static int ssl_set_version(SSL *s);
static int ca_dn_cmp(const X509_NAME *const *a, const X509_NAME *const *b);
-#ifndef OPENSSL_NO_TLSEXT
static int ssl3_check_finished(SSL *s);
-#endif
static int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk,
unsigned char *p,
int (*put_cb) (const SSL_CIPHER *,
if (s->hit) {
s->state = SSL3_ST_CR_FINISHED_A;
-#ifndef OPENSSL_NO_TLSEXT
if (s->tlsext_ticket_expected) {
/* receive renewed session ticket */
s->state = SSL3_ST_CR_SESSION_TICKET_A;
}
-#endif
} else {
s->state = SSL3_ST_CR_CERT_A;
}
break;
case SSL3_ST_CR_CERT_A:
case SSL3_ST_CR_CERT_B:
-#ifndef OPENSSL_NO_TLSEXT
/* Noop (ret = 0) for everything but EAP-FAST. */
ret = ssl3_check_finished(s);
if (ret < 0)
s->init_num = 0;
break;
}
-#endif
+
/* Check if it is anon DH/ECDH, SRP auth */
/* or PSK */
if (!
ret = ssl3_get_server_certificate(s);
if (ret <= 0)
goto end;
-#ifndef OPENSSL_NO_TLSEXT
+
if (s->tlsext_status_expected)
s->state = SSL3_ST_CR_CERT_STATUS_A;
else
skip = 1;
s->state = SSL3_ST_CR_KEY_EXCH_A;
}
-#else
- } else
- skip = 1;
- s->state = SSL3_ST_CR_KEY_EXCH_A;
-#endif
s->init_num = 0;
break;
if (ret <= 0)
goto end;
-#if defined(OPENSSL_NO_TLSEXT) || defined(OPENSSL_NO_NEXTPROTONEG)
+#if defined(OPENSSL_NO_NEXTPROTONEG)
s->state = SSL3_ST_CW_FINISHED_A;
#else
if (s->s3->next_proto_neg_seen)
break;
-#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
+#if !defined(OPENSSL_NO_NEXTPROTONEG)
case SSL3_ST_CW_NEXT_PROTO_A:
case SSL3_ST_CW_NEXT_PROTO_B:
ret = ssl3_send_next_proto(s);
s->s3->delay_buf_pop_ret = 0;
}
} else {
-#ifndef OPENSSL_NO_TLSEXT
/*
* Allow NewSessionTicket if ticket expected
*/
if (s->tlsext_ticket_expected)
s->s3->tmp.next_state = SSL3_ST_CR_SESSION_TICKET_A;
else
-#endif
-
s->s3->tmp.next_state = SSL3_ST_CR_FINISHED_A;
}
s->init_num = 0;
break;
-#ifndef OPENSSL_NO_TLSEXT
case SSL3_ST_CR_SESSION_TICKET_A:
case SSL3_ST_CR_SESSION_TICKET_B:
ret = ssl3_get_new_session_ticket(s);
s->state = SSL3_ST_CR_KEY_EXCH_A;
s->init_num = 0;
break;
-#endif
case SSL3_ST_CR_FINISHED_A:
case SSL3_ST_CR_FINISHED_B:
goto err;
if ((sess == NULL) || (sess->ssl_version != s->version) ||
-#ifdef OPENSSL_NO_TLSEXT
- !sess->session_id_length ||
-#else
/*
* In the case of EAP-FAST, we can have a pre-shared
* "ticket" without a session ID.
