X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=ssl%2Fs3_clnt.c;h=bd9ce5db55a3d8a310736e679d1d48fc3987638c;hp=363118835cfc705226dfe1073bcde703d2bbe011;hb=7b63c0fa8c309bed7848b5ca5810ae9e2f2fb3c1;hpb=a8236c8c322101c273d14c62282f264555e147c4 diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 363118835c..bd9ce5db55 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -55,30 +55,74 @@ * copied and put under another distribution licence * [including the GNU Public Licence.] */ +/* ==================================================================== + * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ #include -#include "buffer.h" -#include "rand.h" -#include "objects.h" -#include "evp.h" #include "ssl_locl.h" +#include "kssl_lcl.h" +#include +#include +#include +#include +#include -#define BREAK break -/* SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,ERR_R_MALLOC_FAILURE); - * SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,ERR_R_MALLOC_FAILURE); - * SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,ERR_R_MALLOC_FAILURE); - * SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE); - * SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,ERR_R_MALLOC_FAILURE); - * SSLerr(SSL_F_SSL3_GET_SERVER_DONE,ERR_R_MALLOC_FAILURE); -SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_SSL3_SESSION_ID_TOO_SHORT); - */ - -#ifndef NOPROTO static SSL_METHOD *ssl3_get_client_method(int ver); static int ssl3_client_hello(SSL *s); static int ssl3_get_server_hello(SSL *s); static int ssl3_get_certificate_request(SSL *s); -static int ca_dn_cmp(X509_NAME **a,X509_NAME **b); +static int ca_dn_cmp(const X509_NAME * const *a,const X509_NAME * const *b); static int ssl3_get_server_done(SSL *s); static int ssl3_send_client_verify(SSL *s); static int ssl3_send_client_certificate(SSL *s); @@ -86,23 +130,7 @@ static int ssl3_send_client_key_exchange(SSL *s); static int ssl3_get_key_exchange(SSL *s); static int ssl3_get_server_certificate(SSL *s); static int ssl3_check_cert_and_algorithm(SSL *s); -#else -static SSL_METHOD *ssl3_get_client_method(); -static int ssl3_client_hello(); -static int ssl3_get_server_hello(); -static int ssl3_get_certificate_request(); -static int ca_dn_cmp(); -static int ssl3_get_server_done(); -static int ssl3_send_client_verify(); -static int ssl3_send_client_certificate(); -static int ssl3_send_client_key_exchange(); -static int ssl3_get_key_exchange(); -static int ssl3_get_server_certificate(); -static int ssl3_check_cert_and_algorithm(); -#endif - -static SSL_METHOD *ssl3_get_client_method(ver) -int ver; +static SSL_METHOD *ssl3_get_client_method(int ver) { if (ver == SSL3_VERSION) return(SSLv3_client_method()); @@ -110,7 +138,7 @@ int ver; return(NULL); } -SSL_METHOD *SSLv3_client_method() +SSL_METHOD *SSLv3_client_method(void) { static int init=1; static SSL_METHOD SSLv3_client_data; @@ -126,18 +154,16 @@ SSL_METHOD *SSLv3_client_method() return(&SSLv3_client_data); } -int ssl3_connect(s) -SSL *s; +int ssl3_connect(SSL *s) { BUF_MEM *buf; unsigned long Time=time(NULL),l; long num1; - void (*cb)()=NULL; + void (*cb)(const SSL *ssl,int type,int val)=NULL; int ret= -1; - BIO *under; int new_state,state,skip=0;; - RAND_seed(&Time,sizeof(Time)); + RAND_add(&Time,sizeof(Time),0); ERR_clear_error(); clear_sys_error(); @@ -146,8 +172,8 @@ SSL *s; else if (s->ctx->info_callback != NULL) cb=s->ctx->info_callback; - if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); s->in_handshake++; + if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); for (;;) { @@ -158,17 +184,23 @@ SSL *s; case SSL_ST_RENEGOTIATE: s->new_session=1; s->state=SSL_ST_CONNECT; - s->ctx->sess_connect_renegotiate++; + s->ctx->stats.sess_connect_renegotiate++; /* break */ case SSL_ST_BEFORE: case SSL_ST_CONNECT: case SSL_ST_BEFORE|SSL_ST_CONNECT: case SSL_ST_OK|SSL_ST_CONNECT: + s->server=0; if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1); if ((s->version & 0xff00 ) != 0x0300) - abort(); + { + SSLerr(SSL_F_SSL3_CONNECT, ERR_R_INTERNAL_ERROR); + ret = -1; + goto end; + } + /* s->version=SSL3_VERSION; */ s->type=SSL_ST_CONNECT; @@ -197,7 +229,7 @@ SSL *s; ssl3_init_finished_mac(s); s->state=SSL3_ST_CW_CLNT_HELLO_A; - s->ctx->sess_connect++; + s->ctx->stats.sess_connect++; s->init_num=0; break; @@ -280,6 +312,7 @@ SSL *s; case SSL3_ST_CW_CERT_A: case SSL3_ST_CW_CERT_B: case SSL3_ST_CW_CERT_C: + case SSL3_ST_CW_CERT_D: ret=ssl3_send_client_certificate(s); if (ret <= 0) goto end; s->state=SSL3_ST_CW_KEY_EXCH_A; @@ -326,6 +359,11 @@ SSL *s; s->init_num=0; s->session->cipher=s->s3->tmp.new_cipher; + if (s->s3->tmp.new_compression == NULL) + s->session->compress_meth=0; + else + s->session->compress_meth= + s->s3->tmp.new_compression->id; if (!s->method->ssl3_enc->setup_key_block(s)) { ret= -1; @@ -345,8 +383,8 @@ SSL *s; case SSL3_ST_CW_FINISHED_B: ret=ssl3_send_finished(s, SSL3_ST_CW_FINISHED_A,SSL3_ST_CW_FINISHED_B, - s->method->ssl3_enc->client_finished, - s->method->ssl3_enc->client_finished_len); + s->method->ssl3_enc->client_finished_label, + s->method->ssl3_enc->client_finished_label_len); if (ret <= 0) goto end; s->state=SSL3_ST_CW_FLUSH; @@ -401,33 +439,28 @@ SSL *s; /* clean a few things up */ ssl3_cleanup_key_block(s); - BUF_MEM_free(s->init_buf); - s->init_buf=NULL; - - if (!(s->s3->flags & SSL3_FLAGS_POP_BUFFER)) + if (s->init_buf != NULL) { - /* remove buffering */ - under=BIO_pop(s->wbio); - if (under != NULL) - s->wbio=under; - else - abort(); /* ok */ - - BIO_free(s->bbio); - s->bbio=NULL; + BUF_MEM_free(s->init_buf); + s->init_buf=NULL; } - /* else do it later */ + + /* If we are not 'joining' the last two packets, + * remove the buffering now */ + if (!(s->s3->flags & SSL3_FLAGS_POP_BUFFER)) + ssl_free_wbio_buffer(s); + /* else do it later in ssl3_write */ s->init_num=0; s->new_session=0; ssl_update_cache(s,SSL_SESS_CACHE_CLIENT); - if (s->hit) s->ctx->sess_hit++; + if (s->hit) s->ctx->stats.sess_hit++; ret=1; /* s->server=0; */ s->handshake_func=ssl3_connect; - s->ctx->sess_connect_good++; + s->ctx->stats.sess_connect_good++; if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1); @@ -461,20 +494,20 @@ SSL *s; skip=0; } end: + s->in_handshake--; if (cb != NULL) cb(s,SSL_CB_CONNECT_EXIT,ret); - s->in_handshake--; return(ret); } -static int ssl3_client_hello(s) -SSL *s; +static int ssl3_client_hello(SSL *s) { unsigned char *buf; unsigned char *p,*d; - int i; + int i,j; unsigned long Time,l; + SSL_COMP *comp; buf=(unsigned char *)s->init_buf->data; if (s->state == SSL3_ST_CW_CLNT_HELLO_A) @@ -491,13 +524,14 @@ SSL *s; p=s->s3->client_random; Time=time(NULL); /* Time */ l2n(Time,p); - RAND_bytes(p,SSL3_RANDOM_SIZE-sizeof(Time)); + RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-sizeof(Time)); /* Do the message type and length last */ d=p= &(buf[4]); *(p++)=s->version>>8; *(p++)=s->version&0xff; + s->client_version=s->version; /* Random stuff */ memcpy(p,s->s3->client_random,SSL3_RANDOM_SIZE); @@ -525,10 +559,18 @@ SSL *s; s2n(i,p); p+=i; - /* hardwire in the NULL compression algorithm. */ /* COMPRESSION */ - *(p++)=1; - *(p++)=0; + if (s->ctx->comp_methods == NULL) + j=0; + else + j=sk_SSL_COMP_num(s->ctx->comp_methods); + *(p++)=1+j; + for (i=0; ictx->comp_methods,i); + *(p++)=comp->id; + } + *(p++)=0; /* Add the NULL method */ l=(p-d); d=buf; @@ -547,15 +589,15 @@ err: return(-1); } -static int ssl3_get_server_hello(s) -SSL *s; +static int ssl3_get_server_hello(SSL *s) { - STACK *sk; + STACK_OF(SSL_CIPHER) *sk; SSL_CIPHER *c; unsigned char *p,*d; int i,al,ok; unsigned int j; long n; + SSL_COMP *comp; n=ssl3_get_message(s, SSL3_ST_CR_SRVR_HELLO_A, @@ -565,7 +607,7 @@ SSL *s; &ok); if (!ok) return((int)n); - d=p=(unsigned char *)s->init_buf->data; + d=p=(unsigned char *)s->init_msg; if ((p[0] != (s->version>>8)) || (p[1] != (s->version&0xff))) { @@ -594,9 +636,18 @@ SSL *s; goto f_err; } } - if ((j != 0) && (j == s->session->session_id_length) && - (memcmp(p,s->session->session_id,j) == 0)) - s->hit=1; + if (j != 0 && j == s->session->session_id_length + && memcmp(p,s->session->session_id,j) == 0) + { + if(s->sid_ctx_length != s->session->sid_ctx_length + || memcmp(s->session->sid_ctx,s->sid_ctx,s->sid_ctx_length)) + { + al=SSL_AD_ILLEGAL_PARAMETER; + SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT); + goto f_err; + } + s->hit=1; + } else /* a miss or crap from the other end */ { /* If we were trying for session-id reuse, make a new @@ -625,7 +676,7 @@ SSL *s; p+=ssl_put_cipher_by_char(s,NULL,NULL); sk=ssl_get_ciphers_by_id(s); - i=sk_find(sk,(char *)c); + i=sk_SSL_CIPHER_find(sk,c); if (i < 0) { /* we did not say we would use this cipher */ @@ -649,12 +700,21 @@ SSL *s; /* lets get the compression algorithm */ /* COMPRESSION */ j= *(p++); - if (j != 0) + if (j == 0) + comp=NULL; + else + comp=ssl3_comp_find(s->ctx->comp_methods,j); + + if ((j != 0) && (comp == NULL)) { al=SSL_AD_ILLEGAL_PARAMETER; SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM); goto f_err; } + else + { + s->s3->tmp.new_compression=comp; + } if (p != (d+n)) { @@ -671,26 +731,22 @@ err: return(-1); } -static int ssl3_get_server_certificate(s) -SSL *s; +static int ssl3_get_server_certificate(SSL *s) { int al,i,ok,ret= -1; unsigned long n,nc,llen,l; X509 *x=NULL; unsigned char *p,*d,*q; - STACK *sk=NULL; - CERT *c; + STACK_OF(X509) *sk=NULL; + SESS_CERT *sc; EVP_PKEY *pkey=NULL; + int need_cert = 1; /* VRS: 0=> will allow null cert if auth == KRB5 */ n=ssl3_get_message(s, SSL3_ST_CR_CERT_A, SSL3_ST_CR_CERT_B, -1, -#if defined(MSDOS) && !defined(WIN32) - 1024*30, /* 30k max cert list :-) */ -#else - 1024*100, /* 100k max cert list :-) */ -#endif + s->max_cert_list, &ok); if (!ok) return((int)n); @@ -707,9 +763,9 @@ SSL *s; SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_BAD_MESSAGE_TYPE); goto f_err; } - d=p=(unsigned char *)s->init_buf->data; + d=p=(unsigned char *)s->init_msg; - if ((sk=sk_new_null()) == NULL) + if ((sk=sk_X509_new_null()) == NULL) { SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,ERR_R_MALLOC_FAILURE); goto err; @@ -746,7 +802,7 @@ SSL *s; SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_CERT_LENGTH_MISMATCH); goto f_err; } - if (!sk_push(sk,(char *)x)) + if (!sk_X509_push(sk,x)) { SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,ERR_R_MALLOC_FAILURE); goto err; @@ -757,53 +813,91 @@ SSL *s; } i=ssl_verify_cert_chain(s,sk); - if ((s->verify_mode != SSL_VERIFY_NONE) && (!i)) + if ((s->verify_mode != SSL_VERIFY_NONE) && (!i) +#ifndef OPENSSL_NO_KRB5 + && (s->s3->tmp.new_cipher->algorithms & (SSL_MKEY_MASK|SSL_AUTH_MASK)) + != (SSL_aKRB5|SSL_kKRB5) +#endif /* OPENSSL_NO_KRB5 */ + ) { al=ssl_verify_alarm_type(s->verify_result); SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_CERTIFICATE_VERIFY_FAILED); goto f_err; } + ERR_clear_error(); /* but we keep s->verify_result */ - c=ssl_cert_new(); - if (c == NULL) goto err; + sc=ssl_sess_cert_new(); + if (sc == NULL) goto err; - if (s->session->cert) ssl_cert_free(s->session->cert); - s->session->cert=c; + if (s->session->sess_cert) ssl_sess_cert_free(s->session->sess_cert); + s->session->sess_cert=sc; - c->cert_chain=sk; - x=(X509 *)sk_value(sk,0); + sc->cert_chain=sk; + /* Inconsistency alert: cert_chain does include the peer's + * certificate, which we don't include in s3_srvr.c */ + x=sk_X509_value(sk,0); sk=NULL; + /* VRS 19990621: possible memory leak; sk=null ==> !sk_pop_free() @end*/ pkey=X509_get_pubkey(x); - if ((pkey == NULL) || EVP_PKEY_missing_parameters(pkey)) + /* VRS: allow null cert if auth == KRB5 */ + need_cert = ((s->s3->tmp.new_cipher->algorithms + & (SSL_MKEY_MASK|SSL_AUTH_MASK)) + == (SSL_aKRB5|SSL_kKRB5))? 0: 1; + +#ifdef KSSL_DEBUG + printf("pkey,x = %p, %p\n", pkey,x); + printf("ssl_cert_type(x,pkey) = %d\n", ssl_cert_type(x,pkey)); + printf("cipher, alg, nc = %s, %lx, %d\n", s->s3->tmp.new_cipher->name, + s->s3->tmp.new_cipher->algorithms, need_cert); +#endif /* KSSL_DEBUG */ + + if (need_cert && ((pkey == NULL) || EVP_PKEY_missing_parameters(pkey))) { x=NULL; al=SSL3_AL_FATAL; - SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS); + SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, + SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS); goto f_err; } i=ssl_cert_type(x,pkey); - if (i < 0) + if (need_cert && i < 0) { x=NULL; al=SSL3_AL_FATAL; - SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_UNKNOWN_CERTIFICATE_TYPE); + SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, + SSL_R_UNKNOWN_CERTIFICATE_TYPE); goto f_err; } - c->cert_type=i; - CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509); - if (c->pkeys[i].x509 != NULL) - X509_free(c->pkeys[i].x509); - c->pkeys[i].x509=x; - c->key= &(c->pkeys[i]); - - if ((s->session != NULL) && (s->session->peer != NULL)) - X509_free(s->session->peer); - CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509); - s->session->peer=x; + if (need_cert) + { + sc->peer_cert_type=i; + CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509); + /* Why would the following ever happen? + * We just created sc a couple of lines ago. */ + if (sc->peer_pkeys[i].x509 != NULL) + X509_free(sc->peer_pkeys[i].x509); + sc->peer_pkeys[i].x509=x; + sc->peer_key= &(sc->peer_pkeys[i]); + + if (s->session->peer != NULL) + X509_free(s->session->peer); + CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509); + s->session->peer=x; + } + else + { + sc->peer_cert_type=i; + sc->peer_key= NULL; + + if (s->session->peer != NULL) + X509_free(s->session->peer); + s->session->peer=NULL; + } + s->session->verify_result = s->verify_result; x=NULL; ret=1; @@ -816,14 +910,13 @@ f_err: err: EVP_PKEY_free(pkey); X509_free(x); - sk_pop_free(sk,X509_free); + sk_X509_pop_free(sk,X509_free); return(ret); } -static int ssl3_get_key_exchange(s) -SSL *s; +static int ssl3_get_key_exchange(SSL *s) { -#ifndef NO_RSA +#ifndef OPENSSL_NO_RSA unsigned char *q,md_buf[EVP_MAX_MD_SIZE*2]; #endif EVP_MD_CTX md_ctx; @@ -831,16 +924,20 @@ SSL *s; int al,i,j,param_len,ok; long n,alg; EVP_PKEY *pkey=NULL; +#ifndef OPENSSL_NO_RSA RSA *rsa=NULL; -#ifndef NO_DH +#endif +#ifndef OPENSSL_NO_DH DH *dh=NULL; #endif + /* use same message size as in ssl3_get_certificate_request() + * as ServerKeyExchange message may be skipped */ n=ssl3_get_message(s, SSL3_ST_CR_KEY_EXCH_A, SSL3_ST_CR_KEY_EXCH_B, -1, - 1024*8, /* ?? */ + s->max_cert_list, &ok); if (!ok) return((int)n); @@ -851,34 +948,35 @@ SSL *s; return(1); } - param=p=(unsigned char *)s->init_buf->data; + param=p=(unsigned char *)s->init_msg; - if (s->session->cert != NULL) + if (s->session->sess_cert != NULL) { -#ifndef NO_RSA - if (s->session->cert->rsa_tmp != NULL) +#ifndef OPENSSL_NO_RSA + if (s->session->sess_cert->peer_rsa_tmp != NULL) { - RSA_free(s->session->cert->rsa_tmp); - s->session->cert->rsa_tmp=NULL; + RSA_free(s->session->sess_cert->peer_rsa_tmp); + s->session->sess_cert->peer_rsa_tmp=NULL; } #endif -#ifndef NO_DH - if (s->session->cert->dh_tmp) +#ifndef OPENSSL_NO_DH + if (s->session->sess_cert->peer_dh_tmp) { - DH_free(s->session->cert->dh_tmp); - s->session->cert->dh_tmp=NULL; + DH_free(s->session->sess_cert->peer_dh_tmp); + s->session->sess_cert->peer_dh_tmp=NULL; } #endif } else { - s->session->cert=ssl_cert_new(); + s->session->sess_cert=ssl_sess_cert_new(); } param_len=0; alg=s->s3->tmp.new_cipher->algorithms; + EVP_MD_CTX_init(&md_ctx); -#ifndef NO_RSA +#ifndef OPENSSL_NO_RSA if (alg & SSL_kRSA) { if ((rsa=RSA_new()) == NULL) @@ -917,21 +1015,23 @@ SSL *s; p+=i; n-=param_len; -/* s->session->cert->rsa_tmp=rsa;*/ /* this should be because we are using an export cipher */ if (alg & SSL_aRSA) - pkey=X509_get_pubkey(s->session->cert->pkeys[SSL_PKEY_RSA_ENC].x509); + pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509); else { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_INTERNAL_ERROR); + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR); goto err; } - s->session->cert->rsa_tmp=rsa; + s->session->sess_cert->peer_rsa_tmp=rsa; + rsa=NULL; } - else +#else /* OPENSSL_NO_RSA */ + if (0) + ; #endif -#ifndef NO_DH - if (alg & SSL_kEDH) +#ifndef OPENSSL_NO_DH + else if (alg & SSL_kEDH) { if ((dh=DH_new()) == NULL) { @@ -984,18 +1084,21 @@ SSL *s; p+=i; n-=param_len; -#ifndef NO_RSA +#ifndef OPENSSL_NO_RSA if (alg & SSL_aRSA) - pkey=X509_get_pubkey(s->session->cert->pkeys[SSL_PKEY_RSA_ENC].x509); - else + pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509); +#else + if (0) + ; #endif -#ifndef NO_DSA - if (alg & SSL_aDSS) - pkey=X509_get_pubkey(s->session->cert->pkeys[SSL_PKEY_DSA_SIGN].x509); +#ifndef OPENSSL_NO_DSA + else if (alg & SSL_aDSS) + pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_DSA_SIGN].x509); #endif /* else anonymous DH, so no certificate or pkey. */ - s->session->cert->dh_tmp=dh; + s->session->sess_cert->peer_dh_tmp=dh; + dh=NULL; } else if ((alg & SSL_kDHr) || (alg & SSL_kDHd)) { @@ -1003,7 +1106,7 @@ SSL *s; SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER); goto f_err; } -#endif +#endif /* !OPENSSL_NO_DH */ if (alg & SSL_aFZA) { al=SSL_AD_HANDSHAKE_FAILURE; @@ -1030,7 +1133,7 @@ SSL *s; goto f_err; } -#ifndef NO_RSA +#ifndef OPENSSL_NO_RSA if (pkey->type == EVP_PKEY_RSA) { int num; @@ -1039,24 +1142,24 @@ SSL *s; q=md_buf; for (num=2; num > 0; num--) { - EVP_DigestInit(&md_ctx,(num == 2) - ?s->ctx->md5:s->ctx->sha1); + EVP_DigestInit_ex(&md_ctx,(num == 2) + ?s->ctx->md5:s->ctx->sha1, NULL); EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); EVP_DigestUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE); EVP_DigestUpdate(&md_ctx,param,param_len); - EVP_DigestFinal(&md_ctx,q,(unsigned int *)&i); + EVP_DigestFinal_ex(&md_ctx,q,(unsigned int *)&i); q+=i; j+=i; } - i=RSA_public_decrypt((int)n,p,p,pkey->pkey.rsa, - RSA_PKCS1_PADDING); - if (i <= 0) + i=RSA_verify(NID_md5_sha1, md_buf, j, p, n, + pkey->pkey.rsa); + if (i < 0) { al=SSL_AD_DECRYPT_ERROR; SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_RSA_DECRYPT); goto f_err; } - if ((j != i) || (memcmp(p,md_buf,i) != 0)) + if (i == 0) { /* bad signature */ al=SSL_AD_DECRYPT_ERROR; @@ -1066,11 +1169,11 @@ SSL *s; } else #endif -#ifndef NO_DSA +#ifndef OPENSSL_NO_DSA if (pkey->type == EVP_PKEY_DSA) { /* lets do DSS */ - EVP_VerifyInit(&md_ctx,EVP_dss1()); + EVP_VerifyInit_ex(&md_ctx,EVP_dss1(), NULL); EVP_VerifyUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); EVP_VerifyUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE); EVP_VerifyUpdate(&md_ctx,param,param_len); @@ -1085,7 +1188,7 @@ SSL *s; else #endif { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_INTERNAL_ERROR); + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR); goto err; } } @@ -1094,7 +1197,7 @@ SSL *s; /* still data left over */ if (!(alg & SSL_aNULL)) { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_INTERNAL_ERROR); + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR); goto err; } if (n != 0) @@ -1105,33 +1208,38 @@ SSL *s; } } EVP_PKEY_free(pkey); + EVP_MD_CTX_cleanup(&md_ctx); return(1); f_err: ssl3_send_alert(s,SSL3_AL_FATAL,al); err: EVP_PKEY_free(pkey); +#ifndef OPENSSL_NO_RSA + if (rsa != NULL) + RSA_free(rsa); +#endif +#ifndef OPENSSL_NO_DH + if (dh != NULL) + DH_free(dh); +#endif + EVP_MD_CTX_cleanup(&md_ctx); return(-1); } -static int ssl3_get_certificate_request(s) -SSL *s; +static int ssl3_get_certificate_request(SSL *s) { int ok,ret=0; unsigned long n,nc,l; unsigned int llen,ctype_num,i; X509_NAME *xn=NULL; unsigned char *p,*d,*q; - STACK *ca_sk=NULL; + STACK_OF(X509_NAME) *ca_sk=NULL; n=ssl3_get_message(s, SSL3_ST_CR_CERT_REQ_A, SSL3_ST_CR_CERT_REQ_B, -1, -#if defined(MSDOS) && !defined(WIN32) - 1024*30, /* 30k max cert list :-) */ -#else - 1024*100, /* 100k max cert list :-) */ -#endif + s->max_cert_list, &ok); if (!ok) return((int)n); @@ -1163,9 +1271,9 @@ SSL *s; } } - d=p=(unsigned char *)s->init_buf->data; + d=p=(unsigned char *)s->init_msg; - if ((ca_sk=sk_new(ca_dn_cmp)) == NULL) + if ((ca_sk=sk_X509_NAME_new(ca_dn_cmp)) == NULL) { SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,ERR_R_MALLOC_FAILURE); goto err; @@ -1213,7 +1321,7 @@ fclose(out); if ((xn=d2i_X509_NAME(NULL,&q,l)) == NULL) { - /* If netscape tollerance is on, ignore errors */ + /* If netscape tolerance is on, ignore errors */ if (s->options & SSL_OP_NETSCAPE_CA_DN_BUG) goto cont; else @@ -1230,7 +1338,7 @@ fclose(out); SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_CA_DN_LENGTH_MISMATCH); goto err; } - if (!sk_push(ca_sk,(char *)xn)) + if (!sk_X509_NAME_push(ca_sk,xn)) { SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,ERR_R_MALLOC_FAILURE); goto err; @@ -1246,28 +1354,26 @@ cont: ERR_clear_error(); } - /* we should setup a certficate to return.... */ + /* we should setup a certificate to return.... */ s->s3->tmp.cert_req=1; s->s3->tmp.ctype_num=ctype_num; if (s->s3->tmp.ca_names != NULL) - sk_pop_free(s->s3->tmp.ca_names,X509_NAME_free); + sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free); s->s3->tmp.ca_names=ca_sk; ca_sk=NULL; ret=1; err: - if (ca_sk != NULL) sk_pop_free(ca_sk,X509_NAME_free); + if (ca_sk != NULL) sk_X509_NAME_pop_free(ca_sk,X509_NAME_free); return(ret); } -static int ca_dn_cmp(a,b) -X509_NAME **a,**b; +static int ca_dn_cmp(const X509_NAME * const *a, const X509_NAME * const *b) { return(X509_NAME_cmp(*a,*b)); } -static int ssl3_get_server_done(s) -SSL *s; +static int ssl3_get_server_done(SSL *s) { int ok,ret=0; long n; @@ -1285,18 +1391,24 @@ SSL *s; /* should contain no data */ ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR); SSLerr(SSL_F_SSL3_GET_SERVER_DONE,SSL_R_LENGTH_MISMATCH); + return -1; } ret=1; return(ret); } -static int ssl3_send_client_key_exchange(s) -SSL *s; +static int ssl3_send_client_key_exchange(SSL *s) { - unsigned char *p,*q,*d; + unsigned char *p,*d; int n; unsigned long l; +#ifndef OPENSSL_NO_RSA + unsigned char *q; EVP_PKEY *pkey=NULL; +#endif +#ifndef OPENSSL_NO_KRB5 + KSSL_ERR kssl_err; +#endif /* OPENSSL_NO_KRB5 */ if (s->state == SSL3_ST_CW_KEY_EXCH_A) { @@ -1305,30 +1417,34 @@ SSL *s; l=s->s3->tmp.new_cipher->algorithms; -#ifndef NO_RSA - if (l & SSL_kRSA) + /* Fool emacs indentation */ + if (0) {} +#ifndef OPENSSL_NO_RSA + else if (l & SSL_kRSA) { RSA *rsa; unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH]; - if (s->session->cert->rsa_tmp != NULL) - rsa=s->session->cert->rsa_tmp; + if (s->session->sess_cert->peer_rsa_tmp != NULL) + rsa=s->session->sess_cert->peer_rsa_tmp; else { - pkey=X509_get_pubkey(s->session->cert->pkeys[SSL_PKEY_RSA_ENC].x509); + pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509); if ((pkey == NULL) || (pkey->type != EVP_PKEY_RSA) || (pkey->pkey.rsa == NULL)) { - SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_INTERNAL_ERROR); + SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR); goto err; } rsa=pkey->pkey.rsa; + EVP_PKEY_free(pkey); } - tmp_buf[0]=s->version>>8; - tmp_buf[1]=s->version&0xff; - RAND_bytes(&(tmp_buf[2]),SSL_MAX_MASTER_KEY_LENGTH-2); + tmp_buf[0]=s->client_version>>8; + tmp_buf[1]=s->client_version&0xff; + if (RAND_bytes(&(tmp_buf[2]),SSL_MAX_MASTER_KEY_LENGTH-2) <= 0) + goto err; s->session->master_key_length=SSL_MAX_MASTER_KEY_LENGTH; @@ -1361,15 +1477,141 @@ SSL *s; tmp_buf,SSL_MAX_MASTER_KEY_LENGTH); memset(tmp_buf,0,SSL_MAX_MASTER_KEY_LENGTH); } - else #endif -#ifndef NO_DH - if (l & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) +#ifndef OPENSSL_NO_KRB5 + else if (l & SSL_kKRB5) + { + krb5_error_code krb5rc; + KSSL_CTX *kssl_ctx = s->kssl_ctx; + /* krb5_data krb5_ap_req; */ + krb5_data *enc_ticket; + krb5_data authenticator, *authp = NULL; + EVP_CIPHER_CTX ciph_ctx; + EVP_CIPHER *enc = NULL; + unsigned char iv[EVP_MAX_IV_LENGTH]; + unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH]; + unsigned char epms[SSL_MAX_MASTER_KEY_LENGTH + + EVP_MAX_IV_LENGTH]; + int padl, outl = sizeof(epms); + + EVP_CIPHER_CTX_init(&ciph_ctx); + +#ifdef KSSL_DEBUG + printf("ssl3_send_client_key_exchange(%lx & %lx)\n", + l, SSL_kKRB5); +#endif /* KSSL_DEBUG */ + + authp = NULL; +#ifdef KRB5SENDAUTH + if (KRB5SENDAUTH) authp = &authenticator; +#endif /* KRB5SENDAUTH */ + + krb5rc = kssl_cget_tkt(kssl_ctx, &enc_ticket, authp, + &kssl_err); + enc = kssl_map_enc(kssl_ctx->enctype); + if (enc == NULL) + goto err; +#ifdef KSSL_DEBUG + { + printf("kssl_cget_tkt rtn %d\n", krb5rc); + if (krb5rc && kssl_err.text) + printf("kssl_cget_tkt kssl_err=%s\n", kssl_err.text); + } +#endif /* KSSL_DEBUG */ + + if (krb5rc) + { + ssl3_send_alert(s,SSL3_AL_FATAL, + SSL_AD_HANDSHAKE_FAILURE); + SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, + kssl_err.reason); + goto err; + } + + /* 20010406 VRS - Earlier versions used KRB5 AP_REQ + ** in place of RFC 2712 KerberosWrapper, as in: + ** + ** Send ticket (copy to *p, set n = length) + ** n = krb5_ap_req.length; + ** memcpy(p, krb5_ap_req.data, krb5_ap_req.length); + ** if (krb5_ap_req.data) + ** kssl_krb5_free_data_contents(NULL,&krb5_ap_req); + ** + ** Now using real RFC 2712 KerberosWrapper + ** (Thanks to Simon Wilkinson ) + ** Note: 2712 "opaque" types are here replaced + ** with a 2-byte length followed by the value. + ** Example: + ** KerberosWrapper= xx xx asn1ticket 0 0 xx xx encpms + ** Where "xx xx" = length bytes. Shown here with + ** optional authenticator omitted. + */ + + /* KerberosWrapper.Ticket */ + s2n(enc_ticket->length,p); + memcpy(p, enc_ticket->data, enc_ticket->length); + p+= enc_ticket->length; + n = enc_ticket->length + 2; + + /* KerberosWrapper.Authenticator */ + if (authp && authp->length) + { + s2n(authp->length,p); + memcpy(p, authp->data, authp->length); + p+= authp->length; + n+= authp->length + 2; + + free(authp->data); + authp->data = NULL; + authp->length = 0; + } + else + { + s2n(0,p);/* null authenticator length */ + n+=2; + } + + if (RAND_bytes(tmp_buf,SSL_MAX_MASTER_KEY_LENGTH) <= 0) + goto err; + + /* 20010420 VRS. Tried it this way; failed. + ** EVP_EncryptInit_ex(&ciph_ctx,enc, NULL,NULL); + ** EVP_CIPHER_CTX_set_key_length(&ciph_ctx, + ** kssl_ctx->length); + ** EVP_EncryptInit_ex(&ciph_ctx,NULL, key,iv); + */ + + memset(iv, 0, EVP_MAX_IV_LENGTH); /* per RFC 1510 */ + EVP_EncryptInit_ex(&ciph_ctx,enc, NULL, + kssl_ctx->key,iv); + EVP_EncryptUpdate(&ciph_ctx,epms,&outl,tmp_buf, + SSL_MAX_MASTER_KEY_LENGTH); + EVP_EncryptFinal_ex(&ciph_ctx,&(epms[outl]),&padl); + outl += padl; + EVP_CIPHER_CTX_cleanup(&ciph_ctx); + + /* KerberosWrapper.EncryptedPreMasterSecret */ + s2n(outl,p); + memcpy(p, epms, outl); + p+=outl; + n+=outl + 2; + + s->session->master_key_length= + s->method->ssl3_enc->generate_master_secret(s, + s->session->master_key, + tmp_buf, SSL_MAX_MASTER_KEY_LENGTH); + + memset(tmp_buf, 0, SSL_MAX_MASTER_KEY_LENGTH); + memset(epms, 0, outl); + } +#endif +#ifndef OPENSSL_NO_DH + else if (l & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) { DH *dh_srvr,*dh_clnt; - if (s->session->cert->dh_tmp != NULL) - dh_srvr=s->session->cert->dh_tmp; + if (s->session->sess_cert->peer_dh_tmp != NULL) + dh_srvr=s->session->sess_cert->peer_dh_tmp; else { /* we get them from the cert */ @@ -1418,11 +1660,11 @@ SSL *s; /* perhaps clean things up a bit EAY EAY EAY EAY*/ } - else #endif + else { ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE); - SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_INTERNAL_ERROR); + SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR); goto err; } @@ -1441,15 +1683,16 @@ err: return(-1); } -static int ssl3_send_client_verify(s) -SSL *s; +static int ssl3_send_client_verify(SSL *s) { unsigned char *p,*d; unsigned char data[MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH]; EVP_PKEY *pkey; - int i=0; +#ifndef OPENSSL_NO_RSA + unsigned u=0; +#endif unsigned long n; -#ifndef NO_DSA +#ifndef OPENSSL_NO_DSA int j; #endif @@ -1462,26 +1705,24 @@ SSL *s; s->method->ssl3_enc->cert_verify_mac(s,&(s->s3->finish_dgst2), &(data[MD5_DIGEST_LENGTH])); -#ifndef NO_RSA +#ifndef OPENSSL_NO_RSA if (pkey->type == EVP_PKEY_RSA) { s->method->ssl3_enc->cert_verify_mac(s, &(s->s3->finish_dgst1),&(data[0])); - i=RSA_private_encrypt( - MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH, - data,&(p[2]),pkey->pkey.rsa, - RSA_PKCS1_PADDING); - if (i <= 0) + if (RSA_sign(NID_md5_sha1, data, + MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH, + &(p[2]), &u, pkey->pkey.rsa) <= 0 ) { SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,ERR_R_RSA_LIB); goto err; } - s2n(i,p); - n=i+2; + s2n(u,p); + n=u+2; } else #endif -#ifndef NO_DSA +#ifndef OPENSSL_NO_DSA if (pkey->type == EVP_PKEY_DSA) { if (!DSA_sign(pkey->save_type, @@ -1498,7 +1739,7 @@ SSL *s; else #endif { - SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,SSL_R_INTERNAL_ERROR); + SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,ERR_R_INTERNAL_ERROR); goto err; } *(d++)=SSL3_MT_CERTIFICATE_VERIFY; @@ -1512,8 +1753,7 @@ err: return(-1); } -static int ssl3_send_client_certificate(s) -SSL *s; +static int ssl3_send_client_certificate(SSL *s) { X509 *x509=NULL; EVP_PKEY *pkey=NULL; @@ -1592,38 +1832,45 @@ SSL *s; #define has_bits(i,m) (((i)&(m)) == (m)) -static int ssl3_check_cert_and_algorithm(s) -SSL *s; +static int ssl3_check_cert_and_algorithm(SSL *s) { int i,idx; long algs; EVP_PKEY *pkey=NULL; - CERT *c; + SESS_CERT *sc; +#ifndef OPENSSL_NO_RSA RSA *rsa; +#endif +#ifndef OPENSSL_NO_DH DH *dh; +#endif - c=s->session->cert; + sc=s->session->sess_cert; - if (c == NULL) + if (sc == NULL) { - SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_INTERNAL_ERROR); + SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,ERR_R_INTERNAL_ERROR); goto err; } algs=s->s3->tmp.new_cipher->algorithms; /* we don't have a certificate */ - if (algs & (SSL_aDH|SSL_aNULL)) + if (algs & (SSL_aDH|SSL_aNULL|SSL_aKRB5)) return(1); - rsa=s->session->cert->rsa_tmp; - dh=s->session->cert->dh_tmp; +#ifndef OPENSSL_NO_RSA + rsa=s->session->sess_cert->peer_rsa_tmp; +#endif +#ifndef OPENSSL_NO_DH + dh=s->session->sess_cert->peer_dh_tmp; +#endif /* This is the passed certificate */ - idx=c->cert_type; - pkey=X509_get_pubkey(c->pkeys[idx].x509); - i=X509_certificate_type(c->pkeys[idx].x509,pkey); + idx=sc->peer_cert_type; + pkey=X509_get_pubkey(sc->peer_pkeys[idx].x509); + i=X509_certificate_type(sc->peer_pkeys[idx].x509,pkey); EVP_PKEY_free(pkey); @@ -1633,22 +1880,23 @@ SSL *s; SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_RSA_SIGNING_CERT); goto f_err; } -#ifndef NO_DSA +#ifndef OPENSSL_NO_DSA else if ((algs & SSL_aDSS) && !has_bits(i,EVP_PK_DSA|EVP_PKT_SIGN)) { SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DSA_SIGNING_CERT); goto f_err; } #endif - +#ifndef OPENSSL_NO_RSA if ((algs & SSL_kRSA) && !(has_bits(i,EVP_PK_RSA|EVP_PKT_ENC) || (rsa != NULL))) { SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_RSA_ENCRYPTING_CERT); goto f_err; } -#ifndef NO_DH - else if ((algs & SSL_kEDH) && +#endif +#ifndef OPENSSL_NO_DH + if ((algs & SSL_kEDH) && !(has_bits(i,EVP_PK_DH|EVP_PKT_EXCH) || (dh != NULL))) { SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_KEY); @@ -1659,7 +1907,7 @@ SSL *s; SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_RSA_CERT); goto f_err; } -#ifndef NO_DSA +#ifndef OPENSSL_NO_DSA else if ((algs & SSL_kDHd) && !has_bits(i,EVP_PK_DH|EVP_PKS_DSA)) { SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_DSA_CERT); @@ -1668,12 +1916,13 @@ SSL *s; #endif #endif - if ((algs & SSL_EXP) && !has_bits(i,EVP_PKT_EXP)) + if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && !has_bits(i,EVP_PKT_EXP)) { -#ifndef NO_RSA +#ifndef OPENSSL_NO_RSA if (algs & SSL_kRSA) { - if ((rsa == NULL) || (RSA_size(rsa) > 512)) + if (rsa == NULL + || RSA_size(rsa) > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) { SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_EXPORT_TMP_RSA_KEY); goto f_err; @@ -1681,10 +1930,11 @@ SSL *s; } else #endif -#ifndef NO_DH +#ifndef OPENSSL_NO_DH if (algs & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) - { - if ((dh == NULL) || (DH_size(dh) > 512)) + { + if (dh == NULL + || DH_size(dh) > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) { SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_EXPORT_TMP_DH_KEY); goto f_err;