* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
#define REUSE_CIPHER_BUG
#define NETSCAPE_HANG_BUG
#include <openssl/x509.h>
#include <openssl/krb5_asn.h>
#include "ssl_locl.h"
-
#ifndef OPENSSL_NO_KRB5
#include "kssl_lcl.h"
#endif /* OPENSSL_NO_KRB5 */
+#include <openssl/md5.h>
static SSL_METHOD *ssl3_get_server_method(int ver);
static int ssl3_get_client_hello(SSL *s);
goto end;
}
- /* Ok, we now need to push on a buffering BIO so that
- * the output is sent in a way that TCP likes :-)
- */
- if (!ssl_init_wbio_buffer(s,1)) { ret= -1; goto end; }
-
s->init_num=0;
if (s->state != SSL_ST_RENEGOTIATE)
{
+ /* Ok, we now need to push on a buffering BIO so that
+ * the output is sent in a way that TCP likes :-)
+ */
+ if (!ssl_init_wbio_buffer(s,1)) { ret= -1; goto end; }
+
ssl3_init_finished_mac(s);
s->state=SSL3_ST_SR_CLNT_HELLO_A;
s->ctx->stats.sess_accept++;
}
else
{
+ /* s->state == SSL_ST_RENEGOTIATE,
+ * we will just send a HelloRequest */
s->ctx->stats.sess_accept_renegotiate++;
s->state=SSL3_ST_SW_HELLO_REQ_A;
}
&& !(l & SSL_KRB5)
#endif /* OPENSSL_NO_KRB5 */
)
+ /* option SSL_OP_EPHEMERAL_RSA sends temporary RSA key
+ * even when forbidden by protocol specs
+ * (handshake may fail as clients are not required to
+ * be able to handle this) */
s->s3->tmp.use_rsa_tmp=1;
else
s->s3->tmp.use_rsa_tmp=0;
/* remove buffering on output */
ssl_free_wbio_buffer(s);
- s->new_session=0;
+ if (s->new_session == 2)
+ s->new_session=0;
+ /* if s->new_session is still 1, we have only sent a HelloRequest */
s->init_num=0;
ssl_update_cache(s,SSL_SESS_CACHE_SERVER);
int ok;
long n;
+ /* this function is called when we really expect a Certificate message,
+ * so permit appropriate message length */
n=ssl3_get_message(s,
SSL3_ST_SR_CERT_A,
SSL3_ST_SR_CERT_B,
-1,
- SSL3_RT_MAX_PLAIN_LENGTH,
+ s->max_cert_list,
&ok);
if (!ok) return((int)n);
s->s3->tmp.reuse_message = 1;
j= *(p++);
s->hit=0;
- if (j == 0)
+ /* Versions before 0.9.7 always allow session reuse during renegotiation
+ * (i.e. when s->new_session is true), option
+ * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is new with 0.9.7.
+ * Maybe this optional behaviour should always have been the default,
+ * but we cannot safely change the default behaviour (or new applications
+ * might be written that become totally unsecure when compiled with
+ * an earlier library version)
+ */
+ if (j == 0 || (s->new_session && (s->options & SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION)))
{
if (!ssl_get_new_session(s,1))
goto err;
}
}
+ if (s->new_session)
+ /* actually not necessarily a 'new' section unless
+ * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */
+ s->new_session = 2;
+
p+=j;
n2s(p,i);
if ((i == 0) && (j != 0))
BUF_MEM *buf;
EVP_MD_CTX md_ctx;
+ EVP_MD_CTX_init(&md_ctx);
if (s->state == SSL3_ST_SW_KEY_EXCH_A)
{
type=s->s3->tmp.new_cipher->algorithms & SSL_MKEY_MASK;
SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_ERROR_GENERATING_TMP_RSA_KEY);
goto f_err;
}
- CRYPTO_add(&rsa->references,1,CRYPTO_LOCK_RSA);
+ RSA_up_ref(rsa);
cert->rsa_tmp=rsa;
}
if (rsa == NULL)
}
s->state = SSL3_ST_SW_KEY_EXCH_B;
+ EVP_MD_CTX_cleanup(&md_ctx);
return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
f_err:
ssl3_send_alert(s,SSL3_AL_FATAL,al);
err:
+ EVP_MD_CTX_cleanup(&md_ctx);
return(-1);
}
EVP_CIPHER_CTX ciph_ctx;
EVP_CIPHER *enc = NULL;
unsigned char iv[EVP_MAX_IV_LENGTH];
- unsigned char pms[SSL_MAX_MASTER_KEY_LENGTH];
+ unsigned char pms[SSL_MAX_MASTER_KEY_LENGTH
+ + EVP_MAX_IV_LENGTH + 1];
int padl, outl = sizeof(pms);
krb5_timestamp authtime = 0;
krb5_ticket_times ttimes;
enc_pms.data = p;
p+=enc_pms.length;
- if (n != enc_ticket.length + authenticator.length +
+ if ((unsigned long)n != enc_ticket.length + authenticator.length +
enc_pms.length + 6)
{
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
#endif /* KSSL_DEBUG */
enc = kssl_map_enc(kssl_ctx->enctype);
+ if (enc == NULL)
+ goto err;
+
memset(iv, 0, EVP_MAX_IV_LENGTH); /* per RFC 1510 */
- EVP_DecryptInit(&ciph_ctx,enc,kssl_ctx->key,iv);
- EVP_DecryptUpdate(&ciph_ctx, pms,&outl,
- enc_pms.data, enc_pms.length);
+ if (!EVP_DecryptInit(&ciph_ctx,enc,kssl_ctx->key,iv))
+ {
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+ SSL_R_DECRYPTION_FAILED);
+ goto err;
+ }
+ if (!EVP_DecryptUpdate(&ciph_ctx, pms,&outl,
+ enc_pms.data, enc_pms.length))
+ {
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+ SSL_R_DECRYPTION_FAILED);
+ goto err;
+ }
if (outl > SSL_MAX_MASTER_KEY_LENGTH)
{
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
SSL_R_DATA_LENGTH_TOO_LONG);
goto err;
}
- EVP_DecryptFinal(&ciph_ctx,&(pms[outl]),&padl);
+ if (!EVP_DecryptFinal(&ciph_ctx,&(pms[outl]),&padl))
+ {
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+ SSL_R_DECRYPTION_FAILED);
+ goto err;
+ }
outl += padl;
if (outl > SSL_MAX_MASTER_KEY_LENGTH)
{
s->method->ssl3_enc->generate_master_secret(s,
s->session->master_key, pms, outl);
+ if (kssl_ctx->client_princ)
+ {
+ int len = strlen(kssl_ctx->client_princ);
+ if ( len < SSL_MAX_KRB5_PRINCIPAL_LENGTH )
+ {
+ s->session->krb5_client_princ_len = len;
+ memcpy(s->session->krb5_client_princ,kssl_ctx->client_princ,len);
+ }
+ }
+
+
/* Was doing kssl_ctx_free() here,
** but it caused problems for apache.
** kssl_ctx = kssl_ctx_free(kssl_ctx);
SSL3_ST_SR_CERT_A,
SSL3_ST_SR_CERT_B,
-1,
-#if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN32)
- 1024*30, /* 30k max cert list :-) */
-#else
- 1024*100, /* 100k max cert list :-) */
-#endif
+ s->max_cert_list,
&ok);
if (!ok) return((int)n);
projects / openssl.git / blobdiff