*/
(!sess->session_id_length && !sess->tlsext_tick) ||
-#endif
(sess->not_resumable)) {
if (!ssl_get_new_session(s, 0))
goto err;
#endif
*(p++) = 0; /* Add the NULL method */
-#ifndef OPENSSL_NO_TLSEXT
/* TLS extensions */
if (ssl_prepare_clienthello_tlsext(s) <= 0) {
SSLerr(SSL_F_SSL3_CLIENT_HELLO, SSL_R_CLIENTHELLO_TLSEXT);
SSLerr(SSL_F_SSL3_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
goto err;
}
-#endif
l = p - d;
if (!ssl_set_handshake_header(s, SSL3_MT_CLIENT_HELLO, l)) {
{
STACK_OF(SSL_CIPHER) *sk;
const SSL_CIPHER *c;
- CERT *ct = s->cert;
unsigned char *p, *d;
int i, al = SSL_AD_INTERNAL_ERROR, ok;
unsigned int j;
* Hello verify request and/or server hello version may not match so set
* first packet if we're negotiating version.
*/
- if (SSL_IS_DTLS(s))
- s->first_packet = 1;
+ s->first_packet = 1;
n = s->method->ssl_get_message(s,
SSL3_ST_CR_SRVR_HELLO_A,
if (!ok)
return ((int)n);
+ s->first_packet = 0;
if (SSL_IS_DTLS(s)) {
- s->first_packet = 0;
if (s->s3->tmp.message_type == DTLS1_MT_HELLO_VERIFY_REQUEST) {
if (s->d1->send_cookie == 0) {
s->s3->tmp.reuse_message = 1;
SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_SSL3_SESSION_ID_TOO_LONG);
goto f_err;
}
-#ifndef OPENSSL_NO_TLSEXT
+
/*
* Check if we can resume the session based on external pre-shared secret.
* EAP-FAST (RFC 4851) supports two types of session resumption.
goto f_err;
}
}
-#endif /* OPENSSL_NO_TLSEXT */
if (j != 0 && j == s->session->session_id_length
&& memcmp(p, s->session->session_id, j) == 0) {
}
/* Set version disabled mask now we know version */
if (!SSL_USE_TLS1_2_CIPHERS(s))
- ct->mask_ssl = SSL_TLSV1_2;
+ s->s3->tmp.mask_ssl = SSL_TLSV1_2;
else
- ct->mask_ssl = 0;
+ s->s3->tmp.mask_ssl = 0;
/*
* If it is a disabled cipher we didn't send it in client hello, so
* return an error.
}
#endif
-#ifndef OPENSSL_NO_TLSEXT
/* TLS extensions */
if (!ssl_parse_serverhello_tlsext(s, &p, d, n)) {
SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_PARSE_TLSEXT);
goto err;
}
-#endif
if (p != (d + n)) {
/* wrong packet length */
}
/* Clear certificate digests and validity flags */
for (i = 0; i < SSL_PKEY_NUM; i++) {
- s->cert->pkeys[i].digest = NULL;
- s->cert->pkeys[i].valid_flags = 0;
+ s->s3->tmp.md[i] = NULL;
+ s->s3->tmp.valid_flags[i] = 0;
}
if ((llen & 1) || !tls1_save_sigalgs(s, p, llen)) {
ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
return (X509_NAME_cmp(*a, *b));
}
-#ifndef OPENSSL_NO_TLSEXT
int ssl3_get_new_session_ticket(SSL *s)
{
int ok, al, ret = 0, ticklen;
}
p = d = (unsigned char *)s->init_msg;
+
+ if (s->session->session_id_length > 0) {
+ int i = s->session_ctx->session_cache_mode;
+ SSL_SESSION *new_sess;
+ /*
+ * We reused an existing session, so we need to replace it with a new
+ * one
+ */
+ if (i & SSL_SESS_CACHE_CLIENT) {
+ /*
+ * Remove the old session from the cache
+ */
+ if (i & SSL_SESS_CACHE_NO_INTERNAL_STORE) {
+ if (s->session_ctx->remove_session_cb != NULL)
+ s->session_ctx->remove_session_cb(s->session_ctx,
+ s->session);
+ } else {
+ /* We carry on if this fails */
