void (*cb)()=NULL;
long num1;
int ret= -1;
- CERT *ct;
int new_state,state,skip=0;
RAND_seed(&Time,sizeof(Time));
if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
s->in_handshake++;
-#ifdef undef
- /* FIX THIS EAY EAY EAY */
- /* we don't actually need a cert, we just need a cert or a DH_tmp */
- if (((s->session == NULL) || (s->session->cert == NULL)) &&
- (s->cert == NULL))
+ if (s->cert == NULL)
{
SSLerr(SSL_F_SSL3_ACCEPT,SSL_R_NO_CERTIFICATE_SET);
- ret= -1;
- goto end;
+ return(-1);
}
-#endif
for (;;)
{
case SSL3_ST_SW_KEY_EXCH_A:
case SSL3_ST_SW_KEY_EXCH_B:
l=s->s3->tmp.new_cipher->algorithms;
- if (s->session->cert == NULL)
- {
- if (s->cert != NULL)
- {
- CRYPTO_add(&s->cert->references,1,CRYPTO_LOCK_SSL_CERT);
- s->session->cert=s->cert;
- }
- }
- ct=s->session->cert;
/* clear this, it may get reset by
* send_server_key_exchange */
if (s->s3->tmp.use_rsa_tmp
|| (l & (SSL_DH|SSL_kFZA))
|| ((l & SSL_kRSA)
- && (ct->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL
+ && (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL
|| (SSL_IS_EXPORT(l)
- && EVP_PKEY_size(ct->pkeys[SSL_PKEY_RSA_ENC].privatekey)*8 > SSL_EXPORT_PKEYLENGTH(l)
+ && EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey)*8 > SSL_EXPORT_PKEYLENGTH(l)
)
)
)
if (!ok) return((int)n);
d=p=(unsigned char *)s->init_buf->data;
- /* The version number has already been checked in ssl3_get_message.
- * I a native TLSv1/SSLv3 method, the match must be correct except
- * perhaps for the first message */
-/* s->client_version=(((int)p[0])<<8)|(int)p[1]; */
+ /* use version from inside client hello, not from record header
+ * (may differ: see RFC 2246, Appendix E, second paragraph) */
+ s->client_version=(((int)p[0])<<8)|(int)p[1];
p+=2;
/* load the client random */
{ /* previous session */
s->hit=1;
}
- else
+ else if (i == -1)
+ goto err;
+ else /* i == 0 */
{
if (!ssl_get_new_session(s,1))
goto err;
EVP_PKEY *pkey;
unsigned char *p,*d;
int al,i;
+ unsigned int u;
unsigned long type;
int n;
CERT *cert;
if (s->state == SSL3_ST_SW_KEY_EXCH_A)
{
type=s->s3->tmp.new_cipher->algorithms & SSL_MKEY_MASK;
- cert=s->session->cert;
+ cert=s->cert;
buf=s->init_buf;
q+=i;
j+=i;
}
- i=RSA_private_encrypt(j,md_buf,&(p[2]),
- pkey->pkey.rsa,RSA_PKCS1_PADDING);
- if (i <= 0)
+ if (RSA_sign(NID_md5_sha1, md_buf, j,
+ &(p[2]), &u, pkey->pkey.rsa) <= 0)
{
SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_RSA);
goto err;
}
- s2n(i,p);
- n+=i+2;
+ s2n(u,p);
+ n+=u+2;
}
else
#endif
/* FIX THIS UP EAY EAY EAY EAY */
if (s->s3->tmp.use_rsa_tmp)
{
- if ((s->session->cert != NULL) &&
- (s->session->cert->rsa_tmp != NULL))
- rsa=s->session->cert->rsa_tmp;
- else if ((s->cert != NULL) &&
- (s->cert->rsa_tmp != NULL))
+ if ((s->cert != NULL) && (s->cert->rsa_tmp != NULL))
rsa=s->cert->rsa_tmp;
/* Don't do a callback because rsa_tmp should
* be sent already */
i=RSA_private_decrypt((int)n,p,p,rsa,RSA_PKCS1_PADDING);
-#if 1
+#if 0
/* If a bad decrypt, use a random master key */
if ((i != SSL_MAX_MASTER_KEY_LENGTH) ||
((p[0] != (s->client_version>>8)) ||
goto f_err;
}
- if ((p[0] != (s->version>>8)) || (p[1] != (s->version & 0xff)))
+ if ((p[0] != (s->client_version>>8)) || (p[1] != (s->client_version & 0xff)))
{
al=SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_PROTOCOL_VERSION_NUMBER);
#ifndef NO_RSA
if (pkey->type == EVP_PKEY_RSA)
{
- i=RSA_public_decrypt(i,p,p,pkey->pkey.rsa,RSA_PKCS1_PADDING);
+ i=RSA_verify(NID_md5_sha1, s->s3->tmp.finish_md,
+ MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH, p, i,
+ pkey->pkey.rsa);
if (i < 0)
{
al=SSL_AD_DECRYPT_ERROR;
SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_BAD_RSA_DECRYPT);
goto f_err;
}
- if ((i != (MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH)) ||
- memcmp(&(s->s3->tmp.finish_md[0]),p,
- MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH))
+ if (i == 0)
{
al=SSL_AD_DECRYPT_ERROR;
SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_BAD_RSA_SIGNATURE);
}
}
- /* This should not be needed */
- if (s->session->peer != NULL)
+ if (s->session->peer != NULL) /* This should not be needed */
X509_free(s->session->peer);
s->session->peer=sk_X509_shift(sk);
+ s->session->verify_result = s->verify_result;
- s->session->cert->cert_chain=sk;
+ /* With the current implementation, sess_cert will always be NULL
+ * when we arrive here. */
+ if (s->session->sess_cert == NULL)
+ {
+ s->session->sess_cert = ssl_sess_cert_new();
+ if (s->session->sess_cert == NULL)
+ {
+ SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ }
+ if (s->session->sess_cert->cert_chain != NULL)
+ sk_X509_pop_free(s->session->sess_cert->cert_chain, X509_free);
+ s->session->sess_cert->cert_chain=sk;
sk=NULL;
projects / openssl.git / blobdiff