session->master_key, kssl_ctx->key, kssl_ctx->length);
- ** s->session->master_key_length = kssl_ctx->length;
- */
+ ** Now using real RFC 2712 KerberosWrapper
+ ** (Thanks to Simon Wilkinson <sxw@sxw.org.uk>)
+ ** Note: 2712 "opaque" types are here replaced
+ ** with a 2-byte length followed by the value.
+ ** Example:
+ ** KerberosWrapper= xx xx asn1ticket 0 0 xx xx encpms
+ ** Where "xx xx" = length bytes. Shown here with
+ ** optional authenticator omitted.
+ */
+
+ /* KerberosWrapper.Ticket */
+ s2n(enc_ticket->length,p);
+ memcpy(p, enc_ticket->data, enc_ticket->length);
+ p+= enc_ticket->length;
+ n = enc_ticket->length + 2;
+
+ /* KerberosWrapper.Authenticator */
+ if (authp && authp->length)
+ {
+ s2n(authp->length,p);
+ memcpy(p, authp->data, authp->length);
+ p+= authp->length;
+ n+= authp->length + 2;
+
+ free(authp->data);
+ authp->data = NULL;
+ authp->length = 0;
+ }
+ else
+ {
+ s2n(0,p);/* null authenticator length */
+ n+=2;
+ }
+
+ if (RAND_bytes(tmp_buf,SSL_MAX_MASTER_KEY_LENGTH) <= 0)
+ goto err;
+
+ /* 20010420 VRS. Tried it this way; failed.
+ ** EVP_EncryptInit_ex(&ciph_ctx,enc, NULL,NULL);
+ ** EVP_CIPHER_CTX_set_key_length(&ciph_ctx,
+ ** kssl_ctx->length);
+ ** EVP_EncryptInit_ex(&ciph_ctx,NULL, key,iv);
+ */
+
+ memset(iv, 0, EVP_MAX_IV_LENGTH); /* per RFC 1510 */
+ EVP_EncryptInit_ex(&ciph_ctx,enc, NULL,
+ kssl_ctx->key,iv);
+ EVP_EncryptUpdate(&ciph_ctx,epms,&outl,tmp_buf,
+ SSL_MAX_MASTER_KEY_LENGTH);
+ EVP_EncryptFinal_ex(&ciph_ctx,&(epms[outl]),&padl);
+ outl += padl;
+ EVP_CIPHER_CTX_cleanup(&ciph_ctx);
+
+ /* KerberosWrapper.EncryptedPreMasterSecret */
+ s2n(outl,p);
+ memcpy(p, epms, outl);
+ p+=outl;
+ n+=outl + 2;
+
s->session->master_key_length=
s->method->ssl3_enc->generate_master_secret(s,
- s->session->master_key, kssl_ctx->key,kssl_ctx->length);
+ s->session->master_key,
+ tmp_buf, SSL_MAX_MASTER_KEY_LENGTH);
+
+ memset(tmp_buf, 0, SSL_MAX_MASTER_KEY_LENGTH);
+ memset(epms, 0, outl);
}
#endif
#ifndef OPENSSL_NO_DH
projects / openssl.git / blobdiff