+ SSL_CTX_remove_session(s->session_ctx, s->session);
+ }
+ }
+
+ if ((new_sess = ssl_session_dup(s->session, 0)) == 0) {
+ al = SSL_AD_INTERNAL_ERROR;
+ SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET, ERR_R_MALLOC_FAILURE);
+ goto f_err;
+ }
+
+ SSL_SESSION_free(s->session);
+ s->session = new_sess;
+ }
+
n2l(p, s->session->tlsext_tick_lifetime_hint);
n2s(p, ticklen);
/* ticket_lifetime_hint + ticket_length + ticket */
s->state = SSL_ST_ERR;
return (-1);
}
-#endif
int ssl3_get_server_done(SSL *s)
{
#endif
/* If we haven't written everything save PMS */
if (n <= 0) {
- s->cert->pms = pms;
- s->cert->pmslen = pmslen;
+ s->s3->tmp.pms = pms;
+ s->s3->tmp.pmslen = pmslen;
} else {
/* If we don't have a PMS restore */
if (pms == NULL) {
- pms = s->cert->pms;
- pmslen = s->cert->pmslen;
+ pms = s->s3->tmp.pms;
+ pmslen = s->s3->tmp.pmslen;
}
if (pms == NULL) {
ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
session->master_key,
pms, pmslen);
OPENSSL_clear_free(pms, pmslen);
- s->cert->pms = NULL;
+ s->s3->tmp.pms = NULL;
if (s->session->master_key_length < 0) {
ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
err:
OPENSSL_clear_free(pms, pmslen);
- s->cert->pms = NULL;
+ s->s3->tmp.pms = NULL;
#ifndef OPENSSL_NO_EC
BN_CTX_free(bn_ctx);
OPENSSL_free(encodedPoint);
if (SSL_USE_SIGALGS(s)) {
long hdatalen = 0;
void *hdata;
- const EVP_MD *md = s->cert->key->digest;
+ const EVP_MD *md = s->s3->tmp.md[s->cert->key - s->cert->pkeys];
hdatalen = BIO_get_mem_data(s->s3->handshake_buffer, &hdata);
if (hdatalen <= 0 || !tls12_get_sigandhash(p, pkey, md)) {
SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, ERR_R_INTERNAL_ERROR);
if (!s->cert || !s->cert->key->x509 || !s->cert->key->privatekey)
return 0;
/* If no suitable signature algorithm can't use certificate */
- if (SSL_USE_SIGALGS(s) && !s->cert->key->digest)
+ if (SSL_USE_SIGALGS(s) && !s->s3->tmp.md[s->cert->key - s->cert->pkeys])
return 0;
/*
* If strict mode check suitability of chain before using it. This also
int i, idx;
long alg_k, alg_a;
EVP_PKEY *pkey = NULL;
+ int pkey_bits;
SESS_CERT *sc;
#ifndef OPENSSL_NO_RSA
RSA *rsa;
}
#endif
pkey = X509_get_pubkey(sc->peer_pkeys[idx].x509);
+ pkey_bits = EVP_PKEY_bits(pkey);
i = X509_certificate_type(sc->peer_pkeys[idx].x509, pkey);
EVP_PKEY_free(pkey);
# endif
#endif
- if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && !has_bits(i, EVP_PKT_EXP)) {
+ if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) &&
+ pkey_bits > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) {
#ifndef OPENSSL_NO_RSA
if (alg_k & SSL_kRSA) {
if (rsa == NULL
return (0);
}
-#ifndef OPENSSL_NO_TLSEXT
/*
* Normally, we can tell if the server is resuming the session from
* the session ID. EAP-FAST (RFC 4851), however, relies on the next server
return 0;
}
-# ifndef OPENSSL_NO_NEXTPROTONEG
+#ifndef OPENSSL_NO_NEXTPROTONEG
int ssl3_send_next_proto(SSL *s)
{
unsigned int len, padding_len;
return ssl3_do_write(s, SSL3_RT_HANDSHAKE);
}
-# endif
#endif
int ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey)