projects / openssl.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Use separate arrays for certificate verify and for finished hashes.
[openssl.git] / ssl / s3_srvr.c
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index 961a2ca10c241eb2af138d49df4309dfa86d9e3b..9e08b75ee313cebeef7d3c323589ba138c69ec21 100644 (file)
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -70,6 +70,7 @@
 
 static SSL_METHOD *ssl3_get_server_method(int ver);
 static int ssl3_get_client_hello(SSL *s);
+static int ssl3_check_client_hello(SSL *s);
 static int ssl3_send_server_hello(SSL *s);
 static int ssl3_send_server_key_exchange(SSL *s);
 static int ssl3_send_certificate_request(SSL *s);
@@ -141,6 +142,7 @@ int ssl3_accept(SSL *s)
                        s->new_session=1;
                        /* s->state=SSL_ST_ACCEPT; */
 
+               case SSL3_ST_SR_MS_SGC:
                case SSL_ST_BEFORE:
                case SSL_ST_ACCEPT:
                case SSL_ST_BEFORE|SSL_ST_ACCEPT:
@@ -184,8 +186,8 @@ int ssl3_accept(SSL *s)
 
                        if (s->state != SSL_ST_RENEGOTIATE)
                                {
+                               if(s->state != SSL3_ST_SR_MS_SGC) ssl3_init_finished_mac(s);
                                s->state=SSL3_ST_SR_CLNT_HELLO_A;
-                               ssl3_init_finished_mac(s);
                                s->ctx->stats.sess_accept++;
                                }
                        else
@@ -287,9 +289,19 @@ int ssl3_accept(SSL *s)
 
                case SSL3_ST_SW_CERT_REQ_A:
                case SSL3_ST_SW_CERT_REQ_B:
-                       if (!(s->verify_mode & SSL_VERIFY_PEER) ||
+                       if (/* don't request cert unless asked for it: */
+                               !(s->verify_mode & SSL_VERIFY_PEER) ||
+                               /* if SSL_VERIFY_CLIENT_ONCE is set,
+                                * don't request cert during re-negotiation: */
                                ((s->session->peer != NULL) &&
-                                (s->verify_mode & SSL_VERIFY_CLIENT_ONCE)))
+                                (s->verify_mode & SSL_VERIFY_CLIENT_ONCE)) ||
+                               /* never request cert in anonymous ciphersuites
+                                * (see section "Certificate request" in SSL 3 drafts
+                                * and in RFC 2246): */
+                               ((s->s3->tmp.new_cipher->algorithms & SSL_aNULL) &&
+                                /* ... except when the application insists on verification
+                                 * (against the specs, but s3_clnt.c accepts this for SSL 3) */
+                                !(s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)))
                                {
                                /* no cert request */
                                skip=1;
@@ -331,12 +343,18 @@ int ssl3_accept(SSL *s)
 
                case SSL3_ST_SR_CERT_A:
                case SSL3_ST_SR_CERT_B:
-                       /* could be sent for a DH cert, even if we
-                        * have not asked for it :-) */
-                       ret=ssl3_get_client_certificate(s);
-                       if (ret <= 0) goto end;
-                       s->init_num=0;
-                       s->state=SSL3_ST_SR_KEY_EXCH_A;
+                       /* Check for second client hello if MS SGC */
+                       ret = ssl3_check_client_hello(s);
+                       if(ret <= 0) goto end;
+                       if(ret == 2) s->state = SSL3_ST_SR_MS_SGC;
+                       else {
+                               /* could be sent for a DH cert, even if we
+                                * have not asked for it :-) */
+                               ret=ssl3_get_client_certificate(s);
+                               if (ret <= 0) goto end;
+                               s->init_num=0;
+                               s->state=SSL3_ST_SR_KEY_EXCH_A;
+                       }
                        break;
 
                case SSL3_ST_SR_KEY_EXCH_A:
@@ -350,10 +368,10 @@ int ssl3_accept(SSL *s)
                         * a client cert, it can be verified */ 
                        s->method->ssl3_enc->cert_verify_mac(s,
                                &(s->s3->finish_dgst1),
-                               &(s->s3->tmp.finish_md[0]));
+                               &(s->s3->tmp.cert_verify_md[0]));
                        s->method->ssl3_enc->cert_verify_mac(s,
                                &(s->s3->finish_dgst2),
-                               &(s->s3->tmp.finish_md[MD5_DIGEST_LENGTH]));
+                               &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]));
 
                        break;
 
@@ -407,8 +425,8 @@ int ssl3_accept(SSL *s)
                case SSL3_ST_SW_FINISHED_B:
                        ret=ssl3_send_finished(s,
                                SSL3_ST_SW_FINISHED_A,SSL3_ST_SW_FINISHED_B,
-                               s->method->ssl3_enc->server_finished,
-                               s->method->ssl3_enc->server_finished_len);
+                               s->method->ssl3_enc->server_finished_label,
+                               s->method->ssl3_enc->server_finished_label_len);
                        if (ret <= 0) goto end;
                        s->state=SSL3_ST_SW_FLUSH;
                        if (s->hit)
@@ -500,6 +518,23 @@ static int ssl3_send_hello_request(SSL *s)
        return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
        }
 
+static int ssl3_check_client_hello(SSL *s)
+       {
+       int ok;
+       long n;
+
+       n=ssl3_get_message(s,
+               SSL3_ST_SR_CERT_A,
+               SSL3_ST_SR_CERT_B,
+               -1,
+               SSL3_RT_MAX_PLAIN_LENGTH,
+               &ok);
+       if (!ok) return((int)n);
+       s->s3->tmp.reuse_message = 1;
+       if(s->s3->tmp.message_type == SSL3_MT_CLIENT_HELLO) return 2;
+       return 1;
+}
+
 static int ssl3_get_client_hello(SSL *s)
        {
        int i,j,ok,al,ret= -1;
@@ -1449,7 +1484,7 @@ static int ssl3_get_cert_verify(SSL *s)
 #ifndef NO_RSA 
        if (pkey->type == EVP_PKEY_RSA)
                {
-               i=RSA_verify(NID_md5_sha1, s->s3->tmp.finish_md,
+               i=RSA_verify(NID_md5_sha1, s->s3->tmp.cert_verify_md,
                        MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH, p, i, 
                                                        pkey->pkey.rsa);
                if (i < 0)
@@ -1471,7 +1506,7 @@ static int ssl3_get_cert_verify(SSL *s)
                if (pkey->type == EVP_PKEY_DSA)
                {
                j=DSA_verify(pkey->save_type,
-                       &(s->s3->tmp.finish_md[MD5_DIGEST_LENGTH]),
+                       &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]),
                        SHA_DIGEST_LENGTH,p,i,pkey->pkey.dsa);
                if (j <= 0)
                        {
@@ -1531,7 +1566,7 @@ static int ssl3_get_client_certificate(SSL *s)
                        al=SSL_AD_HANDSHAKE_FAILURE;
                        goto f_err;
                        }
-               /* If tls asked for a client cert we must return a 0 list */
+               /* If tls asked for a client cert, the client must return a 0 list */
                if ((s->version > SSL3_VERSION) && s->s3->tmp.cert_request)
                        {
                        SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST);
@@ -1627,6 +1662,7 @@ static int ssl3_get_client_certificate(SSL *s)
        if (s->session->peer != NULL) /* This should not be needed */
                X509_free(s->session->peer);
        s->session->peer=sk_X509_shift(sk);
+       s->session->verify_result = s->verify_result;
 
        /* With the current implementation, sess_cert will always be NULL
         * when we arrive here. */
Unnamed repository; edit this file 'description' to name the repository.